search
  resources   /   news   /   events
Select Page

    Our Insights

    Thought Leadership and Industry Trends

    Preventing Spoliation During Data Transfers

    September 4, 2019

    Virtually every company will need to collect and/or transfer data from one location to another at some point. While this may seem to be a routine matter, there are dangers, particularly when it comes to eDiscovery. Companies will often self-collect data with a focus on expediency and simply moving data to other parties/vendors as quickly as possible. However, they may not realize the risks of spoliation in their actions. Among many concerns is the potential to be sanctioned if data is lost, even in the absence of bad faith. Sanctions may only arise in the litigation context, but companies should follow best practices to protect data from unintended loss even outside of that context. In any data collection and transfer, several key issues must be addressed, including the following:

    • Locating data. The proliferation of storage devices, cloud access, web and social media means that data may be located in numerous locations and controlled by different custodians. As such, a nuanced approach must be taken with each type of data to protect it appropriately.
    • Transfer process. Often, loose (uncompressed and unencrypted) data is passed to vendors for processing via email and/or FTP. This raises several concerns, such as potential exposure to data breaches, malware/viruses, and unauthorized exposure to government data-gathering programs. Email may pose additional risks, including insufficient audit trails and security/privacy concerns across email/cloud servers. Larger loose file attachments can also clog up email servers, resulting in communication and project task delays. FTP transfers generally provide better security. However, companies must ensure in every case that the information is collected and transferred in a forensically sound manner, including compression and encryption to help preserve metadata and prevent spoliation.
    • Metadata preservation. Metadata contains details about the data that often reaches beyond its face-value contents. For example, it provides information on how, when, and by whom it was created, received, accessed, printed, modified, and formatted. Although these details may have varying relevance from case-to-case, they could touch on determinative points of contention in a dispute. Accordingly, it is important to ensure metadata is not inadvertently altered. For example, simply opening or clicking on a file can change its date of last access, who last accessed it, and, at least potentially, its last modified or saved date. Therefore, it may be essential to preserve metadata by immediately making a forensic copy of the information. The copy can then be used for working purposes while the original is maintained exactly as it was when collected.
    • Chain of custody. Just like any other type of evidence, electronic evidence presented to a court must be proven to be authentic and unchanged. However, electronic information can be easily altered or deleted, and a record of the changes can be difficult to document. So unintended consequences can easily occur. For example, even turning on a computer can delete temporary files and cause data overwrites and/or file metadata changes. Parties must have processes in place for documenting how data was collected, who collected it, and how it was preserved. In the case of physical media (hard drives, thumb drives, and CDs/DVDs), detailed chain of custodyor media tracking forms should be maintained. All data should be properly sourced and organized (including information on the folders, providing party, collection source, custodian, etc.).

    Parties should also note that all these dangers exist not only during the initial transfer, but with every subsequent transfer as well.

    To avoid potential problems, spoliation, and/or sanctions down the road, companies should follow these best practices:

    • Use a secure/encrypted drive and/or sFTP transfer using encrypted, compressed containers. An eDiscovery service provider like CDS can provide one.
    • Don’t copy loose files to a network or open files prior to transfer.
    • Maintain originals as a backup prior to copying and transferring files.
    • Communicate with outside parties regarding appropriate data preservation measures in advance.
    • Consult with a forensics expert regarding preservation strategies.

    Litigants who are lax about protecting their data risk legal challenge and sanctions for spoliation of evidence. The quantity and variety of data sources means it is more important than ever to have a team of experts to advise on creating a plan to mitigate the risks associated with collecting, preserving and transferring data. To learn more about how CDS can help you with data collection and preservation, contact us for a consultation.

    About the Author

    Devon Crosbie, Esq., Project Manager, CDS Chicago

    Devon Crosbie is a UNC School of Law graduate and Relativity Expert who began his career as a licensed attorney and eDiscovery/litigation support professional in 2007. Since then, he has been strategically leveraging a broad array of tools – while coordinating all aspects of the EDRM process, from data retention, collection, privacy, and security, through production and presentation – to help clients and internal teams alike produce defensible, effective workflows and results.

         dcrosbie@cdslegal.com