The New E-discovery Rules: What You Don't Know Can Definitely Hurt You and Your Company

In the past few months, many articles have been written on the electronic discovery changes to the Federal Rules of Civil Procedure (FRCP). While most of these have been on the mark, others have told only part of the story or left readers with inaccurate or incomplete information.

For example, depending on what you read, you may believe either or both of the following statements:

  • The courts now require that your company maintain a copy of every e-mail message, document, spreadsheet and file an employee creates, sends or receives.

  • When electronic discovery occurs, you create a copy of the data and ship it off to the parties (or counsel for the parties) on the other side of the case, and they do the same.

As it turns out, neither of these statements is true.

Keep Everything, and Keep It Forever?

Currently, there is no law that requires a company to maintain every e-mail, document, spreadsheet, database and file ever created or received. Under the new rules, however, you are obligated to take steps to safeguard information that directly relates to an actual lawsuit or one that is reasonably likely to occur. This includes preserving relevant e-mails from automatic destruction or backup tapes with relevant data from being recycled. If you keep data beyond what is required by a lawsuit or impending suit, understand this: It is very likely that it will be discoverable.

In addition, under the new rules, notice or reasonable anticipation of litigation warrants a litigation hold. Once a hold is in place, you are required to actively monitor suspension measures to ensure that relevant data is not destroyed. Most companies have (or should have) a data retention policy in addition to a destruction plan that incorporates both the laws and regulations under which they operate. In addition, these policies or plans should have built-in business processes that allow a company to rapidly impose "litigation holds" over specific classes of data when necessary. If altered (or enacted) at some point, these business processes should always be crafted in conjunction with counsel, and once promulgated, should be followed and audited to be sure they are working as intended.

Is Electronic Discovery Really Just File Exchange?

The actual process by which electronic discovery works can be fairly involved and requires specialized skills and knowledge to protect your company’s interests. For example, e-discovery should be reasonably limited to information related to the matter of the lawsuit. The opposing party could ask for all e-mails sent and received by your company during 2004 and 2005, but your counsel would be the first to tell you that such a request is excessive and needs to be narrowed to include only information relevant to the suit.

Even when a request is well crafted to limit discovery to matters related to the subject of the suit, you should also know that not everything gets turned over to the opposing party. For example, there may be correspondence that is deemed to be privileged attorney-client communications. When this is the case, it is important to redact the specific matter that is privileged. Redaction means to obstruct view of specific parts of a document (which could be paragraphs, sentences or just phrases) so that the opposing party cannot view them. Often it takes the form of an opaque box covering portions of text. With hard copy, this was sometimes done by using ink markers to render portions of a document unreadable. In digital form, redaction is more complex and can require specialized tools, some of which are available in e-discovery software packages and services. For every redaction, counsel must prepare a "privilege log" explaining to the court why the redaction was made, so the judge can rule on the appropriateness of the cuts if a question arises.

In addition to cases of attorney-client privilege, there may be other reasons why counsel would want certain information redacted (for example, protecting trade secret information or private customer data such as Social Security numbers). In any case, it is important for the data that has been identified as relevant to a case to be run through a series of checks and balances to ensure that what needs to be redacted is redacted and that what needs to be produced to the opposing party is produced.

Does Safe Harbor Mean ‘No Harm, No Foul’?

The new FRCP rules also contain "safe harbor" protections to avoid penalizing honest mistakes, but you should know that this provision has yet to be tested. Remember that the rules strengthen the role of counsel in telling a company’s IT group what is required of it under electronic discovery. What if counsel tells the IT department to stop the automatic destruction of e-mail, to halt the recycling of certain backup tapes or to take steps to retain documents currently on certain employees’ computers and it doesn’t get done? Defenses of "We were just too busy" or "Counsel told the CIO, who was on an extended vacation but should have directed the instruction to the data center manager" are not a guaranteed free pass. The court could hold that counsel and the company had a duty to accomplish these tasks and failed to do so. Such rulings could result in a sanction. Consequently, assumptions that the safe harbor provision is all the protection you need if you ignore counsel’s instructions or interpret those instructions to save staff time or effort could prove to be a costly mistake.


There is a lot more to electronic discovery than meets the eye. So, at the end of the day, approach e-discovery with the following in mind:

  • As an IT department, make sure you have an open channel of communication with your in-house counsel. Open communication will pay off when receiving counsel’s instructions for discovery and throughout the e-discovery process in general.

  • Secure and verify plans for handling electronic discovery. Be sure to keep them up to date as the new FRCP rules are tested and interpreted by the courts.

  • The changes to the FRCP took a long time to create and approve before they went into effect on Dec. 1. Do not underestimate their importance or the potential disasters that can result from keeping too much or too little potential evidence in your systems.

As an IT professional, you play the dual role of first responder and gatekeeper, ensuring that proper protocols are in place and followed. Staying up to speed on the changes to the laws and technology relating to e-discovery will certainly help you and your company retain the strategic edge when litigation ensues.

Alan Brill, CISSP, CFE, is a senior managing director at Kroll Ontrack and a contributing author to the forthcoming American Bar Association book Science for Lawyers. Michele C.S. Lange is a staff attorney in Kroll Ontrack’s Legal Technology Group and the co-author of the American Bar Association book Electronic Evidence and Discovery – What Every Lawyer Should Know.

Copyright © 2006 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon