Putting some real teeth in eDiscovery sanctions will drive effective information management

Ok, I know there is a push back from the legal industry in reference to the problem of the cost of discovery. Yes, companies create, use, receive and delete huge amounts of electronic information on a daily basis and it is unreasonable to expect an organization to have enough of a handle on this moving target to be able to place an effective legal hold – quickly, and provide all responsive information in response to an eDiscovery request. But come on… organizations live and die by their information, especially electronic information and if an organization doesn’t have enough of a handle on their data to be able to place a legal hold on select data, then I’m sorry they have other problems.

It all comes down to effective information management. Why is it unreasonable for a Judge to expect a company knows what data it has at any point in time and can find it when it needs to?

I understand the proportionality doctrine argument, and it makes sense. If proportionality did not exist, a plaintiff’s counsel could win every case just based on how they construct their discovery request.

Many businesses in the United States have long given employees total control of the company records, with a few exceptions, with little or no central control or even knowledge the information exists and how it pertains to the business. This does not seem the best business decision for the long run.

Maybe eDiscovery can serve as the impetus to nudge companies to start taking information management seriously. If Judges start imposing even larger penalties and fines for what amounts to eDiscovery failings because of ineffective or no information management policies in an organization, then we may see a corporate change of attitude.

In a recent LTN Law Technology News article, e-discovery analyst Barry Murphy of Murphy Insights noted that very few sanctions for e-discovery have had any real teeth, and the few that have involved large dollar amounts have been overturned. In some cases, e-discovery snafus have led to negative inferences that almost certainly impacted the outcome, but he says even those rulings seem to have had little impact. “The sanctions we’re seeing are too small to register with many people, and while negative inferences may lead to a bad outcome, the impact is not always obvious,” says Murphy. “Once we see a sanction for many millions of dollars because of a failure to preserve electronic evidence, the point will be clearer.”

Let me offer some common sense suggestions around information management and eDiscovery:

  1. Have regularly updated and tested records retention policies
  2. Get rid of data your business no longer needs
  3. Really know what electronically stored information (ESI) you have and don’t have
  4. Be ready to find it quickly
  5. If you are a big enough organization, have tools on hand to help in the searches
  6. Have a tested litigation hold process. Be able to stop records deletions based on content, employee, date etc. quickly
  7. Have a tested eDiscovery process

Too many organizations are willing to risk the consequences; “It’s never happened to me before”. If you manage your ESI effectively, then discovery response should not be a problem

A Proper Legal Hold Requires More Than Just an Email to a Few Employees

In the recent case; Jones v. Bremen High School Dist. 228, 2010 WL 2106640 (N.D. Ill. May 25, 2010), one of the discovery points made in the decision was what is the appropriate legal hold process to meet an organization’s legal hold responsibilities.

The court determined that the defendant breached its duty to preserve by failing to immediately issue a litigation hold to “all employees who had dealings with plaintiff” and by relying on only a few individual employees to identify and preserve responsive email. The Judge stated:

It is unreasonable to allow a party’s interested employees to make the decision about the relevance of such documents, especially when those same employees have the ability to permanently delete unfavorable email from a party’s system.  As one court has noted, “simply accept [ing] whatever documents or information might be produced by [its] employees,” without preventing defendants from clearing the hard drives of former employees, was improper.  Most non-lawyer employees, whether marketing consultants or high school deans do not have enough knowledge of the applicable law to correctly recognize which documents are relevant to a lawsuit and which are not.  Furthermore, employees are often reluctant to reveal their mistakes or misdeeds.

The court also rejected defendant’s argument that placing a proper litigation hold would have resulted in burden to the defendant and noted the troublesome nature of defendant’s failure to produce the document retention policy posted on the district’s website.   The court then determined that plaintiff had been harmed by the delayed production of documents as well as the possibility that emails had been permanently deleted.

This case again highlights the need to comprehensive and tested litigation hold policies. A comprehensive Information Management solution should include central control of all ESI and the ability to search for the responsive ESI and place a secure litigation hold on it immediately.

The full case review can be viewed at eDiscoverylaw.com

Do we need an addition to the EDRM?

The Electronic Discovery Reference Model is a great reference model showing all the general steps/processes around eDiscovery. There has obviously been a great deal of thought and work put behind it with fantastic results but does it cover everything that corporate legal departments want?

The reason I bring this up is I often run across companies that comment on the EDRM mostly because it doesn’t really reflect their processes. I don’t think it was met to be specific and probably couldn’t have been. Organizations have their own processes they have developed and are use to and it would be nearly impossible to take them all into consideration.

An addition I would like to see in the EDRM is a costing component. What processes, for example, incur the highest costs and how could those costs be better controlled. Again, I don’t believe it was in the EDRM’s target to answer those kinds of questions but wouldn’t those answers be great?

Eight Tenets for Building Effective Records Retention Policies

Corporate records retention policies for many companies are afterthoughts with little understanding of how the company truly uses its documents/records/ESI. In my experience, many companies leave the decision of whether to keep records and for how long to their employees. This strategy is dangerous and costly when litigation is potentially possible. Allowing your employees total control over records and ESI drives the cost of eDiscovery up because you greatly multiple the number of possible storage ares you must check for responsive records. It also increases the risk of spoliation when a litigation hold is required.

So to lower your cost and risk during eDiscovery, creating and enforcing effective records retention policies is a great first step to take.

Building effective records retention policies for eDiscovery preparedness, storage management, regulatory requirements etc. is not an exercise that should be done by a single individual or department. Put a cross departmental team together to fully understand how your organization uses and discards records.

The Eight Tenets:

  1. Understand any and all regulatory retention requirements you may have. Every organization will have federal or state retention requirements. The most obvious is the HR related regulations.
  2. Understand how and why your employees use data. You don’t want to create policies that make employees less productive or take away their ability to use and reference the data the need for their jobs.
  3. Create a common sense retention schedule. Don’t create an overly complex schedule that employees will quickly find ways to work around or ignore. Keep in mind the 5 second rule: If it take employees more than 5 seconds to decide how long to keep a record/document, they will almost always choose the longest retention period available.
  4. Build in a ESI litigation hold process…and test it.
  5. Train your employees on the new policies and insure they understand why the policies were created.
  6. Enforce the retention policies with audits and punishments if not followed. This step is important in litigation to be able to show the Judge of your “good faith intent” to insure ESI is not recklessly destroyed.
  7. Insure the language of the poplicy stands up to scutinity in the event of litigation by having your external counsel review the policies annually.
  8. And lastly, document everything you have done.

Depending on the size and complexity of your infrastructure, an ESI archive may be appropriate.

Litigation Holds and Lessons Learned

Bow Tie Law’s Blog recently had an interesting piece on litigation holds titled “The Holding Pattern: Lessons Learned on Litigation Holds” where insufficient notices or notices crated in bad faith can jeopardize a case because of the possibility of spoliation of ESI.

I have run across this same problem with past customers that didn’t take the litigation hold responsibility seriously. I worked with a customer whose litigation hold process was to send an email out to all 40,000 employees in 60 different countries telling them to stop deleting emails with specific content.

There was no consideration given to employees in other countries being able to read and understand English nor any follow up to make sure they had understood and acknowledge their responsibility. The GC’s opinion was: “I’ve let the employees know; now it’s their problem”. Obviously that doesn’t fly now.

So what is an easier, less risky way of applying litigation holds? The most straight forward way is to do it centrally and not rely on employees to understand and do it properly. A centrally managed ESI archive gives the legal department the ability to find the potentially responsive ESI and apply a litigation hold within minutes. This will also greatly reduce your risk of spoliation.

This also means all responsive ESI is available to be searched and placed on litigation hold. So you don’t have to hope employees understand and react properly to your litigation hold request…you simply do it centrally.

Manual Litigation Holds are Risky

In the case Pinstripe, Inc. v. Manpower, Inc., 2009 WL 2252131 (N.D. Okla. July 29, 2009), the defendant ran afoul of the litigation hold requirement by relying on a manual form of placing litigation holds, e.g. send litigation hold notices out to affected custodians.

The risk in this process is that 1. you have to send the notice out to all potentially affected custodians and 2. you have to be sure they read and understand the notice.

Many companies lose litigation before it really starts because they can’t effectively stop deletions of potentially responsive ESI.

The only way to insure you can stop ESI deletions when the litigation hold requirement is triggered is to take the management of ESI away from the individual custodians and centrally control it via an archive that captures and secures everything for some period of time.

With this strategy, the ESI can be managed and secured centrally which also allows for instantaneous placement of litigations holds on all potentially responsive ESI.

The key here is to use an ESI archiving system that captures a full ESI data set meaning for example not just email messages but also their attachments, calendar entries, task lists, contacts and attributes.

Also, for those of you that have SharePoint systems, be aware that SharePoint manages many more data type than just a record or document. Make sure you can capture and hold anything the eDiscovery request could ask for in a given ESI system.

Can SharePoint be an effective eDiscovery Repository?

Microsoft positions SharePoint as a document and information sharing platform for companies. SharePoint Team Services provides templates for setting up a Web site so that workgroups can share documents, calendars, announcements, postings, host blogs and wikis among other things. SharePoint Portal Server is used to build intranet portals and share documents. The SharePoint system is a very powerful platform that will become a staple for most business entities.

One perceived problem with SharePoint adoption is that because a SharePoint system can contain so much information, some in the legal community aren’t sure if and how easy a SharePoint solution could be “discovered” and an even more important point, how data within the SharePoint system can be secured under a litigation hold.

With a little planning and an addition, a SharePoint solution can be an extremely valuable tool for your company as well as a litigation-ready eDiscovery repository.

The addition of an archive that can capture, index and secure all SharePoint data, not just the documents but everything, would remove the eDiscovery liability with a SharePoint system as well as drive down the costs and risks of eDiscovery.

The EDRM Model

Everyone rasie their hand if they have ever heard of the Electronic Discovery Reference Model (EDRM)…

The EDRM project is an effort to create standards and guidelines around the electronic discovery process. George J. Socha of Socha Consulting LLC and Tom Gelbmann of Gelbmann & Associates has done extensive work creating this model.

The reason I ask is I’m not sure those people that should know about it is aware of it. I just spent a week meeting with ten of the largest law firms on the east coast and not one of the many attorneys or associates I asked had ever heard of it.

I’m not sure what the answer is short of law schools actually spending some time on it, but if you get a chance take a look at it.