ELI5: What is E-discovery?
When lawyers need to find emails or documents for a court case, e-discovery is the process of searching through all the digital files to find the ones that matter.
Definition
E-discovery (electronic discovery) is the process by which electronically stored information (ESI) is identified, collected, preserved, reviewed, and produced in response to a request in legal proceedings such as litigation, regulatory investigations, or audits. Security professionals must understand e-discovery because they are often responsible for preserving and producing relevant data when legal matters arise.
Key Details
- Triggered by litigation, regulatory investigation, or government subpoena
- ESI includes emails, documents, databases, log files, social media, and any other digital data
- Legal hold must be issued immediately upon anticipation of litigation to preserve relevant ESI
- E-discovery process: identify → preserve → collect → process → review → produce
- Failure to preserve relevant ESI can result in sanctions, adverse inference rulings, or criminal liability
Connections
- Parent: digital-forensics — e-discovery and forensics share many evidence preservation principles
- See also: legal-hold