Exploring the Links Between Modern Attachments and Legal Precedent in Handling Them

March 21, 2024



Daniel Black
Daniel Black

The modern business technology landscape has been drastically altered over just a few short years. With these changes, eDiscovery and legal professionals have had to scramble to deal with the downstream effects to preservation, discovery, and review. Legal precedent in existing case law is only just beginning to catch up, providing essential guidance for future matters.

With very recent and rapid advancements in generative AI and machine learning, new cases related to the way modern data types are handled will certainly pave the way toward providing future guidance. These will bear close scrutiny as they evolve over the next several years.

Developments in collaboration and productivity technology

While it’s now common to attribute much of the change in business and technology to the Covid-19 pandemic, that period of time was just an accelerator for what was already an ongoing trend. Online collaboration tools were already on the market and many businesses were open to hybrid and remote work prior to 2020, with new technologies emerging in this time period that are considered ubiquitous now.

As an example, here’s a brief timeline of collaboration solutions and messaging apps launched in the pre-Covid past:

The stage was already set for the next revolution in productivity and distributed work. This is just a snapshot of the vast array of tools, apps, and services available today. With each solution, legal teams have had to adapt to account for new file types, data handling, and other concerns during discovery and review.

While these tools were in place well before the pandemic, we shouldn’t overlook the accelerating and destabilizing effects that Covid-19 had on technology use. Many companies are still dealing with the consequences caused by haphazard implementations, unauthorized apps and services, and retention policies stretched thin by more distributed workforces.

It’s now common, for example, to hear that WhatsApp messages and attachments were presented as evidence in cases. We’re accustomed to exporting attachments shared during online meetings on Zoom, Teams, and Slack. And, as anyone with kids can attest, dealing with the ephemeral nature of disappearing Snapchat messages poses its own unique challenge.

There are a few notable cases, on the books and ongoing, that provide compelling precedent to consider as you encounter and deal with modern data types.  

Family relationships between hyperlinked documents

Relationships between documents and records become more complicated as technologies advance. The term “modern attachment” belies this data type’s novel behavior: Rather than functioning as traditional attachments where the recipient receives a copy of a file, the modern attachment behaves like a hyperlink, directing the recipient to the file itself. Changes to a file create versions, so which version will the legal team actually be reviewing? The answer is complex. One prominent school of thought is to classify hyperlinked documents not as attachments, but rather as links to locations, thus making them not subject to the same rules of discovery. Furthermore, preserving or collecting hyperlinked documents in the exact condition they were shared depends upon several factors, including how an organization's collaboration platform is licensed, which export workflows are available, and whether live version linking is even an option.

The process of associating hyperlinked documents with the locations in which they are linked—documents, emails, PDFs, etc.—is often tedious and time-consuming.

In the In re Meta Pixel Healthcare Litig case, the ruling established that this kind of document association should not be done as a matter of routine. Key language from the ruling states:

“Accordingly, the ESI protocol should make clear that hyperlinked documents are not treated as conventional attachments for purposes of preserving a ‘family’ relationship in production. However, the Court anticipates that for some documents, it will be important to collect (or attempt to collect) hyperlinked documents and associate them with the underlying ESI in which the links appear. In such circumstances, the parties should consider reasonable requests for production of hyperlinked documents on a case-by-case basis. Such requests should not be made as a matter of routine.”

In short, ESI protocols should include "relating" modern attachments to the rest of their "family" of documents in production only when the needs of the case require it.

What to know about retention policies

Document retention policies are built to protect the organizations that employ them, but they can be ignored by employees, and complicated by shadow IT—that is, tools or services the organization isn’t aware are being used for business purposes.

Deliberately altering retention policies in the face of litigation rises to a different level, as is the case in Drips Holdings, LLC v Teledrop LLC:

“…Defendants were on notice of litigation in August of 2019. It is not disputed that on October 28, 2019, Defendants changed their Slack retention settings from indefinite to a seven-day retention period and deleted all its Slack data up to that point. It is telling of Defendants’ state of mind that they admitted to intentionally deleting and changing the retention policy after they became aware of litigation. Defendants do not object or otherwise contest the R&R’s conclusion that Slack was their primary mode of communication, and ‘the spoliated evidence from Teledrip’s Slack data would likely have contained evidence relevant to Drips’ claims of trademark infringement, unfair competition, false advertising, misappropriation of trade secrets, tortious interference, business disparagement, and deceptive trade practices.’”

When dealing with document retention, you ultimately can’t prevent data deletion by a determined (or oblivious) party, but you can clearly and thoroughly state policy, and keep it current. Carefully document retention policies, engaging with experienced consultants to deal with any complexities, and publish retention policies in an easy-to-access location.

Furthermore, leverage your network monitoring and scanning platforms to be aware of communication tools the organization is running, and ensure that each of those tools has a documented retention policy too. Rogue instances of applications like Slack or Google Chat, or cloud storage like Google Drive or OneDrive, can cause significant difficulties with document retention and preservation. Not having full visibility into your enterprise collaboration apps may mean you’re leaving crucial evidence unapprised.

New cases involving generative AI

Generative AI tools like Microsoft Copilot, ChatGPT, and others have exploded onto the scene in the past few years. The speed of their rise to prominence and acceptance at the enterprise level are surprising given AI’s long history of being seen as a technology of the future.

That rise, however, precipitates a whole new set of legal challenges, many of which are the subject of current or recent legal cases. Some of these cases are likely to become significant precedent in the coming years, affecting a wide range of subject areas.


Generative AI solutions are trained using large quantities of existing content. Whether this is original source material, website content, document sets, lines of code, images, video, or other content, generative AI solutions don’t create wholly original responses to user prompts. Responses are built by synthesizing and refining relevant existing materials into usually coherent results.

Because the responses are based on existing material, there is concern about attribution and copyright. Sourced content isn’t attributed to its origin, and it’s virtually impossible to determine what content is being referenced in generative AI tools’ responses. This attribution is particularly important when AI tools are used to research and write code that involves open-source projects.


Some generative AI solutions are trained using closed or internal data sources. While in theory this seems like it would help ensure data privacy, the lines drawn by companies’ privacy policies become very blurry when those datasets are possibly being accessed by users lacking permission to see or use certain records.


Anyone using generative AI has seen the warnings. ChatGPT prominently states, “ChatGPT can make mistakes. Consider checking important information,” directly below its prompt entry box. This is often cited as the foil to the concern that artificial intelligence will replace knowledge workers’ jobs in the near future—it’s too unreliable to trust completely or without careful review.

Despite the warnings and known inaccuracies, there still remain legal concerns about the privacy of AI-generated content. In one prominent example, Australian mayor Brian Hood considered filing a defamation lawsuit against ChatGPT for falsely claiming he had served time in prison for bribery.

While Hood eventually decided not to proceed with the lawsuit, it's possible suits of this nature will emerge more frequently.

Modern data types offer productivity benefits and legal obstacles

Keeping up with the pace of change can feel like an impossible task. Whether it’s new regulatory rules governing ephemeral messaging apps, decisions concerning cross-border eDiscovery, or how developments in AI may affect eDiscovery, new legal precedents will continue to emerge.

Familiarity with relevant legal precedents and ongoing cases will help guide you toward making the best decisions to properly manage, preserve, and collect records in a compliant and comprehensive manner, even as new modern data types emerge.  

To learn more, visit our page on handling modern data in the eDiscovery lifecycle.

About the Author

Daniel Black

As Executive Director of Digital Forensics, Daniel leads Lighthouse’s global digital forensics practice. The world-class team is responsible for data collection, investigation, and analysis using transparent, documented, and defensible workflows and methodologies. The team is comprised of more than 20 talented individuals with decades of combined experience across the collection, investigation, and analysis continuum, and hails from careers in security technology, software development, eDiscovery, law enforcement, and the military. This diversity in background and technical acumen, combined with a vast tech toolkit, enables Lighthouse to provide enterprise-grade remote and on-site data collection, forensic analysis, deposition prep and expert testimony, as well as support special use cases like risk management for employee onboarding and offboarding. 

Daniel brings more than 25 years of experience in the legal industry to Lighthouse and was most recently at Cisco where he led their eDiscovery and forensic investigations team for almost eleven years. The program he built saves Cisco over $50M a year. Prior to Cisco, Daniel was a freelance eDiscovery consultant, led Stratify’s global eDiscovery services team, and was a Litigation Support Manager at Heller Ehrman. 

Daniel has been a guest lecturer at Stanford Law School and was also featured in Inside Counsel magazine.