Close
Enter your
text here

eDiscoveryDaily

Another Disclosure of Privileged Documents Fails the Five Factor Test – eDiscovery Case Law
 

In Inhalation Plastics, Inc. v. Medex Cardio-Pulmonary, Inc., 2:07-CV-116 (N.D. Ohio), Ohio Magistrate Judge Norah McCann King found that the defendant had waived the attorney-client privilege was waived for 347 emails inadvertently produced, because they failed all factors in the five factor test to determine whether the inadvertent disclosure entitles the producing party to the return of the documents in question.

Background of Inadvertent Disclosure

In a breach of contract lawsuit, the defendant produced 7,500 hard copy pages including 347 pages of emails (4.6% of the total) for which legal personnel were senders or recipients. The defendant did not assert privilege on any of the 347 pages of emails until the plaintiff sought to depose those legal personnel. As a result of the defendant seeking to assert privilege on those emails, the plaintiff filed a motion for a determination that the documents are not privileged and submitted them for in camera review.

Five Factor Test

Noting that the producing party has the burden to prove that the disclosure of privileged documents was truly inadvertent, Judge King referenced the now popular five factor test to determine whether an inadvertent disclosure entitles the producing party to have the documents returned, as follows:

“(1) the reasonableness of precautions taken in view of the extent of document production, (2) the number of inadvertent disclosures, (3) the magnitude of the disclosure, (4) any measures taken to mitigate the damage of the disclosures, and (5) the overriding interests of justice.”

Analysis of Factors

With regard to the first factor, despite the fact that the defendant claimed that this production “was reviewed by several layers of attorneys who isolated the privileged documents and prepared for electronic production in the same way” as their previous productions, Judge King noted that the defendant did not specify “who reviewed the production, what steps were taken to review the documents for privilege or whether the production was different in form from prior productions” and noted that no privilege log was produced.  As a result, Judge King found that the defendant failed the first factor.

With regard to the second factor, Judge King compared the rate of disclosure of privileged documents in this case (4.6% of the total) to two other cases where privilege was also waived (134 out of 10,085 pages and 93 documents out of 15,000 documents respectively) and found the number of disclosures to be “relatively high”, so the defendant failed the second factor.

Regarding the third factor, the fact that the documents appeared to be relevant to the plaintiff's claims and they attempted to use them in depositions caused the defendant to fail the third factor.

On the fourth factor, the defendant did immediately invoke privilege when it discovered that the documents had been inadvertently produced.  However, they did not follow the procedure in Federal Rule of Civil Procedure 26(b)(5)(B), which requires:

“If information produced in discovery is subject to a claim of privilege . . . the party making the claim may notify any party that received the information of the claim and the basis for it. After being notified, a party . . . may promptly present the information to the court under seal for a determination of the claim. The producing party must preserve the information until the claim is resolved.”

As Judge King noted, “Medex did not identify any particular documents covered by the privilege, did not provide a proper privilege log and, beyond conclusory statements, Medex did not state a basis for the claimed privilege.”  So, they failed the fourth factor.

At this point, if this was a boxing match, it would be stopped.  In granting the plaintiff’s motion, Judge King stated: “To summarize, the Court finds that Medex did not take reasonable precautions to protect its privileged information, the number of documents disclosed is significant, no privilege log was provided at the time of disclosure, the contents of some of the documents may be relevant to the heart of the dispute, and Medex made insufficient attempts to mitigate its damage even after it learned of the disclosure.”

So, what do you think?  What do you to ensure your firm will pass the five factor test for inadvertent disclosures of privileged documents?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

eDiscovery Acquisitions: Industry Consolidation Continues
 

If you think there have been a lot of acquisitions in the eDiscovery industry, you’re right.  Now, thanks to Rob Robinson and his Complex Discovery blog, you can get a sense of just how many acquisitions there have been.  Rob has provided a post showing 10 Years of eDiscovery Mergers, Acquisitions and Investments.

While Rob acknowledges that it’s a “non-comprehensive overview” of “key and publicly announced eDiscovery related mergers, acquisitions and investments since 2002”, he does provide 133 of them in the list – dating all the way back to April of 2002 when Kroll and Ontrack became one company.  For each, he provides the announcement date, acquired company, acquiring or investing company and acquisition amount (if known).  The early years (2002-2005) only have ten entries total, so there could certainly (and understandably) be some early years acquisitions unaccounted for.  Nonetheless, a few observations:

  • Since the beginning of 2010, there have been at least 79 mergers, acquisitions and investments (over half the list).  There have been 5 acquisitions (and one investment) since the beginning of August alone.
  • What is the largest acquisition on the list (based on those that show reported acquisition amounts)?  If you said the HP acquisition of Autonomy in August of last year ($11.7 billion), you’d be wrong.  The largest acquisition on the list is Symantec’s purchase of Veritas software way back in December of 2004 ($13.5 billion).  Veritas had made its own acquisition of KVS less than 10 months earlier.
  • The company with the most acquisitions on the list is Huron, with 6 acquisitions.  Close on their heels is Symantec (5 acquisitions), LexisNexis (4 acquisitions), Thomson Reuters (4 acquisitions, when they acquired LiveNote back in 2006, they were still known as Thomson) and Autonomy (4 acquisitions, then acquired themselves by HP last year).
  • Just because you’ve been acquired once doesn’t mean you can’t be acquired again.  Applied Discovery, Black Letter Discovery, CaseLogistix, CT Summation and Kroll were all acquired twice during this span and Daticon was acquired three times!
  • Think a major, long term software company can’t be acquired?  Two products that have been around for decades, Summation and Concordance, have each been acquired in the past decade – Summation twice (by Wolters Kluwer in 2004 and AccessData in 2010).
  • Think that eDiscovery is only for specialized companies?  Think again.  Heavyweights such as HP (3 acquisitions), Computer Associates (3 acquisitions), IBM (2 acquisitions), Deloitte (2 acquisitions) and Microsoft (1 acquisition) all acquired eDiscovery companies over the last 10 years.

Thanks, Rob, for such an informative compilation of eDiscovery acquisitions, mergers and investments!

So, what do you think?  Do you think eDiscovery consolidation will continue at this pace?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

eDiscovery Daily is Two Years Old Today!
 

It’s hard to believe that it has been two years ago today since we launched the eDiscoveryDaily blog.  Now that we’ve hit the “terrible twos”, is the blog going to start going off on rants about various eDiscovery topics, like Will McAvoy in The Newsroom?   Maybe.  Or maybe not.  Wouldn’t that be fun!

As we noted when recently acknowledging our 500th post, we have seen traffic on our site (from our first three months of existence to our most recent three months) grow an amazing 442%!  Our subscriber base has nearly doubled in the last year alone!  We now have nearly seven times the visitors to the site as we did when we first started.  We continue to appreciate the interest you’ve shown in the topics and will do our best to continue to provide interesting and useful eDiscovery news and analysis.  That’s what this blog is all about.  And, in each post, we like to ask for you to “please share any comments you might have or if you’d like to know more about a particular topic”, so we encourage you to do so to make this blog even more useful.

We also want to thank the blogs and publications that have linked to our posts and raised our public awareness, including Pinhawk, The Electronic Discovery Reading Room, Unfiltered Orange, Litigation Support Blog.com, Litigation Support Technology & News, Ride the Lightning, InfoGovernance Engagement Area, Learn About E-Discovery, Alltop, Law.com, Justia Blawg Search, Atkinson-Baker (depo.com), ABA Journal, Complex Discovery, Next Generation eDiscovery Law & Tech Blog and any other publication that has picked up at least one of our posts for reference (sorry if I missed any!).  We really appreciate it!

We like to take a look back every six months at some of the important stories and topics during that time.  So, here are some posts over the last six months you may have missed.  Enjoy!

We talked about best practices for issuing litigation holds and how issuing the litigation hold is just the beginning.

By the way, did you know that if you deleted a photo on Facebook three years ago, it may still be online?

We discussed states (Delaware, Pennsylvania and Florida) that have implemented new rules for eDiscovery in the past few months.

We talked about how to achieve success as a non-attorney in a law firm, providing quality eDiscovery services to your internal “clients” and how to be an eDiscovery consultant, and not just an order taker, for your clients.

We warned you that stop words can stop your searches from being effective, talked about how important it is to test your searches before the meet and confer and discussed the importance of the first 7 to 10 days once litigation hits in addressing eDiscovery issues.

We told you that, sometimes, you may need to collect from custodians that aren’t there, differentiated between quality assurance and quality control and discussed the importance of making sure that file counts add up to what was collected (with an example, no less).

By the way, did you know the number of pages in a gigabyte can vary widely and the same exact content in different file formats can vary by as much as 16 to 20 times in size?

We provided a book review on Zubulake’s e-Discovery and then interviewed the author, Laura Zubulake, as well.

BTW, eDiscovery Daily has had 150 posts related to eDiscovery Case Law since the blog began.  Fifty of them have been in the last six months.

P.S. – We still haven't missed a business day yet without a post.  Yes, we are crazy.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

eDiscovery Case Law: Twitter Loses Appeal in People v. Harris
 

As reported in the Gibbons E-Discovery Law Alert blog, Twitter filed an appeal of the trial court’s decision in People v. Harris with the Appellate Division, First Department in New York, arguing that Twitter users have the right to quash subpoenas pursuant to Twitter’s terms of service agreement as well as because defendants’ constitutional rights are implicated by a government-issued subpoena to a third party.  Unfortunately for Twitter, it didn’t take long for the appellate court panel to rule, as they denied Twitter’s motion for a stay of enforcement of the Trial Court’s order to produce Malcolm Harris’s tweets last week.

Attempts to Quash the Subpoena Fail

Back in April, Harris, an Occupy Wall Street activist facing criminal charges, tried to quash a subpoena seeking production of his Tweets and his Twitter account user information in his New York criminal case.  That request was rejected, so Twitter then sought to quash the subpoena themselves, claiming that the order to produce the information imposed an “undue burden” on Twitter and even forced it to “violate federal law”.

Then, on June 30, New York Criminal Court Judge Matthew Sciarrino Jr. ruled that Twitter must produce tweets and user information of Harris, noting: “If you post a tweet, just like if you scream it out the window, there is no reasonable expectation of privacy. There is no proprietary interest in your tweets, which you have now gifted to the world. This is not the same as a private email, a private direct message, a private chat, or any of the other readily available ways to have a private conversation via the internet that now exist…Those private dialogues would require a warrant based on probable cause in order to access the relevant information.”  Judge Sciarrino indicated that his decision was “partially based on Twitter's then terms of service agreement”, which was subsequently modified to add the statement “You Retain Your Right To Any Content You Submit, Post Or Display On Or Through The Service.”

Twitter Continues to Fight Ruling

After the ruling, the New York District Attorney filed an order for Twitter to show cause as to why they should not be held in contempt for failure to produce the tweets. Twitter responded by seeking the stay of enforcement pending the appeal.  Last week, Twitter was given a deadline by the Trial Court during a hearing on the District Attorney’s motion to produce Harris’s information by Friday September 14 or face a finding of contempt. Judge Sciarrino even went so far as to warn Twitter that he would review their most recent quarterly financial statements in determining the appropriate financial penalty if Twitter did not obey the order.

So, what do you think?  With the appeal denied, will Twitter finally produce the plaintiff’s information?  What impact does this case have on future subpoenas of Twitter user information?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

eDiscovery Best Practices: Quality Control, Making Sure the Numbers Add Up
 

Yesterday, we wrote about tracking file counts from collection to production, the concept of expanded file counts, and the categorization of files during processing.  Today, let’s walk through a scenario to show how the files collected are accounted for during the discovery process.

Tracking the Counts after Processing

We discussed the typical categories of excluded files after processing – obviously, what’s not excluded is available for searching and review.  Even if your approach includes a technology assisted review (TAR) methodology such as predictive coding, it’s still likely that you will want to do some culling out of files that are clearly non-responsive.

Documents during review may be classified in a number of ways, but the most common ways to classify documents as to whether they are responsive, non-responsive, or privileged.  Privileged documents are also typically classified as responsive or non-responsive, so that only the responsive documents that are privileged need be identified on a privilege log.  Responsive documents that are not privileged are then produced to opposing counsel.

Example of File Count Tracking

So, now that we’ve discussed the various categories for tracking files from collection to production, let’s walk through a fairly simple eMail based example.  We conduct a fairly targeted collection of a PST file from each of seven custodians in a given case.  The relevant time period for the case is January 1, 2010 through December 31, 2011.  Other than date range, we plan to do no other filtering of files during processing.  Duplicates will not be reviewed or produced.  We’re going to provide an exception log to opposing counsel for any file that cannot be processed and a privilege log for any responsive files that are privileged.  Here’s what this collection might look like:

  • Collected Files: 101,852 – After expansion, 7 PST files expand to 101,852 eMails and attachments.
  • Filtered Files: 23,564 – Filtering eMails outside of the relevant date range eliminates 23,564 files.
  • Remaining Files after Filtering: 78,288 – After filtering, there are 78,288 files to be processed.
  • NIST/System Files: 0 – eMail collections typically don’t have NIST or system files, so we’ll assume zero files here.  Collections with loose electronic documents from hard drives typically contain some NIST and system files.
  • Exception Files: 912 – Let’s assume that a little over 1% of the collection (912) is exception files like password protected, corrupted or empty files.
  • Duplicate Files: 24,215 – It’s fairly common for approximately 30% of the collection to include duplicates, so we’ll assume 24,215 files here.
  • Remaining Files after Processing: 53,161 – We have 53,161 files left after subtracting NIST/System, Exception and Duplicate files from the total files after filtering.
  • Files Culled During Searching: 35,618 – If we assume that we are able to cull out 67% (approximately 2/3 of the collection) as clearly non-responsive, we are able to cull out 35,618 files.
  • Remaining Files for Review: 17,543 – After culling, we have 17,543 files that will actually require review (whether manual or via a TAR approach).
  • Files Tagged as Non-Responsive: 7,017 – If approximately 40% of the document collection is tagged as non-responsive, that would be 7,017 files tagged as such.
  • Remaining Files Tagged as Responsive: 10,526 – After QC to ensure that all documents are either tagged as responsive or non-responsive, this leaves 10,526 documents as responsive.
  • Responsive Files Tagged as Privileged: 842 – If roughly 8% of the responsive documents are privileged, that would be 842 privileged documents.
  • Produced Files: 9,684 – After subtracting the privileged files, we’re left with 9,684 responsive, non-privileged files to be produced to opposing counsel.

The percentages I used for estimating the counts at each stage are just examples, so don’t get too hung up on them.  The key is to note the numbers in red above.  Excluding the interim counts in black, the counts in red represent the different categories for the file collection – each file should wind up in one of these totals.  What happens if you add the counts in red together?  You should get 101,852 – the number of collected files after expanding the PST files.  As a result, every one of the collected files is accounted for and none “slips through the cracks” during discovery.  That’s the way it should be.  If not, investigation is required to determine where files were missed.

So, what do you think?  Do you have a plan for accounting for all collected files during discovery?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

eDiscovery Best Practices: Quality Control, It’s a Numbers Game
 

Previously, we wrote about Quality Assurance (QA) and Quality Control (QC) in the eDiscovery process.  Both are important in improving the quality of work product and making the eDiscovery process more defensible overall.  For example, in attorney review, QA mechanisms include validation rules to ensure that entries are recorded correctly while QC mechanisms include a second review (usually by a review supervisor or senior attorney) to ensure that documents are being categorized correctly.  Another overall QC mechanism is tracking of document counts through the discovery process, especially from collection to production, to identify how every collected file was handled and why each non-produced document was not produced.

Expanded File Counts

Scanned counts of files collected are not the same as expanded file counts.  There are certain container file types, like Outlook PST files and ZIP archives that exist essentially to store a collection of other files.  So, the count that is important to track is the “expanded” file count after processing, which includes all of the files contained within the container files.  So, in a simple scenario where you collect Outlook PST files from seven custodians, the actual number of documents (emails and attachments) within those PST files could be in the tens of thousands.  That’s the starting count that matters if your goal is to account for every document in the discovery process.

Categorization of Files During Processing

Of course, not every document gets reviewed or even included in the search process.  During processing, files are usually categorized, with some categories of files usually being set aside and excluded from review.  Here are some typical categories of excluded files in most collections:

  • Filtered Files: Some files may be collected, and then filtered during processing.  A common filter for the file collection is the relevant date range of the case.  If you’re collecting custodians’ source PST files, those may include messages outside the relevant date range; if so, those messages may need to be filtered out of the review set.  Files may also be filtered based on type of file or other reasons for exclusion.
  • NIST and System Files: Many file collections also contain system files, like executable files (EXEs) or Dynamic Link Library (DLLs) that are part of the software on a computer which do not contain client data, so those are typically excluded from the review set.  NIST files are included on the National Institute of Standards and Technology list of files that are known to have no evidentiary value, so any files in the collection matching those on the list are “De-NISTed”.
  • Exception Files: These are files that cannot be processed or indexed, for whatever reason.  For example, they may be password-protected or corrupted.  Just because these files cannot be processed doesn’t mean they can be ignored, depending on your agreement with opposing counsel, you may need to at least provide a list of them on an exception log to prove they were addressed, if not attempt to repair them or make them accessible (BTW, it’s good to establish that agreement for disposition of exception files up front).
  • Duplicate Files: During processing, files that are exact duplicates may be put aside to avoid redundant review (and potential inconsistencies).  Some exact duplicates are typically identified based on the HASH value, which is a digital fingerprint generated based on the content and format of the file – if two files have the same HASH value, they have the same exact content and format.  Emails (and their attachments) may be identified as duplicates based on key metadata fields, so an attachment cannot be “de-duped” out of the collection by a standalone copy of the same file.

All of these categories of excluded files can reduce the set of files to actually be searched and reviewed.  Tomorrow, we’ll illustrate an example of a file set from collection to production to illustrate how each file is accounted for during the discovery process.

So, what do you think?  Do you have a plan for accounting for all collected files during discovery?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

eDiscovery Case Law: No Sanctions For Spoliation With No Bad Faith
 

In Sherman v. Rinchem Co., No. 11-2932, 2012 U.S. App. (8th Cir. Aug. 6, 2012), the plaintiff in a defamation case against his former employer appealed the district court’s denial of both his summary judgment motion and request for an adverse inference jury instruction. The district court had decided the case under Minnesota law, which “provides that ‘even when a breach of the duty to preserve evidence is not done in bad faith, the district court must attempt to remedy any prejudice that occurs as a result of the destruction of the evidence.’” In contrast, as the Eighth Circuit pointed out, in this case where the parties had diversity, and a question remained as to whether state or federal spoliation laws were applicable, federal law requires “a finding of intentional destruction indicating a desire to suppress the truth” in order to impose sanctions.

The plaintiff was fired from his employer after he allegedly lied during the employer’s investigation of complaints about his behavior. As part of the investigation, the plaintiff was interviewed by the employer’s human resources director, where the director took notes. The plaintiff argued that he requested the employer provide him with the notes because he believed they were critical to his case. However, the human resources director claimed she lost the notes, but she did not destroy them.

Arguing that the employer’s loss of the notes amounted to spoliation of evidence, the plaintiff “contended that the district court should grant his motion for summary judgment or, in the alternative, give an adverse-inference instruction to the jury for spoliation of evidence.” The court, however, found that at most the employer’s actions were negligent, not in bad faith, and therefore would not support the sanctions sought by the plaintiff. In the course of speaking to the plaintiff and his counsel on the record, the plaintiff’s counsel conceded that it did appear the employer’s actions were non-intentional and amounted only to negligence. The district court ultimately denied the plaintiff’s motion for summary judgment without prejudice, offering that he could return and seek another remedy short of summary judgment or an adverse inference instruction.

First, the Eighth Circuit found that in diversity actions, “federal law applies to the imposition of sanctions for the spoliation of evidence” in this case because “a direct conflict exists between federal law and Minnesota law.” Therefore, for spoliation sanctions to be applicable, the court had to find bad faith. Furthermore, the record reflected—and the plaintiff conceded—there had been no bad faith on the part of the employer.

Therefore, the court upheld the denial of the plaintiff’s motion for summary judgment and request for an adverse inference instruction.

So, what do you think?  Should either court have allowed the sanctions?  Or should lesser sanctions be allowed?  Please share any comments you might have or if you’d like to know more about a particular topic.

Case Summary Source: Applied Discovery (free subscription required).  For eDiscovery news and best practices, check out the Applied Discovery Blog here.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

eDiscovery Trends: iDiscovery
 

Yesterday was a day that tech enthusiasts and ordinary people alike had circled on their calendar since it was confirmed as the date of Apple’s press event to unveil the iPhone5. Apple proudly boasted that it had sold 400 million iOS devices by the end of June of this year, which can in part be attributed to the smoothly operating software running on their devices. Advances in mobile high tech have made these portable computers accessible and their presence inescapable even among late adopters. What is simple and intuitive from a user standpoint, however, can prove challenging and fickle to a computer forensics expert.

Richard Lutkus of Law Technology News writes that there are many factors that must be considered when investigating an iOS device, such as “device model, generation, storage capacity, iOS version, iCloud activation status, and passcode protection status. One example of the importance of these identification questions is iCloud, which is Apple's information syncing service. The presence and status of this service may be important because information found on an iOS device could be automatically synced to one or several computers or other iOS devices.”

Lutkus points out that mobile device forensics requires skills that not all computer forensic professionals possess. For example, an important part of the preservation of a mobile device is isolation from all data networks to ensure no changes occur on the device, such as a remote wipe.  A few ways of isolating the hardware include a signal blocking “Faraday” bag, removing the SIM card, or enabling airplane mode. From there, the two methods of imaging an iOS device are logical capture and physical imaging. Lutkus explains, “Logical capture is the preservation of all active (no file fragments or other ephemera) files on a device. This method is similar to an iTunes backup in that it saves the same types of data as iTunes backups. In contrast, physical imaging captures everything that a logical capture does, but includes deleted file fragments, temporary cache files, and other ephemera. Generally, physical imaging is more desirable if it is technically possible. Though slower, this approach is widely accepted, is compatible with most forensic tools, and preserves all data on a device.”

There are other challenges in preserving the data in an iOS device, especially hardware newer than the iPhone 4S and Ipad 3, which include encryption of even unallocated space of memory when a passcode has been used. The quality of data one might expect to find after imaging and decrypting could include: “contacts, call logs, speed dials, voicemail, Bluetooth devices, screenshots, bookmarks, web clips, calendars, messages, email, attachments, internet history, internet cookies, photos, audio recordings, notes, videos, music, app list, keystroke information, GPS coordinates, wi-fi network memberships, user names and passwords, map searches, app-specific data, cell tower information, serial number, device name, device IMEI (international mobile equipment identify number), device serial number, version, and generation, etc.” This type of information can be crucial in the first 7 to 10 days after litigation hits, as we have previously covered here. These devices seem to know so much about us that companies like Apple have had to release statements to state they are not recording and storing your location in response to allegations of privacy invasion. With the number of expected sales of the iPhone5 potentially adding between a quarter and a half percent to America’s GDP, there will be millions more iPhone’s will making their ways into the hands of consumers and eventually, no doubt, into the hands of mobile forensic experts.

So, what do you think? Have mobile computing devices, such as smartphones and tablets, been material to your eDiscovery work? Have other mobile operating systems, such as Blackberry or Android, presented challenges that differ from iOS? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

eDiscovery Best Practices: Repairing a Corrupted Outlook PST File
 

We like to believe that there will never be any problems with the data that we preserve, collect and process for eDiscovery purposes.  Sometimes, however, critical data may be difficult or impossible to use.  Perhaps key files are password protected from being opened and the only way to open them is to “crack” the password.  Or, perhaps a key file may be corrupted.  If that file is an Outlook Personal Storage Table (PST) file, that file corruption could literally make tens of thousands of documents unavailable for discovery unless the file can be repaired.

I recently had a case where 40% of the collection was contained in 2 corrupt Outlook PST files.  Had we not been able to repair those files, we would have been unable to access nearly half of the collection that needed to be reviewed for responsiveness in the case.

Fortunately, there is a repair tool for Outlook designed to repair corrupted PST files.  It’s called SCANPST.EXE.  It’s an official repair tool that is included in Office 2010 (as well as Office 2007 before it).  As a very useful utility, you might think that SCANPST would be located in the Microsoft Office 2010 Tools folder within the Microsoft Office folder in Program files.  But, you’d be wrong.  Instead, you’ll have to open Windows Explorer and navigate to the C:Program FilesMicrosoft OfficeOffice14 folder (for Office 2010, at least) to find the SCANPST.EXE utility.

Double-click this file to open Microsoft Outlook Inbox Repair Tool.  The utility will prompt for the path and name of the PST file (with a Browse button to browse to the corrupted PST file).  There is also an Options button to enable you to log activity to a new log file, append to an existing log file or choose not to write to a log file.  Before you start, you’ll need to close Outlook and all mail-enabled applications. 

Once ready, press the Start button and the application will begin checking for errors. When the process is complete, it should indicate that it found errors on the corrupted PST file, along with a count of folders and items found in the file.  The utility will also provide a check box to make a backup of the scanned file before repairing.  ALWAYS make a backup – you never know what might happen during the repair process.  Click the Repair button when ready and the utility will hopefully repair the corrupted PST file.

If SCANPST.EXE fails to repair the file, then there are some third party utilities available that may succeed where SCANPST failed.  If all else fails, you can hire a data recovery expert, but that can get very expensive.  Hopefully, you don’t have to resort to that.

By repairing the PST file, you are technically changing the file, so if the PST file is discoverable, it will probably be necessary to disclose the corruption to opposing counsel and the intent to attempt to repair the file to avoid potential spoliation claims.

So, what do you think?  Have you encountered corrupted PST files in discovery?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

eDiscovery Case Law: Social Media Is No Different than eMail for Discovery Purposes
 

In Robinson v. Jones Lang LaSalle Americas, Inc., No. 3:12-cv-00127-PK (D. Or. Aug. 29, 2012), Oregon Magistrate Judge Paul Papak found that social media is just another form of electronically stored information (ESI), stating “I see no principled reason to articulate different standards for the discoverability of communications through email, text message, or social media platforms. I therefore fashion a single order covering all these communications.”

In this employment discrimination case, the defendants sought discovery from the plaintiff, including “all of Robinson's email and text message communications with current and former Jones Lang employees” and, most notably “all social media content involving Robinson since July 1, 2008, including photographs, videos, and blogs, as well as Facebook, linkedIn, and MySpace content that reveals or relates to Robinson's. "emotion, feeling, or mental state," to "events that could be reasonably expected to produce a significant emotion, feeling, or mental state," or to allegations in Robinson's complaint”.

In rendering his decision, Judge Papak referenced “[t]he most frequently cited and well-reasoned case addressing the discoverability of social media communications involving emotional distress” (E.E. O. C. v. Simply Storage Mgmt., LLC, 270 F.R.D. 430, 432 (S.D. Ind. 2010)).  In that case, Judge Papak noted that “the court recognized that social media can provide information inconsistent with a plaintiffs allegation that defendant's conduct caused her emotional distress, whether by revealing alternate sources of that emotional distress or undermining plaintiff s allegations of the severity of that distress.”

With the principles of the Simply Storage case in mind, Judge Papak ordered the plaintiff to produce:

“(I) any:

(a) email or text messages that plaintiff sent to, received from, or exchanged with any current and former employee of defendant, as well as messages forwarding such messages; or

(b) online social media communications by plaintiff, including profiles, postings, messages, status updates, wall comments, causes joined, groups joined, activity streams, applications, blog entries, photographs, or media clips, as well as third-party online social media communications that place plaintiff's own communications in context;

(2) from July 1, 2008 to the present;

(3) that reveal, refer, or relate to:

(a) any significant emotion, feeling, or mental state allegedly caused by defendant's conduct; or

(b) events or communications that could reasonably be expected to produce a significant emotion, feeling, or mental state allegedly caused by defendant's conduct.”

Understanding the difficulty of establishing an appropriate level of discovery, Judge Papak stated “As Simply Storage recognized, it is impossible for the court to define the limits of discover in such cases with enough precision to satisfy the litigant who is called upon to make a responsive production…Nevertheless, the court expects counsel to determine what information falls within the scope of this court's order in good faith and consistent with their obligations as officers of the court. Defendant may, of course, inquire about what "has and has not been produced and can challenge the production if it believes the production falls short of the requirements of this order."…Moreover, the parties may ask the court to revise this order in the future based on the results of plaintiffs deposition or other discovery.”

So, what do you think?  Should all media be handled the same in discovery, or should there be differences?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.