The scope and method of data collection should be determined after a legal and strategic assessment of all the pertinent facts and issues in the proceedings, and in accordance with a plan, preferably as agreed with other parties, including regulators. Limited scope and improper self-collection (e.g. undocumented procedures) by clients can lead to serious problems down the road including:
- Challenges to the admissibility or weight of the evidence
- Time and expense of collecting data twice
- Sanctions for missing relevant custodians or data sources
- Possible loss of critical data and metadata leading to inability to prove or defend case
- Court or regulatory sanctions for spoliation
- Potential breach of employee privacy rights
On the other hand, full-bore forensic imaging can be costly, intrusive and unnecessary. There is no “right approach” or cheat sheet that covers all cases, because the proper scope and method of collection depend on many factors, including:
- the type of proceeding – litigation, arbitration, investigation?
- the type of matter – family law, commercial, product liability, employment?
- factors of proportionality – what’s at stake here?
- whether allegations of fraud have been made
- whether communications have been or are in danger of being repudiated (“I did not send that email”)
- trust level between the parties
- whether an agreement has been (or can be) negotiated
In addition to the legal and strategic issues around collection are the technical ones. There are many applications that purport to collect data forensically, and many experts out there with differing and sometimes confusing qualifications. Different methods, skills and tools must be used on different sources of data, For example, collecting Facebook pages is a very different exercise from collecting Blackberry text messages or deleted emails from an Exchange server.
Effective planning is the only way to ensure that collection is done appropriately for the matter at hand and in a cost-effective but defensible way.