ediscoveryIn part one of this two-part series I provide an introduction to e-discovery, covering what it is, why it is important and the meaning of some of the main terminology used today.

What is e-discovery?

E-discovery (Electronic Discovery) is the identification, collection and production of Electronically Stored Information (ESI) in response to a civil litigation or investigation. ESI includes electronic data such as emails, word documents, databases, web pages and instant message conversations.

E-discovery is growing at a steady pace (especially in the legal and financial industries) so it is important to understand what it means and how it might fit into your organization.

Why is e-discovery important?

The American Records Management Association (ARMA) state that over 90% of documents created today are in electronic format and, according to a report published by the Radicati Research Group, “the number of business emails sent and received each day totalled 89 billion” in 2012!

At a grass-roots level, the importance of e-discovery stems from the fact that the majority of information these days is electronic and can potentially be sought as evidence in a court of law. Additionally, with the sheer amount of data available and regulatory and legal compliance requirements continuing to evolve, organizations face new challenges when it comes to information retention and governance.

If you couple all of this with the fact that (according to a Litigation Trends Survey published by Fulbright & Jaworski LLP a few years ago) around 90% of US organizations are engaged in some kind of litigation, it becomes critical that, as an organization, your electronic house is in order and that you have the right systems and procedures in place to deal with e-discovery requests.

As you will see in the next section, the costs and time associated with discovering and presenting electronic evidence, or the inability to present that evidence, can be huge.

Landmark e-discovery cases

There are a number of landmark e-discovery cases that highlight the importance of e-discovery and ensuring that you have the systems in place to promptly provide the electronic evidence that is asked of you.

Coleman Holdings v. Morgan Stanley, 2005

Morgan Stanley was ordered to pay over $800 million in damages when they repeatedly failed to produce emails in a timely manner. The judge in this case stated that “efforts to hide its emails” were evidence of “guilt”.

Bank of America fined $10 million, 2004

Following an investigation into trading by Bank of America and a former employee, the SEC (Securities and Exchange Commission) ordered Bank of America to pay a fine of $10 million after they “repeatedly failed to promptly furnish” email and gave “misinformation”.

Zubulake v. UBS Warburg, 2003

After UBS Warburg were sued by a former employee on grounds of sex discrimination and could not produce copies of relevant emails, they were ordered to pay $29 million in damages. The judge instructed the jury to “infer that the [missing] evidence would have been unfavourable” to the defendant.


When dealing with e-discovery, you are likely to come across a number of terms used to describe different aspects of an investigation. The list below explains what some of the most common terminology means.

  • ESI (Electronically Stored Information) – Information that is created, modified, stored, and used in digital format. Examples of ESI include anything from MS Word, Excel and PowerPoint documents to voicemail, phone logs or Blackberry logs, and even building access logs or CCTV video files.
  • Harvesting – The process of retrieving electronic data from various PCs and storage media (e.g. USB drives, CD/DVDs, backup tapes).
  • De-duplication – The identification and segregation of files that are the same or very similar.
  • Metadata – Structured information about a file (embedded in the file) that describes its characteristics, origins, usage and validity.
  • Spoliation – The destruction or substantial alteration of evidence, or the failure to preserve evidence, for use in an upcoming litigation.
  • Legal Hold – An instruction from legal counsel to an organization to suspend the normal disposition or processing of electronic data to avoid evidence spoliation in expectation of an upcoming investigation or litigation.
  • Document Retention Policy – A documented plan that dictates the amount of time categories of data and documents must be retained before they can be destroyed in accordance with applicable laws, regulations and business requirements.
  • Custodian – An identified individual who is directly related to the investigation and is likely to have been involved in the potentially relevant documents.

Keep an eye out for part two where I will cover the e-discovery process (EDRM) and highlight two common e-communications archiving architectures used by organizations today as part of their e-discovery strategy.

Get your free 30-day GFI LanGuard trial

Get immediate results. Identify where you’re vulnerable with your first scan on your first day of a 30-day trial. Take the necessary steps to fix all issues.