Electronic Discovery Pearse Ryan, Arthur Cox Andrew Harbison, Grant Thornton 26 September 2012

1 Discovery 2009 "…an order of discovery which shall: verify that the discovery of documents sought is necessary for disposing fairly of the cause or matter or for saving costs; (b) furnish the reasons why each category of documents is required to be discovered, and (c) where the discovery sought includes electronically stored information, specify whether such party seeks the production of any documents in searchable form and if so, whether for that purpose the party seeking discovery seeks the provision of inspection and searching facilities using any information and communications technology system owned or operated by the party requested." Statutory Instrument 93/2009

2 Discovery Issues in the Computer Age the storage capacity of computers is vast - there’s too much material to review your computer’s memory is better than human memory- data custodians don’t know all the files on their computers accessing evidential computer files directly can change them the electronic forms of the documents are the originals to print a document is to lose data electronic discovery is faster electronic discovery is cheaper (per document) electronic discovery is more complete evidential computer data is easy to tamper with

3 The Landfill Data Management Model

4 How much data? complete works of Shakespeare* 5 Megabytes complete works of Stephen King~70 Megabytes 1 metre Shelf of books*100 Megabytes one CD700 Megabytes one DVD4.7 GB / 9.1 GB 1 Kilometre stack of printed A4 paper40 Gigabytes Hodges Figgis, Dawson St.< 250 Gigabytes largest USB thumb drive commercially available256 Gigabytes average sized hard drive350 Gigabytes 50,000 large trees1 Terabyte contents of TCD library 2.5 Terabytes largest hard drive commercially available4 Terabytes contents of Library of Congress* 10 Terabytes contents of computers in GT Ireland 120 TB data retrieved to date in largest EU ED case to date 250 TB (0.25 Petabytes) total of all words ever spoken* 5,000,000 TB (5 Exabytes)

5 What kind of data? Irish/UK version active (or on-line) - as in the US embedded - metadata replicate - duplicates of active files back-up - tapes etc. same as archival residual - everything else. "forensic"

6 Correct Procedure "The Good Practice Guide to Computer-Based Electronic Evidence" Association of Chief Police Officers UK 1.No action taken by investigators should change data on a computer or storage media which may subsequently be relied upon in Court 2.In exceptional circumstances, where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions 3.An audit trail or other record of all process applied to computer based electronic evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result

7 Why electronic discovery? 90% of data on computers is never printed 70% of s are never printed 30% of word documents are never printed >97% of business documents are electronic 35% of corporate communications are never printed USC Berkley 2003

8 … and it hasn’t been done much in Ireland, because? Up to now no defined rules – no requirement Irish precedents not well known Costs were overestimated Plenty of time available for litigation (changing quickly) Fear of loss of revenue

9 New Precedent Hansfield Developments & ors –v- Irish Asphalt & ors (Menolly –v- Lagan) /breaking133_pf.htm 56ef3004a27de/023d5aef84eb4ea c80043d13f?Op enDocument

10 New Irish e-discovery rules specifically names ESI as "documents" requires provision of ESI in electronic format possible two-tier discovery renegotiation of discovery orders court may order a party to give inspection and search facilities man-in-the-middle inspections specific rules for ordering of discovered documents Peruvian Guano Rule will apply

11 Peruvian Guano?

12 Objective No. 1: Data Reduction Effective planning Technical reduction Relevant Non-relevant Privileged Logical search

13 Electronic Discovery Reference Model –

14 Advice custodians of obligations - preservation Server custodians do not engage in large scale deletion or movement of material regardless of who may instruct it preserve all tapes which may contain relevant information continue to preserve tapes until otherwise advised do not make significant changes to server configurations before consulting legal team send to legal team advising that they understand these instructions

15 Advise custodians of obligations - preservation Other custodians do not delete files either locally or on file servers until otherwise instructed do not make modifications to original files either locally or on files servers until otherwise instructed do not delete until otherwise instructed do not clear browser cache until otherwise instructed

16 How wide does discovery need to be? all relevant documents which are in your power or possession, or were in your power of possession But the search needs to be "reasonable" necessary for disposing fairly of the case or saving costs documents that might lead to other relevant documents (the Peruvian Guano rule) while cost of discovery is an issue, you cannot rely on it as a protection

17 Backup Tapes Pros contain large amounts of potentially relevant data. single backups often straightforward to recover (in non SMEs) Cons difficult to recover (more than one or two) multiplies the amount of data needing processing backups recoveries often difficult obsolete technology also a problem

18 Some Useful Information Sources A Process of Illumination: The Practical Guide to Electronic Discovery Mack, M. Electronic Evidence and Discovery: What Every Lawyer Should Know Now Lange M.C.S. & Nimsinger K.S. The Sedona Principles naconference.com/content/miscFiles/publications_html?grp=wg s110

19 Cyber/Data Insurance Not new but new focus within insurance industry The risk landscape – data as a risk subject Data as a risk subject: Data loss – internal - external Data theft- internal - external Data – unavailability/corruption Data - misuse The internal threat – larger than external threat!

20 Cyber/Data Insurance – Drill Down First party risks Third party liability Example of insurance schedule: Aggregate limit of liability per policy period “for all loss of Insureds under all insurance covers required” - € Sublimits per claim: Data administrative investigations Data administrative fines (note: may be retention eg 10% and may be min € floor) Pro-active forensic services Repair of company’s reputation Repair of individuals reputation Restoring, recreating or recollecting electronic data Optional extensions and sublimits: Multimedia liability Cyber/privacy extortion Network interruption Key Question – is “data” tangible property and/or “property damage” and/or “asset” under policy or is it excluded? A key question under current insurance policies and in review of CDI policy

21 Cyber/Data Insurance There is a fire – put it out! Speed of response of the essence Effectiveness of response Insurers – (self) interest in containing situation BUT dovetails with insured (self) interest This is particular aspect of CDI CDI – premium setting CDI not cheap and neither should it be, given the central position of data for insured! But premium influenced by insured degree of good practice in data security area So degree of due diligence – may go beyond insurance proposal form to include active due diligence for larger policies

22 Cyber/Data Insurance Conclusion Insurers see large potential market Q do potential insured see the need for CDI? Do available policies meet demand? Premium issue – relatively expensive and due diligence Q Response to data loss/corruption event – key for insurer and insured – crisis management

23 Thank You.