E-Discovery Compliance Requires Security Pros to Think As Lawyers Do


This article can also be found in the Premium Editorial Download "Information Security magazine: Reviews of six top Web application firewalls."

Download it now to read this article plus other related content.

When it comes to e-discovery, temporarily hang up your security hat.

Within any profession, but seemingly prevalent in technology, there are those who talk the talk, and those who walk the walk. Talkers are classic know-it-alls who talk their way through anything--and wouldn't let anyone know they're in way over their head. Walkers know what they're doing--and when they don't, aren't afraid to take pause.

Every now and again, the talker is called out--sometimes through a mistake or by someone with deeper technical expertise. While everyone makes mistakes, when it comes to handling e-discovery requests, errors or lack of knowledge can be damaging, costly, and simply unforgiving.

E-discovery begs the ultimate collision of legal and technology worlds. A retooling of thought toward a legal mindset is necessary to properly handle e-discovery requests. "Winging" a response or approach to a request isn't sufficient. Not only do you need to know what you're doing, but you have to be willing to acknowledge and learn what you don't know. This means putting on your data protection hat and a pair of legal glasses and thinking like a litigator.

The first step in thinking like a lawyer is figuring out what questions to ask or steps to take before arriving at a final answer--i.e., production of data. Even if an e-discovery request trickles down

    Requires Free Membership to View

through layers of corporate hierarchy and it's unlikely you'll ever set foot in court, think about and document the methodology followed for data preservation, collection and processing, anticipating weaknesses the opponent will try to find.

The absence of scrupulous documentation with respect to data collection such as a record of how data was preserved and collected may serve as fodder for additional claims, defenses or theories. If you're asked to pull responsive data and the case lands in court two years later, you're probably not going to remember exactly how you fulfilled that request or the steps taken to get it ready to produce. Extensive documentation of methodology and process is critical, so you can confidently explain your process and repeat it later.

The recent Qualcomm discovery nightmare is a reminder to consider location, location, location--i.e., where a company harbors responsive material. An organization must make a good-faith effort to harvest documents from all potential repositories and give supported assurances of a complete search. Keep in mind that consequences flow from a lack of diligence, such as recklessly ignoring relevant documents, as sanctions on Qualcomm and its lawyers for withholding "tens of thousands of emails" adeptly illustrate in a patent infringement case against Broadcom.

This was first published in March 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: