plaintiff

Discovery of Information on Personal Facebook Profile

Bill Tolson eDiscovery, Information Management , ,

From the E-Discovery Law Review Blog:

A Pennsylvania court recently decided that information posted by a party on their personal Facebook page is discoverable.  Largent v. Reed, Case No. 2009-1823 (C.P. Franklin Nov. 8, 2011) arose out of a chain-reaction automobile accident in which the plaintiffs, who were riding a motorcycle, were hit by a minivan that was hit by the defendant. Plaintiffs claimed serious and permanent physical and mental injuries, pain, and suffering as a result of the accident.

During the deposition of one of the plaintiffs, defense counsel discovered that the  plaintiff/deponent had a Facebook profile that she regularly accessed.  The defendant then accessed Plaintiff’s public profile and saw posts that contradicted her claims of serious injury.

The entire story can be read here:

Court Reviews Plaintiff’s Facebook Account to Identify Material Subject to Discovery

Bill Tolson eDiscovery, Technology , , , , ,

Offenback v. L.M. Bowman, Inc., No. 1:10-CV-1789, 2011 WL 2491371 (M.D. Pa. June 22, 2011)

From eDiscoverylaw.com

In this case arising from a car accident which the plaintiff claimed resulted in physical and psychological injuries, the parties invited the court to conduct a review of Plaintiff’s social networking accounts “in order to determine whether certain information containedwithin Plaintiff’s accountsis properly subject to discovery.” Using Plaintiff’s log-in information, the court reviewed Plaintiff’s Facebook account, including “a thorough review of Plaintiff’s ‘Profile’ postings, photographs, and other information.” (Plaintiff’s MySpace account was not searched asit hadnot been accessed since November 2008 and Plaintiff could not locatethe log-in information.) The court then identified potentially relevant information to be produced, including, for example, photos and updates indicating recent motorcycle trips and “photographs and comments suggesting that he may have recently ridden a mule.” In finding that some of the “public information contained in Plaintiff’s account is properly subject to limited discovery in this case,” the court noted Plaintiff’s acknowledgment that “limited [relevant] ‘public’ information is clearly discoverable under recent case law.”

The court closed this opinion with a footnote expressing its “confusion” as to why its assistance was required in this instance and reasoning that because Plaintiff was most familiar with his own account, “it would have been substantially more efficient for Plaintiff to have conducted this initial review and then, if he deemed it warranted, to object to disclosure of some or all of the potentially responsive information.” The court acknowledged that the “scope of discovery into social media sites ‘requires the application of basic discovery principles in a novel context’” and that “the challenge is to ‘define appropriately broad limits … on the discovery ability of social communications,’” but reiterated its point that (subject to a properly narrow request) “it would have been both possible and proper for Plaintiff to have undertaken the initial review of his Facebook account to determine whether it contained responsive information” and to thereafter involve the court if a dispute remained as to whether that information was subject to production.

The full opinion can be see here

Accessing hidden metadata in Office documents for eDiscovery

Bill Tolson eDiscovery, Technology , , , , , , , , , ,

Microsoft Office and other documents including PowerPoint, Word, and Excel among others can be a rich source of discoverable information for the plaintiff, especially if the author of the document didn’t take the time to scrub all hidden and personal information before finalizing it. Be aware all of this hidden and personal metadata can’t be altered after a litigation hold should have been applied.

Several types of hidden and personal data can and will be saved by default in an Office document if the correct precautions are not taken.  The first point to remember is that Office applications are by default capturing data as the document in question is created, reviewed and revised. Data such as:

  • Comments, revision marks from tracked changes, versions, and ink annotations
  • Document properties and personal information. Document properties, also known as metadata (metadata: Data that describes other data. For example, the words in a document are data; the word count is an example of metadata.), include details about your document such as author, subject, and title. Document properties also include information that is automatically maintained by Office programs, such as the name of the person who most recently saved a document and the date when a document was created. If you used specific features, your document might also contain additional kinds of personally identifiable information (PII) (personally identifiable information (PII): Any information that can be used to identify a person, such as a name, address, e-mail address, government ID, IP address, or any unique identifier associated with PII in another program.), such as e-mail headers, send-for-review information, routing slips, printer paths, and file path information for publishing Web pages.
  • Headers, footers, and watermarks
  • Hidden text including reviewers notes
  • Hidden rows, columns, and worksheets
  • Invisible content PowerPoint presentations and Excel workbooks can contain objects that are not visible because they are formatted as invisible
  • Off-slide content
  • Presentation notes
  • Document server properties. If your document was saved to a location on a document management server, such as a Document Workspace site or a library based on Microsoft Windows SharePoint Services, the document might contain additional document properties or information related to this server location.
  • Custom XML data

In my experience, few companies train their employees to remove this metadata before their documents, spreadsheets and presentations are finalized and distributed. For the attorney asking for ESI, a tell tale sign of spoliation would be the total absence of this hidden data. The attory could do a quick sampling of discovered documents and if the majority of them are “clean” then a discussion with the defendants counsel and possibly Judge would be in order. Unless the defendants could show evidence of employee processes including the regular removal of this type of data as a standard process, a spoliation ruling would be in the cards.

So what and how should a company put in place a process to make sure this type of metadata is removed as a standard process before litigation arises?

My next blog entry will answer this question.

Placing a “Computer Illiterate” in charge of eDiscovery is not a winning strategy for the defense

Bill Tolson eDiscovery , , , , , , , , , , , , ,

A case that had been decided for the plaintiff years earlier was reopened due to eDiscovery process questions. In the case of Green v. Blitz U.S.A., No. 2:07-CV-372 (TJW), 2011 WL 806011 (E.D. Tex. Mar. 1, 2011), the original attorney for the plaintiff was a plaintiff’s attorney on another case against the same defendant. During discovery for this other trial, the plaintiff’s attorney found out that evidence that should have been turned over for the previous plaintiff’s trial had not been. Because of this fact, the original lawsuit was reopened. In this second trial it was revealed the defendant had placed a single person in charge of electronic discovery for several ongoing cases. The problem with this was the person put in charge of eDiscovery was less than experienced. In fact, it was revealed that the employee “solely responsible for searching for and collecting ESI relevant to litigation between 2004 and 2007 issued no litigation hold, conducted no electronic word searches for emails, and made no effort to speak with defendant’s IT department regarding how to search for electronic documents.  In fact, the employee himself stated that he was “about as computer illiterate as they get.”

Making matters worse, some of the information discovered after the close of plaintiff’s case would have easily been identified with a simple word search, as the target words were in the subject line of one of the undisclosed emails specifically discussed by the court.  Also of note, as to the specific email discussed by the court, was the fact that the employee tasked with discovery was a recipient of the email and still failed to disclose it in discovery.  Despite failing to produce relevant material, the defendant made the certification that “full and complete disclosure ha[d] been made in accordance with the Federal Rule’s of Civil Procedure and the Court’s orders.”

The court also discussed defendant’s failure to issue a litigation hold to its employees and its failure to cease rotation of its backup tapes, two other actions expected when litigation is reasonable anticipated.  Accordingly, the court concluded that “it will never be known how much prejudice against the plaintiff was actually caused by the defendant’s failure to preserve documents” and found that sanctions were warranted.

Given the context and type of documents not disclosed, the court found that defendant’s conduct was a willful violation of the Court’s Discovery Order and that plaintiff had been prejudiced as a result. In other words, the original award would have been much higher if the ESI was found and turned over.

I don’t know if the defendant’s counsel choose a totally inexperienced person to run the eDiscovery process was just stupid or was part of a strategy to insure responsive ESI was not found. I think, minus proof of the second, we will have to go with the first explanation.

That being said, litigation hold and eDiscovery is a serious business and should never be taken lightly. Having control of your organization’s ESI is an important responsibility expected by the courts.

Case summary from eDiscoverylaw.com

How do you keep the ESI skeletons out of your closet?

Bill Tolson eDiscovery , , , , , , , , ,

A blog post written by Jim McGann of Index Engines on May 4th zeroed in on an interesting topic; how to keep ESI skeletons out of your corporate closet.

In his post Jim writes: Law firms and corporations alike tend to keep data storage devices well beyond what their compliance requirements or business needs actually dictate.  These so-called “skeletons in the closet” pose a major problem when the entity gets sued or subpoenaed. All that dusty data is suddenly potentially discoverable. Legal counsel can be proactive and initiate responsible handling of this legacy data by defining a new, defensible information governance process.

These skeletons can encompass both old, out of date data as well as the devices the old data is stored on. The risk includes not just the old data that might have content that you would rather not have discovered but also the storage devices that would “read” the old data. An attorney friend of mine related a case he was involved in several years ago where a company in discovery was asked about a filing cabinet in their warehouse that contained hundreds of 8 inch floppy disks. The plaintiff’s attorney asked if those floppy disks could contain data from the time period in question (8 years ago). No one at the company could really answer the question so the plaintiff’s attorney asked for an inventory of the data on those 8 inch floppy disks.

The defendants counsel obviously raised concerns over their ability to actually read the data as well as the cost involved. They argued that the disks drives which could read the 8 inch floppy disks couldn’t be found, that even if they could find the drives, they didn’t have computers with the correct interface to actually look at the data and the software to enable the floppy disks to be read did not exist.

The Judges question to the defendants was obvious; “why do you have a filing cabinet full of hundreds of 8 inch floppy disks if they can’t be read?”

The point of the story is data/information has a life span. 8,9,10 year old data in most cases will not be useful to an organization (unless there are regulatory reasons to keep it) so manage it for as long as its useful to your organization then get rid of it, especially if the technology to utilize it is way out of date.

Spoliation does not require purposeful destruction of evidence

Bill Tolson eDiscovery , , , , , , ,

In a recent decision, Rosenthal Collins Group, LLC v. Trading Techs. Int’l, No. 05 C 4088, 2011 WL 722467 (N.D. Ill. Feb. 23, 2011), the court ordered the plaintiff to pay $1,000,000 in monetary sanctions, and ordered plaintiff’s counsel to pay “the costs and attorneys fees incurred in litigating this motion” because the plaintiff’s agent was found (and admitted) to have modified metadata related to relevant source code and had wiped several relevant disks and devices prior to their production. The court found plaintiff’s counsel had participated in “presenting misleading, false information, materially altered evidence and willful non-compliance with the Court’s orders.”

The plaintiff’s counsel did not dispute any of the allegations of misconduct” but instead sought to distance itself from “its own agent, employed for the purposes of pursuing this litigation” and disavowed any “actual knowledge” of wrongdoing. RCG’s counsel similarly disavowed “any personal wrongdoing and any actual knowledge of any wrongdoing, while unequivocally distancing themselves and RCG from [the consultant].”

The court stated; “The imposition of sanctions, however, does not require actual knowledge, but gross negligence or recklessness, i.e., RCG knew or should have known. See Porche v. Oden, 2009 WL 500622, at *7 (N.D.Ill. Feb.27, 2009). Even if this Court were to accept that RCG had no actual knowledge of the evidence destruction and modification that occurred, RCG’s conduct still warrants the imposition of a default judgment. See, e.g., Grochicinski v. Schlossberg, 402 B.R. 825, 842-43 (N.D.Ill.2009) (finding bad faith sufficient to impose default judgment because “[e]ven if Schlossberg did not destroy the files himself, the bankruptcy court found that at the very least Schlossberg acted in ‘reckless disregard’ of his discovery obligations”).

The court went on to reason that “it strains credulity that RCG now claims it had no knowledge of anything [its consultant] was doing and he was just a ‘non-party fact witness’ for whom it bears no responsibility.” The court found that the record reflected that the consultant was “under RCG’s control and was its paid agent,” as evidenced by a myriad of facts laid out by the court.

Accordingly, finding that plaintiff and its counsel “acted in bad faith and with willful disregard for the rules of discovery and this Court’s orders,” the court entered default judgment in favor of defendant and dismissed the claims and defenses of plaintiff. The court also ordered plaintiff to pay sanctions in the amount of $1,000,000 and, for their part in presenting “misleading, false information, materially altered evidence, and willful non-compliance with the Court’s orders,” ordered counsel to “pay the costs and fees incurred in litigating this motion.”

The managing attorneys on either side are responsible to the court to insure the discovery process was done correctly and in the timeframe expected by the court. The argument by RCG that they just didn’t know was seen by the Judge as not meeting their responsibilities. A spoliation finding does not need to be purposeful, grossly negligent will also do.

Beware: Your Facebook Posts Could End Up in Court

Bill Tolson eDiscovery , , , , , , , , ,

Social networking posters beware…your Facebook and other social media accounts may be seen by more than just your friends; in fact, what you post and tweet could become court evidence.

But many of us don’t consider these implications when tweeting and posting. Current employers, potential employers and, yes, even attorneys review social networking sites for information on workers, job candidates and litigants.

Individuals as well as organizations need to carefully consider what they post to these sites. In the personal injury case of McMillen v. Hummingbird Speedway, Inc., No. 113-2010 CD (C.P. Jefferson, Sept. 9, 2010), Hummingbird Speedway, Inc. sought access to plaintiff’s social network accounts, requesting an eDiscovery production of his usernames, log-ins and passwords.

Plaintiff objected, arguing that the information on those sites was confidential.  Upon defendants’ Motion to Compel, the court found the requested information was not confidential or subject to the protection of any evidentiary privilege and ordered its production to defendants’ attorneys within 15 days. Additionally, the court ordered that plaintiff should not take steps to delete or alter the existing information on his social network accounts. The court said:

Specifically addressing the expectation of privacy with regard to Facebook and MySpace, the court found that any such expectation “would be unrealistic.”  The court then analyzed the relevant policies of the two sites, and concluded as to both that, “[w]hen a user communicates through Facebook or MySpace, however, he or she understands and tacitly submits to the possibility that a third-party recipient, i.e., one or more site operators, will also be receiving his or her messages and may further disclose them if the operator deems disclosure to be appropriate.”  Accordingly, the court determined that defendant could not successfully assert that his accounts were confidential.  In so holding, the court also noted the possibility that communications could be disclosed by friends of the account holder with whom the communications were shared.

Organizations need to establish and enforce employee social media policies to lower their risk and better protect their brand. Check out this related blog titled “Companies Need a Social Media Policy” for suggestions on establishing a corporate social media policy. And for all of us posters, bloggers and tweeters, be careful what you say; otherwise, it could be read back to you by an employer or judge.

A Proper Legal Hold Requires More Than Just an Email to a Few Employees

Bill Tolson eDiscovery , , , , , , , , , , , ,

In the recent case; Jones v. Bremen High School Dist. 228, 2010 WL 2106640 (N.D. Ill. May 25, 2010), one of the discovery points made in the decision was what is the appropriate legal hold process to meet an organization’s legal hold responsibilities.

The court determined that the defendant breached its duty to preserve by failing to immediately issue a litigation hold to “all employees who had dealings with plaintiff” and by relying on only a few individual employees to identify and preserve responsive email. The Judge stated:

It is unreasonable to allow a party’s interested employees to make the decision about the relevance of such documents, especially when those same employees have the ability to permanently delete unfavorable email from a party’s system.  As one court has noted, “simply accept [ing] whatever documents or information might be produced by [its] employees,” without preventing defendants from clearing the hard drives of former employees, was improper.  Most non-lawyer employees, whether marketing consultants or high school deans do not have enough knowledge of the applicable law to correctly recognize which documents are relevant to a lawsuit and which are not.  Furthermore, employees are often reluctant to reveal their mistakes or misdeeds.

The court also rejected defendant’s argument that placing a proper litigation hold would have resulted in burden to the defendant and noted the troublesome nature of defendant’s failure to produce the document retention policy posted on the district’s website.   The court then determined that plaintiff had been harmed by the delayed production of documents as well as the possibility that emails had been permanently deleted.

This case again highlights the need to comprehensive and tested litigation hold policies. A comprehensive Information Management solution should include central control of all ESI and the ability to search for the responsive ESI and place a secure litigation hold on it immediately.

The full case review can be viewed at eDiscoverylaw.com

Are foreign laws restricting the production of customer data being ignored by US courts?

Bill Tolson eDiscovery , , , , , , , , , ,

In a recent case; Accessdata Corp. v. ALSTE Tech. GMBH, 2010 WL 3184777 (D. Utah Jan. 21, 2010), the Plaintiff, an American company, sought to compel defendant’s production of documents, including information related to customer complaints and defendant’s technical support of non-customers. Defendant objected to the interrogatories and requests for production on the grounds that they were overly broad, unduly burdensome, and seeking irrelevant information and because “disclosure of information relating to third parties’ identities would violate German law.”

The defendant’s main argument was that German law prohibits the production of third-party personal information and that, if it complied with the discovery requests at issue, it would “subject itself to civil and criminal penalties for violating the German Data Protection Law … and the German Constitution.”

In this case the court found that ESI asked for from a German company should be turned over in discovery even though the defendant stated that German privacy laws prohibit customer data being turned over without the customer’s approval.

In this specific case, the court found:

While defendant asserts that providing personal information about its customers and their employees “would be a huge breach of fundamental privacy laws in Germany,” defendant has failed to demonstrate the verity of this assertion. Defendant has not cited to the particular provisions of the German Data Protection Act (”GDPA”) and/or German Constitution that would prohibit disclosure of personal third-party information. Based on the court’s brief review of the GDPA, it appears that it does not necessarily bar discovery of personal information. In particular, Part I, Section 4c of the GDPA, entitled “Derogations,” provides that the transfer of personal information to countries that do not have the same level of data protection “shall be lawful, if … the data subject has given his/her consent [or] … the transfer is necessary or legally required … for the establishment, exercise or defence of legal claims.” The GDPA further states that “[t]he body to which the data are transferred shall be informed that the transferred data may be processed or used only for the purpose for which they are being transferred.” ALSTE has not demonstrated that it has been unable to obtain consent from its customers or that it has even attempted to seek consent. ALSTE has also failed to address this particular provision of the GDPA or explain why it would not apply in the instant case.

On the face of it, this case looked like the United States District Court was imposing its will upon a foreign government and its privacy laws. In reality, the two main points of this particular case was:

  1. The defendant did not cite the particular provisions of German privacy law and did not try to obtain the customer’s approval to have their personal data transferred.
  2. The German laws actually make provisions for the possibility of ESI transfer to another countries jurisdiction; the GDPA does not necessarily bar discovery of personal information. In particular, Part I, Section 4c of the GDPA, entitled “Derogations,” provides that the transfer of personal information to countries that do not have the same level of data protection “shall be lawful, if … the data subject has given his/her consent [or] … the transfer is necessary or legally required … for the establishment, exercise or defense of legal claims.”

Anatomy of an Adverse Inference

Bill Tolson eDiscovery , , , , , , , , , , , , ,

In the investor related action, Pension Comm. of the Univ. of Montreal Pension Plan v. Banc of Am. Secs, No. CIV. 05-9016, 2010 U.S. Dist. LEXIS 1839 (S.D.N.Y. Jan. 11, 2010) the defendants, who were connected to a hedge fund that lost money, sought sanctions against the plaintiffs for failing to preserve and produce documents, including ESI, and for submitting false declarations regarding their collection and production efforts. The Judge in this case was the Honorable Shira A. Scheindlin.

This case came down to two questions about litigation holds: when should a litigation hold be initiated, and what actions are required in the placement and tracking of the litigation hold.

In addressing the charges of spoliation, the court’s opinion included:

“[i]t is well established that the duty to preserve evidence arises when a party reasonably anticipates litigation. “‘[O]nce a party reasonably anticipates litigation; it must suspend its routine document retention/destruction policy and put in place a ‘litigation hold’ to ensure the preservation of relevant documents.’” A plaintiff’s duty is more often triggered before litigation commences, in large part because plaintiffs control the timing of litigation.

When the spoliating party’s conduct is sufficiently egregious to justify a court’s imposition of a presumption of relevance and prejudice, or when the spoliating party’s conduct warrants permitting the jury to make such a presumption, the burden then shifts to the spoliating party to rebut that presumption.

“[i]n short, the innocent party must prove the following three elements: that the spoliating party (1) had control over the evidence and an obligation to preserve it at the time of destruction or loss; (2) acted with a culpable state of mind upon destroying or losing the evidence; and that (3) the missing evidence is relevant to the innocent party’s claim or defense.”

The Court issued the following adverse inference instruction to the jury:

The Citco Defendants have demonstrated that most plaintiffs conducted discovery in an ignorant and indifferent fashion. With respect to the grossly negligent plaintiffs – 2M, Hunnicutt, Coronation, the Chagnon Plaintiffs, Bombardier Trusts, and the Bombardier Foundation – I will give the following jury charge:

The Citco Defendants have argued that 2M, Hunnicutt, Coronation, the Chagnon Plaintiffs, Bombardier Trusts, and the Bombardier Foundation destroyed relevant evidence, or failed to prevent the destruction of relevant evidence. This is known as the “spoliation of evidence.”

Spoliation is the destruction of evidence or the failure to preserve property [*104] for another’s use as evidence in pending or reasonably foreseeable litigation. To demonstrate that spoliation occurred, the Citco Defendants bear the burden of proving the following two elements by a preponderance of the evidence:

First, that relevant evidence was destroyed after the duty to preserve arose. Evidence is relevant if it would have clarified a fact at issue in the trial and otherwise would naturally have been introduced into evidence; and

Second, that 2M, Hunnicutt, Coronation, the Chagnon Plaintiffs, Bombardier Trusts, and the Bombardier Foundation were grossly negligent in their failure to preserve the evidence.

I instruct you, as a matter of law, that each of these plaintiffs failed to preserve evidence after its duty to preserve arose. 250 As a result, you may presume, if you so choose, that such lost evidence was relevant, and that it would have been favorable to the Citco Defendants. In deciding whether to adopt this presumption, you may take into account the egregiousness of the plaintiffs’ conduct in failing to preserve the evidence.

However, each of these plaintiffs has offered evidence that (1) no evidence was lost; (2) if evidence was lost, it was not relevant; and (3) if evidence was lost and it was relevant, it would not have been favorable to the Citco Defendants.

If you decline to presume that the lost evidence was relevant or would have been favorable to the Citco Defendants, then your consideration of the lost evidence is at an end, and you will not draw any inference arising from the lost evidence.

However, if you decide to presume that the lost evidence was relevant and would have been unfavorable to the Citco Defendants, you must next decide whether any of the following plaintiffs have rebutted that presumption: 2M, Hunnicutt, Coronation, the Chagnon Plaintiffs, Bombardier Trusts, or the Bombardier Foundation. If you determine that a plaintiff has rebutted the presumption that the lost evidence was either relevant or favorable to the Citco Defendants, you will not draw any inference arising from the lost evidence against that plaintiff. If, on the other hand, you determine that a plaintiff has not rebutted the presumption that the lost evidence was both relevant and favorable to the Citco Defendants, you may draw an inference against that plaintiff and in favor of the Citco Defendants – namely that the lost evidence would have been  favorable to the Citco Defendants.

Each plaintiff is entitled to your separate consideration. The question as to whether the Citco Defendants have proven spoliation is personal to each plaintiff and must be decided by you as to each plaintiff individually.

The Court also noted, “[w]hile litigants are not required to execute document productions with absolute precision, at a minimum they must act diligently and search thoroughly at the time they reasonably anticipate litigation. All of the plaintiffs in this motion failed to do so and have been sanctioned accordingly.”

The courts are moving towards being much less lenient in the question of when should ESI be protected from deletion due to potential civil litigation and also whats expected of the attorneys in protecting potentially responsive ESI.   Corporate Attorneys should always be conservative in their handling of the litigation hold question.

Place holds quickly, communicate the holds to custodians quickly, even those at the periphery of the case, track the custodians actions around the hold communication, and lastly, document everything.

Taking litigation holds seriously will lower your overall litigation cost and risk.