Preserving Digital Data Early a Critical Legal Consideration

With advances in technology have come many complex legal issues that could have an adverse impact on your business. Business owners, executives and managers should be aware that preserving digital evidence early is critical in reducing the liability, and potential penalties, that a business will face in court.

Digital evidence collection completed by a qualified forensic IT team can help businesses effectively locate key information or evidence when potential legal issues arise. These individuals have the expertise to preserve information integrity, something that an IT professional untrained in forensic matters usually cannot handle effectively. In addition to data integrity, these trained professionals can help maintain data reliability and admissibility in court proceedings.

Forensic IT professionals can also help businesses save money. The biggest costs related to litigation for clients used to be depositions, but during the last decade that has changed, and the biggest cost is now e-discovery techniques. It is a commonly-held rule of thumb in the legal industry that it will take a law firm approximately 200 hours to review just 1 gigabyte of data. Voluminous amounts of data can be largely eliminated by a forensic IT professional using such strategies as keyword searches and data de-duplication.

Hiring forensic IT professionals when appropriate is only half the solution. In the eyes of judges, the issue of timing is a crucial in any case where IT data is at issue. That’s because any delay in data preservation, or the ongoing use of a computer prior to forensic analysis, may overwrite data. This often results in the destruction of critical evidence.

Penalties can be extensive if judges feel that companies have not done their best to preserve data appropriately. For example, Phillip Morris paid $2.75 million for digital discovery abuse in 2004 and J.P. Morgan paid a $2.1 million settlement over e-mail destruction in 2005. Five to six-digit penalties to companies of all sizes are not uncommon.

There are steps that every business with IT data should take to help reduce legal risks related to data.

First, all intellectual property that you own should have a specific location. Such information could include sales figures, client lists, formulas and other unique and valuable property. This minimizes the risk of your most important data becoming intermingled with other computer and data traffic.

Second, having a document retention policy that includes IT data is critical. Such a policy should be regularly enforced and communicated, offer written details, and have been in existence well before a legal event arises. If such a policy is proven to have those characteristics, the likelihood of a favorable legal ruling is much greater and the risks of penalties and sanctions are lessened.

Third, recognize that corporate IT data exists in many places. That includes corporate-purchased cellular phones, PDAs, voice mails, fax machines and even on employees’ home computers if the business allows work from home. A policy should be in place to gather and preserve data from all of these potential locations.

Fourth, you should know that e-mailing a document, particularly a Microsoft Word or Excel document, can reveal to the recipient prior changes to the document, dates involved, previous edited versions, employee names and other information that the sender would not knowingly want to reveal. When in doubt, send a PDF version, which protects the sender from revealing some of this information.

Finally, don’t overwrite or recycle your backup tapes without a plan in place to ensure your data is preserved. It will be much less expensive to purchase additional tapes than it would be to pay heavy fines because information sought during a court battle has been erased. In such cases, judges can impose an adverse inference, one of the worst penalties to a legal suit, which assumes that all e-mails or digital data that are missing would be harmful to your case.

When a computer is suspected of containing critical information, the longer that time passes the more difficult it is for forensics experts to find such data. The more the computer is used, the more frequently every byte and megabyte is transformed. Data is then more difficult to locate. So remember to act promptly.

The lowest cost, best investment is to preserve this evidence as soon as possible. Computers suspected of hosting critical data should be shut down immediately and taken out of active circulation until a forensic preservation has been obtained. A company’s internal IT staff, though skilled in many aspects, is likely not properly trained or educated in the legal aspects applicable to the recovery of such data. Their actions might even make the situation worse.

Preserving digital data early is something that companies of all sizes should be aware of. In the courtroom, companies that have proven to do their best to preserve their data, and not hide anything are likely to be looked upon more favorably by courts.

Mark St. Peter is president of Computing Source in Southfield, a provider of digital evidence consulting and services for law firms, corporate counsels and other clients. He can be contacted at [email protected].