Hunting the Elusive Email...

11/06/2008 10:20

Litigation is an unpleasant fact of life for many businesses and it now has serious Information Systems implications. E-Discovery (Electronic Discovery) rules shine a very bright spotlight on your Information Systems policies and procedures, and how well they are implemented. The policies, procedures and implementation, not just the information discovered, can actually contribute to the outcome of the case.

In the past few years, the federal government and state after state have implemented E-Discovery rules on gathering and processing electronic files and communications. This generally includes all business communications such as email and IM (Instant Messaging, to be discussed in a later article) as well as documents, database records and other files.

Let us make it clear, we are not lawyers and are not offering legal advice. As information technology experts, we believe these rules cover what can be requested, from what systems, in what format, from whom and who can see it. Once an E-Discovery request has been made, you are required to comply and produce the requested information.

These E-Discovery requests are frequently based upon your organization’s Information Systems policies. For example, if your backup data retention policy states that you preserve yearly backup tapes for all systems dating back 7 years, a discovery request could look like the following:

Date range: 2002 to present

Criteria: all communications to and from or concerning company X

Would you be able to comply with such a request? Do you know where those old backup tapes are stored? Do you have a tape drive that can read the tapes? Do they even make tape drives that can read the tapes? If they can be read, do you know if they still have valid data on them?

All of this assumes that you have appropriate policies in place. If you don’t, then it’s up the judge’s discretion whether it would be reasonable for the information to be there. In Zubulake v. UBS Warburg LLC, the requested files and communications were never found. Despite having no files, the court found that it was more likely that the communications had existed (as Zubulake claimed) than had not existed. This resulted in serious sanctions being imposed on UBS and Zubulake’s evidence being admitted without ever being verified. (

So what can we do to make sure we’re prepared?


Your company’s Information Systems policies should include a written Data Retention policy that meets your company’s legal and regulatory requirements and your business needs. You must also be able to fully comply with it. This policy must, at a minimum, specifically address email, IM, other data files and databases. But keep in mind that communications are becoming more intertwined, and other forms of electronic communications may be included in E-Discovery requests. Both voicemail and VOIP (Voice Over Internet Protocol) are likely future E-Discovery subjects.

These policies must also conform to the requirements of other laws, rules and regulations such as Sarbanes-Oxley and HIPAA. Your ability to easily comply with legal requests for data can save you a LOT of money when you are required to produce evidence. To fully understand the potential impact on your business, consult with an information security professional and your legal counsel.

Archiving solutions

For most organizations, it’s the E-Discovery of emails that poses the greatest challenge. Email is a living medium with messages constantly being sent, deleted, archived, and organized. Centralized email servers (where email is store on a central server) can reduce the overhead associated with permanent archiving by being a centralized repository, but additional systems are required to maintain the archive. Decentralized email systems (where the email is stored on each PC instead of centralized server) pose a greater challenge, particularly when using internet mail servers not under the organization’s control. It is possible to setup an archiving system for a decentralized email system, but it is more complicated and more expensive.

Examples of email archiving systems include:

  • On-site self contained archiving appliances
  • Archiving software that runs on your server
  • A subscription service that archives your email on an off-site server.

With all of these options available, just be sure it provides the following features:

  • Can upload current email from your mail server or user email client, to “seed” the historical data
  • Global search of all mailboxes
  • End users able to search just their own mailboxes
  • Export search results in required format
  • Expandable to accommodate your growth
  • Secure – both secure storage and secure communications.

Topic: Hunting the Elusive Email...

No comments found.

New comment