Posts By :

Doug Austin

eDiscovery Trends: How Blocking Statutes Affect International eDiscovery

 

Over the past few weeks, we’ve discussed the general challenges of international eDiscovery, use of the 41 year old Hague Convention for requesting ESI from other countries, use of Section 1782 for foreign entities to request ESI from US entities, and the effect of privacy laws in other countries on discovery requests.

In the course of pursuing discovery requests in foreign nations, US lawyers also often run into another serious legal snag: blocking statutes. These statutes prevent certain types of information from leaving the country where it originates, and can interfere with discovery of evidence in a number of ways.

The purpose of blocking statutes – also known as "secrecy laws" – is to protect information that is considered commercially significant or relevant to national security in the country where it is located, or where it originated. Certain countries have blocking statutes that protect particular industries or types of information. In Switzerland, for instance, the disclosure or transmission of bank account information is forbidden by blocking statutes. Other countries, such as France and Germany, have created blocking statutes that make certain types of discovery illegal within their borders, complicating matters for attorneys requesting information.

A French blocking statute dating back to 1980 has been known to cause problems in the past few years for attorneys, by criminalizing cooperation with US discovery – in one case, resulting in hefty fines for a French lawyer who contravened that blocking statute. In other cases, a refusal to submit documents for discovery based on blocking statutes and the Hague Convention may be overruled by national courts depending on the circumstances of the case and the type of discovery being ordered.

Blocking statutes present an odd legal conundrum, because they don't prevent American attorneys from requesting privileged information or American courts from ordering discovery – they simply make it illegal for that information to be disclosed by nations of the foreign country in question. As a result, American courts and attorneys have sometimes expressed skepticism about the validity of these statutes and the likelihood of penalties being enforced against those who contravene them.

In fact, those who contravene these blocking statutes are seldom charged or fined. When the statutes are enforced, however, the penalties are steep.

Blocking statutes can be frustrating to organizations responding to discovery requests, because they put foreign individuals and organizations who are ordered to submit privileged information in the untenable position of either breaking their own country's laws – and facing penalties for contravening blocking statutes – or receiving sanctions from US courts for refusal to produce discovery documents. In many cases, foreign entities prefer to confront US courts rather than risk penalties in their own home countries, which forces US courts to address the failure to comply with these requests.

So, what do you think? Have you ever had a discovery request denied because of a blocking statute? Please share any comments you might have or if you'd like to know more about a particular topic.

eDiscovery Case Law: Meet and Confer is Too Late for Preservation Hold

A US District court in Indiana ruled on June 28, 2011 in favor of a motion for an Order to Secure Evidence in an employment discrimination lawsuit.

The defendant in Haraburda v. Arcelor Mittal USA, Inc., No. 2:11 cv 93, 2011 WL 2600756 (N.D. Ind. June 28, 2011) had given the plaintiff reason to believe that emails and other relevant documents might be destroyed prior to Rule 26(f) meeting between the parties or Rule 16(b) discovery conference with the court. As a result, the plaintiff formally requested a litigation hold on all potentially relevant documents, which was approved by US Magistrate Judge Andrew Rodovich.

  • Shortly after filing a complaint of employment discrimination, the plaintiff, Marie A. Haraburda, became concerned that the defendant might destroy evidence that she intended to request in discovery. She emailed Sharon Stillman, a human resources manager of the defendant, Arcelor Mittal, about emails that had previously been deleted from her account and was informed that “files stored on company computers are company property and can be assessed and/or deleted as the company views appropriate”.
  • The defendant refused the plaintiff’s request that the defendant place a litigation hold on evidence or take other measures to protect potentially relevant documents, with the comment that such a request by the plaintiff was “premature”.
  • The plaintiff came to believe that the defendant would destroy relevant evidence before the Rule 26(f) discovery confidence, and, therefore, moved for an Order to Preserve Evidence.

In ruling, the court reminded all parties that they have “a duty to preserve evidence when [they know], or should have known, that litigation was imminent.” “Evidence” includes any materials that are relevant or could be deemed relevant during the litigation, including such emails as the plaintiff had brought to the defendant’s attention via Ms. Stillman. A large corporation, therefore, has a duty to not only create a “comprehensive” data protection plan to ensure that documents are preserved, but to inform its employees of that policy so that it will be scrupulously upheld, said the court.

The court also expressed the belief that given the plaintiff’s potential for difficulty if relevant materials were not protected, and in the absence of additional burden on the defendant to preserve existing evidence, the plaintiff’s motion was reasonable.  Accordingly, the court ordered a litigation hold placed “on any and all documents and information that may reasonably be related to the pending litigation”.

So, what do you think? Given previous case law examples, are you surprised that the defendant tried to delay the litigation hold? Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Case Law: Connecticut Approves Rules Updates Governing eDiscovery

 

Last year, eDiscovery Daily identified states that have not currently enacted any rules changes for eDiscovery.  One of the states that had previously enacted eDiscovery rules changes – Connecticut – has updated their rules as Superior Court judges made several amendments to the Connecticut Practice Book that will affect eDiscovery and other legal practices in Connecticut courts.

A series of amendments to the Connecticut Practice Book, the document that governs all legal practice in the state of Connecticut, was adopted on June 20, 2011. Many of these changes affect eDiscovery practices as itemized below. The majority of the amendments, including those changes involving eDiscovery, are slated to take effect on January 1, 2012.

eDiscovery handling requirements are addressed in Connecticut's existing rules, but the revisions to the Practice Book lay out best practices more completely and explicitly, providing additional instruction for courts, attorneys, and their clients.

The relevant amendments to eDiscovery practices include:

  • New Rule 13-5(9): This Rule enables the court to issue a protective order allowing for cost allocation and preventing undue burden on any party in the course of retrieving documents and information for eDiscovery.
  • Revisions to Rule 13-9(d): These amendments deal with the format in which electronic documents are produced for the court and for eDiscovery purposes.
  • New Rule 13-14(d): This new Rule limits liability in cases where eDiscovery information has been lost or is inaccessible due to understandable flaws in normal routines, or reliance in good faith on systems that failed to back up data. Closely based on Federal Rule 37(f), it deals with accidental data loss in situations where there is a demonstrable absence of intention to destroy or avoid preserving records.
  • New Rule 13-33: This new Rule, Claim of Privilege or Protection After Production, defines the procedure by which parties may move to protect information as privileged after it has been produced for pre-trial discovery.

The complete text of the Connecticut Practice Book can be accessed online, as well as the new amendments that will come into effect in 2012.

So, what do you think? Do these amendments streamline eDiscovery and make it more practical and enforceable? Please share any comments you might have or if you'd like to know more about a particular topic.

eDiscovery Trends: Privacy is a Priority When Conducting International Discovery

 

US lawsuits are very public, involving discovery and other public disclosures that go against the cultural traditions and laws of many nations in other parts of the world. In the European Union (EU), for instance, many countries have privacy protection laws that forbid the disclosure of "personal information" – and the definition of personal information here can mean anything from addresses and phone numbers to even the names of individuals if they are used in work reports and business documents.

Despite the complications created by these privacy laws, US courts will apply the Federal Rules of Civil Procedure to non US entities if it has jurisdiction over them.  Nonetheless, litigators often find themselves in a bind where they must either impel evidence through means that are potentially illegal in the country of the non US entity, or lose traction in a US-based lawsuit. That means lawyers pursuing discovery in foreign locales often must take pains to familiarize themselves with the laws of the country and province where they are seeking information.

  • The EU Data Protection Directive does not forbid the transfer and processing of electronically stored information (ESI), but it does complicate the process considerably where it corroborates other European data protection laws.
  • US companies and litigators may legally request and receive documents protected under the Data Protection Directive if the company is a member of the US Department of Commerce Safe Harbor, a group whose mandate is based on seven key principles of data protection.
  • Even where the Safe Harbor and Data Protection Directive allows US companies to access information for pre-trial discovery, the laws of specific EU states may not permit businesses to disclose information without being subject to harsh penalties for violating national privacy laws.

Although US courts don’t always recognize the limitations placed on international discovery by these privacy laws, they do appreciate the balance of delicate factors involved in seeking discovery internationally. In assessing the importance of gaining access to specific ESI, the courts will generally consider a combination of factors, including the importance and origin of the information, the availability of access, the effects of non-compliance with international privacy laws on the US and the nation state where the information is located, and the potential hardship that would be imposed on the individuals or businesses who have the power to produce the information. A careful weighing of the privacy needs of individuals versus the needs of the parties involved in litigation must be assessed.

Individuals are capable of providing their consent to allow documents containing their personal information to appear in an international court. However, they can revoke this consent at any time. Even where consent is given, and certainly where it is not, every effort must be taken to protect the security of private information and to destroy such information within a reasonable amount of time. Electronically stored data must be anonymized or protected by pseudonyms, and personal identifiers such as names, addresses and phone numbers must be purged from information presented in eDiscovery.

So, what do you think? Have you ever dealt with privacy protection laws in international jurisdictions? Please share any comments you might have or let us know if you'd like to learn more about a particular topic.

eDiscovery Trends: An Insufficient Password Will Thwart Even The Most Secure Site

 

Several months ago, we talked about how most litigators have come to accept that Software-as-a-Service (SaaS) systems are secure.  For example, at Trial Solutions, the servers hosting data for our OnDemand® and FirstPass® (powered by Venio FPR™) platforms are housed in a Tier 4 data center in Houston (which is where our headquarters is).  The security at this data center is military grade: 24 x 7 x 365 onsite security guards, video surveillance, biometric and card key security required just to get into the building.  Not to mention a building that features concrete bollards, steel lined walls, bulletproof glass, and barbed wire fencing.

Pretty secure, huh?  Hacking into a system like this would be very difficult, wouldn’t you think?  I’ll bet that the CIA, PBS and Sony had secure systems as well; however, they were recently “hacked” by the hacker group LulzSec.  According to a recent study by the Ponemon Institute (linked to here via the Ride the Lightning blog), the chance of any business being hacked in the next 12 months is a “statistical certainty”.

No matter how secure a system is, whether it’s local to your office or stored in the “cloud”, an insufficient password that can be easily guessed can allow hackers to get in and steal your data.  Some dos and don’ts:

Dos:

  • If you need to write passwords down, write them down without the corresponding user IDs and keep the passwords with important documents like your passport, social security card and other important documents you’re unlikely to lose.  Or, better yet, use a password management application that encrypts and stores all of your passwords.
  • Mnemonics make great passwords.  For example, “I work for Trial Solutions in Houston, Texas” could become a password like “iw4tsiht”. (by the way, that’s not a password for any of my accounts, so don’t even try)  😉
  • Change passwords every few months.  Some systems require this anyway.

Don’ts:

  • Don’t use the same password for multiple accounts, especially if they have sensitive data such as bank account or credit card information.
  • Don’t email passwords to yourself – if someone is able to hack into your email, then they have access to those accounts as well.
  • Personal information may be easy to remember, but it can also be easily guessed, so avoid using things like your kids’ names, birthday or other information that can be guessed by someone who knows you.
  • Avoid logging into sensitive accounts when using public Wi-Fi as it is much easier for hackers to tap into what you’re doing in those environments.  If you’re thinking of checking your bank balance while having a latte at Starbucks, don’t.

So, what do you think?  Are you guilty of any of the “don’ts” listed above?  Please share any comments you might have or if you’d like to know more about a particular topic.

Full disclosure: I work for Trial Solutions, which provides SaaS-based eDiscovery review applications FirstPass® (for first pass review) and OnDemand® (for linear review and production).  Our clients’ data is hosted in a secured, SAS 70 Type II certified Tier 4 Data Center in Houston, Texas.

eDiscovery Case Law: A Pennsylvania Court Conducts Its Own Social Media Relevancy Review

Pennsylvania seems to be taking the lead in setting social media discovery precedents, as evidenced by this case summarized on eDiscovery Daily earlier this week.  In this case, a Pennsylvania court agreed to review a plaintiff’s Facebook account in order to determine which information is subject to discovery in a case relating to the plaintiff’s claim of injury in a motor vehicle accident.

The plaintiff in Offenback v. L.M. Bowman, Inc., No. 1:10-CV-1789, 2011 WL 2491371 (M.D. Pa. June 22, 2011) was directed to allow the court to access his Facebook and MySpace accounts in order to determine which parts of his social media accounts are subject to discovery. After a thorough review, the court expressed its “confusion” over the plaintiff’s inability to conduct this review himself in order to present discoverable information to the court:

  • The plaintiff claimed that he suffered injuries in a car accident on November 6, 2008 that “limited his ability to sit, walk, stand, ride in a vehicle, bend, stoop, push, pull, and lift”. He also claimed he could not work and was unable to relocate as he’d planned to do before the accident.  Additionally, the plaintiff claimed that he “suffers anxiety, depression, and post-traumatic stress as a result of the accident”.
  • The court found the client’s physical and emotional experience relevant in this case, and sought discovery of key information in his social media accounts that might shed light on his health and well-being at the time of the accident and thereafter.
  • The court initially requested access to both the plaintiff’s Facebook and MySpace accounts, but changed the order to request access exclusively to his Facebook account once the plaintiff had asserted that he had not accessed MySpace since November 2008 and had lost the requested login information in the intervening period.
  • After its review, the court consulted both the plaintiff and the defendant about the Facebook photos, updates, and other materials it considered relevant, in consideration of the “broad scope of relevance” argued by the defendants.
  • Notably, the court ordered discovery of photographs and Facebook updates indicating that the plaintiff purchased a motorcycle in 2010 and may have ridden it from Kentucky to Pennsylvania and possibly on a trip to West Virginia.
  • The court ended its review by expressing its “confusion about why the parties required the Court’s assistance in deciding which information within the plaintiff’s Facebook account is responsive to Defendants’ discovery requests”. The court stated its desire that, in future cases of a similar nature, the plaintiff be accountable for reviewing his own Facebook profile, presenting discoverable materials and raising objections if so desired.

So, what do you think? Should the court have conducted the review itself? Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Trends: Section 1782 – For Foreign Parties to Request U.S. Discovery

 

We've discussed international eDiscovery issues and the process that U.S. attorneys have to go through as they request electronic documents and evidence from locations in other countries around the world in a couple of recent posts. But what about the reverse? Does the Hague Evidence Convention cover international requests for electronic information that is held by U.S. businesses and individuals?

In fact, it does, but the Hague Convention is not the primary legal statute used by foreign entities to request discovery within the United States. Section 1782 of Title 28 of the United States Code, widely known as "Section 1782," is a federal statute that allows attorneys outside the U.S. to request discovery in American courts from an American citizen or business. This statute lays out the requirements that must be met by any international requests for either testimonial evidence or documents – including electronic documents requested in the discovery process.

In many ways, it's easier for foreign attorneys and interested parties to request data within the U.S. Section 1782 than it is for U.S. lawyers to request discovery in other countries. Section 1782 is designed to simplify the process and spell out what U.S. courts are trying to acquire through these international discovery requests. There are three requirements in Section 1782 for anyone applying for discovery information:

  1. The applicant under Section 1782 must demonstrate that he or she is an "interested person" in a proceeding outside the U.S.;
  2. The proceeding must be conducted before a foreign "tribunal"; and
  3. The application under Section 1782 must be filed in the district of the person or entity from which evidence is requested.

Section 1782 discovery isn't effortless by any means – it requires several types of proof of relevance before discovery will be permitted – but it does provide a framework for legal discovery across national boundaries, one that is arguably much friendlier and more transparent than the rules U.S. attorneys must navigate when conducting discovery requests in other nations in the European Union (E.U.), Asia, Africa, and elsewhere around the world.

So, what do you think? Have you ever been involved in a proceeding that involved Section 1782 discovery? Please share any comments you might have or if you'd like to know more about a particular topic.

eDiscovery Trends: Is eDiscovery Malpractice More Widespread Than You Think?

 

Last month, we discussed the eDiscovery malpractice case filed against McDermott Will & Emery for allegedly failing to supervise contract attorneys that were hired to perform the client’s work and to protect privileged client records.  This case is still continuing to generate much buzz in the eDiscovery community and I’m sure it will be closely followed as it progresses.

At least one attorney from another firm has weighed in on the possibility of eDiscovery malpractice in other cases.  Dennis Kiker, a partner with LeClair Ryan noted in their blog The e-Discovery Myth that eDiscovery malpractice is probably more widespread than most people think.  Among his observations:

  • “E-Discovery is a discipline.  Far too many attorneys in firms large and small think that e-discovery is something they can do on the side, when they are not drafting motions to dismiss an antitrust class action or preparing to depose a scientist in a patent infringement matter.  Unfortunately, this is simply not true.”
  • “[E]-discovery goes far beyond the rules.  It is one thing to understand that there are different possible forms of production permitted for electronically stored information under Rule 34, and quite another to know how to effectively and defensibly identify, preserve, collect, process, review and produce ESI.”
  • “Not even IT professionals pretend to understand all of the different information systems that exist in a single company.  Do we really expect every trial attorney to have greater expertise and understanding than the professionals that work in the field every day?”
  • “A large document review is, by definition, a large project requiring significant project management skills… In short, this is a complex, high-risk task that requires specialized skills and experience.  It is not something one does once a year and gets good at.”
  • “Malpractice claims are just one of the possible consequences of practicing in a complex area without the requisite expertise.  Loss of client goodwill, damaged reputations for lawyer and firm alike, monetary sanctions – all of these are the dancing partners of those that believe that e-discovery is something that every litigator knows how to do.”

It’s an excellent post with a number of good points.  There are some attorneys who have really worked hard at developing their eDiscovery expertise and knowing when to rely on others with the expertise they don’t have.  But, as I have observed, there are many attorneys that have tried to play “part-time eDiscovery expert” with less than terrific results (at best).  In many cases, their saving grace is that the opposing attorney is equally inept when it comes to eDiscovery best practices.

So, what do you think? Is eDiscovery malpractice more widespread than we think? Please share any comments you might have or if you'd like to know more about a particular topic.

eDiscovery Case Law: Social Media Posts Deemed Discoverable in Personal Injury Case

A Pennsylvania court recently ordered the plaintiff in a personal injury lawsuit to disclose social media passwords and usernames to the defendant for eDiscovery.

On May 19, the court ruled in favor of a motion to compel the plaintiff in Zimmerman v. Weis Markets, Inc., No. CV-09-1535, 2011 WL 2065410 (Pa. Comm. Pl. May 19, 2011) to disclose his usernames, login names and passwords for Facebook and MySpace accounts that contained hidden or private posts. Discoverability of social media continues to be a hot topic in eDiscovery, as eDiscovery Daily has noted in summaries of prior cases here, here and here that reflect varied outcomes for requests to access social media data.

In Zimmerman v. Weis Markets, Inc., the court ruled in favor of the defendant’s motion for several reasons involving the plaintiff’s use of public social media as well as the circumstances of the case:

  • The plaintiff’s public postings on the social media sites in question included discussion of his injury, which was deemed relevant to his claim of serious and permanent impairment. These public postings were construed by the court as sufficient to demonstrate likelihood that his non-public postings would also contain relevant information about his injury.
  • Although, the court did not wish its decision in this matter to be viewed as authorizing “fishing expeditions” to private social media accounts in personal injury cases in general, it reasoned that since examination of the public portions of the plaintiff’s Facebook and MySpace accounts turned up relevant evidence on the subject of the plaintiff’s injury, discovery of the remaining private postings was also likely to do so.
  • The court also reasoned that the plaintiff’s choice to bring this issue to trial, as well as his decision to share information about his injury online (showing pictures of him in shorts with his scar visible, as well as recent pictures with his motorcycle), meant that he could not have a reasonable expectation of social media privacy.

Although courts often permit eDiscovery of private and hidden social media postings, this decision by the court illustrates a need for relevance of the evidence to be shown before that permission is granted.

So, what do you think? Was the court wrong in allowing eDiscovery of personal Facebook and MySpace accounts, or does the plaintiff in a personal injury case waive his right to social media privacy? Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Trends: Protocol for International eDiscovery Based on 41 Year Old Treaty

 

Last week, we talked about several challenges of international eDiscovery, including different laws regarding discovery practices, as well as cultural and privacy issues.  This week, we will talk about one of the primary mechanisms for conducting discovery internationally – the Hague Convention.

What is the Hague Convention? The Convention on the Taking of Evidence Abroad in Civil or Commercial Matters – commonly known as the Hague Evidence Convention – is an international treaty created by the Hague Conference on Private International Law. It was negotiated in the late 1960's and signed on March 18, 1970.

There are 54 countries contracted to the Hague Convention, which means they have agreed to permit international attorneys to request evidence across foreign borders without first requiring that they pursue diplomatic approval. U.S. attorneys often rely on the provisions of the Hague Evidence Convention when conducting cross-border eDiscovery requests. As a result, they can save time and paperwork by avoiding consular and diplomatic channels and corresponding directly with legal counsel and individuals in international countries where the Hague Convention has been ratified.

Although it can simplify the process of requesting eDiscovery across borders, the Hague Convention does not guarantee that international discovery requests will be honored, in part or at all. Foreign courts in receipt of discovery requests will often exercise their own judgment in responding, based on the laws of their own nation states. As a result, eDiscovery requests may be refused or misinterpreted without any penalty under the Hague Convention. What's more, some of the countries that have signed choose to exert limits on the extent to which they agree with the Hague Convention, further complicating matters in cases where international eDiscovery is required from groups or individuals within these nations' borders. Use of the Hague Convention may be slow, inefficient, and does not guarantee results.

The U.S. was instrumental in the creation of the Hague Convention and one of the first countries to adopt it.  However, many international parties requesting information in the U.S. now do so via Section 1782 Discovery. This simpler provision in Section 1782 of Title 28 of the United States Code facilitates discovery cases where a document or electronic information is located in the U.S.  We will talk about this federal statute in more detail in our next post regarding international eDiscovery.

So, what do you think? Does the Hague Convention simplify the discovery process internationally, or is it time for a new, more up-to-date treaty or provision to facilitate international eDiscovery? Please share any comments you might have or if you'd like to know more about a particular topic.

Happy Independence Day from all of us at eDiscovery Daily and Trial Solutions!