Customers of Sherpa Software’s electronic discovery tool, Discovery Attender, come from a variety of backgrounds. Users range from dedicated IT professionals with little knowledge of legal terms to legal professionals with vague ideas regarding technical nomenclature. There are a variety of terms used within the electronic discovery realm that are not easily defined for these distinct sets of users as they struggle with e-Discovery compliance. The short list below reflects some terms that have caused confusion:
Attachment: An electronic file that is included and sent with an email. It is considered a ‘child’ of the message and is often produced with it.
Culling: Reducing the size of the set of electronic data using mutually defined criteria (dates, keywords, custodians, etc.) to decrease volume while increasing relevancy of the information.
Custodian: A key party in litigation, usually a particular employee identified by counsel, whose electronically stored information is collected for litigation purposes.
Deduplication: Also called ‘deduping.’ This is the process of identifying and/or removing identical files from a data set. Hashes are often used to deduplicate stand alone files, while specific properties are often used for comparison in emails.
deNisting: Removing software, system and support files from a set of data using hash values available from a reference library maintained by the National Institute of Standards & Technology. This process is useful because these files are usually irrelevant to a case, but often make up a sizable portion of a collected set of electronically stored information (ESI).
Electronic Discovery: Also known as electronic data discovery or EDD, this is the process of identifying, collecting, reviewing, and producing relevant ESI for litigation purposes.
Electronically Stored Information [ESI]: Not just limited to email and computer files, this term can also refer to data found in hard drives, CDs, online social networks, PDAs, smart phones, voice mail and other electronic data stores.
Hashing: A small, fixed-length, digital footprint created by using a mathematical algorithm. Hashes are often used for item validation and deduplication as any changes in input values (i.e. different files or messages) will produce divergent hash values. Hashing is a key component of deduplication and data validation.
Metadata: Also referred to as the ‘data about the data.’ This term refers to additional pieces of information about the file or communication that is supplied by the computer or native application but may not appear in standard views of an electronic document. Files may include such metadata as an access date, file path, size or name. While an email is rich in metadata including transport headers (information about the route an email took between sender and recipient), metadata can also be embedded in a document as part of a formula or comments to revisions. Metadata is a prime motivator for native production as these properties can be lost when a file is printed or imaged.
Privilege: Certain communications held to be confidential and are exempt from production. Attorney-client is an example of privileged communication that is identified as part of the eDiscovery process.
Spoliation: This is the alteration, destruction or failure to preserve electronic evidence whether done inadvertently or planned. It can carry significant penalties ranging from fines to adverse judgments.
Thread: Also known as a ‘string’ is an email conversation which includes the initiating email and all emails related to it including the replies and forwards between senders and recipients in the same email chain.
These are just a few of the many common terminology and jargon used within e-Discovery. We’ll be adding to this list as terms pop up in conversation with our customers. For an extended list of terms used in e-Discovery, check out the glossary at the EDRM site and don’t hesitate to use the comments to add your own items to the list.