Last year at the Harvard Legal Technology Symposium, renowned ediscovery expert David Horrigan recounted a slightly disturbing discovery tale. Back in the good ‘ol paper-based discovery days, boxes of documents arrived for discovery with the assigned associates and paralegals eager to delve in. Unfortunately, the boxes were filled with venomous brown recluse spiders, meaning several staff ended up being carried off on stretchers.
While there may be little risk of literal bugs impacting discovery these days, what about electronic bugs? In this blog I look at how computer bugs and malware may impact discovery compliance.
Note, the following is general information and does not constitute legal advice. For legal advice specific to your situation seek out a qualified attorney in your state or country.
When electronically stored information (ESI) is collated for discovery, either manually, or via an automated ediscovery process, it is possible that some documents may have been corrupted. This may be due to bugs (i.e., unintentional design defects in the program) or malware (e.g., viruses intentionally designed to do damage).
The United States Federal Rules of Civil Procedure (FRCP) set out in rule 37(e)(2) what parties to litigation are required to do to avoid ‘spoliation’ during discovery: That is, to prevent potential evidence being lost. In order to demonstrate compliance, it is essential that at the outset of civil proceedings (or indeed, in anticipation of them) that parties subject to discovery take reasonable steps to ensure the security and integrity of their data. For an example of breach, in one case Procter & Gamble Co. v. Haugen, the plaintiff neglected to preserve emails it knew would be subject to discovery. In light of this, the plaintiff was sanctioned $10,000.
These sanctions were beefed up by an amendment to the rule in 2015, which introduced significant sanctions for failure to preserve ESI.
This raises the question, what if removing or patching a bug or virus would delete available evidence? Or, what if it would be too risky to pass the infected documents on to the other party? Would that party be in discovery compliance, or in breach of rule 37e(2)?
In Goldrich v City of Jersey City, the plaintiff refused to produce evidence on the grounds that a virus had infected his computer. The defendant obtained a court order to produce the laptop where it was revealed, to no one’s surprise, that there was no virus. But what if there actually was a virus?
A key part of ediscovery proceedings in the United States is the initial conference held under rule 26(f) of the FRCP. Through this conference, the parties to the litigation agree on a process for preserving discoverable information, and develop a plan for dealing with ESI. It is at this point, at the start of the discovery process, that both parties should agree on how any corrupted files are to be dealt with. It is likely that both parties should confer on any documents that are to be left out for this reason.
Parties to litigation need to ensure that they are compliant with spoliation rules. A crucial part of this will be an agreement between both parties at the start of proceedings on how any corrupted files (whether by bugs or malware) will be dealt with throughout discovery.