13 August 2007

ESI: Authenticity of Evidence...

Legal opinions on the admissibility of evidence and electronically stored information (ESI) are becoming more prevalent and increasingly relevant to Operational Risk Management:

In Lorraine v. Markel, authentication of information is a key issue in the ruling. Maryland Courts Watcher caught this ruling and our eye recently. "In its 101 page opinion, the court dedicated at least 90 pages to providing extensive and detailed analysis and guidance on the interrelated evidentiary issues governing the admissibility of electronically stored evidence (ESI), including: analysis under Rule 104, relevance under Rule 401, authentication as required by Rule 901(a), effect of hearsay as defined by Rule 801 and any applicable exceptions, consideration of the form of the ESI being offered under the original writing rule and the admissibility of any secondary evidence to prove its content, and the probative value of the ESI considering potential unfair prejudice or one of the other factors identified by Rule 403."

Whether ESI is admissible into evidence is determined by a collection of evidence rules that present themselves like a series of hurdles to be cleared by the proponent of the evidence. Failure to clear any of these evidentiary hurdles means that the evidence will not be admissible. Whenever ESI is offered as evidence, either at trial or in summary judgment, the following evidence rules must be considered: (1) is the ESI relevant as determined by Rule 401 (does it have any tendency to make some fact that is of consequence to the litigation more or less probable than it otherwise would be); (2) if relevant under 401, is it authentic as required by Rule 901(a) (can the proponent show that the ESI is what it purports to be); (3) if the ESI is offered for its substantive truth, is it hearsay as defined by Rule 801, and if so, is it covered by an applicable exception (Rules 803, 804 and 807); (4) is the form of the ESI that is being offered as evidence an original or duplicate under the original writing rule, of if not, is there admissible secondary evidence to prove the content of the ESI (Rules 1001-1008); and (5) is the probative value of the ESI substantially outweighed by the danger of unfair prejudice or one of the other factors identified by Rule 403, such that it should be excluded despite its relevance.

Authenticity and the chain of custody of ESI will continue to be a major challenge for the general counsels of major corporations in the years ahead. Creating and maintaining trusted information through out the enterprise intersects policy, processes, people and technology. The legal risk associated with non-compliance and missed opportunities is a growing concern in executive management and Board of Directors meetings.

The explosion of information as early as 2001 started a process of discussions on the nexus of information security regarding data integrity and authenticity:

With the explosive growth of data exchange and the availability of access to services over the Web, the Trusted Information requirement is more and more an issue to providers and users of these services. Addressing this security issue, this volume is divided into eleven parts covering the essentials of information security technologies, including application-related topics, and issues relating to application development and deployment:

  • Security Protocols;
  • Smart Card;
  • Network Security and Intrusion Detection;
  • Trusted Platforms;
  • eSociety;
  • TTP Management and PKI;
  • Secure Workflow Environment;
  • Secure Group Communications;
  • Risk Management;
  • Security Policies;
  • Trusted System Design and Management.

Companies like IBM have been talking to clients about trusting their information for decades. However, when the discussions turn to litigation and admitting information stored on hard disks, dvd's, USB Thumb Drives and the data on your VOIP phone system it all starts to become more complex than one could ever imagine. That complexity and the speed that courts are asking for responsive answers puts your legal risk in the center of the discussion.

Achieving a Defensible Standard of Care requires more than a savvy outside counsel. It demands an effective CIO, CSO and Records Manager working in combination with the hundreds of law firms you may have retained to address your ongoing litigation.

No comments:

Post a Comment