Accessibility options
A
A
A
Higher contrast

Electronic Documents - IT Panel Article 2006

Documents stored on computer are becoming more and more important in litigation, as a greater proportion of business is conducted electronically. In this article I will refer to two situations in which it is important for barristers to be aware of the practical steps which should be taken: firstly, forensic data retrieval, and secondly, disclosure of electronic documents under CPR Part 31.

Data Retrieval

There are many types of case in which it may be important at the earliest opportunity to search for documents stored on computers, including criminal cases, civil actions to recover stolen monies, and claims against ex-employees who have left to work for a competing company.

The first point to emphasise is the importance of not switching on a computer which may have on it incriminating data until a data retrieval specialist has been brought in to assist (forensic data retrieval should always be carried out by a specialist, and not by a member of the client's IT department). As soon as a computer is switched on, temporary files are created which may over-write obsolete data which might otherwise still have been retrievable. A specialist can make what is known as an "image copy" of a hard disk drive, which contains all the data present on the hard disk drive when the computer was last turned off. He can do this in a way which will minimise the risk of an allegation by the other side that the data on the hard drive has been tampered with.

The types of data which might be retrievable include the following:

The last category is important. In some cases, merely demonstrating that sophisticated deletion software has been used may be sufficient to justify an inference that incriminating data was present on the computer, and this may make it unnecessary to apply for a without notice order permitting examination of the computer.

An order permitting a computer to be examined so that an image copy may be made usually requires that additional copies be made, so that a copy can be provided to other parties to the litigation. It also means that there is a record copy which can be used to rebut evidence of tampering. Using an independent computer specialist makes it easier to agree procedures to avoid privileged or other confidential material being seen by the other party to the action. The draft Search Order annexed to the Practice Direction under CPR 25 states in a footnote that an independent computer specialist should be required to give undertakings to the court.

After the image copy of the hard drive has been made, relevant data is usually located by means of keyword searches. Care must also be taken not to access a computer in manner contrary to section 1 of the Computer Misuse Act 1990. Section 1 makes it an offence to cause a computer to perform any function with intent to secure access to any program or data held in any computer if such access is known to be unauthorised.

Electronic Disclosure

In many cases it is now essential to search for and disclose documents held on computer, and not just documents in paper form, when carrying out disclosure under CPR 31. The October 2004 report of the Cresswell Working Party (available online at http://www.hmcourtsservice.gov.uk/docs/electronic_disclosure1004.doc) contains a detailed discussion of the problems thrown up by the disclosure of e-mails and other electronic documents and how the Civil Procedure Rules on disclosure apply to electronic documents, and its main recommendations are now contained in the new paragraph 2A of the CPR 31 Practice Direction.

The Practice Direction refers to the fact that the definition of "document" is wide enough to include files stored on servers and back-up systems, and also electronic documents that have been "deleted". The definition also covers additional information stored and associated with electronic documents known as "metadata" (such as details of the dates on which the document was created, amended or printed). The appropriate extent of the search for documents in a particular case will depend on a number of factors, including:

This includes:

(i) The accessibility of electronic documents or data including e-mail communications on computer systems, servers, back-up systems and other electronic devices or media that may contain such documents taking into account alterations or developments in hardware or software systems used by the disclosing party and/or available to enable access to such documents.

(ii) The location of relevant electronic documents, data, computer systems, servers, back-up systems and other electronic devices or media that may contain such documents.

(iii) The likelihood of locating relevant data.

(iv) The cost of recovering any electronic documents.

(v) The cost of disclosing and providing inspection of any relevant electronic documents.

(vi) The likelihood that electronic documents will be materially altered in the course of recovery, disclosure or inspection.

(d) The significance of any document which is likely to be located during the search.


The Practice Direction stresses the importance of the parties' discussing, prior to the first Case Management Conference, any issues that may arise regarding searches for and the preservation of electronic documents. This may involve the parties providing information about the categories of electronic documents within their control, the computer systems, electronic devices and media on which any relevant documents may be held, the storage systems maintained by the parties and their document retention policies. In heavy cases, there may be so many documents that it is necessary to search for electronic documents by means of keyword searches. The disclosure process may be very costly, particularly if it is necessary to engage consultants to assist or if it is necessary to search back-up systems. In such cases it is especially important that the parties should agree in advance what steps they will take, in order to minimise the risk of having to carry out the exercise a second time if, for example, the initial results provide either too many documents or too few documents. The points which the parties should consider may include the following:

The List Group has prepared a questionnaire which may assist in exchanging information on the above points, and has also prepared a draft Protocol setting out best practice for providing copies of disclosure documents which are already held in electronic form: see http://www.listgroup.org/publications.htm.

The new version of the List of Documents form (N265) requires parties to give details of the steps they have taken to search for electronic documents. It is necessary to state this fact if any of the following have not been searched:

It is also necessary to state (if this is the case) that the following types of documents have not been searched for:

For the party proving disclosure, this change to the List of Documents form assists in providing a check list of the places where it may be appropriate to search for documents. For the opposing party, the List now provides greater clarity with regard to the extent of the search which has been carried out.