• United States



Server Memory Subject to Search

Jul 16, 20072 mins
Business ContinuityData and Information SecurityIT Leadership

A new court decision has been handed down for those working in forensics and for anyone else that has a server in their business (that means all of us). 

Recently, a court in the Central District of California confirmed that even the random access memory (RAM) in a Web server is “electronically stored information” subject to discovery under Rule 34 of the Federal Rules of Civil Procedure.  (Columbia Pictures Indus. v. Bunnell, C.D. Cal., No. CV 06-1093, 5/29/07). 

This cases makes clear courts are taking an increasingly broad approach to the range of locations in which discovery of electronic evidence will be permitted.  As the breadth of discovery increases, so too will the costs and invasiveness of the process.  In some instances, the costs of identifying and marshalling relevant electronically stored data can run into the hundreds of thousands of dollars. 

Given the foregoing, businesses should take time now to get their “electronic houses in order.”  This means, among other things, getting a far better handle on where electronic information is being stored and for how long.  It also means thinking about ways to decrease the costs of responding to a discovery request for electronic information (e.g., using software to constantly index files, particularly e-mail, stored on the business’ systems; decreasing the number of locations in which information is stored; and implementing appropriate document destruction programs).


Michael R. Overly is a partner and intellectual property lawyer with Foley & Lardner LLP where he focuses on drafting and negotiating technology related agreements, software licenses, hardware acquisition, development, disaster recovery, outsourcing agreements, information security agreements, e-commerce agreements, and technology use policies. He counsels clients in the areas of technology acquisition, information security, electronic commerce, and on-line law.

Mr. Overly is a member of the Technology Transactions & Outsourcing and Privacy, Security & Information Management Practices. Mr. Overly is one of the few practicing lawyers who has satisfied the rigorous requirements necessary to obtain the Certified Information System Auditor (CISA), Certified Information Privacy Professional (CIPP), Certified Information Systems Security Professional (CISSP), Information Systems Security Management Professional (ISSMP), Certified Risk and Information System Controls (CRISC) and Certified Outsourcing Professional (COP) certifications.

The opinions expressed in this blog are those of Michael R. Overly and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author