Most mailboxes contain both active and deleted e-mail messages. By “deleted e-mail messages”, I am referring to messages that were permanently deleted. For example, a message that was deleted using SHIFT+Delete in Outlook or a message that was deleted from the “Deleted Items” folder. In some e-mail platforms, deleted messages are not immediately purged and can easily be recovered. For example, Ms Outlook does not purge deleted e-mail messages from a Personal Storage Table (PST) file until the PST is compacted.
When it comes to handling deleted e-mail messages, e-Discovery processing software typically fall into two camps:
Software Solutions That Only Process Active E-mails:
Some e-Discovery processing software solutions only extract and process active e-mails. For example, products that use Messaging Application Programming Interface (MAPI) to access Ms Outlook e-mails would typically only retrieve and process active e-mails and disregard permanently deleted (but not yet purged) messages. Please note that these software tools still process the contents of the “Deleted Items” folder since e-mails in this folder are not yet permanently deleted.
Software Solutions That Process Both Active and Deleted E-mails:
Some e-Discovery processing products process both active and permanently deleted (but not yet purged) e-mail messages by default. These tools usually employ their own processes to parse mailboxes.
As you can imagine, it is crucial to have a good understanding of how the e-Discovery software or service provider that you use handles deleted e-mails. Depending on the case, it may or may not be desirable to process deleted items. Consider the following example scenarios:
- Opposing counsel produces a PST containing responsive e-mails. As it turns out, they conducted a manual review of the mailbox within Outlook (bad idea), deleted e-mails that were privileged or non-responsive and produced the PST file without compacting it. In this scenario, whether or not deleted e-mails are included in e-Discovery processing would determine if the inadvertently produced privileged and non-responsive e-mails would make their way into your review database.
- Similar to the first example above, an attorney from your firm opened and reviewed a PST file within Outlook without consulting with the litigation support department (again, bad idea). He deleted the e-mails that were privileged and gave you the PST for processing and production. Unless the processed data set is reviewed one more time by the attorney before production, processing deleted e-mails in this scenario can result in inadvertent production of privileged documents.
- Mailboxes of multiple custodians were forensically collected from each custodian’s local computer. Some of the mailboxes contain deleted e-mails that are relevant to the case. In this scenario, you could miss critical information unless deleted e-mails were included during e-Discovery processing.
- It is critical to know how your e-Discovery software or service provider handles deleted e-mails. Lack of this information can result in missing critical documents or inadvertent production of privileged information.
- If possible, it is recommended to use software that provides the flexibility to specify how you would like to handle deleted e-mails on a case by case basis. Otherwise, you may find yourself looking for a different solution depending on case requirements.
- In-house litigation support teams as well as outside service providers should pay attention to mailboxes that produce much less content than their size implies. A big discrepancy usually points to a large amount of deleted e-mails that were not purged.
- When working with e-Discovery service providers, make sure to indicate your preference regarding how deleted e-mails should be handled.