When IT Meets Legal
A manager embarks on a journey of document discovery.
Legal discovery can be a unique challenge for IT managers, and the following is my cautionary tale. I had been working as an IT manager for a midsize company for five years and was blessed with a good manager who got me what I requested. Most emergencies were non-events.
I was making progress on a server upgrade one day when my manager came in with the company attorney. My manager explained that our attorney needed my help and then left us alone in my office. The attorney handed me a printed list of 11 words and proper names, and asked me to read a court order. When I finished, she explained that our company was the plaintiff in a lawsuit and we had a week to turn over all relevant information from the last two years containing the words on the list.
I began to brainstorm on how I could possibly accomplish the task. It was going to be very time-consuming. I'd need to enlist the help of the managers.
Beginning the Process
My manager arranged a meeting with the eight department managers and our attorney accompanied me directly to the meeting. At that meeting, I explained that from two administrative servers and six workstations I could begin the discovery process of looking for documents on all our computers. I emphasized that all systems would need to be left on until the search was done. I would then print out lists of files in which the discovery words were found, organized by department. The managers would access each file on their list and print it if it was relevant. IT would scan those files, burn them to CDs, and give them all to our attorney.
Within an hour, I began searching all machines using Windows XP search, ensuring I turned on the option to search all file types. One programmer created a program to take the files that were a "hit" and move their path into a database to add flexibility for creating the manager's lists. In two days, I delivered the printouts to the managers. Another two days after that, the managers had printed their documents, and IT had scanned and burned the CDs, and delivered everything to our attorney.
Six months later, my manager and our attorney came into my office. The defendants had an e-mail document pertinent to the case generated by us that we hadn't found in our discovery. The defendants and judge were not happy. They were concerned about what else may have been missed and whether our company was being completely forthcoming. We were then ordered to do another search.
In IT, I was accustomed to explaining obscure problems and solutions, but those instances now seemed easy compared to explaining the many ways there could've been a breakdown in the search process. Eventually I was deposed to explain why our discovery had not been complete. The possibilities seemed endless.
When I found out which document my search had missed, I immediately knew who created it and what had happened. An interim manager had used a personal, non-company e-mail account to send the file. I was chagrined, but my manager and attorney understood.
If you're ever involved in legal discovery, be prepared to show that your company uses a system for document retention, has policies for document retention and does its best to enforce those policies.
You might also use a Group Policy to turn off thumb drives and provide computers without CDs or floppy drives, or limit access to the Internet. Check network traffic for the use of non-approved e-mail systems. Use a search program specifically designed for legal discovery. Do two separate searches conducted by two different employees to make sure they both find the same files. Lastly, be prepared to be deposed.
Ed Mahlum has spent 28 years in IT and is the owner of Computer Security Services, a consulting firm focusing on compliance for identity theft, HIPAA and the Department of Homeland Security.