Posts By :

Doug Austin

Court Denies Criminal Defendant’s Motion to Suppress Evidence Obtained via Warrantless Search: eDiscovery Case Law

In United States v. Caputo, No. 3:18-cr-00428-IM (D. Or Nov. 6, 2019), Oregon District Judge Karin J. Immergut denied the defendant’s motion to suppress emails and evidence derived from a warrantless search of Defendant’s workplace email account, finding “any expectation of privacy in Defendant’s work email was objectively unreasonable under the military’s computer-use policies in effect at his workplace.”

Case Background

In this case where the defendant was indicted on four counts of wire fraud, the defendant filed a motion to suppress emails and evidence derived from a warrantless search of the defendant’s workplace email account.  The Government’s response to the motion provided additional facts about the email account and the context in which it received copies of the defendant’s emails, including an image of the banner message displayed when the defendant logged on to his work computer system and two policies which governed the defendant’s computer use at work.

During the period at issue in this case, the warning banner advised (among other things) that at any time, the US Government may inspect and seize data stored on the information system.  The defendant was also subject to the Oregon National Guard’s acceptable use policy and Employees of the Oregon National Guard, including the defendant, were required to sign the policy before they received computer access. They also had to acknowledge and recertify their understanding of the policy annually.

Judge’s Ruling

Judge Immergut noted that “Defendant has not offered any evidence that he had a subjective expectation of privacy in his work email” and stated that “any expectation of privacy in Defendant’s work email was objectively unreasonable under the military’s computer-use policies in effect at his workplace.”

Judge immergut also rejected two cases that the defendant cited to support his claim of a reasonable expectation of privacy, stating that “neither case requires suppression here” and that “[u]nder these circumstances, it was objectively unreasonable for Defendant to expect privacy in his work email.”  As a result, Judge Immergut denied the defendant’s motion to suppress.

So, what do you think?  Should employees expect privacy within their work email accounts?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Pennsylvania Supreme Court Rules that Forcing Provision of Computer Password Violates the Fifth Amendment: eDiscovery Case Law

In Commonwealth v. Davis, No. 56 MAP 2018 (Pa. Nov. 20, 2019), the Supreme Court of Pennsylvania, in a 4-3 ruling, overturned a lower-court order that required a criminal suspect to turn over a 64-character password to his computer, concluding that “compelling the disclosure of a password to a computer, that is, the act of production, is testimonial” and rejecting the Commonwealth’s argument that provision of the password was a foregone conclusion, finding that “the prohibition of application of the foregone conclusion rationale to areas of compulsion of one’s mental processes would be entirely consistent with” US Supreme Court decisions.

Case Background

In this case involving alleged child-pornography activities, agents of the Office of Attorney General (“OAG”) executed a search warrant at Appellant’s apartment based upon a video found to contain child pornography being shared via a peer-to-peer file-sharing network (eMule) from an IP address associated with the appellant.  At Appellant’s apartment, after the agents discovered a single computer, an HP Envy 700 desktop, which was encrypted with TrueCrypt, Appellant informed the agents that he lived alone, that he was the sole user of the computer, and that only he knew the password to his computer.  When the agent requested that Appellant provide him with the password to the computer, he responded: “It’s 64 characters and why would I give that to you? We both know what’s on there. It’s only going to hurt me. No f*cking way I’m going to give it to you.”  Appellant was charged with two counts of disseminating child pornography in violation of 18 Pa.C.S. § 6312(c), and two counts of criminal use of a communication facility in violation of 18 Pa.C.S. § 7512(a).

On December 17, 2015, the Commonwealth filed with the trial court a pre-trial motion to compel Appellant to divulge the password to his HP 700 computer. Appellant responded by invoking his right against self-incrimination.  The trial court focused on the question of whether the encryption was testimonial in nature, and, thus, protected by the Fifth Amendment.  Applying the foregone conclusion exception, the trial court determined that the information the Commonwealth sought from Appellant was a foregone conclusion, in that the facts to be conveyed by Appellant’s act of production of his password already were known to the government. As, according to the trial court, Appellant’s revealing his password would not provide the Commonwealth with any new evidence, and would simply be an act that permitted the Commonwealth to retrieve what was already known to them, the foregone conclusion exception was satisfied.  A three-judge panel of the Superior Court later affirmed that ruling, leading to appeal to the Pennsylvania Supreme Court.

Judge’s Ruling

In the majority opinion written by Justice Debra Todd, she wrote:

“Based upon these cases rendered by the United States Supreme Court regarding the scope of the Fifth Amendment, we conclude that compelling the disclosure of a password to a computer, that is, the act of production, is testimonial. Distilled to its essence, the revealing of a computer password is a verbal communication, not merely a physical act that would be nontestimonial in nature. There is no physical manifestation of a password, unlike a handwriting sample, blood draw, or a voice exemplar. As a passcode is necessarily memorized, one cannot reveal a passcode without revealing the contents of one’s mind. Indeed, a password to a computer is, by its nature, intentionally personalized and so unique as to accomplish its intended purpose — keeping information contained therein confidential and insulated from discovery. Here, under United States Supreme Court precedent, we find that the Commonwealth is seeking the electronic equivalent to a combination to a wall safe — the passcode to unlock Appellant’s computer. The Commonwealth is seeking the password, not as an end, but as a pathway to the files being withheld. As such, the compelled production of the computer’s password demands the recall of the contents of Appellant’s mind, and the act of production carries with it the implied factual assertions that will be used to incriminate him. Thus, we hold that compelling Appellant to reveal a password to a computer is testimonial in nature.”

Judge Todd also, after commenting on several US Supreme Court rulings, stated “the prohibition of application of the foregone conclusion rationale to areas of compulsion of one’s mental processes would be entirely consistent with the Supreme Court decisions, surveyed above, which uniformly protect information arrived at as a result of using one’s mind. To broadly read the foregone conclusion rationale otherwise would be to undercut these pronouncements by the high Court.”

Judge Max Baer offered the dissenting opinion, stating: “In my opinion, the compulsion of Appellant’s password is an act of production, requiring him to produce a piece of evidence similar to the act of production requiring one to produce a business or financial document”.  He also stated: “Under the majority’s reasoning, the compelled production of documents would be tantamount to placing the defendant on the stand and requiring him to testify as to the location of the documents sought. The mere fact that Appellant is required to think in order to complete the act of production, in my view, does not immunize that act of production from the foregone conclusion rationale.”

Nonetheless, by a 4-3 vote, the Pennsylvania Supreme Court reversed the order of the Superior Court and remanded the matter to the Superior Court, for remand to the trial court, for proceedings consistent with the majority Opinion.

Here’s a case from earlier this year with a different result.

So, what do you think?  Should defendants be ordered to provide their passcodes, even if it leads to incriminating evidence against them?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Happy Thanksgiving!

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

It’s Time for Your Annual “Mashup” of eDiscovery Market Estimates!: eDiscovery Trends

The appearance of the mashed potato graphic can only mean one thing.  Nope, not that it’s Thanksgiving week (though, many of us will enjoy our mashed potatoes this Thursday).  It means that it’s time for the eDiscovery Market Size Mashup that Rob Robinson compiles and presents on his Complex Discovery site each year.

It’s become an annual tradition for Rob to release it earlier and earlier each year, and, this year, he released his worldwide eDiscovery services and software overview for 2019 to 2024 on November 12 (not quite before Halloween like I predicted last year, but still eight days earlier than last year, so it might happen next year).  ;o)

This is the eighth(!) year we have covered the “mashup”(!) and we can continue to gauge how accurate those first predictions were.  The first “mashup” covered estimates for 2012 to 2017 and the second one covered 2013 to 2018.  Last year, we took a look how close the estimate was for 2018 back then.  This year, we can look at the original 2019 with a look back at the estimates for 2014-2019 (in two parts).  We’ve also covered estimates for 2015 to 2020, 2016 to 2021, 2017 to 2022 and 2018 to 2023 and will undoubtedly look at those in future years.

Taken from a combination of public market sizing estimations as shared in leading electronic discovery publications, posts, and discussions (sources listed on Complex Discovery), the following eDiscovery Market Size Mashup shares general market sizing estimates for the software and services area of the electronic discovery market for the years between 2019 and 2024.

Here are some highlights (based on the estimates from the compiled sources on Rob’s site):

  • The eDiscovery Software and Services market is expected to grow an estimated 12.93% Compound Annual Growth Rate (CAGR) per year from 2019 to 2024 from $11.23 billion to $20.63 billion per year. Services will comprise approximately 69.7% of the market and software will comprise approximately 30.3% by 2024.
  • The eDiscovery Software market is expected to grow at an estimated 13.05% CAGR per year from $3.39 billion in 2019 to $6.26 billion in 2024. In 2019, software comprises 30.2% of the market and, by 2024, approximately 64% of the eDiscovery software market is expected to be “off-premise” – a.k.a. cloud and other Software-as-a-Service (SaaS)/Platform-as-a-Service (PaaS)/Infrastructure-as-a-Service (IaaS) solutions.
  • The eDiscovery Services market is expected to grow at an estimated 12.88% CAGR per year from 2019 to 2024 from $7.84 billion to $14.37 billion per year. The breakdown of the services market by 2024 is expected to be as follows: 63% review, 20% processing and 17% collection.

If we look at the original “mashup” that we covered for 2014-2019 (in two parts), the original eDiscovery Software and Services market estimate for 2019 was $10.56 billion, the original Software portion of the estimate was $3.38 billion and the original Services portion of the estimate was $7.18 billion.  So, the original software estimate was understated at .01 billion, while the original services estimate was understated by .66 billion.  Overall, that’s an understatement of .67 billion.  A reversal from last year, where all of the 2018 estimates were overstated from the actual 2018 numbers reported last year.

A couple of other notable stats:

  • The U.S. constitutes approximately 63% of worldwide eDiscovery software and services spending in 2019, with that number decreasing to approximately 58% by 2024.
  • Off-Premise software spending constitutes approximately 54% of worldwide eDiscovery software spending in 2019, with that number increasing to approximately 64% by 2023. That’s a considerably slower move to off-premise than previously forecast five years ago (78% by 2019).  So, on-premise software is still a significant portion of the software market and is expected to be for some time to come.

So, what do you think?  Do any of these numbers surprise you?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Here’s a Webcast to Learn about Important eDiscovery Developments for 2019: eDiscovery Webcasts

I know it seems like we just conducted a webcast (we did, three days ago), but we already have another one coming up!  2019 was another busy year from an eDiscovery, cybersecurity and data privacy standpoint.  What do you need to know about those important 2019 events?  Here’s a webcast that will discuss what you need to know about important 2019 events and how they impact your eDiscovery efforts.

On Wednesday, December 11 at noon CST (1:00pm EST, 10:00am PST), CloudNine will conduct the webcast 2019 eDiscovery Year in Review.  In this one-hour webcast that’s CLE-approved in selected states, we will discuss key events and trends in 2019, what those events and trends mean to your discovery practices and provide our predictions for 2020. Key topics include:

  • How Much Data is Being Transmitted Every Minute on the Internet in 2019
  • What a Lawyer’s Notification Duty When a Data Breach Occurs
  • General Data Protection Regulation (GDPR) and Data Privacy Fines
  • Biometric Security and Data Privacy Litigation
  • Cell Phone Passwords and the Fifth Amendment
  • How Organizations Are Doing on Compliance with the California Consumer Privacy Act (CCPA)
  • Social Media and Judges Accepting “Friend” Requests from Litigants
  • How #metoo and Investigations are Impacting eDiscovery within Organizations
  • Whether Emojis Are the Next eDiscovery Challenge
  • The Challenge to Obtain Significant Spoliation Sanctions under the New Rule 37(e)
  • Whether Lawyers Are “Failing” at Cybersecurity?
  • Outside Hackers vs. Internal Employees As Cybersecurity Threat
  • Sanctions Resulting from Inadvertent Disclosure of Privileged Information

As always, I’ll be presenting the webcast, along with Tom O’Connor.  To register for it, click here – it’s not too late! Even if you can’t make it, go ahead and register to get a link to the slides and to the recording of the webcast (if you want to check it out later).  If you want to learn how key events and trends in 2019 can affect your eDiscovery practice in 2020, this webcast is for you!

So, what do you think?  Do you have FOMO (fear of missing out) on important info for 2019?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Exceptions are the Rule: eDiscovery Throwback Thursdays

Here’s our latest blog post in our Throwback Thursdays series where we are revisiting some of the eDiscovery best practice posts we have covered over the years and discuss whether any of those recommended best practices have changed since we originally covered them.

This post was originally published on November 12, 2010, when eDiscovery Daily was less than two months old (over nine years ago!).  Despite that, the advice below is still largely as written back then – it is still applicable today pretty much as is.  Enjoy!

Virtually every collection of electronically stored information (ESI) has at least some files that cannot be effectively searched.  Corrupt files, password protected files and other types of exception files are pretty much constant components of your ESI collection and it can become very expensive to make these files searchable or reviewable.  Being without an effective plan for addressing these files could lead to problems – even spoliation claims – in your case.

How to Address Exception Files

The best way to develop a plan for addressing these files that is reasonable and cost-effective is to come to agreement with opposing counsel on how to handle them.  The prime opportunity to obtain this agreement is during the meet and confer with opposing counsel.  The meet and confer gives you the opportunity to agree on how to address the following:

  • Efforts Required to Make Unusable Files Usable: Corrupted and password protected files may be fairly easily addressed in some cases, whereas in others, it takes extreme (i.e., costly) efforts to fix those files (if they can be fixed at all). Up-front agreement with the opposition helps you determine how far to go in your recovery efforts to keep those recovery costs manageable.
  • Exception Reporting: Because there will usually be some files for which recovery is unsuccessful (or not attempted, if agreed upon with the opposition), you need to agree on how those files will be reported, so that they are accounted for in the production. The information on exception reports will vary depending on agreed upon format between parties, but should typically include: file name and path, source custodian and reason for the exception (e.g., the file was corrupt).

If your case is in a jurisdiction where a meet and confer is not required (such as state cases where the state has no meet and confer rule for eDiscovery), it is still best to reach out to opposing counsel to agree on the handling of exception files to control costs for addressing those files and avoid potential spoliation claims.

Next time, we’ll talk about the types of exception files and the options for addressing them.  Be patient – next Thursday is a holiday!  ;o)

So, what do you think?  Have you been involved in any cases where the handling of exception files was disputed?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Another Sign That Companies Aren’t Ready for CCPA Yet: Data Privacy Trends

As we’ve reported several times (including just last week), the California Consumer Privacy Act (CCPA) is scheduled to go into effect on January 1 next year.  That’s only 42 days from now!  Here’s another sign that companies still aren’t ready for it yet.

As reported by Legaltech® News (CCPA Uncertainty May Put Cloud Agreements Up in the Air, written by Frank Ready), it appears that many businesses still have some prep work ahead of them when it comes to updating their cloud agreements.

That insight arrives courtesy of Baker McKenzie’s 2019 Cloud Survey, which garnered 190 responses from professionals across the globe working in roles that include legal, information security, sales, marketing, information technology, procurement and C-suite level.

While 80% of those respondents indicated they had amended cloud agreements as a result of the EU’s General Data Protection Regulation, only 26% had done the same for the CCPA. An additional 44% said “not yet” with regards to the CCPA, while 30% answered “no.”

Aren’t “not yet” and “no” the same thing?  ;o)

Anyway, part of the delay in amending cloud agreements for the CCPA may be attributable to the CCPA itself. Jarno Vanto, a partner at Crowell & Moring, pointed out that the final text of the privacy regulation won’t be solidified until December.

“So that’s made it somewhat challenging, for example, to come up with language for [cloud or other] agreements that will meet the CCPA requirements,” Vanto said.

However, time may be a luxury that organizations can’t afford. Christopher Ballod, a partner a Lewis Brisbois Bisgaard & Smith, said that by the time December rolls around, the process of ironing out all of the mechanics involved in a cloud agreement, including putting mechanisms in place to satisfy subject data requests, may be too much to accomplish before the CCPA’s implementation date.

While having previously undertaken a similar process to comply with the GDPR may provide impacted parties with a data map and a framework to start from, the CCPA adds a new wrinkle in the form of a private right of action that could find organizations and their cloud providers embroiled in a protracted game of hardball negotiations over where the burden of that liability falls.

While CCPA goes into effect January 1, enforcement isn’t expected to begin until July 2020.  That gives a little more time to become compliant, but that time can evaporate quickly.

So, what do you think?  Has your organization prepared for CCPA?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Today’s Webcast Will Discuss the DOS and DON’TS of 30(b)(6) Witness Depositions: eDiscovery Webcasts

As we learned in Tom O’Connor’s recent six part blog series, Rule 30(b)(6) permits a party to notice or subpoena the deposition of an organization which then must then designate one or more individuals who consent to testify on its behalf about information “known or reasonably available to the organization.”  But, how should it be conducted to maximize the discovery obtained, what are some strategies to consider to help ensure a successful deposition and what are some common mistakes to avoid?  And, what are some eDiscovery related topics about which a 30(b)(6) witness should be prepared to testify?  Today’s webcast that will answer those questions – and more!

TODAY at noon CST (1:00pm EST, 10:00am PST), CloudNine will conduct the webcast DO’S and DON’TS of a 30(b)(6) Witness Deposition.  This CLE-approved* webcast session will (obviously) discuss the DO’S and DON’TS of preparing for and conducting a 30(b)(6) witness deposition. Key topics include:

  • Initial Considerations for 30(b)(6) Witness Depositions
  • Proposed Changes to Rule 30(b)(6)
  • Potential eDiscovery Topics for Your 30(b)(6) Witnesses
  • Common Mistakes in Preparing 30(b)(6) Witnesses
  • Specific Strategies to Consider for 30(b)(6) Witness Depositions
  • Case Study: Example of a Hostile 30(b)(6) Witness Presentation
  • 39 Rules for Corporate 30(b)(6) Witness Depositions

As always, I’ll be presenting the webcast, along with Tom O’Connor.  To register for it, click here – it’s not too late! Even if you can’t make it, go ahead and register to get a link to the slides and to the recording of the webcast (if you want to check it out later).  If you want to learn the ins and outs of preparing for and conducting a 30(b)(6) witness deposition, this is the webcast for you!

So, what do you think?  Have you ever been a 30(b)(6) deponent?  Or been involved in preparing one for testimony?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Denies Motion to Redact Portions of eDiscovery Teleconference: eDiscovery Case Law

In Pacific Biosciences of California, Inc. v. Oxford Nanopore Tech., Inc. et al., Nos. 17-275-LPS, 17-1353-LPS (D. Del. Nov. 4, 2019), Delaware Magistrate Judge Jennifer L. Hall denied the defendants’ Motion to Redact Portions of the August 14, 2019 Discovery Teleconference and the related submissions, stating: “The public has an interest in understanding judicial proceedings, even if they have a limited interest in documents submitted in connection with discovery dispute proceedings.”

Judge’s Ruling

In making her ruling, Judge Hall stated that “although there is no presumptive right of public access to discovery motions and supporting documents filed with the court,…the public does have a right of access to hearing transcripts.”  She also quoted Softview LLC v. Apple Inc., No. 10-389, 2012 WL 3061027, at *9 (D. Del. Jul. 26, 2012), which said: “[T]he party seeking the closure of a hearing or the sealing of part of the judicial record bears the burden of showing that the material is the kind of information that courts will protect and that disclosure will work a clearly defined and serious injury to the party seeking closure.”

Ruling on that, Judge Hall stated: “In this case, Defendants have failed to meet their burden to show that disclosure of the unredacted transcript would work a ‘clearly defined and serious injury’ upon them…I have also reviewed each of the proposed redactions, and I think that it is unlikely that the particular information at issue is capable of working the kind of serious injury contemplated by the rule. For example, the proposed redactions do not contain trade secrets, scientific data, strategic plans, or financial information. And merely stating that the proposed redactions contain discussions of documents marked ‘Confidential’ or ‘Highly Confidential’ is insufficient to support a motion to redact a transcript of a judicial proceeding…Finally, any minimal potential harm that disclosure might cause is outweighed by the public interest in having access to judicial proceedings.”

For those reasons, Judge Hall denied the defendants’ motion.

So, what do you think?  Are there situations where parties should be able to have proceedings redacted?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Microsoft Supports CCPA, But Wants It To Be Even Stronger: Data Privacy Trends

We’re getting closer and closer to the deadline for the California Consumer Privacy Act (CCPA), which is scheduled to go into effect on January 1 next year, even though there is still a lot to be determined with regard how companies must comply.  At least one major corporation supports the new law.  But, that company also wants to see it strengthened.

As reported in Legaltech News® (Microsoft’s Top Privacy Lawyer Says CCPA Should Be Strengthened, written by Phillip Bantz), Microsoft Corp. chief privacy lawyer Julie Brill wrote in a blog post published Monday that the CCPA “marks an important step toward providing people with more robust control over their data in the United States. It also shows that we can make progress to strengthen privacy protections in this country at the state level even when Congress can’t or won’t act.”

Brill voiced Microsoft’s commitment to security by stating: “We are strong supporters of California’s new law and the expansion of privacy protections in the United States that it represents. Our approach to privacy starts with the belief that privacy is a fundamental human right and includes our commitment to provide robust protection for every individual. This is why, in 2018, we were the first company to voluntarily extend the core data privacy rights included in the European Union’s General Data Protection Regulation (GDPR) to customers around the world, not just to those in the EU who are covered by the regulation. Similarly, we will extend CCPA’s core rights for people to control their data to all our customers in the U.S.”

Brill, who serves as Microsoft’s corporate vice president and deputy general counsel for global privacy and regulatory affairs, went on to argue that the CCPA should be strengthened “by placing more robust accountability requirements on companies.”

For instance, businesses should have to minimize the amount of personal data that they keep, specify how and why they are collecting that data and be “more responsible for analyzing and improving data systems to ensure that they use personal data appropriately,” she wrote.

Brill added “we are calling upon policymakers in other states and in Congress to build upon the progress made by California and go further by incorporating robust requirements that will make companies more responsible for the data they collect and use, and other key rights from GDPR.  More requirements for companies, together with the rights and tools for people to control their data, will prevent placing the privacy burden solely on the individual, and will provide layers of data protection that are appropriate for the digital age.”

Apple CEO Tim Cook also previously called on Congress to pass comprehensive data-privacy regulation.  They’re not busy with anything else right now, are they?  ;o)

So, what do you think?  Are you surprised that Microsoft has been such a strong advocate of GDPR and CCPA?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

When Litigation Hits, The First 7 to 10 Days is Critical: eDiscovery Throwback Thursdays

Here’s our latest blog post in our Throwback Thursdays series where we are revisiting some of the eDiscovery best practice posts we have covered over the years and discuss whether any of those recommended best practices have changed since we originally covered them.

This post was originally published on June 28, 2012, when eDiscovery Daily was less than two years old.  This post has already been revisited a couple of times since and has been referenced in a handful of webcasts as well.  It’s still good advice today.  Enjoy!

When a case is filed (or even before, if litigation is anticipated then), several activities must be completed within a short period of time (often as soon as the first seven to ten days after filing) to enable you to assess the scope of the case, where the key electronically stored information (ESI) is located and whether to proceed with the case or attempt to settle with opposing counsel.  Here are several of the key early activities that can assist in deciding whether to litigate or settle the case.

Activities:

  • Create List of Key Employees Most Likely to have Documents Relevant to the Litigation: To estimate the scope of the case, it’s important to begin to prepare the list of key employees that may have potentially responsive data. Information such as name, title, e-mail address, phone number, office location and where information for each is stored on the network is important to be able to proceed quickly when issuing hold notices and collecting their data.
  • Issue Litigation Hold Notice and Track Results: The duty to preserve begins when you anticipate litigation; however, if litigation could not be anticipated prior to the filing of the case, it is certainly clear once the case if filed that the duty to preserve has begun. Hold notices must be issued ASAP to all parties that may have potentially responsive data.  Once the hold is issued, you need to track and follow up to ensure compliance.  Here are a couple of recent posts regarding issuing hold notices and tracking responses.
  • Interview Key Employees: As quickly as possible, interview key employees to identify potential locations of responsive data in their possession as well as other individuals they can identify that may also have responsive data so that those individuals can receive the hold notice and be interviewed.
  • Interview Key Department Representatives: Certain departments, such as IT, Records or Human Resources, may have specific data responsive to the case. They should also have certain processes in place for regular destruction of “expired” data, so it’s important to interview them to identify potentially responsive sources of data and stop routine destruction of data subject to litigation hold.
  • Inventory Sources and Volume of Potentially Relevant Documents: Potentially responsive data can be located in a variety of sources, including: shared servers, e-mail servers, employee workstations, employee home computers, employee mobile devices (including bring your own device (BYOD) devices), portable storage media (including CDs, DVDs and portable hard drives), active paper files, archived paper files and third-party sources (consultants and contractors, including cloud storage providers). Hopefully, the organization already has created a data map before litigation to identify the location of sources of information to facilitate that process.  It’s important to get a high-level sense of the total population to begin to estimate the effort required for discovery.
  • Plan Data Collection Methodology: Determining how each source of data is to be collected also affects the cost of the litigation. Are you using internal resources, outside counsel or a litigation support vendor?  Will the data be collected via an automated collection system or manually?  Will employees “self-collect” any of their own data?  Answers to these questions will impact the scope and cost of not only the collection effort, but the entire discovery effort.

These activities can result in creating an inventory of potentially responsive information and help in estimating discovery costs (especially when compared to past cases at the same stage) that will help in determining whether to proceed to litigate the case or attempt to settle with the other side.

So, what do you think?  How quickly do you decide whether to litigate or settle?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.