E-Discovery
What Is an E-Discovery Custodian? Rules, Limits, Practice
Same word, three rulebooks, and a model that’s straining under modern data. What a custodian actually is, what FRCP 34 demands of you, and why non-custodial sources are the new fight.
Legal technology researcher and data scientist specializing in AI governance for litigation teams. Expertise in NLP and AI-assisted document review.
The Custodian Definition: EDRM, ESI Custodians, and Records Custodians
An e-discovery custodian is a person having administrative control of a document, electronic file, or system whose ESI is subject to preservation, search, and production under Federal Rule of Civil Procedure 34. The custodian of an email is the owner of the mailbox that contains the message.
That sentence, drawn almost verbatim from the Electronic Discovery Reference Model and adopted by Microsoft Purview, sounds simple. It isn’t, because three separate rulebooks lean on the same noun.
The first sense is the ESI custodianunder the Federal Rules of Civil Procedure. That’s the person whose mailbox, drives, and devices get searched, preserved, and produced. It’s what most lawyers mean when they say “custodian list,” and it’s what Hintyr’s custodian glossary entry for full definitions lays out for everyday practice.
The second sense is the records custodianunder the Federal Rules of Evidence. That’s a witness who lays foundation to admit a business record at trial under Rule 803(6)(D), or who signs a certification under Rule 902(11) or 902(12). Same word, different rulebook, different role. Section VII walks through that flavor in detail.
The third sense is the data custodian in information-governance language, the IT lead who owns a system day-to-day. The Sedona Conference Glossary, Fifth Edition (2020), cross-references “Custodian” to “Record Custodian; Record Owner” precisely because Sedona’s editors knew a single definition wouldn’t carry the weight.
When you say “custodian” out loud during a meet-and-confer, name the rule. The rest of this post is mostly about the ESI a matter actually depends on and the people who hold it, anchored in the broader e-discovery workflow this fits inside.
Possession, Custody, or Control Under FRCP 34(a)(1)
The reason “custodian” is load-bearing sits in one paragraph. Rule 34(a)(1) lets a party serve a request “to produce and permit the requesting party or its representative to inspect, copy, test, or sample the following items in the responding party’s possession, custody, or control.” Once you’ve used those words, you’ve put the custodian into the picture.
What “control” means is where the federal circuits stop agreeing. The Sedona Conference Commentary on Rule 34 and Rule 45 lays out the split: there are three competing standards, the legal-right standard, the legal-right-plus-notification standard, and the practical-ability standard. Each gives a different answer when a former employee took a laptop home, when a business unit was spun off mid-litigation, or when a vendor holds the data on its servers.
The Third Circuit took the strict legal-right view in Gerling Int’l Ins. Co. v. Comm’r, 839 F.2d 131, 140 (3d Cir. 1988): “control is the test with regard to the production of documents [and] is defined not only as possession, but as the legal right to obtain the documents requested on demand.” The Southern District of New York went the other way in In re NTL, Inc. Sec. Litig., 244 F.R.D. 179, 195 (S.D.N.Y. 2007): “control [is] construed to include the ‘practical ability to obtain the materials sought upon demand.’” The Seventh Circuit pushed back hard in Chaveriat v. Williams Pipe Line Co., 11 F.3d 1420, 1427 (7th Cir. 1993).
This split matters. It controls everyday Bring-Your-Own-Device fights. In re Pork Antitrust Litig., 2022 WL 972401 (D. Minn. Mar. 31, 2022), held that “an employer does not legally control personal text messages despite a BYOD policy when the policy does not assert employer ownership over the texts and the employer cannot legally demand access to the texts.” Read the BYOD policy before you concede control. If it’s silent about ownership, the texts aren’t necessarily yours to produce, and they aren’t necessarily yours to demand from the other side either.
How Lawyers Identify Custodians at Rule 26(f)
Custodian identification threads through three federal-rule mechanics, each with its own deadline.
It starts at Rule 26(a)(1)(A), which requires each party to disclose “the name and, if known, the address and telephone number of each individual likely to have discoverable information, along with the subjects of that information.” That’s the seed list, and if you skip names you’ll revisit it. The next gate is Rule 26(f)(3)(C), which requires the parties’ discovery plan to address “any issues about disclosure, discovery, or preservation of electronically stored information, including the form or forms in which it should be produced.”
The doctrinal preservation anchor comes from Judge Scheindlin’s Zubulake opinions. In Zubulake IV, 220 F.R.D. 212, 218 (S.D.N.Y. 2003), she wrote that “the tapes storing the documents of ‘key players’ to the existing or threatened litigation should be preserved if the information contained on those tapes is not otherwise available.” A year later in Zubulake V, 229 F.R.D. 422, 433-34 (S.D.N.Y. 2004), she put the duty squarely on counsel: “counsel should communicate directly with the ‘key players’ in the litigation, i.e., the people identified in a party’s initial disclosure and any subsequent supplementation thereto.”
If you blow that step, the consequences travel under Pension Comm. of the Univ. of Montreal Pension Plan v. Banc of Am. Sec., LLC, 685 F. Supp. 2d 456, 471 (S.D.N.Y. 2010). Judge Scheindlin enumerated the spoliation gross-negligence triggers from Pension Committee, including “failure to identify all of the key players and ensure that their electronic and paper records are preserved.” Read it as a diagnostic checklist rather than a per se rule. Chin v. Port Authority of New York, 685 F.3d 135, 162 (2d Cir. 2012), and the 2015 amendments to Rule 37(e) trimmed Pension Committee’s sanctions reach, but the warning-sign list still walks straight onto a small-firm intake checklist.
The sequence is: disclose names early, put preservation duties on those names before the meet-and-confer, and treat each addition or subtraction during the case as a re-papered hold. The smaller the firm, the more this is yours alone to drive.
What a Defensible Custodian Interview Looks Like
You can’t build a defensible production by emailing a hold notice and hoping. DR Distribs., LLC v. 21 Century Smoking, Inc., 513 F. Supp. 3d 839, 963 (N.D. Ill. 2021), put the rule plainly: “With regard to ESI, reasonable inquiry necessitates a proper custodian interview. A proper custodian interview has been required for years before this case was even filed.” Judge Johnston’s opinion is the most-cited recent treatment of FRCP 26(g)’s certification duty, and it lands because the cost of skipping the interview shows up in fee awards.
A proper interview is fact-driven, not formulaic. Craig Ball, writing through D4’s practitioner channel, frames it bluntly: “First you must focus on the specifics of the case when conducting a custodian interview. A lot of interview templates are just supersets of questions that you can possibly ask. They have little to do with your client or your case.” His practical advice scales for solo practice: “If you’re interviewing while the computer is on, ask to see some of the emails you are discussing. Ask to see the folders where the files are kept, because the ‘P:’ drive for two custodians may be different.”
Modern practice has widened the surface area considerably. Arnold & Porter’s eData Edge guidance describes the world most witnesses live in: “If your company lands in litigation, chances are that valuable data won’t be sitting neatly in a single email server. It’s scattered across Slack threads, Teams chats, WhatsApp messages, cloud folders, or personal phones, ‘shadow IT’ you never officially approved, or even heard of before.” (The original passage uses em dashes around “shadow IT”; reproduced here with comma pairs.) Their checklist for Communications and collaboration channels expressly lists Slack, Teams, WhatsApp, and SMS/iMessage, with a note to capture how each is preserved.
One caution about the alternative. In re Soc. Media Adolescent Addiction/Pers. Inj. Prods. Liab. Litig., 2024 WL 4125618, at *14 (N.D. Cal. Sept. 6, 2024), put the point about as bluntly as a federal court will: “an attorney cannot abandon his professional and ethical duties imposed by the applicable rules and case law and permit an interested party or person to ‘self-collect’ discovery without any attorney advice, supervision, or knowledge of the process utilized.” Your client isn’t a vendor.
When the Other Side Tries to Dictate Your Custodian List
Sooner or later opposing counsel will demand more custodians than you’ve offered, and the question is how much you have to swallow. The dominant precedent is Fort Worth Emps.’ Ret. Fund v. J.P. Morgan Chase & Co., 297 F.R.D. 99, 107-08 (S.D.N.Y. 2013) (Peck, M.J.). Judge Peck framed a conditional rule, not a blanket bar, and the framing is what most district courts now apply when somebody moves to compel additional custodians. The standard is a burden-shift, not a no.
Mortg. Resolution Servicing, LLC v. JPMorgan Chase Bank, N.A., 2017 WL 2305398, at *4 (S.D.N.Y. May 18, 2017), tightened it: “mere speculation that a person’s title as a senior executive might increase the relevance of his files is not a basis for designation.” Enslin v. Coca-Cola Co., 2016 WL 3198398, at *4 (E.D. Pa. June 8, 2016), added that “the fact that a person may have had some connection to the events in question does not automatically mean that such person must be included as an ESI custodian.” The Enslin court did the proportionality math on the record: processing the requested twenty-eight additional custodians would have run past $50,000 in vendor fees alone, which the court called disproportional and unduly burdensome.
The structural reason these cases come out the way they do is Sedona Principle 6: “Responding parties are best situated to evaluate the procedures, methodologies, and technologies appropriate for preserving and producing their own electronically stored information.” Don’t oversell that principle, though. Sedona’s own Comment 6.b. flags that “there may be circumstances where a requesting party may legitimately claim to have relevant, equal, or superior knowledge of certain aspects of the responding party’s business operations, information systems, or potential procedures for preserving and producing relevant ESI within the scope of discovery.” Principle 6 is a default, not a fortress. And Principle 11 layers in sampling as the practical answer when you’re worried about gaps; TAR is one such methodology under Sedona Principle 6.
For patent matters, an eight-custodian presumptive cap travels widely. The Federal Circuit Advisory Council’s 2011 Model Order opened the door with a five-custodian default; the Eastern District of Texas’s February 2012 Model Order moved the floor to eight email custodians and ten search terms per custodian, modifiable by agreement, and that’s the floor that gets pulled into a lot of district-court ESI orders by analogy today when a custodian fight needs an anchor.
Non-Custodial Sources: Slack, Salesforce, and Shared Drives
The custodian model assumes every relevant document sits in some person’s mailbox, laptop, or drive. That world is fading. A Slack channel belongs to a team, not a teammate. Salesforce records belong to sales operations. Box folders get inherited when someone changes departments. Jira tickets route by project, not by person. The most probative evidence in a modern matter often sits in a system, not an inbox, and pinning it to a single person is a category error.
The vocabulary has caught up. Microsoft’s eDiscovery documentation, now consolidated in the unified Purview portal after Microsoft retired the classic eDiscovery (Premium) interface in August 2025, defines the term: “Content locations where case custodians don’t have administrative control but might be owners of relevant data, are known as non-custodial data sources.” Shared drives, SharePoint sites, Salesforce orgs, ticketing systems, and chat workspaces all fit, owned and held by the responding party, but with no one custodian on top of them.
Federal courts are starting to require that those sources show up explicitly in discovery planning. In the UberMDL, Magistrate Judge Cisneros held that “the disclosure of information indicating non-custodial sources of the ESI is expected in the ordinary course of discovery.” Doe LS 340 v. Uber Techs., Inc., 2024 WL 107929 (N.D. Cal. Jan. 9, 2024). The court tied that requirement to meet-and-confer: disclosure of non-custodial data sources, the opinion held, will help the parties scope preservation and, if necessary, propose a modified preservation order. The N.D. Cal. ESI Checklist that Doe LS 340leans on already asks parties to list “systems, if any, that contain ESI not associated with individual custodians.” The Sedona Conference’s 2025 public-comment Commentary on Discovery of Collaboration-Platforms Data extends the analysis to Slack, Teams, and Google Workspace as a category.
The harder question is control. The Stored Communications Act, 18 U.S.C. § 2702, blocks Slack and similar providers from voluntarily disclosing the contents of stored communications in response to a civil subpoena, which is why Slack’s data-request workflow routes through the workspace owner rather than Slack itself. Account tier (Free, Business+, Enterprise Grid) doesn’t change whether the data is within a party’s possession, custody, or control under Rule 34(a)(1). If the workspace owner can pull the history, it’s reachable.
In Hintyr, a custodian can be a corporate department, a subsidiary, or an external vendor rather than a single mailbox owner. That gives you somewhere to file a chat-export bundle or a SaaS dump that doesn’t belong to any one person on the matter. It’s also the shape the load file you’ll eventually produce will need.
Records Custodian vs. ESI Custodian: A Different Job
If you’ve reached deposition or trial, “custodian” stops meaning the person whose mailbox you searched and starts meaning the person who can authenticate the mailbox’s outputs. That’s the FRE 803(6) sense.
Federal Rule of Evidence 803(6)(D) admits a record of regularly conducted activity if its foundational conditions “are shown by the testimony of the custodian or another qualified witness, or by a certification that complies with Rule 902(11) or (12) or with a statute permitting certification.” Rule 902(11) self-authenticates a domestic business record “as shown by a certification of the custodian or another qualified witness.” Rule 902(12) is the foreign-records analogue, with the added wrinkle that the certifier must sign under penalty of criminal sanction in the country where the certificate is signed.
The records custodian here is a witness, not a subject. Nobody is searching this person’s mailbox. Their job is to swear, in deposition or sworn declaration, that the record was made at or near the time, by someone with knowledge, in the regular course of activity, and that making it was a regular practice. The Supreme Court confirmed in Melendez-Diaz v. Massachusetts, 557 U.S. 305, 324 (2009), that the Sixth Amendment confrontation right doesn’t include the right to confront a Rule 902(11) certifier, which is part of why the certification path is now standard practice.
Practical implication for solo and small-firm work: keep your terminology straight in the file. The ESI custodian on the discovery side and the records custodian on the trial side may be the same person at a small business, or they may be entirely different humans at a large one. Same noun, different rulebook.
A Practical Custodian Workflow for Small Firms
Putting it into a workable plan looks like four moves you can run on most matters without a vendor on speed-dial.
Walk into Rule 26(f) with a custodian position. The other side will ask. You should have a draft list grounded in your client’s actual data map, the sources flagged in your initial disclosures, and the systems your client genuinely controls. The N.D. Cal. ESI Checklist is the cleanest free template to crib from. It asks for the number of custodians for whom ESI will be preserved, the list of systems containing ESI not associated with individual custodians, and the sources of ESI most likely to contain discoverable information.
Use Fort Worth defensively when somebody overreaches. When opposing counsel demands a custodian list that smells like a fishing expedition, build your objection around the “unique relevant information not already obtained” standard. Pair it with Mortg. Resolution Servicing on speculative title-based demands and Enslin on tangential connections. That combination is enough to brief most district-court motions without a treatise.
Use Doe LS 340offensively when you’re the requesting party. The case is your hook to demand non-custodial sources, retention windows, and a real map of where data lives. You don’t need a multi-million-dollar production to take advantage of it; you just have to ask the right questions at the front of the case.
Anchor the whole thing in tech competence.ABA Model Rule 1.1, comment 8, says a lawyer “should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology.” ABA Formal Opinion 512 (July 29, 2024) made the GenAI corollary explicit: lawyers must “[d]evelop a reasonable understanding of the capabilities and risks of any GenAI tool they plan to use.” Custodian work is where that duty bites first. The interview, the hold, the source map, the Rule 26(g) signature: none of it can be delegated to a tool you haven’t internalized.
Frequently Asked Questions
How is an ESI custodian different from a records custodian?
Two different jobs that share a name. An ESI custodian under FRCP 34(a)(1) is the person whose data gets searched, preserved, and produced. A records custodian under FRE 803(6)(D) is a witness who lays foundation to admit a business record at trial, often through a Rule 902(11) or 902(12) certification rather than live testimony. The first is the subject of discovery. The second is a courtroom authentication witness.
How many custodians is enough?
Enough to capture the unique relevant information without duplication. Fort Worth Emps.’ Ret. Fund v. J.P. Morgan Chase, 297 F.R.D. at 107-08, requires the requesting party to show that any additional custodian would yield “unique relevant information not already obtained.” For patent matters, the Eastern District of Texas’s February 2012 Model Order presumptively caps email custodians at eight, which is a useful default to anchor against in non-patent matters too.
What is a non-custodial source in e-discovery?
A system that holds discoverable ESI but isn’t tied to any one person. Salesforce, Slack workspaces, shared drives, financial databases, and SaaS systems are typical examples. Doe LS 340 v. Uber Technologies, 2024 WL 107929, confirmed that “the disclosure of information indicating non-custodial sources of the ESI is expected in the ordinary course of discovery.”
Can a client self-collect their own files?
Generally a bad idea, and an increasingly risky one. DR Distributorswarned that “allowing clients to self-collect ESI leaves them subject to allegations of incomplete production.” 513 F. Supp. 3d at 934. In re Social Media Adolescent Addiction, 2024 WL 4125618, at *14, sharpened the point. Supervised collection by a professional, or attorney-directed collection with documented protocols, is the defensible path.
Does the requesting party get to pick the custodians?
Not unilaterally. The standard from Fort Worthis that “the requesting party ‘must demonstrate that the additional requested custodians would provide unique relevant information not already obtained.’” 297 F.R.D. at 107-08. Mortg. Resolution Servicingadded that “mere speculation that a person’s title as a senior executive might increase the relevance of his files is not a basis for designation.” 2017 WL 2305398, at *4. Titles aren’t enough; the moving side needs a substantive theory.
What does FRCP 34 mean by “possession, custody, or control”?
Three competing federal standards: the legal-right test, the legal-right-plus-notification test, and the practical-ability test. Sedona’s Commentary on Rule 34 and Rule 45 (2016) explains all three. The split matters most for BYOD phones, contractor data, and third-party SaaS, where control is contested. In re Pork Antitrust Litig., 2022 WL 972401, is the leading recent BYOD application: an employer doesn’t legally control personal text messages when the BYOD policy doesn’t assert ownership.
This article is for general informational purposes only. It does not constitute legal advice and does not create an attorney-client relationship. Statements about case law and rules reflect publicly available sources as of May 2026 and may not address your jurisdiction or matter. Consult qualified counsel before acting on any of the topics discussed.
Run a Defensible Custodian Workflow.
Track who controls which files, document the interview, and produce by custodian without leaving anything behind. In Hintyr, custodians can be individuals, departments, subsidiaries, or external vendors, so the structure of your case matches the people and groups who actually hold the data.