The International Data Corporation (IDC) estimates that by 2025, the world will have 175 zettabytes of digital data—which, if stored on DVDs, would create a stack tall enough to circle the earth 222 times. As organizations accumulate higher volumes of data, broadly known as electronically stored information or ESI, corporate legal teams and law firms must adapt their management and collection strategies to keep pace.
In this post, we’ll talk about what electronically stored information is and explain how it relates to records management. We’ll also take a look at the different types of ESI, where organizations store it, and what the Federal Rules of Civil Procedure have to say about it. Finally, we’ll explore ways that organizations and law firms can better manage ESI and how modern technology can help.
What is ESI?
Electronically stored information (ESI) covers any digital data—including digital documents, spreadsheets, digital video or audio recordings, and much more—that may contain information that’s relevant to a case. Under the Federal Rules of Civil Procedure (FRCP), parties must disclose all potentially relevant sources of evidence, digital or otherwise, as part of the eDiscovery process. This means parties must understand what ESI they have and know where to find it and how to preserve, collect, review, and produce it.
How does ESI relate to records management?
That’s where records management comes in. Records management refers to the way an organization creates, stores, and destroys electronic information, including electronic records. By implementing and maintaining a strong records management system, organizations establish the structure they need to preserve and locate ESI so they can meet their eDiscovery obligations.
Managing electronically stored information is particularly difficult because it comes from so many different sources and is stored in just as many different formats.
The different types of ESI
Electronically stored information comes in a wide array of formats. Some of the most common forms of ESI include:
· electronic documents, such as word processing documents and spreadsheets;
· digital correspondence, including emails, email attachments, texts, and messages shared via collaboration platforms like Slack and Microsoft Teams;
· information stored in apps and electronic databases, including customer relationship management (CRM) and project management platforms such as Salesforce and Airtable;
· photos, videos, and audio recordings, including security footage, voicemails, and recorded phone calls and virtual meetings;
· call logs denoting information about calls, such as their source and duration, but not their content;
· data from social media sites as well as other online activity; and
· data generated by Internet of Things (IoT) devices such as smartwatches, voice controllers, and infrastructure sensors.
As these descriptions imply, different types of ESI may be stored across multiple repositories based on volume, sensitivity level, and accessibility needs.
Where do organizations store ESI?
Most organizations store electronically stored information in multiple places due to the sheer volume of data they have, the variety of data sources they interact with, and the different levels of security and accessibility their data requires.
For example, many organizations use traditional servers to house ESI. These servers may exist onsite or offsite; either way, they require physical infrastructure, security, and ongoing maintenance. Organizations are also increasingly using the cloud to store and access ESI. As of 2022, corporations stored over 60% of their data in the cloud.
In addition to servers and the cloud, organizations may store the ESI they need frequent access to on network drives, which are physical or digital cloud storage devices users share via a local area network (LAN). These network drives may also be backed up to physical servers or cloud data storage sites. To a lesser extent, ESI may also be stored on direct attached storage (DAS) devices such as flash drives, CD/DVD drives, and hard drives.
Regardless of the form ESI takes or where it originates, it’s discoverable in legal proceedings—and that means it’s subject to certain procedural rules.
ESI and the Federal Rules of Civil Procedure (FRCP)
Historically, the FRCP only applied to traditional physical discovery, not to digital evidence. But as ESI became more common, the Advisory Committee on Civil Rules began considering how to fit eDiscovery into the existing rules. In 2006, the Judicial Conference and the Supreme Court approved amendments to the FRCP that added language about ESI to various rules governing discovery. Despite several amendments to the Rules since then, the general requirements for handling ESI remain largely unchanged.
FRCP 26(b) sets the scope of discovery as encompassing “any nonprivileged matter that is relevant to any party’s claim or defense and proportional to the needs of the case” without differentiating between forms of evidence. Rule 26 does address ESI specifically in a few places, though: parties are required to include ESI in their initial disclosures, discuss any potential issues surrounding ESI (such as its preservation or disclosure) during the meet-and-confer process, and adopt a discovery plan specifically regarding how they will handle ESI. Further, Rule 26(b)(2)(B) stipulates that parties need not provide ESI from sources that are not “reasonably accessible because of undue burden or cost.”
Turning to the production of evidence, FRCP 34 requires the producing party to produce ESI in the “form or forms in which it is ordinarily maintained or in a reasonably usable form.” The requesting party may state the form or forms in which they would like the opposing party to produce the ESI, though the producing party can object to the requested form.
Additionally, FRCP 37, which establishes procedures for a party’s failure to provide discovery, spells out the sanctions available if a party does not take reasonable steps to preserve ESI when they anticipate or are involved in litigation. If evidence is lost because reasonable steps were not taken to preserve it and the lost ESI can’t be restored or replaced, the court may order curative measures. Additionally, if the court finds that the offending party intended to deprive the opposing party of the electronic information, it can:
· presume or instruct the jury to presume that the lost information was unfavorable to the offending party,
· dismiss the case, or
· enter a default judgment against the offending party.
So, how can organizations ensure that they follow these requirements and avoid sanctions? By proactively managing their ESI.
Reactive versus proactive approaches to managing ESI
Organizations and their legal teams often find themselves reactively managing their ESI: responding to issues as they arise, often during litigation, but never getting far enough ahead with their data management practices to anticipate those issues. Proactive ESI management, by contrast, implores organizations to regularly monitor the ESI they generate, use, and store so that they can identify potential issues and address them before they create problems.
Routinely searching data in place is key to proactive ESI management because it allows organizations to see the big picture and pinpoint areas of concern without disturbing their storage of or access to data. For example, by searching its repositories for messages shared through a collaboration platform, an organization may learn that the platform automatically deletes messages at a certain point. By discovering this issue early on, the organization can explore ways to save those messages when required so it doesn’t face Rule 37 sanctions for failing in its duty to preserve discoverable ESI.
While proactive ESI management is one way to set eDiscovery teams up for success, there’s more that organizations can and should do.
5 best practices for ESI management and collection
These five tips can help corporate legal teams—and, in some cases, the law firms they work with—manage ESI smoothly and effectively.
1. Corporate legal teams: Implement a sound data retention policy.
Corporate legal teams can save themselves a lot of stress—not to mention time—by adopting a comprehensive data retention policy long before they’re called on to issue a legal hold. A data retention policy tells an organization what it needs to do to preserve ESI—and how long it should keep that data—so its legal team can easily access it in the event of a lawsuit or regulatory investigation. A strong data retention policy can help organizations mitigate the risk of lost data, missed discovery deadlines, and sanctions.
2. Corporate legal teams: Create standardized methods for organizing ESI.
Another way to simplify ESI management and collection is to organize ESI in a thoughtful, structured, repeatable way. To achieve this, organizations and their corporate legal teams can:
· implement naming conventions for documents and folders;
· use metadata tags;
· designate folders for different categories of documents and data sets; and
· create a data map that shows what ESI the organization has, where it’s located, and which custodians are responsible for it.
Note that these structures cannot simply be designed and then ignored; all employees must abide by naming conventions, while IT staff must routinely update and maintain data maps and folder hierarchies.
3. Corporate legal teams: Be proactive about managing ESI.
As we noted above, organizations can prevent issues from spiraling out of control by proactively managing their ESI. In-place search technology enables organizations to regularly check for errors, issues, and inconsistencies in their data. When an organization does identify a problem, it should go beyond merely correcting it by evaluating whether a policy change would reduce the odds of that issue recurring.
4. Corporate legal teams and law firms: Take a flexible approach to data collection.
Corporate legal teams and law firms alike should adapt their collection approaches based on data type and location. Why? Because diversifying the collection process ensures greater efficiency and lower costs. ESI is not one-size-fits-all, so collection methods shouldn’t be either. In fact, some data can be preserved and reviewed in place prior to collection, which saves the organization both time and money.
5. Corporate legal teams and law firms: Leverage modern technology.
The growth of ESI has been matched by the growth in eDiscovery technology, giving corporate legal teams and law firms the tools they need to understand and proactively manage ESI. With the right platform on their side, legal teams can work more efficiently, make fewer mistakes, and save their organizations and clients money by targeting collections and streamlining review.
IPRO technology helps organizations take control of their ESI
IPRO creates eDiscovery tools that enable users to proactively manage their ESI and optimize their eDiscovery workflows.
For example, Live Early Data Assessment (EDA) can provide actionable insights into an organization’s data and records management practices before collection even begins. The platform can search and review large amounts of data across multiple repositories quickly and easily, all from a single intuitive interface. LIVE EDA also allows users to add new custodians or data sources without restarting the process from scratch.
LIVE EDA empowers corporate legal teams and law firms to be proactive in their approach to managing ESI so they can reduce the risk of discovery sanctions and save time and money.