In today’s day and age, when our most confidential data seems to be under attack at every turn, legal professionals are beholden to an ever stricter burden of data integrity. Proper chain of custody is an implicit part of complying with ESI protocols. You may, in fact, believe you already have a secure, defensible working data hand-off system in place. For example, on your last matter, the data was collected, given to your eDiscovery vendor, and your eDiscovery service provider made it available for your review. Frankly, that chain of custody process sounds vague enough to be dangerous.
Here are 5 tips to defensible chain of custody and ESI protocol compliant data integrity to keep you out of trouble during discovery:
- Have a clear understanding and documentation of who the points of contact actually are in your chain of custody and what they are responsible for along the way of maintaining data integrity for ESI. Who is involved will depend on the origin of the data. Often it is client/in-house counsel, to client IT (or collections vendor), to outside counsel and then to (or directly to) the eDiscovery service provider for processing for review.
- Gather all contact information to develop a solid chain of custody and data tracking system. Someone in the chain will need to record data source (whose data and what was collected, e.g., John Smith’s email, Jane Doe’s laptop). You will also need to know what date the data was collected (in case you need to do ongoing collections).
- Documenting your data collection process is also crucial for ensuring forensic defensibility and maintaining the integrity of your ESI protocol. This is the by far the most important responsibility of data hand-off. Make sure whomever is collecting, copying and transferring the data knows how to avoid spoliation and deficiencies. For example, is the IT person completely comfortable protecting metadata during the data collection? Are there tools available to ensure that an accurate and complete copy of data has been made or transferred to the eDiscovery service provider?
- Keep track of how much data you are collecting and sending out for processing. This will help you to estimate costs and consider your collection and/or processing options. Knowing data sizes also helps to determine the most efficient means of data transfer. Working with an eDiscovery service provider with a unified platform – technology that provides for processing and review in one place – will cut down on the links in your chain. This is an easy way to reduce threats to your data integrity and increase time savings to meet the requirements of your ESI protocol.
- The data hand-off does not end with the eDiscovery service provider. Chain of custody and maintaining data integrity has to work both ways. Original data will need to be returned to someone in the chain of custody at some point. For instance, hard drives sent for processing should be returned as soon as data has been copied. Eventually, you may also need an archive with processed data and work product exported from your service provider’s review tool. As part of data tracking, record who receives this data. Be sure to designate a place to store any passwords needed to access data.
Once you have a well-defined and documented chain of custody process, it is important to police and update it to ensure that you adhere to ESI protocols for data integrity. Make sure that your resources along the chain of custody clearly understand the process and responsibility of maintaining data integrity. Streamline your process as much as possible, considering ways you can minimize risk, such as by contracting with eDiscovery service providers with the least fragmented process and technology themselves. If you do not have a sustainable and defensible hand-off between departments system in place, start developing this essential process by consulting with an efficient and cost-effective eDiscovery service provider. Maintaining chain of custody for data integrity per ESI protocols should be their expertise!
For more on the necessary security measures in your eDiscovery process, see the following security infographic.
Ivette received her B.A. from Barnard College, Columbia University and her J.D. from Georgetown University Law Center. She has worked exclusively in the area of electronic discovery for the last 16 years at law firms and eDiscovery service providers. By excelling at problem-solving and communication, Ivette has successfully managed teams of lawyers, project managers and technologists on numerous electronic data and document review projects. She has truly enjoyed working on both sides of the industry and values the unique perspective gained from this experience.You can connect with her on LinkedIn.