Michael E. Byczek

Electronically Stored Information (ESI)

ESI has two primary concepts: eDiscovery and eRetention.

The Electronic Discovery Reference Model (EDRM) is used to conceptualize the different stages: identification, preservation, collection, processing, review, analysis, production, and presentation.

These steps include specialized software platforms, data mining, artificial intelligence, data science, forensic analysis, information governance, and machine learning.

The Sedona Conference is a prominent source of eDiscovery best practices.

eDiscovery refers to the process of parties to litigation using court procedure to gain access to digital files that are relevant to a case.

eRetention policies are used by companies to organize their digital content for a consistent method of retaining, deleting, archiving, and accessing digital files.

eDiscovery could impact all files on any devices:

The best eDiscovery plan is to thoroughly understand how a company or individual conducts business or engages in communication with others to pinpoint exactly where to find the most relevant information to win (or defend) a court case.

On the flip-side, eRetention policies anticipate eDiscovery requests. If you are running a company, especially a large business with multiple locations, the chances are high that one day litigation will happen. It is better to organize business activities in an efficient manner and avoid costly and time-consuming compliance with court orders to produce certain files. Failure to do so, could result in court imposed penalties or contempt proceedings.

Imagine a company with hundreds of employees spread across multiple offices and locations in multiple states (even countries). Further imagine all the emails, documents, contracts, computers, hard drives, DVDs, smart phones, social media accounts, and other ways that digital files are used and maintained throughout the corporate structure.

If a court orders the company to produce all relevant files within a specific time period, that company could spend far more money and time trying to comply than could have been avoided with an efficient strategy.

An eRetention policy is that efficient strategy. A perfect example is when to delete spreadsheets on a hard drive. It is very easy to recover deleted files. Some operating systems have built-in options to totally destroy a file when it's deleted in such a way that it would be extremely unlikely it could ever be recovered. Even the U.S. military and government agencies take extra precautions when deleting files on a hard drive. Some eRetention policies go to the extreme of destroying old hard drives in acid.

If a company can prove that they have a formal eRetention policy to delete spreadsheets after three years through industry standard techniques to destroy files beyond the ability to recover the data, it would be very difficult for attorneys to convince a court to try recovering the files anyway. Without a formal policy, all spreadsheets could be the subject of eDiscovery. Simply stating on paper that a company doesn't keep spreadsheets past three years isn't good enough. All files can be recovered without extra steps. Just because the company claims to delete files, doesn't actually mean all copies of that spreadsheet were destroyed. Copies could still be sitting on an employee's computer even though it was supposed to be deleted.

The best eRetention policies thoroughly understand how digital files are used in the ordinary course of business and the consequences of allowing employees to create, save, use, and delete files without any formal plan.


Parties request e-discovery by (A) describing with reasonable particularity each item or category or items to be inspected, (B) specifying a reasonable time, place, and manner for the inspection, and (C) indicating the form or forms in which ESI is to be produced.

Early in litigation, parties are required to disclose the description by category and location of all ESI that the party has in its possession, custody, or control that may be used to support its claims or defenses. Technical aspects of ESI are presented to the court in the discovery plan that requires the parties to state their views and proposals on any issues about disclosure or discovery of ESI, including the form in which it should be produced.

Documents are produced as they are kept in the usual course of business or parties must organize and label them to correspond to the categories in the request. If a request does not specify a form for producing ESI, a party must produce it in a form which it is ordinarily maintained or in a reasonably usable form. A party need not produce the same ESI in more than one form.

Parties may object to the requested form of ESI production by stating the form it intends to use.

If privileged files are found after ESI is produced, a party (after being notified) must promptly return or destroy the data, not use the information, and take reasonable steps to retrieve the files if disclosed.

All relevant evidence is admissible at trial. Relevancy is defined as having any tendency to make the existence of any fact that is of consequence to the determination of the action more probable than it would be without the evidence.

All evidence must be authenticated to support a finding that the matter in question is what its proponent claims. Expert witnesses testify as to the technical aspects of evidence. Witnesses must be qualified as an expert by knowledge, skill, experience, training, or education. Their testimony must (1) be based upon sufficient facts or data, (2) the product of reliable principles and methods, and (3) show that principles and methods were reliably applied to the facts.

A party, through discovery, may obtain full disclosure regarding any matter relevant to the pending action. This covers the existence, description, nature, custody, condition, and location of any document.

ESI may also be defined as "any writings, drawings, graphs, charts, photographs, sound recordings, images, and other data or data compilations in any medium from which electronically stored information can be obtained either directly or, if necessary, after translation by the responding party into a reasonably usable form."

Main Page   Digital and Cyber Topics