Overview
Version 1.0
Last Revision Date: November 28, 2007
Approval Date: January 22, 2008
Approval Authority: Case Office of General Counsel, Case
Chief Information Security Officer
Purpose
The purpose of this procedure is to establish
standard
method for handling of electronically stored information to comply with
the December 1, 2006 revisions to the Federal Rules of Civil Procedure (FRCP).
Scope
This policy applies to all schools, departments,
employees, faculty members, and agents of Case Western Reserve
University.
Cancellation
Not applicable.
Procedure Statement
General
The new Federal Rules of Civil Procedure mandate that electronically
stored information are subject to discovery obligations of a party in a
federal lawsuit. The procedure is applied when a lawsuit has been
filed by or against Case Western Reserve University, or when the
University reasonably knows that such as lawsuit is about to be filed.
Procedure
- The University Office of Counsel shall contact
the IT
administrator for each School or Department that may have any
information relevant to the lawsuit.
- The IT administrator shall determine the types
of
electronically stored information that exist for such School/Department
and the manner in which such information is maintained and
stored. This information may be on local hard drives, servers, or
in backup systems or media.
- The IT administrator shall then take all
reasonably
necessary steps to preserve that electronically stored information,
including disengaging any automated processes that periodically delete
or destroy such information.
- All employees, faculty, and third-parties
having
access to relevant electronically stored information shall be notified
by
the Office of Counsel that they are prohibited from deleting or
destroying that information (litigation hold).
- The IT administrator shall advise the Office of
Counsel regarding the manner by which such information may be searched
and produced and the associated cost.
- The Office of Counsel shall notify all relevant
persons when this information no longer needs to be preserved.
Data Preservation Considerations
Normal data lifecycle operations that often include automated data
purges or electronic media reuse may continue in the absence of a
pending lawsuit (or of a lawsuit known to the University that is about
to be filed).
Information that is preserved under this procedure will be maintained
by the Office of Counsel or their designated information technology
support personnel until it has been determined that the data retention
is no longer required.
The University will make every reasonable attempt to prevent spoliation
of information gathered for discovery.
A Discovery Plan (Form 35) shall include provisions for screening of
information gathered for discovery to evaluate for impact of disclosure
of privileged or protected information.
Definitions
electronically stored information: relevant electronic information
includes but is not limited to:
email (message
contents, header information, email system usage logs)
databases (records and fields and structural information) pertaining to
human resources or personnel information
word processing files (including prior drafts, 'deleted' files and file
fragments)
spreadsheets
litigation hold: a suspension of normal data deletion processes based
on the standard data lifecycle
Responsibility
The Office of University Counsel is responsible for the communication
of a 'preservation notice' to principal personnel.
Departmental IT administrators and staff are responsible for the
implementation and
adherence to data preservation procedures.
Standards Review Cycle
This procedure will be reviewed every three years on the anniversary of
the
policy effective date, at a minimum. The standard may be reviewed on a
more frequent basis depending on changes of risk exposure. |
