Lotus Platform Presents Unique Challenges In e-Discovery

Imagine you have a case in which you have to collect, process and produce data from Lotus Notes'. You may think to yourself: “Lotus Notes ' that's e-mail, right? And my processing software or e-discovery vendor handles e-mail so no problem, right?” Well, not necessarily. Lotus Notes is most commonly known as an e-mail and calendaring application often compared with Microsoft Exchange. However, Lotus Notes can be much more than just e-mail. The collection of Lotus-based data requires a carefully considered approach that can present interesting e-discovery challenges.

Amersham Biosciences Corp. v. PerkinElmer, Inc., 2007 WL 329290 (D.N.J. Jan. 31, 2007), demonstrates the problems that Lotus applications can present during e-discovery. In this case, the plaintiff inadvertently produced over 500 privileged e-mails that it thought had been deleted from a DVD that contained Lotus Notes data. The privileged e-mails had been segregated into subfolders, and these subfolders were deleted prior to submitting the DVD to a vendor for processing. Amersham blamed the inadvertent production on how Lotus Notes stores data ' in Lotus Notes, even when e-mails are moved into a separate folder and that folder is deleted, a copy remains in the larger database structure. When the plaintiff's vendor converted the e-mails from the native format into single-page images, the privileged e-mails that were supposedly deleted were instead mistakenly produced to the defendant.

As the Amersham situation clearly illustrates, including a strategy for Lotus-based applications in the planning phases of your discovery process will ultimately save you time, money and aggravation.

What is Lotus Notes?

A simple description of the Lotus platform is that it is a database framework and Rapid Application Development (“RAD”) environment that organizations can use to create complex communications-related applications with relative speed and ease. Out of the box, Lotus Notes and its companion Web server software, Lotus Domino', include a variety of customizable pre-built applications for, among other things, e-mail, calendaring, instant messaging, customer relationship management (“CRM”) and team collaboration.

In addition to leveraging built-in applications, organizations can also use Lotus Notes/Domino to build custom solutions for just about any business workflow process. Notes is, at its core, a database, or series of databases. Lotus Notes databases are not relational in the traditional sense, and in fact may seem very loose and unstructured to some technical types. The user interface, the programming tools and the database are very closely integrated. This flexibility is a large part of the reason many organizations are drawn to Lotus.

A key factor that differentiates Lotus Notes from its competitors is its integrated data replication capabilities. This client/server approach means that a user can update an off- line version of a Lotus application for long periods of time ' days, weeks and even months ' without actually updating organizational databases. When the user eventually does reconnect to the network, the application pushes any outstanding data to the target database. Organizations can use this feature to improve network efficiency, scheduling data replication for convenient times when bandwidth is readily available, and as a natural companion to a more mobile laptop enabled workforce.

Lotus Features That Challenge
The e-Discovery Process

Interestingly, the Lotus features that are usually most appealing to organizations ' customizability, replication functionality and security ' create the biggest challenges in e-discovery.

A common use of Lotus Notes is for e-mail and calendar functions. If an organization uses the default e-mail template, without any customization, then Lotus-based data is relatively easy to process as increasingly more tools are configured for the default template. Many organizations that use the Lotus platform, however, do so specifically for its flexibility. Customizing a Lotus application even a little bit ' for example, adding a couple of fields to the default e-mail template ' adds complexity to the collection process. However, a complex workflow application would require a much deeper understanding of the underlying data and user interface before any competent discovery effort could take place.

The replication facilities of Lotus challenge e-discovery in a similar way. Because end users can use Lotus applications offline for extended periods of time without updating the main database, pertinent data may inadvertently not get captured during the collection process. At some point, the end user will reconnect to the network and data from the user's system will replicate to its intended destination, rendering the database inconsistent with produced documents. Litigation teams may not realize that data is missing until after production, if the missing data is identified at all.

Because Lotus Notes applications are comprised of multiple database files, some stored on servers and some on the user's (client's) machine, the security capabilities of Lotus Notes are duly encompassing. The security protocols must manage the ability of each user to view, update and delete data sets and
application functionality at a very granular level. A litigation team collecting data from a Lotus Notes environment must understand the security configuration, and have sufficient rights to get a complete data capture.

Three Critical Steps for Planning a Lotus
Notes Discovery Effort

Lotus Notes/Domino's unique architectures present challenges that must be accounted for in a detailed collection plan. The implementation of each Lotus Notes application must be assessed to understand the data structure, the user's replication process and all security protocols. Processing Lotus-based data can be more difficult than it needs to be only when an organization does not adequately plan ahead. By following these three steps to devise a comprehensive collection strategy, you can avoid unnecessary surprises:

• Focus on the goal. Before an organization begins processing data for e-discovery, it must have a clear understanding of how the data is used by the custodian within Lotus Notes, what is required to be produced, and in what format the data will be turned over to the other side. For instance, do you just need to produce relevant e-mail in TIFF image format, or do you need to figure out a way to produce the contents of a CRM or workflow system? Understanding the outcome of e-discovery processes helps an organization choose appropriate tools and devise comprehensive collection methods.
• Do not assume anything about the Lotus implementation. Meet with the System Administrator and ask questions until there is a comprehensive understanding of how the organization utilizes the Lotus platform. For example: Are applications used out of the box or are they customized? How often does data replicate between clients and servers? What security settings are in place?
• Test, test, test. Once goals, tools and collection methods are defined, do not just jump in and attempt to process all of the data at once. Instead, process a small sampling of data and analyze the results. Then fine-tune the collection procedures before processing the entire data collection.

An Automated Approach to
Processing Lotus-Based Data

As e-discovery becomes fundamental to litigation, companies are developing tools and solutions specifically to handle Lotus-based data. Unfortunately, many of these tools are rather young and require non-trivial technical skills. Generally, these tools handle Lotus-based data in one of three ways:

1. Extract e-mail using default Lotus Notes templates. Many processing software applications now include direct support of NSF files. Typically, this means they extract the data they expect to be in the database based on the default e-mail template. If an organization has modified the fields or structure of its e-mail function, data will be missed in this process. If the default e-mail template is in use, then this is the simplest way to process Lotus-based data. Litigation teams that choose this approach should be very careful, however, to completely understand the organization's Lotus implementation so that critical data is not inadvertently overlooked. Remember that extracting data using the default templates will only capture data that is from the default e-mail template; data that is captured in addition to the template will not be collected, even if it is relevant to the discovery at hand.
2. Convert Lotus Notes files (“NSF”) to the more common Microsoft PST file format. This has historically been a common method, but it is increasingly being replaced by many processing software's ability to handle NSF files directly. A major downside is that converting files can be time consuming as you add in an additional conversion step. As with extracting data using default Lotus Notes templates, this approach can fail to uncover custom data that is not supported by the NSF-to-PST conversion tool.
3. Extract all data stored in the Lotus Notes database. The safest way to process Lotus-based data is to extract every data item stored in the target database. Organizations that build fully customized Lotus applications have no choice but to use this approach, because using default e-mail templates and standard NSF-to-PST conversion tools will not identify data that is critical to the discovery request. Organizations that use modified versions of built-in Lotus applications may also choose this approach to ensure that custom data is adequately captured. This is a complex process requiring in-depth knowledge about the Lotus Notes implementation and the discovery responsibilities of the organization. You must review all system documentation ' including form designs, data dictionaries and security settings ' to ensure that custom data is captured during collection. A Lotus Notes system administrator with complete knowledge about the implementation must be a key resource to any discovery team. You must also have resources with strong complex data analysis ability that can take the extracted data and format it for production. This generally requires specialized discovery data analysis expertise.

Conclusion

Ultimately, every organization should analyze its own specific implementation of the Lotus platform to determine how to process Lotus-based data during e-discovery. For organizations that use Lotus software out of the box, relying on default templates to drive collection processes may suffice. For the majority of organizations that customize Lotus Notes applications, however, a more comprehensive approach is required. It is critical to develop a comprehensive plan that evaluates and marries the requirements of a discovery effort with the data contained within Lotus early in the process to avoid unexpected time and cost delays as production deadlines rapidly approach.

Imagine you have a case in which you have to collect, process and produce data from Lotus Notes'. You may think to yourself: “Lotus Notes ' that's e-mail, right? And my processing software or e-discovery vendor handles e-mail so no problem, right?” Well, not necessarily. Lotus Notes is most commonly known as an e-mail and calendaring application often compared with Microsoft Exchange. However, Lotus Notes can be much more than just e-mail. The collection of Lotus-based data requires a carefully considered approach that can present interesting e-discovery challenges.

Amersham Biosciences Corp. v. PerkinElmer, Inc., 2007 WL 329290 (D.N.J. Jan. 31, 2007), demonstrates the problems that Lotus applications can present during e-discovery. In this case, the plaintiff inadvertently produced over 500 privileged e-mails that it thought had been deleted from a DVD that contained Lotus Notes data. The privileged e-mails had been segregated into subfolders, and these subfolders were deleted prior to submitting the DVD to a vendor for processing. Amersham blamed the inadvertent production on how Lotus Notes stores data ' in Lotus Notes, even when e-mails are moved into a separate folder and that folder is deleted, a copy remains in the larger database structure. When the plaintiff's vendor converted the e-mails from the native format into single-page images, the privileged e-mails that were supposedly deleted were instead mistakenly produced to the defendant.

As the Amersham situation clearly illustrates, including a strategy for Lotus-based applications in the planning phases of your discovery process will ultimately save you time, money and aggravation.

What is Lotus Notes?

A simple description of the Lotus platform is that it is a database framework and Rapid Application Development (“RAD”) environment that organizations can use to create complex communications-related applications with relative speed and ease. Out of the box, Lotus Notes and its companion Web server software, Lotus Domino', include a variety of customizable pre-built applications for, among other things, e-mail, calendaring, instant messaging, customer relationship management (“CRM”) and team collaboration.

In addition to leveraging built-in applications, organizations can also use Lotus Notes/Domino to build custom solutions for just about any business workflow process. Notes is, at its core, a database, or series of databases. Lotus Notes databases are not relational in the traditional sense, and in fact may seem very loose and unstructured to some technical types. The user interface, the programming tools and the database are very closely integrated. This flexibility is a large part of the reason many organizations are drawn to Lotus.

A key factor that differentiates Lotus Notes from its competitors is its integrated data replication capabilities. This client/server approach means that a user can update an off- line version of a Lotus application for long periods of time ' days, weeks and even months ' without actually updating organizational databases. When the user eventually does reconnect to the network, the application pushes any outstanding data to the target database. Organizations can use this feature to improve network efficiency, scheduling data replication for convenient times when bandwidth is readily available, and as a natural companion to a more mobile laptop enabled workforce.

Lotus Features That Challenge
The e-Discovery Process

Interestingly, the Lotus features that are usually most appealing to organizations ' customizability, replication functionality and security ' create the biggest challenges in e-discovery.

A common use of Lotus Notes is for e-mail and calendar functions. If an organization uses the default e-mail template, without any customization, then Lotus-based data is relatively easy to process as increasingly more tools are configured for the default template. Many organizations that use the Lotus platform, however, do so specifically for its flexibility. Customizing a Lotus application even a little bit ' for example, adding a couple of fields to the default e-mail template ' adds complexity to the collection process. However, a complex workflow application would require a much deeper understanding of the underlying data and user interface before any competent discovery effort could take place.

The replication facilities of Lotus challenge e-discovery in a similar way. Because end users can use Lotus applications offline for extended periods of time without updating the main database, pertinent data may inadvertently not get captured during the collection process. At some point, the end user will reconnect to the network and data from the user's system will replicate to its intended destination, rendering the database inconsistent with produced documents. Litigation teams may not realize that data is missing until after production, if the missing data is identified at all.

Because Lotus Notes applications are comprised of multiple database files, some stored on servers and some on the user's (client's) machine, the security capabilities of Lotus Notes are duly encompassing. The security protocols must manage the ability of each user to view, update and delete data sets and
application functionality at a very granular level. A litigation team collecting data from a Lotus Notes environment must understand the security configuration, and have sufficient rights to get a complete data capture.

Three Critical Steps for Planning a Lotus
Notes Discovery Effort

Lotus Notes/Domino's unique architectures present challenges that must be accounted for in a detailed collection plan. The implementation of each Lotus Notes application must be assessed to understand the data structure, the user's replication process and all security protocols. Processing Lotus-based data can be more difficult than it needs to be only when an organization does not adequately plan ahead. By following these three steps to devise a comprehensive collection strategy, you can avoid unnecessary surprises:

• Focus on the goal. Before an organization begins processing data for e-discovery, it must have a clear understanding of how the data is used by the custodian within Lotus Notes, what is required to be produced, and in what format the data will be turned over to the other side. For instance, do you just need to produce relevant e-mail in TIFF image format, or do you need to figure out a way to produce the contents of a CRM or workflow system? Understanding the outcome of e-discovery processes helps an organization choose appropriate tools and devise comprehensive collection methods.
• Do not assume anything about the Lotus implementation. Meet with the System Administrator and ask questions until there is a comprehensive understanding of how the organization utilizes the Lotus platform. For example: Are applications used out of the box or are they customized? How often does data replicate between clients and servers? What security settings are in place?
• Test, test, test. Once goals, tools and collection methods are defined, do not just jump in and attempt to process all of the data at once. Instead, process a small sampling of data and analyze the results. Then fine-tune the collection procedures before processing the entire data collection.

An Automated Approach to
Processing Lotus-Based Data

As e-discovery becomes fundamental to litigation, companies are developing tools and solutions specifically to handle Lotus-based data. Unfortunately, many of these tools are rather young and require non-trivial technical skills. Generally, these tools handle Lotus-based data in one of three ways:

1. Extract e-mail using default Lotus Notes templates. Many processing software applications now include direct support of NSF files. Typically, this means they extract the data they expect to be in the database based on the default e-mail template. If an organization has modified the fields or structure of its e-mail function, data will be missed in this process. If the default e-mail template is in use, then this is the simplest way to process Lotus-based data. Litigation teams that choose this approach should be very careful, however, to completely understand the organization's Lotus implementation so that critical data is not inadvertently overlooked. Remember that extracting data using the default templates will only capture data that is from the default e-mail template; data that is captured in addition to the template will not be collected, even if it is relevant to the discovery at hand.
2. Convert Lotus Notes files (“NSF”) to the more common Microsoft PST file format. This has historically been a common method, but it is increasingly being replaced by many processing software's ability to handle NSF files directly. A major downside is that converting files can be time consuming as you add in an additional conversion step. As with extracting data using default Lotus Notes templates, this approach can fail to uncover custom data that is not supported by the NSF-to-PST conversion tool.
3. Extract all data stored in the Lotus Notes database. The safest way to process Lotus-based data is to extract every data item stored in the target database. Organizations that build fully customized Lotus applications have no choice but to use this approach, because using default e-mail templates and standard NSF-to-PST conversion tools will not identify data that is critical to the discovery request. Organizations that use modified versions of built-in Lotus applications may also choose this approach to ensure that custom data is adequately captured. This is a complex process requiring in-depth knowledge about the Lotus Notes implementation and the discovery responsibilities of the organization. You must review all system documentation ' including form designs, data dictionaries and security settings ' to ensure that custom data is captured during collection. A Lotus Notes system administrator with complete knowledge about the implementation must be a key resource to any discovery team. You must also have resources with strong complex data analysis ability that can take the extracted data and format it for production. This generally requires specialized discovery data analysis expertise.

Conclusion

Ultimately, every organization should analyze its own specific implementation of the Lotus platform to determine how to process Lotus-based data during e-discovery. For organizations that use Lotus software out of the box, relying on default templates to drive collection processes may suffice. For the majority of organizations that customize Lotus Notes applications, however, a more comprehensive approach is required. It is critical to develop a comprehensive plan that evaluates and marries the requirements of a discovery effort with the data contained within Lotus early in the process to avoid unexpected time and cost delays as production deadlines rapidly approach.