defendant

Accessing hidden metadata in Office documents for eDiscovery

Bill Tolson eDiscovery, Technology , , , , , , , , , ,

Microsoft Office and other documents including PowerPoint, Word, and Excel among others can be a rich source of discoverable information for the plaintiff, especially if the author of the document didn’t take the time to scrub all hidden and personal information before finalizing it. Be aware all of this hidden and personal metadata can’t be altered after a litigation hold should have been applied.

Several types of hidden and personal data can and will be saved by default in an Office document if the correct precautions are not taken.  The first point to remember is that Office applications are by default capturing data as the document in question is created, reviewed and revised. Data such as:

  • Comments, revision marks from tracked changes, versions, and ink annotations
  • Document properties and personal information. Document properties, also known as metadata (metadata: Data that describes other data. For example, the words in a document are data; the word count is an example of metadata.), include details about your document such as author, subject, and title. Document properties also include information that is automatically maintained by Office programs, such as the name of the person who most recently saved a document and the date when a document was created. If you used specific features, your document might also contain additional kinds of personally identifiable information (PII) (personally identifiable information (PII): Any information that can be used to identify a person, such as a name, address, e-mail address, government ID, IP address, or any unique identifier associated with PII in another program.), such as e-mail headers, send-for-review information, routing slips, printer paths, and file path information for publishing Web pages.
  • Headers, footers, and watermarks
  • Hidden text including reviewers notes
  • Hidden rows, columns, and worksheets
  • Invisible content PowerPoint presentations and Excel workbooks can contain objects that are not visible because they are formatted as invisible
  • Off-slide content
  • Presentation notes
  • Document server properties. If your document was saved to a location on a document management server, such as a Document Workspace site or a library based on Microsoft Windows SharePoint Services, the document might contain additional document properties or information related to this server location.
  • Custom XML data

In my experience, few companies train their employees to remove this metadata before their documents, spreadsheets and presentations are finalized and distributed. For the attorney asking for ESI, a tell tale sign of spoliation would be the total absence of this hidden data. The attory could do a quick sampling of discovered documents and if the majority of them are “clean” then a discussion with the defendants counsel and possibly Judge would be in order. Unless the defendants could show evidence of employee processes including the regular removal of this type of data as a standard process, a spoliation ruling would be in the cards.

So what and how should a company put in place a process to make sure this type of metadata is removed as a standard process before litigation arises?

My next blog entry will answer this question.

Placing a “Computer Illiterate” in charge of eDiscovery is not a winning strategy for the defense

Bill Tolson eDiscovery , , , , , , , , , , , , ,

A case that had been decided for the plaintiff years earlier was reopened due to eDiscovery process questions. In the case of Green v. Blitz U.S.A., No. 2:07-CV-372 (TJW), 2011 WL 806011 (E.D. Tex. Mar. 1, 2011), the original attorney for the plaintiff was a plaintiff’s attorney on another case against the same defendant. During discovery for this other trial, the plaintiff’s attorney found out that evidence that should have been turned over for the previous plaintiff’s trial had not been. Because of this fact, the original lawsuit was reopened. In this second trial it was revealed the defendant had placed a single person in charge of electronic discovery for several ongoing cases. The problem with this was the person put in charge of eDiscovery was less than experienced. In fact, it was revealed that the employee “solely responsible for searching for and collecting ESI relevant to litigation between 2004 and 2007 issued no litigation hold, conducted no electronic word searches for emails, and made no effort to speak with defendant’s IT department regarding how to search for electronic documents.  In fact, the employee himself stated that he was “about as computer illiterate as they get.”

Making matters worse, some of the information discovered after the close of plaintiff’s case would have easily been identified with a simple word search, as the target words were in the subject line of one of the undisclosed emails specifically discussed by the court.  Also of note, as to the specific email discussed by the court, was the fact that the employee tasked with discovery was a recipient of the email and still failed to disclose it in discovery.  Despite failing to produce relevant material, the defendant made the certification that “full and complete disclosure ha[d] been made in accordance with the Federal Rule’s of Civil Procedure and the Court’s orders.”

The court also discussed defendant’s failure to issue a litigation hold to its employees and its failure to cease rotation of its backup tapes, two other actions expected when litigation is reasonable anticipated.  Accordingly, the court concluded that “it will never be known how much prejudice against the plaintiff was actually caused by the defendant’s failure to preserve documents” and found that sanctions were warranted.

Given the context and type of documents not disclosed, the court found that defendant’s conduct was a willful violation of the Court’s Discovery Order and that plaintiff had been prejudiced as a result. In other words, the original award would have been much higher if the ESI was found and turned over.

I don’t know if the defendant’s counsel choose a totally inexperienced person to run the eDiscovery process was just stupid or was part of a strategy to insure responsive ESI was not found. I think, minus proof of the second, we will have to go with the first explanation.

That being said, litigation hold and eDiscovery is a serious business and should never be taken lightly. Having control of your organization’s ESI is an important responsibility expected by the courts.

Case summary from eDiscoverylaw.com

How do you keep the ESI skeletons out of your closet?

Bill Tolson eDiscovery , , , , , , , , ,

A blog post written by Jim McGann of Index Engines on May 4th zeroed in on an interesting topic; how to keep ESI skeletons out of your corporate closet.

In his post Jim writes: Law firms and corporations alike tend to keep data storage devices well beyond what their compliance requirements or business needs actually dictate.  These so-called “skeletons in the closet” pose a major problem when the entity gets sued or subpoenaed. All that dusty data is suddenly potentially discoverable. Legal counsel can be proactive and initiate responsible handling of this legacy data by defining a new, defensible information governance process.

These skeletons can encompass both old, out of date data as well as the devices the old data is stored on. The risk includes not just the old data that might have content that you would rather not have discovered but also the storage devices that would “read” the old data. An attorney friend of mine related a case he was involved in several years ago where a company in discovery was asked about a filing cabinet in their warehouse that contained hundreds of 8 inch floppy disks. The plaintiff’s attorney asked if those floppy disks could contain data from the time period in question (8 years ago). No one at the company could really answer the question so the plaintiff’s attorney asked for an inventory of the data on those 8 inch floppy disks.

The defendants counsel obviously raised concerns over their ability to actually read the data as well as the cost involved. They argued that the disks drives which could read the 8 inch floppy disks couldn’t be found, that even if they could find the drives, they didn’t have computers with the correct interface to actually look at the data and the software to enable the floppy disks to be read did not exist.

The Judges question to the defendants was obvious; “why do you have a filing cabinet full of hundreds of 8 inch floppy disks if they can’t be read?”

The point of the story is data/information has a life span. 8,9,10 year old data in most cases will not be useful to an organization (unless there are regulatory reasons to keep it) so manage it for as long as its useful to your organization then get rid of it, especially if the technology to utilize it is way out of date.

A Proper Legal Hold Requires More Than Just an Email to a Few Employees

Bill Tolson eDiscovery , , , , , , , , , , , ,

In the recent case; Jones v. Bremen High School Dist. 228, 2010 WL 2106640 (N.D. Ill. May 25, 2010), one of the discovery points made in the decision was what is the appropriate legal hold process to meet an organization’s legal hold responsibilities.

The court determined that the defendant breached its duty to preserve by failing to immediately issue a litigation hold to “all employees who had dealings with plaintiff” and by relying on only a few individual employees to identify and preserve responsive email. The Judge stated:

It is unreasonable to allow a party’s interested employees to make the decision about the relevance of such documents, especially when those same employees have the ability to permanently delete unfavorable email from a party’s system.  As one court has noted, “simply accept [ing] whatever documents or information might be produced by [its] employees,” without preventing defendants from clearing the hard drives of former employees, was improper.  Most non-lawyer employees, whether marketing consultants or high school deans do not have enough knowledge of the applicable law to correctly recognize which documents are relevant to a lawsuit and which are not.  Furthermore, employees are often reluctant to reveal their mistakes or misdeeds.

The court also rejected defendant’s argument that placing a proper litigation hold would have resulted in burden to the defendant and noted the troublesome nature of defendant’s failure to produce the document retention policy posted on the district’s website.   The court then determined that plaintiff had been harmed by the delayed production of documents as well as the possibility that emails had been permanently deleted.

This case again highlights the need to comprehensive and tested litigation hold policies. A comprehensive Information Management solution should include central control of all ESI and the ability to search for the responsive ESI and place a secure litigation hold on it immediately.

The full case review can be viewed at eDiscoverylaw.com

Are foreign laws restricting the production of customer data being ignored by US courts?

Bill Tolson eDiscovery , , , , , , , , , ,

In a recent case; Accessdata Corp. v. ALSTE Tech. GMBH, 2010 WL 3184777 (D. Utah Jan. 21, 2010), the Plaintiff, an American company, sought to compel defendant’s production of documents, including information related to customer complaints and defendant’s technical support of non-customers. Defendant objected to the interrogatories and requests for production on the grounds that they were overly broad, unduly burdensome, and seeking irrelevant information and because “disclosure of information relating to third parties’ identities would violate German law.”

The defendant’s main argument was that German law prohibits the production of third-party personal information and that, if it complied with the discovery requests at issue, it would “subject itself to civil and criminal penalties for violating the German Data Protection Law … and the German Constitution.”

In this case the court found that ESI asked for from a German company should be turned over in discovery even though the defendant stated that German privacy laws prohibit customer data being turned over without the customer’s approval.

In this specific case, the court found:

While defendant asserts that providing personal information about its customers and their employees “would be a huge breach of fundamental privacy laws in Germany,” defendant has failed to demonstrate the verity of this assertion. Defendant has not cited to the particular provisions of the German Data Protection Act (”GDPA”) and/or German Constitution that would prohibit disclosure of personal third-party information. Based on the court’s brief review of the GDPA, it appears that it does not necessarily bar discovery of personal information. In particular, Part I, Section 4c of the GDPA, entitled “Derogations,” provides that the transfer of personal information to countries that do not have the same level of data protection “shall be lawful, if … the data subject has given his/her consent [or] … the transfer is necessary or legally required … for the establishment, exercise or defence of legal claims.” The GDPA further states that “[t]he body to which the data are transferred shall be informed that the transferred data may be processed or used only for the purpose for which they are being transferred.” ALSTE has not demonstrated that it has been unable to obtain consent from its customers or that it has even attempted to seek consent. ALSTE has also failed to address this particular provision of the GDPA or explain why it would not apply in the instant case.

On the face of it, this case looked like the United States District Court was imposing its will upon a foreign government and its privacy laws. In reality, the two main points of this particular case was:

  1. The defendant did not cite the particular provisions of German privacy law and did not try to obtain the customer’s approval to have their personal data transferred.
  2. The German laws actually make provisions for the possibility of ESI transfer to another countries jurisdiction; the GDPA does not necessarily bar discovery of personal information. In particular, Part I, Section 4c of the GDPA, entitled “Derogations,” provides that the transfer of personal information to countries that do not have the same level of data protection “shall be lawful, if … the data subject has given his/her consent [or] … the transfer is necessary or legally required … for the establishment, exercise or defense of legal claims.”

Anatomy of an Adverse Inference

Bill Tolson eDiscovery , , , , , , , , , , , , ,

In the investor related action, Pension Comm. of the Univ. of Montreal Pension Plan v. Banc of Am. Secs, No. CIV. 05-9016, 2010 U.S. Dist. LEXIS 1839 (S.D.N.Y. Jan. 11, 2010) the defendants, who were connected to a hedge fund that lost money, sought sanctions against the plaintiffs for failing to preserve and produce documents, including ESI, and for submitting false declarations regarding their collection and production efforts. The Judge in this case was the Honorable Shira A. Scheindlin.

This case came down to two questions about litigation holds: when should a litigation hold be initiated, and what actions are required in the placement and tracking of the litigation hold.

In addressing the charges of spoliation, the court’s opinion included:

“[i]t is well established that the duty to preserve evidence arises when a party reasonably anticipates litigation. “‘[O]nce a party reasonably anticipates litigation; it must suspend its routine document retention/destruction policy and put in place a ‘litigation hold’ to ensure the preservation of relevant documents.’” A plaintiff’s duty is more often triggered before litigation commences, in large part because plaintiffs control the timing of litigation.

When the spoliating party’s conduct is sufficiently egregious to justify a court’s imposition of a presumption of relevance and prejudice, or when the spoliating party’s conduct warrants permitting the jury to make such a presumption, the burden then shifts to the spoliating party to rebut that presumption.

“[i]n short, the innocent party must prove the following three elements: that the spoliating party (1) had control over the evidence and an obligation to preserve it at the time of destruction or loss; (2) acted with a culpable state of mind upon destroying or losing the evidence; and that (3) the missing evidence is relevant to the innocent party’s claim or defense.”

The Court issued the following adverse inference instruction to the jury:

The Citco Defendants have demonstrated that most plaintiffs conducted discovery in an ignorant and indifferent fashion. With respect to the grossly negligent plaintiffs – 2M, Hunnicutt, Coronation, the Chagnon Plaintiffs, Bombardier Trusts, and the Bombardier Foundation – I will give the following jury charge:

The Citco Defendants have argued that 2M, Hunnicutt, Coronation, the Chagnon Plaintiffs, Bombardier Trusts, and the Bombardier Foundation destroyed relevant evidence, or failed to prevent the destruction of relevant evidence. This is known as the “spoliation of evidence.”

Spoliation is the destruction of evidence or the failure to preserve property [*104] for another’s use as evidence in pending or reasonably foreseeable litigation. To demonstrate that spoliation occurred, the Citco Defendants bear the burden of proving the following two elements by a preponderance of the evidence:

First, that relevant evidence was destroyed after the duty to preserve arose. Evidence is relevant if it would have clarified a fact at issue in the trial and otherwise would naturally have been introduced into evidence; and

Second, that 2M, Hunnicutt, Coronation, the Chagnon Plaintiffs, Bombardier Trusts, and the Bombardier Foundation were grossly negligent in their failure to preserve the evidence.

I instruct you, as a matter of law, that each of these plaintiffs failed to preserve evidence after its duty to preserve arose. 250 As a result, you may presume, if you so choose, that such lost evidence was relevant, and that it would have been favorable to the Citco Defendants. In deciding whether to adopt this presumption, you may take into account the egregiousness of the plaintiffs’ conduct in failing to preserve the evidence.

However, each of these plaintiffs has offered evidence that (1) no evidence was lost; (2) if evidence was lost, it was not relevant; and (3) if evidence was lost and it was relevant, it would not have been favorable to the Citco Defendants.

If you decline to presume that the lost evidence was relevant or would have been favorable to the Citco Defendants, then your consideration of the lost evidence is at an end, and you will not draw any inference arising from the lost evidence.

However, if you decide to presume that the lost evidence was relevant and would have been unfavorable to the Citco Defendants, you must next decide whether any of the following plaintiffs have rebutted that presumption: 2M, Hunnicutt, Coronation, the Chagnon Plaintiffs, Bombardier Trusts, or the Bombardier Foundation. If you determine that a plaintiff has rebutted the presumption that the lost evidence was either relevant or favorable to the Citco Defendants, you will not draw any inference arising from the lost evidence against that plaintiff. If, on the other hand, you determine that a plaintiff has not rebutted the presumption that the lost evidence was both relevant and favorable to the Citco Defendants, you may draw an inference against that plaintiff and in favor of the Citco Defendants – namely that the lost evidence would have been  favorable to the Citco Defendants.

Each plaintiff is entitled to your separate consideration. The question as to whether the Citco Defendants have proven spoliation is personal to each plaintiff and must be decided by you as to each plaintiff individually.

The Court also noted, “[w]hile litigants are not required to execute document productions with absolute precision, at a minimum they must act diligently and search thoroughly at the time they reasonably anticipate litigation. All of the plaintiffs in this motion failed to do so and have been sanctioned accordingly.”

The courts are moving towards being much less lenient in the question of when should ESI be protected from deletion due to potential civil litigation and also whats expected of the attorneys in protecting potentially responsive ESI.   Corporate Attorneys should always be conservative in their handling of the litigation hold question.

Place holds quickly, communicate the holds to custodians quickly, even those at the periphery of the case, track the custodians actions around the hold communication, and lastly, document everything.

Taking litigation holds seriously will lower your overall litigation cost and risk.