Close
Enter your
text here

eDiscoveryDaily

Appeals Court Upholds “Death Penalty Order” Sanction That Leads to Multi-Million Dollar Judgment: eDiscovery Case Law

In Crews v. Avco Corp., No. 70756-6-I (Wash. Ct. App. Apr. 6, 2015), a Washington Court of Appeals upheld a “death penalty order” against the defendant for discovery violations, including the failure to produce relevant information, but remanded for amendment of the final judgment of over $17.28 million to reflect any offsets for settlements with other defendants.

Case Background

In this product liability case related to a faulty carburetor that was associated with a plane crash in which several people were killed, the defendant failed to satisfy the plaintiffs’ discovery demands from October 2010 into February 2013, often objecting to most, if not all, of the requests. During part of that time, the defendant relied in part upon its document retention policy and, after being held in contempt, the defendant submitted a declaration from counsel describing its efforts to comply with the court’s order to produce. While not providing the policy itself, counsel explained that “pursuant to company policy” certain categories of documents were “retained only for fixed periods of time” and stating that many of the documents supplied by another defendant were “beyond the various retention periods” in the policy. Ultimately, the plaintiffs’ filed a motion for default against the defendant.

On February 4, 2013, the first day of trial, the judge held oral argument on the plaintiffs’ motion for default, during which the defendant’s counsel finally produced a copy of the records management policy. After reviewing the policy, the judge found that it was unclear whether the policy extended to the documents requested by the plaintiffs and orally granted the plaintiffs’ motion to sanction the defendant. The next day, the judge entered a written order granting the plaintiffs’ motion. The order stated that there was substantial evidence that the defendant did not comply with the plaintiffs’ discovery requests and the court found that the withheld discovery tied directly to the plaintiffs’ burden of proof regarding the defendant’s violation of federal regulations and punitive damages.

The court found that the defendant’s “continued disregard and violation of the discovery and contempt orders is without reasonable excuse and is willful. [Avco] has and continues to substantially prejudice plaintiffs’ preparation for trial and presentation at trial, on issues of liability, causation, and punitive damages.” As a result, the court ruled that “All of each plaintiff’s allegations in their respective operative Complaints against [Avco] are deemed admitted, and all of [Avco’s] defenses, if any, are stricken.”

The jury considered compensatory damages and punitive damages in two separate phases of trial, returning a verdict for the plaintiff of $17,283,000; $6 million of which was in punitive damages. The defendant appealed on multiple grounds, arguing that the order violated due process and that the trial court abused its discretion in imposing the most severe sanctions possible when lesser sanctions would have sufficed and also challenged specific sanctions.

Appeals Court Analysis

Assessing the defendant’s objections, the appellate court described the requirements to justify harsh sanctions – that the discovery violations were willful or deliberate, that the opposing party was substantially prejudiced, and that the trial court explicitly considered lesser sanctions. Following considerable analysis, the appellate court found that the trial court did not abuse its discretion in its findings that the violation of the discovery order was willful, that the plaintiffs’ case was prejudiced and that lesser sanctions would not be adequate for a fair trial.

With regard to the records management policy, the appellate court, while observing that the policy was not part of the record, agreed that the “scope and operation of the policy is unclear and unsupported” and that the defendant “did not submit any other evidence, such as employee affidavits, about how the policy applied to the requested documents and their destruction”.

Though the appellate court essentially affirmed the sanctions imposed, it did remand the case for “amendment of the final judgment to reflect any offsets authorized pursuant to chapter 4.22 RCW.”

So, what do you think? Were the sanctions appropriate or should the court have considered lesser sanctions against the defendant? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Even When You Win in the Playoffs, You Should Still Think Before You Hit Send: eDiscovery Trends

Since social media has become a big part of discovery, we like to good social media disaster story every once in a while. Last year, we covered the story of the former head of a private preparatory school in Miami, who lost out an $80,000 discrimination settlement after his daughter boasted about it on Facebook. And, of course, no discussion of social media disasters would be complete without mentioning Anthony Weiner. The latest example is the (now former) social media manager of my hometown Houston Rockets basketball team, who lost his job over an offensive tweet.

As covered in Click2Houston.com (Houston Rockets fire social media manager after offensive tweet, written by Syan Rhodes), the Rockets fired its social media manager Chad Shanks after his tweet in the waning moments of the Rockets’ series-clinching 104-93 Game 5 win over the Dallas Mavericks. With the game essentially in hand, Shanks posted a tweet using emoji characters of a horse with a gun to its head and the words, “Shhhhh. Just close your eyes. It will all be over soon”.

The Mavericks’ official Twitter account reacted, tweeting, “Not very classy but we still wish you guys the very best of luck in the next round.” Not long after, the Rockets’ tweet was removed and the team was apologizing, “Our Tweet earlier was in very poor taste & not indicative of the respect we have for the @dallasmavs & their fans. We sincerely apologize.”

The next day, Shanks was fired.

“I’ve kind of made my name, so to speak, even though a lot of people didn’t know who I am, being a little more edgy, pushing the envelope a little bit and trying to be funny”, Shanks was quoted in an interview with KPRC. “It was heat of the moment. My emotions got the best of me and I didn’t see how that tweet would offend so many people. And that was my mistake; I should have thought that through a little better.”

Shanks also tried to address the controversial tweet head-on, stating “People were upset, feeling I advocated violence toward animals. That wasn’t what I meant at all. It was just a jab at taking out the Mavericks and I really didn’t mean to offend anyone,” he said. “I’m sorry it ended this way, but I’m grateful for the opportunities they gave me. I loved every second of the job.”

Shanks is getting a lot of support online with the hashtag #BringBackChad and there’s even a change.org petition to try to get him reinstated.

And, there is at least a bit of a happy ending. Dan Le Batard, of ESPN, hired Shanks during his ESPNRadio show to run his show’s Twitter account (through Saturday night, covering the NFL Draft, among other big sports events). Hey, even Anthony Weiner made a comeback – sort of.

So, what do you think? Do you have any social media disasters in your organization? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

One Step to Go for the Federal Rules Changes. Will it Be a Formality?: eDiscovery Trends

Wednesday, Supreme Court Chief Justice John G. Roberts submitted proposed amendments to the Federal Rules of Civil Procedure to Congress via an order, accompanied by letters to Speaker of the House John Boehner and President of the Senate (and Vice President of the US) Joe Biden.

The text of the letters to each of them is as follows:

“I have the honor to submit to the Congress the amendments to the Federal Rules of Civil Procedure that have been adopted by the Supreme Court of the United States pursuant to Section 2072 of Title 28, United States Code.

Accompanying these rules are excerpts from the Reports of the Committee on Rules of Practice and Procedure to the Judicial Conference of the United States containing the Committee Notes submitted to the Court for its consideration pursuant to Section 331 of Title 28, United States Code.”

Assuming that Congress doesn’t introduce legislation to affect the timing or content of the rules (which most people, including our thought leader interviewees this year, do not expect), the rules will become effective on December 1 of this year.

A copy of the letters and the order approving the rules changes (as well as the changes themselves) can be found on the Supreme Court site here.

We’ve been covering the progress of Rules adoption and the associated debate regarding the rules – especially Rule 37(e) – for over two years. For the background, check out our previous posts here, here, here, here, here, here and here.

So, what do you think? Do you expect the proposed changes to have a positive effect of how discovery is handled? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

It’s Draft Day! What Skills Does Your eDiscovery Quarterback Need?: eDiscovery Best Practices

If you’re a fan of a pro football team, you’ve been waiting months to see what players your favorite team will be drafting. That wait ends tonight as the annual NFL draft kicks off. When it comes to selecting football players, the most important player is the quarterback and teams put quarterback prospects through a series of tests (both physical and mental) to attempt to determine their likelihood for success in pro football (and they still get it wrong – a lot).

Like a football team, every litigation team navigating the discovery process needs a good “quarterback” – only we tend to call ours “project managers”. What skills does your eDiscovery “quarterback” need? Let’s take a look at some of the skills and qualifications that I look for in a good eDiscovery project manager.

  • Actual Case Experience: A good discovery PM candidate doesn’t have to have a law degree (even a JD) to be a successful project manager. Plenty of paralegals and IT professionals can be excellent project managers. If you’ve been following this blog for a long time, you know that I’m an IT professional, not a lawyer. I like to say that “I’m not a lawyer, but I play one on the Web”. But, I have managed many discovery projects and worked with attorneys for over 25 years. What’s important is the actual case experience that you’ve had, working with and managing other team members (including clients and outside vendors) in completing deliverables and meeting deadlines in all phases of the discovery life cycle.
  • Technical Proficiency: A good discovery PM candidate doesn’t have to have a Computer Science degree either. But, the candidate should have a good understand how data is stored (and that even “deleted” data may be recoverable), a good understanding of Office and most common applications and able to “speak geek” well enough to work with us IT types. In short, the best type of candidate is a lawyer whose “hobby” is being a computer geek OR an IT professional whose “hobby” is the litigation process.
  • Knowledge of the EDRM Model: If you don’t know the flow and phases of the EDRM model, you need not apply. If you only know the EDRM model and don’t know about any of the vast frameworks, standards and resources that have been developed by industry professionals over the past ten years (many of which we’ve covered here), you probably need not apply either.
  • Familiarity with Discovery Rules: Knowledge of Federal and applicable State Rules that pertain to discovery (and preferably the current proposed rules changes covered here and here, among other places) would be expected.
  • Considerable Experience with at Least One Litigation Support Software Platform: A lot of job postings that I have seen require experience with a particular software application – the application that they are using. It’s great if you can get it, but I would rather select a sharp, technically proficient candidate who learns quickly than a less qualified candidate that happens to know the preferred platform better. While the first candidate may require a little more ramp up time, he/she has greater upside in the long run.
  • Strong Verbal and Written Communication Skills: You can get a sense of a candidate’s verbal communication skills during the interview process. What about their written skills? I actually like to give PM candidates an assignment scenario where they are asked to communicate a project issue to an imaginary client (me) via email and explain how that impacts the scope and schedule, then evaluate that example as part of the evaluation process.

I also like to ask if they read any publications or blogs on eDiscovery. If they read Ball in Your Court, e-Discovery Team®, Ride the Lightning, Litigation Support Guru, Bow Tie Law’s Blog or Complex Discovery (to name a few), that’s bonus points! And, of course, if they read eDiscovery Daily, that’s major bonus points (everyone likes a suck-up). 🙂

That’s not a comprehensive list above, but it represents some of the key attributes that I seek. What qualifications do you look for in an eDiscovery “quarterback”? Please share any comments you might have or if you’d like to know more about a particular topic.

P.S. – The player pictured is Bryce Petty, quarterback prospect from my alma-mater, Baylor University. He may not know the EDRM model, but I think he will make a terrific quarterback in the NFL. You heard it here first. 🙂

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

This Guy Says that Computers Could Eventually Replace Lawyers – In the Courtroom: eDiscovery Trends

Over four years ago, we covered an article in The New York Times that discussed how the use of artificial intelligence could lead to replacing “armies of expensive lawyers” during the eDiscovery process. Now, a new article in The Wall Street Journal online goes a step further, speculating that “computers will eventually pass the legal bar exam and defendants will be given the right to be represented by a computational attorney if they so wish”.

What Big Data Means for the Legal System, written by Robert Plant (not the Led Zeppelin singer, but a professor at the University of Miami, as well as an author and blogger for Harvard Business Review & WSJ Leadership Expert) discusses how artificial intelligence researchers have used the legal domain as an exploratory space to test theories for decades, but with limited success. The advent of big data has changed that, enabling us to analyze not only text but many other data types such as pictures, email, video and voice. As Plant notes, this capability “allows lawyers to look for patterns and correlations across vast data sets previously inaccessible.”

Plant uses analysis of judges’ behavior in cases as an example, suggesting the ability to obtain answers to questions like: “How does the Judge rule on certain types of cases can be studied by date and time? Does the judge dismiss cases for a consistent pattern of reasoning? How do holidays affect decisions? Do they sentence harder at different times of the day?”

Because of big data analytics, Plant predicts that “[m]any of the routine tasks now performed by entry-level lawyers or paralegals will increasingly be undertaken by analytics; case and trial strategies will be developed by legal informatics as will increasingly jury-selection strategies.” As a result, Plant takes the concept to a somewhat controversial conclusion, as follows:

“It is clear that with advances in machine learning, computers will eventually pass the legal bar exam and defendants will be given the right to be represented by a computational attorney if they so wish and thus court rooms could see a truly new form of human computer interaction in which the computer answers the question ‘does the client have a case?’”

Must he “ramble on”? Computers replace lawyers?!? In the courtroom?!? He sure isn’t showing the legal profession a “whole lotta love”, is he? (sorry, I couldn’t resist)

Clearly, we’ve seen the application of artificial intelligence result in significant benefits during the eDiscovery process, with several cases over the past few years endorsing technology assisted review (including this latest case just last month) as well as initiatives to apply technology to information governance (such as the Information Governance Initiative launched last year). Is it that far of a stretch to apply technology to decision making in the courtroom too? Or is the author simply “dazed and confused”? (ok, I really will stop now)

So, what do you think? Will clients someday be represented by computers in the courtroom? Please share any comments you might have or if you’d like to know more about a particular topic.

Clipart from Clipartheaven.com

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

“How Much Will it Cost?” is Not Necessarily the Right Question to Ask: eDiscovery Best Practices

This is a topic we covered last fall, but it has come up again several times with clients (and prospective clients) recently and since we have so many new viewers and subscribers in the past couple of months (thanks to our recently announced education partnership with EDRM and some very kind words from Craig Ball on his excellent Ball in Your Court blog), it bears discussing again.

By far, the most important (and, therefore, the most asked) question asked of eDiscovery providers is “How much will it cost?”. Actually, you should be asking a few questions to get that answer – if they are the right questions, you can actually get the answer you seek.

With these questions, you can hopefully prevent surprises and predict and control costs:

  • What is the Unit Price for Each Service?: It’s important to make sure that you have a clear understanding of every unit price the eDiscovery provider includes in an estimate. Some services may be charged per-page or per-document, while others may be charged per gigabyte, and others may be charged on an hourly basis. It’s important to understand how each service is being charged and ensure that the price model makes sense.
  • Are the Gigabytes Counted as Original or Expanded Gigabytes?: For the per gigabyte services, it’s also important to make sure that you whether they are billed on the original GBs or the expanded GBs. Expanded GBs can be two to three times as large (or more) as the original GBs. Some services are typically billed on the original GBs (or at least the unzipped GBs) while others are typically billed on the expanded GBs. It’s important to know which metric is used; otherwise, your ESI collection may be larger than you think and you may be in for a surprise when the bill comes.
  • Will I Get an Estimate in Advance for Hourly Billed Services?: When you ask for specific hourly billed services from the provider (such as professional consulting or technician services) to complete a specific task, it’s important to get an estimate to complete that task as well as advanced notification if the task will require more time than estimated.
  • What Other Costs are Billed?: It’s not uncommon for other charges to be included in invoices, such as user fees for hosting services (not all hosting providers charge user fees, so it’s important to comparison shop) or project management, which can be an important component to the services provided by the eDiscovery provider. And, don’t forget charges for supplies and shipping. The rates charged for these services can vary widely, from non-existent to exorbitant. Understanding what other costs are being billed and the rates for those services is important to controlling costs.
  • If Prices are Subject to Change, What is the Policy for Those Changes and Notification of Clients?: Let’s face it, prices do change, even in the eDiscovery industry. In ongoing contracts, most eDiscovery providers will retain the right to change prices to reflect the cost of doing business (whether they exercise those rights or not). It’s important to know the terms that your provider has set for the ability to change prices, what the notification policy is for those price changes and what your options are if the provider exercises that right.

With the right questions and a good understanding of your project parameters, you can get to the answer to that elusive question “How much will it cost?”.

So, what do you think? How do you manage costs with your eDiscovery providers? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Denial of Motion for Spoliation Sanctions Leaves Plaintiff Less Than Glad: eDiscovery Case Law

In Gladue v. Saint Francis Medical Center, 1:13-CV-186-CEJ (E.D. Mo. Mar. 24, 2015), Missouri District Judge Carol E. Jackson denied the plaintiff’s motion for evidentiary and monetary sanctions due to spoliation of evidence, finding that the defendant did not have a duty to preserve emails deleted as part of routine IT operations, had diligently attempted to recover deleted emails and that the plaintiff failed to show that any of the unrecovered emails were relevant to her claims.

Case Background

In this employment case, the plaintiff’s employment was terminated in December 2011. As part of the defendant’s routine IT operations, the plaintiff’s email account was purged in March 2012. At that time, plaintiff had not filed either a lawsuit against the defendant or a charge of discrimination with the Equal Employment Opportunity Commission – the defendant was first contacted by the plaintiff’s then-attorney in June 2012 regarding the plaintiff’s employment discrimination claims.

On June 16, 2014, after this lawsuit was filed, the plaintiff submitted a request for production of all of her work emails and her calendar. Because her account had been purged, the defendant undertook several efforts to retrieve the emails, including conducting a search for all emails sent to or received from plaintiff in the accounts of every employee identified in the parties’ Fed. R. Civ. P. 26 disclosures. The defendant ultimately produced over 24,600 pages of emails and related documents to the plaintiff in two productions (nearly three months before the close of discovery), but acknowledged that there were no guarantees that every lost item was retrieved. The plaintiff filed a motion for evidentiary and monetary sanctions due to spoliation of evidence.

Judge’s Opinion

Finding that a “litigation hold was not required at the time plaintiff’s e-mails were deleted”, Judge Jackson ruled that the defendant “has shown that plaintiff’s e-mails were deleted as part of a routine maintenance procedure, rather than in bad faith. Moreover, defendant has diligently attempted to recover the missing documents.”

Judge Jackson also noted that the defendant produced documents to the plaintiff “nearly three months before the close of discovery and almost four months before the deadline for filing dispositive motions. Thus, as to the timing of the productions, no exceptional circumstances justify sanctions.” She also found that “plaintiff has failed to show that any of the unrecovered e-mails are relevant to her claims” and noted that “plaintiff is incorrect in her contention that defendant is at an advantage because it can use the undisclosed e-mails in this litigation” as “Fed. R. Civ. P. 37(c)(1) forbids defendant from using any document that has not been produced to plaintiff at summary judgment or trial.”

As a result, Judge Jackson ruled that “plaintiff is not prejudiced and no exceptional circumstances exist to justify sanctions” and denied her motion for sanctions.

So, what do you think? Did the plaintiff’s motion really ever stand a chance? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

How Blue Was My Valley? Not Blue Enough to Cite the Defendant for Discovery Violations: eDiscovery Case Law

In Malone v. Kantner Ingredients, 4:12CV3190 (D. Neb. Mar. 31, 2015), Nebraska Magistrate Judge Cheryl R. Zwart denied the plaintiffs’ motion to show cause, finding that the defendant “the plaintiffs have presented no evidence” that the defendant “destroyed, hid, or purposefully (or even recklessly) failed to produce responsive ESI” in the case.

Case Background

Over two years, the defendants had produced documents from various sources, including 140,000 electronic files located on a computer image of the data stored on the defendant’s file servers. Despite that, multiple conferences were held with the court regarding the parties’ discovery disputes and the plaintiffs filed five motions to compel additional documentation from the defendant.

In October of 2014, the plaintiffs claimed the defendants failed to produce all documents responsive to the plaintiffs’ discovery requests, particularly sent emails and invoices of transactions between Blue Valley Foods and the defendants. In an attempt to quell the plaintiffs’ ongoing distrust of the defendants’ discovery efforts, the defendants were ordered to locate their servers and determine if the server imaging performed by the defendants at the outset of the case was a full and complete imaging, as well as produce responsive invoices and sent mail from those servers.

In response to that order, the servers were received by defense counsel, who confirmed that the data image from the shared server data received by defense counsel at the outset of the case matched the data set and data amount on the servers. The servers were sent to the defendants’ forensic expert, who fully imaged them and provided a full copy of that imaging to the plaintiffs’ forensic expert. After receiving the server imaging, the plaintiffs’ forensic expert performed a word search of the data and located some documents containing the words “Blue Valley” that were not previously disclosed by the defendants in an electronic format. The plaintiffs presented evidence that some of those documents were responsive to production requests served by the plaintiffs, but they were not previously disclosed to the plaintiffs in an electronic format.

The plaintiffs moved for an order to show cause, alleging the defendants, their counsel, and counsel’s paralegal failed to comply with the order, “destroyed or tampered with evidence, and provided untruthful information to the court regarding the existence of discovery requested by the plaintiffs.”

Judge’s Opinion

Judge Zwart noted that, after receiving the actual servers, “the defendants did not repeat their search of the server data for responsive discovery…But the order required the defendants to determine if the server imaging performed by the defendants at the outset of the case was a full and complete imaging: It did not require the defendants to repeat their ESI review and production if the 2012 initial data imaging appeared to be full and complete.”

She continued: “By providing the full image of the servers to Plaintiffs’ expert, the defendants produced the emails, invoices, and associated metadata as required under the court’s order. While the plaintiffs incurred expense for forensic review of that data, the plaintiffs’ use of their own forensic expert was reasonable—and perhaps necessary—to bring some closure to the ongoing ESI discovery battle… The defendants allowed Plaintiffs to ‘see for themselves’ whether any additional documentation was on the Kantner servers. And the court is convinced this was the only means of convincing Plaintiffs that they had received everything. Had the parties discussed how to collect, review and produce ESI at the outset, perhaps the cost of two experts, and other discovery-related fees and costs, could have been avoided. But those discussions never occurred.”

With regard to the missed documents discovered by the plaintiff, Judge Zwart, referencing several sources for best practices for searching, indicated that “At most, the plaintiffs offered evidence of mistakes made during defense counsel’s 2012 manual review of the electronic files. Manual review is still considered by many as the ‘gold standard’ for electronic document review. But human error is common when attorneys are tasked with personally reviewing voluminous electronically stored information.” She also cited Reinsdorf v. Skechers (2013), which stated: “The discovery process relies upon the good faith and professional obligations of counsel to reasonably and diligently search for and produce responsive documents…However, while parties must impose a reasonable construction on discovery requests and conduct a reasonable search when responding to the requests, the Federal Rules do not demand perfection.”

Given that standard, Judge Zwart denied the plaintiffs’ motion to show cause.

This isn’t the first time we’ve covered rulings by Judge Zwart: click here, here, here and here to review previous rulings with eDiscovery impact that we’ve covered.

So, what do you think? Was that the right call or should the defendants have been held to a higher standard? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscoveryDaily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Almost Thirty Percent of Data Security Incidents are Due to Human Error: eDiscovery Trends

Last year, the term “data breach” became part of the broader public vernacular with The New York Times devoting more than 700 articles related to data breaches, versus fewer than 125 the previous year. And, as we’ve discussed recently, data breaches are on the rise. However, according to a new report, almost thirty percent of data security incidents are due to human error.

According to Verizon’s 2015 Data Breach Investigations Report released last week, the single biggest cause of data security incidents in 2014 was “miscellaneous errors”. These “miscellaneous errors” comprised 29.4% of data security incidents in 2014 (up from 25% in 2013), according to the report.

As Verizon notes in its report, if you take the top four causes of data security incidents – two through four respectively are crimeware (25.1%), insider misuse (20.6%) and physical theft/loss (15.3%) – “the common denominator across the top four patterns – accounting for nearly 90% of all incidents – is people. Whether it’s goofing up, getting infected, behaving badly, or losing stuff, most incidents fall in the PEBKAC (problem exists between keyboard and chair) and ID-10T (get it?) über-patterns.” As they somewhat playfully observe, “At this point, take your index finger, place it on your chest, and repeat ‘I am the problem,’ as long as it takes to believe it. Good – the first step to recovery is admitting the problem.”

While some of the errors are due to issues such as a computer malfunction or a misconfigured system, nearly 60% of the time, they’re due to a relatively simple user mistake (especially system administrators who were the “prime actors in over 60% of incidents”). Verizon breaks these down as:

  • “D’oh!”: Sensitive information sent to incorrect recipients (usually via email) comprised 30% of the miscellaneous errors that led to a data breach;
  • “My bad!”: Publishing non-public data to public web servers comprised 17%; and
  • “Oops!”: Insecure disposal of personal and medical data accounted for 12% of miscellaneous errors.

Overall, the report identifies 79,790 reported security incidents (with 2,122 confirmed data breaches) affecting at least 20 industries in 61 countries (not surprisingly, no breakout for legal). In terms of volume, two-thirds of incidents occurred in the U.S., but as Verizon notes, “that’s more reflective of our contributor base (which continues to expand geographically) than a measure of relative threat/vulnerability.”

The 70 page report covers topics ranging from victim demographics and breach trends to specific types of breach causes, including phishing and malware. It also breaks down incident types, including point-of-sale intrusions (the number one cause of confirmed data breaches at 28.5%), denial-of-service attacks and cyber-espionage. It even provides a “year in review” chronology of notable breaches (in case you missed them). The report is very informative and, at times, wryly written, which makes me forget – almost! – that Verizon dinged me for several hundred dollars of roaming charges in Europe during my honeymoon last fall (don’t get me started!).

Anyway, you can get a copy of the report here. You can register and download the report or just choose to download the report (which I did). An interesting read.

So, what do you think? Has your organization experienced any data security incidents due to human error? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.