Frequently overlooked in the meet-and-confer sessions and in subsequent interrogatories is whether a producing party utilizes a data loss prevention system in its computer network. This applies to both the requesting party as well as the producing party. Such an ommision could likely lead to an incomplete e-Discovery effort and a woefully inadequate production of relevant ESI.
DLP systems are increasingly being implemented by mid-large business organizations and institutions for a variety of reasons. But the primary justification for installing a DLP is to monitor and prevent the unauthorized access to and transmission of proprietary electronically stored information. Some organizations use the DLP's capabilities to foster insider trading or sexual harrassment violations by identifying the contents of employee's internal and/or external communications that contain pre-defined parameters programmed in complex filters.
Opposing counsel and even the litigant may never have considered the DLP system in their preliminary survey to identify all potential sources within their computer network storing relevant ESI. While this oversight may be innocent enough, a requesting party has no excuse in not making an inquiry as to whether a DLP system exists.
DLP systems are designed to monitor and classify ESI while it is:
- In motion (as users send e-mails or instant messages)
- In use (as users create or modify documents on their c:\drive)
- At rest (as users store documents on network file shares)
To learn more about DLP systems and key questions an organization should be asking to determine whether relavant ESI may be stored on an opponent's DLP system, click here.