It doesn’t it really matter where my organization’s ESI is kept…right?


Where companies store their electronically stored information (ESI) is of no concern to attorneys… right? Say what?

There’s an on-going debate over the question of where the “best” place is to store a company’s ESI for legal reasons; in the company’s own facility (on-premise) or in a third party’s  facility (hosted; also known as “storage as a service”, SaaS). The answer to this question really depends on several factors. There are three main questions to ask yourself when considering this question from a legal perspective; where’s the best place to store the organization’s ESI? The first question to ask is; is my ESI secure and can I prove it has not been altered in any way; in other words is it defensible? The second question to ask yourself is; can I access my ESI quickly enough to place legal holds and perform searches based on discovery requests? And the third question is; do I have access to the full ESI data set for ECA purposes and to insure I can fully respond?

Let’s review these topics you need to keep in mind when dealing with ESI in litigation. First, when litigation is reasonably obvious, you have a responsibility to immediately protect all ESI which could be responsive in the approaching civil case. This responsibility is an absolute requirement in U.S. Federal courts and most state courts. There are few if any excuses a Judge will swallow for a responder inadvertently deleting potentially responsive ESI after your legal hold responsibility has been triggered.

Second, the time frame you’ll have to fully respond to an eDiscovery request is generally much shorter now than in the past (pre 12/2006). Quick and complete access to all potentially responsive data is extremely important when responding to an eDiscovery request.

And third, good intentions can mean something to the court. A company that actually plans and documents their processes etc. for litigation hold and eDiscovery will mean something to the Judge (possibly) if you have an inadvertent ESI deletion.

Advertisements

Spoliation does not require purposeful destruction of evidence


In a recent decision, Rosenthal Collins Group, LLC v. Trading Techs. Int’l, No. 05 C 4088, 2011 WL 722467 (N.D. Ill. Feb. 23, 2011), the court ordered the plaintiff to pay $1,000,000 in monetary sanctions, and ordered plaintiff’s counsel to pay “the costs and attorneys fees incurred in litigating this motion” because the plaintiff’s agent was found (and admitted) to have modified metadata related to relevant source code and had wiped several relevant disks and devices prior to their production. The court found plaintiff’s counsel had participated in “presenting misleading, false information, materially altered evidence and willful non-compliance with the Court’s orders.”

The plaintiff’s counsel did not dispute any of the allegations of misconduct” but instead sought to distance itself from “its own agent, employed for the purposes of pursuing this litigation” and disavowed any “actual knowledge” of wrongdoing. RCG’s counsel similarly disavowed “any personal wrongdoing and any actual knowledge of any wrongdoing, while unequivocally distancing themselves and RCG from [the consultant].”

The court stated; “The imposition of sanctions, however, does not require actual knowledge, but gross negligence or recklessness, i.e., RCG knew or should have known. See Porche v. Oden, 2009 WL 500622, at *7 (N.D.Ill. Feb.27, 2009). Even if this Court were to accept that RCG had no actual knowledge of the evidence destruction and modification that occurred, RCG’s conduct still warrants the imposition of a default judgment. See, e.g., Grochicinski v. Schlossberg, 402 B.R. 825, 842-43 (N.D.Ill.2009) (finding bad faith sufficient to impose default judgment because “[e]ven if Schlossberg did not destroy the files himself, the bankruptcy court found that at the very least Schlossberg acted in ‘reckless disregard’ of his discovery obligations”).

The court went on to reason that “it strains credulity that RCG now claims it had no knowledge of anything [its consultant] was doing and he was just a ‘non-party fact witness’ for whom it bears no responsibility.” The court found that the record reflected that the consultant was “under RCG’s control and was its paid agent,” as evidenced by a myriad of facts laid out by the court.

Accordingly, finding that plaintiff and its counsel “acted in bad faith and with willful disregard for the rules of discovery and this Court’s orders,” the court entered default judgment in favor of defendant and dismissed the claims and defenses of plaintiff. The court also ordered plaintiff to pay sanctions in the amount of $1,000,000 and, for their part in presenting “misleading, false information, materially altered evidence, and willful non-compliance with the Court’s orders,” ordered counsel to “pay the costs and fees incurred in litigating this motion.”

The managing attorneys on either side are responsible to the court to insure the discovery process was done correctly and in the timeframe expected by the court. The argument by RCG that they just didn’t know was seen by the Judge as not meeting their responsibilities. A spoliation finding does not need to be purposeful, grossly negligent will also do.

Are Custodial Self-Discovery and Preserving ESI in Place Good for You?


A majority of organizations still follow the traditional practice of instructing custodians—that is, employees–to search for and protect potentially responsive electronically stored information (ESI) locally or what’s known colloquially as “preserving it in place”. In fact, the international law firm Fulbright & Jaworski found in its 7th Annual Litigation Trends Survey that more than half (55%) of companies still rely on custodians as their primary method to identify and preserve their own information for litigation or an investigation.

By following this practice, these companies, particularly those with larger numbers of custodians,  have a higher risk of incomplete collection, inadvertent deletion/spoliation, and metadata corruption. What’s more, it’s difficult for legal to supervise  the collection process,  leading to inadequate defensibility of the litigation hold and eDiscovery process.

In a 2008 Kahn Consulting survey on employee understanding of eDiscovery responsibilities, only 22% of respondents said they had a good understanding of their responsibilities for retaining ESI for discovery. Only 16% said they had a good understanding of their responsibilities when responding to a litigation hold. These statistics, while a few years old, blatantly highlight the risk of custodial self discovery and preservation in place.

Still not convinced? The courts are now holding litigants to a higher standard. In a recent case, Roffe v. Eagle Rock Energy GP, et al., C.A. No. 5258-VCL (Del. Ch. Apr. 8, 2010), the Judge expressed surprise overt the custodial self discovery practice used by one attorney:

The Judge asked:

Am I correct that you have been relying on what they [the defendants] self-selected to put in their transaction files in terms of what you obtained and produced?

The defense attorney answered:

That’s correct, your Honor. I was told that they uniformly would put all of their Eagle Rock e-mails into that folder. I have not checked, and I don’t know whether that is true or whether that is accurate. I believe they are telling the truth, but I don’t know if that is accurate.

The Judge immediately responded:

Then here is my ruling. This is not satisfactory. From what you have described to me, you are not doing what you should be doing. First of all, you do not rely on a defendant to search their own e-mail system. Okay? There needs to be a lawyer who goes and makes sure the collection is done properly. So both as to the two directors who already have produced — we don’t rely on people who are defendants to decide what documents are responsive, at least not in this Court. And you certainly need to put somebody on a plane to go out and see Mr. Smith.

In this exchange, the Judge clearly states: We don’t rely on people who are defendants to decide what documents are responsive. Custodial self-discovery is like the fox guarding the chicken coop.

Relying on litigants to find, protect and eventually turn over potentially responsive ESI can be problematic. Most of them will attempt to do what’s right to the best of their understanding. But as we’ve seen from the 7th Annual Litigation Trends Survey, fewer  than1 in 4 (23%) have a good understanding. Those few that could have something to hide may find ways to do a sub-par job in the discovery process. If I am the opposing counsel, I  want to know if self discovery was relied on.

So what is a defensible answer for the risks posed by custodial self discovery and preservation in place? Well in my opinion—and I’m about to sound like a corporate schill–you need an ESI archive, which captures the majority of potentially responsive ESI from the in-house infrastructure along with a solution for the remote collection of custodian ESI from their locally controlled equipment.

First, a central ESI archive that captures, indexes, stores, protects, manages and disposes of ESI allows for central discovery of ESI for silos like email systems, share drives and SharePoint systems.

So what can be done for the discovery of locally controlled custodian locations?

Some organizations centrally backup custodian workstations on a regular basis. But relying on restoring backups and searching for responsive ESI has never been considered a good idea. It’s also expensive.

What if you could schedule forensically sound backups of all custodian workstations and use those backups of custodians’ workstations to discover against, even when those custodians are traveling and not synced to the organization’s infrastructure?

A consolidated metadata repository provides enterprises with an accessible catalog of the types of data and content stored on PCs. Using flexible metadata selections, administrators can quickly identify information that is relevant to litigation or compliance matters and, if necessary, retrieve that relevant data from the solution for further review.

Beware: Your Facebook Posts Could End Up in Court


Social networking posters beware…your Facebook and other social media accounts may be seen by more than just your friends; in fact, what you post and tweet could become court evidence.

But many of us don’t consider these implications when tweeting and posting. Current employers, potential employers and, yes, even attorneys review social networking sites for information on workers, job candidates and litigants.

Individuals as well as organizations need to carefully consider what they post to these sites. In the personal injury case of McMillen v. Hummingbird Speedway, Inc., No. 113-2010 CD (C.P. Jefferson, Sept. 9, 2010), Hummingbird Speedway, Inc. sought access to plaintiff’s social network accounts, requesting an eDiscovery production of his usernames, log-ins and passwords.

Plaintiff objected, arguing that the information on those sites was confidential.  Upon defendants’ Motion to Compel, the court found the requested information was not confidential or subject to the protection of any evidentiary privilege and ordered its production to defendants’ attorneys within 15 days. Additionally, the court ordered that plaintiff should not take steps to delete or alter the existing information on his social network accounts. The court said:

Specifically addressing the expectation of privacy with regard to Facebook and MySpace, the court found that any such expectation “would be unrealistic.”  The court then analyzed the relevant policies of the two sites, and concluded as to both that, “[w]hen a user communicates through Facebook or MySpace, however, he or she understands and tacitly submits to the possibility that a third-party recipient, i.e., one or more site operators, will also be receiving his or her messages and may further disclose them if the operator deems disclosure to be appropriate.”  Accordingly, the court determined that defendant could not successfully assert that his accounts were confidential.  In so holding, the court also noted the possibility that communications could be disclosed by friends of the account holder with whom the communications were shared.

Organizations need to establish and enforce employee social media policies to lower their risk and better protect their brand. Check out this related blog titled “Companies Need a Social Media Policy” for suggestions on establishing a corporate social media policy. And for all of us posters, bloggers and tweeters, be careful what you say; otherwise, it could be read back to you by an employer or judge.

Are Custodial Self-Discovery and Preserving ESI in place a good idea?


A majority of organizations still rely of the practice of instructing custodians to search for and protect potentially responsive ESI locally or “preserve it in place”. In its 7th Annual Litigation Trends Survey, Fulbright & Jaworski reported that 55% of responding companies still rely on custodians to identify and preserve their own information as the method used most frequently to preserve potentially relevant information in litigation or an investigation.

Custodial self-discovery and “preservation in place” is a potentially risky in that, especially with larger numbers of custodians, the risk of incomplete collection, inadvertent deletion/spoliation, and meta data corruption is greatly increased, legal supervision of the collection process is impossible leading to inadequate defensibility of the litigation hold and eDiscovery process.

In a 2008 Kahn Consulting survey on employee understanding of eDiscovery responsibilities, only 22% of respondents said they had a good understanding of their responsibilities for retaining ESI for discovery. Only 16% said they had a good understanding of their responsibilities when responding to a litigation hold. These statistics blatantly highlight the risk of custodial self discovery and preservation in place.

The courts are now holding litigants to a higher standard. In a recent case, Roffe v. Eagle Rock Energy GP, et al., C.A. No. 5258-VCL (Del. Ch. Apr. 8, 2010), the Judge was surprised at the custodial self discovery practice one attorney was relying on:

The Judge asks;

Am I correct that you have been relying on what they [the defendants]  self-selected to put in their transaction files, in terms of what you obtained and produced?

The defense attorney answers;

That’s correct, your Honor. I was told that they uniformly would put all of their Eagle Rock e-mails into that folder. I have not checked, and I don’t know whether that is true or whether that is accurate. I believe they are telling the truth, but I don’t know if that is accurate.

The Judge immediately responds to the defense attorney;

Then here is my ruling. This is not satisfactory. From what you have described to me, you are not doing what you should be doing. First of all, you do not rely on a defendant to search their own e-mail system. Okay? There needs to be a lawyer who goes and makes sure the collection is done properly. So both as to the two directors who already have produced — we don’t rely on people who are defendants to decide what documents are responsive, at least not in this Court. And you certainly need to put somebody on a plane to go out and see Mr. Smith.

In this exchange, the Judge clearly states; we don’t rely on people who are defendants to decide what documents are responsive. Custodial self-discovery is like the wolf guarding the chicken coop.

Relying on litigants to find, protect and eventually turn over potentially responsive ESI can be problematic. Most of them will attempt to do what’s right; to the best of their understanding (less than 23% have a good understanding). Those few that could have something to hide may find ways to do a subpar job in the discovery process. If I am the opposing counsel, I am going to want to know if self discovery was relied on.

Adequately Securing ESI


The law firm of Gibson Dunn has just published their mid-year Electronic Discovery and Information Law Update and pointed out some interesting trends. The report can be viewed here.

From the Gibson Dunn report:

Of the 103 opinions Gibson Dunn analyzed, litigants sought sanctions in 30% (or 31)–compared to 42% in all of 2009–and received sanctions in 68% of those cases (or 21)–compared to 70% in all of 2009.

Courts have continued to impose monetary sanctions on outside counsel for failing to adequately supervise a client’s collection and preservation of electronically stored information (“ESI”). In re A&M Florida Properties, the court sanctioned both the client and its outside attorney, noting that although neither had acted in bad faith, sanctions were appropriate because outside counsel “simply did not understand the technical depths to which electronic discovery can sometimes go.”

Similarly, in Wilson v. Thorn Energy, LLC, No. 08 Civ. 9009 (FM), 2010 WL 1712236 (S.D.N.Y. Mar. 15, 2010) (Maas, Mag. J.), the court imposed an adverse inference sanction for gross negligence where the defendants had lost all data relevant to a large transaction when a USB drive was erased.  Id. at *3.  The Wilson decision declined to apply the protections of Federal Rule of Civil Procedure 37(e), which provides a “safe harbor” “for failing to provide electronically stored information lost as a result of the routine, good-faith operation of an electronic information system,” as the erasure occurred outside of any routine document management procedures.  Id.

Based on these findings, sanctions for eDiscovery failures are still rising and the courts are holding outside counsel responsible for the discovery practices of their clients.

The Wilson v. Thorn Energy case is interesting for the fact that the responsive data in question was stored entirely on a “USB Thumb drive” with no backup. This brings up the question; what is an acceptable procedure for securing responsive or potentially responsive ESI? Is dumping it to a legal department share drive enough? How about storing it solely on a backup tape? How about putting it on an attorney’s laptop hard disk? The main question that I will address in the next blog post is; What do you need to do to ensure the ESI will be available later on?

Custodial Self-Discovery and Common Sense


The eDiscoveryJournal, recently ran an article about desktop collection for eDiscovery and mentioned the case of Roffe v Eagle Rock, a case involving custodial self-discovery and expectations from the Judge. The transcript from the conversation between the Judge and both parties of the case can be seen here.

This transcript is interesting in that the judge clearly explains his (and most judges) expectations of the discovery process especially in dealing with custodian’s email accounts and personal computers. In the exchange, one of the defendant’s attorneys explains that he has received some potentially responsive emails from the defendants and is still waiting for some more. To clarify, the Judge asks;

Am I correct that you have been relying on, for the other two committee members, what they self-selected to put in their transaction files, in terms of what you obtained and produced?

The defense attorney answers;

That’s correct, your Honor. I was told that they uniformly would put all of their Eagle Rock e-mails into that folder. I have not checked, and I don’t know whether that is true or whether that is accurate. I believe they are telling the truth, but I don’t know if that is accurate.

In the defense attorney’s answer it becomes obvious that he is relying on the defendants to find and turnover all responsive emails to him and that he has not done any supervisory direction or auditing of the discovery process.

The Judge immediately responds to the defense attorney;

Then here is my ruling. This is not satisfactory. From what you have described to me, you are not doing what you should be doing. First of all, you do not rely on a defendant to search their own e-mail system. Okay? There needs to be a lawyer who goes and makes sure the collection is done properly. So both as to the two directors who already have produced — we don’t rely on people who are defendants to decide what documents are responsive, at least not in this Court. And you certainly need to put somebody on a plane to go out and see Mr. Smith.

So the question for me would be, one, how fast can you do this right? And that means not only the e-mails from Mr. Smith. As I say, somebody should have been on a plane a long time ago to go through his e-mails. And if he chose to use his personal computer, well, that was his bad choice. All right? And if he has it mixed in other stuff that he gets, 150 e-mails a day, or whatever, that was his bad choice. That makes it all the more essential that a lawyer get on a plane, and go and sit down with Mr. Smith, and go through his e-mail and make sure that what is produced is — what is responsive is appropriately produced. And whoever it is better check his auto-delete settings, and they had better find out if these things have been auto-deleting every 30 days or 60 days or 90 days, and they better think through, as somebody properly should have done, whether there needs to be some type of, again, image and forensic check, to make sure that something hasn’t been lost in what sounds to me to be a lackadaisical, unsatisfactory process.

In this exchange, the Judge clearly states; we don’t rely on people who are defendants to decide what documents are responsive. Custodial self-discovery is like the wolf guarding the chicken coop. So for large matters with many custodians with potentially responsive ESI, what can an organization do?

First, the defense attorney should be overseeing the discovery process to ensure it is accomplished correctly. In most courts, the attorney has to certify that the discovery process was done correctly and what attorney wants to do that if they didn’t really manage it?

Second, relying on defendants to find and turn over potentially responsive ESI can be problematic. Most of them will attempt to do what’s right, to the best of their understanding. Those few that could have something to hide may find ways to do a subpar job in the discovery process. If I am the opposing counsel, I am going to want to know if self discovery was relied on. There are a couple of ways to accomplish a custodian-centric discovery. You can image all custodians workstations etc and filter the images for responsive ESI. You can conduct one on one interview with custodians and run search applications on their workstations. Both of these processes are expensive and time consuming.