The most widely read magazine for Canadian lawyers
Issue link: https://digital.canadianlawyermag.com/i/601899
18 N O V E M B E R / D E C E M B E R 2 0 1 5 w w w . C A N A D I A N L a w y e r m a g . c o m T E C H S U P P O RT dnevin@proskauer.com O P I N I O N 1. Encryption: Any time you exchange client data with another person, protect it. At a minimum, protect data with a password that you exchange separately from media. Better yet, encrypt data in transit. TruCrypt may no longer be viable, but there are other cost-effective ways to transfer data securely, includ- ing secure file transfer protocol (SFTP). Learn what is available, and use these tools. 2. Legal holds: They consist of two parts: notification and preservation. Send- ing people a letter telling them not to delete data does not mean the data is preserved. Often, more proactive steps need to be taken, usually by IT or a "records custodian," to ensure the data will be preserved (i.e., by turning off auto-delete features). But understand the implication of turning off deletion features: It can be costly to clients, or result in poor IT system performance. Legal holds and preservation should be routinely revisited. 3. Custodian interviews are critical, so do them often and early. Interview IT personnel to know what information exists and where, and interview indi- viduals. Often, individuals do not know where their system data, such as e-mail, is stored and IT does not know how people store information (or if they have rogue applications in use). 4. DeNISTing during processing: The National Institute of Standards and Tech- nology is a U.S.-based institution that pub- lishes a quarterly record of all known com- puter applications (i.e., Microsoft Office Suite). If you collect data, you want to remove these items from your data pool, because you do not want to review a com- puter application but rather the records it generates. DeNISTing is particularly important when you collect data forensi- cally, because that technique captures the full machine, including computer applica- tions. It is less important to do when only collecting files (although there's no harm or extra cost in doing this for files, too). 5. Deduplication: This means removing duplicates, but "duplicate" is a technical term of art, and it does not mean a dupli- cate as recognized by the human eye but as recognized by a computer. Computers "see" duplicates by a calculation known as a hash value, which is based on the properties of a record; duplicates generate the exact same hash value because they are an exact mathematical duplicate. Items humans would consider duplicates, such as a Word document of a letter and a pdf of a letter, are not mathematic duplicates but "near duplicates." Near duplicates are identified in e-discovery through a tex- tual comparison (the computer compar- ing every word of text). Make sure you are asking for the right process when you want to thin out records. Also, ask for either "vertical" deduplication (removing duplicates from within a single custodian) or "horizontal" (or global) deduplication (removing duplicates from across two or more custodians). Most modern e-discov- ery processing applications can dedupli- cate horizontally and keep track of which people had the same records! 6. Indexation is a precursor to search and you must know and understand your n January 2011, I wrote "Taming e-discovery anxiety." In the five years since, I have written 29 articles to de-mystify e-discovery and provide a language and common framework to improve general understanding of the basic process and mechanics of e-discovery. Generally, the source of my inspiration was questions from readers and others. This is my final column focusing solely on e-discovery. So, here are "10 Things about e-discovery" that I have covered in my articles and that I believe every lawyer who exchanges data with another party should know. Top 10 things you need to know about e-discovery By Dera J. Nevin I