Close
Enter your
text here

eDiscoveryDaily

Thanksgiving Case Law Pop Quiz Answers!: eDiscovery Case Law

It’s Thanksgiving week! Personally, I have a lot to be thankful for, including a successful year so far at my company CloudNine and (most of all) my family, including my wife Paige and my kids Kiley and Carter (and our dog Brooke too).  Yesterday, we gave you a pop quiz for the eDiscovery case law that we’ve covered recently. If you’re reading the blog each day, these questions should be easy! Let’s see how you did. Here are the answers.

1. In which case was the plaintiff sanctioned twice with adverse inference instructions for tampering with ESI in discovery, without having the case dismissed on either occasion?

A. HMS Holdings Corp. v. Arendt, et al.

B. Electrified Discounters, Inc. v. MI Technologies, Inc. et al.

C. Themis Bar Review, LLC v. Kaplan, Inc.

D. Lynn M. Johnson v. BAE Systems, Inc. et. al.

2. In which case was the plaintiff ordered to pay for the cost to produce files in native format after the plaintiff originally produced unsearchable PDF images without metadata?

A. HMS Holdings Corp. v. Arendt, et al.

B. Electrified Discounters, Inc. v. MI Technologies, Inc. et al.

C. Themis Bar Review, LLC v. Kaplan, Inc.

D. Lynn M. Johnson v. BAE Systems, Inc. et. al.

3. In which case was the plaintiff ordered to image its sources of ESI and compelled to produce ESI responsive to twenty disputed discovery requests?

A. HMS Holdings Corp. v. Arendt, et al.

B. Electrified Discounters, Inc. v. MI Technologies, Inc. et al.

C. Themis Bar Review, LLC v. Kaplan, Inc.

D. Lynn M. Johnson v. BAE Systems, Inc. et. al.

4. In which case were the two attorney defendants sanctioned with “the strongest possible adverse inference” for egregious spoliation of ESI?

A. HMS Holdings Corp. v. Arendt, et al.

B. Electrified Discounters, Inc. v. MI Technologies, Inc. et al.

C. Themis Bar Review, LLC v. Kaplan, Inc.

D. Lynn M. Johnson v. BAE Systems, Inc. et. al.

5. Which of the following cases resulted in sanctions being recommended against the defendant?

A. Malibu Media, LLC v. Tashiro

B. Malibu Media, LLC v. Michael Harrison

C. Sanctions Were Recommended in Both Cases

D. Sanctions Were Recommended in Neither Case

6. In which case did the judge grant the plaintiff’s motion for a deposition of a Rule 30(b)(6) witness on the defendant’s self-collection methodology?

A. Giuliani v. Springfield Township, et al.

B. Burd v. Ford Motor Co.

C. Rio Tinto Plc v. Vale S.A.

D. GPNE Corp. v. Apple, Inc.

7. In which case did the court deny the plaintiff’s request for spoliation sanctions, citing a lack of motive or intent?

A. Giuliani v. Springfield Township, et al.

B. Burd v. Ford Motor Co.

C. Rio Tinto Plc v. Vale S.A.

D. GPNE Corp. v. Apple, Inc.

8. In which case was a special master assigned to the case to assist with issues concerning Technology-Assisted Review (TAR)?

A. Burd v. Ford Motor Co.

B. Rio Tinto Plc v. Vale S.A.

C. GPNE Corp. v. Apple, Inc.

D. Charvat et. al. v. Valente et. al.

9. In which case did the court deny the plaintiff’s request for spoliation sanctions against the defendant for routine deletion of files of departed employees?

A. Burd v. Ford Motor Co.

B. Rio Tinto Plc v. Vale S.A.

C. GPNE Corp. v. Apple, Inc.

D. Charvat et. al. v. Valente et. al.

10. In which case did the judge grant the defendant’s motion to file under seal specific line items from third-party eDiscovery vendor invoices?

A. Burd v. Ford Motor Co.

B. Rio Tinto Plc v. Vale S.A.

C. GPNE Corp. v. Apple, Inc.

D. Charvat et. al. v. Valente et. al.

As always, please let us know if you have questions or comments, or if there are specific topics you’d like to see covered.

eDiscovery Daily will resume with new posts next Monday.  Happy Thanksgiving!

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Thanksgiving Case Law Pop Quiz!: eDiscovery Case Law

It’s Thanksgiving week! Personally, I have a lot to be thankful for, including a successful year so far at my company CloudNine and (most of all) my family, including my wife Paige and my kids Kiley and Carter (and our dog Brooke too). With it being a short holiday week, it seems like a perfect opportunity to catch up on cases we’ve covered recently with a case law pop quiz.

If you’re reading the blog each day, these questions should be easy! If not, we’ve provided a link to the post with the answer. We’re that nice. Test your knowledge! Tomorrow, we’ll post the answers for those who don’t know and didn’t look them up.

1. In which case was the plaintiff sanctioned twice with adverse inference instructions for tampering with ESI in discovery, without having the case dismissed on either occasion?

A. HMS Holdings Corp. v. Arendt, et al.

B. Electrified Discounters, Inc. v. MI Technologies, Inc. et al.

C. Themis Bar Review, LLC v. Kaplan, Inc.

D. Lynn M. Johnson v. BAE Systems, Inc. et. al.

2. In which case was the plaintiff ordered to pay for the cost to produce files in native format after the plaintiff originally produced unsearchable PDF images without metadata?

A. HMS Holdings Corp. v. Arendt, et al.

B. Electrified Discounters, Inc. v. MI Technologies, Inc. et al.

C. Themis Bar Review, LLC v. Kaplan, Inc.

D. Lynn M. Johnson v. BAE Systems, Inc. et. al.

3. In which case was the plaintiff ordered to image its sources of ESI and compelled to produce ESI responsive to twenty disputed discovery requests?

A. HMS Holdings Corp. v. Arendt, et al.

B. Electrified Discounters, Inc. v. MI Technologies, Inc. et al.

C. Themis Bar Review, LLC v. Kaplan, Inc.

D. Lynn M. Johnson v. BAE Systems, Inc. et. al.

4. In which case were the two attorney defendants sanctioned with “the strongest possible adverse inference” for egregious spoliation of ESI?

A. HMS Holdings Corp. v. Arendt, et al.

B. Electrified Discounters, Inc. v. MI Technologies, Inc. et al.

C. Themis Bar Review, LLC v. Kaplan, Inc.

D. Lynn M. Johnson v. BAE Systems, Inc. et. al.

5. Which of the following cases resulted in sanctions being recommended against the defendant?

A. Malibu Media, LLC v. Tashiro

B. Malibu Media, LLC v. Michael Harrison

C. Sanctions Were Recommended in Both Cases

D. Sanctions Were Recommended in Neither Case

6. In which case did the judge grant the plaintiff’s motion for a deposition of a Rule 30(b)(6) witness on the defendant’s self-collection methodology?

A. Giuliani v. Springfield Township, et al.

B. Burd v. Ford Motor Co.

C. Rio Tinto Plc v. Vale S.A.

D. GPNE Corp. v. Apple, Inc.

7. In which case did the court deny the plaintiff’s request for spoliation sanctions, citing a lack of motive or intent?

A. Giuliani v. Springfield Township, et al.

B. Burd v. Ford Motor Co.

C. Rio Tinto Plc v. Vale S.A.

D. GPNE Corp. v. Apple, Inc.

8. In which case was a special master assigned to the case to assist with issues concerning Technology-Assisted Review (TAR)?

A. Burd v. Ford Motor Co.

B. Rio Tinto Plc v. Vale S.A.

C. GPNE Corp. v. Apple, Inc.

D. Charvat et. al. v. Valente et. al.

9. In which case did the court deny the plaintiff’s request for spoliation sanctions against the defendant for routine deletion of files of departed employees?

A. Burd v. Ford Motor Co.

B. Rio Tinto Plc v. Vale S.A.

C. GPNE Corp. v. Apple, Inc.

D. Charvat et. al. v. Valente et. al.

10. In which case did the judge grant the defendant’s motion to file under seal specific line items from third-party eDiscovery vendor invoices?

A. Burd v. Ford Motor Co.

B. Rio Tinto Plc v. Vale S.A.

C. GPNE Corp. v. Apple, Inc.

D. Charvat et. al. v. Valente et. al.

As always, please let us know if you have questions or comments, or if there are specific topics you’d like to see covered.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Appellate Court Upholds Ruling to Require Production in Native Format: eDiscovery Case Law

On Monday, we covered a case where the requesting party objected to receiving a native format production by the opposing party instead of TIFF files (go figure).  In today’s case, it was the producing party that objected to providing a native format production.  Here’s the case.

In the case In re State Farm Lloyds, No. 13-14-00616 (Tx. App. Ct., Oct. 28, 2015), the Texas Court of Appeals, finding that the relator failed to meet its burden to support its objection that it could not produce the discovery through reasonable efforts, denied the petition for writ of mandamus filed by the relator in which it contended that the trial court abused its discretion by ordering the production of discovery in native or near-native formats rather than the “reasonably usable” formats it proposed.

Case Background

In this case which involved a homeowner’s insurance claim after hail storm damage, the parties met repeatedly and unsuccessfully to attempt to negotiate a protocol for the production of ESI, causing the real parties to file a motion to “Motion for the Entry of Production Protocol and Motion to Compel Testimony Regarding Technical Information”.  The relators objected, claiming that the real parties’ proposed ESI protocol language would “impose significant burdens” on it to develop (test and implement) unique and burdensome processes just for this case.  The relators also claimed the real parties’ approach was “unsupported under the law”, indicating that “[t]he Texas Legislature did not craft Rule 196.4 [the Texas rule that addresses the procedures that must be followed in seeking the discovery of data or information that exists in electronic or magnetic format] as a mandate for native production”.

The trial court held an evidentiary hearing on the discovery issues at which various witnesses testified (including Craig Ball, who testified on behalf of the real parties that production of the ESI in native and near-native format was both easier and cheaper for the relator than the production of information lacking metadata and that the “reasonably usable” format proposed by the relator was incomplete and lacked essential information.

After the testimony, the trial court granted the real parties’ motion to compel.  The relator filed a petition for writ of mandamus, contending: (1) Texas Rules of Civil Procedure 196.4 and 192.4 allow for the production of ESI in “reasonably usable forms”; and (2) the trial court clearly abused its discretion by entering an order requiring the production of all ESI in specific formats (e.g., “native”) as demanded by real parties and by refusing to allow State Farm to produce ESI in the “reasonably usable” forms it proffered.

Appellate Court Ruling

The court noted that “Under the express terms of the Rule 196.4, the real parties are required to specify the form of production for requested ESI, and State Farm has the obligation to either produce the responsive ESI that is reasonably available to it in the ordinary course of business or to object if it cannot produce the ESI in the requested form through ‘reasonable efforts.’”  Finding that the “real parties have clearly specified the form for production of ESI as specified by our rules and consistent with federal practice”, the appellate court also found that the real parties had presented evidence that “ESI discovery in native and near-native formats is necessary”.  The appellate court also noted that “the record contains evidence that the discovery offered by State Farm as ‘reasonably usable’ lacked numerous categories of information regarding State Farm’s evaluation of the real parties’ claim such as emails, instant messages, captions next to photographs that incorporated the adjuster’s evaluations of the real parties’ damages, and ‘Xactanalysis’ reports on the claim.”

Noting that “State Farm did not provide the trial court with any evidence regarding the estimated cost or expense of producing the ESI data in the requested forms, any evidence regarding the time that it would take to produce the ESI data in the requested forms, or any other estimate of the ‘reasonable expenses of any extraordinary steps required to retrieve and produce the information’”, the Appellate Court determined that “the trial court acted within its discretion in determining that the discovery was not unduly burdensome or that the burden or expense of the discovery outweighed its likely benefit” and denied the petition for writ of mandamus filed by the relator.

So, what do you think?  Should requesting parties always be able to receive native and near-native formats of ESI if they request it?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Denies Defendant’s Motion to Require Plaintiff to Re-Produce Data in a More Usable Format: eDiscovery Case Law

In United States v. Meredith, 3:12-CR-00143-CRS (W.D. Ky. Sept. 22, 2015), Kentucky Senior District Judge Charles R. Simpson, III denied the defendant’s motion to compel production of electronically stored information (ESI) by the plaintiff in a usable format, agreeing that the plaintiff had fulfilled its discovery production obligation pertaining to the manner and format of the ESI.

Case Background

In this criminal matter, the government plaintiff began producing discovery in February 2013 and had produced over 300 GB of data plus additional data in four “imaged” computer hard drives, including:

  • Several DVDs containing emails and documents;
  • Copies of four “imaged” drives from the defendant’s and others’ computers;
  • Two hard drives, one containing extracted emails and documents from those imaged hard drives and another containing records obtained during a search warrant;
  • A thumb drive containing the Forensic Tool Kit Report of two of the imaged hard drives;
  • Audio files of relevant interviews; and
  • Paper documents.

The files were searchable using common applications, such as Microsoft Office.  The plaintiff also provided the defendant with written directions on finding specific documents, a Discovery Index and color-coded Media Review Index, and orally explained how it used search terms in reviewing the documents. Despite that assistance, the defendant brought a motion to compel the plaintiff to provide electronically stored information in a more usable format (requesting professional processing and review of the discovery with “industry standard tools” costing nearly $300,000 to be paid by the plaintiff) or to dismiss the case.

Judge’s Ruling

Noting that there is a “dearth of precedent… suggesting what constitutes sufficiently usable discovery” (especially in criminal cases), Judge Simpson acknowledged that the plaintiff’s production was extensive.  However, he noted that “the Government collected into a separate hard drive all document and email files from the imaged drives, two of which were from Defendant’s own desktop and laptop computers”, that the “United States has provided Defendant with discovery that is term searchable by common applications also used by the United States for its own search purposes” and that “[t]he Government also provided Defendant with written and oral assistance in regard to finding specific documents”.

Stating that “[t]his Court does not interpret the Government’s obligation to include providing only evidence that would be helpful to Defendant’s case or searchable using Defendant’s preferred search tools”, Judge Simpson determined that the plaintiff fulfilled its obligation “by providing evidence in a format searchable by multiple common applications, collecting document and email files from imaged hard drives on a separate hard drive, and providing oral and written assistance in searching for files, including a colorcoded and categorized Media Review Index” and denied the defendant’s motion.

So, what do you think?  Was that the correct ruling or should the Government have done more to make the production usable?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Date Searching for Emails and Loose Files Can Be Tricky: eDiscovery Best Practices

I recently had a client that was searching for emails and loose files based on a relevant date range.  However, because of the way the data was collected and the way the search was performed, identifying the correct set of responsive emails and loose files within the relevant date range proved to be challenging.  Let’s take a look at the challenges this client faced.

Background

The files were collected by client personnel with the emails placed into PST files and loose files from local and network stores all put into folders based on custodian.  The data was then uploaded and processed using CloudNine’s Discovery Client software for automated data processing and placed into the CloudNine Review platform.

Issue #1

Before they retained us for this project, the client placed copies of loose files into the custodian folders via “drag and drop”.  If you have been reading our blog for a long time, you may recall that when you “drag and drop” files to copy them to a new location, the created date will reflect the date the file was copied, not the date the original file was created (click here for our earlier post on whether a file can be modified before it is created).

As a result, using created date to accurately reflect whether a file was created within the relevant date range was not possible, so, since it was too late to redo the collection, we had to turn to modified date to identify potentially responsive loose files based on date/time stamp within the relevant date range.

Issue #2

With the data processed and loaded, the client proceeded to perform a search to identify documents to be reviewed for responsiveness to the case that included the agreed-upon responsive terms for which either the sent date or the modified date was from 1/1/2014 to present.  Make sense?  In theory, yes.  However, the result set included numerous emails that were sent before 1/1/2014.  Why?

One of the first steps that Discovery Client (and most other eDiscovery processing applications) performs is “flattening” of the data, which includes extracting individual files out of archive files.  Archive files include ZIP and RAR compressed files, but another file type that is considered to be an archive file is Outlook PST.  Processing applications extract individual messages from the PST, usually as individual MSG (individual Outlook message) or HTML files.  So, if a PST contains 10,000 messages (not including attachments), the processing software creates 10,000 new individual MSG or HTML files.  And, each of those newly created files has a created date and modified date equal to the date that individual file was created.

See the problem?  All of the emails were included in the result set, regardless of when they were sent, because the modified date was within the relevant date range.  Our client assumed the modified date would be blank for the emails.

Solution

To resolve this issue, we helped the client restructure the search by grouping the terms within CloudNine so that the sent date range parameter was applied to emails only and the modified date range parameter was applied to loose files only.  This gave the client the proper result with only emails sent or loose files modified within the relevant date range.  The lesson learned here is to use the appropriate metadata fields for searching specific types of files as others can yield erroneous results.

So, what do you think?  Have you ever experienced search issues when searching across emails and loose files at once?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Not Surprisingly, The Big Data Market is Getting Really Big: eDiscovery Trends

A new forecast from International Data Corporation (IDC) announced last week predicts BIG growth for the big data technology and services market through 2019.  Are you surprised by that?  Didn’t think so.  Here is a closer look.

The IDC study, Worldwide Big Data Technology and Services Forecast, 2015–2019, provides a revenue forecast of the Big Data technology and services market for the 2015–2019 period, predicting the big data technology and services market to grow at a compound annual growth rate (CAGR) of 23.1% over the 2014-2019 forecast period with annual spending reaching $48.6 billion in 2019.  Additionally, a new IDC Special Study (Driven by Data, Fueled with Insights: Worldwide Big Data Forecast by Vertical Market, 2014-2019) examines spending on big data solutions in greater detail across 19 vertical industries and eight big data technologies.

“The ever-increasing appetite of businesses to embrace emerging big data-related software and infrastructure technologies while keeping the implementation costs low has led to the creation of a rich ecosystem of new and incumbent suppliers,” said Ashish Nadkarni , Program Director, Enterprise Servers and Storage and co-author of the report with Dan Vesset , Program Vice President, Business Analytics & Big Data. “At the same time, the market opportunity is spurring new investments and M&A activity as incumbent suppliers seek to maintain their relevance by developing comprehensive solutions and new go-to-market paths.”

All three major big data submarkets – infrastructure, software, and services – are expected to grow over the next five years. Infrastructure, which consists of computing, networking, storage infrastructure, and other datacenter infrastructure-like security – is predicted to grow at a 21.7% CAGR. Software, which consists of information management, discovery and analytics, and applications software – is predicted to grow at a CAGR of 26.2%. And services, which includes professional and support services for infrastructure and software, is predicted to grow at a CAGR of 22.7%. Infrastructure spending will account for roughly one half of all spending throughout the forecast period.

From a vertical industry perspective, the largest industries for big data spending include discrete manufacturing ($2.1 billion last year), banking ($1.8 billion last year), and process manufacturing ($1.5 billion last year). The industries with the fastest growth rates include securities and investment services (26% CAGR), banking (26% CAGR), and media (25% CAGR).  That’s not exactly doubling every 1.2 years, but it still reflects significant growth.

For more information or to purchase a copy of the study, click here.

So, what do you think?  How will the strong growth of the big data market affect how organizations manage eDiscovery?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Finds No Discovery Abuses by Defendant that Produced MSG Instead of TIFF Files: eDiscovery Case Law

Our hearts and prayers go out to the people of Paris in this difficult time.  Having said that, we still have a blog to do each day, so here it is…

In Feist v. Paxfire, Inc., 11-CV-5436 (LGS)(RLE) (S.D.N.Y. Oct. 26, 2015), New York Magistrate Judge Ronald L. Ellis denied the plaintiff’s request for reimbursement of costs and expenses related to document production, finding that the plaintiff had made no showing of significant discovery abuses by the defendant, and had not demonstrated that the defendant engaged in intentionally burdensome production.

Case Background

In this case, the plaintiff claimed that the defendant ignored her request for emails to be produced in TIFF format and also did not properly object to the requested form pursuant to the Parties’ 26(f) Report, and Federal Rule of Civil Procedure 34.  She also claimed that the defendant failed to use a vendor for its overall document collection, which resulted in duplication and discovery delays.  The defendant countered that it produced emails in the native format used by the defendant, which was in the form of Outlook .msg message files and consistent with the plaintiff’s request and also purchased specialized software from, and consulted with, a vendor.

The plaintiff also argued that the defendant intentionally overburdened Plaintiff’s counsel with duplicative document production – the original production in 2012 was provided to the plaintiff in a Dropbox folder, but an attorney for the plaintiff deleted some of the information on Dropbox, causing the Defendants to re-produce the deleted ESI with a supplemental production.  As a result of the disputes, the plaintiff requested for the defendant to award her costs and expenses related to the defendant’s production.

Judge’s Ruling

Taking on the issue of the form of production first, Judge Ellis stated: “The Court finds that Feist’s argument regarding the format of email production is meritless. Feist claims that Paxfire did not properly object to the TIFF format. However, in an email dated March 9, 2015, it is clear that the Parties did engage in ongoing discussions about the form in which emails should be produced.  Following communications with Paxfire, Feist was to speak with the Litigation Support Department about ‘production of documents in .pst form.’  This suggests that Paxfire did object by offering to produce documents in a form other than TIFF. To the extent that documents were produced in .msg form, as opposed to .pst form, the Court finds credible Paxfire’s assertion that the two formats are easily convertible from one form to the other, and that .msg format contains more metadata than TIFF format.  There has been no evidence to establish that .msg form imposed considerable costs on Feist’s part.”

As for the plaintiff’s claims regarding the defendant’s supposed lack of use of a vendor, Judge Ellis noted “Although Paxfire did not use a vendor in a way expected by Feist, the Court considers the manner in which Paxfire did use a vendor to be a non-issue.”  Regarding the defendant’s duplicate production, Judge Ellis indicated that the plaintiff’s “deletions caused Paxfire to reproduce everything it originally produced in 2012, in addition to new material Paxfire believed was relevant to the 2015 production, because Feist stated that Paxfire had failed to produce certain documents.  To the extent that Paxfire duplicated documents from 2012, the Court holds Feist responsible for such duplication. Feist stated that Paxfire ignored Feist’s suggestion that Paxfire restore the deleted Dropbox files, and instead offered to send Feist a hard drive.  On the contrary, in an email to Paxfire’s counsel dated April 14, 2015, Clark stated that Plaintiff’s counsel was attempting to restore files unsuccessfully, and that she understood ‘you are sending us a hard drive with the materials, so we don’t need to worry about drop box [sic]…’”

Finding the plaintiff’s contentions to be without merit, Judge Ellis denied her request for reimbursement of costs and expenses related to document production.

So, what do you think?  Have you ever been associated with a case where the requesting party objected to native format and preferred TIFF instead?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

In The Era of the Data Breach, Pandora’s Box Could be a Flash Drive: eDiscovery Trends

Here’s an interesting pop quiz for you.  Which option would you pick?

You’re waiting for your train. You spot a flash drive on a bench.

Do you:

  1. Pick it up and stick it into a device?
  2. Leave no stone unturned to find the owner, opening text files stored on the drive, clicking on links, and/or sending messages to any email addresses you might find?
  3. Keep your hands off that thing and away from your devices, given that it could be infested with malware?

Believe it or not, in a recent CompTIA study, 17% of people chose options 1 and 2 – hey, free thumb drive! Wonder who lost it…? – and plugged them into their devices.

According to an article in Naked SecurityCurious people can’t resist plugging in random flash drives, by Lisa Vaas (and by way of Sharon Nelson’s excellent Ride the Lightning blog), CompTIA recently planted 200 unbranded, rigged drives in four US cities – Chicago, Cleveland, San Francisco and Washington, D.C. – leaving them in high-traffic, public locations to find out how many people would do something risky.  Over one in six did.  And, apparently, the younger you are, the more likely you are to do so: 40% of Millennials are likely to pick up a USB stick found in public, compared with 22% of Gen X and 9% of Baby Boomers.

If you think that’s no big deal, in 2011, Sophos analyzed 50 USB keys bought at a major transit authority’s Lost Property auction, finding that 66% of them – 33 in total – were infected.  So, the risk is high.

CompTIA also commissioned a survey of 1200 full-time workers across the US, finding:

  • 94% regularly connect their laptop or mobile devices to public Wi-Fi networks. Of those, 69% handle work-related data while doing so. This isn’t surprising: past studies have found that most people (incorrectly!) think that Wi-Fi is safe;
  • 38% of employees have used their work passwords for personal use;
  • 36% use their work email address for personal accounts;
  • 63% of employees use their work mobile device for personal activities;
  • 41% of employees don’t know what two-factor authentication (2FA) is;
  • 37% of employees only change their work passwords annually or sporadically; and
  • 45% say they don’t receive any form of cybersecurity training at work.

Perhaps more training will improve these numbers, though; you would think not plugging in an unknown flash drive into your device would be common sense.  Apparently, not for everybody.

So, what do you think?  Do you have any of the above habits that leave your data vulnerable?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

It Was Only a Matter of Time Before The Sedona Conference Weighed in on Privacy and Security: eDiscovery Best Practices

When we started this blog over five years ago, privacy and security wasn’t the big topic it is today.  Now, there seems to be a story about a data breach practically every day and privacy is a big issue, especially internationally.  Thankfully, The Sedona Conference® has created a guide to help with this growing issue.

The Sedona Conference Working Group on Electronic Document Retention and Production (WG1) has just rolled out the final release of its new Commentary on Privacy and Information Security: Principles and Guidelines for Lawyers, Law Firms, and Other Legal Service Providers.  As the name implies, it’s a guide for all of us!  I say “final release” because they already rolled out the public comment version back in July and this new guide reflects changes resulting from comments received.  The original public comment version of the Commentary was published in July after more than two years of dialogue, review, and revision, including discussion at several working group meetings.

The Commentary is divided into several sections, including:

  • Section I: A brief Introduction and statement of Principles;
  • Section II: Identifies some of the major sources of a provider’s duty to protect private and confidential information;
  • Section III: Describes a process by which legal service providers may conduct thorough security risk assessments, taking into account the information they possess, the vulnerability of that information to unauthorized disclosures, breaches, loss, or theft, and the way in which each provider may mitigate those threats by adopting a structured or layered approach to protect private and confidential information; and
  • Section IV: Delves into various policies and practices that can address privacy and information security, setting forth processes that can be scaled to the needs and circumstances of an individual legal service provider.

The guide also includes appendices that discuss privacy and security in the Health Care and Financial Services industries.

Of course, the heart of any Sedona Conference guide is its principles – here are the seven principles stated in this guide:

  • Principle 1: Legal service providers should develop and maintain appropriate knowledge of applicable legal authority including statutes, regulations, rules, and contractual obligations in order to identify, protect, and secure private and confidential information.
  • Principle 2: Legal service providers should periodically conduct a risk assessment of information within their possession, custody, or control that considers its sensitivity, vulnerability, and the harm that would result from its loss or disclosure.
  • Principle 3: After completing a risk assessment, legal service providers should develop and implement reasonable and appropriate policies and practices to mitigate the risks identified in the risk assessment.
  • Principle 4: Legal service providers’ policies and practices should address privacy and security in reasonably foreseeable circumstances, and reasonably anticipate the possibility of an unauthorized disclosure, breach, loss, or theft of private or confidential information.
  • Principle 5: Legal service providers’ privacy and information security policies and practices should apply to, and include, regular training for their officers, managers, employees, and relevant contractors.
  • Principle 6: Legal service providers should monitor their practices for compliance with privacy and security policies.
  • Principle 7: Legal service providers should periodically reassess risks and update their privacy and information security policies and practices to address changing circumstances.

Hopefully, these principles will influence providers of legal services to improve their own privacy and security practices.  The PDF guide can be downloaded here and, as always, it’s free!

So, what do you think?  Do you plan to adopt these principles and guidelines for managing security and privacy within your organization?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Less Than Half the States Still Have an Ethics Opinion Regarding Lawyer Cloud Usage: eDiscovery Best Practices

From time to time, we like to take a look back at stories we’ve covered in the past and provide an update.  About a year and a half ago, we published a blog post regarding the states that have published ethics opinions for lawyers regarding using and storing client data in the cloud.  At that time, only 14 states (less than one third) had published an ethics opinion regarding lawyer cloud usage.  Eighteen months later, only a few more states have done so.

The Legal Technology Resource Center (LTRC) of the American Bar Association’s (ABA) web site has a page titled Cloud Ethics Opinions Around the U.S., where the ABA provides an interactive map of the states (see the image of it above), with the states that have published ethics opinions shown in blue.  Oddly enough, Wisconsin is not shown in blue, though they appear to have published an ethics opinion earlier this year.  On the actual site, you can either click on the state to scroll down to it or manually scroll down to the state by name alphabetically (the list still has “Nevada” after “New Hampshire”, “New Jersey” and “New York” for some reason).  Anyway, according to the ABA, here are the states that have published ethics opinions – with links to each state’s opinion (note that several of the links on the ABA site are not working, so we found the correct links and are providing them below):

If you counted, we’re up to 20 total states with opinions – less than 40% of the total state jurisdictions (when you include DC).

As noted previously, the ABA site provides two tabs below the interactive map to highlight the opinions:

  • Quick Reference tab that identifies whether cloud usage for client data is permitted (so far, all states say “Yes”), the standard for use (currently all states with opinions enforce a reasonable care standard) and a bullet point list of specific requirements or recommendations;
  • Opinion Summaries tab that provides a brief summary for each of the opinions.

Hopefully, the next time we check, a majority of the states will have published their own opinions by then.

So, what do you think? Are you surprised that more states don’t have published cloud ethics opinions?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.