Posts By :

Doug Austin

No Proof of Intent to Deprive Means No Adverse Inference Sanction: eDiscovery Case Law

We’re catching up on a few cases from earlier this year in preparation for our Key eDiscovery Case Law Review for First Half of 2019 webcast next Wednesday.  Here is an interesting case ruling from April.

In DriveTime Car Sales Company, LLC v. Pettigrew, No.: 2:17-cv-371 (S.D. Ohio Apr. 18, 2019), Judge George C. Smith granted in part and denied in part the plaintiff’s motion for spoliation sanctions against defendant Pauley Motor, denying the plaintiff’s request for an adverse inference sanction by ruling that “DriveTime has not sufficiently demonstrated that Pauley Motor acted with the requisite intent” when Bruce Pauley failed to take reasonable steps to preserve text messages when he switched to a different phone.  Judge Smith did “order curative measures under Rule 37(e)(1)”, allowing the plaintiff to “introduce evidence at trial, if it wishes, of the litigation hold letter and Pauley Motor’s subsequent failure to preserve the text messages.”

Case Background

In this case where the plaintiff alleged the defendants were conspiring to purchase vehicles at above market rates from Pauley Motor, the plaintiff filed a motion for spoliation sanctions against Pauley Motor.  During discovery, Pauley Motor first stated in its interrogatory responses that no text messages between Pauley Motor representatives and defendant Pettigrew existed.  However, in his 30(b)(6) deposition, Bruce Pauley stated that he had exchanged text messages with Pettigrew, but he was ultimately unable to produce the content of the text messages because he had obtained a new phone and had not preserved the contents of his previous phone, despite being put on notice to do so in November of 2016 by a litigation hold letter issued by the plaintiff’s counsel.  As a result, the plaintiff requested that the Court impose a mandatory adverse inference that the content of the text messages was unfavorable to Pauley Motor.

Judge’s Ruling

In considering the motion, Judge Smith stated that “Pauley Motor does not dispute that it had an obligation to preserve text messages between its representatives and Pettigrew or that it failed to take reasonable steps to preserve them…DriveTime has also established that the text messages cannot be restored or replaced through additional discovery, because neither Pettigrew nor the wireless carriers for Pauley Motor’s representatives have access to them either…Thus, in order to obtain the mandatory adverse inference it seeks under Rule 37(e)(2), the only additional requirement under the Rule is that Pauley Motor acted with the intent to deprive DriveTime of the text messages’ use in the litigation when it failed to preserve them.”

However, Judge Smith also said: “Although Bruce Pauley failed to take reasonable steps to preserve the text messages when he switched to a different phone, there is no evidence that he did so intentionally beyond DriveTime’s speculation. This is not sufficient to impose a mandatory adverse inference under Rule 37(e)(2).”  As a result, Judge Smith found that “DriveTime has not sufficiently demonstrated that Pauley Motor acted with the requisite intent.”

But, Judge Smith noted that “less severe sanctions are available to DriveTime under Rule 37(e)(1) upon a finding of prejudice.”  As a result, he stated that “the Court will order curative measures under Rule 37(e)(1)… In this case, the Court finds it appropriate to order that DriveTime will be permitted to introduce evidence at trial, if it wishes, of the litigation hold letter and Pauley Motor’s subsequent failure to preserve the text messages. DriveTime may argue for whatever inference it hopes the jury will draw. Pauley Motor may present its own admissible evidence and argue to the jury that they should not draw any inference from Pauley Motor’s conduct.”

So, what do you think?  Did the judge go far enough or should the failure to preserve the evidence have been considered intent to deprive?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Heat Wave or Cool Front? Results of the Summer 2019 eDiscovery Business Confidence Survey: eDiscovery Trends

It’s that time again!  I’m here to cover the results of the Summer 2019 eDiscovery Business Confidence Survey, published (as always) on Rob Robinson’s terrific Complex Discovery site.  So, how confident are individuals working in the eDiscovery ecosystem in the business of eDiscovery?  Let’s see.

As always, Rob provides a complete breakdown of the latest survey results, which you can check out here.  As I’ve done for the past few surveys, I will provide some analysis and I’m continuing to take a look at all surveys conducted to look at trends over time.  So, this time, I will look at the results for all fifteen surveys to date, from January 2016 to present.

The Summer 2019 Survey response period was initiated on July 1 and continued until registration of 173(!) responses last week, another high number of participants, thanks in part to support and promotion from the Association of Certified E-Discovery Specialists (ACEDS).

Software and/or Services Provider Reclaim Their Normal Position: After a rare instance of another group (Law Firm respondents) leading in the Spring survey, we’re back to Software and/or Services Provider respondents as the top group with 31.8% of all respondents.  Law Firm respondents weren’t too far behind at 30.6% of all respondents (still higher than last time).  Corporation respondents were third at 15.6%, another high percentage of corporate respondents and Consultancy was fourth at 12.7%.  If you count law firms as providers (they’re technically both providers and consumers), they account for over three-quarters of respondents at 75.1% of total respondents, which is still the second lowest percentage of provider respondents (higher than only last quarter’s 72.2%).  So, expanding the respondents has still continued diversify the responses somewhat.  Here’s a graphical representation of the trend over the fifteen surveys to date:

So, how confident is the largest group of respondents ever in eDiscovery business confidence?  See below.

Most Respondents Consider Business to Be Good (Barely): After the lowest ever number of respondents last time considered business to be good, we saw a 9.8 point rebound to 50.9% of respondents.  While that’s higher than last quarter, it’s lower than the last two summers.  41.6% of respondents consider business to be normal, so the good and normal numbers pretty much flip-flopped from last quarter.  7.5% of respondents rated business conditions as bad, which is comparable to last summer, but higher than two summers ago.  So, was last quarter’s lower current business conditions rating an anomaly?  Hmmm…  Here is the trend over the fifteen surveys to date:

So, how good do respondents expect business to be in six months?  See below.

Most Respondents Expect Business to be the Same Six Months From Now: While most respondents (96.0%) expect business conditions will be in their segment to be the same or better six months from now, that’s a drop of 1.8% as those expecting worse business conditions rose to 4.0% (from 2.2% last quarter), while the percentage expecting business to be the same fell to 56.1%.   More than half of respondents also expected the same on revenues and profits – 51.4% and 57.2% respectively.  When looking at previous summers, this summer reflects the lowest percentage of respondents expecting higher profits at 31.2% (only Winter 2019 was lower at 28%).  Great scott!  Here is the profits trend over the fifteen surveys to date:

Will the trend toward lower future profits predictions continue?  We’ll see.

Cost, Cost, Cost!  Budgetary Constraints Considered to Be Most Impactful to eDiscovery Business: Tag, you’re it!  Budgetary Constraints and Increasing Volumes of Data continued their almost reliable flip-flop between the top two positions, with Budgetary Constraints identified as the top factor this time with 27.2%.  Increasing Volumes of Data dropped back down to second at 22.5%. Increasing Types of Data was once again third at 20.8%, followed by Lack of Personnel at 12.7%, Data Security at 11.6% and Inadequate Technology (once again) bringing up the rear at 5.2%, the lowest number ever for any factor in the history of the survey.  Does this mean most people are happy with their technology?  Hmmm…  The graph below illustrates the distribution over the fifteen surveys to date:

Increasing Volumes of Data, Budgetary Constraints and (now) Increasing Types of Data continue to consistently be at the top of the most impactful factors quarter after quarter.

“Managing” to Be Somewhat Even in Distribution of Respondents: Operational Management respondents were the top group at 37.6%, almost it’s highest level ever (other than 38.9 percent in Fall 2016).  Tactical Execution respondents were second at 35.3% and Executive Leadership respondents were last again at 27.2%, though almost 3 percent higher than last quarter.  Here’s the breakdown over the fifteen surveys to date:

It’s clear that the more respondents we get, the more diverse the results with a much greater influence from the “rank and file” (i.e., managers and technicians).

Again, Rob has published the results on his site here, which shows responses to additional questions not referenced here.  Check them out.

So, what do you think?  What’s your state of confidence in the business of eDiscovery?  Please share any comments you might have or if you’d like to know more about a particular topic.

Image Copyright © Rankin/Bass Productions

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

This Makes the Potential GDPR Fine Against British Airways Look Like Peanuts: Data Privacy Trends

It was just last week that we discussed the new (probable) largest fine since the General Data Protection Regulation (GDPR) was enacted last May, with the proposed fine of nearly $230 million against British Airways for a data breach last year.  But, this fine approved by the Federal Trade Commission (FTC) against Facebook for data privacy violations makes that fine look like peanuts.

As discussed by Sharon Nelson in her excellent Ride the Lightning blog (FTC Approves Fine of Roughly $5 Billion Against Facebook for Privacy Violations), the New York Times (subscription required) reported on July 12th that the FTC has approved a fine of roughly $5 billion against Facebook for mishandling users’ personal information, according to three people briefed on the vote, in what would be a landmark settlement that signals a newly aggressive stance by regulators toward the country’s most powerful technology companies.

The much-anticipated settlement still needs final approval from the Justice Department, which rarely rejects settlements reached by the FTC. It would be the biggest fine by far levied by the federal government against a technology company, eclipsing the $22 million imposed on Google in 2012. The size of the penalty underscored the rising frustration among Washington officials with how large technology companies collect, store and use people’s information and the Facebook settlement sets a new bar for privacy enforcement by United States officials, who have brought few cases against large technology companies.  In addition to the fine, Facebook agreed to more comprehensive oversight of how it handles user data. But none of the conditions in the settlement will impose strict limitations on Facebook’s ability to collect and share data with third parties.

The FTC’s investigation was fueled by The New York Times and The Observer of London, which discovered that the social network allowed Cambridge Analytica, a British consulting firm to the Trump campaign, to harvest personal information of its users. The firm used the data to build political profiles about individuals without the consent of Facebook users.

The agency found that Facebook’s handling of user data violated a 2011 privacy settlement with the FTC. That earlier settlement, which came after the company was accused of deceiving people about how it handled their data, required the company to revamp its privacy practices.

Facebook made more than $55 billion in revenue last year.  So, at 9.1 percent of annual revenue last year, this fine would be even more than a GDPR fine would be at 4 percent of global annual turnover.  Nonetheless, when the FTC fine was revealed, Facebook’s stock price rose, making it clear that investors were concerned the result could be even worse.  Maybe the “bite” from GDPR fines isn’t painful enough?

So, what do you think?  Do fines like cause your organization to re-evaluate your own security policies?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

ILTACON is One Month Away. And, I’m Speaking – Twice!: eDiscovery Trends

Hard to believe, but we’re just one month away from ILTACON 2019, being held this year at the Walt Disney World Swan and Dolphin Resort in Orlando August 18-22.  CloudNine will be at the conference in a big way again this year.  And, so will I, as I will be speaking not just once, but twice at this year’s conference!

As always, the conference will be four days, preceded by some networking activities (including the annual golf tournament) on Sunday the 18th.  Educational sessions will begin on Monday the 19th and continue through Thursday the 22nd.  And, the Exhibit Hall will also be open for four days, starting with the annual opening reception: A Whole New World of Possibilities-A Journey through Classic TV.  Should be interesting to see what types of characters people dress up for that one!  Here’s a link to the summary agenda.

Speaking of the Exhibit Hall, CloudNine will be exhibiting again at this year’s show at booth #624.  We expect to have several exciting announcements regarding our products in the next couple of weeks and will announce what we plan to showcase before the conference begins.  If you are attending ILTACON this year and would like to schedule a meeting with us, you can go to this page to request a demo and indicate that you want to meet at ILTACON 2019!

When we get closer to the conference, we will have a preview post to identify some of the more interesting topics to be covered at this year’s educational sessions.  Here’s a link to the session grid – keep in mind that this is as of July 12 and still subject to change.

One thing that won’t change is that I’m speaking at ILTACON again this year.  This time, I’m speaking twice!  On Wednesday, I will be part of ILTACON’s brand new Litigation Support Day, which features a DAY of SPARK (Short, Provocative, Action-oriented, Realistic, and Knowledgeable) talks by leaders in the industry.  Organized by David Hasman of Bricker & Eckler, David Horrigan of Relativity, and Philip Weldon of Fried Frank, this program will be moderated by David, and the program will feature presentations on everything from cloud transformation to career development and job interview techniques.

I will be participating in Session One – Litigation Support State of the Union from 9:00-10:30am that day.

I will also be moderating the session Choosing a Predictive Coding Approach – “Predictive Coding For Dummies” on Thursday from 11:30am-12:30pm.  In that session, you can gain a full understanding of analytic jargon, acronyms [TAR, CAL, SPL, SAL?], learn the pros and cons of each approach, and collect a few tips for selling it to case teams, clients, and opposing counsel!  We’ll also conduct a fun exercise that illustrates how a supervised machine learning approach works.  Speakers for the session include: Doug Matthews, Partner at Vorys, Sater, Seymour and Pease LLP; Lia Majid, CEO and Founder of Acorn Legal Solutions; Julian Ackert, Managing Director at iDiscovery Solutions, Inc. and Trena Patton, Solutions Architect at Epiq.  Come check it out!

So, what do you think?  Do you plan to attend ILTACON this year?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Move Over Google, Here May Be Your New Largest GDPR Fine: Data Privacy Trends

Now, we’re talking some serious money!  In January, we covered the first big fine for failing to comply with Europe’s General Data Protection Regulation (GDPR) when France’s data protection regulator, the Commission nationale de l’informatique et des libertés (CNIL), issued a €50 million fine (about $56.8 million) fine to Google for failing to comply with GDPR.  Now, we have a new fine being proposed which is more than four times that amount.

As discussed by Sharon Nelson in her excellent Ride the Lightning blog (British Airways Faces Record Fine After Data Breach), the New York Times (subscription required) reported on July 8th that British authorities have said that they intend to order British Airways to pay a fine of nearly $230 million for a data breach last year, the largest penalty against a company for privacy lapses under GDPR.

Poor security at the airline allowed hackers to divert about 500,000 customers visiting the British Airways website last summer to a fraudulent site, where names, addresses, login information, payment card details, travel bookings and other data were taken, according to the Information Commissioner’s Office, the British agency in charge of reviewing data breaches.

In a statement British Airways said it was “surprised and disappointed” by the agency’s finding and would dispute the judgment, which isn’t final regarding the amount.

As we’ve noted many times on this blog, GDPR allows regulators in each European Union country to issue fines of up to 4 percent of a company’s global revenue for a breach. And by acting against an iconic British brand, officials showed that enforcement would not be limited to American-based tech companies, which have been seen as a primary target.

Before GDPR, fines by the Information Commissioner’s Office were capped at 500,000 pounds, or about $625,000. That was the fine it imposed on Facebook last year for allowing Cambridge Analytica to harvest information on millions of users without their consent. However, Facebook and Google are among other companies currently under investigation by the European authorities over breaches of the GDPR (despite previous fines before and after GDPR went into effect, respectively).

The large proposed fine against British Airways is thought to be based on the fact that this was an avoidable breach caused by alleged sloppy security and organizational practices.

As noted above, the British decision to fine British Airways £183.5 million, worth about 1.5 percent of the airline’s annual revenue, is not final. The agency said it would “carefully consider” responses from the airline and others to its penalty before issuing a final decision.  Even if it’s reduced, it seems inevitable to be a new record for GDPR fines (at least for now).

So, what do you think?  Do fines like this cause your organization to re-evaluate your own security policies?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Chain, Chain, Chain – Chain of Custody: eDiscovery Throwback Thursdays

Here’s our latest blog post in our Throwback Thursdays series where we are revisiting some of the eDiscovery best practice posts we have covered over the years and discuss whether any of those recommended best practices have changed since we originally covered them.

This post was originally published on June 24, 2013 – over six years ago.  Back then, we referenced both baseball player Ryan Braun and legendary singer Aretha Franklin in a single post(!).  Braun ultimately did receive a suspension from Major League Baseball for his involvement with a clinic associated with performance enhancing drugs, but has resumed a successful playing career.  And, of course, the Queen of Soul is no longer with us, sadly.

As for chain of custody tracking, it’s as important as ever.  But technology has helped us out here with some mechanisms to automate the delivery of files.  The use of File Transfer Protocol (FTP) for transfer of files has become commonplace for even fairly large document sets and the use of secured FTP protocols (such as SFTP and FTPS) have become commonplace.  At CloudNine, most of the data we receive from clients today for loading into our CloudNine Review platform is received via secured FTP – either directly or through our Discovery Client that automates the loading of data into the platform.

However, our Client Services team still receives some data from clients via media transportation, especially when it’s a lot of data (we’re often talking terabytes, not gigabytes) and needs to get to us quickly and securely.  In those instances, we still follow the same chain of custody procedures described below to document that transfer.  When it comes to those types of transfers, ensuring proper chain of custody tracking is also an important part of handling that ESI through the eDiscovery process in order to be able to fight challenges of the ESI by opposing parties.  An insufficient chain of custody is a chain, chain, chain of fools.

Information to Track for Chain of Custody

ESI can be provided by a variety of sources and in a variety of media, so you need a standardized way of recording chain of custody for the ESI that you collect within your organization or from your clients.  At CloudNine, we use a standard form for capturing chain of custody information.  Because we never know when a client will call and ask us to pick up data, our client services personnel typically have a supply of blank forms either in their briefcase or in their car (maybe even both).

Our chain of custody tracking form includes the following:

  • Date and Time: The date and time that the media containing ESI was provided to us.
  • Pick Up or Delivery Location: Information about the location where the ESI was provided to us, including the company name, address, physical location within the facility (e.g., a specific employee’s office) and any additional information important to note where the data was received.
  • Delivering Party: Name of the company and the name of representative of the company providing the media, with a place for that representative to sign for tracking purposes.
  • Delivery Detail (Description of Items): A detailed description of the item(s) being received. Portable hard drives are one typical example of the media used to provide ESI to us, so we like to describe the brand and type of hard drive (e.g., Western Digital My Passport drive) and the serial number, if available.  Record whatever information is necessary to uniquely identify the item(s).
  • Receiving Party: Name of the company and the name of representative of the company receiving the media, with a place for that representative to sign for tracking purposes. In our form, that’s usually somebody from CloudNine Discovery, but can be a third party if they are receiving the data from the original source – then, another chain of custody form gets completed for them to deliver it to us.
  • Comments: Any general comments about the transfer of media not already addressed above.

I’ve been involved in several cases where the opposing party, to try to discredit damaging data against them, has attacked the chain of custody of that data to raise the possibility that the data was spoliated during the process and mitigate its effect on the case.  In these types of cases, you should be prepared to have an expert ready to testify about the chain of custody process to counteract those attacks.  Otherwise, you might be singing one of Aretha Franklin’s most famous songs (but not as well as she did).

So, what do you think?  How does your organization track chain of custody of its data during discovery?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Here’s a Webcast to Learn About Key eDiscovery Case Law in 2019 (so far) and How it Affects You: eDiscovery Webcasts

The appearance of the shark can only mean one thing – it’s time for our eDiscovery case week on The Discovery Channel’s Shark Week! Don’t worry, it makes sense to us. :o) So far, 2019 has been another interesting year with notable and important case law decisions related to eDiscovery best practices. What do you need to know about the cases to avoid mistakes made by others and save time and money for your clients?  Here’s a webcast where you can catch up on these cases and find out what they mean to you!

On Wednesday, July 31st at noon CST (1:00pm EST, 10:00am PST), CloudNine will conduct the webcast Key eDiscovery Case Law Review for First Half of 2019.  This CLE-approved* webcast session will cover key case law covered by the eDiscovery Daily Blog during the first half of 2019 to identify trends that lawyers should consider for their own practices. Key topics include:

  • Can ESI related to an unsolved murder case be compelled to be produced in a related civil case?
  • Is the use of biometric fingerprint scanning technology an invasion of privacy?
  • When can non-parties be compelled to produce ESI in litigation?
  • Are social media photos that you didn’t post discoverable if you’ve been tagged in them?
  • Can sanctions be so important that you fight NOT to have a claim against you dismissed?
  • Is being forced to provide your cell phone password the “death knell” for fifth amendment protection?
  • Should a case ruling be reversed if a judge is Facebook friends with one of the parties?
  • Should discovery be stayed while a motion to dismiss is being considered?
  • Does Rule 37(e) eliminate the potential for obtaining sanctions for spoliation of ESI?

As always, I’ll be presenting the webcast, along with Tom O’Connor.  To register for it, click here.  Even if you can’t make it, go ahead and register to get a link to the slides and to the recording of the webcast (if you want to check it out later).  If you want to learn from past eDiscovery case law decisions, this is the webcast for you!

So, what do you think?  Do you think case law regarding eDiscovery issues affects how you manage discovery?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Will CCPA Be a “Dumpster Fire” for Those Trying to Comply? Here are 10 Reasons it Might Be: Data Privacy Trends

We’re less than six months away from the scheduled start of the California Consumer Privacy Act (CCPA) on January 1, 2020.  So, what are the law’s prospects when it goes into effect next year?  According to one article, there are ten reasons why CCPA is going to be a “dumpster fire” when it goes into effect next year.

In Truth on the Market (10 Reasons Why the California Consumer Privacy Act (CCPA) Is Going to Be a Dumpster Fire, written by Alec Stapp), real estate developer Alastair Mactaggart spent nearly $3.5 million last year to put a privacy law on the ballot in California’s November election. He then negotiated a deal with state lawmakers to withdraw the ballot initiative if they passed their own privacy bill. That law – CCPA – was enacted after only seven days of drafting and amending.

Mactaggart said it all began when he spoke with a Google engineer and was shocked to learn how much personal data the company collected and he was motivated to find out exactly how much of his data Google had. But, instead of using Google’s freely available transparency tools, Mactaggart decided to spend millions to pressure the state legislature into passing new privacy regulation.

CCPA has six consumer rights, including the right to know; the right of data portability; the right to deletion; the right to opt-out of data sales; the right to not be discriminated against as a user; and a private right of action for data breaches.  But, according to Stapp, there are ten reasons why CCPA is going to be a “dumpster file”.  Here are a few of them:

  • CCPA compliance costs will be astronomical: According to the article, if CCPA were in effect today, 86 percent of firms would not be ready. With an estimated half a million firms liable under the CCPA, if all eligible firms paid only $100,000, the upfront cost would already be $50 billion.  And, that doesn’t include lost advertising revenue, which could total as much as $60 billion
  • CCPA is potentially unconstitutional as-written: The law’s purported application to businesses not physically located in California raises potentially significant dormant Commerce Clause and other Constitutional problems.
  • GDPR compliance programs cannot be recycled for CCPA: Companies cannot just expand the coverage of their EU GDPR compliance measures to residents of California. For example, the California Consumer Privacy Act contains a broader definition of “personal data”, establishes broad rights for California residents to direct deletion of data with differing exceptions than those available under GDPR and establishes broad rights to access personal data without certain exceptions available under GDPR, among other differences.
  • CCPA’s definition of “personal information” is extremely over-inclusive: CCPA likely includes gender information in the “personal information” definition because it is “capable of being associated with” a particular consumer when combined with other datasets. Also, the definition of “personal information” includes “household” information, which is particularly problematic. A “household” includes the consumer and other co-habitants, which means that a person’s “personal information” oxymoronically includes information about other people.
  • CCPA will need to be amended, creating uncertainty for businesses: As of now, a dozen bills amending CCPA have passed the California Assembly and continue to wind their way through the legislative process. California lawmakers have just over two more months (until September 13th) to make any final changes to the law before it goes into effect.

The complete list of ten reasons that CCPA is going to be a “dumpster file” is provided in the article here.

So, what do you think?  Are you concerned about the status of CCPA?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Survey Says! Results of the ACEDS Community Survey: eDiscovery Trends

As part of its focus on offerings and opportunities that impact certifications, careers, contacts, and competence, the Association of Certified E-Discovery Specialists (ACEDS) recently conducted one of the more comprehensive online surveys of individuals currently working in the field of the eDiscovery that I’ve seen in a long time.  So, what were some of the findings?  Let’s take a look.

ACEDS posted Nineteen Observations on ACEDS in the Summer of 2019, written by Rob Robinson, editor of the excellent Complex Discovery blog and probably the unofficial survey king of eDiscovery.  Rob posted those same observations on his blog here.

Notably, the survey was open between May 15, 2019, and June 3, 2019. The survey was conducted by an outsourced and primary research firm, Hanover Research, and was designed to provide insight into survey areas through the responses to approximately 250 questions(!) organized around six general ACEDS-related topics.  Of those receiving invitations to participate, 149 eDiscovery professionals completed all 250 questions (I was one of those – kudos to ACEDS for generating so many responses to such a long survey). Partial responses to the survey were not tabulated as part of the survey results, and the reward for full survey completion was $20 directed by respondents to one of three charities.

Here are a few of the observations from the survey:

  • 93% of ACEDS Community Survey respondents were aware of the Certified E-Discovery Specialist (CEDS) certification, with 80% of these respondents being very familiar or extremely familiar with the CEDS certification.
  • The ACEDS Blog was noted as a primary source of legal news and thought leadership information by 79% of survey respondents.
  • Unsurprisingly given the target audience of the survey, 75% of respondents shared that they were current members of ACEDS. Additionally, 35% of respondents noted Women in eDiscovery (WiE) as the most common non-ACEDS membership to possess among presented legal industry groups.
  • 84% of respondents shared that they have a positive impression of ACEDS, and one-third of respondents noted that the reason for the positive impression was ACEDS educational content and certification course materials.
  • In considering the frequency respondents use skills acquired from certifications in their work, security-related certifications appeared to be the most utilized certification skills with 91% of respondents with security-related certifications reporting that they always use the skills related to that certification in their work. Also, 58% of respondent CEDS certificate holders noted that they always use CEDS-related skills in their work.
  • Only 7% of respondents shared that eDiscovery was taught as part of their law school or paralegal school curriculum. With just under two-thirds of that teaching (64%) being teaching as part of a course dedicated to eDiscovery.
  • 89% of ACEDS Community Survey respondents reported an increase in compensation during the last five years and 77% reported an increase in job offers.
  • 69% of survey respondents attended at least one industry professional development conference during the past year, with LegalTech NY, Relativity Fest, and ILTACON being the most attended conferences. 32% of respondents noted attending LegalTech NY, 24% of respondents noted attending Relativity Fest (Chicago or London), and 20% of respondents noted attending ILTACON.

These are just a few of the published results, check out the article for more.  Also, speaking of surveys, Rob launched the Summer 2019 eDiscovery Business Confidence Survey over the weekend, so you can participate in that one too.  I’ll cover the results of it in a few weeks as I have the previous surveys over the past 3+ years.

So, what do you think?  Are you surprised by any of the ACEDS survey results?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Daily will return next Monday.  Happy Independence Day!

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Plaintiff Requests His Entire PST File, Court Says No: eDiscovery Case Law

In Russell v. Kiewit Corp., No. 18-2144-KHV (D. Kan. June 4, 2019), Kansas Magistrate Judge James P. O’Hara denied the plaintiff’s motion seeking to compel supplemental discovery responses by the seven defendants, including the request to receive his entire e-mail personal storage (PST) file, agreeing with the defendants’ contention that the request was overly broad and not proportional.

Case Background

In this case where the plaintiff alleged he was fired in retaliation for opposing age discrimination, disability discrimination, and FMLA violations in the workplace through his role in the defendant’s human resources department, the parties had several unresolved issues that they could not agree on with regard to discovery.  The defendants proposed that the scope of electronic discovery would run from May 27, 2015 through April 22, 2016 and focus on specifically identified custodians using agreed and limited search terms, but the plaintiff did not agree with those propose limitations.

Among the areas where there were disputes were: 1) plaintiff’s email, where the plaintiff moved to compel defendants to produce the e-mail file from his entire employment with defendants as a PST file; 2) the scope of discovery searches; 3) discovery requests to additional entities beyond the plaintiff’s employer; and 4) the plaintiff’s request for policies related to the HR and IT operations of the defendants for whom plaintiff was not an employee.  The parties did resolve their dispute over production of the data from plaintiff’s company-issued iPhone.

Judge’s Ruling

With regard to production of the plaintiff’s PST file, the plaintiff argued that the defendants had an unfair advantage by having access to e-mails that the plaintiff could not access, also arguing that it was proportional to allow him to “see all emails in context maintained in his own email folders” because it “equalizes access.”  The defendants argued the plaintiff’s request was overly broad and not proportional, asserting they had searched for all terms requested by plaintiff, as well as many additional search terms not requested by plaintiff, and produced all responsive e-mails.

With regard to this dispute, Judge O’Hara stated: “The court agrees with defendants. Rule 26(b)(3)(c) relates to a party’s ‘own previous statement about the action or its subject matter.’ To the extent plaintiff seeks his own e-mails related to this action, those were captured in the e-mails defendants produced in response to plaintiff’s search terms, plus the additional terms defendants searched…Conspicuously, plaintiff has not cited any authority for the proposition that Rule 26(b)(3)(C) requires the production of all statements plaintiff has ever made in an e-mail about any subject, such that his entire e-mail file during his tenure with Kiewit Energy must be produced.

Although plaintiff is entitled to request the production of files in .pst format, which are ‘generally associated with the Microsoft Outlook email program,’ Document Request No. 29 seeks the entire file for the ‘email account assigned to plaintiff during his employment with defendants.’  Plaintiff purports to address the ‘proportionality standpoint’ by arguing the .pst file would allow him to more efficiently review the file. But producing the entire PST is ‘simply requesting discovery regardless of relevancy,’ which most definitely is not the standard under the 2015 amendments to Rule 26(b). The language in Document Request No. 29 is not tied to plaintiff’s protected activity or his employment with the company; rather, plaintiff requests the entire e-mail account during the entire length of his employment. That request is facially overly broad and not proportional. Plaintiff has not shown how every e-mail he has sent and received is relevant to this action, particularly in light of defendants’ production of 775 documents from e-mail searches.  The court sustains defendants’ objection to Document Request No. 29.”

Judge O’Hara also found that “defendants have adequately responded to plaintiff’s discovery requests” and rejected his requests for ESI from other entities, sustaining the defendants’ objection that the requests were overly broad and not proportional.

So, what do you think?  Should a former employee have the right to look at his or her entire email repository in litigation?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.