Do organizations really have formal information disposal processes…I think NOT!


Do organizations really have formal information disposal processes…I think NOT!

Do organizations regularly dispose of information in a systematic, documented manner? If the answer is “sure we do”, do they do it via a standardized and documented process or “just leave it to the employees”?

If they don’t…who cares – storage is cheap!

When I ask customers if they have a formal information disposal process, 70 to 80 percent of the time the customer will answer “yes” but when pressed on their actual process, I almost always hear one of the following:

1.    We have mailbox limits, so employees have to delete emails when they reach their mailbox limit
2.    We tell our employees to delete content after 1,2, or 3 years
3.    We store our records (almost always paper) at Iron Mountain and regularly send deletion requests

None of these answers rise to an information governance and disposal process. Mailbox limits only force employees into stealth archiving, i.e. movement of content out of the organization’s direct control. Instructing employees to delete information without enforcement and auditing is as good as not telling them to do anything at all. And storing paper records at Iron Mountain does not address the 95%+ of the electronic data which resides in organizations.

Data center storage is not cheap. Sure, I can purchase 1 TB of external disk at a local electronics store for $150 but that 1 TB is not equal to 1 TB of storage in a corporate data center. It also doesn’t include annual support agreements, the cost of allocated floor space, the cost of power and cooling, or IT resource overhead including nightly backups. Besides, the cost of storage is not the biggest cost organizations who don’t actively manage their information face.

The astronomical costs arise when considering litigation and eDiscovery. A recent RAND survey highlighted the fact that it can cost $18,000 to review 1 GB of information for eDiscovery. And considering many legal cases include the collection and review of terabytes of information, you can imagine the average cost per case can be in the millions of dollars.

So what’s the answer? First, don’t assume information is cheap to keep. Data center storage and IT resources are not inexpensive, take human resources to keep up and running, and consume floor space. Second, information has legal risk and cost associated with it. The collection and review of information for responsiveness is time consuming and expensive. The legal risks associated with unmanaged information can be even more costly. Imagine your organization is sued. One of the first steps in responding to the suit is to find and secure all potentially responsive data. What would happen if you didn’t find all relevant data and it was later discovered you didn’t turn over some information that could have helped the other side’s case? The Judge can overturn an already decided case, issue an adverse inference, assign penalties etc. The withholding or destruction of evidence is never good and always costs the losing side a lot more.

The best strategy is to put policies, processes and automation in place to manage all electronic data as it occurs and to dispose of data deemed not required anymore. One solution is to put categorization software in place to index, understand and categorize content in real time by the conceptual meaning of the content.  Sophisticated categorization can also find, tag and automatically dispose of information that doesn’t need to be kept anymore.  Given the amount of information created daily, automating the process is the only definitive way to answer ‘yes we have a formal information disposal process’.

Advertisements

Will Spoliation Insurance Change How Judges Rule?


On Dec.2 2010, the Lexington Insurance Company started selling a new product–spoliation insurance. No, spoliation is not misspelled, and no, it’s not a witty descriptor for what’s likely to happen inside the office break room refrigerator before the end of the holidays. Spoliation is a legal term for the destruction of evidence in civil litigation matters. And this form of insurance protects you in the event a judge imposes fines or penalties because of lost evidence or other eDiscovery failures.

Why might you need spoliation insurance? Well, Duke University conducted a recent study finding 97 eDiscovery sanction cases in 2009, more than any prior year. These are cases where the judge has determined one of the parties destroyed evidence and now must determine a penalty for this destruction of evidence.

Some questions that come to mind for me:

  1. Does having spoliation insurance mean the discoveree can exercise less care with his records information management (RIM) program, litigation hold, or discovery processes because they don’t have to worry about a fine or penalty?
  2. Is the fact that you have spoliation insurance discoverable?
  3. Would the fact that you have spoliation insurance alter the ruling by the judge? (Would the judge, for instance, impose a higher fine or penalty to hammer the insurance company?)

Obviously, spoliation insurance will not affect whether your organization wins or loses the case. Also, I would expect insurance companies to set premiums to reflect their risk. If the insured has an effective RIM program and processes to find and protect responsive electronically stored information easily, insurers should lower premiums for these buyers over other applicants with questionable or no processes or other tools.

The next question that comes to mind is: Do you need spoliation insurance if your organization has prepared for effective eDiscovery by creating RIM policies, training employees on responsibilities and processes, and acquiring technology like an archive to better control ESI?

Now, the answer to this question is pretty commonsensical. Invest in responsible processes and training as well as the best tools/automation for RIM and eDiscovery, and you likely won’t need spoliation insurance.

The ABA Journal had a story on spoliation insurance on March 1, 2011. The ABA Journal article can be viewed here.

The Entrepreneur’s Guide to Litigation – Discovery


From an article in the National Law Review by Joseph D. Brydges

Discovery is a pre-trial phase of litigation during which a party to a lawsuit seeks to “discover” information from the opposing party. Discovery is meant to facilitate the truth-finding function of the courts and, as such, parties to a lawsuit have an automatic right to discovery. From a strategic standpoint, discovery is used to gather and preserve evidence in support or defense of the claims made in the complaint. Further, discovery often helps parties narrow the focus of the litigation in preparation for trial and, in some cases, may lead to a pre-trial settlement. Discovery is an extremely important phase of litigation because the evidence gathered during discovery will serve as the foundation of a motion for summary judgment and/or strategy at trial.

The entire article can be viewed here.

Did you hear the one about the Attorney who thought “Social Media” was a dating website for singles over 40?


A definition of the term social media from Merriam-Webster states “forms of electronic communication (as Web sites for social networking and microblogging) through which users create online communities to share information, ideas, personal messages, and other content.”

Another definition of “social media” from online matters reads “Social media is any form of online publication or presence that allows end users to engage in multi-directional conversations in or around the content on the website.”

Examples of social media include facebook, myspace, LinkedIn, twitter, YouTube, and WordPress (free blogging site) among many, many others. Social media is not limited to desktop computers either. Cell phones, smart phones, PDAs, iPhones and iPads are popular examples of mobile devices which can be connected to social media capabilities.

How popular is social media these days?

Facebook: 750 million plus active users (July 2011). Users spend over 700 billion minutes per month on facebook.

Twitter: 175 million total Twitter accounts, 119 million Twitter accounts following one or more other accounts (March 2011) with 177 million tweets sent in one day on M arch 11, 2011

LinkedIn: 100 million users (March 2011)

Based on the above numbers, the social media phenomenon has become a major source of electronic data which in turn means a major target in litigation.

Social media content as a source of evidence in civil litigation has become a popular topic in legal magazines, blogs, twitter posts and other information sources. There are several challenges around social media content from the employee’s point of view and its use in litigation. Individuals tend to view social media content the same way they thought about emails and voicemails years ago – transitory, something that was private and didn’t exist for long anyway. People are shocked that potential employers are looking at the individual’s public facebook page, twitter postings or LinkedIn profile to get a better idea of a job candidate’s background or when police view the same content to help build a case against someone.

“Seriously officer, I wasn’t at that party where someone got shot…I was visiting my grandmother in Fresno”

“Really?… then how come there’s a picture of you at the party holding a bottle of Jack Daniels in one hand and a Glock 9mm in the other hand?”

Does an employer have a right to an employee’s social media content? Some qualifying questions to determine this  would be:

  1. Has the employee mixed personal and business related content in their social media activity?
  2. Was the employee’s social media activity initiated from within the organization’s infrastructure or using their equipment?

In a 2010 US District Court decision, Equal Employment Opportunity Commission v. Simply Storage Management, L.L.C. and O.B. Management Services, the defendant, Simply Storage, sought to discover from  two employees claiming sexual harassment against their supervisors, all photographs and videos posted to their Facebook and My Space accounts, electronic copies, or alternatively hard copies, of their profiles which includes updates, messages, wall comments, causes/groups joined, activity streams, blog entries, blurbs, comments and applications. The EEOC objected to production on the grounds that the request was overbroad, not relevant, unduly burdensome, and improperly infringed on privacy and compliance would harass and embarrass the claimants. Simply Storage defended the request arguing that the claimants’ had put their emotional health at issue implicating all their social communications.

The Court ruled that the EEOC must produce relevant Social Networking Sites (SNS) communications in accordance with its guidelines noting first that SNS content is not shielded from discovery simply because it is locked or private.

In another case, TEKsystems, Inc. v. Hammernick et al., No 0:10-cv-00819, filed in the United States District Court for the District of Minnesota, is the first-known restrictive covenant lawsuit regarding allegedly unlawful conduct via social media (in this case, LinkedIn).

When Hammernick’s employment with TEKsystems ended, she went to work for Horizontal Integration, Inc., also an IT staffing firm. The complaint alleges that, after her employment with TEKsystems ended, Hammernick unlawfully communicated, on behalf of Horizontal Integration, with at least twenty “Contract Employees” via LinkedIn, the premiere social networking website used for business and professional purposes.

The allegations against Hammernick list, by name, the sixteen Contract Employees that she allegedly “connected” with on LinkedIn, in violation of her employment agreement with TEKsystems. This case raises the legal question whether merely “connecting” with professional contacts via professional networking websites constitutes a violation of a restrictive covenant prohibiting such “solicitation” or “contact.” Does the mere existence of a network of professional contacts equal solicitation? Will compliance with a non-solicitation restriction require individuals to “disconnect” or “de-friend” colleagues, customers, or clients of former employers until the non-solicitation period expires?

Smartphones are a super highway into your private social media content

Recently, California’s Supreme Court reached a controversial 5-2 decision in People v. Diaz (PDF), holding that police officers may lawfully search mobile phones found on arrested individuals’ persons without first obtaining a search warrant. The court reasoned that mobile phones, like cigarette packs and wallets, fall under the search incident to arrest exception to the Fourth Amendment to the Constitution.

Do you have a Twitter app or LinkedIn app on your smart phone? Does it automatically enter your logon and password when you start the app? If they do then law enforcement could take a look at you private facebook, LinkedIn or Twitter accounts.

Also be aware, if you voluntarily disclose or enter your mobile phone password in response to police interrogation, any evidence of illegal activity found on (or by way of) your phone is admissible in court, regardless of whether or not you’ve been Mirandized.

Its obvious social media is a new speed bump in the eDiscovery landscape. Employers need to create policies to address their concerns and educate their employees about these policies and the consequences of not following them.

Golf and Early Case Assessments – A Drama


Effective early case assessment is dependent on a complete data set.

On the average 97% of data generated within businesses is electronic. The average employee generates and receives up to 20 MB of email and potentially hundreds of MBs of office work files per day. Litigation is a huge problem these days for businesses. A huge amount of the cost of litigation is the cost of finding and reviewing electronically stored information (ESI) for both early case assessment as well as eDiscovery request response. ESI can hide anywhere in the corporate infrastructure; custodian workstations, network share drives, USB thumb drives, CD/DVDs, iPods etc. A centrally managed and fully indexed archive can speed the collection and review of potentially responsive records for early case assessment as well as more fully control and insure the placement of litigation holds.

No matter the case, the first question when you’re faced with litigation is whether the case has merit. If you haven’t prepared a case assessment strategy ahead of time, it will be difficult to quickly and effectively determine your strategy going forward; should you settle or fight…

An early case assessment capability provides you with four obvious benefits:

  • Provides an early indication of the merits of the case – do you have any actual liability.
  • Can suggest the proper strategy going forward.
  • Can provide you an estimate of the cost of defending the case and the time required.
  • Will help you plan for the discovery process and prepare for the “meet and confer” meeting.

Let’s look at some scenarios.

Scenario #1

You’re the General Counsel of a publicly traded software company in the state of California.

It’s a Friday near the end of summer and you’re sitting in your office thinking about your Hawaiian golf vacation which begins tomorrow.

You’re checking the last of your mail before you leave for 3 weeks.

You open a letter from an outside law firm addressed to you…

(Your secretary hears a string of profanities emanating from your office)

You immediately think to yourself; once this news gets out, your company’s stock will be hammered, your board of directors will want an update yesterday, your channel partners will want to be advised on their potential liability, sales that are in process will stop, your CEO will want to know if the case has merit…and your wife will want to know why you just cancelled the Hawaiian vacation she was looking forward to (she was staying home).

What to do first?

You call the plaintiff’s law firm of Tolson & Yonamine to determine what this case is based on…what’s driving it. The Partner managing the case can’t be reached but 2 hours later you receive a fax (a fax, really?) of a printed email that looks like it came from within your company…

What the…? Who, in their right mind would seriously consider something like this much less put it in writing?

Ok, first things first. Your next steps are:

  • Find out who “Jennifer” is, who she reports to and what department she work in. Also find out if she is even still with the company
  • Call the VP of IT and let her know what’s going on and verbally tell her to secure any infrastructure data from Jennifer or Bob
  • Follow that up by sending an email to the VP of IT asking her to secure Jennifer and Bob’s email boxes, and any backup tapes for their respective email servers
  • Send an email to Jennifer informing her of the litigation hold, her duties under it and the consequences if the directions are not followed
  • Send an email to Bob informing him of the litigation hold, his duties under it and the consequences if the directions are not followed
  • Instruct  the VP of IT via email to find the original of the email in question on the email servers or backup tapes

To complicate matters, the VP of IT calls back immediately to tell you that the company only keeps backup tapes of the email servers for 30 days and are then recycled. She also informs you that the company has a 90 day email retention policy meaning that employees must clear emails older than 90 days out of their mailbox or the company will do it automatically. Copies of those emails, if they exist, will only be available on the employee’s local workstations. You think to yourself; if that’s the case, how did the outside law firm get them?

You send one of your staff attorneys and an IT person to both Bob and Jennifer’s offices to look for a copy of the email on their local computers etc.

Later, you find that Bob has a 3 GB PST, local personal email archive, on his laptop where the email might exist but for some reason the IT guy can’t open it. IT calls Microsoft support and is told that the PST is too big and is no doubt irrevocably corrupted.

In the mean time, one of your staff attorneys spends 4.5 hours at Jennifer’s office and eventually finds a copy of the email in her local PST… the email really does exist…%$#@!!. She has no idea why she would have written something like that and there are no records of any other emails associated with that particular smoking gun email. Because the email in question is older than the company’s oldest email server backup tapes, your early case assessment is stopped dead for lack of data.

Now what?

After several months of negotiating with ABC Systems and their law firm, you settle for damages of $35 million and an apology published in the business section of the San Jose Mercury News.

In the preceding scenario, the available early case assessment process suggested that the case might have merit and should be settled before more resources were expended. In this case, the early case assessment was negatively impacted by a shortage of data due to retention policies that were put into place mainly for storage management reasons.

Having access to all relevant information early on can mean the difference between fighting a winnable case and settling the case early for hopefully much less then is being asked for. An early case assessment strategy with the right tools can improve the odds of a favorable outcome.

Early Case Assessment with Proactive ESI Archiving

Let’s look at the preceding scenario with one difference… the defendant has an ESI archiving system and a more common sense retention policy which in this case includes a 3 year retention policy for email.

You are the General Counsel of a publicly traded software company in California

It’s a Friday near the end of summer and you are sitting in your office thinking about your Hawaiian golf vacation which begins tomorrow

You open the last of your mail before you leave for 3 weeks

You open a letter from an outside law firm…

This can’t be real. This must be a joke from your $*@$!! Brother-in-law. After calling him and determining it’s not a joke you think to yourself; NOW WHAT?

You call the opposing counsel to determine what this case is based on. The partner managing the case can’t be reached but 2 hours later you receive a fax showing a printed email that looks like it came from within your company…

Next, you must place a litigation hold on all potentially responsive records

  • Find out who “Jennifer” is, who she reports to and what department she work in. Also, is she even still with the company
  • Call the VP of IT and let her know what’s going on
  • Instruct one of your staff attorneys to query the email archive to determine if that specific email exists, and to provide the entire conversation thread around that email so you can review it for intent.

Your staff attorney quickly queries the archive and pulls up a copy of the email message with the entire conversation thread, puts the entire conversation thread on litigation hold and sends you the following email…

“Boss, the email in question was based on the following conversation thread starting with the CEO:”

“Based on the early case assessment using the email archive and the conversation thread capability, I found that the “smoking gun” email was taken out of context and can prove the case has no merit…We should talk to opposing counsel as soon as possible to end this now.”

You think to yourself; whatever person’s idea it was to get that email archiving system in place should be given a load of stock options…

You spend the next morning talking to the opposing counsel…the action is withdrawn a month later…

You continue with your golf vacation having only missed two days and your wife is especially happy you were able to go on your vacation (alone).

An important aspect of an early case assessment is to tell you if the case has merit. It’s difficult to make an informed assessment about a case without all the data…

Accidental Data Deletion Still Considered Spoliation


From an article posted to the Infosecurity-us.com website yesterday:

When litigation-based data management isn’t taken seriously dire consequences will occur.

When it comes to electronic discovery, if you fail to protect potentially relevant data and it’s destroyed, no matter the excuse, you have deprived the other side of their right to all relevant evidence to support their case and subsequently put them at a disadvantage.

What are your responsibilities when it comes to securing data that could be used against you in a current or future civil lawsuit? Judges today have little sympathy for accidental or shoddy data handling practices when it comes to protecting and turning over data in litigation.

Controlling your company’s information at all times is crucial if, or when, you get dragged into civil litigation. What is eDiscovery? Well, it’s not an afterhours team-building exercise. Electronic discovery (also called eDiscovery or Discovery) refers to any process (in any country) in which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a civil or criminal legal case. The eDiscovery process can be carried out offline on a particular computer or it can be accomplished on a corporate network.

Since the new amendments to the Federal Rules of Civil Procedure (FRCP) were adopted in December 2006, judges expect that organizations in eDiscovery have complete control of their organization’s data and can fully respond to an eDiscovery request in days or weeks, not months or years.

The entire article can be read here

Does Exchange 2010 have eDiscovery Defensibility?


One question I get asked a lot lately at webinars and seminars is; doesn’t Microsoft Exchange have all the tools I need to respond to a Discovery request? In other words can you rely on Exchange 2010 discovery capability for defensible search and litigation hold? Depending on who you talk to the answer can be yes or no.

Now don’t get me wrong, Microsoft has made great strides on its eDiscovery capability over the last several years with Exchange 2007 and 2010. But there is at least one major question to ask yourself when considering if Exchange 2010 has the capabilities, by itself, to respond to a eDiscovery request. That question is; can I respond to a email discovery request quickly and completely enough to satisfy the opposing counsel and Judge in a defensible manner?

One potential problem I’ve run across is a question of completeness of the eDiscovery search capability in Exchange 2010. Can you rely on it to produce the search results so that 1, all potentially responsive ESI can be found and placed on a litigation hold and 2, does the results set you eventually end up with contain all potentially responsive ESI?

Exchange 2010 comes with a default package of what Microsoft terms as iFilters. These iFilters allow Exchange to index specific file types in email attachments. This default iFilter pack (a description of which can be seen here) must be installed when Exchanger server 2010 is installed. This default iFilter pack includes the following file types:

.ascx, .asm, .asp, .aspx, .bat, .c, .cmd, .cpp, .cxx, .def, .dic, .doc, .docx, .dot, .h, .hhc, .hpp, .htm, .html, .htw, .htx, .hxx, .ibq, .idl, .inc, .inf, .ini, .inx, .js, .log, .m3u, .mht, .odc, .one, .pl, .pot, .ppt, .pptx, .rc, .reg, .rtf, .stm, .txt, .url, .vbs, .wtx, .xlc, .xls, .xlsb, .xlsx, .xlt, .xml, .zip

An obvious missing file type is the Adobe Acrobat .pdf extension. Many/most eDiscovery professionals will tell you that PDF files make up a sizable share of potentially responsive ESI in discovery. What if your IT department didn’t know about this limitation and never installed a separate iFilter for Adobe Acrobat files? What if your legal department didn’t know of this missing capability?

Your discovery searches would not be returning responsive PDF files causing major risk in both litigation hold and your overall discovery response.

Another question in reference to the Exchange 2010 Abobe Acrobat search capability is the effectiveness of the search. In a WindowsITPro article from last year titled Exchange Search Indexing and the problem with PDFs, Or “Why I hate Adobe with the Burning Passion of 10,000 Suns”, Paul Robichaux writes:

This test provided an unsatisfying result. I don’t feel like I found or fixed the problem; I just identified it more closely. Telling my users, “Sure, you can search attachments in Exchange, unless they happen to be PDFs, but then again maybe not,” isn’t what I had in mind. I hope that Adobe fixes its IFilter to work properly; it’s a shame that Adobe’s poor implementation is making Exchange search look bad.”

Corporate attorneys in organizations using Exchange 2007 and 2010 as their email system should immediately ask their IT departments about their system’s ability to index and search PDF files.

Attorneys on the other side of the table should be asking defense counsel the status of their Exchange 2007/2010 Adobe Acrobat search and litigation hold capability.