Electronic Discovery

eDiscovery Best Practices: Avoiding eDiscovery Nightmares: 10 Ways CEOs Can Sleep Easier

 

I found this article in the CIO Central blog on Forbes.com from Robert D. Brownstone – it’s a good summary of issues for organizations to consider so that they can avoid major eDiscovery nightmares.  The author counts down his top ten list David Letterman style (clever!) to provide a nice easy to follow summary of the issues.  Here’s a summary recap, with my ‘two cents’ on each item:

10. Less is more: The U.S. Supreme Court ruled unanimously in 2005 in the Arthur Andersen case that a “retention” policy is actually a destruction policy.  It’s important to routinely dispose of old data that is no longer needed to have less data subject to discovery and just as important to know where that data resides.  My two cents: A data map is a great way to keep track of where the data resides.

9. Sing Kumbaya: They may speak different languages, but you need to find a way to bridge the communication gap between Legal and IT to develop an effective litigation-preparedness program.  My two cents: Require cross-training so that each department can understand the terms and concepts important to the other.  And, don’t forget the records management folks!

8. Preserve or Perish: Assign the litigation hold protocol to one key person, either a lawyer or a C-level executive to decide when a litigation hold must be issued.  Ensure an adequate process and memorialize steps taken – and not taken.  My two cents: Memorialize is underlined because an organization that has a defined process and the documentation to back it up is much more likely to be given leeway in the courts than a company that doesn’t document its decisions.

7. Build the Three-Legged Stool: A successful eDiscovery approach involves knowledgeable people, great technology, and up-to-date written protocols.  My two cents: Up-to-date written protocols are the first thing to slide when people get busy – don’t let it happen.

6. Preserve, Protect, Defend: Your techs need the knowledge to avoid altering metadata, maintain chain-of-custody information and limit access to a working copy for processing and review.  My two cents: A good review platform will assist greatly in all three areas.

5. Natives Need Not Make You Restless: Consider exchanging files to be produced in their original/”native” formats to avoid huge out-of-pocket costs of converting thousands of files to image format.  My two cents: Be sure to address how redactions will be handled as some parties prefer to image those while others prefer to agree to alter the natives to obscure that information.

4. Get M.A.D.?  Then Get Even: Apply the Mutually Assured Destruction (M.A.D.) principle to agree with the other side to take off the table costly volumes of data, such as digital voicemails and back-up data created down the road.  My two cents: That’s assuming, of course, you have the same levels of data.  If one party has a lot more data than the other party, there may be no incentive for that party to agree to concessions.

3. Cooperate to Cull Aggressively and to Preserve Clawback Rights: Setting expectations regarding culling efforts and reaching a clawback agreement with opposing counsel enables each side to cull more aggressively to reduce eDiscovery costs.  My two cents: Some parties will agree on search terms up front while others will feel that gives away case strategy, so the level of cooperation may vary from case to case.

2. QA/QC: Employ Quality Assurance (QA) tests throughout review to ensure a high accuracy rate, then perform Quality Control (QC) testing before the data goes out the door, building time in the schedule for that QC testing.  Also, consider involving a search-methodology expert.  My two cents: I cannot stress that last point enough – the ability to illustrate how you got from the large collection set to the smaller production set will be imperative to responding to any objections you may encounter to the produced set.

1. Never Drop Your Laptop Bag and Run: Dig in, learn as much as you can and start building repeatable, efficient approaches.  My two cents: It’s the duty of your attorneys and providers to demonstrate competency in eDiscovery best practices.  How will you know whether they have or not unless you develop that competency yourself?

So, what do you think?  Are there other ways for CEOs to avoid eDiscovery nightmares?   Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Trends: If You Use Auto-Delete, Know When to Turn It Off

 

Federal Rule of Civil Procedure 37(f), adopted in 2006, is known as the “safe harbor” rule.  It provides that “[a]bsent exceptional circumstances, a court may not impose sanctions under these rules on a party for failing to provide electronically stored information lost as a result of the routine, good-faith operation of an electronic information system.”

Let’s face it, every time we turn on our computers, we overwrite data.  And, the mere opening of files (without changing any data) can change the metadata of a file – for example, simply opening a Microsoft Access® database changes the last modified date of the Access file, even if no records are changed.  If there wasn’t some measure of “safe harbor” protection, an organization facing litigation might find it very difficult to conduct business during the case.

While it’s not always clear to what extent “safe harbor” protection extends, one case from a few years ago, Disability Rights Council of Greater Washington v. Washington Metrop. Trans. Auth., D.D.C. June 2007, seemed to indicate where it does NOT extend – auto-deletion of emails.  In this case, the defendant failed to suspend auto-delete on its email system when their preservation obligation commenced, resulting in emails only being available on back-up tapes.  Their argument that the tapes were “not reasonably accessible” was denied by the court, describing their request as “chutzpah”.

Of course, email, like any other type of ESI, should be subject to document retention and destruction policies and old emails should be purged when they reach the end of the retention period.  Microsoft Outlook® provides an option via its Auto Archive function to delete the emails instead of archiving them.  You can select this setting for all emails (via the Tools, Options menu, Other tab) or for selected folders (by right-clicking on them, selecting Properties and then selecting the AutoArchive tab).  That’s at the client level.

But, most organizations use Outlook through Exchange.  Exchange Manager enables administrators to set auto delete policies for the email user population to manage retention and destruction of emails, thus being able to disable  the auto delete function for users when the duty to preserve arises.  If your organization uses auto-delete, it’s important to have a policy in place for disabling auto-delete for litigation, whether at the Outlook client level, the Exchange level or with any other email system.

So, what do you think?  Does your organization use auto-deletion of emails?  Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Best Practices: Message Thread Review Saves Costs and Improves Consistency

 

Insanity is doing the same thing over and over again and expecting a different result.  But, in ESI review, it can be even worse when you get a different result.

One of the biggest challenges when reviewing ESI is identifying duplicates so that your reviewers aren’t reviewing the same files again and again.  Not only does that drive up costs unnecessarily, but it could lead to problems if the same file is categorized differently by different reviewers (for example, inadvertent production of a duplicate of a privileged file if it is not correctly categorized).

Of course, there are a number of ways to identify duplicates.  Exact duplicates (that contain the exact same content in the same file format) can be identified through hash values, which are a digital fingerprint of the content of the file.  MD5 and SHA-1 are the most popular hashing algorithms, which can identify exact duplicates of a file, so that they can be removed from the review population.  Since many of the same emails are emailed to multiple parties and the same files are stored on different drives, deduplication through hashing can save considerable review costs.

Sometimes, files are not exact duplicates but contain the same (or almost the same) information.  One example is a Word document published to an Adobe PDF file – the content is the same, but the file format is different, so the hash value will be different.  Near-deduplication can be used to identify files where most or all of the content matches so they can be verified as duplicates and eliminated from review.

Then, there is message thread analysis.  Of course, most email messages are part of a larger discussion, which could be just between two parties, or include a number of parties in the discussion.  To review each email in the discussion thread would result in much of the same information being reviewed over and over again.  Instead, message thread analysis pulls those messages together and enables them to be reviewed as an entire discussion.  That includes any side conversations within the discussion that may or may not be related to the original topic (e.g., a side discussion about lunch plans or did you see American Idol last night).

FirstPass®, powered by Venio FPR™, is one example of an application that provides a mechanism for message thread analysis of Outlook emails that pulls the entire thread into one conversation for review as one big “tree”.  The “tree” representation gives you the ability to see all of the conversations within the discussion and focus your review on the last emails in each conversation to see what is said without having to review each email.  Side conversations are “branches” of the tree and FirstPass enables you to tag individual messages, specific branches or the entire tree as responsive, non-responsive, privileged or some other designation.  Also, because of the way that Outlook tracks emails in the thread, FirstPass identifies messages that are missing from the collection with a red X, enabling you to investigate and determine if additional collection is needed and avoiding potential spoliation claims.

With message thread analysis, you can minimize review of duplicative information within emails, saving time and cost and ensuring consistency in the review.

So, what do you think?  Does your review tool support message thread analysis?   Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Trends: eDiscovery Malpractice Case Highlights Expectation of Higher Standards

 

Normally, eDiscovery Daily reports on cases related to eDiscovery issues after the decision has been rendered.  In this case, the mere filing of the lawsuit is significant.

Friday, we noted that competency ethics was no longer just about the law and that competency in eDiscovery best practices is expected from the attorneys and any outside providers they retain.  An interesting article from Robert Hilson at the Association of Certified eDiscovery Professionals® (ACEDS™) discusses what may be the first eDiscovery malpractice case ever filed against a law firm (McDermott Will & Emery) for allegedly failing to supervise contract attorneys that were hired to perform the client’s work and to protect privileged client records.  A copy of the article is located here.

J-M Manufacturing Co., Inc., a major manufacturer of PVC piping, had hired McDermott to defend against civil False Claims Act charges concerning the quality and sale of its products to federal and state governments. After the case was filed in January 2006, it remained under seal for nearly three years.  According to the complaint, during that time, a large-scale document review ensued (160 custodians) and McDermott hired Stratify, an outside vendor, to cull through the ESI.

J-M retained Sheppard Mullin Richter & Hampton to replace McDermott in March 2010.  Why?  According to the complaint, McDermott worked directly with the Assistant US Attorney to develop a keyword list for identifying responsive ESI, but, despite this effort, the first production set was returned by the government after they found many privileged documents. The complaint indicates that McDermott and its contract lawyers then produced a second data set again with a large number of privileged documents even though it was filtered through a second keyword list.

J-M contends in the complaint that McDermott's attorneys “performed limited spot-checking of the contract attorneys' work, [and] did not thoroughly review the categorizations or conduct any further privilege review.”  After Sheppard replaced McDermott on the case, they asked for the privileged documents to be returned, but the “relator” refused, saying that McDermott had already done two privilege reviews before giving those documents to the government and, therefore, J-M had waived the attorney-client privilege. In the complaint, J-M contends that 3,900 privileged documents were erroneously produced by McDermott as part of 250,000 J-M electronic records that were reviewed.  It is unclear from the complaint whether McDermott provided the contract reviewers themselves or used an outside provider.  It will be interesting to see how this case proceeds.

So, what do you think?  Have you experienced inadvertent disclosures of privilege documents in a case?  Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Best Practices: Competency Ethics – It’s Not Just About the Law Anymore

 

A few months ago at LegalTech New York, I conducted a thought leader interview with Tom O’Connor of Gulf Coast Legal Technology Center, who didn’t exactly mince words when talking about the trend for attorneys to “finally tak[e] technology seriously”.  As he noted, “lawyers are finally trying to take some time to try to get up to speed – whining and screaming pitifully all the way about how it’s not fair, and the sanctions are too high and there’s too much data.  Get a life, get a grip.  Use the tools that are out there that have been given to you for years.” 

Strong words, indeed.  The American Bar Association (ABA) Model Rules of Professional Conduct (Model Rules) require that an attorney possess and demonstrate a certain requisite level of knowledge in order to be considered competent to handle a given matter.  Specifically, Model Rule 1.1 states that, "[a] lawyer shall provide competent representation to a client. Competent representation requires the legal knowledge, skill, thoroughness, and preparation reasonably necessary for the representation."

Preparation not only means understanding a specific area of the law (for example, antitrust or patent law, both highly specialized.).  It also means having the technical knowledge and skills necessary to serve the client in the area of discovery.

The ethical responsibilities of counsel these days includes competently directing and managing the identification, preservation, collection, processing, analysis, review and production of electronically stored information (ESI) required to be produced pursuant to lawful discovery requests.  If counsel does not have that level of competency in a particular area, he or she is obligated to either acquire the knowledge or skill necessary to support those needs, or include someone else who does have the requisite skills as part of the representation.

Not too long ago, I met with an attorney and discussed how they handled preservation obligations with their clients.  The attorney indicated that he expected his clients to self-manage their own preservation and collection.  When I asked him why he didn’t try to get more involved to make sure it was being handled properly, he said, “I don’t want to alarm them.  They might decide they need a bigger firm.”

Recent case law is full of cases where counsel didn’t fully understand their eDiscovery obligations, and got themselves and their clients “burned” in the process.  If your organization gets involved in litigation, make sure to include eDiscovery competence among the factors you consider when determining counsel qualifications to represent you.

So, what do you think?  Is your counsel eDiscovery savvy?  If not, do they use a provider that is?  Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Trends: Think Before You Hit Send

 

It’s not the only instance of a one character typo possibly ending a career; instead, it may simply be the latest.

Unless you’re living under a rock, you’re probably aware of the “Twittergate” story involving Rep. Anthony Weiner (D-N.Y.), where he initially claimed that a lewd photo posted via Twitter was posted by a hacker to his account, then subsequently admitted this past Monday that he, in fact, posted that picture.  Many are calling for him to resign from his Congressional position after posting the picture, as well as sending other pictures, which have since been identified.  (If you have been living under a rock, you can click here for more on the story).

The irony is that a one-letter typo may turn out to be his undoing.  Weiner intended to send the “tweet” as a direct message to another Twitter user, but used the ‘@’ instead of the ‘d’ (to indicate a direct message) to reference that user.  As a result, the message was published to all his followers, not just the intended party.  In fairness, even if he had sent the direct message correctly, he used a public photo sharing service, yFrog, to share the photo, so anyone that chose to browse through all of his photos would have still seen the controversial photo.

It is easier to communicate than ever, with a myriad of options from which to choose, including voice, video, email, posts, texts and “tweets”.  Perhaps, it’s becoming too easy.  Courthouses are filled with cases where “informal” communications are key evidence in determining the outcome of the case.  The formal typed letter has given way to the informal media of email to the even more informal media of posts, texts and “tweets”.  Now, just as important as the adage “think before you speak” is the adage “think before you hit send”.

We’ve all been there, hopefully with much less disastrous consequences.  If you’ve never selected ‘Reply to All’ by accident instead of ‘Reply’ when intending to reply to only the sender, please call me and let me know your secret.  Or, maybe, you’ve sent an email when upset that you regretted later.  Once released, those mistakes are out there and are difficult (if not impossible) to recall.

If you’re not in the habit of doing so already, it’s a good idea to take a deep breath before each email sent or each post made and review what you’re about to send out into the world.  Think before you hit send.  If you don’t, you just might be the topic on a future ‘eDiscovery Case Law’ post on eDiscoveryDaily!  😉

So, what do you think?  Do you have any cases that are driven by informal communications?  Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Trends: The Best SaaS Providers are Certifiable

 

The increasing popularity of cloud-based Software-as-a-Service (SaaS) solutions is becoming well documented, with this very blog noting Forrester and Gartner predictions of tremendous growth in cloud computing over the next several years.  We’ve also noted the importance of knowing where your data is stored, as many online poker players learned the hard way when the recent US government crackdown of several gambling sites left them without a way to recover their funds.

If only there were some sort of certification, administered by an impartial third party, to ensure that your SaaS provider has implemented policies and processes that keep your information secure, stable and safe.  There is such a certification.

SAS 70 (the Statement on Auditing Standards No. 70) defines the standards an auditor must employ in order to assess the contracted internal controls of a service provider. Service providers, such as insurance claims processors, credit processing companies and, especially pertinent to eDiscovery, hosted data centers, are evaluated by these standards. The SAS 70 was developed by the American Institute of Certified Public Accountants (AICPA) as a simplification of a set of criteria for auditing standards originally defined in 1988.  Standards such as SAS 70 became critical in the wake of the Sarbanes-Oxley, which created significant legal penalties for publicly traded companies who lacked sufficient control standards for their financial information.

Under SAS 70, auditor reports are classified as either Type I or Type II. In a Type I report, the auditor evaluates the service provider to prevent accounting inconsistencies, errors and misrepresentation. The auditor also evaluates the likelihood that those efforts will produce the desired future results. A Type II report goes a step further.  It includes the same information as that contained in a Type I report; however, the auditor also attempts to determine the effectiveness of agreed-on controls since their implementation. Type II reports also incorporate data compiled during a specific time period, usually a minimum of six months.

SAS 70 reports are either requested by the service provider or a user organization (i.e., clients). The ability for the service provider to provide consistent service auditor's reports builds a client's trust and confidence in the service provider, satisfying potential concerns. A SaaS (2 a’s, as opposed to one for SAS) provider that has received SAS 70 Type II certification has demonstrated to an impartial third party a proven track record of policies and processes to protect its clients’ data.  When it comes to your data, you want a provider that has proven to be certifiable.

So, what do you think?  Is your SaaS provider SAS 70 Type II certified?  Please share any comments you might have or if you’d like to know more about a particular topic.

Full disclosure: I work for Trial Solutions, which provides SaaS-based eDiscovery review applications FirstPass® (for first pass review) and OnDemand® (for linear review and production).  Our clients’ data is hosted in a secured, SAS 70 Type II certified Tier 4 Data Center in Houston, Texas.

Working Successfully with eDiscovery and Litigation Support Service Providers: Keeping a Preferred Vendor Program Up to Date, Part 2

 

Last week, we began talking about keeping a preferred vendor program up to date, and we covered establishing criteria to evaluate vendors after every project.  Here are the remaining steps in establishing a mechanism for keeping your preferred vendor program fresh and up to date:

2. Establish a mechanism for collecting evaluations from end-users on each project.  Once you’ve got a list of evaluation criteria for each service, you need to establish a mechanism for collecting evaluations from end-users after each project.  You might, for example, develop an electronic survey.  If you don’t think the attorneys and paralegals in your firm would fill that out, maybe in-person interviews after each project will be better.  Figure out what will work best in your firm and establish the process.

3. Establish a mechanism for compiling and analyzing the information collected in the surveys, and for ranking a vendor’s performance.  Build a database of the evaluation information you collect, and develop a ranking system so it’s easy to compare vendors, at a glance. 

4. Identify a Manager for the preferred vendor program.  Someone – probably in the firm’s litigation support department – needs to be responsible for monitoring the program.  The manager’s responsibilities may include:

  • Ensuring that end-of-project evaluations are done and that information is entered into the evaluation database.
  • Maintaining the evaluation database.
  • Providing feedback to vendors on performance evaluations.
  • Identifying vendors that – based on performance – should be removed from the preferred vendor list.
  • Communicating with vendors on administration issues (for example, on contracts and invoicing policies)

5. Periodically re-assess the program:  the last component of a preferred vendor program is a plan for “redoing” it every year or 18 months.  To really keep the program up to-date, it should be reviewed in it’s entirely on a set schedule.  Are their new services that should be added to the list?  Are there new vendors that should be looked at and evaluated?  Are there vendors on your list that may be meeting the bare requirements, but not the best of the lot?  Should they be removed?  Look at the program — in its entirety – with a fresh eye to ensure it’s doing what you need it to do and that it’s as good as it can be.

Have you developed a preferred vendor program?  How did you do it?  Please share any comments you might have and let us know if you’d like to know more about an eDiscovery topic.

Social Tech eDiscovery: Use of Smarsh for Social Media Archiving

 

The online world thrives on social media, but for attorneys who must preserve sensitive social media data for discovery, the widespread growth of social technology presents a laundry list of problems.

Not only is it challenging to trace the communications shared on popular sites like Facebook, LinkedIn and Twitter when privacy settings can be turned on and off at whim, it’s also difficult to know whether the information available at any given time is complete, as content can be edited by users at any time or lost due to technical malfunctions.

In some cases, like this example, courts have ruled that even locked or private content on Facebook and other social networking sites is not protected from being requested as part of discovery. In other cases, such as this one, they have ruled differently.  You don’t know for sure how courts will rule, so you have to be prepared to preserve all types of social media content, even possibly content that is changed frequently by users, such as Facebook profiles and blog posts.  And, even though Facebook has introduced a self-collection mechanism, it may not capture all of the changes you need.  And, other social media sites have not yet provided a similar mechanism.  If items are changed or lost after the duty to preserve goes into effect, your organization can be sanctioned with steep fines even receive an adverse inference judgment based on the information you are unable to produce.

Fortunately, there are viable solutions that enable you to create a backup of all social networking activity and archive such information in the event it has to be produced in discovery. Portland-based Smarsh has archiving and compliance tools, including social media archiving and compliance that automate the archiving of social media accounts, preserving all necessary data in case you need it later for discovery.

Some of the benefits of Smarsh’s social media archiving tools include:

  • A complete, logged, and quantifiable record of all social media posts and administrator activity
  • The ability to define which social media features your employees have access to and to track all business communications
  • Compliance with SEC and FINRA regulations (including Regulatory Notice 10-06)
  • The tools to identify and minimize risk, saving your business time, effort, and money

Smarsh has been designed to satisfy all regulatory compliance objectives, transforming the data management hazards of social media into a system that automatically updates and archives itself – an attorney’s dream when litigation strikes. This application creates a simple and proactive approach to archival of social media data, enforcing preservation to ensure that the duty to preserve is met.

So, what do you think?  Do you use Smarsh or any other social media archival tool?  Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Case Law: Completing Production AFTER Trial is Too Late

In DL v. District of Columbia, No. 05-1437 (RCL) (D.D.C. May 9, 2011), repeated, flagrant, and unrepentant failures of the District of Columbia to comply with discovery orders, failure to supplement discovery responses, and eventual production of thousands of e-mails—some more than two years old—after the date of trial resulted in a sanction of waiver of privilege over documents sought by plaintiffs.

Plaintiffs filed an action seeking injunctive and declaratory relief for the failure of the District of Columbia Government to provide them with a free appropriate public education as required under the Individuals with Disabilities and Education Act. On the first day of trial six years later, counsel for the District acknowledged that the District several days earlier had begun a rolling production of thousands of emails per day that was expected to continue through the end of trial. Counsel for the District stated that the court had not been informed of production problems because it had been hoped review of the documents for relevance and privilege and thus production of the documents could have been completed earlier. From the bench, the court ordered the District to produce all of the email without objection and with privilege waived within one week of the end of the trial so that plaintiffs could seek to supplement the trial record if necessary. The District sought reconsideration of the order.

Likening the District’s posture to an airplane with landing gear that deploys only after touchdown, the court denied the District’s motion. Waiver of privilege was an appropriate sanction because it was just and was proportional between offense and sanction, considering the District’s violation of multiple discovery orders and failure to meet its obligation to supplement its discovery responses. The court concluded that its sanction was justified considering prejudice to plaintiffs, prejudice to the judicial system, and the need to deter similar misconduct in the future. Since the District chose not to bring the situation to the court’s attention until the day of trial, the court “had no practical alternative short of entering a default.”

The court held that whether the District had acted in good faith and whether plaintiffs also had committed discovery violations was irrelevant:

Whether the District made a good-faith effort to produce all responsive e-mails before the trial is irrelevant. As explained above, it was not sanctioned for failing to make a good-faith effort. It was sanctioned for openly, continuously, and repeatedly violating multiple Court orders, failing to adhere to or even acknowledge the existence of the Federal Rules’ discovery framework, and committing a discovery abuse so extreme as to be literally unheard of in this Court. The Rules require more than simply making a good-faith effort to produce documents. They require adherence to a very precise framework for navigating the discovery process. Moreover, the duty to adhere to clear Court orders is among a lawyer’s most basic. Were it not for those two directives—the Federal Rules’ discovery framework and Court orders regarding discovery — discovery would devolve into pure bedlam. Disciplined adherence to those Rules and Orders on the part of courts as well as parties is the only tool our system has to wrangle the whirlwind as it were and tame an otherwise unmanageable part of the litigation process. A good-faith effort to produce documents in the absence of adherence to Court orders and the Federal Rules is useless.

So, what do you think?  Have you ever had opposing counsel try to produce documents at the beginning of trial – or even after?  Please share any comments you might have or if you’d like to know more about a particular topic.

Case Summary Source: Applied Discovery (free subscription required).  For eDiscovery news and best practices, check out the Applied Discovery Blog here.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.