Cropped 2880x1100 of data center


Electronically-stored information: Figuring out the nitty-gritty of ESI

Jeremy Byellin

The mountains of personal data to which today’s lawyers have access — not to mention the ease with which it can be accessed — would leave those from a generation ago flabbergasted.

Much of this personal data can be uncovered as electronically-stored information (ESI) on social media, with its massive offerings of self-disclosed personal facts and tidbits that would have only previously been compiled so neatly in an individual’s private diary.

The raw breadth of this ESI may leave attorneys feeling overwhelmed, perhaps pondering several questions: What exactly is out there? How can we get it? And what can you do with this information once you have it?

While I can’t completely walk you through every situation from start to finish, I can offer answers to these three questions that may serve as a helpful starting point in your research.

What information Is available?

So, what is meant by the “mountains of personal data” available as ESI? Instead of just haphazardly dumping a list of different types of personal data that may mean absolutely nothing out of context, let’s start with another question: Where do you find this information?

Indeed, the ESI that you can access is mainly dependent on the source of that information. For instance, you are highly unlikely to find an individual’s criminal record on Facebook (although you never know), just as you’d be hard pressed to find that individual’s opinions about a current news story in his or her voter registration.

Thus, knowing your sources is instrumental in defining the types of ESI that can be accessed. And these sources generally fall into one of two categories: social media or public records.

And I mean “social media” broadly enough to include not only your typical sources like Facebook and Twitter, but also other services such as cloud email platforms, blogs, and dating sites. Most lawyers are by and large reasonably aware of social media and the (sometimes inappropriate) amount of information furnished by individuals about themselves and their lives. Perhaps, though, not as many know the kind of information accessible from social media.

It’s possible for attorneys to collect, among other things, social media message content; multimedia assets such as photos and videos; affiliation lists (such as Facebook “Friends” or LinkedIn’s “Connections”); geolocation data; IP addresses used; login dates and times; site browsing history; and credit card information.

In other words, social media can be an excellent source of all the information furnished by individuals themselves, as well as the information recorded about users because of their simple use of the site or service.

Delving into public records

Another area of ESI is public records. The sheer number of various public records databases in existence means that, under most circumstances, substantial ESI data can be obtained on nearly any individual. Although these records have been maintained mainly in the same or similar fashion today as they had been long before the rise of social media, the electronic centralization and accessibility of ESI records is relatively new. In other words, the kind of comprehensive record-searching that would have been cost- and time-prohibitive two or three decades ago is now within the grasp of most attorneys.

As mentioned above, though, there is a wide assortment of databases — too many to list here in this limited space comprehensively. But here’s the short version of what kind of ESI data you can collect on individuals:

  • birth and death records
  • address history
  • credit reports
  • criminal records (including those relating to arrests)
  • other court records (such as civil lawsuits, bankruptcies, liens, and judgments)
  • phone and email records
  • voter registrations
  • asset records.

There are also several public record searches of business entities available, and some public record searches even allow you to locate any potential social media accounts or other web sites regarding the search.

How to get ESI data

First up is social media.  There is a distinction between the two types of information accessible from social media.

The first category – most of the information directly supplied by the user – is what is known as message content information. And that’s relevant because social media sites like Facebook are prohibited by federal law (namely, the Store Communications Act) from releasing those records to you without the consent of either the sender or the recipient of said “messages.” “Messages” here, by the way, is defined broadly: it means not only private messages and wall posts, but also Facebook “Likes” and user location data (that a user supplies directly).

So how do you get that juicy, juicy info? Well, for one, you can try asking that person nicely (or, you know, not so nicely with a demand for production). Since the individual is the sender of these messages, he or she should generally have access to any content (as long as it hasn’t been deleted). But if you’re concerned that such a request may not produce all of the available information (even if rules of evidence prohibit such conduct by the opposing party), you may want to find a way to obtain that information directly.

And doing so is as simple as finding a recipient of that person’s “messages.” How do we know who he recipients of such messages are? Courts have generally held that whoever the user allows to see his or her content are “recipients.” Thus, if the subject’s privacy settings on the social media account in question are sufficiently low, you may be able just to get that information yourself. If the profile isn’t accessible by the public, there may be yet someone who is within the metaphorical line-in-the-sand drawn by the privacy settings, and that person may have access to the social media page at issue.

But what about the other category of information — that data recorded because of site usage? Most often, you can get this information through a subpoena. True, it will be next to impossible for you to obtain message content through a subpoena without consent of the user who published the content, but there is a surprisingly broad array of data that is readily accessible with a subpoena. And a user’s online habits — such as how often one is online, from where he or she logged on, and his or her browsing history — can by itself paint a comprehensive picture of a person.

Online people searches are a bit more established – and, thanks to comprehensive search services that compile multiple databases together – more straightforward. Although there is normally a financial cost for access to these services, they are indispensable in many circumstances and are often able to collect data from multiple sources that would be unavailable anywhere else.

One major caveat is that many of the online people search databases are legally restricted to who may access them and for what purposes they may be accessed. The restrictions for different databases are too numerous to get into here, but you’ll more than likely be confronted with them when attempting to access the information — and in many circumstances, you’ll likely qualify for one of the acceptable uses for accessing the information (one common such acceptable use is for litigation matters).

What can you use it for?

So now that you know what you can get and from where, and how to get it, you may be wondering for what purpose you would even need the information.

Unless you severely lack in imagination, it’s quite unlikely that, as an attorney, you’d need me to explain why something like message content from an adulterous spouse’s dating site account would be helpful in a fault divorce proceeding. But perhaps the not-so-tantalizing uses for the information may not be quite as obvious.

Here are some quick examples: Need to find dirt on an important witness for impeachment? How about uncovering potential hidden assets of an opposing party in a divorce? Investigating a business that will be party to a merger and acquisition? What if you’re simply trying to conduct process of service on a dodgy (soon-to-be) opposing party, and need to find out where he or she is going to be?

These uses are only the tip of the iceberg when it comes to using this information for and in anticipation of litigation. As an attorney, surely there are circumstances in which you wanted or needed to know more about an individual or business. That information and more is out there, and most of it is accessible to you with relative ease.

Find critical information fast

See how PeopleMap from Thomson Reuters helps locate people, their connections, assets, and more

Thomson Reuters is not a consumer reporting agency and none of its services or the data contained therein constitute a ‘consumer report’ as such term is defined in the Federal Fair Credit Reporting Act (FCRA), 15 U.S.C. sec. 1681 et seq. The data provided to you may not be used as a factor in consumer debt collection decisioning, establishing a consumer’s eligibility for credit, insurance, employment, government benefits, or housing, or for any other purpose authorized under the FCRA. By accessing one of our services, you agree not to use the service or data for any purpose authorized under the FCRA or in relation to taking an adverse action relating to a consumer application.