The following document is an example and can be used as a TEMPLATE for FOIA Requests (Freedom of Information Act Requests). Each individuals scenario will be different, so feel free to use whatever is applicable to your needs. (“John Doe” in this example is the requester) This is an example of someone who’s facing criminal litigation (as small as a traffic ticket) who’s requesting written and “Electronically Stored” information (To be held and not damaged, destroyed or deleted, etc) in relation to his/ her incident.
Electronically Stored Information Hold/Litigation Hold and FOIA Request
Dear Police Chief Jane Doe (or to whomever ever handles FOIA requests at the PD you’re making the inquiry with),
I, John Doe, in connection with _____________________ involving Officer Unpleasant. On
May 1, 2010, I was ______________ (cited, stopped, detained, arrested, witnessed, etc.) by Officer Unpleasant who issued a summons against me for obstruction under 18.2-460, which he retracted before issuing a summons for disorderly conduct under 18.2-415. The charge was dismissed in the Circuit Court for the City of Richmond.
FOIA Request
Pursuant to the Virginia Freedom of Information Act (FOIA), I demand that you submit the following information/documents to me:
1. Any and all videotape from every onboard camera of every police vehicle which pursued I, John Doe corresponded to any incident involving Cox on May 1, 2010.
2. Any and all audio tapes, audio tracks, audio recordings, or transcripts of all police radio traffic taken on May 1, 2010 related to Officer Unpleasant and I, John Doe, including but not limited to all radio traffic from the time Officer Unpleasant pursued I, John Doe until I was released and all communication related to I, John Doe ended (hereinafter referred to as the “Doe incident”).
3. Any and all police dispatch logs related to the Doe incident (May 1, 2010).
4. A copy of the original summons for obstruction under 18.2-460.
5. Any and all police notices or advisories related to John Doe held by the Virginia State Police.
6. Records specifically concerning Officer Unpleasant kept pursuant to Va. Code § 15.2-1722,
including without limitation any personnel records, any documents collected, created, or
maintained in connection with complaints or concerns raised about Officer Unpleasant’s behavior or conduct, and any documents collected, created, or maintained in connection with any investigations into Officer Unpleasant’s behavior or conduct.
7. The number of records responsive to each of the above requests that are being withheld, and
the specific basis for each such records being withheld.
Electronically Stored Information (“ESI”) Hold
Litigation Hold of ESI
Additionally, I, John Doe demand that you preserve all documents, tangible things and electronically stored information potentially relevant to his claims arising out of the stop on May 1, 2010 and subsequent prosecution, including but not limited to:
1. Any and all documents which describe actions taken by Officer Unpleasant against me, John Doe;
2. Any and all communications by the Virginia State Police department about me, John Doe;
3. Any and all communications by any party concerning me, John Doe and/or the interaction between Officer Unpleasant and I and/or the court and/or the Commonwealth Attorney’s office;
4. Any and all documents related to the prosecution of I, John Doe;
5. Any and all documents related to any actions or conduct of any officers involved in my (John Doe) stop, detention, issuance of summons, and/or prosecution;
6. Internal Investigations related to the Doe incident;
7. Any discipline arising out of the Doe incident..
As used in this demand, “you” and “your” refers to the Virginia State Police Department, its successors, divisions, affiliates, and its officers, directors, agents, attorneys, committees,
accountants, employees, or other persons occupying similar positions or performing similar functions.
You should anticipate that much of the information subject to disclosure or responsive to discovery in this matter, should the matter proceed to litigation, is stored on your current and former computer systems and other media and devices (including personal digital assistants, voice-messaging systems, online repositories and cell phones).
Electronically stored information (hereinafter “ESI”) should be afforded the broadest possible definition and includes (by way of example and not as an exclusive list) potentially relevant information electronically, magnetically or optically stored as:
• Digital communications (e.g., e-mail, voice mail, instant messaging);
• Word processed documents (e.g., Word or WordPerfect documents and drafts);
• Spreadsheets and tables (e.g., Excel or lotus 123 worksheets);
• Accounting Application Data (e.g., OuickBooks, Money, Peachtree data files);
• Image and Facsimile Files (e.g., .PDF, .TIFF, .JPG, .GIF images);
• Sound Recordings (e.g., .WAV and .MP3 files);
• Video and Animation (e.g., .AVI and .MOV files);
• Databases (e.g., Access, Oracle, SOL Server data, SAP);
• Contact and Relationship Management Data (e.g., Outlook, ACT!);
• Calendar and Diary Application Data (e.g., Outlook PST, Yahoo, blog tools);
• Online Access Data (e.g., Temporary Internet Files, History, Cookies);
• Presentations (e.g., PowerPoint, Corel Presentations)
• Network Access and Server Activity logs;
• Project Management Application Data;
• Computer Aided Design/Drawing Files; and,
• Back Up and Archival Files (e.g., Zip, .GHO)
ESI resides not only in areas of electronic, magnetic and optical storage media reasonably accessible to you, but also in areas you may deem not reasonably accessible. You are obliged to preserve potentially relevant evidence from both these sources of ESI, even if you do not anticipate producing such ESI.
Preservation Requires Immediate Intervention
The demand that you preserve both accessible and inaccessible ESI is reasonable and necessary. Pursuant to amendments to the Federal Rules of Civil Procedure that have been approved by the United States Supreme Court (eff. 12/1/06), you must identify all sources of ESI you decline to produce and demonstrate to the court why such sources are not reasonably accessible. For good cause shown the court may then order production of the ESI, even if it finds that it is not reasonably accessible. Accordingly, even ESI that you deem reasonably inaccessible must be preserved in the interim so as not to deprive the plaintiff of his right to secure the evidence or the Court of its right to adjudicate the issue.
You must act immediately to preserve potentially relevant ESI including, without limitation, information with the earlier of a Created or Last Modified date on or after May 1, 2010, through the date of this demand and continuing and concerning issues or allegations related to the issues set forth above including but not limited to:
1. Any and all e-mails and other electronic communications made or received related to the Doe
incident;
2. Any and all e-mails and other electronic communications, statements or correspondences made by any officers responding to the Doe incident;
3. Any and all electronic records of statements or correspondences made by the responding
officers amongst each other;
4. Any and all documents related to the Doe incident;
5. Any and all documents related to John Doe’ criminal prosecution.
Adequate preservation of ESI requires more than simply refraining from efforts to destroy or dispose of such evidence. You must also intervene to prevent loss due to routine operations and employ proper techniques and protocols suited to protection of ESI. Be advised that sources of ESI are altered and erased by continued use of your computers and other devices. Booting a drive, examining its contents or running any application will irretrievably alter the evidence it contains and may constitute unlawful spoliation of evidence.
Consequently, alteration and erasure may result from your failure to act diligently and responsibly to prevent loss or corruption of ESI.
Nothing in this demand for preservation of ESI should be understood to diminish your concurrent obligation to preserve document, tangible things and other potentially relevant evidence.
Suspension of Routine Destruction
You are directed to immediately initiate a litigation hold for potentially relevant ESI, documents and tangible things, and to act diligently and in good faith to secure and audit compliance with such litigation hold. You are further directed to immediately identify and modify or suspend features of your information systems and devices that, in routine operation, operate to cause the loss of potentially relevant ESI. Examples of such features and operations include:
• Purging the contents of e-mail repositories by age, capacity or other criteria;
• Using data or media wiping, disposal, erasure or encryption utilities or devices;
• Overwriting, erasing, destroying or discarding back up media;
• Re-assigning, re-imaging or disposing of systems, servers, devices or media;
• Running antivirus or other programs effecting wholesale metadata alteration;
• Releasing or purging online storage repositories;
• Using metadata stripper utilities;
• Disabling server or 1M logging; and,
• Executing drive or file defragmentation or compression programs.
Guard Against Deletion
You should anticipate that your employees, officers or others may seek to hide, destroy or alter ESI and act to prevent or guard against such actions. Especially where company machines have been used for Internet access or personal communications, you should anticipate that users may seek to delete or destroy information they regard as personal, confidential or embarrassing and, in so doing, may also delete or destroy potentially relevant ESI. This concern is not one unique to you or your employees and officers. It’s simply an event that occurs with such regularity in electronic discovery efforts that any custodian of ESI and their counsel
are obliged to anticipate and guard against its occurrence.
Preservation by Imaging
You should take affirmative steps to prevent anyone with access to your data, systems and archives from seeking to modify, destroy or hide electronic evidence on network or local hard drives (such as by deleting or overwriting files, using data shredding and overwriting applications, defragmentation, re-imaging or replacing drives, encryption, compression, steganography or the like). With respect to local hard drives, one way to protect existing data on local hard drives is by the creation and authentication of a forensically qualified image of all sectors of the drive. Such a forensically qualified duplicate may also be called a bitstream image or clone of the drive. Be advised that a conventional back up of a hard drive is not a forensically qualified image because it only captures active, unlocked data files and fails to preserve forensically significant data that may exist in such areas as unallocated space, slack space and the swap file.
With respect to the hard drives and storage devices of each of the persons identified below and of each person acting in the capacity or holding the job title named below, as well as each other person likely to have information pertaining to the instant action on their computer hard drive(s), demand is made that you immediately obtain, authenticate and preserve forensically qualified images of the hard drives in any computer system (including portable and home computers) used by that person during the period from December 4, 2011, to the present and continuing, as well as recording and preserving the system time and date of each such computer.
Once obtained, each such forensically qualified image should be labeled to identify the date of acquisition, the person or entity acquiring the image and the system and medium from which it was obtained. Each such image should be preserved without alteration.
Preservation in Native Form
You should anticipate that certain ESI, including but not limited to spreadsheets and databases, will be sought in the form or forms in which it is ordinarily maintained. Accordingly, you should preserve ESI in such native forms, and you should not select methods to preserve ESI that remove or degrade the ability to search your ESI by electronic means or make it difficult or burdensome to access or use the information efficiently in the litigation. You should additionally refrain from actions that shift ESI from reasonably accessible media and forms to less accessible media and forms if the effect of such actions is to make such ESI not reasonably accessible.
Metadata
You should further anticipate the need to disclose and produce system and application
metadata and act to preserve it. System metadata is information describing the history and characteristics of other ESI. This information is typically associated with tracking or managing an electronic file and often includes data reflecting a file’s name, size, custodian, location and dates of creation and last modification or access. Application metadata is information automatically included or embedded in electronic files but which may not be apparent to a user, including deleted content, draft language, commentary, collaboration and distribution data and dates of creation and printing. Be advised that metadata may be overwritten or corrupted
by careless handling or improper steps to preserve ESI. For electronic mail, metadata includes all header routing data and Base 64 encoded attachment data, in addition to the To, From, Subject, Received Date, CC and BCC fields.
Servers
With respect to servers like those used to manage electronic mail (e.g., Microsoft Exchange, Lotus Domino) or network storage (often called a user’s “network share”), the complete contents of each user’s network share and e-mail account should be preserved. There are several ways to preserve the contents of a server depending upon, e.g., its RAID configuration and whether it can be downed or must be online 24/7. If you question whether the preservation method you pursue is one that we will accept as sufficient, please call to discuss it.
Home Systems, Laptops, Online Accounts and Other ESI Venues
Though we expect that you will act swiftly to preserve data on office workstations and servers, you should also determine if any home or portable systems may contain potentially relevant data. To the extent that officers, board members or employees have sent or received potentially relevant e-mails or created or reviewed potentially relevant documents away from the office, you must preserve the contents of systems, devices and media used for these purposes (including not only potentially relevant data from portable and home computers, but also from portable thumb drives, CD-R disks and the user’s PDA, smart phone, voice mailbox or other forms of ESI storage.). Similarly, if employees, officers or board members used online or browser-based email accounts or services (such as AOL, Gmail, Yahoo Mail or the like) to send or receivepotentially relevant messages and attachments, the contents of these account mailboxes (including Sent, Deleted and Archived Message folders) should be preserved.
Ancillary Preservation
You must preserve documents and other tangible items that may be required to access, interpret or search potentially relevant ESI, including logs, control sheets, specifications, indices, naming protocols, file lists, network diagrams, flow charts, instruction sheets, data entry forms, abbreviation keys, user 10 and password rosters or the like.
You must preserve any passwords, keys or other authenticators required to access encrypted files or run applications, along with the installation disks, user manuals and license keys for applications required to access the ESI.
You must preserve any cabling, drivers and hardware, other than a standard 3.5″ floppy disk drive or standard CD or OVO optical disk drive, if needed to access or interpret media on which ESI is stored. This includes tape drives, bar code readers, Zip drives and other legacy or proprietary devices.
Paper Preservation of ESI is Inadequate
As hard copies do not preserve electronic searchability or metadata, they are not an adequate
substitute for, or. cumulative of, electronically stored versions. If information exists in both electronic and paper forms, you should preserve both forms.
Agents, Attorneys and Third Parties
Your preservation obligation extends beyond ESI in your care, possession or custody and includes ESI in the custody of others that is subject to your direction or control. Accordingly, you must notify any current or former agent, attorney, employee, custodian or contractor in possession of potentially relevant ESI to preserve such ESI to the full extent of your obligation
to do so, and you must take reasonable steps to secure their compliance.
System Sequestration or Forensically Sound Imaging
I suggest that, with respect to all of the police officers involved in the arrest Doe incident, removing their ESI systems, media and devices from service and properly sequestering and protecting them may be an appropriate and cost-effective preservation step. In the event you deem it impractical to sequester systems, media and devices, we believe that the breadth of preservation required, coupled with the modest number of systems implicated, dictates that
forensically sound imaging of the systems, media and devices is expedient and cost effective. As we anticipate the need for forensic examination of one or more of the systems and the presence of relevant evidence in forensically accessible areas of the drives, we demand that you employ forensically sound ESI preservation methods. Failure to use such methods poses a significant threat of spoliation and data loss.
By “forensically sound,” we mean duplication, for purposes of preservation, of all data stored on the evidence media while employing a proper chain of custody and using tools and methods that make no changes to the evidence and support authentication of the duplicate as a true and complete bit-for-bit image of the
original. A forensically sound preservation method guards against changes to metadata evidence and preserves all parts of the electronic evidence, including in the so-called “unallocated clusters,” holding deleted files.
Preservation Protocols
I am desirous of working with you to agree upon an acceptable protocol for forensically sound preservation and can supply a suitable protocol, if you will furnish an inventory of the systems and media to be preserved. Else, if you will promptly disclose the preservation protocol you intend to employ, perhaps we can identify any points of disagreement and resolve them. A successful and compliant ESI preservation effort requires expertise. If you do not currently have such expertise at your disposal, we urge you to engage the services of an expert in electronic evidence and computer forensics. Perhaps our respective experts can work cooperatively to secure a balance between evidence preservation and burden that’s fair to both sides and
acceptable to the Court.
Do Not Delay Preservation
I’m available to discuss reasonable preservation steps; however, you should not defer preservation steps pending such discussions if ESI may be lost or corrupted as a consequence of delay. Should your failure to preserve potentially relevant evidence result in the corruption, loss or delay in production of evidence to which we are entitled, such failure would constitute spoliation of evidence, and we will not hesitate to seek sanctions.
Confirmation of Compliance
Please confirm that you have taken the steps outlined in this letter to preserve ESI and tangible documents potentially relevant to this action. If you have not undertaken the steps outlined above, or have taken other actions, please describe what you have done to preserve potentially relevant evidence.
I look forward to your prompt response.
John Doe
5555 Riverside Drive
Richmond, VA 23225
