Date Approved: January 22, 2008
Effective Date: January 22, 2008
Responsible Official: Chief Information Security Officer
Responsible Office: [U]Tech Information Security Office
Revision History: Version 1.0; dated May 20, 2011
Related legislation and University policies:
Review Period: 5 Years
Date of Last Review: May 20, 2011
Related to: All account holders
The purpose of this procedure is to establish standard method for handling of electronically stored information to comply with the December 1, 2006 revisions to the Federal Rules of Civil Procedure (FRCP).
This policy applies to all schools, departments, employees, faculty members, and agents of Case Western Reserve University.
The new Federal Rules of Civil Procedure mandate that electronically stored information are subject to discovery obligations of a party in a federal lawsuit. The procedure is applied when a lawsuit has been filed by or against Case Western Reserve University, or when the University reasonably knows that such as lawsuit is about to be filed.
- The University Office of Counsel shall contact the IT administrator for each School or Department that may have any information relevant to the lawsuit.
- The IT administrator shall determine the types of electronically stored information that exist for such School/Department and the manner in which such information is maintained and stored. This information may be on local hard drives, servers, or in backup systems or media.
- The IT administrator shall then take all reasonably necessary steps to preserve that electronically stored information, including disengaging any automated processes that periodically delete or destroy such information.
- All employees, faculty, and third-parties having access to relevant electronically stored information shall be notified by the Office of Counsel that they are prohibited from deleting or destroying that information (litigation hold).
- The IT administrator shall advise the Office of Counsel regarding the manner by which such information may be searched and produced and the associated cost.
- The Office of Counsel shall notify all relevant persons when this information no longer needs to be preserved.
Data Preservation Considerations
Normal data lifecycle operations that often include automated data purges or electronic media reuse may continue in the absence of a pending lawsuit (or of a lawsuit known to the University that is about to be filed).
Information that is preserved under this procedure will be maintained by the Office of Counsel or their designated information technology support personnel until it has been determined that the data retention is no longer required.
The University will make every reasonable attempt to prevent spoliation of information gathered for discovery.
A Discovery Plan (Form 35) shall include provisions for screening of information gathered for discovery to evaluate for impact of disclosure of privileged or protected information.
electronically stored information: relevant electronic information includes but is not limited to:
email (message contents, header information, email system usage logs)
databases (records and fields and structural information) pertaining to human resources or personnel information
word processing files (including prior drafts, 'deleted' files and file fragments)
litigation hold: a suspension of normal data deletion processes based on the standard data lifecycle
The Office of University Counsel is responsible for the communication of a 'preservation notice' to principal personnel.
Departmental IT administrators and staff are responsible for the implementation and adherence to data preservation procedures.
Standards Review Cycle
This procedure will be reviewed every three years on the anniversary of the policy effective date, at a minimum. The standard may be reviewed on a more frequent basis depending on changes of risk exposure.