Why do Data Migrations Need to be Legally Defensible?

Posted by Bill Tolson • July 3, 2018

Legal_DefensibilityResponding to an eDiscovery request carries with it several important responsibilities including securing potentially responsive data (otherwise known as a litigation hold) as soon as possible.

When a lawsuit is filed (or even anticipated), all potentially relevant data needs to be found and secured under a litigation hold. The litigation hold includes protecting that data (including all metadata), as well as content and associated files (email attachments), from inadvertent deletion or alteration.

Another responsibility is to ensure data remains in its original state, including all metadata, once the litigation hold has been placed. These and other responsibilities are laid out in the Federal Rules of Civil Procedure (FRCP) - and should not be taken lightly.

Preventing potentially relevant data from being changed, lost, or deleted is a major challenge for companies who don’t actively manage all their electronically stored information (ESI). Many companies only manage what they consider to be “records” -  content that needs to be retained due to regulatory requirements or is needed for the continued running of the business. However, only about 5% of all enterprise ESI is considered a record which means 95% of a company’s data is not managed, or if it is, its managed by individual employees – which in most cases means it not managed at all.

Chain of custody is only a piece

Guaranteeing the chain of custody (CoC) of evidence is another important requirement when responding to an eDiscovery request. CoC is meant to prove that the evidence (or ESI) has remained in substantially the same condition from the moment one person took possession until the moment that person released the evidence into the custody of another. This means that if originality of the evidence is called into question, the producing party must show a documented history of direct management and protection. CoC is especially challenging when working with large datasets (hundreds of gigabytes or terabytes) that must be searched, collected, protected, culled, and reviewed for eDiscovery response. For example, corporate legal must regularly search (with ITs help) tens, hundreds, or even thousands of data repositories (including employee data storage devices) looking for relevant content. It is key to ensure that data collectors do not inadvertently alter the data, for example changing metadata by simply accessing it.

Data Fidelity and eDiscovery

When responding to eDiscovery, it is important to understand the various processes involved in creating, managing, and moving data around a modern enterprise can inadvertently alter the data fidelity of a potentially relevant file. In litigation, data fidelity is defined as the measure of similarity to the data’s original state. In other words, if the data fidelity of a given file is 100%, then that data is said to be original or unaltered. The litigation hold/eDiscovery process carries with it the requirement that all potentially relevant data is not altered in any way after the litigation hold responsibility arises.

Data migrations and data defensibility

Migrating large data sets to another location during litigation can be risky, however, in many cases, companies don’t have a choice. For example, many companies are in the process of migrating their on premise email archiving systems to Office 365 or Azure. For many large organizations, eDiscovery is a regular occurrence and if allowed, could stop all projects from ever completing.

Many migration solution providers will tell you that chain of custody reporting is all that’s needed to ensure legal defensibility. However, they won’t mention that they potentially convert, alter, or intentionally delete file properties, for example, metadata, putting you at greater risk of a spoliation charge. During data migration, both chain of custody AND data fidelity are required to prove legal defensibility. 

Before migrating any ESI, including email archiving systems, file systems, databases, etc., you should take two actions:

  1. talk to your GC or outside legal counsel and get a written legal opinion that the planned data migration can go forward - including specific aspects to look out for
  2. talk to your migration services provider and ensure their process does support both CoC and data fidelity so as not put you at greater legal risk

Clean data migration with FastCollect

Archive360 is the leader in migrating ESI in a legally defensible manner. Archive360’s FastCollect migration solutions operate at the object-level to onboard, validate, and manage all your data including metadata and email stubs, no matter where it resides, in a legally defensible manner. FastCollect enables you to seamlessly migrate your data in a matter of hours and days, rather than weeks or months. And FastCollect never copies your data to our servers so you can rest assured that your data is only stored in your protected repositories. Additional about FastCollect resources can be viewed here.

To request a demo, please click here.

For additional information on FastCollect, check out these related blogs: