Month: February 2010

French Email Privacy Restrictions Not Always FRCP Obstruction

Bill Tolson eDiscovery , , , , , , , , , , ,

The two blog entries below point out some slightly different views of an interesting case about employee email privacy decided in France on Dec 15, 2009. The case was: Bruno B. vs. Giraud et Migot, Cour de Cassation, Chambre Sociale, Paris, 15 Dec. 2009, No. 07-44264

http://chrisdale.wordpress.com/2010/02/22/the-extent-of-te-right-to-privacy-in-french-employee%E2%80%99s-e-mails/

http://www.hhdataprotection.com/2010/02/articles/litigation/new-french-case-removes-automatic-privacy-shield-from-employee-emails-making-them-more-amenable-to-us-discovery/

From the Hogan & Hartson blog: The French high labor court (the Cour de Cassation Chambre Sociale) may have provided some grounds for arguing that a party in France can review a French employee’s e-mails and electronically stored information to determine whether the data is relevant to a U.S. litigation, without the employee’s knowledge or presence.  This is a significant development in the perennial tension between EU privacy law and U.S. discovery principles.

French employee privacy protection policies usually block U.S. FRCP eDiscovery requests that request French employee email for a case in the United States.  This case, on the face of it, seemed to set a precedent in the ruling saying the employer could review French employee email and ESI without the employees knowledge.

From the e-Disclosure Information Project Blog: There is no doubt, however, that many will use it as a reason to ignore everything they have heard about EU privacy. The case may well have implications for US litigants, but I do not think that a single Labour Court case in which an employee neglected to mark private e-mails as such will open the floodgates to FRCP discovery. It’s most likely consequence, I suspect, is that all French employees will start marking the e-mails” Private”, making it harder rather than easier to discriminate between those which are and those which are not genuinely private.

The bottom line for this case was this; the French employee’s email and ESI was searchable and reviewable without the employee’s approval or knowledge because the documents had not been marked as “Private” by the employee. My guess is that French employee committees will quickly instruct French employees on the proper marking of all emails and ESI as “Private”.

Litigation Hold, Adverse Inference and Additional eDiscovery Costs

Bill Tolson eDiscovery , , , , , , , , , ,

In Melendres v. Arpaio, CV-07-2513-PHX (D. Ariz. February 11, 2010) (UNPUBLISHED),  U.S. District Court Judge G. Murray Snow granted plaintiffs’ motion for sanctions and ruled that the Maricopa County Sheriff’s Office (“MCSO”) failed to issue a timely litigation hold resulting in the destruction of relevant documents, including e-mails.

In discovery, plaintiffs learned the MCSO shredded relevant documents (i.e., stat sheets) and deleted e-mails.  In addition, not a single deponent was aware of their obligation to preserve evidence.

The court found the MCSO was at least negligent in failing to preserve the stat sheets and permitted plaintiffs to file suggested possible adverse inferences concerning the destroyed stat sheets.  With respect to e-mails, the defendants admitted that they had purged all email communications related to the immigration sweeps.

However, certain e-mails that were separately saved by a user may still be recoverable.  The court deferred the issue of sanctions until defendants provided to plaintiffs:  (1) a description of the steps taken to recover all responsive e-mails from active and back-up systems; (2) a complete list of the new documents that have been recovered and the dates of recovery; (3) the sources from which the additional documents were recovered; (4) the inherent limitations on defendants search for documents that were imposed by defendants’ document retention systems; and (5) the components of that system.

The above content is taken from the Ryley Carlock & Applewhite website and can be read in its entirerty here.

This case highlights the need for a timely litigation hold notice for all potentially responsive ESI including email. It also points out the additional costs which can be incurred if the litigation hold requirement is not followed. Point one in the paragraph above calls out the additional requirement for MCSO to now check all backup systems for potentially responsive emails that were deleted. This process can be extremely expensive and time consuming.

Ideally, a properly administered litigation hold process would negate the need to restore backup tapes which can run between $2900 to $4500 per tape restored.

Are foreign laws restricting the production of customer data being ignored by US courts?

Bill Tolson eDiscovery , , , , , , , , , ,

In a recent case; Accessdata Corp. v. ALSTE Tech. GMBH, 2010 WL 3184777 (D. Utah Jan. 21, 2010), the Plaintiff, an American company, sought to compel defendant’s production of documents, including information related to customer complaints and defendant’s technical support of non-customers. Defendant objected to the interrogatories and requests for production on the grounds that they were overly broad, unduly burdensome, and seeking irrelevant information and because “disclosure of information relating to third parties’ identities would violate German law.”

The defendant’s main argument was that German law prohibits the production of third-party personal information and that, if it complied with the discovery requests at issue, it would “subject itself to civil and criminal penalties for violating the German Data Protection Law … and the German Constitution.”

In this case the court found that ESI asked for from a German company should be turned over in discovery even though the defendant stated that German privacy laws prohibit customer data being turned over without the customer’s approval.

In this specific case, the court found:

While defendant asserts that providing personal information about its customers and their employees “would be a huge breach of fundamental privacy laws in Germany,” defendant has failed to demonstrate the verity of this assertion. Defendant has not cited to the particular provisions of the German Data Protection Act (”GDPA”) and/or German Constitution that would prohibit disclosure of personal third-party information. Based on the court’s brief review of the GDPA, it appears that it does not necessarily bar discovery of personal information. In particular, Part I, Section 4c of the GDPA, entitled “Derogations,” provides that the transfer of personal information to countries that do not have the same level of data protection “shall be lawful, if … the data subject has given his/her consent [or] … the transfer is necessary or legally required … for the establishment, exercise or defence of legal claims.” The GDPA further states that “[t]he body to which the data are transferred shall be informed that the transferred data may be processed or used only for the purpose for which they are being transferred.” ALSTE has not demonstrated that it has been unable to obtain consent from its customers or that it has even attempted to seek consent. ALSTE has also failed to address this particular provision of the GDPA or explain why it would not apply in the instant case.

On the face of it, this case looked like the United States District Court was imposing its will upon a foreign government and its privacy laws. In reality, the two main points of this particular case was:

  1. The defendant did not cite the particular provisions of German privacy law and did not try to obtain the customer’s approval to have their personal data transferred.
  2. The German laws actually make provisions for the possibility of ESI transfer to another countries jurisdiction; the GDPA does not necessarily bar discovery of personal information. In particular, Part I, Section 4c of the GDPA, entitled “Derogations,” provides that the transfer of personal information to countries that do not have the same level of data protection “shall be lawful, if … the data subject has given his/her consent [or] … the transfer is necessary or legally required … for the establishment, exercise or defense of legal claims.”

Early Case Assessment and Concept Search

Bill Tolson eDiscovery , , , , , , , ,

There has been an ongoing argument as to the validity of concept search verses keyword search in discovery searches. The main arguments I have seen are:

  1. Keyword searches tend to miss relevant documents and are under-inclusive in their search results.
  2. Concept searches tend to produce too many non-responsive documents and are considered over-inclusive in their search results.
  3. The other argument against concept searches for eDiscovery is that concept searches are a “black box” and are therefore very hard to explain to the court as to their validity.

I have not been able to find any cases where the eDiscovery response was conducted via a concept search.

While at LegalTech 2010 in New York, I spoke to several conceptual search/clustering vendors that were positioning conceptual search as the next big thing…that keyword search was falling in favor. I don’t believe that to be the case but I am curious whether conceptual search technology has a future.

I do believe there is an interesting possibility to use conceptual search capabilities in the area of Early Case Assessments (ECA). For ECA, the discoveree wants to “data mine” potentially responsive ESI to determine their going forward strategy; should we settle or should we fight? To make the best decision about legal strategy, I believe having access to the most complete and relevant data set is a top priority. One of the wraps against concept search is it is over-inclusive; a benefit in making sure you have reviewed all potentially responsive ESI when performing ECA.