Collection

Alon Israely, Esq., CISSP of BIA: eDiscovery Trends

This is the third of the 2015 LegalTech New York (LTNY) Thought Leader Interview series. eDiscovery Daily interviewed several thought leaders at LTNY this year and generally asked each of them the following questions:

  1. What are your general observations about LTNY this year and how it fits into emerging trends? Do you think American Lawyer Media (ALM) should consider moving LTNY to a different time of year to minimize travel disruptions due to weather?
  2. After our discussion last year regarding the new amendments to discovery provisions of the Federal Rules of Civil Procedure, additional changes were made to Rule 37(e). Do you see those changes as being positive and do you see the new amendments passing through Congress this year?
  3. Last year, most thought leaders agreed that, despite numerous resources in the industry, most attorneys still don’t know a lot about eDiscovery. Do you think anything has been done in the past year to improve the situation?
  4. What are you working on that you’d like our readers to know about?

Today’s thought leader is Alon Israely. Alon is the Manager of Strategic Partnerships at Business Intelligence Associates, Inc. (BIA) and currently leads the Strategic Partner Program at BIA. Alon has over eighteen years of experience in a variety of advanced computing-related technologies and has consulted with law firms and corporations on a variety of technology issues, including expert witness services related to computer forensics, digital evidence management and data security. Alon is an attorney and a Certified Information Systems Security Professional (CISSP).

What are your general observations about LTNY this year and how it fits into emerging trends? Do you think American Lawyer Media (ALM) should consider moving LTNY to a different time of year to minimize travel disruptions due to weather?

I didn’t get to spend as much time on the floor and in the sessions as I would like because, for me, LTNY has become mostly meetings. On the one hand, that doesn’t help me answer your question as completely as I could but, on the other hand, it’s good for ALM because it shows that there’s business being conducted. A big difference between this year and last year (which may be reflective of our activity at BIA, but others have said it as well), is that there has been more substantive discussions and deal-making than in the past. And, I think that’s what you ultimately want from an industry conference.

Also, and I’m not sure if this is because of attrition or consolidation within the industry, but there seems to be more differentiation among the exhibitors at this year’s show. It used to be that I would walk around LegalTech with outside investors who are often people not from the industry and they would comment that “it seems like everybody does the same thing”. Now, I think you’re starting to see real differentiation, not just the perception of differentiation, with exhibitors truly offering solutions in niche and specialized areas.

As for whether ALM should consider moving the show, absolutely! It seems as though the last few years that has been one of the conversation topics among many vendors as they’re setting up before LegalTech as they ask “why is this happening again” with the snow and what-not. We’ve certainly had some logistics problems the past couple of years.

I do think there is something nice about having the show early in the year with people having just returned from the holidays, getting back into business near the beginning of Q1. It is a good time as we’re not yet too distracted with other business, but I think that it would probably be smart for ALM to explore moving LTNY to maybe the beginning of spring. Even a one-month move to the beginning of March could help. I would definitely keep the show in New York and not move the location; although, I would think that they could consider different venues besides the Hilton without affecting attendance. While some exhibitors might say keep it at this time of year to coordinate with their release schedules, I would say that’s a legacy software answer. Being in the SaaS world, we have updates every few weeks, or sooner, so I think with the new Silicon Valley approach to building software, it shouldn’t be as big a deal to match a self- created release schedule. Marketing creates that schedule more than anything else.

After our discussion last year regarding the new amendments to discovery provisions of the Federal Rules of Civil Procedure, additional changes were made to Rule 37(e). Do you see those changes as being positive and do you see the new amendments passing through Congress this year?

I think that they’re going to pass Congress. I’ve been focusing on the changes related to preservation as it seems that most noteworthy cases, especially those involving Judge (Shira) Scheindlin, involve a preservation mistake somewhere. For us at BIA, we feel the Rules changes are quite a validation of what we’re doing with respect to requiring counsel to meet early to discuss discovery issues, and to force the issue of preservation to the forefront. Up until these changes, only savvy and progressive counsel were focused on how legal hold and preservation was being handled and making sure, for example, that there wasn’t some question eight months down the road about some particular batch of emails. The fact that it is now codified and that’s part of the pre-trial “checklist” is very important in creating efficiencies in discovery in general and it’s great for BIA, frankly, because we build preservation software. It validates needing an automated system in your organization which will help you comply.

Last year, most thought leaders agreed that, despite numerous resources in the industry, most attorneys still don’t know a lot about eDiscovery. Do you think anything has been done in the past year to improve the situation?

I hate to sound pessimistic, and obviously I’m generalizing from my experience, but it feels like attorneys are less interested in learning about eDiscovery and more interested in being able to rely on some sort of solution, whether that solution is software or a service provider, to solve their problems. It’s a little bit of a new “stick your head in the sand” attitude. Before, they ignored it; now, they just want to “find the right wrench”. It’s not always just one wrench and it’s not that easy. It is important to be able to say “we use this software and that software and this vendor and here’s our process” and rely on that, but the second step is to understand why you are relying on that software and that vendor. I think some lawyers will just say “great, I’ll buy this software or hire this vendor and I’m done” and check that check box that they now have complied with eDiscovery but it’s important to do both – to purchase the right software or hire the right vendor AND to understand why that was done.

Certainly, vendors may be part of the problem – depending upon how they educate. At BIA, we promote TotalDiscovery as a way of not having to worry about your preservation issues, not having data “fall through the cracks” and that you’ll have defensible processes. We do that but, at the same time, we also try to educate our clients too. We don’t just say “use the software and you’re good to go”, we try to make sure that they understand why the software benefits them. That’s a better way to sell and attorneys feel better about their decision to purchase software when they fully understand why it benefits them.

What are you working on that you’d like our readers to know about?

As I already mentioned, BIA has TotalDiscovery, our SaaS-based preservation software and we are about to release what we call “real-time processing”, which effectively allows for you to go from defensible data collections to searching that collected data in minutes. So, you can perform a remote collection and, within a few minutes of performing that collection, already start to perform eDiscovery caliber searches on that data. We call it the “time machine”. In the past, you would send someone out to collect data, they would bring it back and put it into processing software, then they would take the processed data and they’d search it and provide the results to the attorneys and it would be a three or four week process.

Instead, our remote collection tool lets you collect “on the fly” from anywhere in the world without the logistics of IT, third-party experts and specialized equipment and this will add the next step to that, which is, after collecting the data in a forensically sound manner, almost immediately TotalDiscovery will allow you to start searching it. This is not a local tool – we’re not dropping agents onto someone’s machine to index the entire laptop, we’re collecting the data and, using the power of the cloud and new technology to validate and index that data at super high speeds so that users (corporate legal departments and law firms) can quickly perform searches, view the documents and the hit highlights, as well as tag and export documents and data as needed. It changes the way that the corporate user handles ECA (early case assessment). They get defensible collection and true eDiscovery processing in one automated workflow. We announced that new release here at LegalTech, we’ll be releasing it in the next few weeks and we’re very excited about it.

Thanks, Alon, for participating in the interview!

And to the readers, as always, please share any comments you might have or if you’d like to know more about a particular topic!

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Brad Jenkins of CloudNine: eDiscovery Trends

This is the first of the 2015 LegalTech New York (LTNY) Thought Leader Interview series. eDiscovery Daily interviewed several thought leaders at LTNY this year and generally asked each of them the following questions:

  1. What are your general observations about LTNY this year and how it fits into emerging trends? Do you think American Lawyer Media (ALM) should consider moving LTNY to a different time of year to minimize travel disruptions due to weather?
  2. After our discussion last year regarding the new amendments to discovery provisions of the Federal Rules of Civil Procedure, additional changes were made to Rule 37(e). Do you see those changes as being positive and do you see the new amendments passing through Congress this year?
  3. Last year, most thought leaders agreed that, despite numerous resources in the industry, most attorneys still don’t know a lot about eDiscovery. Do you think anything has been done in the past year to improve the situation?
  4. What are you working on that you’d like our readers to know about?

Today’s thought leader is Brad Jenkins of CloudNine™. Brad has over 20 years of experience as an entrepreneur, as well as 15 years leading customer focused companies in the litigation support arena. Brad has authored several articles on document management and litigation support issues, and has appeared as a speaker before national audiences on document management practices and solutions. He’s also my boss! 🙂

What are your general observations about LTNY this year and how it fits into emerging trends? Do you think American Lawyer Media (ALM) should consider moving LTNY to a different time of year to minimize travel disruptions due to weather?

LTNY seemed reasonably well attended this year and I think it was a good show. I have noticed a drop in the number of listed exhibitors though, from 225 a couple of years ago to 199 this year. Not sure if that’s a reflection of consolidation in the industry or providers simply choosing to market to prospects in other ways. I guess we’ll see. Nonetheless, I thought there were several good sessions, especially the three judges’ sessions that addressed key cases, the rules changes and general problems with discovery. I liked the fact that those were free and available to all attendees, not just paid ones. Not surprisingly, those sessions were very well attended.

Overall, I thought the primary focus of this show’s curriculum in three areas: information governance (which had its own educational track at the show), cybersecurity and data privacy. With the amazing pace at which Big Data is growing, I expect information governance to be a major topic for some time to come, especially with regard to the use of technology to manage growing data volumes. And, as we discussed in this blog a couple of weeks ago, data breaches continue to be on the rise and we’ve already had a major one involving over 80 million records this year. That’s also going to continue to be a major focus.

One issue at the show that I think affected several attendees was the sudden lack of meeting space. The Hilton got rid of its lobby lounge, replacing it with a smaller executive lounge limited to hotel guests. And, ALM booked up the Bridges Bar for private events throughout the show. Meetings and discussions are a big part of LTNY and I hope ALM will take that into account next year and at least make the Bridges Bar available for meetings.

As for whether ALM should consider moving LTNY to a different time of year, there are pros and cons to that. As a person who missed the show entirely last year due to weather and travel issues and was delayed a few hours this year, it would be nice to minimize the chance of weather delays. On the other hand, I suspect that part of the reason that the show is in the winter is that it’s less costly to host then. Certainly, vendors would need an advanced heads up of at least a year if ALM were to decide to move the show to a different time of year. I don’t expect that to happen, despite the recent travel issues for remote attendees.

After our discussion last year regarding the new amendments to discovery provisions of the Federal Rules of Civil Procedure, additional changes were made to Rule 37(e). Do you see those changes as being positive and do you see the new amendments passing through Congress this year?

I’m not an attorney and am no expert on the rules, but, based on everything that I’ve heard, it sounds as though they should pass. I know that large organizations are counting on Rule 37(e) to reduce their preservation burden. I think whether it will or not will depend on judges’ interpretation of Rule 37(e)(2) (which enables more severe sanctions “only upon finding that the party acted with the intent to deprive another party of the information’s use”). That section may result in lesser sanctions in at least some cases, but we’ll see. At eDiscovery Daily, we’ve covered over 60 cases per year each of the past three years, so at some point in a year or two, it will be interesting to look back at trends and what they show.

Last year, most thought leaders agreed that, despite numerous resources in the industry, most attorneys still don’t know a lot about eDiscovery. Do you think anything has been done in the past year to improve the situation?

I think it’s still a battle. We continue to work with a lot of firms whose attorneys lack basic eDiscovery fundamentals and we continue to provide education through this blog and consulting to attorneys to assist them with technical language in requests for production to ensure that they receive the most useful form of production to them, native files with included metadata. I think it’s imperative for providers like us to continue to do what we can to simplify the discovery process for our clients – through education and through streamlining of processes and process improvement. That’s what our corporate mission is and it continues to be a major focus for CloudNine.

What are you working on that you’d like our readers to know about?

Well, speaking of has “anything been done in the past year to improve the situation”, in November, we released CloudNine’s new easy-to-use Discovery Client application to automate the processing and uploading of raw native data into our CloudNine platform. Many of our clients have struggled with having data dumped on their desk at 4:00 on a Friday afternoon and having to fill out forms, swap emails and play phone tag with vendors to get the data up quickly so that they can review it over the weekend. With CloudNine’s Discovery Client, they can get data processed and loaded themselves without having to contact a vendor, whether it is load ready or not.

The application will extract data from archives such as ZIP and PST files, extract metadata, extract and index text (and OCR documents without text) render native files to HTML and identify duplicates based on MD5HASH value. The application will also generate key data assessment analytics such as domain categorization to enable attorneys to develop an understanding of their data more quickly. And, we are just about to release a new version of the Discovery Client that will enable clients to simply process the data and retrieve the processed data to load into their own preferred platform (if it’s not CloudNine), so we can support you even if you use a different review platform.

Our do-It-yourself features such as loading your own data, adding your own users and fields, accessing audit logs and setting user rights gives our clients unique control of their review process and makes it easier for them to understand eDiscovery and feel in control of the process. Simplifying discovery and taking the worry out of it (as much as possible) is what CloudNine is all about.

Thanks, Brad, for participating in the interview!

And to the readers, as always, please share any comments you might have or if you’d like to know more about a particular topic!

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

The First 7 to 10 Days May Make or Break Your Case: eDiscovery Best Practices

Having worked with a client recently that was looking for some guidance at the outset of their case, it seemed appropriate to revisit this topic here.

When a case is filed, several activities must be completed within a short period of time (often as soon as the first seven to ten days after filing) to enable you to assess the scope of the case, where the key electronically stored information (ESI) is located and whether to proceed with the case or attempt to settle with opposing counsel. Here are several of the key early activities that can assist in deciding whether to litigate or settle the case.

Activities:

  • Create List of Key Employees Most Likely to have Documents Relevant to the Litigation: To estimate the scope of the case, it’s important to begin to prepare the list of key employees that may have potentially responsive data. Information such as name, title, eMail address, phone number, office location and where information for each is stored on the network is important to be able to proceed quickly when issuing hold notices and collecting their data. Some of these employees may no longer be with your organization, so you may have to determine whether their data is still available and where.
  • Issue Litigation Hold Notice and Track Results: The duty to preserve begins when you anticipate litigation; however, if litigation could not be anticipated prior to the filing of the case, it is certainly clear once the case if filed that the duty to preserve has begun. Hold notices must be issued ASAP to all parties that may have potentially responsive data. Once the hold is issued, you need to track and follow up to ensure compliance. Here are a couple of posts from 2012 regarding issuing hold notices and tracking responses.
  • Interview Key Employees: As quickly as possible, interview key employees to identify potential locations of responsive data in their possession as well as other individuals they can identify that may also have responsive data so that those individuals can receive the hold notice and be interviewed.
  • Interview Key Department Representatives: Certain departments, such as IT, Records or Human Resources, may have specific data responsive to the case. They may also have certain processes in place for regular destruction of “expired” data, so it’s important to interview them to identify potentially responsive sources of data and stop routine destruction of data subject to litigation hold.
  • Inventory Sources and Volume of Potentially Relevant Documents: Potentially responsive data can be located in a variety of sources, including: shared servers, eMail servers, employee workstations, employee home computers, employee mobile devices, portable storage media (including CDs, DVDs and portable hard drives), active paper files, archived paper files and third-party sources (consultants and contractors, including cloud storage providers). Hopefully, the organization already has created a data map before litigation to identify the location of sources of information to facilitate that process. It’s important to get a high level sense of the total population to begin to estimate the effort required for discovery.
  • Plan Data Collection Methodology: Determining how each source of data is to be collected also affects the cost of the litigation. Are you using internal resources, outside counsel or a litigation support vendor? Will the data be collected via an automated collection system or manually? Will employees “self-collect” any of their own data? If so, important data may be missed. Answers to these questions will impact the scope and cost of not only the collection effort, but the entire discovery effort.

These activities can result in creating a data map of potentially responsive information and a “probable cost of discovery” spreadsheet (based on initial estimated scope compared to past cases at the same stage) that will help in determining whether to proceed to litigate the case or attempt to settle with the other side.

So, what do you think? How quickly do you decide whether to litigate or settle? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscoveryDaily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Expanded Sources of ESI May Leave You “Fit” to be Tied – eDiscovery Trends

One of the items that I bought my wife for Christmas (which she really wanted) was an UP 24™ Fitness Tracker, which is a wristband that tracks a variety of fitness metrics, including steps taken, workouts logged and calories burned (not to mention sleep cycles) and enables you to share and compare your stats with your friends via an app on your mobile device. Another example of a similar device is a Fitbit®. Based on a recent case, these devices are just another example of new devices from which relevant ESI may be collected for discovery.

In the recent Forbes article (Fitbit Data Now Being Used In The Courtroom, written by Parmy Olson), a law firm in Calgary is working on the first known personal injury case that will use activity data from a Fitbit to help show the effects of an accident on their client.

As the article notes, “The young woman in question was injured in an accident four years ago. Back then, Fitbits weren’t even on the market, but given that she was a personal trainer, her lawyers at McLeod Law believe they can say with confidence that she led an active lifestyle. A week from now, they will start processing data from her Fitbit to show that her activity levels are now under a baseline for someone of her age and profession.

It will ‘back up what she’s been saying,’ says her lawyer, Simon Muller of McLeod Law.

The lawyers aren’t using Fitbit’s data directly, but pumping it through analytics platform Vivametrica, which uses public research to compare a person’s activity data with that of the general population.”

More and more, everyday objects are able to connect to the Internet and these devices are gathering, sending and receiving data. Glasses, fitness wristbands, even your thermostat is sending and receiving data. On one hand, the “Internet of Things” is making our lives easier by enabling us to access more information than ever, but, it also increases data security and privacy risks, not to mention potentially complicates discovery from an information governance, collection and preservation standpoint. Now, in certain types of cases, we may need to collect or request data from devices never before considered as discoverable.

So, what do you think? What’s the most unusual device that you have ever had to collect potentially responsive ESI? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscoveryDaily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Three “C”s, Cowboys, Cannibals and Craig (Ball) – eDiscovery Best Practices

They say that a joke is only old if you haven’t heard it before. In that vein, an article about eDiscovery is only old if you haven’t read it before. Craig Ball is currently revisiting some topics that he covered ten years ago with an updated look, making them appropriate for 1) people who weren’t working in eDiscovery ten years ago (which is probably a lot of you), 2) people who haven’t read the articles previously and 3) people who have read the articles previously, but haven’t seen his updated takes.  In other words, everybody.

So far, Craig has published three revisited articles to his terrific Ball in your court blog. They are:

Starting Over, which sets the stage for the series, and covers The DNA of Data, which was the very first Ball in your court (when it was still in print form). This article discusses how electronic evidence isn’t going away and claims of inaccessible data and how technological advances have rendered claims of inaccessibility mostly moot.

Unclear on the Concept (originally published in Law Technology News in May of 2005), which discusses some of the challenges of early concept searching and related tools (when terms like “predictive coding” and “technology assisted review” hadn’t even entered our lexicon yet). Craig also pokes fun at himself for noting back then how he read Alexander Solzhenitsyn and Joyce Carol Oates in grade school. 🙂

Cowboys and Cannibals (originally published in Law Technology News in June of 2005), which discusses the need for a new email “sheriff” in town (not to be confused with U.S. Magistrate Judge John Facciola in this case) to classify emails for easier retrieval. Back then, we didn’t know just how big the challenge of Information Governance would become. His updated take concludes as follows:

“What optimism exists springs from the hope that we will move from the Wild West to Westworld, that Michael Crichton-conceived utopia where robots are gunslingers. The technology behind predictive coding will one day be baked into our IT apps, and much as it serves to protect us from spam today, it will organize our ESI in the future.”

That day is coming, hopefully sooner rather than later. And, you have to love a blog post that references Westworld, which was a terrific story and movie back in the 70s (wonder why nobody has remade that one yet?).

eDiscovery Daily has revisited topics several times as well, especially some of the topics we covered in the early days of the blog, when we didn’t have near as many followers yet. It’s new if you haven’t read it, right? I look forward to future posts in Craig’s series.

So, what do you think? How long have you been reading articles about eDiscovery? Please share any comments you might have or if you’d like to know more about a particular topic.

Image © Metro Goldwyn Mayer

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscoveryDaily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Image Isn’t Everything, Court Says, Denying Plaintiff’s Request for Imaging on Defendant’s Hard Drives – eDiscovery Case Law

In Design Basics, LLC. v. Carhart Lumber Co., 8:13CV125 (D. Neb. Nov. 24, 2014), Nebraska Magistrate Judge Cheryl R. Zwart, after an extensive hearing on the plaintiff’s motion to compel “full disk imaging of Defendant’s hard drives, including Defendant’s POS server, secretaries’ computers, UBS devices. . .”, denied the motion after invoking the mandatory balancing test provided in FRCP Rule 26(b)(2)(C).

In this design misappropriation case, the plaintiff filed the motion to compel, arguing “that it is entitled to a full forensic image of the defendant’s server, and every computer or computer data storage device or location used by the company and any of its employees”.  The plaintiff’s counsel stated that he litigates design misappropriation cases nationwide, and he always (except perhaps in a rare case) is granted the right to image a defendant company’s entire computer system. Judge Zwart noted that, after being afforded an opportunity to brief the issue and submit further evidence, the plaintiff’s counsel cited no cases supporting this argument.

The defendant filed a motion for protective order seeking relief from that request and arguing that it had determined that the secretaries’ computers did not contain relevant information.

In issuing her ruling denying the plaintiff’s motion to compel and granting the defendant’s motion for protective order, Judge Zwart stated:

“Plaintiff’s demand for all of the defendant’s computer data is consistent with the position of its expert, but it is not consistent with the balancing required under Rule 26(b)(2)(C) of the Federal Rules of Civil Procedure.  Based on the arguments of counsel held today and the evidence of record, Defendant’s counsel has provided both electronic and paper copies of all blue prints, has performed Plaintiff’s requested search on the emails copied from the 11 computers, and has already invested many hours reviewing thousands of documents for privilege. Defense counsel offered to produce the nonprivileged emails to Plaintiff’s counsel for his review, and has provided dates for taking the deposition of Defendant’s president. Plaintiff’s counsel has neither reviewed the emails nor deposed anyone. This case is more than 18 months old.

In the end, the plaintiff failed to show good cause why additional computer data must be collected from the defendant. Taking into consideration the factors listed in Fed. R. Civ. P. 26(b)(2)(C), the court is convinced that allowing imaging of every computer or data storage device or location owned or used by the defendant, including all secretaries’ computers, is not reasonable and proportional to the issues raised in this litigation.”

So, what do you think?  Was the plaintiff overreaching in its request?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Simply Deleting a File Doesn’t Mean It’s Gone – eDiscovery Best Practices

 

I seem to have picked up a bit of a bug and I’m on cold medicine, so my writing brain is a bit fuzzy.  As a result, so I’m revisiting a topic that has come up a few times over the years that we covered early on in the blog’s history.  I should be back in the saddle with new posts next week!

Disk drives use an index or table to keep track of where each file begins and ends on the disk.  You may have heard terms such as “FAT” (file allocation table) or NTFS ({Windows} NT File System) – these filing systems enable the file to be retrieved quickly on the drive.  They’re like a “directory” of all of the active files on the disk.  When a file is “deleted” (i.e., actually deleted, not just moved to the Recycle Bin), the data for that file isn’t actually removed from the disk (in most cases).  Instead, the entry pertaining to it is removed from the filing system.  As a result, the area on the disk where the actual data is located becomes unallocated space.

Unallocated space, also known as inactive data or drive free space, is the area of the drive not allocated to active data. On a Windows machine, deleted data is not actually destroyed, but the space on the drive that can be reused to store new information. Until the unallocated space is overwritten with new data, the old data remains.  This data can be retrieved (in most cases) using forensic techniques. On MAC O/S 10.5 and higher, there is an application that overwrites sectors when a file is deleted. This process more securely destroys data, but even then it may be possible to recover data out of unallocated space.

Because the unallocated space on a hard drive or server is that portion of the storage space to which data may be saved, it is also where many applications “temporarily” store files when they are in use. For instance, temporary Internet files are created when a user visits a web page, and these pages may be “cached” or temporarily stored in the unallocated space.  Rebooting a workstation or server can also clear some data from the unallocated space on its drive.

Since computers are dynamic and any computer operation may write data to the drive, it is nearly impossible to preserve data in the unallocated space on the hard drive and that data is not accessible without special software tools. To preserve data from the unallocated space of a hard drive, the data must be forensically collected, which basically copies the entire drive’s contents, including every sector (whether those sectors contain active data or not). Even then, data in the unallocated space may not be complete. Because the unallocated space is used to store new data, writing a new file may overwrite part of a deleted file, leaving only part of that file in the unallocated space.

Nonetheless, “deleted” files have been recovered, collected and produced in numerous lawsuits, despite efforts of some producing parties to destroy that evidence.

So, what do you think?  Have you ever recovered deleted data that was relevant to litigation?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Dealing with the Departed – eDiscovery Best Practices

 

Having addressed this recently with a client, I thought this was a good topic to revisit here on the blog…

When litigation hits, key activities to get a jump on the case include creating a list of key employees most likely to have documents relevant to the litigation and interviewing those key employees, as well as key department representatives, such as IT for information about retention and destruction policies.  These steps are especially important as they may shed light on custodians you might not think about – the departed.

When key employees depart an organization, it’s important for that organization to have a policy in place to preserve their data for a period of time to ensure that any data in their possession that might be critical to company operations is still available if needed.  Preserving that data may occur in a number of ways, including:

  • Saving the employee’s hard drive, either by keeping the drive itself or by backing it up to some other media before wiping it for re-use;
  • Keeping any data in their network store (i.e., folder on the network dedicated to the employee’s files) by backing up that folder or even (in some cases) simply leaving it there for access if needed;
  • Storage and/or archival of eMail from the eMail system;
  • Retention of any portable media in the employee’s possession (including DVDs, portable hard drives, smart phones, etc.).

As part of the early fact finding, it’s essential to determine the organization’s retention policy (and practices, especially if there’s no formal policy) for retaining data (such as the examples listed above) of departed employees.  You need to find out if the organization keeps that data, where they keep it, in what format, and for how long.

When interviewing key employees, one of the typical questions to ask is “Do you know of any other employees that may have responsive data to this litigation?”  The first several interviews with employees often identify other employees that need to be interviewed, so the interview list will often grow to locate potentially responsive electronically stored information (ESI).  It’s important to broaden that question to include employees that are no longer with the organization to identify any that also may have had responsive data and try to gather as much information about each departed employee as possible, including the department in which they worked, who their immediate supervisor was and how long they worked at the company.  Often, this information may need to be gathered from Human Resources.

Once you’ve determined which departed employees might have had responsive data and whether the organization may still be retaining any of that data, you can work with IT or whoever has possession of that data to preserve and collect it for litigation purposes.  Just because they’re departed doesn’t mean they’re not important.

So, what do you think?  Does your approach for identifying and collecting from custodians include departed custodians?  Please share any comments you might have or if you’d like to know more about a particular topic.

Image © Warner Bros.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

How Mature is Your Organization in Handling eDiscovery? – eDiscovery Best Practices

A new self-assessment resource from EDRM helps you answer that question.

A few days ago, EDRM announced the release of the EDRM eDiscovery Maturity Self-Assessment Test (eMSAT-1), the “first self-assessment resource to help organizations measure their eDiscovery maturity” (according to their press release linked here).

As stated in the press release, eMSAT-1 is a downloadable Excel workbook containing 25 worksheets (actually 27 worksheets when you count the Summary sheet and the List sheet of valid choices at the end) organized into seven sections covering various aspects of the e-discovery process. Complete the worksheets and the assessment results are displayed in summary form at the beginning of the spreadsheet.  eMSAT-1 is the first of several resources and tools being developed by the EDRM Metrics group, led by Clark and Dera Nevin, with assistance from a diverse collection of industry professionals, as part of an ambitious Maturity Model project.

The seven sections covered by the workbook are:

  1. General Information Governance: Contains ten questions to answer regarding your organization’s handling of information governance.
  2. Data Identification, Preservation & Collection: Contains five questions to answer regarding your organization’s handling of these “left side” phases.
  3. Data Processing & Hosting: Contains three questions to answer regarding your organization’s handling of processing, early data assessment and hosting.
  4. Data Review & Analysis: Contains two questions to answer regarding your organization’s handling of search and review.
  5. Data Production: Contains two questions to answer regarding your organization’s handling of production and protecting privileged information.
  6. Personnel & Support: Contains two questions to answer regarding your organization’s hiring, training and procurement processes.
  7. Project Conclusion: Contains one question to answer regarding your organization’s processes for managing data once a matter has concluded.

Each question is a separate sheet, with five answers ranked from 1 to 5 to reflect your organization’s maturity in that area (with descriptions to associate with each level of maturity).  Default value of 1 for each question.  The five answers are:

  • 1: No Process, Reactive
  • 2: Fragmented Process
  • 3: Standardized Process, Not Enforced
  • 4: Standardized Process, Enforced
  • 5: Actively Managed Process, Proactive

Once you answer all the questions, the Summary sheet shows your overall average, as well as your average for each section.  It’s an easy workbook to use with input areas defined by cells in yellow.  The whole workbook is editable, so perhaps the next edition could lock down the calculated only cells.  Nonetheless, the workbook is intuitive and provides a nice exercise for an organization to grade their level of eDiscovery maturity.

You can download a copy of the eMSAT-1 Excel workbook from here, as well as get more information on how to use it (the page also describes how to provide feedback to make the next iterations even better).

The EDRM Maturity Model Self-Assessment Test is the fourth release in recent months by the EDRM Metrics team. In June 2013, the new Metrics Model was released, in November 2013 a supporting glossary of terms for the Metrics Model was published and in November 2013 the EDRM Budget Calculators project kicked off (with four calculators covered by us here, here, here and here).  They’ve been busy.

So, what do you think?  How mature is your organization in handling eDiscovery?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Denies Plaintiff’s Fallback Request for Meet and Confer after Quashing its Subpoena – eDiscovery Case Law

 

In Boston Scientific Corporation v. Lee, 1:13-cv-13156-DJC, (N.D. Cal., Aug 4, 2014), California Magistrate Judge Paul S. Grewal found time to preside over a case other than Apple v. Samsung and granted the motion to quash the plaintiff’s subpoena for the defendant’s laptops, refusing the plaintiff’s fallback position to meet and confer and referencing Leave it to Beaver in the process.

The defendant left the employment of the plaintiff and began working for a competitor, which caused the case to be filed against him, claiming theft of trade secrets and violation of a confidentiality agreement (by downloading confidential information onto a USB thumb drive).  The defendant’s new employer assigned him a laptop when he started his employment, which he used to both perform his job duties and communicate with his attorneys. Several weeks after the lawsuit was filed, the defendant’s employer segregated this laptop with a third party e-discovery vendor, and issued him a second one.

The defendant’s employer also produced forensic information about the contents of the first laptop to the plaintiff in the form of file listing reports, which disclose extensive metadata of the files contained on the laptop, USB reports, and web browsing history reports.  When the plaintiff pressed for more, the defendant’s employer offered to have an independent vendor review a full forensic image of the first laptop to search for pertinent information, including a review of any deleted files.  The plaintiff refused, requesting forensic discovery from both laptops and issued a subpoena, to which the defendant’s employer filed a motion to quash.

Judge Grewal began his order as follows:

“This case illustrates a recurring problem in all civil discovery, especially in intellectual property cases. A party demands the sun, moon and stars in a document request or interrogatory, refusing to give even a little bit. The meet and confer required by a court in advance of a motion is perfunctory at best, with no compromise whatsoever. But when the parties appear before the court, the recalcitrant party possesses newfound flexibility and a willingness to compromise. Think Eddie Haskell singing the Beaver's praises to June Cleaver, only moments after giving him the business in private. Having considered the arguments, the court GRANTS Nevro's motion to quash.”

Explaining his decision, Judge Grewal stated “No doubt there exists discoverable information on the two laptops, but by demanding nothing less than a complete forensic image of not just one but two laptops belonging to a direct competitor, Boston Scientific demands too much. Such imaging will disclose privileged communications related to the litigation as well as irrelevant trade secrets from a nonparty-competitor.  Boston Scientific's subpoena therefore seeks discovery of protected matter, something plainly not permitted under Rule 45, rendering the subpoena overbroad and imposing an undue burden on Nevro.”

Judge Grewal noted that the plaintiff “[a]s a fall back”, proposed what the defendant’s employer had originally proposed: the retention of an independent vendor to “review a full forensic image of the Initial Laptop to search for pertinent information, including a review of any deleted files.”  Judge Grewal closed the door on that request as well, stating “to allow Boston Scientific now to seek shelter from a fallback position that Nevro previously tendered in good faith would make a mockery of both parties' obligation to meet and confer in good faith from the start.  The time to tap flexibility and creativity is during meet and confer, not after.”

So, what do you think?  Should the plaintiff have been granted its fall back request or was it too late for compromise?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.