The Definition of ESI in Legal Discovery
The term ESI or electronically stored information is a legal term that refers to any information that is stored in electronic form. Depending on the context, ESI can refer to a wide range of data storage, from single emails to entire servers worth of data.
ESI can be something as simple as a single word processing document or a single image. Or it can be a complete multi-petabyte server. The term "ESI" was conceived a little over ten years ago, mainly to describe and define what kind of information can be requested during legal discovery.
Why has ESI become such a key part of the discovery process? Because of how ubiquitous electronic devices have become, nearly all information is stored in electronic form. This includes emails, text messages, social media posts, files and folders on computers, etc. The relevant definition of ESI can be found in the Federal Rule of Civil Procedure 34. Although this rule is applicable just to the federal court system, most state courts have adopted a similar definition of ESI by reference. Therefore, the definition of ESI in California is the same as the federal rule, for example.
More precisely, Federal Rule of Civil Procedure 34(a)(1)(A) defines ESI as, "any designated file or storage medium, including printing devices, optical storage devices, floppy disks , hard disk drives, online web space, flash drives, magnetic tape, or other media upon which information is recorded, from which information can be obtained either directly or, if necessary, after translation into a reasonably usable form."
In other words, electronic information can vary from a single vivid image to an entire server. One thing you should keep in mind are the various requirements that have been placed on parties during the discovery process. The most important rule to remember is the Federal Rules of Civil Procedure, or FRCP, requirement for the "meet and confer" which is essentially a face-to-face conference or telephone conference where the various parties to the litigation discuss the various discovery requirements pursuant to Rule 26(f).
This rule requires parties to meet and confer early in the discovery process, at least 21 days before the scheduling conference or the Rule 16(b) scheduling order date is set. The meeting can be held in person or via telephone and must last long enough to actually discuss the discovery requirements. The purpose of the conference is to require lawyers to minimize the cost and length of litigation. The judge will review the work done by the parties and issue a pretrial order detailing witness names, expert testimony, and trial exhibits.
ESI Discovery: Its Importance in Litigation
ESI, or electronically stored information, is almost always at the center of litigation. Given the increase in digital information created everyday with tools like smartphones, tablets, social media and wearables, it should come as no surprise that ESI tends to be such a critical element in the litigation process. The types of ESI available can range from internal documents, spreadsheets and communication that can be housed on an email or in the cloud, to text messages, social media posts or digital photos that are saved on a smartphone or tablet. But the growing volume of ESI can pose a major problem. Storing and accessing data on internal systems, external or cloud-based sources, along with the need to maintain accurate, current and encrypted backups, is a costly and time-consuming process for legal teams. But the right management process can make it manageable when it is needed for litigation. Law firms use ESI every single day – and typically, the legal team uses its own internal resources to handle eDiscovery in a particular case. This can save time, money and most importantly, confidentiality concerns over sensitive data. When an organization uses an internal legal IT team to review, search and index ESI for a particular matter, it can help them quickly locate the data they need to support their position in a case. The right ESI management tools provide a way to quickly and easily search through relevant ESI, saving hours of time in the discovery process. This can result in a quicker and more efficient fact-gathering process. There are countless examples of self-reported and published case studies of how ESI has played an integral role in a case outcome. Some of those examples include: When used correctly – as a tool to manage relevant information rather than as the only source of information in a case – ESI can be an invaluable resource for any legal team.
The Process and Challenges of ESI Discovery
The typical ESI discovery process begins with the identification of relevant ESI sources through information interviews, Internet searches, and ESI mapping. Once the potential ESI sources are identified, a forensic collection usually occurs to guarantee the integrity of the data. Review and analysis occurs next, often with the assistance of technology such as e-discovery review software. Once the relevant documents have been identified, they will be produced to the requesting party. Appendix A provides some ESI discovery tips.
There are many challenges associated with ESI discovery that should be considered in the design of an effective ESI discovery plan. One of the most significant issues is the volume of ESI that must be collected, reviewed, and produced. For example, a bank covering several states with 100 employees per state may have as many as 1,500 supervisors overseeing 150,000 employees. This causes exponential increases in the volume of data that must be collected, analyzed, and produced. Privacy is also a significant issue in ESI discovery. EMPLOYERS BEWARE—Saudi Arabia recently sought to review the ESI of several American banks to determine whether the banks had abided by the requirement to not do business with Al-Qaeda. On this basis, Saudi Arabia filed suit seeking $4 billion in damages. The banks successfully moved to quash the subpoenas, but the case highlights the privacy risks associated with ESI discovery and the risk that foreign governments may be able to access employee data in litigation proceedings.
Top Strategies for Navigating ESI Discovery
As the proliferation of ESI continues, it is important that companies involved in litigation enforce policies and procedures for managing their data. There are numerous ways spoliation of relevant ESI can occur which can quickly become an issue during discovery, especially when spoliation has the potential to affect lawsuits.
Develop a litigation hold policy: A litigation hold policy is a written policy that will provide a company with the best chance of being able to preserve relevant ESI. In order to protect against spoliation of relevant ESI, a company should make sure its employees know when it is appropriate to issue a litigation hold. It is also important that the company assigns a custodian in charge of issuing the litigation holds and maintaining communication with the custodians.
Identify ESI custodians: When a lawsuit arises, ideally a company should be able to promptly identify its ESI custodians. Once a company identifies its ESI custodians, it should consider which custodians will have relevant ESI. A company should repeatedly send litigation holds to custodians to help ensure that all relevant ESI gets preserved.
Preserve relevant ESI: Once a company issues a litigation hold, it must ensure the relevant ESI remains preserved. Unless the litigation hold states otherwise or the preservation of the relevant ESI would violate some other law or regulation , a company should preserve relevant ESI in its existing format.
Prioritize ESI custodians: Once a company knows which custodians will have relevant ESI, it should prioritize its custodians by relevance for the subject matter of the litigation. For example, if there are particular departments that will have relevant ESI, the company should prioritize its custodians as they relate to those departments. It is important a company properly prioritizes its custodians as it will have to allocate its resources to follow-up with its custodians as well as to monitor compliance.
Acknowledge strict preservation duties: Most lawyers know they have a duty to preserve relevant ESI once litigation is reasonably anticipated. But, companies also have a duty to preserve relevant ESI which encompasses a company’s relevant custodians. A company doing business in multiple locations may face challenges to preserve relevant ESI across different jurisdictions.
Establish communication with its ESI custodians: A company should establish communication with its ESI custodians to help ensure compliance with the litigation hold. A company should routinely communicate compliance concerns with its custodians. However, when litigation holds are implemented, a company should direct its communications accordingly such as communications regarding the litigation, communications requesting follow-up work, and communications setting forth the extent of the litigation hold.
Technology and ESI Discovery
Technological tools can enhance the discovery process by allowing for the document review to occur on various platforms, quickly, and electronically.
There are many different software programs that existed previously for document review, but they have always been limited by the types of files that they could review. A decision in Moore v. Publicis Group SA held recently in the Southern District of New York is an example of the advantages of ESI discovery. The opinion states: "The prices that the parties negotiated for the cost of a database were exorbitant. PST agreed to $44 per document and $1.50 per spreadsheet for processing. The parties also agreed to $0.20 per document and $0.05 per spreadsheet for hosting." The court found this unacceptable because those amounts far exceeded the average industry rates for the same services. Now that the bulk of electronic documents can be transferred and viewed on many different platforms, the cost of document review has been reduced significantly. Employers can now opt for less expensive review platforms with full confidence that their expected deliverables will absolutely be met.
The Legal Landscape Surrounding ESI Research
In the throes of the digital age, the legal landscape governing ESI discovery is as dynamic and complex as the data it seeks to uncover. The Federal Rules of Civil Procedure (FRCP), the primary source of federal procedural rules in civil litigation, play a crucial role in the management and production of Electronically Stored Information (ESI). Specifically, Rules 26 through 37 of the FRCP regulate the discovery process, including the obligations of parties and the scope of discoverable information.
As corporate and governmental entities continue to generate an exponential amount of ESI, compliance with these rules has become a significant challenge. Under the FRCP, litigants have a principle obligation to disclose the existence of electronically stored information that may be relevant to any party’s claim or defense. Because the volume of data can be overwhelming, the FRCP provides a balancing test, requiring that the burden of the discovery be proportional to the needs of the case. In other words, the court should consider the importance of the issues at stake, the amount of issues, the parties’ relative access to the relevant information, the parties’ resources, the importance of the discovery in resolving the issues, and whether the burden and expense of the proposed discovery outweighs the likely benefit.
While the FRCP governs the discovery phase of litigation, different states may have their own rules and regulations. However, generally speaking, federal rules can give the states a good baseline to work with. So if you are engaged in a legal proceeding (even preceding or following the initiation of a lawsuit), there is an increasing chance you will be subject to Federal Rules of Civil Procedures.
In addition to FRCP, there are several other regulations at play in ESI discovery. For example, if your organization is subject to the Health Insurance Portability and Accountability Act (HIPAA), you will need to be cognizant of how this law impacts your ESI discovery process. ESI is often used to transfer healthcare data for communications between healthcare organizations so HIPAA must be considered . Likewise, if you are a service provider to a financial institution, you must comply with the Gramm-Leach-Bliley Act, which mandates reasonable safeguards to protect covered data and encrypt certain data.
The Health Information Technology for Economic and Clinical Health (HITECH) Act should also be considered depending on the type of information being collected and stored. Created as an amendment to HIPAA, HITECH applies to healthcare providers and business associates (who aren’t covered entities under HIPAA) and now generally requires covered entities to implement security measures appropriate to the level of risk.
Many states have also enacted or revised their own e-discovery laws. For example, New York’s retention policies require that any relevant information be preserved, regardless of whether the information is stored on external clouds or local servers. Similarly, California has adopted provisions that apply to electronic information when providing notice.
The cost of the discovery process is increasingly becoming a problem for businesses. Expenditures are predicted to climb to $2.5 trillion in the next two years; with 77 percent of legal officers anticipating that such expenditures will still rise. Expenses are increasingly driven by human resources and consultant fees, e-discovery tools, and developing ESI management strategies. Clearly, success in ESI management is becoming critical to the success of every corporation.
Lawyers and leaking enterprise data don’t seem to mix. Yet no matter how secure the safeguards are, there is always a chance that ESI could leak somehow. It’s therefore not surprising that lawyers generally carry substantial insurance coverage, particularly Errors and Omissions coverage. Every jurisdiction in the U.S. has a rule of professional conduct imposing a duty of technology competence on lawyers, and lawyers should be aware of their professional responsibility in this regard. The ABA Model Rules of Professional Conduct require that lawyers maintain the competence necessary to supervise data-security efforts.