Collection

Chain, Chain, Chain – Chain of Custody: eDiscovery Throwback Thursdays

Here’s our latest blog post in our Throwback Thursdays series where we are revisiting some of the eDiscovery best practice posts we have covered over the years and discuss whether any of those recommended best practices have changed since we originally covered them.

This post was originally published on June 24, 2013 – over six years ago.  Back then, we referenced both baseball player Ryan Braun and legendary singer Aretha Franklin in a single post(!).  Braun ultimately did receive a suspension from Major League Baseball for his involvement with a clinic associated with performance enhancing drugs, but has resumed a successful playing career.  And, of course, the Queen of Soul is no longer with us, sadly.

As for chain of custody tracking, it’s as important as ever.  But technology has helped us out here with some mechanisms to automate the delivery of files.  The use of File Transfer Protocol (FTP) for transfer of files has become commonplace for even fairly large document sets and the use of secured FTP protocols (such as SFTP and FTPS) have become commonplace.  At CloudNine, most of the data we receive from clients today for loading into our CloudNine Review platform is received via secured FTP – either directly or through our Discovery Client that automates the loading of data into the platform.

However, our Client Services team still receives some data from clients via media transportation, especially when it’s a lot of data (we’re often talking terabytes, not gigabytes) and needs to get to us quickly and securely.  In those instances, we still follow the same chain of custody procedures described below to document that transfer.  When it comes to those types of transfers, ensuring proper chain of custody tracking is also an important part of handling that ESI through the eDiscovery process in order to be able to fight challenges of the ESI by opposing parties.  An insufficient chain of custody is a chain, chain, chain of fools.

Information to Track for Chain of Custody

ESI can be provided by a variety of sources and in a variety of media, so you need a standardized way of recording chain of custody for the ESI that you collect within your organization or from your clients.  At CloudNine, we use a standard form for capturing chain of custody information.  Because we never know when a client will call and ask us to pick up data, our client services personnel typically have a supply of blank forms either in their briefcase or in their car (maybe even both).

Our chain of custody tracking form includes the following:

  • Date and Time: The date and time that the media containing ESI was provided to us.
  • Pick Up or Delivery Location: Information about the location where the ESI was provided to us, including the company name, address, physical location within the facility (e.g., a specific employee’s office) and any additional information important to note where the data was received.
  • Delivering Party: Name of the company and the name of representative of the company providing the media, with a place for that representative to sign for tracking purposes.
  • Delivery Detail (Description of Items): A detailed description of the item(s) being received. Portable hard drives are one typical example of the media used to provide ESI to us, so we like to describe the brand and type of hard drive (e.g., Western Digital My Passport drive) and the serial number, if available.  Record whatever information is necessary to uniquely identify the item(s).
  • Receiving Party: Name of the company and the name of representative of the company receiving the media, with a place for that representative to sign for tracking purposes. In our form, that’s usually somebody from CloudNine Discovery, but can be a third party if they are receiving the data from the original source – then, another chain of custody form gets completed for them to deliver it to us.
  • Comments: Any general comments about the transfer of media not already addressed above.

I’ve been involved in several cases where the opposing party, to try to discredit damaging data against them, has attacked the chain of custody of that data to raise the possibility that the data was spoliated during the process and mitigate its effect on the case.  In these types of cases, you should be prepared to have an expert ready to testify about the chain of custody process to counteract those attacks.  Otherwise, you might be singing one of Aretha Franklin’s most famous songs (but not as well as she did).

So, what do you think?  How does your organization track chain of custody of its data during discovery?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Mobile to the Mainstream All in One Place: eDiscovery Best Practices

Craig Ball has had a lot to say about mobile device discovery, including various posts on his excellent Ball in Your Court blog (we’ve covered several of those, including this one and this one).  Now, he has assembled all of that good information in a single guide for reviewing all at once!

Mobile to the Mainstream: Preservation and Extraction of iOS Content for E-Discovery is a 24-page PDF guide that is comprised of two sections:

  • Section I (pp. 3-8 and Appendices 1-3) addresses simple, scalable preservation of iPhone and iPad content, enabling litigants to meet the duty to preserve data in anticipation of civil litigation. It informs attorneys who aren’t tech-savvy how to handle iOS-device preservation and explains why there’s little burden or cost attendant to preserving iPhones and iPads. Unlike in other scenarios, Craig points out here the benefits of custodian-directed collection (like the fact that the custodian doesn’t have to give up their phone) and the tamper-proof nature of the iPhone backup process to provide a step-by-step process to perform the backup.
  • Section II (pp. 17 et seq. and Appendix 4) looks at simple, low-cost approaches to extracting relevant mobile data to a standard e-discovery workflow and offers a Mobile Evidence Scorecard to promote consensus as to what forms of mobile content should be routinely collected and reviewed in e-discovery, giving due consideration to need, speed and expense. The Scorecard itself is terrific as it provides a simple handy reference guide regarding the different types of mobile data and the ease of collection, ease of review, potential relevance and whether you should expect to routinely collect that mobile data type.  Craig also identifies several iPhone Backup Data Extraction Tools that are worth checking out, as well.

In the introduction to the guide, Craig sums up the need for these guidelines and tips, as follows:

“Chances are you’re reading this on your phone or tablet. If not, I’ll bet your phone or tablet are at hand. Few of us separate from our mobile devices for more than minutes a day. On average, cell users spend four hours a day looking at that little screen. On average. If your usage is much less, someone else’s is much more.

It took 30 years for e-mail to displace paper as our primary target in discovery. It’s taken barely 10 for mobile data to unseat e-mail as the Holy Grail of probative electronic evidence. Mobile is where evidence lives now; yet, mobile data remains “off the table” in discovery. It’s infrequently preserved, searched or produced.”

Craig will also be presenting regarding mobile devices at the University of Florida E-Discovery Conference in March.  As I noted yesterday, early bird registration is open for $49 for both in person or livestream until January 31st!  That’s 75% off the in-person price!  You can register here to attend, either in person or via livestream.  Do it quickly and save!

Craig will also be presenting as part of our NineForum educational presentations CloudNine is conducting at Legaltech.  More on that program to come in the next few days – it’s very exciting!

So, what do you think?  Do you routinely deal with mobile devices in discovery or is it still rare?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Here’s a Terrific Scorecard for Mobile Evidence Discovery: eDiscovery Best Practices

As we’ve noted before, eDiscovery isn’t just about discovery of emails and office documents anymore.  There are so many sources of data these days that legal professionals have to account for and millions more being transmitted over the internet every minute, much of which is being transmitted and managed via mobile devices.  Now, here’s a terrific new Mobile Evidence Burden and Relevance Scorecard, courtesy of Craig Ball!

Craig has had a lot to say in the past about mobile device preservation and collection, even going as far as to say that failure to advise clients to preserve relevant and unique mobile data when under a preservation duty is committing malpractice.  To help lawyers avoid that fate, Craig has described a simple, scalable approach for custodian-directed preservation of iPhone data.

Craig’s latest post (Mobile to the Mainstream, PDF article here) “looks at simple, low-cost approaches to getting relevant and responsive mobile data into a standard e-discovery review workflow” as only Craig can.  But, Craig also “offers a Mobile Evidence Scorecard designed to start a dialogue leading to a consensus about what forms of mobile content should be routinely collected and reviewed in e-discovery, without the need for digital forensic examination.”

It’s that scorecard – and Craig’s discussion of it – that is really cool.  Craig breaks down various types of mobile data (e.g., Files, Photos, Messages, Phone Call History, Browser History, etc.) in terms of Ease of Collection and Ease of Review (Easy, Moderate or Difficult), Potential Relevance (Frequent, Case Specific or Rare) and whether or not you would Routinely Collect (Yes, No or Maybe).  Believe it or not, Craig states that you would routinely collect almost half (7 out of 16 marked as “Yes”, 2 more marked as “Maybe”) of the file types.  While the examples are specific to the iPhone (which I think is used most by legal professionals), the concepts apply to Android and other mobile devices as well.

I won’t steal Craig’s thunder here; instead, I’ll direct you to his post here so that you can check it out yourself.  This scorecard can serve as a handy guide for what lawyers should expect for mobile device collection in their cases.  Obviously, it depends on the lawyer and the type of case in which they’re involved, but it’s still a good general reference guide.

So, what do you think?  Do you routinely collect data from mobile devices for your cases?  And, as always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Standardizing the Non-Standard Digital Forensics Protocol, Sort Of: eDiscovery Best Practices

Leave it to Craig Ball to come up with a proposed form examination protocol for performing forensic examinations.  And, leave it to Craig to teach you what you need to know to use and adapt such a protocol.

In his latest blog post on his Ball in Your Court blog (Drafting Digital Forensic Examination Protocols, available here on his blog and here on his site in PDF form), Craig discusses the ins and outs of putting together a forensic examination protocol, equating the drafting of such a protocol to “writing out the questions in advance” when taking the deposition of a computer or smart phone.  In an unusually long blog post for Craig’s blog (dare I say a “Losey-ian” length blog post?), Craig thoroughly covers the considerations regarding drafting a sensible forensic examination protocol (which, as Craig notes, “demands a working knowledge of the tools and techniques of forensic analysis so counsel doesn’t try to misapply e-discovery methodologies to forensic tasks”).

After introducing the topic, Craig properly and bluntly sets the expectation for many of the people he expects to read his post, as follows (in bold, no less):

“If you’ve come here for a form examination protocol, you’ll find it; but the ‘price’ is learning a little about why forensic examination protocols require certain language and above all, why you must carefully adapt any protocol to the needs of your case.”

In other words, you’re missing the boat if you just blindly try to apply his proposed protocol without understanding important concepts of forensic examinations.  Would you skip to the end of a movie to see how it turns out?  (I’m not sure that’s the best analogy, but it’s the best I can think of at the end of a long day)…  Regardless, you should take the opportunity to learn the concept so that you can apply it properly.

While each forensic examination protocol is unique, Craig identifies some common elements that examination protocols should share, among other things:

  • Identify the examiner (or the selection process) and the devices and media under scrutiny;
  • set the scope of the exam, temporally and topically;
  • Insure integrity of the evidence;
  • Detail the procedures and analyses to be completed;
  • Set deadlines and reporting responsibilities;
  • Require cooperation; and,
  • Assign payment duties.

Craig then proceeds to address various aspects of those considerations, covering aspects of forensic examination that you might not otherwise think of, such as: Who pays for it?  Should you direct the examiner to “undelete everything” or simply try to find potentially relevant files and files types?

Toward the end of the post, Craig then provides an “Exemplar Acquisition Protocol”, adapted from the court’s order in Xpel Techs. Corp. v. Am. Filter Film Distribs., 2008 WL 744837 (W.D. Tex. Mar. 17, 2008).  Of course, even the exemplar protocol isn’t perfect – it doesn’t address privilege and confidentiality concerns or forms of production, for example.  The key is to take what you learn during the blog post and customize a protocol that works for your case.

As always, Craig’s post is a great read – in this case, it equates to a 15-page PDF file with a preceding cover page – and is well worth checking out.  As a provider that offers forensic examinations for our clients, we would love to consistently have such a well-defined protocol!

So, what do you think?  How do you define protocols for forensic examination in your cases?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Facial Recognition Software Coming to an Airport Near You: eDiscovery Trends

Air travelers have already become accustomed to standing in the brightly painted footprints at security checkpoints and raising their arms in order to be scanned, but this month in Orlando, a new type of scan is taking place. Last month, Geneva-based tech company SITA installed cameras with facial recognition software at the Orlando International Airport in conjunction with British Airways and U.S. Customs and Border Protection (CBP).

When people step up to be scanned, a photo is taken of their face, it’s sent to CBP, who then matches the photo to the person booked on the manifest, and if it matches, the gates open and the passenger can board, all in a matter of seconds. If there isn’t a match, the passport is scanned manually by the gate agent.

The hope is to bring efficiency to the process of making sure people are who they say they are. The TSA is also testing similar technology for security check-ins, with Steve Karoly, acting assistant administrator at TSA, says it’s a “game changer.”

But according to a report released by the Center on Privacy and Technology at Georgetown Law School, the system is full of technical and legal issues, with a rejection rate of 4 percent. One issue the report cites is bias, with higher rates of false rejections occurring because of race and gender. Another report, conducted by the CAPA-Centre for Aviation, said the face-recognition software isn’t good at “identifying ethnic minorities when most of the subjects used in training the technology are from the majority group.”

Privacy is another concern as the Department of Homeland Security doesn’t have any rules for protecting Americans’ privacy and use of this data, but CBP says it deletes the photos within 14 days. It’s still unclear how GDPR compliance comes into play, especially with travelers who are EU citizens. But so far, most people who have used the technology aren’t concerned with privacy as long as it speeds up the boarding process.

This is still very much in the testing phase, although President Trump signed an executive order last year to increase the use of biometric tracking for airport security. As this type of technology becomes more and more widespread with uses outside of airport security, it’s also inevitable that litigation surrounding this technology with also rise.

In China, police are using AI-powered CCTV cameras to enforce jaywalking laws. If the cameras catch you outside of the crosswalk, the facial recognition software links with cellphone systems, and a text message is sent to your phone letting you know you’ve been fined.

But even if the technology isn’t the primary reason for the lawsuit, the electronically stored information created by scanners could potentially become relevant to discovery. This has certainly happened with other relatively new data sources with a rise of text messages, social media, and data from the Internet of Things being preserved as evidence more and more in both the civil and criminal courts.

It will be interesting to see how the use of this technology grows, but it’s also a reminder to organizations, who may be contemplating facial recognition software for various applications, of the need to consider the potential implications of how biometric data could be preserved and collected should litigation arise.

So, what do you think?  How do you see the rise of facial recognition technology affecting your eDiscovery practices and policies in the future?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

As Blockchain Joins the Healthcare Profession, Are Legal Departments Prepared to Keep Up?: eDiscovery Trends

When we hear the word blockchain, most of us still think of Bitcoin, that mysterious new currency that seems to equally enthrall forward thinking investors and less-than-savory entrepreneurs who lurk around the darkest parts of the Dark Web. But blockchain technology is finding more and more practical uses, most recently in the healthcare industry.

In a recent Wall Street Journal Article, blockchain is presented as a low-cost, highly secure way to unify healthcare records, which to date has been a huge obstacle. As the article puts it, “In the current tangle of incompatible records systems that typifies U.S. health care, incorrect information can creep in when patient data gets re-entered multiple times by doctors’ offices, insurers and hospital staff. Big errors can seriously affect the quality of care that patients receive, small discrepancies can result in wrongful denials of insurance coverage, and errors of all types add to the system’s cost.”

In very simplified terms, Blockchain works like a giant Google Sheet: a single ledger that can be added to simultaneously by all users in the system, with each “transaction” creating an audit trail so that its data is nearly infallible. For healthcare records systems, this can put patients, insurers, and providers literally on the same page, providing secure and accurate information for all stakeholders across the board.

In January, Nashville-based Change Healthcare (a network of 800,000 physicians, 117,000 dentists and 60,000 pharmacies) introduced a blockchain system for processing insurance claims. The shared ledger of encrypted data gives providers a “single source of truth,” according to Emily Vaughn, blockchain product development director at Change Healthcare.

All parties can see the same information about a claim in real time, so that a patient or provider won’t have to call multiple parties to verify information. Each time data is changed, a record is shown on the digital ledger, identifying the responsible party. Any changes also require verification by each party involved, ensuring record’s accuracy.

Change Healthcare won’t reveal actual numbers about how much the new system (which processes roughly 50 million events daily) cuts costs, but the efficiencies, accuracy, and security will no doubt bring huge savings.

The question regarding the eDiscovery implications with this type of move are clear: How will this data be preserved, collected, and prepared for review? It’s not so much a question of a technical nature (though that will have to be answered by someone, but I’ll leave it to the software engineers to properly answer it). What I mean to say, is that anytime a new data source is introduced into the organization’s landscape, the question of preservation, collection, and production should already be on the minds of the legal department. Often, changes in a company’s technology infrastructure are driven by departments outside of legal: usually a combination of IT and business units looking for efficiency, security, and cost savings. Many times, large decisions will be made, leaving the legal team in the position of playing catch up when it comes to discovery should litigation arise.

So, even if your company isn’t moving to blockchain anytime in the near future, this story of what is happening in the healthcare space is important to consider, because, to quote the poet William Blake, “What is now real, was once only imagined.” And the potential uses for blockchain technology lately seems to be on everyone’s mind.

So, what do you think?  How do you see the increased use of blockchain technology affecting eDiscovery?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Collecting Responsive ESI from Difficult Places: eDiscovery Webcasts

Happy June!  I don’t normally promote webcasts twice in one week, but this month’s webcast is a little earlier than normal.  What can I say, it’s family vacation season and my family has plans the last week of this month… :o)

Believe it or not, there was a time when collecting potentially responsive ESI from email systems for discovery was once considered overly burdensome. Now, it’s commonplace and much of it can be automated. But, that’s not where all of the responsive ESI resides today – much of it is on your mobile device, in social media platforms and even in Internet of Things (IoT) devices. Are you ignoring this potentially important data? Do you have to hire a forensics professional to collect this data or can you do much of it on your own?  We will discuss these and other questions in a webcast in a few weeks.

Wednesday, June 20th at noon CST (1:00pm EST, 10:00am PST), CloudNine will conduct the webcast Collecting Responsive ESI from Difficult Places. In this one-hour webcast that’s CLE-approved in selected states, we will discuss what lawyers need to know about the various sources of ESI today, examples of how those sources of data can be responsive to litigations and investigations, and how lawyers may be able to collect much of this data today using intuitive applications and simple approaches. Topics include:

  • Challenges from Various Sources of ESI Data
  • Ethical Duties and Rules for Understanding Technology
  • Key Case Law Related to Mobile Devices, Social Media and IoT
  • Options and Examples for Collecting from Mobile Devices
  • Options and Examples for Collecting from Social Media
  • Examples of IoT Devices and Collection Strategies
  • Recommendations for Addressing Collection Requirements
  • Resources for More Information

As always, I’ll be presenting the webcast, along with Tom O’Connor.  To register for it, click here.  Even if you can’t make it, go ahead and register to get a link to the slides and to the recording of the webcast (if you want to check it out later).  If you want to know how to collect electronically stored information from difficult places, this is the webcast for you!

So, what do you think?  Do you feel like you know when and how to collect ESI from mobile devices, social media and IoT devices?  If not, register for our webcast!  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Pizza Hut Pie Tops – The Internet of Things Keeps Getting Stranger: eDiscovery Trends

Editor’s Note: Jim Gill’s writing about eDiscovery and Data Management has been twice recognized with JD Supra Reader’s Choice Awards and he holds an MFA in Creative Writing from Southern Illinois University, Carbondale.  Before working in eDiscovery, Jim taught college writing at a number of institutions and his creative work has been published in numerous national literary journals, as well as being nominated for a Pushcart Prize.

Jim’s post below highlights the proliferation of “internet of things” (IoT) devices in our world (with a unique example) and how that can impact eDiscovery activities.  Great timing, as I will be talking about collecting data from IoT devices at the University of Florida E-Discovery Conference, which will be held a week from today – Thursday, March 29.  As always, the conference will be conducted in Gainesville, FL on the University of Florida Levin College of Law campus (as well as being livestreamed), with CLE-accredited sessions all day from 8am to 5:30pm ET.  I (Doug) am on a panel discussion at 9am ET in a session titled Getting Critical Information From The Tough Locations – Cloud, IOT, Social Media, And Smartphones! with Craig Ball, Kelly Twigger, with Judge Amanda Arnold Sansone.  Click here to register for the conference – it’s only $199 for the entire day in person and only $99 for livestream attendance.  Don’t miss it!

A couple of weeks ago, Pizza Hut announced the release of a pair of sneakers dubbed Pie Tops II – yes, real wearable shoes – which will link with your phone via Bluetooth to connect with the Pizza Hut app, allowing you to order a pizza with the single push of a button on the shoe’s tongue. An additional feature connects with TV receivers like Xfinity, Spectrum, and DirecTV, pausing whatever you’re watching when the pizza arrives at the door.

Yes, this is obviously a marketing gimmick, though it could be yet another sign we’re on the fast track to the world portrayed in the film Idiocracy. But when I saw this, I immediately imagined the possible eDiscovery implications. The IoT has continues to play more of a role in the law, particularly in criminal cases, such as the one where a man in Connecticut was arrested for the murder of his wife because of evidence attained from her Fitbit (covered by the eDiscovery Daily blog here). Now more than ever, criminal and civil courts are dealing with digital evidence that not so long ago didn’t even exist.

Many people in eDiscovery still think of ESI as email or documents. And for the most part, they’re right. But anyone working in the legal tech / data management industries should know by now that what isn’t a concern today, will be in a short matter of time. For individuals, short-sightedness regarding technology may not pose a huge concern on a day-to-day basis. For most of us, the biggest data risk we face is dropping our phones in the toilet. But for corporations, government entities, and other large organizations, getting caught off guard when it comes to the ability to preserve and collect data could bring significant costs, both financial and legal.

This is a where a robust information governance program can protect you from potential snags down the road. Not every new technology will apply to your organization but knowing what your current data landscape looks like gives you a head start on being prepared should something new arise. Housecleaning is also an important part of this process. Once you have a handle on everything, you can begin making decisions on what needs to be kept and what can be defensibly deleted. With data storage becoming more readily available, along with in-place preservation platforms, it’s very easy to keep everything and worry about it later. But more data is coming down the pipe in droves, and sooner or later it’s going to get unwieldy.

It’s also important to think about policies and contingencies regarding new technologies as they come into your organization. More and more people are using their own devices, particularly on the mobile front, which means a huge number of applications are creating ESI related to professional activity. If you don’t have a plan in place for dealing with these as far as preservation and collection, things could get stressful in a hurry should litigation arise. The flipside of that scenario is that too strict a lockdown on the types of devices and platforms that can be used could cut into productivity and dampen creativity.

The main thing to focus on is open and forward-thinking communication should happen continually between all stakeholders: legal, IT, business units, and 3rd party vendors. This way, if something unexpected does come up, everyone is on board and knows how to handle it.

It’s pretty unlikely that data from the Pie Tops II will come into play in your next big case (though I can imagine a modern-day Perry Mason-type drama where someone’s alibi hinges on the time and place they ordered a pizza from their shoes). But, their very existence should get you thinking about the data types that your organization is using, or may soon start using, and their role in litigation.

So, what do you think?  Have you seen a rise in new data affecting your organization?  Please share any comments you might have or if you’d like to know more about a particular topic.

Image Copyright © Pizza Hut, LLC

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Befuddled by BYOD? The Sedona Conference Has a New Set of Principles to Guide You: eDiscovery Best Practices

Many organizations are permitting (or even encouraging) their employees to use their own personal devices to access, create, and manage company related information – a practice commonly referred to as Bring Your Own Device (BYOD).  But, how can those organizations effectively manage those BYOD devices to meet their discovery obligations?  To help with that issue, The Sedona Conference® (TSC) has published an initial Public Comment Version of a Commentary to help.

In late January, TSC and its Working Group 1 on Electronic Document Retention and Production (WG1) rolled out the Public Comment version of its Commentary on BYOD: Principles and Guidance for Developing Policies and Meeting Discovery Obligations.  The Commentary is designed to help organizations develop and implement workable – and legally defensible – BYOD policies and practices. This Commentary also addresses how creating and storing an organization’s information on devices owned by employees impacts the organization’s discovery obligations.  It focuses specifically to mobile devices that employees “bring” to the workplace (not on other “BYO” type programs) and does not specifically address programs where the employer provides the mobile device.

The Commentary begins with five principles related to the use of BYOD programs and continues with commentary for each.  Here are the five principles:

  • Principle 1: Organizations should consider their business needs and objectives, their legal rights and obligations, and the rights and expectations of their employees when deciding whether to allow, or even require, BYOD.
  • Principle 2: An organization’s BYOD program should help achieve its business objectives while also protecting both business and personal information from unauthorized access, disclosure, and use.
  • Principle 3: Employee-owned devices that contain unique, relevant ESI should be considered sources for discovery.
  • Principle 4: An organization’s BYOD policy and practices should minimize the storage of––and facilitate the preservation and collection of––unique, relevant ESI from BYOD devices.
  • Principle 5: Employee-owned devices that do not contain unique, relevant ESI need not be considered sources for discovery.

The Commentary weighs in at a tidy 40 page PDF file, which includes a couple of appendices.  So, it’s a fairly light read, at least by TSC standards.  :o)

TSC is encouraging public comment on the Commentary on BYOD, which can be downloaded free from their website here (whether you’re a TSC member or not). They encourage Working Group Series members and others to spread the word and share the link (you’re welcome!) so they can get comments in before the public comment period closes on March 26. Questions and comments may be sent to comments@sedonaconference.org.  So, you have a chance to be heard!

Speaking of mobile devices, I’m excited to be speaking this year for the first time at the University of Florida Law E-Discovery Conference on March 29.  I’m on a panel discussion in a session titled Getting Critical Information From The Tough Locations – Cloud, IOT, Social Media, And Smartphones! with Craig Ball, Kelly Twigger, and with The Honorable Amanda Arnold Sansone, Magistrate Judge in Florida, moderating.  As always, the conference will be conducted in Gainesville, FL (as well as being livestreamed), with CLE-accredited sessions all day from 8am to 5:30pm ET, with an all-star collection of speakers.  I’ll have more to say about the conference as we get closer to it.  Click here to register!

So, what do you think?  Does your organization have a BYOD policy?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Here’s a Chance to Learn What You Need to Do When a Case is First Filed: eDiscovery Best Practices

The first days after a complaint is filed are critical to managing the eDiscovery requirements of the case efficiently and cost-effectively. With a scheduling order required within 120 days of the complaint and a Rule 26(f) “meet and confer” conference required at least 21 days before that, there’s a lot to do and a short time to do it. Where do you begin?

On Wednesday, September 27 at noon CST (1:00pm EST, 10:00am PST), CloudNine will conduct the webcast Holy ****, The Case is Filed! What Do I Do Now? (yes, that’s the actual title). In this one-hour webcast, we’ll take a look at the various issues to consider and decisions to be made to help you “get your ducks in a row” and successfully prepare for the Rule 26(f) “meet and confer” conference within the first 100 days after the case is filed. Topics include:

  • What You Should Consider Doing before a Case is Even Filed
  • Scoping the Discovery Effort
  • Identifying Employees Likely to Have Potentially Responsive ESI
  • Mapping Data within the Organization
  • Timing and Execution of the Litigation Hold
  • Handling of Inaccessible Data
  • Guidelines for Interviewing Custodians
  • Managing ESI Collection and Chain of Custody
  • Search Considerations and Preparation
  • Handling and Clawback of Privileged and Confidential Materials
  • Determining Required Format(s) for Production
  • Timing of Discovery Deliverables and Phased Discovery
  • Identifying eDiscovery Liaison and 30(b)(6) Witnesses
  • Available Resources and Checklists

I’ll be presenting the webcast, along with Tom O’Connor, who is now a Special Consultant to CloudNine!  If you follow our blog, you’re undoubtedly familiar with Tom as a leading eDiscovery thought leader (who we’ve interviewed several times over the years) and I’m excited to have Tom as a participant in this webcast!  To register for it, click here.

So, what do you think?  When a case is filed, do you have your eDiscovery “ducks in a row”?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.