A robust data collection process is the basis of all great eDiscovery cases. Making sure your data is collected in a forensically defensible manner is instrumental to the success of your case, and should always be your first consideration. Allowing your client to become too involved or take on the collection themselves will effectively make them a witness to their own disclosure, this can leave you open to uncomfortable queries from the other side.
Once you have employed a trusted provider to tackle this first step in your collection process, the next question you have to ask is "Where is my data located and how can it be collected?"
In today's data-forward society, data can be stored in many different places, and as such, your options for collection are broader than you might previously have thought. In this blog post, we will be looking at the different collection services offered by eDiscovery providers, such as Altlaw, so that when your next project comes along you can be better informed as to your collection options.
First things first:
Before reaching out to consult on collection services there are a couple of pieces of information your provider will ask you...
- How many custodians are we collecting for?
- What devices/mediums of data are we collecting?
- Where are the devices located?
- What are the IT policies in place with your client?
- Is there a company document storage suite?
- Do you have any backups?
- Case-specific document storage e.g. construction, pharma, IT, financial bookkeeping
This allows us to provide an accurate quote for the collection services as well as make plans regarding travel, if needed, and time taken to collect. The answers to these questions will also help determine the types of collection that will suit your case.
Remote collection is best suited to email data, which we can access from the cloud, and to devices like laptops that can be collected via remote capture.
There are a couple of options for collecting email data, depending on its location and the complexity of the data. In most cases, prior to collection, we will reach out to your IT department and request that a legal hold be put in place. This prevents any changes from being made to any of the data we need to collect.
Once the legal hold is in place, a collection tool, for example, Microsoft 365 Ediscovery, Google Takeout or Metaspike, is used to push PST or OST files from your email storage location into our processing platform/server for later upload into our processing platform. The application used, as mentioned above, is chosen based on the location of your email data and each is a completely accountable method.
When handling more complex data, Metaspike (or another tool of such nature) is used to ensure a robust and forensically defensible collection, as more complex data may require extra capabilities in order to handle it properly.
To collect data from laptops/tablets we follow our Remote Device Collection Procedure in which a micro-laptop is sent to the custodian allowing them to retain custody of their device whilst being guided through the forensically sound collection process of their data. This method of collection is becoming particularly popular as the move to remote and home-based working has resulted in data being held on personal devices. This also tends to be the go-to method for collecting schedule-heavy custodians such as C-Suite personnel or high-profile individuals.
When following this procedure, the micro laptop is couriered over to the custodian whose data needs to be collected and set up following the instructions we have provided. When setup has been completed, we will have access to all the data held on the device and can start the collection process.
This can typically take a few hours, but the custodian can maintain ownership and use of the device throughout this time- though this typically isn't advised, resulting in very little inconvenience.
Once the data has been collected, if there is time, we can then go through the files taken from the device with the custodian and remove/lock all files that are not pertinent to the case at hand. This helps reassure the custodian that only the most essential data is taken.
Altlaw in-office collection:
In some cases, data may be too complex to collect remotely, or it may simply be easier for you to come into the London office and have instant access to your collection professional. In either eventuality, in-office collection is quite a regular occurrence and is certainly the best practice when it comes to collecting data from mobile phones and personal devices.
Mobile phone collection tends to be more complex than other personal device collection, and often more sensitive due to the nature of the device. It is for these reasons that we always recommend phone collections take place in person.
When undergoing an in-office collection your devices are looked after by the forensic collection staff in accordance with Altlaw's ISO 27001 data handling protocols. The custodian is given free rein of our office break-out location, to relax or work as they please, this includes WiFi and quality coffee options. You will be kept updated on the progression of your collection and will have the opportunity to sit with your collection professional and discuss exactly what data needs to be collected, just as you would with the remote collection.
This is pretty much the same as in-office collection, but client-site office or home-based. Altlaw staff can travel to collect information from any part of the globe and can also ensure that your data is stored and processed in specific jurisdictions if necessary. If not then the data is housed in a secure Microsoft Azure instance within RelativityOne and can be accessed from any location for named users via two-factor authentication.
We regularly travel to collect data from custodians whose data is either too sensitive to be collected remotely, or in cases where the window for collection doesn't allow the custodian to travel to us. We have recently collected data from locations such as Turkey, Taiwan and Tel Aviv to name a few. This collection option has proven to be incredibly helpful to custodians as we are able to meet them on their terms and fit around their responsibilities whilst ensuring data is collected as swiftly and safely as possible.