Although it may seem quick and easy to, e.g., log on to a person’s computer, look at what it contains, and pick and choose what to grab from it, doing so is unwise. It’s also unwise to load a person’s email file onto another person’s computer to take a quick look at it.
Here’s why: the simple act of opening a file changes several metadata fields, some of which could be critical to the case; your “quick look” may irretrievably alter the data.
Metadata, or data about data, is created by the computer systems and is utilized but generally not displayed with an electronic file. Often, the person who creates the file doesn’t know the metadata exists.
In word processing programs, for example, metadata may include such information as when created, last modified, last accessed, and last printed dates and times, blind copy recipients, and authors. Email metadata generally includes the date and time the email was sent, received, and last modified, and may also include when an email was opened and read (or not), where it was forwarded, and when it was deleted.
Some metadata is very easily changed. The simple act of turning on a computer and opening a file can change the number of different metadata fields within the computer. Once the metadata has changed, there is often no way to restore the document to its previous state. On the changeable nature of metadata, see, e.g., Williams v Sprint/United Mgmt. Co. (D Kan 2005) 230 FRD 640, 646 (metadata can be changed intentionally or inadvertently).
So you definitely want to avoid collecting email by forwarding the email message or dragging and dropping it into a folder, because doing so changes the metadata.
In addition to altering data, there are other risks involved in collecting e-data. For example, you may inadvertently permit a virus to infect the files that you’re reviewing. And even a quick look at email, whether on your client’s computer or on your own, creates the risk that any emails stored in the outbox will be sent (an automatic feature in most email systems).
These mistakes can be costly: Altering the data that you’re reviewing could result in sanctions. Although it sometimes may seem more expensive, the most cost-effective way to collect electronic data is to safeguard its integrity and thus avoid the risks of spoiling the data and incurring sanctions.
To stay on the safe side, consider retaining a consultant who specializes in electronic discovery to assist in gathering and producing electronic data.
For guidance on electronic data and discovery, turn to CEB’s California Civil Discovery Practice, chap 4. On handling digital forensics investigations in corporate environments, check out CEB’s Scientific Evidence and Expert Testimony in California, chap 7.
Other CEBblog™ posts you may find useful:
- They Know Computers But Not How to Help Your Case
- When Production Is Not Enough: Seeking Inspection of a Computer System
- Avoid the Dangers of Missing E-Data
© The Regents of the University of California, 2016. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited.