Lawyers often sent letters, pre-suit, so that the other party preserves relevant evidence. Although the strategy can vary from case to case, the following letter is a sample due diligence letter we have used in the past. As always, please seek legal representation before taking any sort of action:
To Whom It May Concern:
We have been retained by Mary Fox in connection with a matter involving her teacher at Sumpter School of Fine Arts. According to my preliminary investigation, it is apparent that something terrible occurred between her and the teacher. I believe you know what I’m writing about. I’d like to discussion resolution of her claim, pre-suit.
It is our sincere desire to resolve this dispute as expeditiously as possible in a manner that is fair to all concerned. Prompt resolution will allow all of the parties to minimize the time, expense, distraction, and stress of litigation. Please contact me to resolve this matter pre-litigation. In the alternative, we suggest a pre-suit mediation; however, given our client’s limited finances, the mediation fees would be borne by you.
Despite our “working hypothesis” we have a professional obligation to conduct a reasonable investigation before initiating legal action. Likewise you also have a legal obligation to avoid mounting a baseless defense.
Before forming any firm opinions, we would appreciate an opportunity to learn your point of view. If, as a result of our investigation, we conclude that your position has merit, we will notify our client accordingly and take no further action.
Florida Statutes §627.4137 requires you or your insurance agent to disclose the name of each insurance company known to you that may provide you coverage as a result of the matter referenced above, along with the coverage provided. Each such insurance company shall furnish us, within 30 days, a statement under oath of a corporate officer, claims manager, or claims superintendent, providing the following for each primary, excess, or umbrella policy:
The name of the insurer;
The name of each insured;
A statement of any policy or coverage defense which each insurer reasonable believes is available to such insurer at the time of filing such statement; and
A copy of the policy.
The information must be amended immediately upon discovery of facts calling for an amendment to the initial response. We ask that you and/or your insurer furnish this information to us immediately.
Preservation of Evidence
Please be advised that very strict penalties exist for destroying or discarding material evidence. Your failure to preserve these materials may be used against you if this matter results in formal legal action. Therefore, kindly notify the appropriate persons to preserve any and all drafts as well as final versions of evidence contained in any medium, such as hard drives, floppy disks, CD-ROM, or any other format, including the personal laptops or home computers of the involved employees.
You should anticipate that much of the information subject to disclosure or responses to discovery in this matter is stored on your current and former computer systems and other media and devices (including personal digital assistants, voice-messaging systems, online repositories and cell phones).
Electronically stored information (“ESI”) should be afforded the broadest possible definition and includes (by way of example and not as an exclusive list) potentially relevant information electronically, magnetically or optically stored as:
∙ Digital communications (e.g., email, voice mail, instant messaging);
∙ Work processed documents (e.g., Word or WordPerfect documents in draft);
∙ Spreadsheets and tables (e.g., Excel or Lotus 123 worksheets);
∙ Accounting application data (e.g., QuickBooks, Money, Peachtree data files);
∙ Image and facsimile files (e.g., .pdf, .tiff, .jpg, .gif images);
∙ Sound recordings (e.g., .wav and .mp3 files);
∙ Video and animation (e.g., .avi and .mov files);
∙ Databases (e.g., Access, Oracle, SQL server date, SAP);
∙ Contact and relationship management data (e.g., Outlook, Act!);
∙ Calendar and diary application data (e.g., Outlook, Yahoo, Blog tools);
∙ Online access data (e.g., temporary Internet files, history, cookies);
∙ Presentations (e.g., PowerPoint, Corel presentations);
∙ Network access and server activity logs;
∙ Project management application data;
∙ Computer aided design/drawing files; and
∙ Back up and archival files (e.g., zip, .gho).
ESI resides not only in areas of electronic, magnetic and optical storage media reasonably accessible to you, but also in areas you may deem not reasonably accessible. You are obliged to preserve potentially relevant evidence from both the sources of ESI, even if you do not anticipate producing such ESI.
The demand that you preserve both accessible and inaccessible ESI is reasonable and necessary. Pursuant to the Federal Rules of Civil Procedure, you must identify all sources of ESI you decline to produce and demonstrate to the court why such sources are not reasonably accessible. For good cause shown, the court may then order production of the ESI, even if it finds that it is not reasonably accessible. Accordingly, even ESI that you deem reasonably inaccessible must be preserved in the interim so as not to deprive the plaintiff of her right to secure the evidence or the court of its right to adjudicate the issue.
Preservation Requires Immediate Intervention
You must act immediately to preserve potentially relevant ESI including, without limitation, information with the earlier of a created or last modified date on or after January 1, 2006, through the date on the demand and concerning my client.
Adequate preservation of ESI requires more than simply refraining from efforts to destroy or dispose of such evidence. You must also intervene to prevent loss due to routine operations and employee proper technique and protocols futed to protection of ESI. Be advised that sources of ESI are altered and erased by continued use of your computers and other devices. Booting a drive, examining its contents or running application will irretrievably alter the evidence it contained and may constitute unlawful spoliation of evidence. Consequently, alteration and erasure may result from your failure to act diligently and responsibly to prevent loss or corruption of ESI.
Nothing in this demand for preservation of ESI should be understood to diminish your concurrent obligation to preserve documents, tangible things and other potentially relevant evidence.
Suspension of Routine Destruction
You are directed to immediately initiate a litigation hold for potentially relevant ESI, documents and tangible things, and to act diligently and in good faith to secure an audit compliance with such litigation hold. You are further directed to immediately identify and modify or suspend features of your information systems and devices that, in routine operation, operate to cause the loss of potentially relevant ESI. Examples of such features and operations include:
∙ Purging the contents of email repositories by age, capacity or other criteria;
∙ Using data or media wiping, disposal, erasure or encryption utilities or devices;
∙ Overwriting, erasing, destroying or discarding back up media;
∙ Reassigning, reimaging or disposing of systems, servers, devices or media;
∙ Running anti virus or other programs affecting cold sell metadata alteration;
∙ Releasing or purging online storage repositories;
∙ Using metadata stripper utilities;
∙ Disabling server or IM logging; and
∙ Executing drive or file defragmentation or compression programs.
Guard Against Deletion
You should anticipate that your employees, officers or others may seek to hide, destroy or alter ESI and act to prevent or guard against such actions. Especially where company machines have been used for Internet access or personal communications, you should anticipate that users may seek to delete or destroy information they regard as
personal, confidential or embarrassing and, in doing so, may also delete or destroy potentially relevant ESI. This concern is not one unique to you or your employees and officers. It’s simply an event that occurs with such regularity in electronic discovery efforts that any custodian of ESI and their counsel are obliged to anticipate and guard against its occurrence.
Preservation in Native Form
You should anticipate that certain ESI, including but not limited to spreadsheets and databases, will be sought in the form or forms in which it is ordinarily maintained. Accordingly, you should preserve ESI in such native forms, and you should not select methods to preserve ESI that remove or degrade the ability to search your ESI by electronic means or make it difficult or burdensome to access or use the information efficiently in the litigation.
You should additionally refrain from actions that shift ESI from reasonably accessible media and forms to less accessible media and forms if the effect of such action is to make such ESI not reasonably accessible.
You should further anticipate the need to disclose and produce system and application metadata and act to preserve it. System metadata is information describing the history and characteristics of other ESI. This information is typically associated with tracking or managing an electronic file and also includes data reflecting a file’s name, size, custodian, location and dates of creation and last modification or access. Application metadata is information automatically included or embedded in electronic files but which may not be apparent to a user, including deleted content, draft language, commentary, collaboration and distribution data and dates of creation and printing. Be advised that metadata may be overwritten or corrupted by careless handling or improper steps to preserve ESI. For electronic mail, metadata includes all header routing data and Base 64 encoded attachment data, in addition to the to, from, subject, receive date, cc and bcc fields.
With respect to servers like those used to manage electronic mail (e.g., Microsoft Exchange, Lotus Domino) or network storage (often called a user’s “network share”), the complete contents of each user’s network share and email account should be preserved.
Home Systems, Laptops, Online Accounts and Other ESI Venues
Though we expect that you will act swiftly to preserve data on office workstations and servers, you should also determine if any home or portable systems may contain potentially relevant data. To the extent that officers, board members, employees or former employees have sent or received potentially relevant emails or created or reviewed potentially relevant documents away from the office, you must preserve the contents of systems, devices and media used for these purposes (including not only potentially relevant data from portable and home computers, but also from portable thumb drives, CD/R discs and the user’s PDA, smart phone, voice mailbox or other forms of ESI storage). Similarly, if employees, officers or board members use online or browser-based email accounts or services (such as AOL, Gmail, Yahoo mail or the like) to send or receive potentially relevant messages and attachments, the contents of these account mailboxes (including sent, deleted and archived message folders) should be preserved. Instruct employees, officers and board members not to delete or deactivate their accounts on any social networking site, such as Facebook, MySpace, LinkedIn, Plaxo and similar sites.
You must preserve documents and other tangible items that may be required to access, interpret or search potentially relevant ESI, including logs, control sheets, specifications, indexes, naming proto files, file lists, network diagrams, flowcharts, instruction sheet, data entry forms, abbreviation keys, User I.D. and password rosters or the like.
You must preserve any passwords, keys or other authenticators required to access encrypted files or run applications, along with the installation disc, user manuals and license keys for applications required to access the ESI.
You must preserve any cabling, drivers and hardware, if needed to access or interpret media on which ESI is stored. This includes tape drives, barcode readers, zip drives and other legacy or proprietary devices.
Paper Preservation of ESI is Inadequate
As hard copies do not preserve electronic searchability or metadata, they are not an adequate substitute for, or a cumulative of, electronically stored versions. If their information exists in both electronic and paper forms, you should preserve both forms.
System Sequestration or Forensically Sound Imaging
We suggest that, with respect to any witnesses, removing their ESI systems, media and devices from service and properly sequestering and protecting them may be an appropriate and cost effective step.
In the event you deem it impractical to sequester systems, media and devices, we believe that the breadth of preservation of required preservation required, coupled with the modest number of systems implicated, dictates that forensically sound imaging of the systems, media and devices is expedient and cost effective. As we anticipate the need for forensic examination of one or more of the systems and the presence of relevant evidence in forensically accessible areas of the drives, we demand that you employ forensically sound ESI preservation methods. Failure to use such methods causes a significant threat of spoliation and data loss.
By “forensically sound,” we mean duplication, for purposes of preservation, of all data stored on the evidence media while employing a proper chain of custody and using tools and methods that make no changes to the evidence and to support authentication of the duplicate as a true and complete bit for bit image of the original. A forensically sound preservation method guards against changes to metadata evidence and preserves all parts of the electronic evidence, including in the so-called “unallocated clusters,” holding deleted files.
Please be prepared to disclose the preservation protocol you intend to employ no late than during the first case management conference. Perhaps our respective experts can work cooperatively to secure a balance between evidence preservation and burden that is fair to both sides and acceptable to the court.