The eDiscovery request lands in your inbox on a Tuesday. It is fourteen pages long. It asks for every email your client sent, received, or was copied on during a four-year period, plus all attachments, plus all communications related to nine separate topics, plus native format with metadata intact.
Welcome to modern civil litigation.
For large firms with eDiscovery departments, a request like this triggers a project plan. For small firms, it triggers something more like a mild existential crisis, followed by the realization that you need to figure this out by the response deadline.
This guide walks through a practical, defensible process for responding to an eDiscovery request when you don't have a litigation support team, an enterprise platform, or infinite time.
Step 1: Read the Request Carefully Before You Do Anything Else
This sounds obvious. It is not always done well.
Before you start pulling emails or calling your client, read the entire request. What you're looking for:
What is actually being requested. Discovery requests often use broad, sweeping language. "All documents and communications related to the Agreement" sounds unlimited. But "Agreement" may be defined in the request to mean only a specific contract, which narrows the universe considerably. Definitions matter. Read them.
The time period. Most requests specify a date range. Know the boundaries and note any ambiguities. A request for communications "from 2021 through the present" requires a decision about what "present" means and when you are effectively cutting off the collection.
The format requested. FRCP 34(b)(1)(C) allows the requesting party to specify the format for ESI production. They may ask for native files, TIFF images with load files, PDF, or may leave the format to you. This affects how you collect and process the material.
Whether metadata is expressly required. Some requests state that metadata must be preserved and produced. This affects your collection methodology significantly. Producing static PDFs when native format with metadata was requested is the kind of thing that generates motions to compel and sanctions.
The response deadline. Under the Federal Rules, you have 30 days to respond unless the court has set a different schedule. Some local rules and scheduling orders shorten this. Know the deadline before you set your collection timeline.
After reading, make a list of questions: ambiguous definitions, requests that seem overbroad, categories that may overlap with privilege, and anything you need to meet and confer about. Responding to a request does not mean accepting it as written.
Step 2: Issue or Confirm the Litigation Hold
If you have not already issued a litigation hold, this is your first call. If you issued one at the outset of the matter, confirm it is still in place and covers the scope of what is now being requested.
The hold must go to every person who might have responsive documents: the client's employees involved in the matter, their supervisors, IT (critically important), and anyone else whose email or files might be responsive.
For the IT team specifically: the hold needs to suspend any automated deletion or archiving policies that might destroy potentially responsive ESI. This is a common gap. A hold notice that goes to business users but not IT leaves the door open for scheduled purges to eliminate evidence while the hold is theoretically active.
Document the hold and the confirmation of its implementation. If spoliation is later alleged, this documentation is your primary defense.
Step 3: Meet and Confer on ESI Before You Start Collecting
Under FRCP 26(f), parties are required to confer about ESI discovery early in the case. In practice, this often happens at or around the time the first discovery requests are served.
Do not skip this step or treat it as a formality. A productive meet-and-confer conversation can dramatically reduce the scope of the production effort:
Negotiate search terms. If the request calls for keyword searches, propose a set and ask for agreement. Stipulating to search terms narrows the collection scope and protects you from later arguments that your production was incomplete.
Negotiate custodians. Not every employee needs to be a custodian. Propose a list of key individuals and seek agreement. This limits the number of mailboxes you need to access and search.
Negotiate format. If the requesting party asked for native format with metadata but you'd prefer to produce PDF, find out how firm they are. Many attorneys are flexible on format if you explain your methodology. Others are not, and it's better to know upfront.
Surface privilege issues. If categories of requested documents are likely to overlap substantially with privileged communications, flag this early. Resolving privilege frameworks before production is easier than addressing them during or after.
Document the meet-and-confer: who participated, what was agreed, what remains in dispute. Courts expect parties to make good-faith efforts to narrow discovery disputes before involving them.
Step 4: Identify Custodians and Map the Data Sources
Based on the request scope (as potentially narrowed by your meet-and-confer), identify every person who is likely to have responsive ESI. For each custodian:
- List their corporate email accounts and any aliases
- Note whether they used personal email for any work-related communications
- Identify any other data sources they might have used: Slack, Teams, WhatsApp, text messages, shared drives
For email specifically, identify the platform. Is the client on Microsoft 365? Google Workspace? An on-premises Exchange server? An older hosted solution? The platform determines how you'll access the mailboxes and what export options are available.
This custodian and data-source map becomes the foundation of your collection plan. Document it. If the scope of the production is later questioned, you want to show that you took a systematic approach to identifying where responsive material might exist.
Step 5: Collect from Original Sources
This is the step where small firms most often create problems for themselves. The temptation is to ask clients to forward or print the relevant emails and send them over. Do not do this.
Forwarding destroys metadata. In many email clients, a forwarded message displays the time of the forward rather than the original send, which can make a critical sequence of events look different than it actually was. Full header information, including routing data that matters in authentication disputes, is frequently stripped. Attachments are sometimes not included.
More fundamentally, letting clients self-select what gets forwarded gives you a collection methodology you cannot defend. The client decided what was responsive. That is not how discovery works.
The correct approach is to access the original mailboxes directly. For cloud-based platforms like Microsoft 365 or Google Workspace, this means using IMAP access or administrator-level export tools. For on-premises Exchange, it typically means working with the client's IT team to export PST files from the server. For archived email, it means accessing the archive directly rather than relying on a user's local copy.
When you access a mailbox directly via IMAP, you get the original email metadata: accurate timestamps, full header information, all folders including Sent and Deleted Items, and a complete record that is defensible because it came from the authoritative source.
Document the collection: what accounts you accessed, when, with what credentials, and the date range and parameters you searched. This documentation is your chain-of-custody record.
Step 6: Apply Search Criteria Systematically
Once you have access to the relevant mailboxes, apply the search criteria you have defined. This should include:
- Date range: Consistent with the request and any agreed modifications
- Custodians: Only the agreed custodians, not the entire company
- Keywords: Agreed search terms, applied consistently across all custodians
- Party-based filters: Emails to or from the opposing party, key witnesses, or other identified addresses
Document what searches you ran and what they returned. If you later need to certify that your production is complete, this search log is the foundation of that certification.
If the initial keyword searches return a volume that is wildly disproportionate to the scope of the matter, raise proportionality in a meet-and-confer. FRCP 26(b)(1) limits discovery to material that is proportional to the needs of the case. Producing 50,000 emails for a $200,000 breach of contract dispute is not required, and a court will often help you narrow the scope if the parties cannot agree.
Step 7: Review for Privilege and Responsiveness
Every document that hits your search results needs a human review before it goes to the other side. The two categories you're reviewing for:
Responsiveness. Does this document actually fall within the scope of the request? Keyword searches cast wide nets, and many hits will be irrelevant. Only produce documents that are genuinely responsive.
Privilege. Attorney-client communications, work product, and any other applicable privileges need to be identified and withheld. A clear privilege log is your obligation when you withhold documents on privilege grounds. The log must identify each withheld document by date, sender, recipient, and general subject matter, plus the basis for the privilege claim, without revealing the privileged content itself.
For small firms handling matters with substantial email volumes, this review step is often the most time-consuming part of the process. If the volume is significant, consider whether you need additional support: a contract attorney, a paralegal with ESI experience, or a document review platform that can at least handle the sorting and deduplication.
One practical note on privilege: emails that merely copy an attorney on business communications are not automatically privileged. Privilege attaches to communications made for the purpose of seeking or providing legal advice. An email CC'ing counsel on a logistics update is not privileged. Flag these for careful analysis rather than over-withholding.
Step 8: Format and Produce
The format for production should match what you agreed in the meet-and-confer, or what the requesting party specified, or FRCP 34's default (the form in which ESI is ordinarily maintained, or a reasonably usable form).
For most small-firm email productions, this means one of:
Native format (.eml or .msg files): Preserves all metadata. Requires the receiving party to have software that can open the files. Sometimes required explicitly.
PDF with metadata: Converts each email to PDF while including header metadata (date, sender, recipients) in a consistent, readable format. Widely accepted and easier for recipients to review.
TIFF with load files: Required by some large-firm and government document review platforms. Rarely necessary for small-firm matters.
Whatever format you choose, apply consistent Bates numbering across the production. A production without consistent document numbering is painful for everyone to work with and reflects poorly on the producing firm.
Include a cover letter specifying: what you are producing, the methodology used to identify and collect the material, the date range and custodians covered, the format and any applicable specifications, and a list of categories withheld along with the privilege basis. This letter becomes part of the record of the production.
Step 9: Respond to the Request Formally
Alongside the document production (or in place of it if you are objecting to portions of the request), file a formal written response. Under FRCP 34(b)(2)(B), you must either state that inspection or production will be permitted, or state an objection with the grounds for that objection with specificity.
Common grounds for objection include: overbreadth, undue burden, disproportionality, vagueness, and privilege. These objections must be specific, not boilerplate. Courts routinely overrule objections that consist of nothing but "this request is overbroad, vague, and unduly burdensome" with no factual basis.
If you are asserting privilege, state the legal basis and produce a privilege log. If you are producing a subset of what was requested and withholding the rest on objection grounds, specify what you are producing and what you are withholding.
The Time Equation
Responding to an eDiscovery request is almost entirely a process problem. The legal analysis is secondary to the logistics: how do you access the mailboxes, how do you search them efficiently, how do you build a reviewable and producible record, and how do you format the output consistently.
Done manually, this process takes days. For a contained two-custodian matter with a six-month date range, plan for 8 to 16 hours of paralegal or attorney time on collection, sorting, and formatting alone, before privilege review even begins.
ThreadLine was built for the collection and chronology-building portion of this workflow. Connect the relevant mailboxes via IMAP (Microsoft 365, Google Workspace, Outlook, and any standards-compliant provider work), specify the custodians, date range, and parameters, and ThreadLine generates a complete, court-ready chronological email record. The output is a clean PDF or a secure shareable link with AES-256 encryption and automatic expiration.
What typically takes a day or more of manual work takes 15 to 20 minutes.
If you're about to start an eDiscovery response and want to see what this looks like in practice, your first timeline is free at threadline.app. No credit card required.
The Short Version
Responding to an eDiscovery request has a logic to it. Read the request carefully before acting. Issue or confirm the litigation hold. Meet and confer to narrow the scope. Map your custodians and data sources. Collect from original mailboxes, not from client-forwarded copies. Apply systematic search criteria and document them. Review for privilege and responsiveness. Produce in the agreed format with a Bates-numbered set and a cover letter. Respond formally in writing.
None of these steps requires an enterprise eDiscovery platform. They require process, documentation, and attention to the things courts actually scrutinize when productions are challenged.
The firms that handle this well are the ones that built a repeatable workflow before the first request arrived, not after.