Posts By :

Doug Austin

eDiscovery Tips: SaaS and eDiscovery – Top Considerations

 

There was an interesting article this week regarding Software as a Service (SaaS) and eDiscovery entitled Top 7 Legal Things to Know about Cloud, SaaS and eDiscovery on CIO Update.com, written by David Morris and James Shook from EMC.  The article, which relates to storage of ESI within cloud and SaaS providers, can be found here.

The authors note that “[p]roponents of the cloud compare it to the shift in electrical power generation at the turn of the century [1900’s], where companies had to generate their own electric power to run factories.  Leveraging expertise and economies of scale, electric companies soon emerged and began delivering on-demand electricity at an unmatched cost point and service level.”, which is what cloud components argue that the SaaS model is doing for IT services.

However, the decision to move to SaaS solutions for IT services doesn’t just affect IT – there are compliance and legal considerations to consider as well.  Because the parties to a case have a duty to identify, preserve and produce relevant electronically stored information (ESI), information for those parties stored in a cloud infrastructure or SaaS application is subject to those same requirements, even though it isn’t necessarily in their total control.  With that in mind, the article looks at key eDiscovery issues that must be addressed for organizations using public cloud and SaaS offerings for ESI, as follows (requirements in bold are quoted directly from the article):

  1. Where is ESI actually located when it is in the ethereal cloud or SaaS application?  It’s important to know where your data is actually stored.  Because SaaS providers are expected to deliver data on demand at any time, they may store your data in more than one data center for redundancy purposes.  Data centers could be located outside of the US, so different compliance and privacy requirements may come into play if there is a need to produce data from these locations.
  2. What are the legal implications of e-discovery in the cloud? Little case law exists on the subject, but it is expected that the responsibility for timely preservation, collection and production of the data remains with the organization at party in the lawsuit, even though that data may be in direct control of the cloud provider.
  3. What happens if a lawsuit is in the US but one company’s headquarters is in another country? Or what if the data is in a country where the privacy rules are different?  The article references one case – AccessData Corp. v. ALSTE Technologies GMBH , 2010 WL 318477 (D. Utah Jan. 21, 2010) – where the German company ALSTE cited German privacy laws as preventing it from collecting relevant company emails that were located in Germany (the US court compelled production anyway).  So, jurisdictional factors can come into play when cloud data is housed in a foreign jurisdiction.

This is too big a topic to cover in one post, so we’ll cover the other four eDiscovery issues to address in Monday’s post.  Let the anticipation build!

So, what do you think?  Does your company have ESI hosted in the cloud?  Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Trends: Facemail Unlikely to Replace Traditional Email

In a November post on eDiscoveryDaily, we reported that Facebook announced on November 15 that it’s rolling out a new messaging system, including chat, text messaging, status updates and email (informally dubbed “Facemail”) that would bring messaging systems together in one place, so you don’t have to remember how each of your friends prefers to be contacted.  Many have wondered whether Facemail would be a serious threat to Google’s Gmail, Yahoo Mail and Microsoft Live Hotmail, given that Facebook has a user base of 500 million plus users from which to draw.  And, there was considerable concern raised by eDiscovery analysts that Facebook plans to preserve these messages, regardless of the form in which they are generated, forever.

However, Facemail isn’t likely to replace users’ current email accounts, according to an online poll currently being conducted by the Wall Street Journal.  More than 61 percent of over 4,001 participants who have taken the poll so far said they wouldn’t use Facebook Messages as their primary email service.  18.4 percent of voters said that they would use it as their primary email, with 20.5 percent indicating that they were not sure.  You can cast your vote here.  I just voted, so these numbers reflect “up-to-the-minute” poll results (as of 5:52 AM CST, Wednesday, December 08, that is).

Facebook CEO Mark Zuckerberg envisions the Facemail model of email, instant messaging and SMS text messages as a simpler, faster messaging model than email’s traditional subject lines and carbon copies, which Zuckerberg considers to be “antiquated”.

Whether Facemail develops as a serious threat to Gmail, Hotmail or Yahoo Mail (or even Microsoft Outlook or Lotus Notes) remains to be seen.  However, at least a couple of industry analysts think that it could become a significant development.

“A powerful, unified presence manager would also enable the user to express how he’d like to communicate, and to manipulate that ‘how’ and ‘when’ availability to different types of contacts,” industry analyst David Card stated in a post on GigaOm.com.  “If Facebook establishes Messages as a user’s primary tool to manage presence across multiple communications vehicles, it would be an incredibly sticky app, with huge customer lock-in potential.”

Gartner analyst Matt Cain told eWEEK.com, “It will have little impact at first on the public portal email vendors because it is a barebones email service. But if Facebook makes it the equivalent of these other services, it will have a significant deleterious impact on competing email services”.

As stated in the earlier post, it’s important to have a social governance policy in place to not only address new mechanisms such as Facemail, but all social media mechanisms that might be in use by your employees.

So, what do you think?  Do you plan to consider using Facemail as your primary email service?  Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Best Practices: Data Mapping for Litigation Readiness

 

Federal Rule 26(f)–the Meet and Confer rule–requires the parties in litigation to meet at an early stage to discuss the information they have and what they will share.   The parties must meet “at least 21 days before a scheduling conference is to be held or a scheduling order is due under Rule 16(b)”, which states that the “judge must issue the scheduling order…within the earlier of 120 days after any defendant has been served with the complaint or 90 days after any defendant has appeared.”.

That means the meet and confer is required 90-100 days after the case has been filed and, at that meeting the parties must disclose to each other “a copy of, or a description by category and location of, all documents, electronically stored information and tangible things that are in the possession, custody or control of the party and that the disclosing party may use to support its claims or defenses” (Rule 26(a)(1)(A)(ii)).  That’s not much time to develop a thorough understanding of what data may be potentially responsive to the case.

The best way for organizations to address this potential issue is proactively, before litigation even begins, by preparing a data map.  As the name implies, a data map simply provides a guide for legal and IT to the location of data throughout the company and important information about that data, such as the business units, processes and technology responsible for maintaining the data, as well as retention periods for that data.  An effective data map should enable in-house counsel to identify the location, accessibility and format of potentially responsive electronically stored information (ESI).

Four tips to creating and maintaining an effective data map:

  • Obtain Early “Buy-In”: Various departments within the organization have key information about their data, so it’s important to obtain early “buy-in” with each of them to ensure full cooperation and a comprehensive data map,
  • Document and Educate: It’s important to develop logical and comprehensive practices for managing data and provide regular education to employees (especially legal) about the organization’s data management policies so that data is where it is supposed to be,
  • Communicate Regularly: Groups need to communicate regularly so that new initiatives that may affect existing data stores or create new ones are known by all,
  • Update Periodically: Technology is constantly evolving, employees come and go and terminologies change.  Data maps must be reviewed and updated regularly to stay accurate.  If you created a data map two years ago and haven’t updated it, it probably doesn’t address new social media sources.

Preparing and maintaining a data map for your organization puts you in a considerably better position to respond quickly when litigation hits.

So, what do you think?  Does your organization have a data map?  Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Trends: Some SaaS Benefits for eDiscovery

I found an interesting article on Ezine Articles by Sharon Gonzalez, a freelance technical writer with 15 years experience writing on various technical subjects, especially in the areas of cloud computing, Software as a Service (SaaS), and Internet technologies.  The article entitled EDiscovery on SaaS, discusses some of the benefits of SaaS solutions for eDiscovery.

Gonzalez notes that “use of [the] eDiscovery SaaS model which has brought down the costs of many organizations” because the “model is a vendor hosted infrastructure that is highly secured and the customers can run the applications from their own machines”.  Advantages noted by Gonzalez include:

  • Easy Manageable Services: Legal teams are able to process, analyze and review data files using the eDiscovery tools from the SaaS provider via their own browser and control and secure information within those tools.  No software to install.
  • No Problem for Storage Space: The SaaS model “eliminates all requirements of added infrastructure for…increasing storage space”.  While many eDiscovery SaaS models charge a monthly fee based on data stored, that fee is eliminated once the data is no longer needed.
  • Cost-Effective Solutions Provided: Gonzalez notes “Since…the SaaS architecture is maintained by vendors, IT departments are free from the burden of maintaining it. It is also a cost-effective method as it cuts down expenditure on hiring additional IT professionals and other physical components. The companies have to pay a charge to the vendors which work out far cheaper than investing large sums themselves”.
  • Built-In Disaster Recovery: Redundant storage, backup systems, backup power supplies, etc. are expensive to implement, but those mechanisms are a must for SaaS providers to provide their clients with the peace of mind that their data will be secure and accessible.  Because the SaaS provider is able to allocate the cost for those mechanisms across all of its clients, costs for each client are considerably less to provide that secure environment.

There are SaaS applications for eDiscovery throughout the EDRM life cycle from Information Management thru Presentation.

Full disclosure: Trial Solutions is the leader in self service, on demand SaaS litigation document review solutions, offering FirstPass™, powered by Venio FPR™, for early case assessment and first pass review as well as OnDemand™ for linear review and production.

So, what do you think?  Have you used any SaaS hosted solutions for eDiscovery?  Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Trends: Sanctions at an All-Time High

eDiscovery sanctions are at an all-time high, according to a Duke Law Journal law review article.  The article summarizes a study of 401 cases involving motions for sanctions related to discovery of electronically stored information (ESI) in federal courts through 2009, with a total of 230 sanction awards in those cases.  A link to the article can be found here.

In an increasing number of cases, more attention is focused on eDiscovery than on the merits, with a motion for sanctions becoming very common.  The sanctions imposed against parties in many of these cases have been severe, including adverse jury instructions, significant monetary awards and even dismissals. These sanctions have occurred despite the safe harbor provisions of Rule 37(e) of the Federal Rules of Civil Procedure, which have provided little protection to parties or counsel.

The study also found that defendants are sanctioned almost three times as often as the plaintiffs in a lawsuit (175 to 53). The most common type of misconduct to receive a sanction was failing to preserve relevant information (sanctions were granted in 90 cases). Often, multiple types of misconduct led to the sanctions. Other types of misconduct included a failure to produce information and delays in producing the information.

Other key notable stats:

  • 354 of the 401 cases where sanctions were requested and 198 of the 230 sanction awards have occurred since 2004;
  • The most common types of cases with sanctions are employment (17 percent), contract (16 percent), intellectual property (15.5 percent) and tort cases (11 percent);
  • 183 district court judges and 111 magistrate judges from 75 federal districts in 44 states, the Virgin Islands, the District of Columbia, and Puerto Rico, have issued written opinions regarding e-discovery sanctions;
  • Cases involving e-discovery sanctions and sanction awards more than tripled between 2003 and 2004, from 9 to 29 sanction cases, and from 6 to 21 sanction awards;
  • There were more e-discovery sanction cases (97) and more e-discovery sanction awards (46) in 2009 than in any prior year – more than in all years prior to 2005 combined!!

The study also has a year-to-year breakdown of sanctions from 1981 through 2009, with a bar chart that illustrates the tremendous growth in sanction cases and awards in the last six years.  A partner and senior attorneys at King & Spaulding’s Discovery Center assisted the students in analyzing the cases and identifying the trends in sanctions.

So, what do you think?  Have you been involved in any cases where sanctions have been requested or awarded?  Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Tips: Word’s Stupid “Smart Quotes”

I have run into this issue more times than I can count.

A client sends me a list of search terms that they want to use to cull a set of data for review in a Microsoft® Word document.  I copy the terms into the search tool and then, all hell breaks loose!!  Either:

The search indicates there is a syntax error

OR

The search returns some obviously odd results

And, then, I remember…

It’s those stupid Word “smart quotes”.  Starting with Office 2003, Microsoft Word, by default, automatically changes straight quotation marks ( ‘ or ” ) to curly quotes as you type. This is fine for display of a document in Word, but when you copy that text to a format that doesn’t support the smart quotes (such as HTML or a plain text editor), the quotes will show up as garbage characters because they are not supported ASCII characters.  So:

“smart quotes” aren’t very smart

will look like this…

âsmart quotesâ arenât very smart

As you can imagine, that doesn’t look so “smart” when you feed it into a search tool and you get odd results (if the search even runs).  So, you’ll need to address those to make sure that the quotes are handled correctly when searching for phrases with your search tool.

To disable the automatic changing of quotes to Microsoft Word smart quotes: For Office 2007, click the Microsoft Office icon button at the top left of Word, and then click the Word Options button to open options for Word.  Click Proofing along the side of the pop-up window, then click AutoCorrect Options.  Click the AutoFormat tab and uncheck the Replace “Smart Quotes” with “Smart Quotes” check box.  Then, click OK.

To replace Microsoft Word smart quotes already in a file: Often, however, the file you’ve received already has smart quotes in it.  If you’re going to use the terms in that file, you’ll need to copy them to a text editor first – Notepad or Wordpad (if Wordpad is in plain text document mode) should be fine.  Highlight the beginning quote and copy it to the clipboard (Ctrl+C), then Ctrl+H to open up the Find and Replace dialog, put your cursor in the Find box and press Ctrl+V to paste it in.  Type the character on the keyboard into the Replace box, then press Replace All to replace all beginning smart quotes with straight ones.  Repeat the process for the ending smart quotes.  You’ll also have to do this if you have any single quotes, double-hyphens, fraction characters (e.g., Word converts “1/2” to “½”), etc. that impact your terms.

So, what do you think?  Have you ever run into issues with Word smart quotes or other Word auto formatting options?  Please share any comments you might have or if you’d like to know more about a particular topic.

From all of us at Trial Solutions…Have a Happy Thanksgiving!!

eDiscovery Trends: Facemail and eDiscovery

Email is dead.

So says Facebook founder Mark Zuckerberg.  “It’s too formal,” he declared, announcing his company’s new messaging service last week in San Francisco.

Facebook announced last week that it’s rolling out a new messaging system, including chat, text messaging, status updates and email (surprise!).  Zuckerberg touts it as a way of bringing messaging systems together in one place, so you don’t have to remember how each of your friends prefers to be contacted.  Will the integrated product (informally dubbed “Facemail”) that some have called “Gmail killer” be a serious threat to Gmail, MSN and Yahoo Mail?  Maybe.  With 500 million plus users, Facebook certainly has a head start towards a potentially large user base.

However, some caveats to consider from a business standpoint:

  1. Facemail messages will be clustered by sender instead of by subject, which they consider to be “antiquated”.  May be great from a social standpoint, but not so good when you need to follow the thread of a conversation with multiple people.
  2. Unified messaging is not an entirely new concept.  Just last year, Google introduced Google Wave, designed to “merge key features of media like e-mail, instant messaging, wikis, and social networking”.  Earlier this year, Google announced plans to scrap Google Wave after it failed to gain a significant following.  It will be interesting to see whether Facebook can succeed where Google failed.
  3. From an eDiscovery perspective, the potential concern is that Facebook plans to preserve these messages, regardless of the form in which they are generated, forever.  So, if your company has a retention policy in place, these communications will fall outside of that policy.

Is it time to panic?  It might be tempting to overreact and ban the use of Facemail and other outside email and social media sites, but that seems impractical in today’s social media climate.

A better approach is to have a policy in place to govern use of outside email, chat and social media that covers what employees should do (e.g., act responsibly and ethically when participating in online communities), what employees should not do (e.g., disclose confidential information, plagiarize copyrighted information, etc.) and the consequences for violating the policy (e.g., lost customers, firings, lawsuits, etc.).  We will talk more about a social governance policy in an upcoming post.  In the meantime, here is a reference to our September post for information on requesting information from Facebook via civil subpoena.

So, what do you think?  Does your company have a social governance policy?  Please share any comments you might have or if you’d like to know more about a particular topic.

P.S. – So, what happened to the architect behind Google Wave, Lars Rasmussen?  He just joined Facebook.  Interesting, huh?  🙂

eDiscovery Trends: Sedona Conference Commentary on Proportionality

 

Last month, The Sedona Conference® made available its Commentary on Proportionality in Electronic Discovery, which is a project of The Sedona Conference Working Group on Electronic Document Retention & Production (WG1).  The commentary is initially being published as a "public comment version", giving participants in the legal industry an opportunity to provide comments that the editors will review and incorporate edits where appropriate into the final version.  A copy of the PDF publication can be downloaded here.

The commentary discusses the origins of the doctrine of proportionality, provides examples of its application and proposes principles for guidance, providing “a framework for the application of the doctrine of proportionality to all aspects of electronic discovery”.  Among other things, the publication identifies six Principles of Proportionality intended to provide that framework, using existing (Federal) rules and case law to support each principle.  These common-sense principles are:

  1. The burdens and costs of preservation of potentially relevant information should be weighed against the potential value and uniqueness of the information when determining the appropriate scope of preservation.
  2. Discovery should generally be obtained from the most convenient, least burdensome, and least expensive sources.
  3. Undue burden, expense, or delay resulting from a party’s action or inaction should be weighed against that party.
  4. Extrinsic information and sampling may assist in the analysis of whether requested discovery is sufficiently important to warrant the potential burden or expense of its production.
  5. Nonmonetary factors should be considered when evaluating the burdens and benefits of discovery.
  6. Technologies to reduce cost and burden should be considered in the proportionality analysis.

After stating the six principles above, the commentary goes on to discuss specific rules and case law that supports issues to consider such as the availability of information from other sources, waiver and undue delay, and burden versus benefit.  It then goes on to discuss the existing rules and case law that supports each principle.

To submit a public comment, you can download a public comment form here, complete it and fax(!) it to The Sedona Conference® at 928-284-4240.  If, like me, you’re opposed to using 1990s technology to submit your comments, the publication also notes that you can also submit feedback by emailing them at rgb@sedonaconference.org.

So, what do you think?  Have you encountered any cases where proportionality of discovery requests are at issue? Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Trends: CGOC Information Governance Benchmark Report

Last month, at the EDRM Mid-Year Meetings, the Information Management Reference Model (IMRM) team within EDRM presented a status report for their project (as all of the project teams do during these meetings).  As a part of that presentation, the team presented findings from the first survey conducted by the Compliance, Governance and Oversight Council (CGOC) in collaboration with the IMRM of legal, records management (RIM) and IT practitioners in Global 1000 companies.  You can request a copy of the report here.

According to the CGOC report, there was an even distribution of respondents between legal, RIM and IT.  Just a few of the very interesting findings include:

    • Ineffective Disposal of Data: 75% of respondents identified the inability to defensibly dispose of data as the greatest challenge, leaving “massive” amounts of legacy data,
  • “People Glue” Compliance Processes: 70% of respondents depend on “liaisons and people glue” to support discovery and regulatory obligations within information management (as opposed to reliable and repeatable systems and processes),
  • Disconnect Between Legal, RIM and IT: There are big gaps between retention schedule development, legal hold communication, and information management.  Some key stats:
    • 77% said their retention schedules were not actionable as is or could only be applied to paper,
    • 75% of schedules included only regulatory record keeping requirements or long-range business information,
    • 66% did not describe legal holds by the records associated with them, and
    • 50% of IT departments never used the retention schedule when disposing of data.
  • Who’s In Charge?: Legal and RIM identified RIM as the organization responsible for “information management and disposal” whereas IT considered themselves responsible for this function.

These are just a handful of findings in this report, which clearly shows that most large organizations still feel that there is still much work to be done to achieve an effective information governance program.  The CGOC (and IMRM) have done a terrific job at compiling a comprehensive and informative report that illustrates the current state of affairs of information management in the corporate world.  Request your copy of the report to learn more!

So, what do you think?  How is your organization managing information governance?  Is it facing similar issues? Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Searching: Types of Exception Files

Friday, we talked about how to address the handling of exception files through agreement with opposing counsel (typically, via the meet and confer) to manage costs and avoid the potential for spoliation claims.  There are different types of exception files that might be encountered in a typical ESI collection and it’s important to know how those files can be recovered.

Types of Exception Files

It’s important to note that efforts to “fix” these files will often also change the files (and the metadata associated with them), so it’s important to establish with opposing counsel what measures to address the exceptions are acceptable.  Some files may not be recoverable and you need to agree up front how far to go to attempt to recover them.

  • Corrupted Files: Files can become corrupted for a variety of reasons, from application failures to system crashes to computer viruses.  I recently had a case where 40% of the collection was contained in 2 corrupt Outlook PST files – fortunately, we were able to repair those files and recover the messages.  If you have readily accessible backups of the files, try to restore them from backup.  If not, you will need to try using a repair utility.  Outlook comes with a utility called SCANPST.EXE that scans and repairs PST and OST files, and there are utilities (including freeware utilities) available via the web for most file types.  If all else fails, you can hire a data recovery expert, but that can get very expensive.
  • Password Protected Files: Most collections usually contain at least some password protected files.  Files can require a password to enable them to be edited, or even just to view them.  As the most popular publication format, PDF files are often password protected from editing, but they can still be viewed to support review (though some search engines may fail to index them).  If a file is password protected, you can try to obtain the password from the custodian providing the file – if the custodian is unavailable or unable to remember the password, you can try a password cracking application, which will run through a series of character combinations to attempt to find the password.  Be patient, it takes time, and doesn’t always succeed.
  • Unsupported File Types: In most collections, there are some unusual file types that aren’t supported by the review application, such as files for legacy or specialized applications (e.g., AutoCad for engineering drawings).  You may not even initially know what type of files they are; if not, you can find out based on file extension by looking the file extension up in FILExt.  If your review application can’t read the files, it also can’t index the files for searching or display them for review.  If those files may be responsive to discovery requests, review them with the native application to determine their relevancy.
  • No-Text Files: Files with no searchable text aren’t really exceptions – they have to be accounted for, but they won’t be retrieved in searches, so it’s important to make sure they don’t “slip through the cracks”.  It’s common to perform Optical Character Recognition (OCR) on TIFF files and image-only PDF files, because they are common document formats.  Other types of no-text files, such as pictures in JPEG or PNG format, are usually not OCRed, unless there is an expectation that they will have significant text.

It’s important for review applications to be able to identify exception files, so that you know they won’t be retrieved in searches without additional processing.  FirstPass™, powered by Venio FPR™, is one example of an application that will flag those files during processing and enable you to search for those exceptions, so you can determine how to handle them.

So, what do you think?  Have you encountered other types of exceptions?  Please share any comments you might have or if you’d like to know more about a particular topic.