eDiscoveryDaily

Preparing for Litigation Before it Happens: eDiscovery Best Practices, Part Five

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.  He has also been a great addition to our webinar program, participating with me on several recent webinars.  Tom has also written several terrific informational overview series for CloudNine, including eDiscovery and the GDPR: Ready or Not, Here it Comes (which we covered as a webcast), Understanding eDiscovery in Criminal Cases (which we also covered as a webcast), ALSP – Not Just Your Daddy’s LPO, Why Is TAR Like a Bag of M&M’s?, eDiscovery for the Rest of Us (which we also covered as a webcast) and Litigate or Settle? Info You Need to Make Case Decisions (which is our next scheduled webcast on August 29th).  Now, Tom has written another terrific overview regarding pre-litigation considerations titled Preparing for Litigation Before it Happens that we’re happy to share on the eDiscovery Daily blog.  Enjoy! – Doug

Tom’s overview is split into seven(!) parts, so we’ll cover each part separately.  Parts one, two and three were published last week and part four was published yesterday.  Here’s the fifth part.

BTW, in addition to exhibiting at ILTACON in National Harbor, MD next week in booth 936, CloudNine will also host a happy hour on Tuesday, August 21 from 4:30 to 6:30pm ET at the National Harbor’s Public House (click here to register).  Come and get to know CloudNine, your provider for LAW PreDiscovery®, Concordance® and the CloudNine™ SaaS platform!  We want to see you!

Basic Information Governance Solutions

One option, as mentioned above, is to design your own IG structure. An interesting option in that regard is that if you already use the Office 365 operating system, Microsoft has a Compliance Manager add on for Azure, Dynamics 365, and Office 365 Business and Enterprise subscribers operating in a public clouds infrastructure.

Compliance Manager allows an organization to build a custom process to manage all compliance activities from one place with three key capabilities:

  • Perform on-going risk assessments, now with Compliance Score

Compliance Manager is a cross-Microsoft Cloud services solution designed to help organizations meet complex compliance obligations, including the EU GDPR, ISO 27001, ISO 27018, NIST 800- 53, NIST 800- 171, and HIPAA[2].

  • Provides actionable insights from a certification/regulation view

Compliance Manager builds a connection between data protection capabilities and regulatory requirements, enabling users to know which technology solutions they can leverage to meet certain compliance obligations. One centralized view shows customer actions for each certification or regulatory control, and the specific actions recommended for each control. This includes step-by-step guidance through implementing internal controls and developing business processes for the organization.

  • Simplifies management of compliance activities with the capability to create multiple assessments for each standard and regulation

Compliance Manager enables assigning, tracking, and recording compliance activities to collaborate across teams and easily manage documents for creating audit reports.  This group functionality allows multiple assessments for any standard or regulation that is available in Compliance Manager by time, by teams, or by business units.

For example, you can create a GDPR assessment for the 2018 group and another one for the 2019 group. Similarly, you can create an ISO 27001 assessment for your business units located in the U.S. and another one for your business units located in Europe.

You can learn more about Compliance Manager in the white paper, Simplify your Compliance Journey with Service Trust Portal and Compliance Manager (downloadable here) or on the Compliance Manager support page.

A second method for creating an IG structure is to use the EDRM Information Governance Reference Model (IGRM).  As mentioned at the onset of this paper, IG was largely ignored when the EDRM started. That is not the case now as the updated EDRM wall poster diagram below illustrates.  

IGRM is one of 8 projects within the EDRM.net organization, and as such is specifically designed to help eDiscovery projects. While the well-known diagram of the EDRM illustrates a model for electronic discovery, the IGRM diagram (shown at the top of this blog post) illustrates a more detailed model for information management.

IGRM provides a framework for cross functional and executive dialogue and serves as a catalyst for defining a unified governance approach to information.  It is available to corporations, analyst firms, industry associations and other parties as a tool for communicating with and to organization stakeholders on responsibilities, processes and practices for information governance.

The IGRM diagram is a responsibility model rather than a document or case life cycle model and as such, can be used in a variety of industries and companies.  It helps to identify the stakeholders, define their respective “stake” in information, and highlights the intersection and dependence across these stakeholders.

The diagram was developed from multiple key inputs, including:

  • Interested parties with expertise in RIM, Discovery, and Information Management
  • Community effort
  • Series of bi-weekly sessions over more than 12 months
  • Socialized with more than 350 Compliance, Governance and Oversight Council (CGOC) corporate member practitioners in several CGOC meetings, and broadly distributed to over 750 CGOC member practitioners

The CGOC also issued a survey of corporate practitioners which showed:

  • 100% of respondents stating that defensible disposal was the purpose of information governance practice
  • Two-thirds of IT and one-half of RIM respondents said their current responsibility model for information governance didn’t work
  • 80% of respondents across legal, IT, and RIM said they had little or very weak linkage between legal obligations for information and records management and data management

You can link to the survey’s preliminary results here: http://www.cgoc.com/webinars/introduction-to-imrm

As you can see at the top of this blog post, the IGRM model has an outer ring of stakeholder groups including business users who need information to operate the organization, IT departments who must implement the mechanics of information management, and legal, risk, and regulatory departments who understand the organization’s duty to preserve information beyond its immediate business value.  In the center of the diagram is a workflow, or lifecycle diagram.  The information basics are distilled out, with the notable inclusion of “dispose” as the end state of information. Note the “information gates” in the middle, where information accumulates.

You can read more about how to use the IGRM model here.

Once comfortable with the components of the IGRM diagram, there are tools that provide the “next level” detail from the IGRM. One example is the CGOC’s process maturity model which outlines 13 key processes in eDiscovery and information management. Each process is described in terms of a maturity level from one to four – completely manual and ad hoc to greater degrees of process integration across functions and automation.

We’ll publish Part 6 – One Reason Why Information Governance is Not More Popular – on Thursday.

So, what do you think?  Does your organization have a plan for preparing for litigation before it happens?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Preparing for Litigation Before it Happens: eDiscovery Best Practices, Part Four

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.  He has also been a great addition to our webinar program, participating with me on several recent webinars.  Tom has also written several terrific informational overview series for CloudNine, including eDiscovery and the GDPR: Ready or Not, Here it Comes (which we covered as a webcast), Understanding eDiscovery in Criminal Cases (which we also covered as a webcast), ALSP – Not Just Your Daddy’s LPO, Why Is TAR Like a Bag of M&M’s?, eDiscovery for the Rest of Us (which we also covered as a webcast) and Litigate or Settle? Info You Need to Make Case Decisions (which is our next scheduled webcast on August 29th).  Now, Tom has written another terrific overview regarding pre-litigation considerations titled Preparing for Litigation Before it Happens that we’re happy to share on the eDiscovery Daily blog.  Enjoy! – Doug

Tom’s overview is split into seven(!) parts, so we’ll cover each part separately.  Part one was published last Monday, part two was published last Wednesday and part three was published last Friday.  Here’s the fourth part.

BTW, in addition to exhibiting at ILTACON in National Harbor, MD next week in booth 936, CloudNine will also host a happy hour on Tuesday, August 21 from 4:30 to 6:30pm ET at the National Harbor’s Public House (click here to register).  Come and get to know CloudNine, your provider for LAW PreDiscovery®, Concordance® and the CloudNine™ SaaS platform!  We want to see you!

Who Uses Information Governance?

The first problem with IG policies is that not everyone has one. A 2014 Rand study found that 44% of companies didn’t have any formal data governance policy and 22% of firms without a data policy had no plans to implement one.

This situation has not changed substantially since then.  In November 2017, data governance company erwin partnered with survey company UBM to ask business technology professionals at large organizations about their attitudes on data governance.

Their report was based on a survey of North American companies with more than 1,000 employees across more than 16 industries and included CIOs, CTOs, data center managers and directors, IT staff, and consultants. While the respondents agreed that IG is an important issue, nearly four in 10 of them said they do not have a separate budget for data governance and 46% do not have a formal strategy for it. So, while organizations continue to show awareness of the importance of data governance within their company, nearly half are not acting on that awareness.

The result of this inactivity? Inefficiency. According to the Thomson Reuters report, Cost of Compliance 2017, 32 percent of companies spend more than 4 hours per week creating and amending audit reports. Just audit reports. Imagine the time spent on other issues such as privacy or potential litigation.

SPECIFIC EXAMPLES

Statutes of Limitation

“Statute of limitations” or “limitation of action” are, of course, laws prescribing the time periods during which legal actions or lawsuits may be initiated. And once the statute of limitations time has passed, no future legal action may be brought related to the incident in question.

Once a legal action has commenced, either party may uncover relevant information which may be in the possession of the other party under the applicable rules of discovery. But if the statute of limitations has tolled, a business may delete relevant records and thus the SOL acts as a simple de facto IG policy.

Some types of matters may have special statutes of limitations. EG, most states specify that the statute of limitations related to personal injury begins at the time the actual injury occurs. Since this could be years after the product was brought to market, the manufacturer and/or distributor may be responsible for an extended period of time for product defects of various types.

Architects, engineers, and contractors may have similar concerns related to construction projects, although only in those locations where the construction occurred.  The requirements for those specific states need to be reviewed in detail before making an IG decision with regards to construction related records.

Records Retention

Typically, when asked about IG, attorneys will say it is a records retention policy. And traditionally, lawyers have advised their clients to “retain records forever in case they are sued”. As a result, the development of effective records retention programs has sometimes been thwarted based upon the mistaken belief that records must be kept for long periods in case they may be needed in litigation.

Records can often effectively be destroyed under an approved records retention program prior to the culmination of the statute of limitations period. When records have been destroyed prior to the start of litigation, they will not be available to the adverse party and so court rules prohibit record destruction while litigation or government investigation related to those records are imminent or pending.

The disadvantages then, of not having records that may be needed in litigation must also be balanced against the cost and inefficiencies associated with maintaining valueless records. Some questions related to these determinations include the following:

  • What are the chances of litigation?
  • In case of litigation, which party would have the burden of proof?
  • When does the statute of limitations take effect?

Regulations

Some statutes, such as those mentioned above, may result in extended liability for an organization since a legal action may be brought at any time. Think, for example, of a construction defect case, where the action may not arise until the defect becomes apparent and/or someone is injured. In addition, industry specific regulations in areas such as gaming or insurance can vary from state to state. An interesting example is an opinion by a member of the ARMA Board of Directors that new California Privacy Act is, in fact, a de facto American GDPR.  See https://www.arma.org/news/409199/

Healthcare Records

When it comes to IG standards for a specific profession, health care leads the way, under the guidance of the American Health Information Management Association (AHIMA).   AHIMA defines information governance as an “organization-wide framework for managing information throughout its lifecycle and for supporting the organization’s strategy, operations, regulatory, legal, risk, and environmental requirements.”

Their Information Governance Principles for Healthcare (IGPHC) provide a framework for healthcare organizations to enhance their ability to leverage information in order to achieve the organization’s goals and conduct their operations effectively while ensuring compliance with legal requirements and other duties and responsibilities.

IGPHC is a set of eight principles that are intended to inform an organization’s information governance strategy.  The eight principles, which incorporate the seven principles of ARMA mentioned above, are:

  • Accountability
  • Transparency
  • Integrity
  • Protection
  • Compliance
  • Availability
  • Retention
  • Disposition

They are described in great detail in the publication Evaluating the Information Governance Principles for Healthcare by Galina Datskovsky, PhD; Sofia Empel, PhD  and Ron Hedges, JD. (Ron of course is well known to people in the ESI arena as the former MJ from New Jersey and accomplished speaker and writer in the eDiscovery field.)

We’ll publish Part 5 – Basic Information Governance Solutions – tomorrow.

So, what do you think?  Does your organization have a plan for preparing for litigation before it happens?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Preparing for Litigation Before it Happens: eDiscovery Best Practices, Part Three

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.  He has also been a great addition to our webinar program, participating with me on several recent webinars.  Tom has also written several terrific informational overview series for CloudNine, including eDiscovery and the GDPR: Ready or Not, Here it Comes (which we covered as a webcast), Understanding eDiscovery in Criminal Cases (which we also covered as a webcast), ALSP – Not Just Your Daddy’s LPO, Why Is TAR Like a Bag of M&M’s?, eDiscovery for the Rest of Us (which we also covered as a webcast) and Litigate or Settle? Info You Need to Make Case Decisions (which is our next scheduled webcast on August 29th).  Now, Tom has written another terrific overview regarding pre-litigation considerations titled Preparing for Litigation Before it Happens that we’re happy to share on the eDiscovery Daily blog.  Enjoy! – Doug

Tom’s overview is split into seven(!) parts, so we’ll cover each part separately.  Part one was published on Monday and part two was published on Wednesday.  Here’s the third part.

BTW, in addition to exhibiting at ILTACON in National Harbor, MD later this month in booth 936, CloudNine will also host a happy hour on Tuesday, August 21 from 4:30 to 6:30pm ET at the National Harbor’s Public House (click here to register).  Come and get to know CloudNine, your provider for LAW PreDiscovery®, Concordance® and the CloudNine™ SaaS platform!  We want to see you!

General Principles for Information Governance

Assuming a company wanted to begin an IG initiative, are there any general principles to follow? The leading organization in this area is ARMA. Originally, ARMA was the acronym for the Association of Records Managers and Administrators. Over the years, the board of directors realized that records management had become a recognized and integral part of information governance, which is key to doing business. To reflect this change, they decided to discontinue using ARMA as an acronym and adopted “ARMA International” as a general descriptor of the association.

ARMA has 7 core principles it believes are the basis for any IG strategy. These Generally Accepted Recordkeeping Principles® (Principles) constitute a generally accepted global standard that identifies the critical hallmarks and a high-level framework of good practices for information governance – defined by ARMA International as a “strategic, cross-disciplinary framework composed of standards, processes, roles, and metrics that hold organizations and individuals accountable for the proper handling of information assets. Information governance helps organizations achieve business objectives, facilitates compliance with external requirements, and minimizes risk posed by sub-standard information-handling practices. Note: Information management is an essential building block of an information governance program.”

Published by ARMA International in 2009 and updated in 2017, the Principles are grounded in practical experience and based on extensive consideration and analysis of legal doctrine and information theory. They are meant to provide organizations with a standard of conduct for governing information and guidelines by which to judge that conduct and are, in fact, all contained with the eithht HIMA principles mentioned above.

Principle of Accountability: A senior executive (or a person of comparable authority) shall oversee the information governance program and delegate responsibility for information management to appropriate individuals.

Principle of Transparency: An organization’s business processes and activities, including its information governance program, shall be documented in an open and verifiable manner, and that documentation shall be available to all personnel and appropriate, interested parties.

Principle of Integrity: An information governance program shall be constructed so the information assets generated by or managed for the organization have a reasonable guarantee of authenticity and reliability.

Principle of Protection: An information governance program shall be constructed to ensure an appropriate level of protection to information assets that are private, confidential, privileged, secret, classified, essential to business continuity, or that otherwise require protection.

Principle of Compliance: An information governance program shall be constructed to comply with applicable laws, other binding authorities, and the organization’s policies. Principle of Availability: An organization shall maintain its information assets in a manner that ensures their timely, efficient, and accurate retrieval.

Principle of Retention: An organization shall maintain its information assets for an appropriate time, taking into account its legal, regulatory, fiscal, operational, and historical requirements.

Principle of Disposition: An organization shall provide secure and appropriate disposition for information assets no longer required to be maintained, in compliance with applicable laws and the organization’s policies.

We’ll publish Part 4 – Who Uses Information Governance? – next Monday.

So, what do you think?  Does your organization have a plan for preparing for litigation before it happens?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

The Sedona Conference Has Created New Principles on Defensible Disposition: eDiscovery Best Practices

It’s timely that we are currently running Tom O’Connor’s paper on Information Governance (first two parts here and here, more to come tomorrow and next week) because The Sedona Conference® (TSC) has just published a paper on defensible disposition, which is a significant component of any good Information Governance program.

On Tuesday, TSC and its Working Group 1 on Electronic Document Retention & Production (WG1) announced the publication of the Public Comment Version of The Sedona Conference Principles and Commentary on Defensible Disposition. While updating the 2014 Commentary on Information Governance, WG1 recognized there was a need to provide guidance to organizations and counsel on the adequate and proper disposition of information that is no longer subject to a legal hold and has exceeded the applicable legal, regulatory, and business retention requirements.

The Commentary is introduced by reciting Principle 6 of The Sedona Conference Commentary on Information Governance, which provides the following guidance to organizations:

The effective, timely, and consistent disposal of physical and electronic information that no longer needs to be retained should be a core component of any Information Governance program.

Despite this advice, and similar advice from other sources, many organizations continue to struggle with making and executing effective disposition decisions. That struggle is often caused by many factors, including the incorrect belief that organizations will be forced to “defend” their disposition actions if they later become involved in litigation.

As a result, this Commentary attempts to address these three factors and provide guidance to organizations, and the professionals who counsel organizations, on developing and implementing an effective disposition program.  As is the case with any “Principles” guide from the TSC, the core of this guide are its three principles, as follows:

  • PRINCIPLE 1. Absent a legal retention or preservation obligation, organizations may dispose of their information.
  • PRINCIPLE 2. When designing and implementing an information disposition program, organizations should identify and manage the risks of over-retention.
  • PRINCIPLE 3. Disposition should be based on Information Governance policies that reflect and harmonize with an organization’s information, technological capabilities, and objectives.

Each principle includes two or more “comments” that provide additional guidance regarding defensible disposition best practices (you could call them “sub-principles”) and the guide concludes with a section on “Information Disposition Challenges” which addresses considerations such as unstructured information, mergers and acquisitions, departed, separated or former employees (here’s a blog post we did covering that subject), shared file sites, personally identifiable information (“PII”), regulations, cultural change and training and parties such as law firms, eDiscovery vendors (who us?), adversaries, in-house legal departments and data “hoarders” (you know who you are).

The Commentary weighs in at a tidy 34 page PDF file, so it’s an easy read.

The Sedona Conference Principles and Commentary on Defensible Disposition is open for public comment through October 10, 2018. As always, questions and comments regarding the Commentary may be sent to comments@sedonaconference.org and the drafting team will carefully consider all comments received and determine what edits are appropriate for the final version.  You can download a free copy here.

So, what do you think?  Does your organization struggle with defensible disposition of information?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Preparing for Litigation Before it Happens: eDiscovery Best Practices, Part Two

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.  He has also been a great addition to our webinar program, participating with me on several recent webinars.  Tom has also written several terrific informational overview series for CloudNine, including eDiscovery and the GDPR: Ready or Not, Here it Comes (which we covered as a webcast), Understanding eDiscovery in Criminal Cases (which we also covered as a webcast), ALSP – Not Just Your Daddy’s LPO, Why Is TAR Like a Bag of M&M’s?, eDiscovery for the Rest of Us (which we also covered as a webcast) and Litigate or Settle? Info You Need to Make Case Decisions (which is our next scheduled webcast on August 29th).  Now, Tom has written another terrific overview regarding pre-litigation considerations titled Preparing for Litigation Before it Happens that we’re happy to share on the eDiscovery Daily blog.  Enjoy! – Doug

Tom’s overview is split into seven(!) parts, so we’ll cover each part separately.  Part one was published on Monday.  Here’s the second part.

BTW, in addition to exhibiting at ILTACON in National Harbor, MD later this month in booth 936, CloudNine will also host a happy hour on Tuesday, August 21 from 4:30 to 6:30pm ET at the National Harbor’s Public House (click here to register).  Come and get to know CloudNine, your provider for LAW PreDiscovery®, Concordance® and the CloudNine™ SaaS platform!  We want to see you!

What is Information Governance?

The most basic explanation, and one I have used for years, is that IG is the flip side of the ED coin. But before we define it, let’s take a look at what it is NOT.

Much like other discussions in other areas of eDiscovery, IG is not a product. It is, rather, a process that may incorporate several products depending upon the business type and their workflow.

Since IG is not a product, then it clearly cannot be a DMS.  Yet the most common response I received when I asked someone if they had an IG solution was, “yes, we use iManage/NetDocuments/Worldox”. A simple IG solution may include a Document Management System (DMS) product but the DMS itself is designed for the organization and search of only certain types of documents. It may have limitations on document types it can work with and almost always has a document size limit. Craig Bayer, the principal of legal document management firm Optiable, put it best when he said to me that “A DMS is not an enterprise data organization solution.”

And as a side note, for these same reasons and several others, the most important reason being that a DMS will change metadata when documents from outside the DMS are imported into it, a DMS is also not a good eDiscovery tool.  Again, it can be part of the ED workflow process but typically at the front end of that process. Thanks to Paul Unger, managing partner of the Columbus Ohio office of the Affinity Consulting Group for this tip.

So, now that we’ve discussed what is not IG, let’s talk about what it is.

IG, or as it’s also known data governance, is basically a set of rules and policies that have to do with a company’s data. These rules and policies can cover issues such as:

  • Security
  • Privacy
  • Data access
  • Data storage & maintenance
  • Data backup and/or disposal
  • Accountability for employees handling data

But the benefits of data governance don’t stop there. It can also help with:

  • Preventing isolated unregulated data storage
  • Making data accessible across the enterprise
  • Providing accurate, consistent data
  • Ensuring compliance with laws and regulations that govern data, such as the Sarbanes-Oxley Actor HIPAA

IG will also almost always involve some form of unstructured data, that is, information that either is not in a fielded form in databases or is annotated or otherwise semantically tagged in documents. Unstructured data is typically text-heavy but may contain other data such as dates and numbers. A 1998 Merrill Lynch study cited a rule of thumb that somewhere around 80-90% of all potentially usable business information may originate in unstructured form and this figure is still generally accepted as valid.

IG will always be proactive in dealing with corporate data, unlike eDiscovery which is reactive in nature But, because “data” can refer to so many different items, from email and word processing documents to A/V files and unique file types such as CAD drawing or x-rays, is it possible to have standardized best practices for all types of data usage or it is most likely that rules will be built for different business types?

In fact, different IG rules do exist for different professions and industries and some have their own data management tools. Examples include:

  • Health
  • Education
  • Business
  • Nursing
  • Manufacturing
  • Non-Profits

Other IG rules may spring up because they are imposed by entities outside the business. From something as simple as a statute of limitations to general records retention statutes or industry specific regulations and even statutory controls in areas such as privacy, external pressures on a company may force a need for a cohesive IG policy.

We’ll publish Part 3 – General Principles for Information Governance – on Friday.

So, what do you think?  Does your organization have a plan for preparing for litigation before it happens?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Grants Defendant’s Motion to Compel Various Records from Plaintiff in “Slip and Fall” Case: eDiscovery Case Law

In Hinostroza v. Denny’s Inc., No.: 2:17–cv–02561–RFB–NJK (D. Nev. June 29, 2018), Nevada Magistrate Judge Nancy J. Koppe granted the defendant’s motion to compel discovery various sources of ESI related to the plaintiff’s claim of injuries resulting from a “slip and fall” accident at one of the defendant’s restaurants.

Case Background

In March 2018, the defendant requested various releases from Plaintiff to obtain documents regarding her employment, a prior car accident in 2015, and records from medical providers and the plaintiff provided some of the requested releases in the same month.  In April 2018, the parties met and conferred three times regarding the outstanding releases, as well as the plaintiff’s responses to the defendant’s amended second set of requests for production of documents. When the parties were unable to resolve their discovery disputes, the defendant filed the instant motion to compel the outstanding releases and responses to its requests.

Judge’s Ruling

Noting that the “burden is on the party resisting discovery to show why a discovery request should be denied by specifying in detail, as opposed to general and boilerplate objections, why ‘each request is irrelevant’”, Judge Koppe ruled on each of the following sources of ESI requested by the defendant:

  • Copies of any and all documents related to the 2015 car accident the plaintiff identified in your response to Defendant’s Interrogatory No. 18, as well as information regarding two slip and fall accidents in 2012 where the plaintiff was treated by an orthopedist and a neurologist: Judge Koppe said that “Medical records of injuries prior to an alleged accident are relevant to the issue of whether the injuries existed at the time of the accident and whether the accident caused or aggravated the injuries” and also noted that “police reports and insurance records are relevant because they likely contain statements, photographs, or other information ‘to confirm or refute [a plaintiff’s] allegation [he or she] was not injured’ in an accident”. Because “Courts within the Ninth Circuit have found that medical records and reports dating between three years to ten years prior to an alleged accident are discoverable”, Judge Koppe granted the defendant’s request for this information.
  • Copies of any text messages, emails, or other written communications between either the plaintiff or her counsel and several witnesses and a copy of all text messages or emails the plaintiff sent in the 48 hours after the Subject Accident: Noting that “Phone records are discoverable if the request is narrowly tailored in date and time and relates to a key issue in the case”, Judge Koppe granted in part this request.
  • Copies of any [of] the data of any type of FitBit, or other activity tracker device from five (5) years prior to the Subject Accident through the present: Noting that the plaintiff had waived objections that the request was overbroad and unduly burdensome because she did not raise these objections in her initial response to Defendant’s amended second set of requests for production, Judge Koppe ordered the plaintiff to “supplement her response to Defendant’s request for production number 30 to fully describe the search she conducted for responsive documents, by July 20, 2018.”
  • Copies or allow for inspection, any social media account the plaintiff had from five (5) years prior to the Subject Accident through the present: Noting that “information from social media is relevant to claims of emotional distress because social media activity, to an extent, is reflective of an individual’s contemporaneous emotions and mental state”, Judge Koppe found “that social media information and communications are relevant and, thus, discoverable under Fed.R.Civ.P. 26(b)” and granted the defendant’s request for that information.
  • Authorization for the release of the plaintiff’s employment records: Despite the fact that the plaintiff claimed she was no longer pursuing a lost wage claim, Judge Koppe noted that “an amended complaint reflecting Plaintiff’s new claims has not been filed” and also observed that “it appears that Plaintiff’s claims of “limited occupational … activities … [and] loss of earning capacity” remain in her complaint”, so she granted that defendant’s request as well.

So, what do you think?  Did the judge fail to take into account privacy concerns of the plaintiff or should relevancy override privacy concerns in this case?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Preparing for Litigation Before it Happens: eDiscovery Best Practices

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.  He has also been a great addition to our webinar program, participating with me on several recent webinars.  Tom has also written several terrific informational overview series for CloudNine, including eDiscovery and the GDPR: Ready or Not, Here it Comes (which we covered as a webcast), Understanding eDiscovery in Criminal Cases (which we also covered as a webcast), ALSP – Not Just Your Daddy’s LPO, Why Is TAR Like a Bag of M&M’s?, eDiscovery for the Rest of Us (which we also covered as a webcast) and Litigate or Settle? Info You Need to Make Case Decisions (which is our next scheduled webcast on August 29th).  Now, Tom has written another terrific overview regarding pre-litigation considerations titled Preparing for Litigation Before it Happens that we’re happy to share on the eDiscovery Daily blog.  Enjoy! – Doug

Tom’s overview is split into seven(!) parts, so we’ll cover each part separately.  Here’s the first part.

BTW, in addition to exhibiting at ILTACON in National Harbor, MD later this month in booth 936, CloudNine will also host a happy hour on Tuesday, August 21 from 4:30 to 6:30pm ET at the National Harbor’s Public House (click here to register).  Come and get to know CloudNine, your provider for LAW PreDiscovery®, Concordance® and the CloudNine™ SaaS platform!  We want to see you!

Introduction

Information Governance (IG) has always been part of the eDiscovery landscape but not always a large part. Although it appears on one of the first Electronic Discovery Reference Model (EDRM) charts it was not discussed in any of the standards models and was typically not included in any detailed EDRM discussion.  Here is the early EDRM model chart from 2009 that became the initial standard – note how it wasn’t even called “Information Governance” back then, it was called “Information Management”.

IG was originally important for reducing the population of potentially responsive electronically stored information (ESI) that might be subject to litigation by helping organizations adopt best practices for keeping their information “house in order”.  But now with an increased concentration on the two-fold concerns of privacy and security, IG has become more important.  Good IG best practices and technologies can allow organizations to conduct data discovery on their organizations data, keep it secure, protect privacy and help lower potential litigation costs by archiving or disposing of records in a repeatable defensible manner.

We’ll explore the implementation of Information Governance best practices to help organizations better prepare for litigation before it happens, as follows:

  1. What is Information Governance?
  2. General Principles for Information Governance
  3. Who Uses Information Governance?
  4. Basic Information Governance Solutions
  5. One Reason Why Information Governance is Not More Popular
  6. Concluding Remarks

We’ll publish Part 2 – What is Information Governance? – on Wednesday.

So, what do you think?  Does your organization have a plan for preparing for litigation before it happens?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

TAR Rules for the New York Commercial Division: eDiscovery Trends

File this one under stories I missed until yesterday.  We’ve seen plenty of cases where the use of Technology Assisted Review (TAR) has been approved and even one this year where a protocol for TAR was ordered by the court.  But, here is a case of a jurisdiction that has proposed and adopted a rule to encourage use of the most efficient means to review documents, including TAR.

As reported in the New York Law Journal (NY Commercial Division Gives Fuller Embrace to E-Discovery Under New Rule, written by Andrew Denney), the New York Commercial Division has adopted a new rule to support the use of technology-assisted document review in appropriate cases.

As the author notes, plenty of commercial litigants are already using technology to help them breeze through potentially labor-intensive tasks such as weeding out irrelevant documents via predictive coding or threading emails for easier reading.  But unlike the U.S. District Court for the Southern District of New York, which has developed a substantial volume of case law bringing eDiscovery proficiency to the bar (much of it authored by recently retired U.S. Magistrate Judge Andrew Peck), New York state courts have provided little guidance on the topic.

Until now.  The new rule, proposed last December by the Commercial Division Advisory Council and approved last month by Lawrence Marks, the state court system’s chief administrative judge and himself a former Commercial Division jurist, would fill the gap in the rules, said Elizabeth Sacksteder, a Paul, Weiss, Rifkind, Wharton & Garrison partner and member of the advisory council.  That rule, to be incorporated as a subpart of current Rule 11-e of the Rules of the Commercial Division, reads as follows:

The parties are encouraged to use the most efficient means to review documents, including electronically stored information (“ESI”), that is consistent with the parties’ disclosure obligations under Article 31 of the CPLR and proportional to the needs of the case.  Such means may include technology-assisted review, including predictive coding, in appropriate cases.

Muhammad Faridi, a commercial litigator and a partner at Patterson Belknap Webb & Tyler, said that using technology-assisted review is nothing new to most practitioners in the Commercial Division, but it is “revolutionary” for the courts to adopt a rule encouraging its use.  Maybe so!

So, what do you think?  Are you aware of any other rules out there supporting or encouraging the use of TAR?  If so, let us know about them!  And, as always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Denies Defendant’s Motion for Protective Order in Broiler Chicken Case: eDiscovery Case Law

In the In re Broiler Chicken Antitrust Litigation, No. 16 C 8637 (N.D. Ill. July 26, 2018), Illinois Magistrate Judge Jeffrey T. Gilbert denied defendant Agri Stats’ Motion for Protective Order, ruling the defendant “Has Not Made a Threshold Showing” that the information requested by the End User Consumer Plaintiffs (“EUCPs”) was not reasonably accessible because of undue burden or cost (and even if they had, the EUCPs had shown good cause for requesting custodial searches of ESI for the entire time frame set forth in the ESI Protocol) and that Agri Stats “Does Not Satisfy the Rule 26(b)(2)(C) Factors” to limit discovery.

Case Background

Prior to this class action lawsuit involving broiler chicken prices, defendant Agri Stats was the subject of a DOJ investigation and claimed it “searched for and produced to the DOJ documents and information like what the EUCPs are requesting”.  Agri Stats ran custodial searches for designated custodians for the period between September 17, 2008 through September 17, 2010, and it produced to the DOJ responsive documents it collected with those searches. But, the time frame for discovery in this case was much broader, extending from January 1, 2007 until September 2, 2016.

Agri Stats argued that it should not be required to run custodial searches of ESI created prior to October 3, 2012 (the date the DOJ investigation closed) for the agreed upon 12 custodians because it ran similar searches for most of those custodians during the DOJ investigation and “requiring it to re-run expensive searches with the EUCPs’ search terms for those same custodians for a broader time period than it already ran is burdensome, disproportionate to the needs of this case, and unreasonable when viewed through the filter of Federal Rule of Civil Procedure 26(b)(2).”

The EUCPs disagreed and contended that Agri Stats should be required, like every other Defendant in this case, to perform the requested searches with the EUCPs’ proposed search terms for the time frame stated in the ESI Protocol, contending that both were broader than what Agri Stats produced for the DOJ investigation.

Judge’s Ruling

Considering the arguments, Judge Gilbert stated:

“The Court agrees with EUCPs. Although Agri Stats conducted custodial searches for a limited two-year period in connection with the DOJ’s investigation of possible agreements to exchange competitively sensitive price and cost information in the broiler, turkey, egg, swine, beef and dairy industries, that investigation focused on different conduct than is at the heart of EUCPs’ allegations in this case, which cover a broader time period than was involved in the DOJ’s investigation. The Court finds that a protective order is not warranted under these circumstances.”

While noting that “Agri Stats says that it already has produced in this case more than 296,000 documents, including approximately 155,000 documents from before October 2012” and that “Agri Stats represents that the estimated cost to run the custodial searches EUCPs propose and to review and produce the ESI is approximately $1.2 to $1.7 million”, Judge Gilbert observed that the “estimated cost, however, is not itemized nor broken down for the Court to understand how it was calculated”.  Judge Gilbert also noted that “EUCPs say they already have agreed, or are working towards agreement, that 2.5 million documents might be excluded from Agri Stats’s review. That leaves approximately 520,000 documents that remain to be reviewed. In addition, EUCPs say they have provided to Agri Stats revised search terms, but Agri Stats has not responded.”

As a result, Judge Gilbert determined that “Agri Stats falls woefully short of satisfying its obligation to show that the information EUCPs are seeking is not reasonably accessible because of undue burden or cost.”  In denying the defendant’s motion, he also ruled that “Even if Agri Stats Had Shown Undue Burden or Cost, EUCPs Have Shown Good Cause for the Production of the Requested ESI and Agri Stats Does Not Satisfy the Rule 26(b)(2)(C) Factors”.

So, what do you think?  Could the defendant have done a better job of showing undue burden and cost?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Investment is Changing the eDiscovery Market as We Speak: eDiscovery Trends

Yesterday, we talked about how eDiscovery business confidence seems to tend to take a downturn every summer.  But, when it comes to private equity firms’ investment in eDiscovery companies, eDiscovery business confidence seems to be stronger than ever.

As reported in LegalTech News (E-Discovery Market’s Demand Attracting More Investors Than Ever Before, written by Rhys Dipshan), the author notes that over the past few years, private equity firms have invested in over a dozen eDiscovery companies.  Since January 2018, have played a leading role in reshaping the eDiscovery market.  Some examples:

  • Xact Data Discovery was acquired by private equity firm JLL Partners in January 2018;
  • San Francisco-based private equity firm GI Partners was behind the March 2018 merger of Consilio and Advanced Discovery;
  • In October 2017, Knox Capital led a funding round for eDiscovery and forensics provider HaystackID, which then supported HaystackID’s April 2018 acquisition of Envision Discovery and Inspired Review;
  • In late May 2018, another New York City-based private equity firm, Leeds Equity Partners, also moved into the e-discovery industry by investing in Exterro. While the exact investment amount was not disclosed, Exterro told Legaltech News it was a “nine figure deal”;
  • And yet another private equity firm, Peak Rock Capital, invested in eDiscovery company (and sponsor of this blog) CloudNine and helped fund its March 2018 acquisition of the LexisNexis eDiscovery product suite. A spokesperson for Peak Rock Capital said the firm invested in the CloudNine because it “saw great potential in CloudNine as a high growth software-as-a-service provider of processing and review solutions.”

So, what’s behind private equity’s appetite for all things eDiscovery? The author states that “[a]t its core, it stems from private equity’s belief that demand for e-discovery technology and services remain strong for years to come.”

Private equity firms seem not to be too worried that their eDiscovery picks will be crowded out of the market anytime soon. Peak Rock Capital, for instance, believes that there “is ample demand in the growing e-discovery segment. There’s been consolidation on the services side, but the market is quite large, and we continue to see robust demand from new customers.”

As I’ve noted several times on this blog, a great resource for a list of mergers, acquisitions and investments is Rob Robinson’s Complex Discovery blog where he lists industry transactions back as far as November 2001 – which is even before Kroll acquired Ontrack!  Now, both names are absorbed in acquisition.  We’ve certainly seen several large transactions over the years, but if you look at the most recent transactions (since May 1, 2018), we have at least three “nine figure deals” in the last nine months.  That’s big business!

So, what do you think?  Are you surprised in the amount of investment in the eDiscovery industry?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.