In two thirds of states, attorneys bear a duty of competence that extends to technology, including competence with eDiscovery technology, ESI sources, and more
In the first Part of this series, we reviewed the change to the ABA Model Rules of Professional Conduct that formalized a duty of technology competence and the adoption of that change (and variations on it) by two thirds of states. In this Part, we begin our review of California’s enumerated requirements specifically for eDiscovery competence.
As we noted in the last Part, California promulgated Formal Opinion No. 2015-193 in 2015, which established a duty of technology competence for eDiscovery and identified nine specific requirements for fulfilling that duty, which have been widely discussed as a useful model for all attorneys. The first five of those requirements all pertain to the initial steps that must be taken at the very beginning of a new matter, even before formal discovery has begun:
The first requirement is that an attorney – or an attorney collaborating with an eDiscovery expert – be able to spot eDiscovery implications at the outset of each new matter. This requirement in some ways incorporates the other eight within it, as it asks you to think ahead about eDiscovery needs and issues that might arise throughout the course of the upcoming matter. As several of the following requirements make clear, the most important things to be able to assess initially are (a) potential sources of ESI that will need to be considered and (b) any risks of loss associated with those sources that must be mitigated. Many kinds of mistakes can be remedied farther down the road, but the loss of unique, relevant ESI cannot.
We also touched on this requirement and its importance in our series on eDiscovery project planning. That series provides step-by-step guidance on how to scope and plan for the eDiscovery aspects of a new matter, including checklists for each step.
As we just noted, acting quickly to identify and prevent the loss of ESI sources is core to fulfilling the duty of eDiscovery competence. As we have seen in numerous contexts, ESI spoliation remains a frequent issue – particularly in the gray area where new devices, applications, or services are transitioning from niche adoption to mainstream use. The first and most important step for preservation in most instances is the issuance of an effective legal hold, and the second is monitoring ongoing compliance with that hold (including the suspension of automatic janitorial functions and immediate collection of at-risk data where required).
We took a deep dive into the relevant legal standards, recommended components, and logistical options in our series on legal holds. We also discussed the preservation of data in situations where internal bad actors are suspected in our series on investigations.
This requirement is the one most likely to require the assistance of technical experts, both your own and your client’s. Every organization has a unique combination of enterprise, departmental, and individual computers, devices, and software (as well as third-party service providers and other potential sources). Moreover, each organization has its own standard operating procedures – both formal, documented ones and unofficial ones – that dictate how things are created, where things are stored, and for how long. Untangling that unique mess to identify all the places that potentially-relevant ESI may be hiding requires, at a minimum, the involvement of (a) someone with intimate knowledge of those systems and practices (i.e., organization IT), (b) someone who understands the relevant legal scope and likely discovery obligations (i.e., you), and (c) someone who can understand the technical details presented and assess them against the scope and obligations (i.e., you and/or your eDiscovery or collections expert).
We also discussed this fundamentally investigative process in our series on eDiscovery project planning, including investigative techniques you can use for it when needed, such as targeted interviews, data mapping, surveying, and sampling.
There is obvious overlap between this requirement and the requirements above, but as we have noted, avoiding spoliation of ESI is at the heart of the duty of eDiscovery competence. This additional requirement is primarily aimed at making sure practitioners understand the range of data handling options available and the importance of maintaining forensic soundness. For example, this would encompass understanding the importance of metadata, how easily it is altered, and how to ensure its preservation. This would also extend to understanding the risks associated with allowing self-collection, to understanding (at a high level) imaging and targeted collection options; and, to considering newer remote collections solutions. As with the requirement above, this requirement is often fulfilled with the assistance of an eDiscovery or collections expert that can bring a greater depth of technical knowledge to the table.
We reviewed these options and other important collection knowledge for practitioners in our series on collection fundamentals.
This requirement fits hand-in-glove with the above requirements, which are more focused on the source systems and devices than the people wielding them. In addition to being able to identify and address those source systems and devices, practitioners need to be able to identify the relevant individuals who use, possess, or administer them to ensure the completeness of both preservation and collection. Those individuals are the ones with the most direct knowledge of what relevant ESI exists and where it exists. They also have the most accurate information about how ESI is created, handled, shared, and stored on a day-to-day basis.
We discussed the custodian identification and interview process in detail in our custodian interviews series.
Upcoming in this Series
Next, in the final Part of this series, we will discuss the remaining requirements identified by the California order.