Analysing Metadata in eDisclosure and Digital Forensics
Investigating metadata can be vital process in any hearings to ascertain the authenticity of digital evidence.
Are you in a position where document authenticity is being questioned? It might be the case that you are examining a dispute relating to shareholders or a fraud dispute, and documents have been disclosed that you were previously unaware of. If this is the case, analysing metadata will be vital.
What is Metadata?
Metadata can be defined as the information the describes and explains the origin data. In other words, ‘hidden’ intrinsic properties are created with every electronic document. Properties such as:
- Date Created
- Conversation ID
- Contains deleted messages
- Custodian name
- Date Modified
- Date Accessed
- Who has access to it
Metadata is ‘data about data’. At the most basic level, it provides crucial information about data, including what it is, when it was created, who has access to it, by whom and who owns it.
Why is metadata important in eDiscovery?
Not only is metadata vital in identifying relevant documents by looking at parameters like date range, custodian names, but it also important for running searches to estimate the general size and scope of the matter. This information is then used by legal teams to make proportionate decisions, as well as to complete the Disclosure Review Document.
In the review stages, if we don’t have accurate metadata, it will be impossible to run efficient searches, chronologically sort, de-duplicate files. This in itself can cause issues and cost to the client.
Paragraph 1.11 of the Practice Direction 57AD, highlights that “metadata is typically embedded information about the document which is not readily accessible once the native electronic document has been converted into an electronic image or paper document”.  Thus, paving the way for the requirement in paragraph 13.1 PD57AD, that documents must be disclosed in their “native” format, in a “manner that preserves metadata”.
What are the metadata risks for eDiscovery?
Metadata spoliation is a large risk for any eDiscovery teams. Any tampered metadata in eDiscovery creates huge complications (especially, at the earliest stage). Once metadata is spoiled, it cannot be undone.
This can be a problem when eDiscovery practices rely on in-house legal teams, clients or litigants in persons for data collection where these collections are not properly managed or supervised.
Recent case law has highlighted the risks associated to self-collection.
In Cabo Concepts Limited v MGA Limited, Mrs Justice Joanne Smith, criticised a city law firm for its failings in overseeing disclosure exercise where over 800,000 documents could not be found.
“Unfortunately, [City Law firm] did not question the information they received from MGA as to the expertise of its IT team and nor did they instruct an e-disclosure expert (whether in the shape of Condor or anyone else) to consider the approach that MGA intended to take to the harvesting of documents and whether that approach was in accordance with best practice.”
“In my judgment this would have been an obvious precautionary measure in a case where the client had no experience of English litigation, where the disclosure exercise was very substantial and where Cabo had already identified concerns around MGA’s in-house expertise and had put down a marker as to the importance of the disclosure exercise being conducted properly.”
As a result of the eDisclosure breaches, Mrs Justice Joanne Smith ordered that the client global toy maker MGA, should pay nearly £580,000 as a costs sanction!
Lessons to be learnt here:
1) Make sure that you have a robust eDisclosure process right from the start.
2) If data collection is required, control and supervise it yourself.
3) Make sure that your instructed eDisclosure team are fully in the picture with the legal issues and disclosure requirements.
Everlaw v Relativity
It is worth noting the differences between eDisclosure platforms.
Everlaw have what they call ‘Smart Fields.’ These metadata terms aggregate the values of several metadata fields. They enable you to search for fields that are captured separately in processing and are likely to be useful when considered together.
For instance, ‘Family date’, is a smart field which attributes date of parent to child attachments, aggregate from the metadata value ‘sort date’.
In Relativity, ‘sort date,’ aggregates from the field in Relativity named ‘Unified Date’ which is equivalent to Family Date in Everlaw.
In-House eDisclosure software can help reduce risks to metadata as it is designed to host and review documents without altering metadata.
Our experts at XBundle each have over 10 years’ experience with eDisclosure and digital forensics matters. They have the tools and solutions to identify, preserve, and collect vital documents for you.
Get in touch with our experts, details are below, they can help you on how metadata can be used as evidence to prove your case and the best way to search your scope of documents.
Email – firstname.lastname@example.org
Phone – 0207 871 3125
 Cabo Concepts Limited v MGA Limited and Others  EWHC 2024 Cabo Concepts Ltd v MGA Entertainment (UK) Ltd & Anor  EWHC 2024 (Pat) (29 July 2022) (bailii.org)