You Don’t Know What You Don’t Know


Blog_06272014_graphicThe Akron Legal News this week published an interesting editorial on information governance. The story by Richard Weiner discussed how law firms are dealing with the transition from rooms filled with hard copy records to electronically stored information (ESI) which includes firm business records as well as huge amounts of client eDiscovery content. The story pointed out that ESI flows into the law firm so quickly and in such huge quantities no one can track it much less know what it contains.  Law firms are now facing an inflection point, change the way all information is managed or suffer client dissatisfaction and client loss.

The story pointed out that “in order to function as a business, somebody is going to have to, at least, track all of your data before it gets even more out of control – Enter information governance.”

There are many definitions of information governance (IG) floating around but the story presented one specifically targeted at law firms: IG is “the rules and framework for managing all of a law firm’s electronic data and documents, including material produced in discovery, as well as legal files and correspondence.” Richard went on to point out that there are four main tasks to accomplish through the IG process. They are:

  • Map where the data is stored;
  • Determine how the data is being managed;
  • Determine data preservation methodology;
  • Create forensically sound data collection methods.

I would add several more to this list:

  • Create a process to account for and classify inbound client data such as eDiscovery and regulatory collections.
  • Determine those areas where client information governance practices differ from firm information governance practices.
  • Reconcile those differences with client(s).

As law firms’ transition to mostly ESI for both firm business and client data, law firms will need to adopt IG practices and process to account for and manage to these different requirements. Many believe this transition will eventually lead to the incorporation of machine learning techniques into IG to enable law firm IG processes to have a much more granular understanding of what the actual meaning of the data, not just that it’s a firm business record or part of a client eDiscovery response. This will in turn enable more granular data categorization capability of all firm information.

Iron Mountain has hosted the annual Law Firm Information Governance Symposium which has directly addressed many of these topics around law firm IG. The symposium has produced ”A Proposed Law Firm Information Governance Framework” a detailed description of the processes to look at as law firms look at adopting an information governance program.

Advertisements

Is the popular Dropbox file sharing application a huge eDiscovery risk?


First let me say the Dropbox file sharing program is one of the greatest applications I’ve run across in a long time and to date has approximately 25 million users world-wide. What is Dropbox? Dropbox is a cloud storage application which synchronizes files between computers and other electronic devices like iPhones. Installing Dropbox creates a special folder on your computer. Anything that you put in this folder is automatically synchronized with any other computer or iPhones on which you’ve installed the service. The files you drop in for synchronization are also located on a remote server, which means you can download files even when all of your other devices are turned off or offline. It’s easy to understand why instant synchronization across all your computers and iPhones is inherently fantastic. You drop a file into your Dropbox folder on say your work computer and it’s almost instantly on all your other computers (with an internet connection) and iPhones, be it at home, work, on the road or on vacation. What’s greater than that?

You need to be aware of a couple of potential problem areas if you are going to install Dropbox; first when you delete a file in your Dropbox folder on your computer it is not really deleted from the Dropbox cloud. It is classified as “Deleted” and will disappear out of your desktop folder but in the Dropbox cloud it still exists and can be “Undeleted”.

Dropbox saves a history of all deleted and earlier versions of files for 30 days for all Dropbox accounts by default. If you have the Pack-Rat add-on, Dropbox saves those files for as long as you have the Pack-Rat add-on. With Pack-Rat, you never have to worry about losing an old version of a file. You can permanently delete files inside of the 30 days but that must be done in your web account.

Another capability to be aware of is the “Events” tab in the web account.

The Events window shows you all of the recent(?) activity that has taken place in your account. This includes a wide variety of data such as the addition and deletion of files, moving files, adding and removing folders, sharing files and folders, linking computers to your account and more. At this point I’m not sure how long this history is available in a given account but in my account, the history is showing info back to when I created the account 6 months ago.

All of these great capabilities point out two areas of concern that organizations need to be aware of. First, could intellectual property theft get any easier? A worst case scenario would be the following; an employee decides to leave the company and wants to take some IP he or she has been working on for the last 7 months. The employee can simply drag the electronic files to his Dropbox folder on their company supplied computer and later that night access it from their computer at home or even worse, give their new employer the password to their Dropbox account and within seconds all that IP is sitting on the new employer’s desktop…it can happen in a matter of seconds, would the current employer even be able to tell if that IP was copied?

An even more interesting concern arises around eDiscovery risk. Would the fact that a custodian has or had at one time a Dropbox account, make all of their non-business supplied computers and iPhones a target of eDiscovery if they were a party to litigation in their organization?

An opposing counsel’s questioning might go something like this;

Opposing counsel: “Bill, do you now or did you during the time period in question have a Dropbox account?”

Bill: “Possibly…I’ve had one for sometime”

Opposing counsel: “While you’ve had the Dropbox account, have you ever copied work related documents or emails to your Dropbox account for whatever reason?”

Bill: “Yes I have”

Opposing counsel: “Could you have copied files that are relevant to the current case?”

Bill: “Maybe…I don’t remember”

Opposing counsel: “You don’t remember…is that the truth?

Bill: “Is that the truth? …YOU CAN’T HANDLE THE TRUTH!! (Jack Nicolson flashback)”

Opposing counsel: “Judge, I would like to include every computer and iPhone Bill has access to in the eDiscovery request as well as Bill’s  Dropbox account to view any deleted files as well as his “Events” history.”

Bill: “You’ve got to be kidding…Judge?”

Judge: “Do I look like I’m kidding? …Makes sense, approved”

Is the preceding example a possibility? Sure it is. So how would your organization defend against this type of eDiscovery risk?

In my experience, if you inform employees (in writing) that by using the Dropbox application from their work as well as personal computers and company supplied iPhone, they open themselves to having their personal home computers or any computer that had the Dropbox application installed on to be potentially accessed and reviewed by attorneys, most employee will refrain from installing it on their work related computers. It would also be a good insurance policy to create a computer use policy which includes a directive against installing the Dropbox application on work owned assets.

Again, let me stress that I think the Dropbox application is fantastic and has great uses for everyday life but employees and organizations need to be aware of the risks associated with it in litigation.

Training Employees Before they Hit the SEND Key


Time and time again we see news stories and legal case writes ups where it has become obvious employees still have no idea that an email is not a private communication. I find most employees, even corporate legal department types, still consider an email is like a verbal conversation in a parking lot; once its ended, it doesn’t exist anymore (unless it was recorded).

A recent example came from the Goldman Sachs Congressional hearings where the following exchange took place:

US Senator Carl Levin: “And when you heard that your employees, in these e-mails, when looking at these deals, said God, what a shitty deal, God what a piece of crap – when you hear your own employees or read about those in the e-mails, do you feel anything?”

David Viniar, chief financial officer, Goldman Sachs: “I think that’s very unfortunate to have on e-mail.”

This is a prime example of a probably very smart guy never considered that specific content in that email would every show up in a blog much less the front page of the Wall Street Journal. This problem of unguarded content in emails has become a major liability for many companies and organizations. Another example is the email flap recently over the emails between various researchers at various universities around the global warming question.

Organizations are doing themselves a huge disservice by not training their employees around proper email use and its implications if not followed. I am not addressing the “right” or wrong” questions about these two specific examples, just the fact that very smart people continuously ignore the consequences of questionable emails.

So what can organizations do to protect themselves from this kind of liability? Well there are two steps that you can take to drastically reduce your liabilities around smoking gun emails. First, train all employees (not just once but at least annually) on your email use policy (hopefully you have one that addresses this kind of behavior). But also just as important is to educate them on the consequences of inappropriate email usage. Explain to them the eDiscovery process and what that means for email. Government agencies as well as attorneys regularly ask for and get emails from organizations in litigation or agency subpoena.

Also educate them on the email technology. I can’t count how many times I have had CEOs, CIOs all the way down the line to line workers explain to me that when they delete an email from their email box, it’s really gone. Show them why that’s not the case with a couple of the hundreds of case examples where company employees believed the same thing and what happened.

The second step is to put technology in place that helps you zero in on this type of behavior before it ends up in court and on the front page.  Many organizations will think this is “big brotherish” and not fitting with their organizations culture. I disagree with this reasoning…Putting protections in place to ensure proper business behavior is a common sense measure to reduce your legal liabilities. Install an email archiving system so that email is secured for some period of time via retention policies and also have content monitoring capability to be able to monitor, in real time, occurrences of content/behavior your organization has deemed out of bounds. Along with this technology, be sure to explain (repeatedly) to each and every employee that all of their emails are being captured for a period of time and that some are actually being monitored for content. I guarantee you that your employees will be overly careful what they put in emails going forward.

A Proper Legal Hold Requires More Than Just an Email to a Few Employees


In the recent case; Jones v. Bremen High School Dist. 228, 2010 WL 2106640 (N.D. Ill. May 25, 2010), one of the discovery points made in the decision was what is the appropriate legal hold process to meet an organization’s legal hold responsibilities.

The court determined that the defendant breached its duty to preserve by failing to immediately issue a litigation hold to “all employees who had dealings with plaintiff” and by relying on only a few individual employees to identify and preserve responsive email. The Judge stated:

It is unreasonable to allow a party’s interested employees to make the decision about the relevance of such documents, especially when those same employees have the ability to permanently delete unfavorable email from a party’s system.  As one court has noted, “simply accept [ing] whatever documents or information might be produced by [its] employees,” without preventing defendants from clearing the hard drives of former employees, was improper.  Most non-lawyer employees, whether marketing consultants or high school deans do not have enough knowledge of the applicable law to correctly recognize which documents are relevant to a lawsuit and which are not.  Furthermore, employees are often reluctant to reveal their mistakes or misdeeds.

The court also rejected defendant’s argument that placing a proper litigation hold would have resulted in burden to the defendant and noted the troublesome nature of defendant’s failure to produce the document retention policy posted on the district’s website.   The court then determined that plaintiff had been harmed by the delayed production of documents as well as the possibility that emails had been permanently deleted.

This case again highlights the need to comprehensive and tested litigation hold policies. A comprehensive Information Management solution should include central control of all ESI and the ability to search for the responsive ESI and place a secure litigation hold on it immediately.

The full case review can be viewed at eDiscoverylaw.com

Backups are an effective eDiscovery resource, if it’s the right backup


I have always been told relying on backups for eDiscovery purposes is a costly and time consuming mistake.

Searching through backup tapes or even a disk-based backup for eDiscovery is difficult. Imagine restoring 22 200 GB backup tapes of your employee workstations and

Consider an eDiscovery request which asks for any files on 73 custodian workstations which contain the terms “Mimosa” and “Iron Mountain” that were created or accessed between Feb 19 2008 and June 3 2010, all the while meeting a 30 day deadline from the court to produce. How would you quickly determine what if any responsive content exists on those 73 custodians laptops/desktops?

The scenario I laid out above is not a corner-case, made-up situation. I have seen this many times. Many of you will recognize a situation very close to this.

Now consider one additional requirement to the above scenario… you must insure any responsive ESI on those workstations are secure and not deleted (litigation hold) by the custodian starting right now.

Active content on custodian workstations and laptops is the single biggest risk when facing litigation hold and eDiscovery responsibilities for most organizations. The usual processes most organizations follow for custodian resource collection is either:

  1. Custodian led collection: the organizations legal department sends out a detailed email to all custodians’ involved asking them to search for specific content on their system (including any PSTs) and forward any results to the legal department. Many opposing counsel’s have a problem with this process

or

  1. The legal department creates collection teams which consist of a legal department employee and an IT employee to visit each custodian’s workspace to look for responsive ESI, usually including the imaging of the custodian’s hard disks. This imaging of the custodian’s hard disk takes hours and then has to be filtered somewhere else to look for responsive content.

What if you could utilize your centrally managed custodian workstation/laptop backup process for eDiscovery purposes?

Iron Mountain has addressed this major eDiscovery risk and cost with its newly announced Connected® Classify & Collect, a solution which simplifies the collection process for distributed PC ESI to comply with a legal hold request as well as discovery. The Connected Classify & Collect offering helps businesses to quickly find relevant data on laptop and desktop computers to meet litigation and compliance requirements.

The Connected® Classify & Collect offering makes laptop and desktop data easily visible, searchable and usable. It also protects data and prevents accidental deletion to support eDiscovery or internal investigations. Its enterprise-class data-classification capabilities give administrators visibility into vast amounts of data stored on enterprise PCs and allow them to lower eDiscovery costs by quickly collecting relevant information to be used for early-case assessments and first-pass reviews.

An interesting twist to this capability is the fact that even if the custodian is disconnected from the network, Classify & Collect can discover against the existing centrally managed backup of each custodian’s workstation or laptop. The next time the custodian connects to the network, additional searching will be accomplished automatically in the background on the custodian laptop.

Additionally, the Connected Classify & Collect offering helps businesses establish a thorough and defensible collection process with its ability to track all activities, including the search terms and documents returned to support internal reviews.