Close
Enter your
text here

Electronic Discovery

Court Orders Defendants to Comply with Rule 26(a), Ditch the Boilerplate Objections: eDiscovery Case Law

In RightCHOICE Managed Care, Inc. v. Hospital Partners, Inc., No. 5:18-cv-06037-DGK (W.D. Mo. Feb. 1, 2019), Missouri District Judge Greg Kays ordered the discovery defendants to “supplement their initial disclosures so that they comply with Rule 26(a)” (within 14 days) and “either respond to Plaintiffs’ interrogatories and requests for production in good faith or specifically tailor their objections to each question or request”, as well as requiring each discovery defendant to “prepare a statement identifying the steps taken to preserve discoverable information”, among other things.

Case Background

In this case involving alleged improper billing of lab tests, the parties conferred under Federal Rule of Civil Procedure 26(f) in October 2018.  The plaintiffs served the discovery defendants with interrogatories and requests for production of documents the following week. The discovery defendants responded on November 26, objecting to every one of the plaintiffs’ questions and requests, using language like this:

“Defendant objects to this request as vague, overly broad, unduly burdensome, harassing, and/or seeking information that is irrelevant and/or not reasonably calculated to lead to the discovery of admissible evidence.”

On January 24, the Court held a teleconference hearing to discuss the dispute. During the hearing, the plaintiffs stated that the discovery defendants failed to identify any witnesses in their Rule 26(a)(1) initial disclosures, made boilerplate objections to every interrogatory, and improperly invoked the Fifth Amendment. When the Court asked the discovery defendants’ counsel whether they had produced a single document in the case, he “enthusiastically” replied, “Nope.”

As a result, the plaintiffs requested that the Court order the discovery defendants to (1) amend their initial disclosures; (2) produce responsive, non-privileged documents requested from Hospital Partners and Empower H.I.S.; (3) specify exactly which interrogatories Byrns and Perez object to on the basis of the privilege against self-incrimination; (4) answer Plaintiffs’ interrogatories in good faith or have adverse inferences drawn from their refusal; and (5) each provide a sworn statement identifying the steps taken to preserve discoverable information. Not surprisingly, the discovery defendants asked the Court to deny these requests.

Judge’s Ruling

Noting that “Rule 26(a)(1) requires litigants to provide ‘the name and, if known, the address and telephone number of each individual likely to have discoverable information’”, Judge Kays stated that the discovery defendants’ disclosures – which merely listed “corporate representative[s]” of various unnamed entities, such as “any billing/management vendors of the Defendants, with no specific reference to the information held by the entities and no address or phone numbers – “fail to comply with Rule 26(a)(1)”.  Judge Kays ordered the discovery defendants to “supplement their initial disclosures with the specific names and contact information, if known, of individuals likely to have discoverable information.”  He also indicated that they “must also provide copies of, or a list detailing, by category and location, all documents, electronically stored information, and tangible things in their possession, custody, or control that they may use to support their claims or defenses.”

Judge Kays also rejected the discovery defendants’ use of the Fifth Amendment privilege against self-incrimination, stating: “Their invocation is invalid. To begin, the Fifth Amendment does not protect Hospital Partners and Empower H.I.S. because they are artificial legal entities” (despite the discovery defendants’ claims that they are “alter egos of the individual defendants”.  As a result, he ordered defendants Hospital Partners and Empower H.I.S. “to produce relevant, non-privileged documents and respond to Plaintiffs’ interrogatories” and also ordered defendants Byrns and Perez “to produce all relevant, non-privileged business records in their possession” and to “contour their Fifth Amendment objections to each particular interrogatory, so that, if necessary, the Court can make a question-by-question judgment on the privilege’s applicability.”

As for the boilerplate objections, Judge Kays ordered the discovery defendants to “either respond to Plaintiffs’ questions and requests or tailor their objections with much greater particularity. If they assert a privilege, they must provide a privilege log.”

Finally, Judge Kays stated that the discovery defendants’ “failure to produce a single document, months into discovery, concerns the Court” and also expressed concerns about the plaintiffs’ allegations that the defendants “have not issued retention notices and {the plaintiffs} are unaware of the location of Empower H.I.S.’s records.”  As a result, Judge Kays agreed with the plaintiffs that “the Discovery Defendants each need to prepare a sworn statement detailing their efforts to preserve discoverable information” and noted that if the discovery defendants’ behavior were to continue, “the Court will consider imposing sanctions.”

So, what do you think?  Should the defendants have already been sanctioned, or is that premature?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Is Blockchain as Secure as People Think? Maybe Not: Cybersecurity Best Practices

As you may have seen yesterday, Tom O’Connor has written his latest terrific informational overview series for CloudNine about blockchain that we will be covering in a six-part series over the next couple of weeks.  Not to steal any thunder, but Tom’s article will cover things like the advantages of blockchain and its impact on legal technology and eDiscovery.  One advantage that a lot of people have been saying about blockchain is the idea that it’s essentially “unhackable” from a cybersecurity standpoint.  That may not actually be true.

According to the MIT Technology Review (Once hailed as unhackable, blockchains are now getting hacked, written by Mike Orcutt – hat tip to Rob Robinson’s Complex Discovery blog for the link), hackers have stolen nearly $2 billion worth of cryptocurrency since the beginning of 2017, mostly from exchanges, and that’s just what has been revealed publicly.

Last month, the security team at Coinbase noticed something strange going on in Ethereum Classic, one of the cryptocurrencies people can buy and sell using Coinbase’s popular exchange platform.  An attacker had somehow gained control of more than half of the network’s computing power and was using it to rewrite the transaction history. That made it possible to spend the same cryptocurrency more than once—known as “double spends.” The attacker was spotted pulling this off to the tune of $1.1 million (though Coinbase claims that no currency was actually stolen from any of its accounts).  The so-called 51% attack against Ethereum Classic was just the latest in a series of recent attacks on blockchains that have heightened the stakes for the nascent industry as a second popular exchange, Gate.io, has admitted it wasn’t so lucky, losing around $200,000 to the attacker (who, strangely, returned half of it days later).

As the article notes, blockchains are particularly attractive to thieves because fraudulent transactions can’t be reversed as they often can be in the traditional financial system. Besides that, we’ve long known that just as blockchains have unique security features, they have unique vulnerabilities. Marketing slogans and headlines that called the technology “unhackable” were dead wrong.

The article concludes by noting that, while blockchain technology has been long touted for its security, under certain conditions it can be quite vulnerable. Sometimes shoddy execution can be blamed, or unintentional software bugs. Other times it’s more of a gray area—the complicated result of interactions between the code, the economics of the blockchain, and human greed. That’s been known in theory since the technology’s beginning. Now that so many blockchains are out in the world, we are learning what it actually means—often the hard way.

When this article came out last week, Tom and I discussed whether to reference it in his already completed paper – ultimately, we agreed to let me cover it here.  One thing that Tom’s article makes clear is that we’re still learning a lot about blockchain and its capabilities and this article certainly reinforces that notion.  Do your homework!

So, what do you think?  Are you surprised by this indication that blockchain may not be “unhackable” after all?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Understanding Blockchain and its Impact on Legal Technology

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.  He has also been a great addition to our webinar program, participating with me on several recent webinars.  Tom has also written several terrific informational overview series for CloudNine, including his most recent one, Will Lawyers Ever Embrace Technology?, which we covered as part of a webcast on November 28 of last year.  Now, Tom has written another terrific overview regarding blockchain and legal technology titled Understanding Blockchain and its Impact on Legal Technology that we’re happy to share on the eDiscovery Daily blog.  Enjoy! – Doug

Tom’s overview is split into six parts, so we’ll cover each part separately.  Here’s the first part.

Introduction

I first started paying attention to blockchain at ILTACON17 when I noticed how often it was cited in security sessions.  Like many people, I had associated blockchain only with bitcoin, and thus tended to dismiss it as a one trick pony.

Even thought Don & Alex Tapscott described it in their 2016 book, Blockchain Revolution , as “ … the next generation Internet.”, I also had trouble seeing it as a solution for day to day business problems.  It didn’t seem to me be the practical sort of tool with solid standards that business people would deploy and I was concerned about the security of recording transactions in public ledgers while at the same time being able to protect privacy.

The ILTA session helped me overcome some of those concerns as I learned how blockchain tools were dealing with these issues.  And I’ve continued to monitor the growth of the tool since then. This paper is an attempt to give an overview of where blockchain is at the onset of 2019.

In this paper, we will look at several topics related to blockchain and legal technology:

  1. Understanding Blockchain and Bitcoin
  2. Advantages and Challenges of Blockchain
  3. General Use Cases for Blockchain
  4. Blockchain in Legal Technology and eDiscovery
  5. Conclusions

We’ll publish Part 2 – Understanding Blockchain and Bitcoin – on Wednesday.

So, what do you think?  Do you understand blockchain and how it can impact the legal profession?  If not, keep reading!  And, as always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Here’s an Example of a Phishing Email I Received and What I Did About It: Cybersecurity Best Practices

When you get an email from your boss asking you to help him with something, your natural tendency is to take it seriously and drop what you’re doing so that you can help.  But, if you’re not careful, you could find out that you’re the victim of a phishing email.  I got an email just like that yesterday – here’s how I was able to quickly realize what it was and avoid making a big mistake.

In case you’re not clear what “phishing” is, here’s a definition (straight from Wikipedia):

Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication. The word is a neologism created as a homophone of fishing due to the similarity of using a bait in an attempt to catch a victim.

You’ve probably seen plenty of emails that look like a legitimate entity (e.g., Apple, Amazon, various banks and financial institutions) where they tell you there’s a problem with your account and you’re directed to click on the link to provide your credentials again, or your account login or other account information.  You do, and they can take that info and wreak havoc from there.  That’s a phishing email and that’s pretty common.

Another type of phishing email is where it looks like it comes from someone you know (e.g., your boss or other colleague).  Again, they typically want you to click on a link – or – open an attachment that contains malware that can proceed to infect your system and, perhaps, your company’s network.  Sometimes, you may not even realize that malware has been “unleashed” until much later.  Or, they indicate that they need you to wire some money to pay a bill and give you the wire information.

So, yesterday, I got one of those types of phishing emails that looked like it came from my boss, Brad Jenkins, who is the CEO of CloudNine.  Here is what it said (bold italics used for emphasis, it was actually a plain text email):

Hello are you free at the moment?  i need you to get something done for me.

P.S. I am heading to a meeting right now and i won’t be able to receive call but i will be available by email.

Sent from my Samsung Galaxy smartphone.

Anybody who sends emails from their smartphones knows that we sometimes abbreviate, misspell, uncapitalize and so forth – phone email messages often have their own “email shorthand”, so the informality of this message seems consistent with that.  And, I could certainly see Brad sending me a quick message from his phone to ask for my help or a quick discussion – happens all the time.  But, then I see this at the top:

*** External Email ***

As I noted several months ago, at CloudNine, we mark any emails coming from an external source with an “*** External Email ***” marker inserted into the received email to help recipients identify those phishing instances.  Because of that, I knew that wasn’t an email from Brad via his CloudNine email address.  That told me it was very likely a phishing email; in fact, I didn’t even have to open the email to see that as it appears at the top, so I can see it in the three-line preview that Outlook shows in the Inbox.  If your organization doesn’t already do that, it’s a great way to help determine the origin of those messages that pretend to be from a co-worker.  In the meantime, you want to confirm any email that seems even the slightest suspicious came from the purported sender by checking out the email address or by asking your internal IT expert about it.  Better safe than sorry.

One other thing that I do if I’m unsure if the email came from the actual sender (if it’s purported to be from somebody outside my organization or I think it may be from a personal email address) is to contact them separately – not by replying to the email I received – but by either sending them a separate email to their known email address, or texting or calling them, and asking them if they sent the email.  Never reply to an email that looks suspicious.

By the way, this message had no link or attachment.  So, what were they after?  My guess is that they wanted to see if I took the bait and the next message was going to ask for me to “review this file” or “take a look at this site (link)” or “send a wire transfer to this address”.

Speaking of wire transfers, never send a wire transfer just based on an email, always get verification (preferably verbal) to confirm the request actually came from your boss.  That seems like a “no brainer”, but I’ve heard many stories of companies where employees did just that – only to find out that it was a phishing scam and the company was out tens of thousands of dollars.  Ouch!

So, what do you think?  Have you ever been a victim of a phishing email?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

To Preserve Sanction Potential, Plaintiff Fights To NOT Have Claim Against Them Dismissed: eDiscovery Case Law

Yes, you read that right.  In DR Distrib., LLC v. 21 Century Smoking, Inc., No. 12 CV 50324 (N.D. Ill. Feb. 12, 2019), Illinois District Judge Iain D. Johnston denied the defendants’ Motion for Leave to Amend their counterclaim to remove their own defamation counterclaim (Count VIII) against the plaintiffs – a move to which the plaintiffs objected, because it could eliminate their chance to pursue sanctions against the defendants for ESI spoliation.

Case Background

In this trademark infringement case, where, according to Judge Johnston, “the parties have engaged in a plethora of discovery disputes and pleadings practice”, the defendants moved for leave to amend their counterclaim under Fed. R. Civ. P. 15 to remove Count VIII, “defamation per se”, against the plaintiff – three years and eight months after the expiration of the amended pleading deadline.  This was the third time that one of the parties moved to amend a pleading after the deadline (second time requested by the defendant), the court had denied the previous two attempts.

Judge’s Ruling

Judge Johnston began his ruling by stating:

“A party rarely objects to the dismissal of a claim against it. But it happens. See, e.g., Chavez v. Illinois State Police, 251 F.3d 612, 655-56 (7th Cir. 2001). This is one of those rare occasions. Context explains these unusual circumstances. Not surprisingly, like most bizarre legal circumstances, this situation is caused because each side is attempting to obtain a procedural litigation advantage. This Court is confident that its analysis and decision is correct. But this Court also recognizes that this opinion proves two old adages: (1) bad facts make bad law; and (2) judges who like all their decisions are likely bad judges.”

Judge Johnston proceeded to note that “raging in this case is an ESI food fight of Hollywood proportions”, stemming from “the loss of ESI relating to the defendants’ seemingly relevant emails and instant messages”, which was initially limited to the defendants’ defamation counterclaim.  As Judge Johnston noted: “During the ESI melee, by this Motion, defendants sought to eliminate Count VIII. Although unstated, to even the most casual observer, the reason for this move was obvious: If Count VIII were eliminated, then the ESI fracas would be moot. No harm; no foul.”  He also stated that “plaintiffs promise to file a brief longer than a CVS receipt to address the ESI issues”, raising “nearly every conceivable basis for sanctions”.  Summing up the situation, Judge Johnston stated that “plaintiffs cannot obtain these sanctions if Count VIII is eliminated (at least if the ESI were only relevant to Count VIII). Therefore, plaintiffs object, despite the seeming benefit of having a claim against them eliminated. So here we are.”

Make sense now?

In considering the defendants’ motion, Judge Johnston indicated that “defendants dedicate a large portion of their briefs to argue that Rule 15 governs this Motion, and that ‘[t]he court should freely give leave [to amend] when justice so requires’”, but responded that “when a motion to amend a pleading comes after a case management order is entered, Rule 16(b)(4)’s ‘good cause’ standard must be satisfied before a court considers whether Rule 15(a)(2)’s standards are satisfied.”  Judge Johnston also observed that the defendants had failed to show diligence, stating:

“This Motion, brought almost four years after the expiration of the amended pleading deadline, represents the first time that defendants have sought to dismiss Count VIII. These facts would lead a reasonable person to conclude that the real, but unstated, reason to eliminate Count VIII is to avoid the ESI maelstrom on the horizon.”

As a result, stating that defendants “have failed to show good cause pursuant to Rule 16 to amend the case management order”, Judge Johnston denied their motion and indicated that the “issues related to possible sanctions raised in plaintiffs’ response will be addressed in the separate round of briefing.”

So, what do you think?  Is the plaintiff making a big gamble in leaving a claim against them in the case to try to push for sanctions?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Emoji Are Showing Up in Court Cases More and More: eDiscovery Trends

Without a doubt, our forms of communication are continuing to evolve from just email and we now have to add social media, text messaging and other messaging apps as forms of communication that need to be routinely preserved, collected, processed, reviewed and produced.  But, it’s not just the forms of communication that are changing, it’s the way we communicate that is changing as well.  So, you may or may not be surprised that emoji (yes, the plural of “emoji” is still “emoji”, at least officially) are showing up in court cases exponentially.

As discussed in The Verge (Emoji are showing up in court cases exponentially, and courts aren’t prepared, written by Dani Lee), emoji are showing up as evidence in court more frequently with each passing year. Between 2004 and 2019, there was an exponential rise in emoji and emoticon references in US court opinions, with over 30 percent of all cases (53 out of 171 all time) appearing in 2018, according to Santa Clara University law professor Eric Goldman, who has been tracking all of the references to “emoji” and “emoticon” that show up in US court opinions.  Yes, there’s a guy who tracks that stuff!  Here’s a chart from Goldman, showing the rise of cases since 2004:

By the way, you do know the difference between an emoji and an emoticon, right?  An emoticon is created out of text, primarily via the use of punctuation marks, whereas an emoji is a small image, a pictograph. Nearly everyone has used an emoji and emoticon at least once in their lives, even if they didn’t know what it was called.  Personally, I’m not a big fan of emoticons… ;o)

Goldman has written extensively on the subject of “emoji law” – including his blog post Emoji Law 2018 Year-in-Review and his paper published last year titled Emojis and the Law.

So far, the emoji and emoticons have rarely been important enough to sway the direction of a case, but as they become more common, the ambiguity in how emoji are displayed and what we interpret emoji to mean could become a larger issue for courts to contend with.  Want a couple of examples?  Here you go:

  • Bay Area prosecutors were trying to prove that a man arrested during a prostitution sting was guilty of pimping charges, and among the evidence was a series of Instagram DMs he’d allegedly sent to a woman. One read: “Teamwork make the dream work” with high heels and money bag emoji placed at the end. Prosecutors said the message implied a working relationship between the two of them. The defendant said it could mean he was trying to strike up a romantic relationship. Another message from the defendant included the crown emoji, which was said to signify that the “pimp is the king.”
  • In 2017, a couple in Israel was charged thousands of dollars in fees after a court ruled that their use of emoji to a landlord signaled an intent to rent his apartment. After sending an enthusiastic text confirming that they wanted the apartment, which contained a string of emoji including a champagne bottle, a squirrel, and a comet, they stopped responding to the landlord’s texts and went on to rent a different apartment. The court declared that the couple acted in bad faith, ruling that the “icons conveyed great optimism” that “naturally led to the Plaintiff’s great reliance on the Defendants’ desire to rent his apartment,” according to Room 404.

Still, it’s rare for cases to turn on the interpretations of emoji. “They show up as evidence, the courts have to acknowledge their existence, but often they’re immaterial,” Goldman says. “That’s why many judges decide to say ‘emoji omitted’ because they don’t think it’s relevant to the case at all.” But emoji are a critical part of communication, and in cases where transcripts of online communication are being read to the jury, they need to be characterized as well instead of being skipped over. “You could imagine if you got a winky face following the text sentence, you’re going to read that sentence very differently than without the winky face,” he says. In the “pimp” case above, the ruling didn’t ultimately hinge on the interpretation of emoji, but they still provided evidentiary support.

Nonetheless, as Craig Ball has noted in several presentations that I’ve seen, the handling of emoji and emoticons will become increasingly important in discovery over time.  And, here’s one more challenge to leave you with – emoji often render differently across platforms, so the emoji you see may not be the emoji your audience sees in social media posts or text/other messages.  We may have to consult those Egyptian hieroglyphics textbooks soon to see how they managed to communicate thousands of years ago!

So, what do you think?  Are you surprised that emoji and emoticons are becoming an increasing part of legal cases?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

No Bad Faith Means No Sanctions for Failing to Preserve Video of Altercation: eDiscovery Case Law

In Stovall v. Brykan Legends, LLC, No. 17-2412-JWL (D. Kan. Feb. 7, 2019), Kansas Magistrate Judge James P. O’Hara denied the plaintiff’s motion for sanctions based on the defendant’s alleged spoliation of a surveillance video that shows an altercation between the plaintiff and her supervisor, stating that “plaintiff has failed to meet the requirements of Fed. R. Civ. P. 37(e)(2)”.

Case Background

In this employment discrimination case involving claims of sexual harassment, the plaintiff was injured in 2016 in a physical confrontation with her supervisor (who was also the alleged harasser) and the confrontation was recorded on one of defendant’s surveillance cameras.  Shortly thereafter, the plaintiff filed a claim for workers’ compensation based on her alleged injuries and a few months after that, the plaintiff filed a discrimination charge with the Kansas Human Rights Commission (“KHRC”), which sent the defendant a letter advising that the destruction of records related to the charge was forbidden by law.

The plaintiff’s workers’ compensation claim was settled in January 2017.  In February 2017, plaintiff’s current counsel sent defendant a letter, stating plaintiff had retained them to represent her in connection with employment discrimination claims and advising defendant of its obligation to preserve records, videos, and files pertaining to plaintiff’s employment and discharge.  The plaintiff subsequently filed the suit in July 2017.

On July 3, 2018, plaintiff tendered a document request for, among other things, “surveillance footage, recordings or other video…that refer or relate to any events alleged in Plaintiff’s Complaint.”  The defendant responded that there “was a surveillance tape that depicted the altercation”, but that defendant “is unable to locate the tape.” The response also advised that a “copy or link” of the video was provided to the attorney representing the defendant in the workers’ compensation matter, but that “the link has expired.” The defendant’s representative (Rauschelbach) testified at his deposition that after the incident, he maintained a copy of the surveillance video in his desk drawer, but that he could no longer find it, despite “desperately looking”, leading to the plaintiff’s motion for sanctions.

Judge’s Ruling

In assessing the plaintiff’s motion, Judge O’Hara noted that “the parties agreed the surveillance video is a form of electronically stored information (“ESI”) subject to the preservation requirements of Rule 37(e)”.  As a result, he evaluated each of the factors of Rule 37(e) in turn:

  • Duty to Preserve: Judge O’Hara noted that “defendant concedes that as of October 11, 2016, the date on which it received notice of plaintiff’s discrimination charge from the KHRC, it ‘had an obligation to preserve the video.’” But, regarding the defendant’s argument that it had already “turned the video over to its insurance company” in connection with the workers’ compensation claim, Judge O’Hara said “The problem with defendant’s argument is that it does not account for the fact that defendant had two copies of the surveillance video. Defendant does not address the duty it had to preserve the copy of the video kept in Rauschelbach’s desk drawer.”
  • No Reasonable Steps to Preserve: Noting that the “defendant does not suggest any steps it took to preserve the video”, Judge O’Hara stated regarding the contention that sending a copy to its workers’ compensation insurer was a step to preserve that “The court knows of no case construing such an action as a step to preserve.”
  • No Ability to Restore or Replace: Noting that “plaintiff acknowledged during the pretrial conference that she had not issued a subpoena to the workers’ compensation insurer in an attempt to have a copy of the video retrieved off of their system or a computer hard drive”, Judge O’Hara stated that “the court concludes plaintiff has not proven the video cannot be replaced or restored” and in “a close call”, indicated he “has not found all three prerequisites to spoliation met”.
  • Bad Faith: Judge O’Hara noted that even if the plaintiff had met the spoliation prerequisites, she failed to demonstrate bad faith on the part of the defendant. Judge O’Hara stated “Although defendant’s failure to take steps to preserve the ESI may be negligent, even grossly negligent, nothing in the record suggests defendant intentionally lost the video.”

As a result, the plaintiff’s motion was denied.

So, what do you think?  Do you agree the plaintiff failed to demonstrate spoliation and bad faith?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

If you read my post on Thursday, you learned about the love of my life.  Today is her birthday.  Happy Birthday, honey!  I love you!

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

How Many States Have Security Breach Notification Laws? You Might Be Surprised: Cybersecurity Trends

Usually, I end each blog post with “So, what do you think?”, but this time I’m starting with it.  How many states do you think have some sort of legislation requiring private or governmental entities to notify individuals of security breaches of information involving personally identifiable information (PII)?  Ten?  Twenty?  Thirty?  You might be surprised.

According to a post by the National Conference of State Legislatures (NCSL) (hat tip to Joe Hodnicki of Law Librarian Blog for the link), all 50 states, plus the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring private or governmental entities to notify individuals of security breaches of information involving personally identifiable information.

That’s certainly good to know!

Security breach laws typically have provisions regarding who must comply with the law (e.g., businesses, data/ information brokers, government entities, etc); definitions of “personal information” (e.g., name combined with SSN, drivers license or state ID, account numbers, etc.); what constitutes a breach (e.g., unauthorized acquisition of data); requirements for notice (e.g., timing or method of notice, who must be notified); and exemptions (e.g., for encrypted information).

The NCSL post linked to above provides links to each of the states’ and territories’ legislation – some have a single law, code or statute to address the requirements, while others have more than one.  It’s a great reference if you ever have to determine what the laws are in a particular state or territory in terms of compliance requirements – which are already growing because of the General Data Protection Regulation (GDPR) that went into effect last year and the California Consumer Privacy Act (CCPA) which is slated to go into effect next January.  More and more, compliance discovery is becoming a strong emphasis for organizations that need to manage their risk.  It’s good to know that all of the states and territories have security breach laws – the next question is how well are they enforced?

So, what do you think?  Were you surprised that every state and territory has security breach laws?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

NY Appeals Court Extends Discoverability of Social Media Photos to “Tagged” Photos: eDiscovery Case Law

In Vasquez-Santos v. Mathew, 8210NIndex 158793/13 (N.Y. App. Div. Jan. 24, 2019), the New York Appellate Division, First Department panel “unanimously reversed” an order by the Supreme Court, New York County last June that denied the defendant’s motion to compel access by a third-party data mining company to plaintiff’s devices, email accounts, and social media accounts, so as to obtain photographs and other evidence of plaintiff engaging in physical activities and granted the defendant’s motion.

It’s rare that we can include the entire case opinion in our blog post, but, in perhaps the shortest case ruling we’ve ever covered, here is that case opinion.

“Private social media information can be discoverable to the extent it ‘contradicts or conflicts with [a] plaintiff’s alleged restrictions, disabilities, and losses, and other claims’ (Patterson v. Turner Const. Co., 88 A.D.3d 617, 618, 931 N.Y.S.2d 311 [1st Dept. 2011] ). Here, plaintiff, who at one time was a semi-professional basketball player, claims that he has become disabled as the result of the automobile accident at issue, such that he can no longer play basketball. Although plaintiff testified that pictures depicting him playing basketball, which were posted on social media after the accident, were in games played before the accident, defendant is entitled to discovery to rebut such claims and defend against plaintiff’s claims of injury. That plaintiff did not take the pictures himself is of no import. He was “tagged,” thus allowing him access to them, and others were sent to his phone. Plaintiff’s response to prior court orders, which consisted of a HIPAA authorization refused by Facebook, some obviously immaterial postings, and a vague affidavit claiming to no longer have the photographs, did not comply with his discovery obligations. The access to plaintiff’s accounts and devices, however, is appropriately limited in time, i.e., only those items posted or sent after the accident, and in subject matter, i.e., those items discussing or showing defendant engaging in basketball or other similar physical activities (see Forman v. Henkin, 30 N.Y.3d 656, 665, 70 N.Y.S.3d 157, 93 N.E.3d 882 [2018]; see also Abdur–Rahman v. Pollari, 107 A.D.3d 452, 454, 967 N.Y.S.2d 31 [1st Dept. 2013] ).

So, what do you think?  Should discoverability of photos be extended to photos where the party is “tagged” in the photo or should privacy concerns weigh heavier here?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

My Love for What I Do: eDiscovery Love Story

It’s Valentine’s Day!  I hope you all have a special someone with which you can share Valentine’s Day.  As you can guess from the picture for this post, I do!  Regardless of that, I hope you all love what you do as much as I do.

Most people know me because of the blog, and you have to love eDiscovery to write about it every day.  I’ve always been a writer in my career, even when I started as a “Big 8” consultant years ago with Price Waterhouse (years before they became PwC).  Yes, it was that long ago.  Even back then, I wrote an article here or there.  I once wrote an article about CAR systems back in the mid-80s – Computer Assisted (microfilm) Retrieval (good luck finding that article today) – and it seemed like the wave of the future back then.  Our company wrote a program that interfaced with microfilm reader printers (does anybody remember those?) where you could search a database to identify documents you wanted to retrieve, then export out the document numbers into our program, which would identify the microfilm cartridge that the operator needed to load into the microfilm reader printer and, once loaded, the program would automatically advance to the selected pages and begin printing.  Then, the process would repeat for each additional microfilm cartridge in the document set.  It was really cool – when it worked right.  ;o)

Today, of course, I write (most) every day for this blog and, while it can sometimes be a bit of a burden, it also pays considerable personal benefits.  Before the blog, I would do a decent job of keeping up with industry trends – until I got really busy on a client project.  Then, I would let that industry research slide, unfortunately.  Now, because of the blog, I am forced to keep up with trends and that has paid considerable dividends in keeping me informed regarding trends in eDiscovery, cybersecurity and data privacy.  As Martha Stewart would say, “it’s a good thing.”

Believe it or not, however, the blog is only part of my job.  My “day job” is as VP of Products and Services with CloudNine, coordinating activities and roadmap for our LAW™, Concordance©, Explore™, and Review™ products (shameless plug warning!).  We just had a great summit meeting with our product team to talk about how to better manage feedback from customers to lead to product improvement.  We have a great team, which makes my job a lot easier!

I recognize that having a job that you truly love is a blessing and I feel truly blessed to love my job!

Of course, my true love is my wife Paige!  She’s the beautiful woman at the top of this blog and the love of my life.  I could write many descriptive blog posts just about her and why she’s so great, but this is an eDiscovery blog, so I’ll leave it to tell her in person today just how great she is and how much I love her.  :o)

So, what do you think?  Do you love eDiscovery?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.