ADRIAN PALMER, director of Palmer Legal Technologies, explains how organising an IT system can help with disclosure.
Email continues to be one of the most pervasive and critical of business tools. Virtually every client of a law firm, whether large or small, will rely upon email as a primary means of communication. Employment, regulatory and litigation specialists should all be familiar with the need to search for and review their client's email 'documents'.
The most common need to locate and search a client's email data is in the context of employment law, although larger-scale projects tend to relate to Part 31 disclosure exercises or the recent wave of document requests that have emanated from regulators or government departments such as the OFT, FSA and HMRC.
The most common scenario for employment lawyers is the search for email evidence to support allegations of inappropriate use of computers for a disciplinary procedure. The search for evidence of infringement of copyright and other intellectual property rights is also very common.
It is still surprising that so many people continue to use email as the main method of removing proprietary or confidential data from their employers' systems prior to termination. Many of them have learned that the use of their corporate email system is more likely to be discovered, but few seem to realise that webmail activities are also traceable. For example, attaching a spreadsheet of customers' contact details to a webmail and sending it to oneself, so that it can be accessed from one's home computer, is also easily uncovered. This is so even if access to the webmail hosting company's servers is denied.
As noted above, email is split into two broad categories: webmail, (such as Hotmail, AOL, Yahoo etc) and corporate email, with the latter using applications such as Microsoft Outlook linked to an Exchange server. Busy corporate executives very often have a mobile email handset such as a Blackberry or similar 'push email' device, but that is often irrelevant for the purposes of an investigation as it will contain the same emails as the corporate server.
Part 31 disclosure Many solicitors continue to struggle in advising their clients on the 'reasonable search' obligations of CPR Part 31 with relation to their email and other IT systems. So where would one start in providing such advice?
Once the solicitor has gathered information about whose documents may be relevant for disclosure ('custodians'), they need to understand a little about the IT infrastructure upon which those custodians' documents are stored.
A questionnaire is often helpful at this point and allows the solicitor to retain some control of the information flow to them. Many solicitors complain about receiving CDs and other storage devices crammed full of random documents, but that would not happen if they took a leadership role in defining what should be provided and how.
For large-scale projects there is no substitute for engaging a specialist to create a 'data map' report that can then be used to make decisions, or negotiate limitations, with respect to the extent of a proportionate search. Large clients will often have highly complex systems that require an expert's explanation before such decisions can be made.
For smaller-scale litigation it is possible for the more tech-savvy solicitors to do this for themselves. Limiting ourselves to email and documents on personal computers and/or file servers, common questions in a client questionnaire would be; Where is your email stored? Is it stored internally or at an external service provider? What is the email application and version? (eg Microsoft Exchange 5.5) How long does the email server preserve an email after it is deleted by the user? (retention period)? How is it backed-up? How often is that done, what is the cycle or schedule and what backups are currently in the client's possession? Do users have an email application that stores email data on their personal computers (eg Microsoft Outlook's .pst file)? Are users allowed to store files on the hard disk drive of their personal computer? Are users provided with a personal data area on a server for storing their own documents? If so, details are required of location and back-up routines. Are users provided with shared data areas on a server(s) where they or other members of their respective teams can store documents or files? Again details would be required. Are users allowed to access corporate systems remotely?
Although far from being an exhaustive list, the examples above provide a taste of the types of information that should be requested. Once that information has been received and understood, the solicitor can then make decisions about what data is necessary for collection to fulfil their client's obligation to conduct a 'reasonable search'.