Golf and Early Case Assessments – A Drama


Effective early case assessment is dependent on a complete data set.

On the average 97% of data generated within businesses is electronic. The average employee generates and receives up to 20 MB of email and potentially hundreds of MBs of office work files per day. Litigation is a huge problem these days for businesses. A huge amount of the cost of litigation is the cost of finding and reviewing electronically stored information (ESI) for both early case assessment as well as eDiscovery request response. ESI can hide anywhere in the corporate infrastructure; custodian workstations, network share drives, USB thumb drives, CD/DVDs, iPods etc. A centrally managed and fully indexed archive can speed the collection and review of potentially responsive records for early case assessment as well as more fully control and insure the placement of litigation holds.

No matter the case, the first question when you’re faced with litigation is whether the case has merit. If you haven’t prepared a case assessment strategy ahead of time, it will be difficult to quickly and effectively determine your strategy going forward; should you settle or fight…

An early case assessment capability provides you with four obvious benefits:

  • Provides an early indication of the merits of the case – do you have any actual liability.
  • Can suggest the proper strategy going forward.
  • Can provide you an estimate of the cost of defending the case and the time required.
  • Will help you plan for the discovery process and prepare for the “meet and confer” meeting.

Let’s look at some scenarios.

Scenario #1

You’re the General Counsel of a publicly traded software company in the state of California.

It’s a Friday near the end of summer and you’re sitting in your office thinking about your Hawaiian golf vacation which begins tomorrow.

You’re checking the last of your mail before you leave for 3 weeks.

You open a letter from an outside law firm addressed to you…

(Your secretary hears a string of profanities emanating from your office)

You immediately think to yourself; once this news gets out, your company’s stock will be hammered, your board of directors will want an update yesterday, your channel partners will want to be advised on their potential liability, sales that are in process will stop, your CEO will want to know if the case has merit…and your wife will want to know why you just cancelled the Hawaiian vacation she was looking forward to (she was staying home).

What to do first?

You call the plaintiff’s law firm of Tolson & Yonamine to determine what this case is based on…what’s driving it. The Partner managing the case can’t be reached but 2 hours later you receive a fax (a fax, really?) of a printed email that looks like it came from within your company…

What the…? Who, in their right mind would seriously consider something like this much less put it in writing?

Ok, first things first. Your next steps are:

  • Find out who “Jennifer” is, who she reports to and what department she work in. Also find out if she is even still with the company
  • Call the VP of IT and let her know what’s going on and verbally tell her to secure any infrastructure data from Jennifer or Bob
  • Follow that up by sending an email to the VP of IT asking her to secure Jennifer and Bob’s email boxes, and any backup tapes for their respective email servers
  • Send an email to Jennifer informing her of the litigation hold, her duties under it and the consequences if the directions are not followed
  • Send an email to Bob informing him of the litigation hold, his duties under it and the consequences if the directions are not followed
  • Instruct  the VP of IT via email to find the original of the email in question on the email servers or backup tapes

To complicate matters, the VP of IT calls back immediately to tell you that the company only keeps backup tapes of the email servers for 30 days and are then recycled. She also informs you that the company has a 90 day email retention policy meaning that employees must clear emails older than 90 days out of their mailbox or the company will do it automatically. Copies of those emails, if they exist, will only be available on the employee’s local workstations. You think to yourself; if that’s the case, how did the outside law firm get them?

You send one of your staff attorneys and an IT person to both Bob and Jennifer’s offices to look for a copy of the email on their local computers etc.

Later, you find that Bob has a 3 GB PST, local personal email archive, on his laptop where the email might exist but for some reason the IT guy can’t open it. IT calls Microsoft support and is told that the PST is too big and is no doubt irrevocably corrupted.

In the mean time, one of your staff attorneys spends 4.5 hours at Jennifer’s office and eventually finds a copy of the email in her local PST… the email really does exist…%$#@!!. She has no idea why she would have written something like that and there are no records of any other emails associated with that particular smoking gun email. Because the email in question is older than the company’s oldest email server backup tapes, your early case assessment is stopped dead for lack of data.

Now what?

After several months of negotiating with ABC Systems and their law firm, you settle for damages of $35 million and an apology published in the business section of the San Jose Mercury News.

In the preceding scenario, the available early case assessment process suggested that the case might have merit and should be settled before more resources were expended. In this case, the early case assessment was negatively impacted by a shortage of data due to retention policies that were put into place mainly for storage management reasons.

Having access to all relevant information early on can mean the difference between fighting a winnable case and settling the case early for hopefully much less then is being asked for. An early case assessment strategy with the right tools can improve the odds of a favorable outcome.

Early Case Assessment with Proactive ESI Archiving

Let’s look at the preceding scenario with one difference… the defendant has an ESI archiving system and a more common sense retention policy which in this case includes a 3 year retention policy for email.

You are the General Counsel of a publicly traded software company in California

It’s a Friday near the end of summer and you are sitting in your office thinking about your Hawaiian golf vacation which begins tomorrow

You open the last of your mail before you leave for 3 weeks

You open a letter from an outside law firm…

This can’t be real. This must be a joke from your $*@$!! Brother-in-law. After calling him and determining it’s not a joke you think to yourself; NOW WHAT?

You call the opposing counsel to determine what this case is based on. The partner managing the case can’t be reached but 2 hours later you receive a fax showing a printed email that looks like it came from within your company…

Next, you must place a litigation hold on all potentially responsive records

  • Find out who “Jennifer” is, who she reports to and what department she work in. Also, is she even still with the company
  • Call the VP of IT and let her know what’s going on
  • Instruct one of your staff attorneys to query the email archive to determine if that specific email exists, and to provide the entire conversation thread around that email so you can review it for intent.

Your staff attorney quickly queries the archive and pulls up a copy of the email message with the entire conversation thread, puts the entire conversation thread on litigation hold and sends you the following email…

“Boss, the email in question was based on the following conversation thread starting with the CEO:”

“Based on the early case assessment using the email archive and the conversation thread capability, I found that the “smoking gun” email was taken out of context and can prove the case has no merit…We should talk to opposing counsel as soon as possible to end this now.”

You think to yourself; whatever person’s idea it was to get that email archiving system in place should be given a load of stock options…

You spend the next morning talking to the opposing counsel…the action is withdrawn a month later…

You continue with your golf vacation having only missed two days and your wife is especially happy you were able to go on your vacation (alone).

An important aspect of an early case assessment is to tell you if the case has merit. It’s difficult to make an informed assessment about a case without all the data…

Advertisements

Does Exchange 2010 have eDiscovery Defensibility?


One question I get asked a lot lately at webinars and seminars is; doesn’t Microsoft Exchange have all the tools I need to respond to a Discovery request? In other words can you rely on Exchange 2010 discovery capability for defensible search and litigation hold? Depending on who you talk to the answer can be yes or no.

Now don’t get me wrong, Microsoft has made great strides on its eDiscovery capability over the last several years with Exchange 2007 and 2010. But there is at least one major question to ask yourself when considering if Exchange 2010 has the capabilities, by itself, to respond to a eDiscovery request. That question is; can I respond to a email discovery request quickly and completely enough to satisfy the opposing counsel and Judge in a defensible manner?

One potential problem I’ve run across is a question of completeness of the eDiscovery search capability in Exchange 2010. Can you rely on it to produce the search results so that 1, all potentially responsive ESI can be found and placed on a litigation hold and 2, does the results set you eventually end up with contain all potentially responsive ESI?

Exchange 2010 comes with a default package of what Microsoft terms as iFilters. These iFilters allow Exchange to index specific file types in email attachments. This default iFilter pack (a description of which can be seen here) must be installed when Exchanger server 2010 is installed. This default iFilter pack includes the following file types:

.ascx, .asm, .asp, .aspx, .bat, .c, .cmd, .cpp, .cxx, .def, .dic, .doc, .docx, .dot, .h, .hhc, .hpp, .htm, .html, .htw, .htx, .hxx, .ibq, .idl, .inc, .inf, .ini, .inx, .js, .log, .m3u, .mht, .odc, .one, .pl, .pot, .ppt, .pptx, .rc, .reg, .rtf, .stm, .txt, .url, .vbs, .wtx, .xlc, .xls, .xlsb, .xlsx, .xlt, .xml, .zip

An obvious missing file type is the Adobe Acrobat .pdf extension. Many/most eDiscovery professionals will tell you that PDF files make up a sizable share of potentially responsive ESI in discovery. What if your IT department didn’t know about this limitation and never installed a separate iFilter for Adobe Acrobat files? What if your legal department didn’t know of this missing capability?

Your discovery searches would not be returning responsive PDF files causing major risk in both litigation hold and your overall discovery response.

Another question in reference to the Exchange 2010 Abobe Acrobat search capability is the effectiveness of the search. In a WindowsITPro article from last year titled Exchange Search Indexing and the problem with PDFs, Or “Why I hate Adobe with the Burning Passion of 10,000 Suns”, Paul Robichaux writes:

This test provided an unsatisfying result. I don’t feel like I found or fixed the problem; I just identified it more closely. Telling my users, “Sure, you can search attachments in Exchange, unless they happen to be PDFs, but then again maybe not,” isn’t what I had in mind. I hope that Adobe fixes its IFilter to work properly; it’s a shame that Adobe’s poor implementation is making Exchange search look bad.”

Corporate attorneys in organizations using Exchange 2007 and 2010 as their email system should immediately ask their IT departments about their system’s ability to index and search PDF files.

Attorneys on the other side of the table should be asking defense counsel the status of their Exchange 2007/2010 Adobe Acrobat search and litigation hold capability.

Discovering the public cloud in Outlook


In my blog “The coming collision of “free to the public cloud storage and eDiscovery” posted on June 23, I talked about these new free cloud storage options and how they could become a problem in the litigation/eDiscovery process. While researching that blog, I found an interesting capability with Microsoft Outlook and the various cloud storage offerings.

It is called a email folder URL redirect. Microsoft Outlook includes the capability to associate an email folder with a Web page. You can set up this association so that when you select the email folder, the Web page appears or the contents of the folder appear.

This capability can be useful when you want to include internal instructions or news about the organization. Another example would be a redirected folder pushed out to all in the organization announcing a litigation hold and answering questions about the hold, expectations, target content etc.  Although this capability provides the opportunity to create powerful public folder applications, non-approved scripts can be included on the Web page that access the Outlook object model, which exposes users to security risks so users should not be adding redirected email folders without IT’s approval.

So how does this capability, email folder URL redirection, relate to cloud storage? All four of the “free to the public cloud storage” offerings mentioned in the blog include a web page where files can be uploaded, viewed and downloaded. This means, for example, the Amazon Cloud Drive service could be a redirection target for an Outlook email folder.

Use the following steps to create and associate an e-mail folder with a Web view:

  • If you don’t already have a folder list showing in your Outlook front end, click on the View menu, then click Folder List.
  • Create a new folder in the folder list called Amazon Cloud by right clicking on the top most folders where you want to create the Cloud folder under. Then type in the new folder name Amazon Cloud

Figure 1: Create a new email folder called “Amazon Cloud”

  • In the Folder List, right-click the folder that you want to associate with a Web page, and then click Properties on the shortcut menu.
  • In the Property dialog box, click the Home Page tab.
  • In the Address box, type the URL for the Amazon Cloud drive web page.
  • Click to select the Show home page by default for this folder check box if you want the Web view active.

Figure 2: Input the URL address of the Amazon Cloud drive webpage

  • Click OK.

Now, by clicking on the new email folder, you will see the Amazon Cloud drive sigh in webpage.

Figure 3: Access and sign in to your Amazon Cloud drive webpage

Figure 4: You now have full access to your cloud storage from within Outlook

Some things you can now do include being able to open files from within your Amazon Cloud Drive. Once opened, data can be copied and pasted to a new email you might be creating.

Some things you can’t do directly include saving an email attachment directly to your cloud drive, dragging a file in your cloud to an email. For both these capabilities, an interim step is required. Namely coping files to your desktop first.

If that’s the case, is this capability useful? That depends… If you utilize a “free to the public cloud storage” service then you may want a more direct capability to view content in your cloud from within Outlook. This is somewhat of a stretch but you never know.

The main reason I’ve highlighted this capability is to illustrate how difficult the eDiscovery collection and litigation hold processes are getting when custodians have all these different options for storing (hiding) potentially responsive ESI.

How easy is eDiscovery in SharePoint 2010?


There has been nagging questions surrounding SharePoint and its ability to allow complete and effective eDiscovery searches of all potentially responsive content in the repository. The below description is from the Microsoft Enterprise Content Management (ECM) Team Blog.

From the Microsoft blog:=================================================================

Hi everyone, I am Quentin Christensen and I work on document and records management functionality for SharePoint. Electronic discovery (commonly referred to as eDiscovery) is an area we are supporting with new set of capabilities in SharePoint Server 2010. In case you are not familiar with eDiscovery, it is the process of finding, preserving, analyzing and producing content in electronic formats as required by litigation or investigations. eDiscovery is an important concern for all of our customers and given that SharePoint has grown to be an integral part of collaboration, document, and records management for many organizations, we recognize the need to support the eDiscovery process for SharePoint content.

Microsoft Office SharePoint Server 2007 included a hold feature that could be used for eDiscovery, but it was scoped to the Records Center site template. With SharePoint Server 2010 the eDiscovery capabilities have been greatly expanded to provide more functionality and the power to use these features across your entire SharePoint deployment.

In this post, I want to highlight three major improvements in SharePoint that support eDiscovery. You can:

  • Manage holds and conduct eDiscovery searches on any site collection
  • Use SharePoint Server Search or FAST Search for SharePoint out of box to search and process content
  • Automatically copy eDiscovery search results to a separate repository for further analysis

Read on to learn how SharePoint Server 2010 can support your eDiscovery initiatives and provide you with the tools you need to manage holds, identify, and collect SharePoint content.

The eDiscovery Process

The Electronic Discovery Reference Model from EDRM (edrm.net) provides an overview of the different parts of the eDiscovery process:

imageSharePoint Sever 2010 addresses the Information Management, Identification, Preservation and Collection stages. While this blog post will focus mostly on the identification, preservation and collection components, SharePoint provides a rich Information Management platform for Collaboration, Social Computing, Document Management and Records Management.  This means that you can take a proactive approach to eDiscovery by putting a governance framework in place and using appropriate disposition policies to expire content. Managing content and deleting it when it is no longer needed will reduce the amount of content that must be indexed and searched, and collected for eDiscovery.  The result is that eDiscovery costs can be dramatically reduced, changing the problem from finding a needle in a hay stack to finding a needle in a hay bale. Ultimately, the key to achieving legal compliance for eDiscovery obligations is built upon a foundation of robust Information Management.

When an eDiscovery event occurs, such as a receipt of complaint, discovery, or notice of potential legal claim, the identification stage begins. Content that may be subject to eDiscovery must be identified and searches are conducted to find that content. That content needs to be preserved and at some point, the content will be collected.

 

The eDiscovery Features

Hold and eDiscovery

Hold and eDiscovery is a site level feature that can be activated on any site.

imageActivating this feature creates a new category in Site Settings that provides links to Holds and Hold Reports lists. There is also a page to discover and hold content that allows you to search for content and add it to a hold. Once the Hold and eDiscovery feature is activated you can create holds and add to hold any content in the site collection. By default only Site Collection administrators have access to the Hold and eDiscovery pages. To give other users permission, add them to the permissions list for the Hold Reports and Holds lists. This will also give access to the Discover and hold content page.

clip_image005You can manually locate content in SharePoint and add it to a hold, or you can search for content and add the search results to a hold. With the Hold and eDiscovery feature you can create holds in the hold list and then manually add content to the relevant hold by clicking on Compliance Details from the drop down menu for individual items.

imageThen click on the link to Add/Remove from hold.

imageAnd you can select the relevant hold to add to or remove from.

imageBy manually adding an item to hold you will block editing and deletion of that item until it is released from hold. You will notice that the document now has a lock icon showing that it cannot be edited or deleted.

imageEach night a report for each hold is generated by a timer job. If you need a hold report faster you can manually run the Hold Processing and Reporting timer job in Central Administration.

Search and Process

You can manually add items to hold on any site collection, which is great. But that doesn’t help you find the content you don’t already know about. What if you have a large amount of items you want to find and add to a hold? For that you can use the features on the Discover and hold content page, which is a settings page in Site Settings. From this page you can specify a search query and then preview the results. The configured search service (SharePoint Search Server or FAST Search for SharePoint) will automatically be used. You can then select the option to keep items on hold in place so they cannot be edited or deleted, or if you have configured a Content Organizer Send to location in Central Administration you can have content copied to another site and placed on hold. You may want to create a separate records center site for a particular hold to store all content related to that hold. The Content Organizer is a new SharePoint Server 2010 feature based on the Microsoft Office SharePoint Server 2007 Document Router with richer functionality to automatically classify content based on Content Type or metadata properties. Look for a future blog post covering the Content Organizer.

Holding content in place is recommended if you want to leave content in the location is was created with all the rich context that SharePoint provides, while blocking deletion and editing of content. Be aware that this will prevent users from modifying items. If you prefer users to continue editing documents, then use the copy to another location approach.

When searching and processing, the search will by default be scoped to the entire Site Collection and run with elevated permissions so all content can be discovered. The search can be scoped to specific sites and you can also preview search results before adding the results to a hold. Items can be placed on multiple holds and compliance details will show all of the holds that are applied to an item.

imageIn summary, SharePoint Server 2010 contains key features that make it an essential aspect of your eDiscovery strategy. With the new SharePoint Server 2010 capabilities you can easily apply proper retention policies for all content and make it easier to discover content if an eDiscovery event occurs. eDiscovery often prescribes tight deadlines for production. SharePoint 2010 helps you find the right content and deliver it faster.

Quentin Christensen
Program Manager – Document and Records Management
Microsoft

The coming collision of “free to the public cloud storage” and eDiscovery


The discovery process is tough, time consuming and expensive. What new problems are corporate attorneys facing now with the availability of “free to the public cloud storage”?

First, what is “free to the public cloud storage”? For the purposes of this blog I will define it as a minimum amount of storage capacity offered by a third party, stored and accessible via the internet made available to the public at no cost (with the hope you purchase more). The cloud storage offerings I’ve already mentioned do not limit the types of files you can upload to these services. Music storage is a prime target for these services but many, like myself, are using them for storage of other types of files such as work files which can be accessed and used with nothing more than a computer and internet connection, anywhere.

Examples of these cloud storage offerings include Dropbox, Amazon Cloud Drive, Apple iCloud, and Microsoft SkyDrive. I looked at the Google Cloud Service but determined it is only useful with Google Docs.

A more detailed comparison of these services can be found here.

The only differences between the four offerings stem from the amount of free capacity available and how you access your files. For example, my Amazon Cloud Drive as seen from my Firefox web interface:

Figure 1: The Amazon Cloud Drive web interface

The advantage to users for these services is the ability to move and store work files that are immediately available to you from anywhere. This means you no longer have to copy files to a USB stick or worse, email work files as an attachment to your personal email account. The disadvantage of these services are corporate information can easily migrate away from the company security and be managed by a third party the company has no agreement with or understanding of in reference to the third party will respond to eDiscovery requests. Also be aware that ESI, even deleted ESI is not easily removed completely. In a previous blog I talked about the Dropbox “feature” of not completely removing ESI when deleted from the application as well as keeping a running audit log of all interactions of the account (all discoverable information). The Amazon Cloud Drive has the same “feature” with deletions.

Figure 2: The deleted items folder in the Amazon Cloud Drive actually keeps the deleted files for some period of time unless they are marked and “Permanently Deleted”

The big question in my mind is how will corporate counsel, employees and opposing counsel address this new potential target for responsive ESI? Take, for example, a company which doesn’t include public cloud storage as a potential litigation hold target, doesn’t ask employees about their use and or doesn’t search through these accounts for responsive ESI…potential spoliation.

For Corporate counsel:

  1. Be aware these types of possible ESI storage locations exist.
  2. Create a use policy addressing these services. Either forbid employees from setting up and using these services from any work location and equipment or if allowed be sure employees acknowledge these accounts can and will be subject to eDiscovery search.
  3. Audit the policy to insure it is being followed.
  4. Enforce the policy if employees are not following it.
  5. Document everything.

For employees:

  1. Understand that if you setup and use these services from employer locations, equipment and with company ESI, all ESI in that account could be subject to eDiscovery review.
  2. If you use these services for work, only use them with company ESI, not personal files.
  3. Be forthcoming with any legal questioning about the existence of these services you use.
  4. Do not download any company ESI from these services to any personal computer, this could potentially open up that personal computer to eDiscovery by corporate counsel

For opposing counsel:

Ask the following questions to the party being discovered

  1. Do any of your employees utilize company sanctioned or non-sanctioned public cloud storage services?
  2. Do you have a use policy which addresses these services?
  3. Does the policy penalize employees for not following this use policy?
  4. Do you audit this use policy?
  5. Have you documented the above?

These services are the obvious path for employees to utilize over the next couple of years to make their lives easier. All involved need to be aware of the eDiscovery implications.