Showing posts with label Regulations. Show all posts
Showing posts with label Regulations. Show all posts

Announcing an Industry-first Integration between EnCase eDiscovery and Box for Defensible Cloud Collection

Box is the enterprise cloud content management platform of choice   


All of us on the EnCase eDiscovery team are excited to announce a new integration between EnCase® eDiscovery and Box, the enterprise cloud content management platform used by 97% of the Fortune 500. Enterprise IT teams have come to rely on Box for cloud storage capabilities that map to their information governance policies and processes. This makes Box the perfect choice for this industry-first integration with our complete e-discovery product, an integration that will let legal teams securely search, collect, and preserve electronically stored information (ESI) located on Box from within EnCase eDiscovery just as easily as with on-premise data.

Now Collect and Preserve Information Managed in Box as Readily as On-Premises Data

Whitney Bouck, the senior vice president and general manager of enterprise at Box, has said that many of their enterprise customers reside within highly regulated industries, so they need a way to meet e-discovery and compliance requirements in a way that does not compromise efficiency and user experience. This makes Box and EnCase eDiscovery ideally suited to offer IT and legal teams a scalable, reliable, and secure way to gain visibility of content stored in Box, to manage access to that content, and to control retention and dispensation.

“Championing” the Preservation of Keywords in eDiscovery

Chad McManamy

Judge Nolan Suggests “Irish Charm” in Kleen Products

With less than four months remaining on the bench, Magistrate Judge Nan Nolan (Nolan \n(o)-lan\ that of Irish and Gaelic origin with a meaning of "champion"), is attempting to bring closure to the heated discovery dispute in the high profile Kleen Products, LLC et al. v. Packaging Corporation of America, et al., 1:10-cv-05711 case. At issue in the dispute is plaintiffs’ motion to order defendants into a do-over on their document collection and production process. The plaintiffs have moved the court to require defendants to use alternative technology (suggesting either “predictive coding” or “content based advanced analytics”) as opposed to the custodian-specific keyword search the defendants have already employed. The request came at a time when defendants were nearly finished with their collection and were preparing for production. As could be anticipated, the plaintiff’s untimely motion has provided an even more contentious discord between the parties. With a playful nod towards her lineage, during a March 28, 2012 hearing, Judge Nolan suggested the parties have a call with each other prior to a call with the court and that they each at least bring “whoever has the most charm, some Irish person . . .” to facilitate cooperation between the parties.

Apart from parties’ willingness or unwillingness to cooperate on discovery issues, the idea of technology assisted review has come to top of the agenda in many e-discovery discussions. Often overshadowed in these discussions is the continued need to use keywords in some capacity to search, collect cull, and review electronically stored information. In fact, keywords can be the starting point for initial sample set used to train the predictive coding algorithms. And since most litigants have experience negotiating keyword lists, this continues to be a good starting point for identifying potentially relevant data.

To her credit, Judge Nolan appears to making every effort to move the discovery disputes along. And, while she is not moving mountains for the parties, she is willing to accommodate their schedules to hold as many hearings as necessary and get a grasp on the oft confusing technical issues being argued. At one recent hearing, she foreshadowed her likely decision on plaintiff’s motion should they continue down the path of asking for the imposition of a completely different technology by stating her support for The Sedona Conference Principles for Electronic Document Production, Principle 6: Responding parties are best situated to evaluate the procedures, methodologies, and technologies appropriate for preserving and producing their own electronically stored information.
Responding parties are best situated to evaluate the procedures, methodologies, and technologies appropriate for preserving and producing their own electronically stored information.
Perhaps if the parties had employed TSC’s Principle 3 early in the discovery process, they could have avoided this costly expedition and monopolization of the courts precious resources.
Parties should confer early in discovery regarding the preservation and production of electronically stored information when these matters are at issue in the litigation and seek to agree on the scope of each party’s rights and responsibilities.
In one of the more straightforward statements to the court, counsel for one defendant speaking on behalf of all defendants stated:
We really believe both sides are trying to do the same thing which is to figure out who are the people and where are the places in the company where responsive, relevant information exists and how can we get it produced?

The difference is that because the plaintiffs are obviously coming to this without having worked at these companies, they need to describe things in a certain level of generality, and the companies very familiar with how their businesses work have attempted to identify the actual people who are doing the things that are the subject matter of the plaintiffs’ complaint.
If only it were that easy! The asymmetrical nature of this antitrust case could mean plaintiffs counsel’s discovery detour is more tactical than substantive. To date, plaintiffs have produced less than 1% of the volume of documents compared to the cumulative total of the seven defendants (roughly 25,000 pages for plaintiffs compared to around 3 million pages with additional productions likely to happen in the coming months for defendants). Waiting until the defendants were 99% finished with their collection and processing to demand an alternative approach would not likely have occurred in a case where the moving party would be subjecting itself to the same costs and burdens it is asking the court to impose on the other party. Incidentally, it is not clear if the plaintiffs employed the same technology for their collection and production that they are asking the court to impose on the defendants.

Given the conspiratorial nature of the allegations and the sophistication of the senior executives allegedly involved, plaintiffs attempted to force defendant’s to use technology assisted review to look for evidence to support their Sherman Antitrust claim. Judge Nolan took a different tact by getting an expert witness to agree to the viability of using a non-custodial Boolean search to accomplish this same goal. And while there are still many more steps necessary to resolve the discovery issues, Judge Nolan appears to have gotten the parties to engage in a dialog of modifying the keyword approach rather than abandoning it completely. In the famous words of Samuel Clemens (better known as Mark Twain) the son of a not so famous attorney and judge, “the reports of my death are greatly exaggerated.” So too are the reports of the death of keywords.

Unfortunately, Judge Nolan may be running out of time to get this across the finish line. Following a suggestion by plaintiff’s counsel, the parties met and conferred just prior to an April 19, 2012 hearing in an effort to get some scope around the issues. Based on these seven separate conferences, plaintiffs estimated to the court that just to get to a state of completed productions would take until the end of this year. Follow that with potential motions to compel and further procedural morass and this case may not get to the merits until Judge Nolan’s one year anniversary from leaving the bench. Should she continue “championing” an agreement between these parties involving a non-custodial Boolean search that moves the case forward before she leaves, it would be an amazing accomplishment and provide litigants in other cases to consider avoiding over-reliance on alternative technologies.

Why an In-House Review Solution Requires a Fully Integrated Collection Solution

John Blumenschein

Judge Timothy C. Batten, Jr. of the United States District Court for the Northern District of Georgia recently issued discovery sanctions against Delta Airlines for failing to properly disclose 60,000 pages of documents in In re Delta/AirTran Baggage Fee Antitrust Litig., --F. Supp. 2d--, 2012 WL 360509 (N.D. Ga. Feb. 3, 2012), a copy of which can be found here. As a result, Delta was ordered by Judge Batten to pay reasonable attorneys fee and costs associated with the sanctions motion, as well as the costs of the additional discovery.

At issue in the case was Delta’s document production. The missing 60,000 pages of documents, which pertained to bag fees, were discovered as a result of a disclosure by Delta to a Department of Justice document request in an unrelated investigation. Delta determined that the missing documents had been stored on the hard drives of custodians and were not located on any shared server drive or any network email server.

Prior to plaintiff’s motion for sanctions, Delta took steps to disclose all of the documents that had not been produced earlier. None of these documents were considered a “smoking gun,” but in fact helped bolster Delta’s legal position.

As a result of not properly disclosing the 60,000 pages of documents, the Court imposed sanctions on Delta, finding that Delta failed to conduct a reasonable inquiry of the discovered documents in violation of Federal Rule of Civil Procedure Rule 26. The Court did not immediately issue a dollar amount on the sanction. The Court allowed the parties to brief amount of sanctions Delta would owe the plaintiffs. That briefing is ongoing. The Court found that Delta had a “huge hole” in its production procedures because there was no way to confirm that all of the necessary hard drives had been turned over for imaging and scanning.

The problem was compounded because Delta’s counsel had consistently informed the court that everything had been produced. Under Rule 26(g), a party signing discovery papers must certify that the responses are complete and correct to the best of the attorney’s knowledge after a reasonable inquiry. Here, the Court found that attorneys for Delta did violate Rule 26(g) because they did not conduct a reasonable inquiry to ensure all the necessary hard drives had been searched.

What is noteworthy about the Delta case is that an in-house review solution was mentioned repeatedly in the opinion. Clearly, simply having a review solution by definition is not enough to have a defensible in-house process for e-discovery. A review solution on its own does not address the area where 95% of the risk of e-discovery sanctions exists – preservation and legal hold.

Not only do the preservation and legal hold stages hold the most risk in the e-discovery process, but the issues surrounding those stages are usually not realized until it is very late or too late in the e-discovery process. EnCase eDiscovery is the only solution to allow for full integration of Pre-Collection Analytics, Legal Hold, Preservation & Collection, and First Pass Review. EnCase eDiscovery’s integrated solution allows legal and technical personnel to communicate and work together to avoid “holes” such as those that surfaced in the Delta case.

Click here to learn more about how EnCase eDiscovery with the addition of Case Central can help your organization achieve a complete and unified e-discovery solution.

EU Proposal Would Raise Standards, and Penalties, For Handling Data Protection Breaches

Patrick Burke

On January 25th, European Union Justice Commissioner Viviane Reding, speaking in Brussels, proposed changes to the EU's data protection law, sparking significant controversy as to the anticipated consequences of her proposal. Of particular note are two provisions. First, companies with over 250 employees would be required to appoint data protection officers, who then would be required to alert authorities within 24 hours in the event of a serious data breach. Second, the so-called "right to be forgotten" provision which would allow Internet users to have their personal data deleted so long as there is no legal justification in retaining that information. Violations of these guidelines would result in penalties of €1 million (about $1.3 million), or as much as 2% of a company's yearly global sales. Less serious offenses will still be punishable, but with smaller penalties.

“The EU has long desired to encourage consistent regulations for data protection with respect to treatment of Internet-users’ data and reporting of hacking incidents,” said George I. Rudoy, CEO of the international consultancy Integrated Legal Technology, “and the aim is to reach beyond the 27 EU Member States to the eastern European countries currently not in EU including former Soviet Republics reaching as far as Russia.” Rudoy spoke at the 5th International Conference entitled “European Data Protection: Coming of Age” that took place during the week Reding unveiled long anticipated proposal Rudoy emphasized Reding’s comments that the reform will take at least 18 months before it is likely to come to a vote. “It should be expected,” said Rudoy, “that the language of the reform will change substantially during such discussions given the significant historical differences on a question of data protection among European countries,”

Advocates of the new proposal suggest that data protection officers at companies should be able to save as much as €2.3 billion per year by eliminating what they deem to be excessive and unnecessary data-protection reporting costs.

The proposal is generating some criticism from the U.S. and elsewhere expressing concern the proposed regulations will obstruct the development of new Web-based business platforms. Furthermore, because the proposal defines "personal data" more broadly than under U.S. regulations, there is a greater scope of potential data held by global corporations that conduct business in the EU market, making it more likely that hacking incidents will be deemed to constitute breaches of personal data, triggering significant monetary penalties under the proposal.

This should be a debate worth following. If Viviane Reding can achieve the vision of unified, comprehensive data protection standards, it may become the de facto global standard.

United States Appellate Court Affirms Corporate Liability for Loss of Credit Card Information

John Blumenschein The United States Court of Appeals for the First Circuit ruled that plaintiffs could proceed on a cause of action, which would allow them to recover damages for expenses incurred as a result of mitigating the loss associated with compromised credit card information in Anderson v. Hannaford Brothers Co., 2011 WL 5007175 (C.A.1 (Me. Oct. 20, 2011)).

The plaintiffs are a group of customers who had their credit card information stolen from a database maintained by the defendant Hannaford Brothers Co., a national grocery store chain. In total, 4.2 million credit and debit card numbers had been compromised. The breach occurred as early as December of 2007, was discovered by the company on March 8, 2008 and contained on March 10, 2008.

Hannaford announced that at least 1,800 cases of fraud resulted from the theft of the credit and debit card data. Individuals who had credit and debit card information stolen filed a class action lawsuit against Hannaford, alleging seven causes of action, including negligence and breach of implied contract. The district court eventually dismissed all the claims against Hannaford. As a result, the plaintiffs appealed the dismissal of their negligence, breach of implied contract, and uniformed trade practices claims to the First Circuit.

The plaintiffs alleged they should be able to recover the costs associated with mitigating the theft of their credit card information because Hannaford’s negligent actions. In cases that do not involve physical harm, a party in Maine can recover if the actions taken by those mitigating the damage from the negligent harm was reasonably foreseeable—this means that a plaintiff may recover costs for “’harms incurred during a reasonable effort to mitigate’ regardless of whether the harm is nonphysical.” In order to mitigate loss as a result of the security breach at Hannaford, the plaintiffs needed to show that efforts were reasonable and that actual monetary loss occurred, rather than merely time or effort undertaken to mitigate; i.e., a plaintiff must show an actual monetary injury in order to recover mitigation damages.

The First Circuit concluded that in order to determine whether the plaintiff’s mitigation steps were reasonable, the factual context is the proper inquiry in this case. The court noted that a sophisticated large scale crime was committed, in which millions of credit card numbers were stolen. In this case, there was actual misuse of financial information as a result of the theft of data. There was a real risk to the victims, not a speculative risk of monetary damage. The court stated the fact that banks cancelled and issued new cards was evidence that issuing replacement cards was reasonable mitigation.

The First Circuit ruled that fees associated with obtaining a replacement card to prevent fraudulent charges were reasonably associated with mitigation. Additionally, if a card had actually been used fraudulently, then the purchase of insurance against misuse was reasonably foreseeable mitigation. The court also stated that in this case actual injury resulted, which allowed for mitigation. Other courts have issued decisions were no recovery was granted for mitigating loss, but in those cases there was no injury in fact; the injury was purely speculative.

Earlier this year, we discussed Krottner v. Starbucks, 628 F.3d 1139 (9th Cir. Dec. 14, 2010), in which the United States Court of Appeals for the 9th Circuit ruled that a class action lawsuit could proceed when a company-owned laptop was stolen, even though the data was not misused (see the blog post here). Although Anderson v. Hannaford is a case that deals with a much more sophisticated and large scale data breach (as well as actual injury on the part of the plaintiffs), these cases are significant because they demonstrate how, no matter how large or small, companies can be held liable for data breaches. And if failure to have adequate security measures to protect against a sophisticated attack by hackers is negligence — then there will be more class actions like Anderson v. Hannaford down the road.

U.S. Government Not Exempt from Electronic Discovery Obligations

John Blumenschein United States Magistrate Judge Hugh Scott of the Western District of New York recently ordered the U.S. Government to provide a defendant with electronically stored information (ESI) in its native format or a searchable manner in United States v. Briggs et al, 2011 WL 4017886 (W.D.N.Y. Sept. 8, 2011), a copy of which can be found here. Although U.S. v. Briggs is a criminal matter, Judge Scott looked to the Federal Rules of Civil Procedure for guidance in determining the outcome; and it shows that the U.S. Government is not exempt from ESI obligations in electronic discovery.

The issue partially arose because the Federal Rules of Criminal Procedure are silent on the way in which ESI is to be produced to the opposing parties. The defendants in Briggs were charged with conspiracy to distribute cocaine and multiple counts of money laundering. The discovery at issue pertained to government wiretaps that contained conversations of the alleged crimes. The government routinely uses a program called IPRO to control discovery, and it was with this program that the U.S. produced the wiretaps to the defendants in non-searchable PDF and TIFF formats.

In response to the production of non-searchable documents, the defendants filed a motion to compel production of the documents in either their native or searchable formats. In response, the government argued that it would be cost prohibitive to produce the documents as requested by the defendants and that IPRO is the standard nationwide for United States Attorneys’ Offices.

Judge Scott noted that there is no ESI regime located in the Federal Rules of Criminal Procedure. For instance, Federal Rule of Criminal Procedure 16, which governs criminal discovery, focuses on what is produced and not the manner of production. Judge Scott also stated that there is very little case law and authority on the use of ESI in criminal cases.

He did, however, refer to two cases: one where the court allowed the ESI protocols in the civil rules and one where the court did not. In United States v. O’Keefe, the District of D.C. Court applied Federal Rule of Civil Procedure 34 in a case involving a large amount of production stating that there is no criminal equivalent for the production of documents. United States v. O’Keefe, 537 F.Supp.2d 14 (D.C. Feb. 18, 2008). He also, however, looked to the Sixth Circuit Court of Appeals where they ruled that the criminal rules are silent on the form of production, and as such, the documents do not need to be organized in any particular fashion. United States v. Warshak, 631 F.3d 266 (6th Cir. Dec. 14, 2010).

Judge Schott ordered the government to produce the documents in native or searchable form because it is in the best position to produce the documents in that manner. He stated that the government placed the documents from their native format into a common database (IPRO) and that it would not be fair to have one defendant bear the costs of creating a searchable database. Additionally, ethical issues could arise if one defendant compiled the searchable database for all defendants. In the end, however, Judge Scott applied this standard to this case only and was unwilling to extend it to other cases.

As noted earlier, Judge Scott sees a problem with a lack of guidance from the criminal rules on the mode of production of documents in criminal cases. “The problem now is that, absent a rule, each judge faced with a motion to compel criminal discovery with ESI data will have to devise his or her own scheme.” U.S. v. Briggs at 6.

Although electronic discovery disputes in criminal matters are not as pervasive as they are in federal civil litigation, it is an issue that is on the rise. Criminal defendants are entitled to exculpatory material from the government (see Brady v. Maryland, 373 U.S. 83, 83 S.Ct. 1194 (U.S.S.C. May 13, 1963)). And as this case demonstrates, with technology being becoming a more integral part of governmental investigations and prosecutions, much of this material is now in electronic format. Governments will need to be able to produce such information in criminal cases in the same manner as for civil e-discovery.



Whoever Your Regulator Is, They Use EnCase eDiscovery

Victor Limongelli

Over the last 15 months, federal agencies have gotten on the electronic discovery bandwagon at an unprecedented pace. And across departments and agencies, they have been standardizing on EnCase® eDiscovery – in fact, in that short time, all of the following federal organizations have chosen EnCase® eDiscovery for their in-house electronic discovery needs:

-- The Internal Revenue Service (IRS)

-- The Federal Deposit Insurance Corporation (FDIC)

-- The Environmental Protection Agency (EPA)

-- The Commodity Futures Trading Commission (CFTC)

-- The Securities and Exchange Commission (SEC)

-- The Nuclear Regulatory Commission (NRC)

-- The Census Bureau

-- The Department of Agriculture (USDA)

-- The Department of Education (ED)

-- The Forest Service

-- The Executive Office of the President (White House)

-- The Defense Intelligence Agency (DIA)

When these are added to the previous federal users of EnCase® eDiscovery, such as the National Nuclear Security Administration, and the Department of Veteran Affairs, it’s clear that nearly everybody’s regulator, no matter the industry or field, is using EnCase® eDiscovery.

Think about it, if you pay taxes (IRS), are a publicly traded company (SEC), use hazardous substances or emit pollution (EPA), are a bank (FDIC), trade commodity futures, options, or derivatives (CFTC), are a farmer or rancher (USDA), receive financial aid for education (ED), lease land from the Forest Service, or operate a nuclear power plant (NRC), your regulator has chosen EnCase® eDiscovery for its electronic discovery needs.Shouldn’t you?

Victor Limongelli is president and chief executive officer of Guidance Software.

Waiver of Privilege

John Blumenschein

It’s the nightmare scenario that litigators hope will never happen to them: the waiver of privilege; however, this nightmare became a reality recently for a litigant in a case out of the Northern District of Illinois. United States Magistrate Judge Sidney Schenkier ruled that a party’s inadvertent disclosure waived their rights to maintain certain documents as privileged in Thorncreek Apartments III, LLC v. Village of Park Forest, 2011 WL 3489828 (N.D.Ill., August 9, 2011). A copy of the opinion can be found here.

Defendant Village of Park Forest was using a third party vendor, Kroll On-Track, to help manage e-discovery in litigation with Plaintiff Thorncreek. Together, the Village and Kroll developed a three step review process of the data, which was located on back-up tapes. The first step involved using both agreed upon and Court ordered search terms. The second step of the process involved On Kroll making all the search results available to a Village attorney to review for responsiveness and privilege. The third step of the process allowed counsel for Thorncreek to review the documents that were left after the Village attorney’s review.

The Village, however, did not realize an issue had arisen until counsel for Thorncreek attempted to use a privileged document in a deposition in December of 2009. The Village’s counsel objected to the use of the document at the deposition. Attorneys for the Village did not turn over a privilege log until April of 2010, which contained 159 documents. Parties were able to reduce this list to six documents.

The Court determined that parts of the remaining six documents were in fact privileged. The Court’s analysis then turned to determining whether the Village had waived disclosure. The issue to determine was whether the Village took reasonable steps after it was realized that documents were inadvertently produced, pursuant to FRE 502.

Judge Schenkier took issue with the process that the Village and On Kroll developed for the production of documents. “We have little confidence in the reasonableness of the Village’s precautions when the most the Village can say is that it ‘thought’ that marking documents as ‘privileged’ during its review would cause Kroll to withhold it from the production database that Thorncreek could later view.” Id. at 6. The Court suggested that the Village should have reviewed the database of documents which were going to be produced to Thorncreek before the database became available to the plaintiff. “Thus, the Village’s procedures for privilege review were completely ineffective, each and every document the Village sought to retain as privileged was inadvertently disclosed.” Id.

As this case demonstrates, organizations cannot simply delegate their e-discovery obligations to the services of a third-party vendor. Having a truly defendable, repeatable, in-house e-discovery process requires proactive and persistent involvement from both corporate legal and IT (see Patrick Zeller’s blog post on Creating a discovery response team), as well as having the right technology in place. While missteps and unforeseen events are bound to happen during the course of any litigation, having the right in-house technology enabling defensible collection and review makes you less likely to have a court find “little confidence” in your e-discovery, and avoid the nightmare scenario that took place in this case.

Company Sanctioned More Than $600K For Deletion of Files Relevant To Pending Case

Chad McManamy In a recent ruling in Eon-Net LP v. Flagstar Bancorp, 2011 WL 3211512 (C.A.Fed. (Wash. July 29, 2011)), a copy of which is here [PDF], the Federal Circuit Court of Appeals upheld a $631,134.00 award for attorney fees, costs, and sanctions against Eon-Net and its counsel. Citing numerous instances of litigation misconduct, the Court ruled against appellant in part, for the destruction of documents prior to the initiation of its lawsuit against Flagstar as well as the intentional failure to implement a document retention plan. Ultimately, the Court found Eon-Net and its officers had violated their independent duty to preserve evidence during ongoing lawsuits.

Appellant’s approach to data preservation left a lot to be desired and likely curried little favor from the court. Eon-Net’s principal, Mitchell Medina stated, “I don’t save anything so I don’t have to look” and further stated, “[his companies have] ‘adopted a document retention policy which is that we don’t retain any documents’ because those companies have ‘evolved into patent enforcement companies which are involved in the business of litigation.’” Eon-Net v. Flagstar Bancorp at 18. With that approach towards preservation, appellants took the extraordinary step of destroying documents from a settled case that were potentially relevant to pending litigation.

Eon-Net v. Flagstar Bancorp at 18. With that approach towards preservation, appellants took the extraordinary step of destroying documents from a settled case that were potentially relevant to pending litigation.

Described by the district court as a having a “cavalier approach” towards patent litigation, appellants were cited for numerous other transgressions including filing objectively baseless litigation. It seems that thumbing your nose at the federal court has become a very expensive pastime.

Guidance on eDiscovery Company Sanctioned More Than $600K For Deletion of Files Relevant To Pending Case

Chad McManamy In a recent ruling in Eon-Net LP v. Flagstar Bancorp, 2011 WL 3211512 (C.A.Fed. (Wash. July 29, 2011)), a copy of which is here [PDF], the Federal Circuit Court of Appeals upheld a $631,134.00 award for attorney fees, costs, and sanctions against Eon-Net and its counsel. Citing numerous instances of litigation misconduct, the Court ruled against appellant in part, for the destruction of documents prior to the initiation of its lawsuit against Flagstar as well as the intentional failure to implement a document retention plan. Ultimately, the Court found Eon-Net and its officers had violated their independent duty to preserve evidence during ongoing lawsuits.

Appellant’s approach to data preservation left a lot to be desired and likely curried little favor from the court. Eon-Net’s principal, Mitchell Medina stated, “I don’t save anything so I don’t have to look” and further stated, “[his companies have] ‘adopted a document retention policy which is that we don’t retain any documents’ because those companies have ‘evolved into patent enforcement companies which are involved in the business of litigation.’” Eon-Net v. Flagstar Bancorp at 18. With that approach towards preservation, appellants took the extraordinary step of destroying documents from a settled case that were potentially relevant to pending litigation.

Eon-Net v. Flagstar Bancorp at 18. With that approach towards preservation, appellants took the extraordinary step of destroying documents from a settled case that were potentially relevant to pending litigation.

Described by the district court as a having a “cavalier approach” towards patent litigation, appellants were cited for numerous other transgressions including filing objectively baseless litigation. It seems that thumbing your nose at the federal court has become a very expensive pastime.

E-Discovery Sanctions: Scare Tactic or Serious Concern?

Guidance Software Since the Federal Rules were amended in 2006 to incorporate electronically stored information into the list of discoverable materials, electronic discovery has become a booming market. Articles, white papers and webinars frequently warn lawyers about the consequences of improperly conducting e-discovery, including the possibility of sanctions. But how real is this threat?

Of course, everyone is familiar with the multi-billion dollar sanctions issued against Morgan Stanley in 2005. That case — which initially resulted in about $1.4 billion in sanctions but was later reversed on other grounds — is still frequently brought up as a warning to deter others from committing similar egregious e-discovery errors. Additionally, although sanctions in the billions are unlikely in most cases, the threat of sanctions against a party for improperly managing e-discovery is very real.

A 2010 report published in the Duke Law Journal highlights the reality of e-discovery sanctions over the last few years. The paper's authors undertook a comprehensive survey of written opinions from cases in federal courts prior to Jan. 1, 2010 involving motions for sanctions related to e-discovery. In total, the survey identified 401 sanction cases and 230 sanction awards. It also showed a startling trend — that sanction motions and awards have increased at a steeper rate over the last five years. This includes sanctions against counsel, which, although rare, are increasing in frequency.

Not surprisingly, the most common basis for e-discovery sanctions is a failure to produce electronic information. Sanction types range from monetary sanction to sanctions of dismissal, default judgment and adverse jury instructions. Additionally, the article authors have determined that Rule 37(e) — which states that a court may not impose sanctions on a party for failing to provide ESI lost as a result of the routine good-faith operation — has not provided consistent or comprehensive protection from sanctions.

What is somewhat surprising is the fact the highest frequency of sanctions occurred during 2009, three years after the Federal Rules were amended. One takeaway from this factoid is that despite the education efforts of organizations such as the Sedona Conference, consultancies, publications and software providers, counsel are still struggling to create repeatable and defensible solutions to the e-discovery quandary. Part of this may be due to the burdens that e-discovery places on organizations, especially those that lack experience or resources to properly manage e-discovery.

It is important to take a proactive stance to tackling the e-discovery issue. In-house counsel need to work with knowledgeable experts to design an e-discovery repeatable and defensible plan that works for their organization. Also critical to effectively managing e-discovery is a robust and comprehensive software solution, specifically one that incorporates powerful analytical capabilities.

Here are some other interesting statistics from the article:

  • Seventeen percent of sanctions occurred in employment cases, while 16 percent occurred in contract cases, 15.5 occurred in IP cases and 11 percent in tort cases.
  • The most prevalent bases for sanctions were Rule 37. In fact, Rule 37 served as the basis in 136 of the 230 cases in which sanctions were awarded.
  • Defendants were sanctioned nearly three times more often than plaintiffs.
  • Failure to preserve ESI is the most prevalent sanctionable conduct.
  • There were 77 cases in which monetary sanctions were issued. Sanction amounts ranged from $250 to more than $8.8 million.

Read about the seven best practices of highly effective e-discovery practitioners.

Learn more about EnCase® eDiscovery from Guidance Software.

Russ Gould is director of product marketing at Guidance Software.

Magistrate Grimm’s $1 Milllion E-Discovery Sanction Decision Affirmed by District Court

John Blumenschein June 21, 2011

Chief U.S. Magistrate Judge Paul W. Grimm’s 103-page landmark e-discovery spoliation sanction decision, Victor Stanley, Inc. v. Creative Pipe, Inc., 2010 WL 3703696 (D.Md. Sept. 9, 2010) (“Victor Stanley II”), was recently affirmed on June 14, 2011. United States District Judge Marvin J. Garbis adopted the Memorandum and Order of Judge Grimm as the decision of the Court, and ordered defendants to pay plaintiff $571,440.12 by July 15, 2011, constituting the balance due of a total sanction award of $1,049,850.04.

In Judge Grimm’s order, Mark Pappas, president of defendant Creative Pipe, Inc., was required to serve up to two years in prison if he failed to pay immediately the plaintiff’s fees and costs related to its motions for spoliation of evidence; that jail sentence, however, had been subsequently overturned by Judge Gabris. While Judge Gabris had indicated that he still might consider jail when the sanctions were upheld, the issue was not addressed in the present order.

Case Law Updates Critical to Keeping Abreast of E-Discovery Issues

Guidance Software In the first session of the E-discovery Lecture Track at CEIC, Ken Withers, Director, Judicial Education and Content for The Sedona Conference and Retired Magistrate Judge Ron Hedges presented an overview of the most recent e-discovery case opinions. Culled down from more than 250 cases over the past year, the presentation focused on subject areas such as preservation and collection, proportionality, form of production, and sanctions. The speakers used the case law subjects to inform a lively discussion with the audience throughout. In a timely update, the presenters opened the session with an overview of the recent issuance of the two Rambus opinions by the Federal Circuit Court and along the way gave an overview of the National Day Laborer case including an alert to the attendees of the status of the case on appeal and some of the particular e-discovery issues in the case. The case law update session closed with a discussion of sanctions cases, including those high profile sanctions cases which ended in a less than spectacular sanctions order such as Qualcomm.

Losing Your Employees’ Personal Data Can Cost You – Whether or Not It Costs Them

Guidance Software Class Actions Can Go Forward Even if Employees Suffer No Actual Damages

March 18, 2011

In Krottner v. Starbucks, 628 F.3d 1139 (9th Cir. Dec. 14, 2010), a copy of which is here, the United States Court of Appeals for the 9th Circuit ruled that a class action lawsuit could proceed when a company-owned laptop, which contained employees’ names, social security numbers and addresses, was stolen, even though the data was not misused.

In October of 2008, a laptop computer owned by Starbucks was stolen. The computer contained the unencrypted names, addresses, and social security numbers of approximately 97,000 Starbucks employees. Shortly thereafter, Starbucks sent a letter to all affected employees alerting them to the breach and informing them the company would pay for credit watch services for one year. There was no indication that any personal information had been misused.

Two similar class action lawsuits were filed by Starbucks’ employees in connection with the stolen laptop. The employees alleged negligence and breach of implied contract. The district court in Washington State, ruled that the parties have standing under Article III of the Constitution, but could not allege a cognizable injury under state law. The parties appealed to the 9th Circuit.

The 9th Circuit was presented with the question: Does the risk of future identity theft constitute and injury in fact under Article III in order to confer standing? This was an issue of first impression for the 9th Circuit. The Court ultimately ruled that the parties do have standing under Article III, adopting a standard by the 7th Circuit.

In Pisciotta v. Old National Bancorp, 499 F.3d 629 (7th Cir. Aug. 23, 2007) the 7th Circuit ruled that plaintiffs had suffered an injury in fact when their personal data had been stolen, but not yet used for any fraudulent or criminal purpose. The only injury the Pisciotta plaintiffs alleged was increased risk associated with potential future misuse of personal data. None of the plaintiffs alleged any actual loss. The 7th Circuit noted, “as many of our sister circuits have noted, the injury in fact requirement can be satisfied by a threat of future harm or by an act which harms the plaintiff only by increasing the risk of future harm that the plaintiff otherwise would have faced, absent the defendant’s actions.”

The 9th Circuit agreed with this view and found the Starbucks’ employees to have standing. “Here, Plaintiffs-Appellants have alleged a credible threat of real and immediate harm stemming from the theft of a laptop containing their unencrypted personal information.” The Court noted that if the plaintiffs had brought a similar suit without the theft, they would not have standing because the threat to their personal information would be too remote.

The circuits are not uniformly behind the view of the 7th and 9th Circuits. A split does appear to be present. The 6th Circuit does not necessarily adopt the view that future loss satisfies the injury in fact requirement of Article III. In Lambert v. Hartman, 517 F.3d 433 (6th Cir. Feb. 25, 2008) one of the plaintiff’s allegations was that the theft of her identity exposed her to future risk of additional identity theft. Without analysis the 6th Circuit stated that the risk of future identity theft was “somewhat ‘hypothetical’ and conjectural.’”

The positions taken by the 7th and 9th Circuit are important to note, because it could potentially lead to a flood of litigation in cases where a company has compromised personal information to a third party, but no actual damage has actually occurred. By allowing a party to have standing in a case where the only injury-in-fact is the threat of future harm has the potential to lead to many lawsuits. It also leads to another issue: if a plaintiff were successful, how would a court calculate damages based off the threat of a future injury? Companies need to be aware that they are potentially liable for losing the personal information of their employees, without those employees suffering any actual, immediate and measurable damage.

Civil Contempt and Possible $500,000 Sanction for Withholding of ESI by Defendant

John Blumenschein The withholding of relevant ESI by a defendant resulted in civil contempt sanctions, mandatory disclosure in other lawsuits, the possibility of a $500,000 sanction, as well as the general ire of United States District Court Judge T. John Ward in Green v. Blitz U.S.A., Inc., 2011 U.S. DIST. LEXIS 20353 (E.D.Tex., March 1, 2011).

In 2007, Plaintiff Rene Green (“Green”) brought a products liability lawsuit against Defendant Blitz U.S.A., Inc. (“Blitz”). At the conclusion of the evidence and before the jury returned a verdict, the parties entered into a high-low settlement agreement. The jury returned a unanimous verdict against the plaintiffs, resulting in a settlement figure at the low end of the high-low range; the case was closed on November 10, 2008.

Counsel for the plaintiff in the Green case, however, was also counsel in a related case out of the Western District of Texas where Blitz was also the defendant. Through discovery in the other case, and nearly a year after the trial in the Green case, counsel learned of documents that were not produced by Blitz in the Green case and promptly filed a motion in February of 2010. Green argued that Blitz failed to produce certain documents and also failed to preserve documents.

It was eventually revealed that Blitz had a single employee, Larry Chrisco (“Chrisco”), who from 2004 until 2007 was solely responsible for searching and collecting relevant documents in the ongoing litigation against Blitz. Chrisco, however, never instituted a litigation-hold of documents, did any electronic word searches for emails, talked with the IT department regarding how to search for electronic documents, and even admitted that "I am about as computer literate--illiterate as they get."

But this was not the end of Blitz's discovery abuses. As outlined by Judge Ward:

... Blitz made little, if any, effort to discharge its electronic discovery obligations. But Blitz also failed to preserve its electronic documents. Far from instituting a litigation hold on relevant electronic documents, Blitz actually asked its employees to routinely delete electronic documents. From 2004 through 2007, Blitz's IT department head, Paul Hale, routinely sent emails to all Blitz employees instructing them and encouraging them to delete email…
... Paul Hale admits that when he sent these multiple emails telling employees to delete their email, the employees were not told to retain email relevant to ongoing litigation.  Additionally, during the Feb. 1, 2011 Show Cause Hearing, Larry Chrisco admitted that he never communicated any type of "litigation hold" request to the employees at Blitz…

Finally, to make matters worse, Blitz rotated its backup tapes every two weeks during this time period -- at such time the old backup tapes are permanently deleted -- so the deleted emails by the employees are permanently lost. Because of this systematic destruction of potentially relevant documents, it will never be known how much prejudice against the plaintiff was actually caused by Blitz's failure to preserve documents. The Court holds that Blitz's failure to preserve is sanctionable under the Court's inherent powers.

The Court denied Plaintiff's Motion to Re-Open the Case, but ordered Blitz to pay $250,000.00 in civil contempt sanctions to Green. The Court ordered “that Blitz has thirty (30) days from the date of the Memorandum Opinion & Order to furnish a copy of this Memorandum Opinion & Order to every Plaintiff in every lawsuit it has had proceeding against it, or is currently proceeding against it, for the past two years.” The Court issued an additional $500,000.00 sanction that will be tolled for 30 days from the date of the Memorandum Opinion and Order. According to Judge Ward, “At the end of that time period, if Blitz has certified with the Court that it has complied with the Court’s order, the $500,000.00 sanction will be extinguished.” To top it all off, Judge Ward ordered that, “for the next five years, Blitz is ordered that in every new lawsuit it participates in as a party, whether plaintiff, defendant, or in another official capacity, it must file a copy of this Memorandum Opinion and Order with its first pleading or filing in that particular court.” The Court expressed no opinion as to the manner in which a particular court may use or not use such copy.

Learn more about EnCase® eDiscovery.

Court Rules That Forensic Image of Thumb Drives Must Be Produced Even Where Requesting Party Originally Demanded Inspection of the Thumb Drives

Patrick Burke On January 20, 2011 Senior US District Court Judge William M. Nickerson granted a motion to compel production of the forensic image of 15 thumb drives in Océ North America, Inc. v. MCS Services, Inc., 2011 WL 197976 (D.Md.).

The dispute arose because plaintiff Océ North America – whose lawsuit alleges that defendant MCS Services, Inc. used its proprietary software without permission – had originally served a Notice of Inspection of, among other things, thumb drives containing relevant electronically stored information (ESI). By stipulation between the parties, the 15 thumb drives were imaged by a neutral forensics expert and the original thumb drives were then destroyed by the expert. MCS then refused to authorize the expert to produce the forensic images of the thumb drives arguing, among other things, that because Océ’s request came in the form of a Notice of Inspection of the physical thumb drives – which no longer existed -- it did not apply to the forensic image of the ESI on the thumb drives.

The Court rejected defendant’s argument that a notice of inspection of the thumb drives substantively differed from a request for the ESI contained on the thumb drives:
Parties have a continuing obligation to supplement their responses to discovery requests. Fed.R.Civ.P. 26(e). Océ's Notice requested the thumb drives and other like devices. As forensic images of the thumb drives, the Capsicum-created copies contain the exact same information the drives contained. The images are responsive to Océ's Notice and within MCS's control because MCS has the authority to release the images to Océ. Océ is thus entitled to receive the images.
MCS's argument also fails for practical reasons. Oftentimes, the nature of discovery of electronically stored information (ESI) is such that the producing party first creates forensic images of potentially responsive material, then reviews the electronic files on those images for relevancy and privilege before producing a filtered trove of responsive files. In such cases, the producing party produces identical copies of the files, but not necessarily the original files themselves. Similarly, a party may print hardcopies of electronic files or create facsimiles of responsive documents. None of these reproductions technically exist at the outset of litigation, but they must be produced and are sufficient to satisfy a producing party's obligations pursuant to a document request.
The instant scenario is not substantially different. When Océ requested the thumb drives, it sought not the physical device but rather the ESI contained therein. As a matter of practical concern, therefore, if the original thumb drives were discoverable, Capsicum's forensic images of the thumb drives must also be discoverable, and Océ need not propound a new discovery request for what amounts to the exact same information.
The Court therefore granted plaintiff’s motion to compel production of the forensic image of the thumb drive.

Expectations of Counsel are Higher Following the Delaware Court of Chancery’s Issuance of its Preservation Guidelines

Chad McManamy Following the trend of state legislature’s adoption of electronic discovery rules and state court opinions refining e-discovery obligations, the Delaware Court of Chancery recently issued a short set of guidelines for counsel appearing in their Court entitled, the Court of Chancery Guidelines for Preservation of Electronically Stored Information (“Guidelines”). The Guidelines are limited in scope to preservation obligations of electronically stored information (ESI). Despite the narrow reach, the Court appropriately addresses the most important aspect of ESI discovery issues first --- preservation and collection. Without proper preservation and collection, all other processes suffer or fail.

The Guidelines, rooted in a common law duty, call for counsel to instruct their clients to take the reasonable steps necessary to “act in good faith and with a sense of urgency to avoid the loss, corruption or deletion of potentially relevant ESI” (emphasis added). At the very least, the Guidelines call for in-house and outside counsel to:
1. Take a collaborative approach to the discussion of the scope of the ESI preservation process by bringing representatives to the table with knowledge of the environment (reflective of The Sedona Conference Cooperation Proclamation);

2. Issue written legal hold notifications to custodians of potentially relevant ESI that contain instructions regarding the preservation of ESI in the custodians possession; and,

3. Document the steps taken to prevent the destruction of potentially relevant ESI.
The Guidelines take a common sense approach to proper ESI preservation, instructing practitioners to consider all of the possible locations a custodian may have potentially relevant data and to discuss a client’s business processes to uncover as much of the process as possible. With all the variables present in an organization’s business process, only a thorough examination with the key players will withstand the broad standards required by the Court. Of particular concern to counsel should be the statement instructing them to “take reasonable steps to verify information they receive about how ESI is created, modified, stored or destroyed.” It will no longer be defensible to accept the word of a single point of contact at your client when it comes to preservation of ESI; you will have to go deeper.

To bolster the defensibility of the preservation process, counsel should employ technology that does not rely on preserving the ESI in place but instead collects a copy of the potentially relevant ESI and preserves the copy in a forensically-sound manner. And in light of the recent federal opinions highlighting the integral nature of metadata, counsel should consider preservation of metadata as important as preservation of the ESI itself. Taking this approach, the risk of loss or deletion is minimized or eliminated and verification becomes much simpler for counsel.

A technology solution that allows organizations to minimize the loss or destruction of potentially relevant data is Guidance Software’s EnCase® eDiscovery. The solution allows preservation of ESI across a network in a live environment with minimal business interruption in a highly defensible process. Plus, with Guidance Software's long-established background in computer forensics, there is no question about the authentication of the preserved data, as an exact clone of the original file is stored in a logical evidence file with all original metadata intact. Not only does EnCase® eDiscovery allow an organization to preserve through the collection of ESI in a live environment, it also meets the Guidelines suggestion for issuing a written legal hold notification and logs all of the steps taken during the preservation/collection process.

Ignorance of Email Archives Results in Discovery Dispute

John M. Blumenschein Despite a finding of sanctionable conduct on the part of the Plaintiff, Chief Bankruptcy Judge Arthur J. Gonzalez of the Southern District of New York refused to impose sanctions such as dismissal or an adverse inference instruction for the discovery delays caused by the Plaintiff in GFI Acquisition, LLC v. American Federated Title Corp. (In re A&M Florida Properties II, LLC), 2010 WL 1418861 (Bkrtcy.S.D.N.Y. April 7, 2010) [click here to view decision - PDF]. Judge Gonzalez did acknowledge the delay and cost associated with bringing these motions, however, and ordered the Plaintiff to reimburse the Defendant for its half of the costs associated with brining the computer forensics expert.

When those and a number of other emails were not produced, the parties agreed to jointly retain a certified computer forensic technician who would conduct a search of the Plaintiff’s email system including the archive, which is where deleted emails by GFI employees were stored. The computer forensic technician decided to search the archive after concluding that the only possible explanation for the missing emails was that they had been stored in the archive. Counsel for the Plaintiff was unaware of the difference between the archives and live inboxes. This search resulted in the recovery of 9,500-plus emails, which had not been previously produced. Defendant brought a motion for sanctions under Federal Rule of Civil Procedure 37(d), seeking a dismissal or an adverse inference instruction, as well as fees associated with the extra discovery work and forensic efforts.

Addressing the issue of dismissal, Judge Gonzalez noted that terminating sanctions are “harsh and rare,” and that the type of behavior warranting a terminating sanction “is far more egregious than anything GFI or its attorneys may have done here.” And while the Court acknowledged that the Plaintiff and its Counsel could have handled the discovery process much better, the motion to dismiss was denied because there was no intentional destruction of evidence or failure to obey court orders.

Judge Gonzalez also pointed out that the granting of an adverse inference instruction is a “severe sanction.” Noting that arguably all of the requisite elements were present for the granting of an adverse inference instruction (i.e., (i) Plaintiff had an obligation to timely produce; (ii) Plaintiff failed to timely produce with a “culpable state of mind”; and (iii) the evidence was “relevant”), the Court declined to impose such a penalty as it “would be overly harsh for what has occurred here.” Judge Gonzalez went on to explain his rationale by stating: “In the end the Defendant was able to obtain the desired emails and there was no evidence of bad faith on the part of GFI's counsel. [Counsel for Plaintiff] simply did not understand the technical depths to which electronic discovery can sometimes go. The Court does not find any intent to block American Federated from gaining possession of the recently discovered messages.”

Although the Court found no intentional conduct on the part of the Plaintiff in its delay, the Court did find that monetary sanctions were appropriate for costs associated with brining the computer forensics expert. The exact amount was to be determined at hearing on a later date. In imposing sanctions, Judge Gonzalez quoted language from Zubulake v. UBS Warburg LLC, 229 F.R.D. 422, 432 (S.D.N.Y.2004) and stated, “Counsel must communicate with the client, identify all sources of relevant information, and ‘become fully familiar with [the] client's document retention policies, as well as [the] client's data retention architecture.’”

The Federal Courts Start Taking Proportionality Seriously to Reign in E-Discovery's Cost and Scope

Guidance Software The Federal Rules of Civil Procedure (FRCP) clearly states:

On motion or on its own, the court must limit the frequency or extent of discovery otherwise allowed by these rules or by local rule if it determines that:
(i) the discovery sought is unreasonably cumulative or duplicative, or can be obtained from some other source that is more convenient, less burdensome, or less expensive;

(ii) the party seeking discovery has had ample opportunity to obtain the information by discovery in the action; or

(iii) the burden or expense of the proposed discovery outweighs its likely benefit, considering the needs of the case, the amount in controversy, the parties’ resources, the importance of the issues at stake in the action, and the importance of the discovery in resolving the issues. (FRCP Rule 26(b)(2)(C))
The decision by Judge Lee Rosenthal in Rimkus Consulting Group, Inc. v. Cammarata, 688 F. Supp. 2d 598 (S.D. Tex. 2010) demonstrates that the Federal Judiciary is now waking up and using proportionality to determine what is reasonable and acceptable in preservation and discovery conduct.

Additionally, Judge Grimm in Victor Stanley, Inc. v. Creative Pipe, Inc., No. MJG-06-2662 (D. Md. Sept. 9, 2010) stated "courts have tended to overlook the importance of proportionality in determining whether a party has complied with its duty to preserve evidence in a particular case, this should not be the case because Fed. R. Civ. P. 26(b)(2)(C) cautions that all permissible discovery must be measured against the yardstick of proportionality."

As Judge Waxse recently stated “we don’t need to change the rule; we need to start using the rule."

The 9th U.S. Circuit Court of Appeals Guts its Own 2009 “Electronic Plain View” Decision in the Comprehensive Drug Testing Case

Guidance Software In a surprising u-turn, electronic search and seizure guidelines designed to protect Fourth Amendment privacy rights during court-authorized computer searches were nullified on Monday by the 9th Circuit Court of Appeals.

Instead, the judges urged “greater vigilance on the part of judicial officers in striking the right balance between the government’s interest in law enforcement and the right of individuals to be free from unreasonable searches and seizures.”

The original 2009 decision offered detailed guidelines concerning the government’s wholesale seizure of thousands of electronically stored information (ESI) relating to an anonymous drug testing program provided for in a collective bargaining agreement between Major League Baseball (MLB) owners and the MLB Players’ Association. That decision was widely criticized for its lack of authority for the promulgated guidelines.

The court recognizes that “The process of segregating electronic data that is sizable from that which is not must not become a vehicle for the government to gain access to data which it has no probable cause to collect.”

Segregating and redacting ESI to separate potentially relevant from irrelevant evidence is used every day in civil e-discovery and there is no reason why law enforcement cannot use similar protocols and procedures in conducting electronic searches pursuant to a warrant.

EnCase® Enterprise and EnCase® eDiscovery are good examples of technology available to both law enforcement and corporations that can be used to both effectively and economically separate the wheat from the chaff by enabling targeted investigations both on and off the network.

Since technology evolves at a much quicker pace than does the law, there currently is still a wide gap between practice and principle. This court is essentially showing a willingness to narrow the gap between forensic practice and legal principle by urging practitioners to use the latest technology and appropriate protocols to target only the electronically stored information that is subject to the search warrant and/or subpoena.

This case illustrates both the challenges faced by modern law enforcement in retrieving information it needs to pursue and prosecute wrongdoers, and the threat to the privacy of innocent parties from a vigorous criminal investigation.

A copy of the decision can be found here.