Denison University shall be responsive to all legal requests for electronically stored information (ESI) from any recognized legal authority. The University maintains numerous logs, records, backups and other forms of data that may be requested in a litigation process. The University will not voluntarily provide any such information; data will only be released under the terms of a court ordered disclosure, subpoena or other appropriate request.
Unless compelled to silence by the request, Denison University shall advise the subject of an ESI order of the existence of the request. Data collection, preservation and production shall proceed as requested and will be provided unless the subject seeks and obtains injunctive relief from the request.
The duty to preserve relevant ESI may commence upon:
- initiation of a lawsuit by or against the university
- the university is put on notice by a party that litigation is or may be imminent or
- the university has knowledge of facts that indicate litigation is reasonably anticipated
ESI includes, but is not limited to: electronic files; communications, including email and instant messages sent or received, and voicemail; data produced by calendaring software; and information management software. In addition to specific data that are electronically stored and readily retrievable, ESI includes data that may not be visible (e.g. metadata) that is generated by system hardware, email and instant messaging, information management software, handheld computer devices, telecommunications devices, and back-up storage devices. ESI may be stored on different electronic devices and removable devices (ex: internal and external drives, PDAs, smart phones, servers, laptops, backup tapes, thumb drives, CDs, DVDs) and may also reside at different locations (e.g., on the home or work systems, institutionally-owned or personal systems, in departmental files, etc.).
In addition to university owned and managed systems, ESI stored on any external services operated on behalf of the university are subject to legal process. Such requests may be served through the university or directly to the vendor/provider. In cases where the request is sent directly to the service provider, the provider’s terms of service govern the types of data preserved and the method of release unless otherwise stipulated by contract.
It is very important that ESI is preserved in its original electronic form so that all information contained within it, whether visible or not, is also available for inspection. This means that requested data on a local or external disk drive may require that the entire disk drive be preserved intact to comply with the request.
Costs to recover, process and protect ESI are typically borne by the party that holds the data. Preservation costs can also be impacted by the form in which it must be maintained. ESI that imposes an undue burden or cost to make it accessible need not be provided initially, but may later need to be produced, as determined on a case-by-case basis. Examples of ESI data that might not be reasonably accessible include: information backups created for disaster recovery, legacy information from technically obsolete systems, remnants of deleted information that would require the aid of forensic specialists to recover, and databases designed to produce information only in ways not useful to the case. If costs to produce ESI are excessive, the university reserves the right to request relief from the court of jurisdiction. (See Federal Rules of Civil Procedure, Rules 16, 26 and 34.)
Denison University E-Discovery Process
All legal orders involving electronic data shall be expeditiously sent to the Information Security Officer. If the request has not been reviewed by the university legal counsel, the Information Security Officer may request a review or clarification of the order. Legal counsel may determine if there is a need for a Litigation Hold Notice, the scope of the Hold to be issued, and formally issue a Litigation Hold Notice.
In conjunction with the legal counsel, the Information Security Officer shall (1) identify the ITS and records management personnel who can assist in protecting and preserving ESI and other relevant information; (2) identify the specific individuals (end users) who may have responsive ESI; (3) identify the categories of information that are to be preserved or; (4) utilize an ESI questionnaire or discovery survey to facilitate the location of ESI.
Additionally, the legal counsel and the Information Security Officer shall review collected ESI to determine if it is responsive and/or subject to evidentiary privileges; identify and segregate confidential information and release the data as appropriate.
End Users Who Receive a Litigation Hold Notice
If you receive any legal request from an outside agency for ESI, you should make a copy of the request for your records and forward the original request to the Information Security Officer.
If you receive a request from the Information Security Officer or the university legal counsel, you must acknowledge receipt of the request, comply with all instructions and preserve all requested information. In general, the end user should:
· Suspend all personal practices regarding the destruction of ESI related to the Hold (e.g., deletion of emails, voice mail, drafts of documents, accessing a document that may be altered by opening it, etc.);
· If possible, disable all known automated functions that affect the preservation of the requested ESI (e.g., automatic deletion of emails, folder creation, etc.). If this is not possible, contact ITS to disable these functions;
· Contact the Information Security Officer or university legal counsel when needing access to a document or file containing ESI that may be relevant to the Hold;
· Identify location of all potentially responsive information; provide relevant computers/devices;
· Request assistance as needed.
Email – Multiple copies of the same email may exist on different systems. Examples include personal devices, local mail client archives, online servers, and system backups.
Research Data – While there may be exceptions, ESI containing research data and/or intellectual property would be handled the same as any other data subject to e-discovery. Exceptions may include: research sponsored by the Department of Defense or contracts associated with sponsored research for terms related to court disclosure. The discovery process allows for the negotiation of court orders that stipulate in detail how the data will be protected from inappropriate disclosure.
Metadata – A discovery order may require the production of metadata associated with the ESI. Metadata may be altered by simply accessing a file as part of a search for responsive ESI.
Other Media and Formats – Information subject to e-discovery can be on various media (CDs, DVDs, USB drives, magnetic tapes, etc.) in various file formats. Some media and formats could be technologically obsolete, but still retrievable with significant effort.
Scope of the Request – Everything that is potentially relevant to the legal claim that triggered the e-discovery request should be preserved. The scope of “everything” is determined on a case-by-case basis by the university’s legal counsel.
Unreasonable Requests – "Unreasonable" is subject to interpretation. Initially, the producing party makes the call on what is reasonably accessible and FRCP Rules 16, 26, and 34 provide a procedure for challenging a claim that information is not reasonably accessible. The producing party must show undue burden or cost.