Close
Enter your
text here
Posts By :

Doug Austin

Exceptions are the Rule: eDiscovery Throwback Thursdays

Here’s our latest blog post in our Throwback Thursdays series where we are revisiting some of the eDiscovery best practice posts we have covered over the years and discuss whether any of those recommended best practices have changed since we originally covered them.

This post was originally published on November 12, 2010, when eDiscovery Daily was less than two months old (over nine years ago!).  Despite that, the advice below is still largely as written back then – it is still applicable today pretty much as is.  Enjoy!

Virtually every collection of electronically stored information (ESI) has at least some files that cannot be effectively searched.  Corrupt files, password protected files and other types of exception files are pretty much constant components of your ESI collection and it can become very expensive to make these files searchable or reviewable.  Being without an effective plan for addressing these files could lead to problems – even spoliation claims – in your case.

How to Address Exception Files

The best way to develop a plan for addressing these files that is reasonable and cost-effective is to come to agreement with opposing counsel on how to handle them.  The prime opportunity to obtain this agreement is during the meet and confer with opposing counsel.  The meet and confer gives you the opportunity to agree on how to address the following:

  • Efforts Required to Make Unusable Files Usable: Corrupted and password protected files may be fairly easily addressed in some cases, whereas in others, it takes extreme (i.e., costly) efforts to fix those files (if they can be fixed at all). Up-front agreement with the opposition helps you determine how far to go in your recovery efforts to keep those recovery costs manageable.
  • Exception Reporting: Because there will usually be some files for which recovery is unsuccessful (or not attempted, if agreed upon with the opposition), you need to agree on how those files will be reported, so that they are accounted for in the production. The information on exception reports will vary depending on agreed upon format between parties, but should typically include: file name and path, source custodian and reason for the exception (e.g., the file was corrupt).

If your case is in a jurisdiction where a meet and confer is not required (such as state cases where the state has no meet and confer rule for eDiscovery), it is still best to reach out to opposing counsel to agree on the handling of exception files to control costs for addressing those files and avoid potential spoliation claims.

Next time, we’ll talk about the types of exception files and the options for addressing them.  Be patient – next Thursday is a holiday!  ;o)

So, what do you think?  Have you been involved in any cases where the handling of exception files was disputed?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Another Sign That Companies Aren’t Ready for CCPA Yet: Data Privacy Trends

As we’ve reported several times (including just last week), the California Consumer Privacy Act (CCPA) is scheduled to go into effect on January 1 next year.  That’s only 42 days from now!  Here’s another sign that companies still aren’t ready for it yet.

As reported by Legaltech® News (CCPA Uncertainty May Put Cloud Agreements Up in the Air, written by Frank Ready), it appears that many businesses still have some prep work ahead of them when it comes to updating their cloud agreements.

That insight arrives courtesy of Baker McKenzie’s 2019 Cloud Survey, which garnered 190 responses from professionals across the globe working in roles that include legal, information security, sales, marketing, information technology, procurement and C-suite level.

While 80% of those respondents indicated they had amended cloud agreements as a result of the EU’s General Data Protection Regulation, only 26% had done the same for the CCPA. An additional 44% said “not yet” with regards to the CCPA, while 30% answered “no.”

Aren’t “not yet” and “no” the same thing?  ;o)

Anyway, part of the delay in amending cloud agreements for the CCPA may be attributable to the CCPA itself. Jarno Vanto, a partner at Crowell & Moring, pointed out that the final text of the privacy regulation won’t be solidified until December.

“So that’s made it somewhat challenging, for example, to come up with language for [cloud or other] agreements that will meet the CCPA requirements,” Vanto said.

However, time may be a luxury that organizations can’t afford. Christopher Ballod, a partner a Lewis Brisbois Bisgaard & Smith, said that by the time December rolls around, the process of ironing out all of the mechanics involved in a cloud agreement, including putting mechanisms in place to satisfy subject data requests, may be too much to accomplish before the CCPA’s implementation date.

While having previously undertaken a similar process to comply with the GDPR may provide impacted parties with a data map and a framework to start from, the CCPA adds a new wrinkle in the form of a private right of action that could find organizations and their cloud providers embroiled in a protracted game of hardball negotiations over where the burden of that liability falls.

While CCPA goes into effect January 1, enforcement isn’t expected to begin until July 2020.  That gives a little more time to become compliant, but that time can evaporate quickly.

So, what do you think?  Has your organization prepared for CCPA?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Today’s Webcast Will Discuss the DOS and DON’TS of 30(b)(6) Witness Depositions: eDiscovery Webcasts

As we learned in Tom O’Connor’s recent six part blog series, Rule 30(b)(6) permits a party to notice or subpoena the deposition of an organization which then must then designate one or more individuals who consent to testify on its behalf about information “known or reasonably available to the organization.”  But, how should it be conducted to maximize the discovery obtained, what are some strategies to consider to help ensure a successful deposition and what are some common mistakes to avoid?  And, what are some eDiscovery related topics about which a 30(b)(6) witness should be prepared to testify?  Today’s webcast that will answer those questions – and more!

TODAY at noon CST (1:00pm EST, 10:00am PST), CloudNine will conduct the webcast DO’S and DON’TS of a 30(b)(6) Witness Deposition.  This CLE-approved* webcast session will (obviously) discuss the DO’S and DON’TS of preparing for and conducting a 30(b)(6) witness deposition. Key topics include:

  • Initial Considerations for 30(b)(6) Witness Depositions
  • Proposed Changes to Rule 30(b)(6)
  • Potential eDiscovery Topics for Your 30(b)(6) Witnesses
  • Common Mistakes in Preparing 30(b)(6) Witnesses
  • Specific Strategies to Consider for 30(b)(6) Witness Depositions
  • Case Study: Example of a Hostile 30(b)(6) Witness Presentation
  • 39 Rules for Corporate 30(b)(6) Witness Depositions

As always, I’ll be presenting the webcast, along with Tom O’Connor.  To register for it, click here – it’s not too late! Even if you can’t make it, go ahead and register to get a link to the slides and to the recording of the webcast (if you want to check it out later).  If you want to learn the ins and outs of preparing for and conducting a 30(b)(6) witness deposition, this is the webcast for you!

So, what do you think?  Have you ever been a 30(b)(6) deponent?  Or been involved in preparing one for testimony?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Denies Motion to Redact Portions of eDiscovery Teleconference: eDiscovery Case Law

In Pacific Biosciences of California, Inc. v. Oxford Nanopore Tech., Inc. et al., Nos. 17-275-LPS, 17-1353-LPS (D. Del. Nov. 4, 2019), Delaware Magistrate Judge Jennifer L. Hall denied the defendants’ Motion to Redact Portions of the August 14, 2019 Discovery Teleconference and the related submissions, stating: “The public has an interest in understanding judicial proceedings, even if they have a limited interest in documents submitted in connection with discovery dispute proceedings.”

Judge’s Ruling

In making her ruling, Judge Hall stated that “although there is no presumptive right of public access to discovery motions and supporting documents filed with the court,…the public does have a right of access to hearing transcripts.”  She also quoted Softview LLC v. Apple Inc., No. 10-389, 2012 WL 3061027, at *9 (D. Del. Jul. 26, 2012), which said: “[T]he party seeking the closure of a hearing or the sealing of part of the judicial record bears the burden of showing that the material is the kind of information that courts will protect and that disclosure will work a clearly defined and serious injury to the party seeking closure.”

Ruling on that, Judge Hall stated: “In this case, Defendants have failed to meet their burden to show that disclosure of the unredacted transcript would work a ‘clearly defined and serious injury’ upon them…I have also reviewed each of the proposed redactions, and I think that it is unlikely that the particular information at issue is capable of working the kind of serious injury contemplated by the rule. For example, the proposed redactions do not contain trade secrets, scientific data, strategic plans, or financial information. And merely stating that the proposed redactions contain discussions of documents marked ‘Confidential’ or ‘Highly Confidential’ is insufficient to support a motion to redact a transcript of a judicial proceeding…Finally, any minimal potential harm that disclosure might cause is outweighed by the public interest in having access to judicial proceedings.”

For those reasons, Judge Hall denied the defendants’ motion.

So, what do you think?  Are there situations where parties should be able to have proceedings redacted?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Microsoft Supports CCPA, But Wants It To Be Even Stronger: Data Privacy Trends

We’re getting closer and closer to the deadline for the California Consumer Privacy Act (CCPA), which is scheduled to go into effect on January 1 next year, even though there is still a lot to be determined with regard how companies must comply.  At least one major corporation supports the new law.  But, that company also wants to see it strengthened.

As reported in Legaltech News® (Microsoft’s Top Privacy Lawyer Says CCPA Should Be Strengthened, written by Phillip Bantz), Microsoft Corp. chief privacy lawyer Julie Brill wrote in a blog post published Monday that the CCPA “marks an important step toward providing people with more robust control over their data in the United States. It also shows that we can make progress to strengthen privacy protections in this country at the state level even when Congress can’t or won’t act.”

Brill voiced Microsoft’s commitment to security by stating: “We are strong supporters of California’s new law and the expansion of privacy protections in the United States that it represents. Our approach to privacy starts with the belief that privacy is a fundamental human right and includes our commitment to provide robust protection for every individual. This is why, in 2018, we were the first company to voluntarily extend the core data privacy rights included in the European Union’s General Data Protection Regulation (GDPR) to customers around the world, not just to those in the EU who are covered by the regulation. Similarly, we will extend CCPA’s core rights for people to control their data to all our customers in the U.S.”

Brill, who serves as Microsoft’s corporate vice president and deputy general counsel for global privacy and regulatory affairs, went on to argue that the CCPA should be strengthened “by placing more robust accountability requirements on companies.”

For instance, businesses should have to minimize the amount of personal data that they keep, specify how and why they are collecting that data and be “more responsible for analyzing and improving data systems to ensure that they use personal data appropriately,” she wrote.

Brill added “we are calling upon policymakers in other states and in Congress to build upon the progress made by California and go further by incorporating robust requirements that will make companies more responsible for the data they collect and use, and other key rights from GDPR.  More requirements for companies, together with the rights and tools for people to control their data, will prevent placing the privacy burden solely on the individual, and will provide layers of data protection that are appropriate for the digital age.”

Apple CEO Tim Cook also previously called on Congress to pass comprehensive data-privacy regulation.  They’re not busy with anything else right now, are they?  ;o)

So, what do you think?  Are you surprised that Microsoft has been such a strong advocate of GDPR and CCPA?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

When Litigation Hits, The First 7 to 10 Days is Critical: eDiscovery Throwback Thursdays

Here’s our latest blog post in our Throwback Thursdays series where we are revisiting some of the eDiscovery best practice posts we have covered over the years and discuss whether any of those recommended best practices have changed since we originally covered them.

This post was originally published on June 28, 2012, when eDiscovery Daily was less than two years old.  This post has already been revisited a couple of times since and has been referenced in a handful of webcasts as well.  It’s still good advice today.  Enjoy!

When a case is filed (or even before, if litigation is anticipated then), several activities must be completed within a short period of time (often as soon as the first seven to ten days after filing) to enable you to assess the scope of the case, where the key electronically stored information (ESI) is located and whether to proceed with the case or attempt to settle with opposing counsel.  Here are several of the key early activities that can assist in deciding whether to litigate or settle the case.

Activities:

  • Create List of Key Employees Most Likely to have Documents Relevant to the Litigation: To estimate the scope of the case, it’s important to begin to prepare the list of key employees that may have potentially responsive data. Information such as name, title, e-mail address, phone number, office location and where information for each is stored on the network is important to be able to proceed quickly when issuing hold notices and collecting their data.
  • Issue Litigation Hold Notice and Track Results: The duty to preserve begins when you anticipate litigation; however, if litigation could not be anticipated prior to the filing of the case, it is certainly clear once the case if filed that the duty to preserve has begun. Hold notices must be issued ASAP to all parties that may have potentially responsive data.  Once the hold is issued, you need to track and follow up to ensure compliance.  Here are a couple of recent posts regarding issuing hold notices and tracking responses.
  • Interview Key Employees: As quickly as possible, interview key employees to identify potential locations of responsive data in their possession as well as other individuals they can identify that may also have responsive data so that those individuals can receive the hold notice and be interviewed.
  • Interview Key Department Representatives: Certain departments, such as IT, Records or Human Resources, may have specific data responsive to the case. They should also have certain processes in place for regular destruction of “expired” data, so it’s important to interview them to identify potentially responsive sources of data and stop routine destruction of data subject to litigation hold.
  • Inventory Sources and Volume of Potentially Relevant Documents: Potentially responsive data can be located in a variety of sources, including: shared servers, e-mail servers, employee workstations, employee home computers, employee mobile devices (including bring your own device (BYOD) devices), portable storage media (including CDs, DVDs and portable hard drives), active paper files, archived paper files and third-party sources (consultants and contractors, including cloud storage providers). Hopefully, the organization already has created a data map before litigation to identify the location of sources of information to facilitate that process.  It’s important to get a high-level sense of the total population to begin to estimate the effort required for discovery.
  • Plan Data Collection Methodology: Determining how each source of data is to be collected also affects the cost of the litigation. Are you using internal resources, outside counsel or a litigation support vendor?  Will the data be collected via an automated collection system or manually?  Will employees “self-collect” any of their own data?  Answers to these questions will impact the scope and cost of not only the collection effort, but the entire discovery effort.

These activities can result in creating an inventory of potentially responsive information and help in estimating discovery costs (especially when compared to past cases at the same stage) that will help in determining whether to proceed to litigate the case or attempt to settle with the other side.

So, what do you think?  How quickly do you decide whether to litigate or settle?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

The Password Reuse Problem Has Still Not Gone Away: Cybersecurity Trends

This isn’t a throwback post – that comes tomorrow.  But, it’s worth noting that we covered a story over two years ago where the guy who recommended we change our passwords periodically and require passwords that combine upper case letters, lower case letters, numbers and special characters admitted that was bad advice.  But, people – and systems – still seem to support the old ways.  That’s so 2003!

As discussed in Help Net Security (The password reuse problem is a ticking time bomb, written by Michael Greene), In the first six months of 2019, data breaches exposed 4.1 billion records and, according to the 2018 Verizon Data Breach Incident Report (which we covered here), compromised passwords are responsible for 81% of hacking-related breaches. The latest data from Akamai states that businesses are losing $4m on average each year due to credential stuffing attacks, which are executed by using leaked and exposed passwords and credentials.

The author recommends three key steps that organizations should take to strengthen their defenses:

  1. Prevent the use of weak, similar or old passwords: New passwords should be significantly different from the previous ones and old passwords shouldn’t be re-used. Also, fuzzy-matching is a crucial tool for detecting the use of “bad” password patterns, as it checks for multiple variants of the password (upper-lower-case variants, reversed passwords, etc.).
  2. End mandatory password resets, which don’t improve security: This policy has proven to be ineffective as it does nothing to ensure that the new password is strong and has not already been exposed. For example, changing your password from “Big5tud” to “Big5tud!” isn’t an incremental enough change to protect yourself.  ;o)  The author also notes that Microsoft and NIST guidelines (which we covered in the post two years ago) advise against this approach.
  3. Check credentials continuously: NIST advises companies to verify that passwords are not compromised before they are activated and check their status on an ongoing basis. As the number of compromised credentials expands continuously, checking passwords against a dynamic database rather than a static list is critical.

The other key step (that the author didn’t mention) is to implement two-factor authentication wherever possible and expect it from your applications.  Two-factor authentication is where the application sends you a code (via text or email – the means for sending may vary depending on the platform) once you provide your password that you have to enter to then be able to access the application.  Unless a hacker can also access your email account or see your texts, that second layer of security helps protect against hacking of your account via just your password.  According to this infographic from Symantec, 80 percent of data breaches due to stolen credentials could have been eliminated with the use of two-factor authentication.

We’ve known all of this information for at least a couple of years now, yet organizations continue to move slowly in making changes.  Maybe by 2031?

So, what do you think?  Does your organization require you to change passwords periodically?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

You May Soon Be Told to “Go Jump in a Lake” for Your ESI: eDiscovery Trends

A data lake, that is. So, what is it and why should you care?  Let’s take a look.

Leave it to Rob Robinson and his excellent Complex Discovery blog to provide links to several useful articles to help better understand data lakes and the potential they have to impact the business world (which, in turn, impacts the eDiscovery world).  Here’s one example:

In this article in BizTech (Data Lakes Prove Key to Modern Data Platforms, written by Jennifer Zaino), the author defines data lakes as “stor[ing] data of any type in its raw form, much as a real lake provides a habitat where all types of creatures can live together.

A data lake is an architecture for storing high-volume, high-velocity, high-variety, as-is data in a centralized repository for Big Data and real-time analytics. And the technology is an attention-getter: The global data lakes market is expected to grow at a rate of 28 percent between 2017 and 2023.

Companies can pull in vast amounts of data — structured, semistructured and unstructured — in real time into a data lake, from anywhere. Data can be ingested from Internet of Things sensors, clickstream activity on a website, log files, social media feeds, videos and online transaction processing (OLTP) systems, for instance. There are no constraints on where the data hails from, but it’s a good idea to use metadata tagging to add some level of organization to what’s ingested, so that relevant data can be surfaced for queries and analysis.”

“To ensure that a lake doesn’t become a swamp, it’s very helpful to provide a catalog that makes data visible and accessible to the business, as well as to IT and data management professionals,” says Doug Henschen, vice president and principal analyst at Constellation Research.

The author also advises not to confuse data lakes (which store raw data) with data warehouses (which store current and historical data in an organized fashion).

Data warehouses are best for analyzing structured data quickly and with great accuracy and transparency for managerial or regulatory purposes. Meanwhile, data lakes are primed for experimentation, explains Kelle O’Neal, founder and CEO of management consulting firm First San Francisco Partners.

With a data lake, businesses can quickly load a variety of data types from multiple sources and engage in ad hoc analysis. Or, a data team could leverage machine learning in a data lake to find “a needle in a haystack,” O’Neal says.

Data warehouses follow a “schema on write” approach, which entails defining a schema for data before being able to write it to the database. Online analytical processing (OLAP) technology can be used to analyze and evaluate data in a warehouse, enabling fast responses to complex analytical queries.

Data lakes take a “schema on read” approach, where the data is structured and transformed only when it is ready to be used. For this reason, it’s a snap to bring in new data sources, and users don’t have to know in advance the questions they want to answer. With lakes, “different types of analytics on your data — like SQL queries, Big Data analytics, full-text search, real-time analytics and machine learning — can be used to uncover insights,” according to Amazon. Moreover, data lakes are capable of real-time actions based on algorithm-driven analytics.

Businesses may use both data lakes and data warehouses. The decision about which to use turns on “understanding and optimizing what the different solutions do best,” O’Neal says.

Want to know more – a lot more – about data lakes?  Check out Rob’s post here with links to several other articles as well.

So, what do you think?  Has your organization learned to “fish” from data lakes yet?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Agrees that Emails Including Counsel Aren’t Privileged Because They Don’t Offer Legal Advice: eDiscovery Case Law

In Guardiola v. Adams Cty. School District No. 14 et al., No. 1:18-cv-03230-RM-NRN (D.Colo. Oct. 25, 2019), Colorado District Court Judge Raymond P. Moore overruled the defendants’ objection to the magistrate judge’s order compelling them to disclose three e-mails that they contended were subject to the attorney-client privilege, ruling that “[t]he disputed e-mails do not directly request or offer legal advice.”

Case Background

In this case where the plaintiff claimed wrongful termination because of his association with an organization that the defendants believed was encouraging students to protest against the school board, the parties had a discovery dispute over e-mail concerning the implementation of new security measures at school board meetings in which members of Defendant Adams County School District No. 14 Board of Education and their counsel participated. The magistrate judge reviewed in camera five e-mails from the discussion and then invited briefing on the issue of attorney-client privilege. Both sides filed briefs.  The magistrate judge then determined two of the e-mails – one sent by counsel and another responding to it six minutes later – were privileged but the first, second, and portions of the fifth were not.

The magistrate judge found that the sender of the first e-mail was forwarding a security plan proposed by a third-party security provider and seeking input and direction from all the decision-makers, as well as counsel, about implementing it. The magistrate judge determined that the sender’s request was not privileged simply because the attorney was included in the discussion.  The magistrate judge found that the sender of the second e-mail was expressing concerns about strategy, perception, and public opinion and that the e-mail was not sent for the purpose of giving or receiving legal advice.  And the magistrate judge found that the sender of the fifth e-mail reflected the sender’s decision with respect to the proposed security plan and her reasons for that decision; thus, it was merely a business communication and not privileged.  The defendants objected.

Judge’s Ruling

Noting that “The privilege ‘protects only those disclosures necessary to obtain informed legal advice which might not have been made absent the privilege’”, Judge Moore stated: “The disputed e-mails do not directly request or offer legal advice. Nor are they necessary to obtain such advice. Instead, the disputed e-mails are part of a broader discussion about increasing security at school board meetings. Although legal considerations are one component of that discussion, the disputed e-mails, on their face, predominantly relate to other issues. The primary purpose of the first e-mail is to address logistical issues raised by a private security provider. The primary purpose of the second e-mail is to share concerns about managing public opinion. And the primary purpose of the fifth e-mail is to announce and explain the decision that was reached. To the extent legal issues are tangentially related to the broader topic of security, that is not enough to bring the content of these e-mails within the attorney-client privilege.”

Noting that “Defendants cite no authority, nor is the Court aware of any, for the proposition that the Court is precluded from assessing the e-mails at face value and based on the context in which they were sent”, Judge Moore stated, in overruling the defendants’ objection: “Defendants have failed to show that the attorney-client privilege applies to the disputed e-mails and that the magistrate judge’s ruling was clearly erroneous or contrary to law.”

So, what do you think?  Should emails including counsel always be considered privileged or do they need to include legal advice?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Grants Motion to Compel in Elizabeth Holmes Theranos Criminal Case: eDiscovery Case Law

In United States v. Holmes, et al, No. 5:18-cr-00258-EJD-1 (N.D. Cal. Nov. 5, 2019), California District Court Judge Edward J. Davila granted the defendants’ motion to compel federal prosecutors to produce material responsive to six requests from the Food and Drug Administration (FDA) and the Centers for Medicare and Medicaid Services (CMS), disagreeing with the prosecution’s contention that it could not be compelled to produce documents from under Rule 16 because it lacked access to them.

Case Background

In this criminal case regarding charges of wire fraud and conspiracy to commit wire fraud against key officers of the now defunct company Theranos, on April 15, 2019, defendant Holmes (later joined by defendant Balwani) moved to compel federal prosecutors to produce material responsive to six requests from FDA and CMS.  In addition, the defendants raised concerns about the Agencies’ preservation efforts, the failure of FDA to run certain search terms and failure of the Agencies to complete production by either an original deadline of October 2 or an extended deadline of October 25.

Judge’s Ruling

Noting that Rule 16 “grants criminal defendants a broad right to discovery”, Judge Davila stated: “The Prosecution does not oppose Defendants obtaining the sought-after documents, but it argues that it cannot be compelled to produce the documents under Rule 16 because it lacks access…The court disagrees. Even though the Agencies are not part of DOJ, the Prosecution’s involvement with the Agencies’ discovery efforts reveals a relationship that includes significant access, communication and assistance, such as CMS’s use of DOJ’s Litigation Technology Service Center. This cooperative relationship moves the Prosecution closer to privity of knowledge and control of the information sought. The Prosecution’s access to the requested documents is further shown through its dealings with the Agencies prior to the filing of this motion.”  As a result, Judge Davila “order[ed] the Prosecution to produce the documents discussed below as part of their Rule 16 obligation, and to assist the Agencies however possible to ensure the timely production of documents.”

Turning to the alleged deficiencies in the Agencies’ productions, Judge Davila noted, among other concerns, that “Defendants contend that over 1000 emails from a single witness have been produced as fragmentary documents—i.e, that the produced emails omit portions of the original email, such as the “to,” or “from,” or the body fields… Defendants also contend that CMS and FDA have failed to produce some hardcopy documents.”  As a result, Judge Davila “order[ed] that the Agencies shall continue their investigations of these issues and shall disclose the procedures and results of their investigations to the parties no later than November 26, 2019.”

Judge Davila also ordered FDA to “run searches of all of its custodians’ documents using the following terms: ‘LDT’, ‘Laboratory Developed Test’, ‘Theranos’, ‘fingerstick’ or ‘finger stick’, and ‘nanotainer’” and “produce any responsive documents returned by these searches” to address search term concerns expressed by the defendants.  With regard to the missed production deadlines, Judge Davila “order[ed] the Agencies and the Prosecution to complete the production of documents by December 31, 2019.”

Finally, Judge Davila “order[ed] the Agencies, the Prosecution, and Defendants to meet and confer on the above issues, and other discovery related matters” to include “(a) whether the Agencies have or will produce employee text messages, (b) any deficiencies in FDA’s production that are attributable to FDA’s instruction to employees to manually search for responsive documents instead of forensically searching for, collecting, and reviewing documents, (c) the terms the Agencies use to search for and collect potentially responsive documents, and (d) FDA’s redactions to documents and withholding of duplicate documents.”  Judge Davila also set a further status conference for January 13, 2020.

So, what do you think?  Was the judge correct to order the prosecution to produce documents from other agencies?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.