Close
Enter your
text here

eDiscoveryDaily

Cyber Liability Insurance Policies are Becoming More Popular for Law Firms: eDiscovery Trends

Last Friday, we discussed a report in The New York Times that discussed the unwillingness of most big US law firms to discuss or even acknowledge data breaches. But, despite the unwillingness to disclose breach information, more and more law firms are apparently purchasing or considering the purchase of cyber liability insurance to protect against potential data breaches.

An article in ABA Journal from earlier this month (Cyber liability insurance is an increasingly popular, almost necessary choice for law firms, by David L. Hudson, Jr.) reported the increasing trend.

“We’ve seen a noticeable increase in the number of firms who have purchased separate cyber policies over the past 24 months,” said Chris Andrews, vice president of professional liability at AIG. “We’re probably not yet at the point where we can say it’s a common purchase, but it’s certainly trending in that direction. Many firms are consulting their clients on privacy and regulatory issues, and at the same time those clients are now asking questions as to how firms use, store and protect information. Given this heightened level of awareness, it makes sense that firms are now looking inward to make sure their own house is in order and cyber coverage is part of the solution.”

Given the fact that many law firms hold sensitive data for their clients, such as personal injury firms which take credit card payments from clients and firms handling medical-malpractice cases who could have personal health information (which is particularly valuable), those firms are prime targets for hackers.

“Law firms today are responsible for massive amounts of electronic and nonelectronic information,” said AIG’s Andrews. “Depending on a firm’s areas of practice, this information can range from personally identifiable information to protected health information to confidential corporate information, such as intellectual property, contracts, and details on mergers and acquisitions. This information represents significant liability exposure in the event of a security failure. Even if the failure doesn’t lead to an actual lawsuit, a firm may still need to deal with costs associated with notification, possible regulatory investigations, fines and penalties, forensic expenses, public relations expenses and more.”

Cyber risk policies were introduced in the 1990s but have experienced a dramatic growth in recent years, according to Washington, D.C.-based attorney Thomas H. Bentz Jr., head of Holland & Knight’s team on directors and officers and management liability insurance. “Corporate America has seen a huge increase in the purchase of cyber policies in the last three to five years. Law firms have been slower to follow,” Bentz says. “In my experience, it is still not common for law firms to purchase cyber liability coverage. I expect that this will change in the next several years as the potential exposure becomes clearer and the coverage more certain.”

Cyber liability insurance can coverage can include data breaches and privacy crisis management, as well as multimedia, extortion, and network security liability. Like, with any insurance policies, it’s important to understand the parameters of the policy and also what you can do to not only reduce the risk of a breach, but also the cost for the policy premium. For example, it’s important to understand security controls you can put into place that will reduce the premium, will you get a reduction for each year you do not file a claim and if you do file a claim, how will that affect your premiums.

So, what do you think? Does your organization have, or is considering, a cyber liability insurance policy? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscoveryDaily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Has the Law Firm Holding Your Data Ever Suffered a Breach? You May Never Know.: eDiscovery Trends

In February, we discussed a report about data breach trends in 2014 and how those trends compared to data breaches in 2013. That report provided breach trends for several industries, including the healthcare industry, which suffered the most breaches last year (possibly because stolen health records are apparently worth big money). But, according to a recent report, you won’t see any trends for law firms because the legal profession almost never publicly discloses a breach.

According to a recent article in The New York Times (Citigroup Report Chides Law Firms for Silence on Hackings, written by Matthew Goldstein), the “unwillingness of most big United States law firms to discuss or even acknowledge breaches has frustrated law enforcement and corporate clients for several years.” This information was according to a recent internal report from Citigroup’s cyberintelligence center that warned bank employees of the threat of attacks on the networks and websites of big law firms.

“Due to the reluctance of most law firms to publicly discuss cyberintrusions and the lack of data breach reporting requirements in general in the legal industry, it is not possible to determine whether cyberattacks against law firms are on the rise,” according to the report, a copy of which was reviewed by The New York Times and discussed in Goldstein’s article.

Issued in February, the report (according to Goldstein’s article) included several observations, such as:

  • It is “reasonable to expect law firms to be targets of attacks by foreign governments and hackers because they are repositories for confidential data on corporate deals and business strategies”;
  • Bank employees “should be mindful that digital security at many law firms, despite improvements, generally remains below the standards for other industries”;
  • Law firms are at “high risk for cyberintrusions” and would “continue to be targeted by malicious actors looking to steal information on highly sensitive matters such as mergers and acquisitions and patent applications.”

According to the article, the bank’s security team also “highlighted several ways hackers had intruded on law firms, by directly breaching their systems, attacking their websites or using their names in so-called phishing efforts to trick people into disclosing personal information”. As a result, Wall Street banks are putting pressure on law firms to do more to prevent the theft of information and are also demanding more documentation from them about online security measures before approving them for assignments.

The report mentioned a handful of law firms who had suffered reported hacks, which apparently led to Citigroup’s distancing itself from the report and stop distributing it.

“The analysis relied on and cited previously published reports. We have apologized to several of the parties mentioned for not giving them an opportunity to respond prior to its publication in light of the sensitive nature of the events described,” said Danielle Romero-Apsilos, a Citigroup spokeswoman.

While law firms apparently aren’t publicly disclosing breaches, they are apparently choosing cyber liability insurance at an increased rate. We will discuss that on Monday.

Thanks to Sharon Nelson and her always excellent Ride the Lightning blog for the tip – her post regarding the story is here.

So, what do you think? How much information do you know about your outside counsel’s security measures? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscoveryDaily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Ten Years Later, The Impact of the Zubulake Case is Still Huge: eDiscovery History

It’s hard to believe, but ten years ago this past Monday, the verdict was rendered in the Zubulake v. UBS Warburg LLC case. Let’s take a look back at the case and see what Laura Zubulake is doing today.

The Zubulake case is certainly still the most famous case from an eDiscovery standpoint – if you work in this industry, you’re probably already fully aware of the key decisions issued by Southern District of New York Judge Shira Sheindlin and their huge impact on discovery of electronic data. If you’re not fully aware, you should be. Three years ago, we took a look back at the case and its landmark decisions here.

Today, the eDiscovery industry is a multi-billion dollar industry and still growing at a double-digit rate per year, according to estimates. Part of that is due to the explosion of big data, but obligations for managing discovery of that data was, in part, shaped by the Zubulake opinions. A recent blog post by Robert Half Legal lists “eDiscovery professional” as a legal career that didn’t even exist ten years ago. That seems to be more than a coincidence.

In 2012, Laura published a book titled Zubulake’s e-Discovery: The Untold Story of my Quest for Justice, previously discussed on this blog here, here and here. The book provides the “backstory” that goes beyond the precedent-setting opinions of the case, detailing her experiences through the events leading up to the case, as well as over three years of litigation. Our colleague, Jane Gennarelli, also collaborated with Laura on a nine part case study regarding the Zubulake case that we covered on our blog in 2013.

So, where is Laura Zubulake today?

Today, Laura is a licensed salesperson with Sotheby’s International Realty in their Southampton, NY office.

Looking back on the case, Laura remembers April 6, 2005, the date of the jury verdict, as a day of personal vindication and justice. “Never did I imagine that the Zubulake opinions would be relevant ten years later”, she said. “I never envisioned the opinions transforming the practice of law, influencing amendments to the FRCP, and becoming the subject of law school lectures. And, never did I dream that my case would provide the foundation for a multi-billion dollar e-discovery industry that created thousands of jobs and also provided the foundation for Information Governance”.

While real estate has become Laura’s “day job” she still keeps up with and speaks about developments and trends in eDiscovery and Information Governance. “I can especially relate to current debates about servers, email retention policies, email preservation practices, and whether deleted emails can be restored or not”, she said. “And, lately, I’ve been following the breaking news about the email practices of politicians at the highest level and allegations of gender discrimination in Silicon Valley with particular interest.”

Overall, Laura is satisfied that her quest for fairness and efforts to right a perceived wrong made a difference, even ten years later.

So, what do you think? What do you think the impact of the Zubulake case has been for you? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Managing Email Signature Logos During Review: eDiscovery Best Practices

Yesterday, we discussed how corporate logo graphic files in email signatures can add complexity when managing those emails in eDiscovery, as these logos, repeated over and over again, can add up to a significant percentage of your collection on a file count basis. Today, we are going to discuss a couple of ways that I have worked with clients to manage those files during the review process.

These corporate logos cause several eDiscovery complications such as slowing page refreshes in review tools and wasting reviewer time and making review even more tedious. I’ll focus on those particular issues below.

It should be noted that, as VP of Professional Services at CloudNine, my (recent) experience in assisting clients has primarily been using CloudNine’s review platform, so, with all due respect to those “technically astute vendor colleagues” that Craig Ball referred to in his excellent post last week, I’ll be discussing how I have handled the situation with logos in Outlook emails at CloudNine (shameless plug warning!).

Processing Embedded Graphics within Emails

I think it’s safe to say as a general rule, when it comes to processing of Outlook format emails (whether those originated from EDB, OST, PST or MSG files), most eDiscovery processing applications (including LAW and CloudNine’s processing application, Discovery Client) treat embedded graphic files as attachments to the email and those are loaded into most review platforms as attachments linked to the parent email. So, a “family” that consists of an email with two attached PDF files and a corporate logo graphic file would actually have four “family” members with the corporate logo graphic file (assuming that there is just one) as one of the four “family” members.

This basically adds an extra “document” to each email with a logo that is included in the review population (more than one per email if there are additional logo graphics for links to the organization’s social media sites). These files don’t require any thought during review, but they still have to be clicked through and marked as reviewed during a manual review process. This adds time and tedium to an already tedious process. If those files could be excluded from the review population, reviewers could focus on more substantive files in the collection.

In Discovery Client, an MD5 hash value is computed for each individual file, including each email attachment (including embedded graphics). So, if the same GIF file is used over and over again for a corporate logo, it would have the same MD5 hash value in each case. CloudNine provides a Quick Search function that enables you to retrieve all documents in the collection with the same value as the current document. So, if you’re currently viewing a corporate logo file, it’s easy to retrieve all documents with the same MD5 hash value, apply a tag to those documents and then use the tag to exclude them from review. I’ve worked with clients to do this before to enable them to shorten the review process while establishing more reliable metrics for the remaining documents being reviewed.

It should be noted that doing so doesn’t preclude you from assigning responsiveness settings from the rest of the “family” to the corporate logo later if you plan to produce those corporate logos as separate attachments to opposing counsel.

Viewing Emails with Embedded Logos

Embedded logos and other graphics files can slow down the retrieval of emails for viewing in some document viewers, depending on how they render those graphics. By default, Outlook emails are already formatted in HTML and CloudNine provides an HTML view option that enables the user to view the email without the embedded graphics. As a result, the email retrieves more quickly, so, in many cases, where the graphics don’t add value, the HTML view option will speed up the review process (users can still view the full native file with embedded graphics as needed). In working with clients, I’ve recommended the HTML view tab as the default view in CloudNine as a way of speeding retrieval of files for review, which helps speed up the overall review process.

So, what do you think? Do you find that corporate logo graphics files are adding complexity to your own eDiscovery processes? If so, how do you address the issue? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Email Signature Logos are a Sign That Discovery Will be More Complicated: eDiscovery Best Practices

Many, if not most of us, use some sort of graphic in our email signature at work that represents our corporate logo and many organizations have created a standard email signature for their employees to use when corresponding with others. It’s another subtle way of promoting brand recognition. But, those logos can add complexity when managing those emails in eDiscovery.

Craig Ball, in his excellent blog Ball in your Court, takes up the issue in his latest post (ESI Observations on a Pretty Good Friday), where he analyzes about 500GB of email containers associated with matters in which he has served as ESI Special Master. As he observes:

“Just three-fifths of the way through the data, I see 1,371,516 messages have been processed, and these messages have thrown off 1,262,552 GIF images. The great majority of these images will prove to be logos in the signature blocks of the messages, and account for 29% of the item count extracted from the data set so far.

Most of the GIF logos I see in this data are just 2.2KB; so, despite their numerousity, they account for only about ten percent of the volume of single messages (extracted MSGs) sans attachments.” (emphasis added)

As a consultant who has dealt with the corporate logo graphic issue many times in projects with my clients, I thought I would do my own quick analysis to see how some of our projects compare. As I have observed that logos are often in JPEG and PNG file formats as well, I compared the counts of email messages to GIF, JPG and PNG files in three recent different sized projects in CloudNine’s review platform, which provides a handy file type breakdown in its Analytics module.

Here’s the breakdown:

  • Small project: Emails – 13,487; GIF/JPG/PNG – 10,492; 77.8% of emails.
  • Medium project: Emails – 98,818; GIF/JPG/PNG – 66,205; 67.0% of emails.
  • Large project: Emails – 443,350; GIF/JPG/PNG – 414,242; 93.4% of emails.

While clearly not all of these are corporate logo graphics (many are other embedded graphics, attached pictures, etc.), you do get the idea that these logos, repeated over and over again, can add up to a significant percentage of your collection on at least a file count basis.

Craig notes the eDiscovery complications these logos cause, including: adding data volumes throughout discovery, slowing page refreshes in review tools, wasting reviewer time and making review even more tedious as well as unnecessarily driving up the number of documents that have color and complicating identification of evidentiary documents where color needs to be preserved for its potential evidentiary value. He also notes that his “technically astute vendor colleagues may counter that there are programmatic methods to minimize the static and friction of corporate logos”, that “probably only a weirdo like me frets about corpulent GIF logos” and notes that “your corporate conceit isn’t ‘free.’”

Without a doubt, organizations don’t think about eDiscovery when crafting their corporate email signature standards and, as much as I can understand Craig’s question as to whether these color logos are worth it, I doubt that they’re going away any time soon. At CloudNine, our own email signature standards include our logo on new emails as we can’t resist any opportunity to show the “nine clouds” (eight white, one blue – the ninth cloud, get it?) in our admitted attempt to build brand recognition any way we can (at least our reply email signature standard is logo free). Try fighting the marketing guys on that.

Nonetheless, as certainly a “weirdo” who also likes to think of myself as a “technically astute vendor colleague”, I have dealt with these logos time and time again in client projects. So, tomorrow, we’ll talk about a couple of those techniques we have used to minimize the effect on our client projects.

So, what do you think? Do you find that corporate logo graphics files are adding complexity to your own eDiscovery processes? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscoveryDaily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Defendant Does Not Take the Fall for Spoliation in Slip and Fall Case: eDiscovery Case Law

In Harrell v. Pathmark et al., Civil Action No. 14-5260 (E.D.Penn. Feb. 26, 2015), Pennsylvania District Judge Gene E. K. Pratter, after a hearing to consider whether to draw an adverse inverse instruction due to the defendant’s possible spoliation of video evidence, determined that “a spoliation inference would not be appropriate here”. Finding that the plaintiff had presented no evidence that the defendant had constructive notice of a dangerous condition resulting in her slip and fall, Judge Pratter also granted the defendant’s motion for summary judgment.

Case Background

The plaintiff filed suit claiming the defendant’s negligence “resulted in her slipping on a dangerously slick surface” in the defendant’s store in May 2013. The defendant moved for summary judgment arguing that the plaintiff failed to prove that the defendant had actual or constructive notice of the wet condition of the floor.

The plaintiff’s memorandum opposing the summary judgment noted that the defendant had working security cameras in the store, but the video footage from the time and date of the accident was recorded over and not preserved. As a result, the Court sua sponte scheduled a hearing to prompt the parties to address the issue on whether the Court could or should draw an adverse spoliation inference due to the absence of video evidence.

Judge’s Opinion

Stating that “Ms. Harrell has not presented the Court with evidence from which a reasonable jury could infer that Pathmark had constructive notice of the wet condition of the floor”, Judge Pratter turned to the potential spoliation of video evidence, noting that “although Ms. Harrell does not specifically invoke the issue, one could read the concluding paragraphs of her Memorandum opposing summary judgment as contending that the Court should draw an adverse spoliation inference against Pathmark.”

Judge Pratter found that the plaintiff “has not satisfied her burden of demonstrating that the video footage would have been relevant” and also determined that the court “cannot conclude based on the evidence before it that the video evidence was actually suppressed or withheld. Nor can it conclude that litigation was reasonably foreseeable at a time when the video footage presumably still existed.” His ruling quoted Bull v. United Parcel Service, Inc., 665 F.3d 68, 77 (3d Cir. 2012) as follows:

“Ordinary negligence does not suffice to establish spoliation. The party asserting spoliation must prove that evidence was intentionally withheld, altered, or destroyed. Thus, no unfavorable inference of spoliation arises if the evidence was lost, accidentally destroyed, or where the failure to produce it is otherwise properly accounted for.”

With regard to this case, Judge Pratter remarked “Here, Ms. Harrell has not presented evidence of bad faith. Even in a highly litigious community or culture, just because a person falls in a grocery store does not mean that litigation is imminent. Here, the lawsuit was not filed until August 2014, over a year after the incident and far past the maximum of about 90 days that the video footage would have survived before being automatically re-recorded. While the incident itself did cause Mr. Lewis to create an incident report, nothing about it was so immediately dramatic to create an objectively foreseeable likelihood of litigation…Pathmark’s actions, in this context, appear to the Court to be at the very most mere inadvertent negligence.”

Therefore, Judge Pratter determined that “a spoliation inference would not be appropriate here” and with no evidence to support the plaintiff’s claim, granted the defendant’s motion for summary judgment.

Click here and here for a couple of previous slip and fall cases we’ve covered where potential spoliation of video evidence was debated.

So, what do you think? Was the court right to grant the motion for summary judgment? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

You Should Check the Level of Your Fuzzy When Searching: eDiscovery Best Practices

If the title seems odd, let me clarify. I’m talking about “fuzzy” searching, which is a mechanism by finding alternate words that are close in spelling to the word you’re looking for. Fuzzy searching will expand your search recall, but too much “fuzzy” will leave you reviewing a lot of non-responsive hits.

Attorneys may know what terms they’re looking for, but those terms may not always be spelled correctly. Let’s face it, we all make mistakes. For example, if you’re searching for emails that relate to management decisions, can you be certain that “management” is spelled perfectly throughout the collection? Unlikely. It could be spelled “managment” or “mangement”. Also, you may have a number of image only files that require Optical Character Recognition (OCR), which is usually not 100% accurate. Without an effective search mechanism, you could miss key documents.

That’s where fuzzy searching comes in. Fuzzy searching enables you to find not just the exact matches of the word or words you’re seeking, but also alternate words that are close in spelling to the word you’re looking for (usually one or two characters off). For example, if you’re looking for the term “petroleum”, you can find variations such as “peroleum”, “petoleum” or even “petroleom” – misspellings, OCR errors or other variations (such as the term in a foreign language) that could be relevant.

However, fuzzy searching can also retrieve other legitimate words that are not relevant. Let’s take the term “concept” – if you perform a fuzzy search which retrieves words that are up to two characters off, you’ll get variations like “consent”, “content” and “concern”. So, it’s important to test your results to evaluate your level of precision vs. recall.

In CloudNine’s review platform, our search interface provides a check box to apply fuzzy searching to the entire term, along with a drop down to select the level of “fuzzy” (from 1 to 10, the higher the number, the more “fuzzy” the search results). But, we also enable the user to apply “fuzzy” to individual terms via the ‘%’ character, used generally after the first character to represent words that are one or two characters off. This enables you to perform a search to find documents with only fuzzy hits. Here are a couple of text search examples using an Enron demo set of over 117,000 documents:

  • p%%etroleum and not petroleum: Retrieves all documents that have words within two characters of “petroleum”, but not the word “petroleum” itself. In this case, 59 total documents were retrieved and the variations retrieved included words like “petróleos”, “petróleo” and “pertroleum”. The first two variations are Spanish language variations of “petroleum”, the third appears to be a misspelling. All of these terms appear responsive, so the precision is still good at this level and we retrieved 59 additional documents that are likely responsive that we wouldn’t have retrieved without fuzzy searching.
  • c%%oncept and not concept: Retrieves all documents that have words within two characters of “concept”, but not the word “concept” itself. In this case, 5,304 total documents were retrieved and the variations retrieved included words like “consent”, “Concast”, “content” and “concern”. We retrieved a high number of documents with clearly non-responsive terms, so this search is proving to be over broad and we may need to dial it back. If we reduce it to one character of “concept”, but not the word “concept” itself, we get 291 total documents retrieved and a number of those non-responsive variations are eliminated, giving us a more precise search.

Think of fuzzy searching as a “dial”. If you “dial” it up a little bit, you can retrieve additional responsive hits without sacrificing precision in your search. If you “dial” it up too much, you’ll be reviewing a lot of non-responsive hits and documents. Test your results to play with the “dial” until you get the most appropriate balance of recall and precision in your search.

So, what do you think? Does your keyword search strategy include the use of fuzzy searching? Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Daily will return on Monday. Have a nice Easter!

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscoveryDaily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Simply Deleting an Email Doesn’t Mean It’s Gone, Even When It’s Hillary Clinton’s Emails: eDiscovery Trends

Early in the life of this blog, we published a blog post called eDiscovery 101: Simply Deleting a File Doesn’t Mean It’s Gone to try to help our readers understand how disk drives keep track of files and how “deleted” files often can still be recovered. Something tells me that basic forensic concept will become a big issue in the coming weeks and months regarding Hillary Clinton’s deleted emails.

As reported by Politico in Hillary’s emails: Deleted but not gone (by Joseph Marks and Rachael Bade), Clinton’s attorney David Kendall on Friday wrote Benghazi Committee Chairman Rep. Trey Gowdy (R-S.C.), declining the committee’s request for the personal server that she used for emails while she was Secretary of State (which we discussed previously here) to be turned over to an independent third party. The committee said it wants a third party to verify that all Benghazi-related emails were in fact turned over to the panel – especially after Clinton acknowledged deleting anything determined to be “personal” messages. Kendall called the request pointless, saying Clinton’s IT staff had confirmed to him the messages are gone for good (Gowdy, in a statement, said that Clinton “unilaterally decided to wipe her server clean and permanently delete all emails from her personal server”).

But, are the emails really gone? According to my colleague, Michael Heslop, Vice President of Computer Forensics at CloudNine, that depends on what they mean by “wiped”. “If they forensically wiped the server, then it’s likely not recoverable from there”, said Heslop. “But, the data might still be available via other sources, such as backups or an offline storage table (OST) file on the computer that was used for email.”

As an example, the Politico article references the case of former Internal Revenue Service official Lois Lerner, who came under scrutiny over charges that the IRS targeted tea party groups for heightened scrutiny, after the IRS said that a 2011 hard-drive crash rendered her emails irretrievable. The agency trashed the hard drive and said it had over-written back-up tapes, yet other recovered back-up tapes appears to have yielded the missing emails.

Not surprisingly, the conservative group Freedom Watch has filed a racketeering lawsuit against Clinton that accuses her of failing to produce documents under the Freedom of Information Act (FOIA). So, expect efforts to scrutinize the deletion of Clinton’s emails to intensify. And, that’s no April Fools joke.

So, what do you think? Have you ever had to recover deleted emails? Were you successful in doing so? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscoveryDaily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Big Money for Stolen Health Records: eDiscovery Trends

Last month, we discussed how the number of data breaches was up in 2014, but the number of records breached was down. Of course, this year already got off to a rocky start when health insurance provider Anthem announced in early February that it had suffered what appears to be the largest breach ever in the health insurance industry, affecting about 80 million people. It turns out that those hacked health records are worth a lot in the black market.

In Fox Rothschild’s HIPAA, HITECH & HIT blog article Hacked Health Records Prized for their Black Market Value (that I found via Rob Robinson’s ever valuable Complex Discovery site), author William Maruca notes that the relative value of health records and financial data can be considerably more valuable than financial data alone.

Consider these sources:

As the Pittsburgh Post-Gazette reported, “The value of personal financial and health records is two or three times [the value of financial information alone], because there’s so many more opportunities for fraud,” said David Dimond, chief technology officer of EMC Healthcare, a Massachusetts-based technology provider. Combine a Social Security number, birth date and some health history, and a thief can open credit accounts plus bill insurers or the government for fictitious medical care, he noted.

Stolen health credentials can go for $10 each, about 10 or 20 times the value of a U.S. credit card number, according to Don Jackson, director of threat intelligence at PhishLabs, a cyber crime protection company and reported by Reuters last year (before the Anthem breach). Jackson obtained the data by monitoring underground exchanges where hackers sell the information.

According to an FBI bulletin from last April (again, before the Anthem breach), Cyber criminals are selling the information on the black market at a rate of $50 for each partial electronic health record (HER), compared to $1 for a stolen social security number or credit card number. EHR can then be used to file fraudulent insurance claims, obtain prescription medication, and advance identity theft. EHR theft is also more difficult to detect, taking almost twice as long as normal identity theft.

With so much at stake, it’s no wonder that the healthcare industry more breaches in 2014 (333) than any other industry, and that the potential cost for breaches in the healthcare industry is estimated to be as much as $5.6 billion annually. With numbers like these, expect data security and data privacy to continue to be hot topics within the legal technology community.

So, what do you think? Have you personally had your data stolen? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Image is Not Only Everything, It Is Also Legally a Copy, Appeals Court Rules: eDiscovery Case Law

In Colosi v. Jones Lang LaSalle Americas, Inc., 14-3710 (6th Cir. Ohio 2015), the Sixth Circuit Court of Appeals affirmed the District Court’s judgment to approve a $6,369.55 bill of costs which included synchronization of deposition videos and imaging of hard drives that the defendant submitted after prevailing in the case.

Case Background

The plaintiff (and appellant) lost a wrongful termination suit against the defendant (and appellee), her former employer. As the prevailing party, the defendant filed a $6,369.55 bill of costs that the court clerk approved without modification. The plaintiff objected to most of the charges and moved the district court to reduce the bill to $253.50. The district court denied the motion, finding each cost reasonable, necessary to the litigation, and properly taxable under statute. The plaintiff renewed her objections on appeal to the Sixth Circuit Court of Appeals.

The plaintiff contested, as a matter of law, the recoverability of the costs associated with the synchronization of her deposition video and transcript, costs flowing from a cancelled deposition and transcription costs for the depositions of three other witnesses she deemed as unnecessary. She also challenged the district court’s decision to tax the cost of imaging her personal computer’s hard drive, arguing that “as a matter of law, ‘most electronic discovery costs such as the imaging of hard drives are not recoverable as taxable costs.’” She referenced the narrow interpretation of taxable costs in Race Tires America, Inc. v. Hoosier Racing Tire Corp to bolster her argument.

Appellate Court’s Opinion

The appellate court stated that “The taxing statute allows the prevailing party to recover ‘[f]ees for printed or electronically recorded transcripts necessarily obtained for use in the case.’ 28 U.S.C. § 1920(2).” It also cited Sales v. Marshall, 873 F.2d 115, 120 (6th Cir. 1989), as follows: “Ordinarily, the costs of taking and transcribing depositions reasonably necessary for the litigation are allowed to the prevailing party. Necessity is determined as of the time of taking, and the fact that a deposition is not actually used at trial is not controlling.”

With regard to synchronization, the court stated “We discern no abuse of discretion in the award of synchronization costs. We previously construed § 1920(2) to embrace the cost of synchronizing a deposition video and transcript, provided the trial court finds the procedure reasonably necessary…It did here.” The appellate court also ruled that the plaintiff-appellant failed to “demonstrate that the district court abused its discretion in finding the other deposition-related costs necessary” and upheld those costs as well.

With regard to the imaging costs, the appellate court noted that “the statute includes no categorical bar to taxing electronic discovery costs. Rather, it authorizes courts to tax ‘the costs of making copies of any materials where the copies are necessarily obtained for use in the case.’ 28 U.S.C. § 1920(4). Thus, we first ask whether imaging a hard drive, or other physical storage device, falls within the ordinary meaning of ‘making copies.’”

Referencing the Oxford English Dictionary, the appellate court in upholding the imaging costs, rejecting the Third Circuit Court decision Race Tires as “overly restrictive”, stated:

“Imaging a hard drive falls squarely within the definition of ‘copy,’ which tellingly lists ‘image’ as a synonym. And the name ‘imaging’ describes the process itself. Imaging creates ‘an identical copy of the hard drive, including empty sectors.’…The image serves as a functional reproduction of the physical storage disk. From the image file, one can access any application file or electronic document on the hard drive with all that document’s original properties and metadata intact…If not actually made or formed in the image of the hard drive, we certainly regard it as such. Thus, a plain reading of the statute authorizes courts to tax the reasonable cost of imaging, provided the image file was necessarily obtained for use in the case.”

So, what do you think? Are courts ever going to apply a consistent interpretation of 28 U.S.C. § 1920(4)? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.