When it comes to evidence in digital form – we’ll call it electronically stored information (“ESI”) – there are many templates available for processes and protocols under the Sedona Principles and, in Ontario, the Rules of Civil Procedure (which incorporate the Sedona Principles). See, for example, the Ontario E-Discovery Implementation Committee’s Model Precedents” on the Ontario Bar Association’s website1.
However, some situations in day-to-day litigation arise that existing templates do not cover. One of the most common is the “My client’s files have been corrupted” scenario. Correspondence comes in the mid or even later stages of a lawsuit. Opposing counsel announces that the client has discovered some ESI that had previously gone undiscovered or unreported. But, the client has told counsel, the ESI is inaccessible or somehow corrupt.
This correspondence raises multiple issues. What is the explanation for the ESI, or its existence, not being reported earlier? Was it listed in the affidavit of documents?
If this ESI was available, but no longer is, did its loss or corruption occur during the litigation or before? If during, how? Has there been spoliation?
Counsel receiving such correspondence from the other side will want to prepare the way for gaining access to this data. If able to gain access, then counsel will want to make sure they have full review and discovery rights in relation to this new evidence. They will want to make sure that they can take steps to remediate the data, if necessary.
If the data truly cannot be accessed, counsel will want to prepare the way for a spoliation argument.
It is with this scenario in mind that we have prepared the following template letter. On the one hand, it addresses the myriad issues raised by this scenario, On the other hand, it is not an overly technical letter. We have tried to balance the rights of the party receiving such a report against the perception of an over-reaction in the face of newly discovered, and possibly corrupted, evidence. We have prepared and are making available this template for informational purposes. It is not to be taken as legal or technical advice. It is not to be relied upon as such.
I understand that your client X says s/he has retrieved [Electronically Stored Information (“ESI”) e.g. files/ emails/ hard drive etc.]. S/he has determined, however, that some or all of this ESI is “corrupt”. S/he says this ESI therefore cannot be accessed for production or review in this matter.
The data that X is now reporting as “corrupt” is relevant to the core of our clients’ claim. Your client has an ongoing obligation under the rules to preserve all evidence, including all ESI. In light of this obligation, we require that:
- if the ESI reported to be “corrupt” is the original ESI (rather than a preservation copy), nothing be done to alter or delete it pending discussions regarding possible remediation; or
- if the ESI reported to be “corrupt” is a preservation or working copy of the original ESI, the original ESI be preserved in a forensically sound manner to allow for re-collection. (The preservation or working copy must be preserved as well, for obvious reasons.)
In order to understand the nature and extent of the reported corruption, having regard to the rules and your client’s production and preservation obligations, we require the answers to the following questions (I need hardly add that our client would be entitled to these answers on discovery):
- What precisely is being reported “corrupt”?
- If it is a device, disk or drive on which the ESI was placed, please describe the device, disk or drive (type, manufacturer, model, capacity, operating system, cable or connectivity type);
- If it is an evidence file or container file used to preserve / transfer the ESI, please describe the software and version used to create the file(s);
- If individual ESI files, please identify them, along with file extension.
- How was the corruption detected, and by whom? For example, what error messages were displayed, at what stage of accessing the ESI (preservation / collection / processing) within what application, by an IT professional or another person?
- What is the nature of the inaccessible ESI (e.g., “Accounting files, 2012-14”; “PST from J. Doe laptop”)?
- How many files are implicated (file count and volume)?
- What application(s) did or does X use to create and store the ESI?
- In what location(s) was the ESI originally stored? Is there more than one device on which this ESI was, is or might be located? If so, how many and what kind (i.e. desktop, notebook, tablet, phone)?
- Is X’s system part of a network? Is it connected to a “cloud” service?
- Has X successfully accessed this ESI between the time of the events in issue and the time X reported it as corrupt? If so, were copies of this ESI created in other locations? If so, provide details.
- Is the ESI available from other sources? What are X’s backup protocols for this ESI, both digital and paper (i.e. printouts)? Are backups of (all or part of) the ESI available?
Based on the answers to these questions, we will be able to determine how to proceed. We will undoubtedly have further questions that flow from the answers. It is our hope that we can shed some light on how the ESI might be repaired or alternately sourced, so that your client can properly fulfill her/his production obligations.
For evidence in X’s possession to be reported as “corrupt” at this stage of the litigation raises a serious question of spoliation. If there has been spoliation, our clients reserve the right to seek the appropriate remedies. In addition, we reserve discovery rights of X on this recent development.
Finally, I’m sure I need not add that, whatever ESI X did access and report as “corrupt” must be preserved. Corrupt or not, it is still evidence in this matter.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.