Close
Enter your
text here

Electronic Discovery

Discovery Can’t Be Stayed While Motion to Dismiss is Considered, Court Says: eDiscovery Case Law

In Udeen v. Subaru of America, Inc., No. 18-17334(RBK/JS) (D.N.J. Mar. 12, 2019), New Jersey Magistrate Judge Joel Schneider denied the defendants’ request that all discovery be stayed until their Motion to Dismiss is decided, but, with the proviso that only limited and focused discovery on core issues would be permitted.

Case Background

In this nationwide class action with allegations that the defendant’s defective infotainment system creates a safety hazard, the defendants filed a Motion to Dismiss on February 28, 2019 and requested that all discovery be stayed until their motion was decided.  The plaintiffs opposed the defendants’ request, so the Court received the parties’ letter briefs and held oral argument.

Judge’s Ruling

In evaluating the defendant’s motion, Judge Schneider said: “The Court agrees that plaintiffs will be prejudiced if all discovery is stayed while waiting for defendants’ motion to be decided. Given the extensive briefing on defendants’ motion and the expected time it will take for the motion to be decided, the case will be in suspense for months if defendants’ request is granted. Having filed their complaint plaintiffs have a right to move forward… This is especially true in a case where plaintiffs claim the alleged defect in defendants’ vehicles is a safety hazard. Further, the longer the case languishes the greater chance exists that relevant evidence may be lost or destroyed.”

Judge Schneider also noted: “Defendants’ concern about ‘extremely expensive’ discovery is overblown. As is always the case, the Court expects to closely manage discovery to assure that plaintiffs’ efforts are proportional. Further, contrary to defendants’ argument, a discovery stay will not simplify the issues for trial. In fact, the opposite is true. The parties initial discovery will focus on the core issues in the case to assure that only the most relevant and important discovery is produced. This discovery will be produced no matter what claims remain in the case. The discovery will serve to educate plaintiffs concerning the most important individuals and issues in the case. In the long run the Court expects defendants to benefit from this staging so that the parties do not chase discovery ‘down a rabbit hole.’”

As a result, Judge Schneider stated: “After examining all relevant evidence, the Court finds the relevant factors weigh in plaintiffs’ favor and, therefore, the Court will deny defendants’ request to stay all discovery.”  So, Judge Schneider ordered both the defendants and plaintiffs to produce certain documents and for the parties to meet and confer regarding certain other documents, noting: “The Court also finds that defendants’ documents in Japan are not necessarily off-limits. However, the Court is concerned plaintiffs’ requests are too broad. The Court will only permit narrow and focused discovery requests asking for core information. The parties meet and confer discussions shall also address plaintiffs’ request for third-party discovery. To the extent the parties cannot agree on the discovery to be produced, simultaneous letter briefs shall be served by April 15, 2019”.

So, what do you think?  Should discovery ever be stayed because a motion to dismiss is pending?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Hat tip to Jeff Dreiling and the Complete Legal blog for the tip about the case!

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Why Does Production Have to be Such a Big Production?

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.  He has also been a great addition to our webinar program, participating with me on several recent webinars.  Tom has also written several terrific informational overview series for CloudNine, including his most recent one, Understanding Blockchain and its Impact on Legal Technology, which we covered as part of a webcast on March 27.  Now, Tom has written another terrific overview regarding production challenges and what to do about them titled Why Does Production Have to be Such a Big Production? that we’re happy to share on the eDiscovery Daily blog.  Enjoy! – Doug

Tom’s overview is split into four parts, so we’ll cover each part separately.  Here’s the first part.

Introduction

The aim of document productions in the ESI world is succinctly stated by the EDRM: To prepare and produce ESI in an efficient and usable format in order to reduce cost, risk and errors and be in compliance with agreed production specifications and timelines.  https://www.edrm.net/frameworks-and-standards/edrm-model/production/

Discussions of a “database production” typically refer to a collection of ESI loaded into e-discovery software in a form other than its native (original) format.  As a result, a load file may be necessary to organize and maintain original information about the documents and accompanying metadata. We’ll talk about those problems in more detail below but let’s be clear that production problems may revolve around other issues beyond load files.

So, why is this happening? Well the first reason is because it is an issue involving technical components and lawyers, who, by and large, simply aren’t good at technology. But lest we blame it all on the lawyers, let’s keep in mind that tech people don’t make good legal analysts. And neither of them are good communicators when it comes to technical issues so the potential for problems during productions is enormous.

DIY eDiscovery company Lexbe has listed 10 common reasons for production failures:

  1. Being unaware of the rules (FRCP/state/local)
  2. Neglecting to match review requests with your review approach
  3. Not knowing the common file deliverables in productions
  4. Missing the opportunity to use ‘Meet & Confer’ (Rule 26) to your advantage
  5. Failing to Request specific file types & metadata as needed
  6. No custodian tracking causing deduplication nightmares
  7. Not Addressing placeholders, databases, and unusual file types
  8. Negotiating incomplete discovery orders in complicated cases
  9. Stepping into redactions traps
  10. Decreasing privilege review accuracy by failing to apply Near Dup checks

In this paper, we will look at a couple of the most common issues associated with productions and discuss recommendations to minimize production mistakes:

  1. Redaction Issues and Confidentiality Considerations
  2. Load File Failures
  3. Recommendations for Minimizing Production Mistakes

We’ll publish Part 2 – Redaction Issues and Confidentiality Considerations – on Wednesday.

So, what do you think?  Have you experienced problems with document productions in eDiscovery?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Simon Says Two Years After Spoliation is Discovered is Too Late for Sanctions: eDiscovery Case Law

Sorry, I couldn’t resist…  ;o)

In Wakefield v. Visalus, Inc., No. 3:15-cv-1857-SI (D. Or. Mar. 27, 2019), Oregon District Judge Michael H. Simon denied the plaintiff’s motion for sanctions against the defendant for automatic deletion of call records, ruling that since the plaintiff knew about the deletion of call records for over two years, her motion was “untimely”.

Case Background

In this class claim related to alleged violations of the Telephone Consumer Protection Act (“TCPA”), the defendant used an automated telephone system called the “Progressive Outreach Manager” (“POM”), which the plaintiff contended generated and maintained historical records of each calling campaign and each call attempted by the defendant.  The POM system’s ESI was programmed to be automatically deleted after three months and, even though the defendant was on notice since October 2015 that it had a duty to preserve the information contained in the POM system, the plaintiff claimed that the defendant failed to suspend the call records’ automatic deletion. The plaintiff pointed to statements made by the defendant’s corporate representative and compliance analyst, during his deposition in December 2016 as evidence that these call records had been automatically deleted.

For many of those calls, the defendant maintained contact information spreadsheets containing all of the POM system information, so that data was replaced through other sources. However, the plaintiff contended there were 1.7 million calls that were not within the contact information spreadsheets that were deleted from the POM system, asserting that the lost call records would have proven that 350,228 of those calls delivered a message using an artificial or prerecorded voice to class members. In February 2019, the plaintiff asked the Court to order sanctions against the defendant, including instructing the jury that the defendant deleted call records and that the lost information was unfavorable to defendant.  The defendant argued that the motion was untimely, among other arguments against the motion.

Judge’s Ruling

In evaluating the plaintiff’s motion, Judge Simon said: “Plaintiff learned no later than December 12, 2016 that Defendant’s system deleted POM call records every three months. Discovery closed in December of 2017, one year later, and at that point Plaintiff had in her possession all call records produced by Defendant. Plaintiff acknowledges that she was aware in late 2016 that the call record data generated by the POM system had been “destroyed,” but claims she continued to believe that the same information was available elsewhere. It was only when performing final trial preparation that Plaintiff organized her trial exhibits, compiled the evidence obtained in discovery, and realized that some of the call data ‘deleted’ from the POM system had not been produced through other sources…Only then did Plaintiff file her motion for sanctions.”

Judge Simon also observed: “Had Plaintiff timely undertaken to examine the evidence produced by Defendant, any deleted call records that could not be restored or replaced through additional discovery would have been apparent to Plaintiff at that time, and she could have sought sanctions for the alleged spoliation.”  Noting that “courts are cautioned to be ‘wary of any spoliation motion made on the eve of trial’”, Judge Simon stated in denying the plaintiff’s motion: “Plaintiff filed her spoliation motion more than a year after the close of discovery, more than two years after she first learned of the alleged destruction of call records, and less than two months before trial. Plaintiff’s motion is untimely.”

So, what do you think?  Was that the correct call or should the plaintiff have been given the time to determine what she was missing?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Data Privacy Compliance Isn’t Just for Europe or California Anymore: Data Privacy Trends

We have covered Europe’s General Data Protection Regulation (GDPR) over several posts the past couple of years and even conducted a webcast on the topic last year.  And, we have covered the California Consumer Privacy Act (CCPA) several times as well, including as recently as last week.  But, what about the rest of the wide, wide world?  Do countries in other parts of the world have data privacy policies as well?  Yes.  Do they mimic GDPR policies?  Not necessarily.

As reported in Legaltech News (Data Protection Laws Take Center Stage For Global GC, written by Caroline Spiezio), lawyers are saying that ignoring data privacy changes outside of Europe, or assuming GDPR policies will comply anywhere, may lead to fines or diminished consumer trust in other regions.  For example, Camila Tobón, a Colorado-based data privacy lawyer at Shook, Hardy & Bacon, said many countries in the Latin America follow a consent-based model, which doesn’t allow for the legitimate interest data collection case presented under GDPR. She said many Latin American countries with data privacy laws used Spain’s consent-based version of the 1995 Data Protection Directive (the predecessor to GDPR in Europe) to shape their regulations.

“When Spain incorporated the directive into their law, one noticeable change [from other EU countries] was the lack of legitimate interest for a basis for processing personal data,” Tobón said. “When most Latin American countries were starting to implement their laws in 1999, 2000, 2001, they used the Spanish law as a model, which didn’t include legitimate interest. So what you ended up seeing in Latin America was a consent-based model.”

However, Brazil’s General Data Protection Law, which passed in 2018, includes the case for legitimate interest collection, which closely aligns that country’s laws with Europe’s.  And, other countries in Latin America are working on changes as well.  Chile recently voted to create a national data protection authority. Panama’s National Assembly approved a national data protection regulation last year that currently awaits the president’s signature. An updated Argentine bill to bring the country’s data protection regulations closer to Europe’s with a legitimate interest model and data protection officer requirement is also in the works, with a draft standing in front of Congress.

Beyond Latin America, other countries are making (or considering making) changes as well.  The Corporate Counsel Association of South Africa’s chief executive officer Alison Lee said she expects to see the country implement the Protection of Personal Information Act this year.  Unlike GDPR, POPIA asserts companies also have “personal data” that requires protection. South Africa currently doesn’t require explicit consent to collect data or legitimate interest, but it does require some form of consent.  Nigeria could also see data protection changes, as it has long attempted to pass a specific data protection bill.

So, what about Asia Pacific (APAC)?  Scott Thiel, a Hong Kong-based DLA Piper partner, said, since GDPR’s implementation, he’s increasingly asked questions about data protection in Asia.

“Everyone is sort of finally taking a breath and going, ‘OK, we got through GDPR, we’re somewhere near compliance and that’s great. I assume that works everywhere, does it?’ And the short answer is no, it doesn’t,” Thiel said. “A lot of the approaches to data compliance that work in Europe don’t work in the Asian markets.”

He said many companies have tried applying their GDPR policies to China and other Asian countries and it “just doesn’t” work.  Like Latin America, much of East Asia relies on a consent-based model rather than legitimate interest, Thiel said.  Nonetheless, cybersecurity laws are changing in APAC, as well.  The article has several more details regarding data privacy changes in Latin America, Africa and APAC.  GDPR, with its heavy fines, has gotten a lot of the coverage regarding data privacy compliance, but you can’t ignore requirements in the rest of the world if you’re a multi-national company.  I’m sure Antarctica will come out with their data privacy laws any day now.  ;o)

So, what do you think?  Are you prepared for data privacy changes around the rest of the world?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Appeals Court Reverses Jury Decision Based on Failure of Court to Issue Spoliation Sanction: eDiscovery Case Law

In Marshall v. Brown’s IA, LLC, No. 2588 EDA 2017 (Pa. Super. Mar. 27, 2019), the Superior Court of Pennsylvania, ruling that the trial court “abused its discretion in refusing the charge” of an adverse inference sanction against the defendant for failing to preserve several hours of video related to a slip and fall accident, vacated the judgment issued by the jury within the trial court for the defendant and remanded the case for a new trial.

Case Background

In this case where the plaintiff slipped and fell in one of the defendant’s ShopRite stores in August 2014, the plaintiff’s counsel sent a letter two weeks after the incident requesting that the defendant retain surveillance video of the accident and area in question for six hours prior to the accident and three hours after the accident. Additionally, the letter cautioned:

“If any of the above evidence exists, and you fail to maintain same until the disposition of this claim, it will be assumed that you have intentionally destroyed and/or disposed of evidence. Please be advised that you are not permitted, and are in no position, to decide what evidence plaintiff would like to review for this case. Accordingly, discarding any of the above evidence will lead to an Adverse Inference against you in this matter.”

Nonetheless, the defendant decided to preserve only thirty-seven minutes of video prior to the plaintiff’s fall and approximately twenty minutes after, and permitted the remainder to be automatically overwritten after thirty days.  The defendant’s Risk Manager (Matthew McCaffrey) testified that it was the store’s “rule of thumb” to preserve video surveillance from twenty minutes before and twenty minutes after a fall.  The plaintiff contended that the defendant’s conscious decision not to retain the video evidence constituted spoliation, and she asked the trial court to give an adverse inference charge to the jury.  But, the trial court concluded that there was no bad faith by the defendant and refused to give the requested adverse inference charge, but did agree, that the plaintiff’s counsel could argue to the jury that it should infer from the defendant’s decision not to retain more of the video prior to her fall that the video was damaging to the defendant.  Despite that, the jury returned a verdict in favor of the defendant, finding no negligence.

The plaintiff filed timely post-trial motions alleging that she was entitled to a new trial because the trial court erred in refusing to give the requested spoliation instruction to the jury, but the trial court did not rule on the motion, so she appealed, asking if the trial court abused its discretion by declining to read a spoliation of evidence instruction to the jury at trial.

Appellate Court’s Ruling

The opinion by J. Bowes noted that “[t]he duty to retain evidence is established where a party ‘knows that litigation is pending or likely’ and “it is foreseeable that discarding the evidence would be prejudicial” to the other party.”  The court also observed: “Although Mr. McCaffery testified that ShopRite’s rule of thumb was to retain only twenty minutes of tape prior to the fall and twenty minutes after the fall, it actually preserved thirty-seven minutes of footage prior to Ms. Marshall’s fall, and twenty minutes after the fall. He offered no explanation why ShopRite deviated from its typical practice herein.”  The court also observed that “conspicuously absent was testimony from anyone at ShopRite that he or she watched the video for the six-hour-period prior to the fall before determining that it did not contain any relevant evidence.”

Finding that “counsel’s letter placed ShopRite on notice to preserve the video surveillance prior to and after the fall as it was arguably relevant to impending litigation”, the court stated “we find that the trial court took an unreasonably narrow view of ‘relevant evidence’ in concluding that no spoliation occurred in this premises liability case. Relevant evidence is any evidence that ‘has any tendency to make a fact more or less probable.’…Furthermore, its finding of no bad faith on ShopRite’s part was relevant in determining the severity of the sanction to impose for spoliation, but it did not negate or excuse the spoliation that occurred.”

As a result, the court – in vacating the judgment and remanding the case for a new trial – ruled that “Ms. Marshall asked the court for the least severe spoliation sanction, an adverse inference instruction. On the facts herein, it was warranted, and the court abused its discretion in refusing the charge.”

So, what do you think?  Should the judgment have been thrown out over the defendant’s failure to preserve the rest of the video?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

What’s a Lawyer’s Duty When a Data Breach Occurs within the Law Firm: Cybersecurity Best Practices

When I spoke at the University of Florida E-Discovery Conference last month, there was a question from the live stream audience about a lawyer’s duty to disclose a data breach within his or her law firm.  I referenced the fact that all 50 states (plus DC, Guam, Puerto Rico and the Virgin Islands) have security breach notification laws, but I was not aware of any specific guidelines or opinions relating to a lawyer’s duty regarding data breach notification.  Thanks to an article I came across last week, I now know that there was a recent ABA opinion on the topic.

An article written by Anton Janik, Jr. of Williams Mitchell and originally published in the 2019 Winter edition of The Arkansas Lawyer and republished on JD Supra (The Lawyer’s Duty When Client Confidential Information is Hacked From the Law Firm, hat tip to Sharon Nelson’s terrific Ride the Lightning blog for the reference) takes a look at a lawyer’s duties following a data breach and discusses the requirements of ABA Formal Opinion 483, which was issued in October 2018.

Janik begins his article by referencing the DLA Piper NotPetya ransomware attack in 2017, as follows:

“Imagine it’s a usual Tuesday morning, and coffee in hand you stroll into your office. Right inside the door, you see a handwritten notice on a big whiteboard which says: All network services are down, DO NOT turn on your computers! Please remove all laptops from docking stations & keep turned off. *No exceptions*

Finding this odd, you turn to your firm receptionist who tells you that the firm was hit with a ransomware attack overnight, and that if you turn on your computer all of your files will be immediately encrypted, subject to a bitcoin ransom.”

That’s what happened to DLA Piper and the 4,400-attorney law firm was “reduced to conducting business by text message and cell phone” until the situation was resolved, requiring 15,000 hours of overtime IT assistance, though they sustained no reported loss of client confidential information.

Of course, as you probably know by reading this blog, the DLA Piper situation isn’t unique.  A recent American Bar Association report stated that 22% of law firms reported a cyberattack or data breach in 2017, up from 14% the year before.

The ABA Opinion discusses three duties under its Model Rules: the duty of competence, the duty of communication, and the duty of confidentiality. While the ABA Opinion focused narrowly upon the ethical duties it sees arising between an attorney and client, it is important that you understand “the types of data you work with, and keep yourself abreast of what laws, regulations and contractual provisions govern its loss” (I just pointed you to a resource for breach notification laws up above).

Janik’s article covers stopping the breach, restoring systems and determination what happened and the cause. Best practices (and often your cybersecurity insurance coverage) dictate that your law firm should draft, and regularly train on, a breach response plan which defines personnel roles and procedural steps to employ in assessing and addressing any given breach, including through the use of outside vendors whose use may be contractually prearranged.

When a breach is discovered, the ABA Opinion finds that the duty of competence under Model Rule 1.1 requires the attorney to act reasonably and promptly to stop the breach and mitigate the damage, using “all reasonable efforts” to restore computer operations to be able to continue client services.  And, Model Rule 1.4 requires that an attorney keep the client “reasonably informed about the status of the matter.”

So, now I know – which means you know too.  :o)

So, what do you think?  Were you familiar with ABA Formal Opinion 483?  Does your firm have a formalized breach response plan?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Denies Plaintiff’s Motion to Compel Production of ESI Related to 34 Searches: eDiscovery Case Law

In Lareau v. Nw. Med. Ctr., No. 2:17-cv-81 (D. Vt. Mar. 27, 2019), Vermont District Judge William K. Sessions III denied the plaintiff’s motion to compel production of ESI related to 34 search terms proposed by the plaintiff during meet and confer with the defendant, based on the extrapolation from a single search term that the plaintiff’s production request would require 170 hours of attorney and paralegal time and would produce little, if any, relevant information.

Case Background

In this case related to claims of wrongful termination stemming (at least in part) from the plaintiff’s disability, the plaintiff initially asked the defendant to produce ESI using 18 search terms. Using only seven of those 18 terms, the defendant produced over 3,000 pages of documents and objected to the scope of the request. The plaintiff moved to compel, and the Court issued an order requiring the parties to confer and agree upon appropriate search terms.

The plaintiff subsequently proposed 34 search terms, some of which were in the original list to which the defendant had objected. The defendant informed plaintiff’s counsel that using just the first four of the proposed 34 terms, it had spent over 20 hours retrieving 2,912 documents totaling 5,336 pages. The plaintiff’s counsel later acknowledged in an email that the initial production was voluminous and unwieldy, and suggested that the defendant use only the newly-proposed search terms.

The defendant made another effort to comply, performing a search using the suggested term “Experian.” The process of searching, coding, and producing reportedly took five hours and identified 472 documents. the defendant represented to the plaintiff’s counsel that few of those documents were relevant. Extrapolating that work to 34 search terms, the defendant contended that the plaintiff’s production request would require 170 hours of attorney and paralegal time and would produce little, if any, relevant information.  As a result, the defendant informed opposing counsel that given the burden of production and the limited relevance of the search results, it would not expend any additional time performing the requested searches. The plaintiff’s counsel invited the defendant to offer additional suggestions as to search terms, but the defendant declined that invitation, leading to the plaintiff’s motion.

Judge’s Ruling

Judge Sessions noted that, under the FRCP, “a party is required to provide ESI unless it shows that the source of such information is ‘not reasonably accessible because of undue burden or cost.’”  With that in mind, Judge Sessions stated:

“Here, the Court ordered cooperation among counsel, and counsel’s efforts did not produce a workable solution. NMC has tried to comply and shown that, to date, the information sought using Lareau’s proposed search terms is not reasonably accessible. Indeed, NMC has expended considerable time and expense producing documents that reportedly have little relevance to this case.”

While noting that he “could nonetheless compel discovery for good cause shown”, Judge Sessions determined that “[h]ere, there has been no such showing.”  Judge Sessions stated: “Since the Court issued its prior Order, NMC has produced 3,384 additional documents containing little relevant information. Without any showing that additional searches are likely to result in a higher rate of success, the Court will not order NMC to engage in further problem-solving.”  As a result, he denied the plaintiff’s motion to compel.

So, what do you think?  Was the defendant’s analysis of expected effort a valid representative sample?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Answers to Your Frequently Asked CCPA Questions: Data Privacy Best Practices

As we discussed last year (here and here), the California Consumer Privacy Act (CCPA) is a comprehensive new consumer protection law set to take effect next January 1.  And, as we also reported recently, about half of surveyed companies haven’t even started preparing to be CCPA compliant.  Maybe that’s because they don’t know where to start to comply and don’t know whether the CCPA applies to their business, what rights will Californians have under CCPA and what impact CCPA will have on their privacy policy.  Here are answers to some of those questions.

In the Data Privacy Monitor site by Baker Hostetler (The California Consumer Privacy Act: Frequently Asked Questions, written by Alan L. Friel, Laura E. Jehl and Melinda L. McLellan), the authors address ten frequently asked questions that companies are asking about CCPA (if they’re not asking them, they should be).  Here are the questions they are addressing in this article:

  1. Does the CCPA apply to my business? What if we don’t have operations in California?
  2. Does the $25 million revenue threshold apply to California revenue specifically, or is it $25 million for the business as a whole?
  3. Will the CCPA be amended? What are the open issues?
  4. What new rights will the CCPA give to California residents?
  5. Will we need to amend our company’s online privacy policy?
  6. How do the “copycat” CCPA laws being proposed in other states compare with the CCPA?
  7. How does a business confirm that a person making an access or deletion request under the CCPA is a California resident, or who they claim to be?
  8. What should our company be focusing on right now, while we wait to see how these various state and federal law proposals shake out?
  9. What are the potential penalties for violations of the CCPA?
  10. Does my business qualify for one of the CCPA’s exceptions?

I won’t steal any thunder here – the authors give detailed and thoughtful answers to the questions that you will want to check out for yourself.

It’s interesting to note that there are at least 15 state data privacy laws that are working their way through the legislative process – some that are “virtually identical to the CCPA”, others that are similar, but with key differences.  As the authors note, the “prospect of having to comply with dozens of different state laws of this nature has fueled interest in a federal law to harmonize these proposals and provide businesses with clear compliance goals.”  That’s not surprising to me.

As the authors note in their conclusion: “A new era of consumer privacy rights has dawned in the U.S., and businesses will need to have a sound understanding of the personal information they collect, process, use and share to be able to comply with incoming rules and regulations.”  Given recent trends, it certainly appears that virtually every US business will be subject to new and developing data privacy laws sooner rather than later.

So, what do you think?  Is your company subject to CCPA?  If so, has it begun to address CCPA yet?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Denies Sanctions Request Because Defendant Didn’t Prove the Information was Irretrievable: eDiscovery Case Law

In Envy Hawaii LLC v. Volvo Car USA LLC, No. 17-00040 HG-RT (D. Haw. Mar. 20, 2019), Hawaii District Judge Helen Gillmor denied the defendant’s motion for spoliation sanctions, stating that the defendant “has not established that spoliation sanctions are available because the information it seeks is not “lost” within the meaning of Fed. R. Civ. P. 37(e).”

Case Background

In this case involves contract disputes and claims of improper business practices between a local automobile dealership and the national distributor of Volvo automobiles, the parties had engaged in two years of litigation, produced discovery, and conducted depositions.  The defendant claimed that the plaintiff and its sole owner and manager failed to preserve certain electronically stored information (Google e-mail accounts and electronic dealer management system records) in violation of Federal Rule of Civil Procedure 37(e).  The plaintiff and its owner claimed no spoliation had occurred because any relevant records are available from third-parties and sanctions were not appropriate.

Judge’s Ruling

Judge Gilmor noted that “[t]he text of Federal Rule of Civil Procedure 37(e) provides that evidence is ‘lost’ and subject to spoliation sanctions when a party failed to take reasonable steps to preserve it, and ‘it cannot be restored or replaced through additional discovery’” and that “[i]nformation is ‘lost’ for purposes of Rule 37(e) only if it is irretrievable from another source, including other custodians.”  She also stated that “[s]poliation sanctions are not available pursuant to the 2015 Amendment to Rule 37(e) when information is not lost.”

With regard to that, Judge Gilmor stated:

“Volvo Car USA LLC admits that it has not sought any of the discovery from either CDK Disk or Google Enterprise. Volvo Car USA LLC’s Motion is focused on Envy Hawaii LLC’s failure to preserve the information.”

Noting that “Volvo Car USA LLC may issue subpoenas to obtain records from Google and/or CDK Drive prior to May 15, 2019”, Judge Gilmor denied the defendant’s motion for spoliation sanctions.

So, what do you think?  Should parties be required to confirm with third parties that information is not available before filing motions for spoliation sanctions?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

A Mergers-Acquisitions-Investments Update and a CloudNine Product Update: eDiscovery Trends

Years ago, there was a TV commercial for chili where the spokesman said “Neighbors, how long has it been since you’ve had a big thick steaming bowl of Wolf brand chili?  Well, that’s too long.”  It’s been too long since we’ve provided an update of M&A+I activities in eDiscovery, so let’s fix that.  Also, I’ve had a lot of questions recently about what’s going on with the products that CloudNine acquired a year ago, so let’s provide an update on that as well.

As always, the best resource for tracking eDiscovery Mergers, Acquisitions, and Investments is Rob Robinson’s ComplexDiscovery site – after all, Rob via ComplexDiscovery has noted more than 375 M&A+I events between November 2001 and today.

Rob’s latest update is for the just completed Q1 of 2019.  His review was through March 22, but I’m not aware of any significant M&A+I announcements since then, so it’s probably good for the entire Q1.  Based on that, Rob notes five key findings for Q1 2019:

  • There have been at least 14 M&A+I events in the eDiscovery ecosystem during Q1 2019.
  • January was the most active month in Q1 2019 for M&A+I events with at least 11 total events. This is the most active January since the inception of eDiscovery ecosystem M&A+I pattern tracking in November 2001.
  • March was the least active month in Q1 2019 for M&A+I events with two known events.
  • The investment pulse rate for the three months of Q1 2019 appears to be higher than annual Q1 investment patterns. Q1 2019 is tied with Q1 2012 for the most active Q1 since the inception of eDiscovery ecosystem M&A+I pattern tracking in November 2001.
  • Q1 2019 investment pulse rate appears to be slightly higher than the investment pulse rate during the same period in Q1 2018.

As usual, Rob also provides some charts to reflect the activity graphically: for 2019 (so far), a per month history since Rob started tracking in November 2001 (January is the most active month historically) and activity on a per year basis, which does a great job of reflecting how many more transactions have occurred in recent years than in the past.  To wit: Q1 2019’s 16 transactions are more than all but one year from 2001 to 2009.

Interesting stuff.  BTW, speaking of ComplexDiscovery, Rob yesterday launched his Spring 2019 eDiscovery Business Confidence Survey.  As usual, the survey only takes about a minute or two to complete, so drop in and complete it if you have a minute (or two).  Rob says the survey will close around mid-April, so do it sooner rather than later to get your feedback included.

Anyway, speaking of acquisitions, it’s hard to believe that it was a year ago last week that CloudNine acquired the eDiscovery product lines from LexisNexis.  When I was at the University of Florida E-Discovery Conference a couple of weeks ago, several people asked me what was going on with the LAW, Concordance and EDA (now renamed Explore) product lines that we acquired.  So, let me address each of those (and our own CloudNine Review platform) with a brief update.

Normally, when I start to talk about CloudNine products, I preface it with a “shameless plug warning!”.  So, consider yourself warned.  And, if you want to complain that this blog post isn’t educational, remember that I started it with some interesting eDiscovery M&A+I info.  ;o)

LAW: LAW PreDiscovery is now known as CloudNine LAW and we just announced a new 7.1 release yesterday (unlike yesterday’s blog post, this was no April Fool’s Day joke).  This is our third release since the acquisition and our second in just the last two months!  The cornerstone of our 7.0 release back at the end of January was our new multi-core, multi-threaded Turbo Import ingestion engine to process and load data considerably faster than the traditional ED Loader module – with the 7.1 release now officially out, we have improved the ingestion speeds up to 12x faster compared to ED Loader.  Imagine having a super large PST file that used to take over 24 hours to process – now it can be processed in just over 2 hours.  Talk about saving time!

We have implemented several other new features and fixes over the past year and have partnered with Compiled to provide an automated link between LAW and Relativity (announced back in January).  And, we have several additional exciting features coming out over the next couple of quarters (targeting two more releases before Q4).

Explore: Also referenced in yesterday’s announcement, Explore has also seen some speed improvements and other feature additions over three releases since acquisition.  Explore has a unique index-in-place approach that also supports multi-threaded processing of large container files and the ability to distribute processing over multiple machines.  We recently partnered with a third party to conduct benchmarking of Explore and were able to index a terabyte (TB) of data in 7 hours, 15 minutes!  So, Explore is a terrific product for indexing and searching large collections of data quickly to support early data assessment, compliance on investigation needs and we have talked with a number of customers who are impressed with its speed and capabilities.

Concordance: Many people have asked what we’ve been doing with Concordance since we acquired it and we have had three software releases for Concordance as well since we acquired it.  We are currently working on brand new viewer technology to improve the experience for users of both the Concordance image viewer (e.g., support of color images, search within image) and Concordance native viewer (e.g., speed of image retrieval) that we expect to roll out around mid-year.  And, we are finalizing a link with Hot Neuron’s Clustify product to enable Concordance users to perform conceptual clustering, near dupe identification, email thread identification and predictive coding!

CloudNine Review: Our flagship CloudNine review platform is now known as CloudNine Review and we are also working on a number of new features and capabilities with that product as well.  We recently released a brand new managed review module within CloudNine Review and are currently working on several updates and improvements to the user interface overall – to provide a cleaner and even more intuitive look and feel.

There’s a lot more to say about each of these products – for example, we have doubled the size of our teams developing, testing, supporting and training on the products since acquisition – but, I try to keep our blog posts reasonably short.  Feel free to drop me a line if you want to know more.

So, what do you think?  Are investments in eDiscovery companies on the rise?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.