Data is Subjective to Preservation and Protection Obligations

This is the seventh installment in a blog series on Fact Crashing™, the acceleration of the consideration of ACTION data (Ambient, Contextual, Transactional, IoT, Operational, Navigational) to the benefit of resolving disputes.

There are 9 Principles of Fact Crashing™. Earlier blogs covered: 

Principle 1: Data is Evidence and is Discoverable

Principle 2: Data Should be Addressed Early

Principle 2: Deep Dive

Principle 3: Frame Case Issues as Data-Centric Inquiries

Principle 4: Identify, Qualify and Prioritize Data Sources

Now, let’s take a look at the fifth principle.

Data Preservation

The data in databases are stored and organized differently than email, messaging, and user documents. But responsiveness is not dependent on the format of data. Responsiveness is determined by the content and the application to the current litigation or investigation. As such, responsive data, including database fields and content, are subject to discovery. By extension, they are also subject to data preservation obligations.

In our experience, to the extent that database records are part of an intentional, corporate system, many of those systems save data indefinitely. These are often systems of record for items such as time and attendance, compensation, invoicing, inventory, and more. This is due, in part, to the fact that many transactional records are relatively small when compared to free-form documents and emails and have a great deal of intrinsic value due to their organization and structured retrieval.

Likewise, unintentional or ancillary systems, especially the internet of things, are more likely to generate large volumes of data with only a short-term value profile. These systems are more likely to have auto-deletion based on time (e.g., 30-day retention) or volume (e.g., 100 GB log file limits).

As you begin using Fact Crashing™ for the Identification, Qualification, and Prioritization of data sources, bear in mind that default data retention will vary, and you may need to exercise some form of data preservation.

Data Protection

We are experiencing a global spike in data protection and data privacy concerns. Some argue that this is long overdue, and we have been too lackadaisical with how we’ve treated financial, health, personal, or sensitive data in the past. Regardless of how we got to where we are, we are here now. Data protection does not mean that data is exempt from discovery. Instead, it means that additional or explicit steps should be taken to manage the disclosure, use, and dissemination of that data. As noted in Europe, we should minimize the amount and extent of the disclosure to the bare minimum necessary to the circumstance.

An entire book could be written on data protection. Rather than squeezing that book into this blog, I’ll simply acknowledge that data protection is essential and identify a few well-used techniques for it in litigation.

Standard data protection techniques include:

• Protective Order
• Appointment of a Data Neutral
• Data Minimization
• Encryption in Transit
• Encryption at Rest
• Use Access Control
• Roll-Based Access Control
• Anonymization

Within the rubric of Anonymization are a variety of sub-techniques. Some of those, listed by David Baladan at DataVersity, are:

• Aggregation
• Encryption
• Generalization
• Hashing
• Pseudonymization
• Perturbation
• Randomization, and Suppression

Overall, U.S. Courts tend to lean in favor of discovery. This can be traced back to the first promulgation of the Federal Rules of Civil Procedure in 1938 and the rules related to discovery, primarily written by Professor Edson Sunderland with his passionate support for disclosure and Summary Judgment.

Today, courts still favor disclosure of relevant, proportionate, responsive data. Officially, data privacy is not an exception. It is not a privilege or limitation. Unofficially, it is a governor on many productions. Since the rules and the courts favor productions, but society favors discretion, finding ways to raise the protections around exchanging data is appropriate. It is even more suitable for exceptionally well organized, readily accessed, quickly analyzed structured data.

Conclusion

As you work through Fact Crashing™, consider data preservation and data protection upfront. This can save a lot of anguish and angst on the back end.

iDS provides consultative data solutions to corporations and law firms around the world, giving them a decisive advantage  – both in and out of the courtroom. Our subject matter experts and data  strategists specialize in finding solutions to complex data problems – ensuring data can be leveraged as an asset and not a liability.