Close
Enter your
text here

eDiscoveryDaily

eDiscovery Budgeting, Part 2: Key Assumptions and Choices That Affect eDiscovery Budgeting
 

Friday, we talked about assumptions and elements that contribute to cost that need to be considered when budgeting for eDiscovery activities.

Now that you know a bit about the factors surrounding the cost of eDiscovery, let's take a look at budgeting and the estimates that attorneys provide to a client before beginning eDiscovery work. The first step in budgeting is to prepare an estimate based on your and your client’s best guesses and assumptions. What are some of these assumptions?

  • Volume: Volume is almost always the largest driver of cost, as it will affect not only the quantity of data to be collected and processed, but also the amount of time human beings must spend reviewing discovery documents for relevance and privilege. Volume is also one of the more ambiguous factors. The most accurate estimate of volume is in megabytes (MB), gigabytes (GB) or terabytes (TB), but you won't always have access to these kinds of size descriptions. Instead, a client may tell you that there are "50,000 or so pages" of data, or "about 10,000 emails". The size of pages can vary widely depending on whether they are in an email, a PDF, or a word document, so it can be very difficult to estimate volume with any degree of accuracy.
  • Scope: It's wise to start with the smallest possible scope and expand if necessary, but that can be an inefficient way to review documents for eDiscovery, as it may mean going over the same files twice for different aspects of your eventual scope.
  • Efficiency: Whenever possible, it's important to plan an eDiscovery strategy in advance that will allow for a more efficient review of documents and data. The ability to maintain an efficient process of eDiscovery is largely dependent on timing and the ability to plan.
  • Timing: More time for eDiscovery activities means that the scope and search details can be refined, optimizing efficiency and minimizing costs. If the eDiscovery must be done in a hurry, efficiency suffers and costs rise.
  • Risk: Risk tolerance is a factor in cost, determining how much attention must be paid to refining every aspect of document review and data access. Mitigating risk up front through agreement and cooperation with opposing counsel can clearly define the risk so that you know where you stand.
  • Location: Where the data is located can affect costs and so can the jurisdiction of the case.  For example, different courts have provided different rulings on spoliation claims, so it’s important to consider location as part of the budgeting process.

So, what do you think? Have you found any of these assumptions to be especially problematic in your own eDiscovery budgeting estimates? Please share any comments you might have or if you'd like to know more about a particular topic.

eDiscovery Budgeting, Part 1: Assumptions and Elements that Contribute to Cost
 

While attorneys may struggle with the regional and international regulations surrounding eDiscovery, your client is likely to be less concerned with the practical legal details of your discovery request, and more concerned with the financial cost.

Whether you're working with the plaintiff or the defense, one of the most important considerations in preparing for eDiscovery is presenting the expense accurately and completely to the client – and that means understanding for yourself the factors that go into budgeting for eDiscovery. There are two main sets of elements to consider: those that affect budgeting and estimates, and those that will have a direct impact on the ultimate cost of eDiscovery.

Understanding Assumptions in eDiscovery

Because so much of the eDiscovery process cannot be predicted without accurate information, it's important to confirm any estimates from a client or from opposing counsel before proceeding with a budget.

Does your client really know the volume of data that is likely to be contained in certain files or backups, or are they providing generalized figures that may not be accurate? Do you know for certain the precise scope of the information you need to examine for discovery? Attorneys need to verify as many estimates as possible, noting any and all assumptions in their estimates so that the client can prepare for potential changes in eDiscovery costs if those early assumptions prove to be inaccurate.

eDiscovery budgeting is predicated on guesswork and assumptions that may include:

  • Volume
  • Scope
  • Efficiency
  • Risk
  • Timing

Each of these factors will be discussed in an upcoming blog post next week detailing the assumptions that go into estimating a budget for eDiscovery.

Breaking Down the Cost of eDiscovery

Once the estimate is complete and you’re ready to tackle the real work of eDiscovery, there are particular elements that contribute to the cost, while others are more minimal.

Some of the major elements comprising the cost of eDiscovery include:

  • Collection: including factors such as travel, retrieval, custodian interviews, and forensic collection (if necessary)
  • Volume of data
  • Number of custodians
  • Human review: the most expensive factor in eDiscovery costs
  • Case complexity

I'll discuss more on each of these factors in an upcoming blog post, as well.

The cost of eDiscovery can also be affected by the degree of open communication with opposing counsel. A cooperative relationship with the opposition can streamline discovery, while a contentious relationship makes it likely that discovery-related motions and court appearances will increase the total cost of this process.

So, what do you think? How much up front effort goes into your eDiscovery budgeting process? How do you monitor progress against the budget?  Please share any comments you might have or if you'd like to know more about a particular topic.

eDiscovery Trends: How Blocking Statutes Affect International eDiscovery
 

Over the past few weeks, we’ve discussed the general challenges of international eDiscovery, use of the 41 year old Hague Convention for requesting ESI from other countries, use of Section 1782 for foreign entities to request ESI from US entities, and the effect of privacy laws in other countries on discovery requests.

In the course of pursuing discovery requests in foreign nations, US lawyers also often run into another serious legal snag: blocking statutes. These statutes prevent certain types of information from leaving the country where it originates, and can interfere with discovery of evidence in a number of ways.

The purpose of blocking statutes – also known as "secrecy laws" – is to protect information that is considered commercially significant or relevant to national security in the country where it is located, or where it originated. Certain countries have blocking statutes that protect particular industries or types of information. In Switzerland, for instance, the disclosure or transmission of bank account information is forbidden by blocking statutes. Other countries, such as France and Germany, have created blocking statutes that make certain types of discovery illegal within their borders, complicating matters for attorneys requesting information.

A French blocking statute dating back to 1980 has been known to cause problems in the past few years for attorneys, by criminalizing cooperation with US discovery – in one case, resulting in hefty fines for a French lawyer who contravened that blocking statute. In other cases, a refusal to submit documents for discovery based on blocking statutes and the Hague Convention may be overruled by national courts depending on the circumstances of the case and the type of discovery being ordered.

Blocking statutes present an odd legal conundrum, because they don't prevent American attorneys from requesting privileged information or American courts from ordering discovery – they simply make it illegal for that information to be disclosed by nations of the foreign country in question. As a result, American courts and attorneys have sometimes expressed skepticism about the validity of these statutes and the likelihood of penalties being enforced against those who contravene them.

In fact, those who contravene these blocking statutes are seldom charged or fined. When the statutes are enforced, however, the penalties are steep.

Blocking statutes can be frustrating to organizations responding to discovery requests, because they put foreign individuals and organizations who are ordered to submit privileged information in the untenable position of either breaking their own country's laws – and facing penalties for contravening blocking statutes – or receiving sanctions from US courts for refusal to produce discovery documents. In many cases, foreign entities prefer to confront US courts rather than risk penalties in their own home countries, which forces US courts to address the failure to comply with these requests.

So, what do you think? Have you ever had a discovery request denied because of a blocking statute? Please share any comments you might have or if you'd like to know more about a particular topic.

Working Successfully with eDiscovery and Litigation Support Service Providers: Preparing an eDiscovery Processing RFP, Part 2
 

Yesterday, we talked about the information you should include in a request for proposal for eDiscovery processing.  Today we’ll review some questions you should ask of a service provider to help you to select the one that’s the best fit for your case. 

Of course, you’ll ask for pricing information and if the vendor can meet your schedule requirements.  In addition, here are questions to ask and information to request:

  1. To ensure that you understand the vendor’s pricing model and to avoid unexpected costs, ask the vendor to provide an estimate of total costs for the project, based on the information you’ve provided about the collection.
  2. Ask the vendor to confirm that they can meet all of the requirements you’ve outlined in the information section of the RFP.
  3. Ask what file types are handled, and what the standard protocol/recommendation is for handling other file types.
  4. Ask the vendor how exception files, such as corrupted or password protected files, are handled.
  5. Ask the vendor to describe its approach to processing, including discussion of de-duplication, handling attachments, handling email threads, culling/filtering, and handling metadata.
  6. Ask what languages are supported.
  7. Ask the vendor to describe its auditing and tracking procedures.
  8. Ask the vendor to describe the quality assurance (measures to prevent errors) and quality control (measures to confirm that results are correct) mechanisms included associated with their processing.
  9. Ask the vendor to describe what information, input and participation is required from you.

The response to these questions and information requests should give you the information you need to choose a vendor that’s a good fit for your project.

What questions to you ask and what information do you request in an RFP for eDiscovery processing?  Please share any comments you might have and let us know if you’d like to know more about an eDiscovery topic.

Working Successfully with eDiscovery and Litigation Support Service Providers: Preparing an eDiscovery Processing RFP
 

Last week, we covered preparing a RFP for eDiscovery Collection and Forensics.  This week’s RFP discussion will focus on processing eDiscovery, and today we’ll cover the information you should provide to a vendor regarding your collection and your requirements.  Remember, the more thorough you are, the better the vendor will be able to gauge the scope and complexity of your project.

Here’s information the vendor will need to give you accurate cost and schedule information:

  1. An estimate of the volume.  That is, the number of gigabytes or terabytes of data to be processed.
  2. A description of the data files you expect will be found in the collection (for example, Word documents, Excel documents, PST files, and so on).
  3. A description of the deliverable you’ll be providing to the service provider (the media on which the data will be provided, whether you’ll be uploading data to the service provider’s server) and a schedule for data delivery.
  4. Will de-duplication be required, and if so, by case or by custodian?
  5. What filtering will be required?  Let the service provider know if you’ll be providing keywords, date ranges, and other criteria for filtering.
  6. Are any files password protected, and if so, how should the vendor handle those?  Should they try to crack the passwords?
  7. If you are requiring images, are endorsements required?  If so, what endorsements? Bates numbers? Text, such as confidential or other stamps?
  8. Describe the deliverables you will require from the service provider, including data file formats, image file formats (single-page TIFF, multi-page TIFF, PDF), searchable text, load file fields, etc.  Let the service provider know the target review tool you expect to use.
  9. The date by when the work must be completed, and if there will be processing priorities and interim deadlines.
  10. Describe your expectations regarding the need for the service provider to testify.

Armed with this information, a good vendor should be able to provide accurate cost and schedule information for processing your collection.  In the next post, we’ll cover RFP questions for processing and conversion services.

What type of information do you provide to a vendor in an RFP for processing eDiscovery?  Please share any comments you might have and let us know if you’d like to know more about an eDiscovery topic.

eDiscovery Case Law: Meet and Confer is Too Late for Preservation Hold

A US District court in Indiana ruled on June 28, 2011 in favor of a motion for an Order to Secure Evidence in an employment discrimination lawsuit.

The defendant in Haraburda v. Arcelor Mittal USA, Inc., No. 2:11 cv 93, 2011 WL 2600756 (N.D. Ind. June 28, 2011) had given the plaintiff reason to believe that emails and other relevant documents might be destroyed prior to Rule 26(f) meeting between the parties or Rule 16(b) discovery conference with the court. As a result, the plaintiff formally requested a litigation hold on all potentially relevant documents, which was approved by US Magistrate Judge Andrew Rodovich.

  • Shortly after filing a complaint of employment discrimination, the plaintiff, Marie A. Haraburda, became concerned that the defendant might destroy evidence that she intended to request in discovery. She emailed Sharon Stillman, a human resources manager of the defendant, Arcelor Mittal, about emails that had previously been deleted from her account and was informed that “files stored on company computers are company property and can be assessed and/or deleted as the company views appropriate”.
  • The defendant refused the plaintiff’s request that the defendant place a litigation hold on evidence or take other measures to protect potentially relevant documents, with the comment that such a request by the plaintiff was “premature”.
  • The plaintiff came to believe that the defendant would destroy relevant evidence before the Rule 26(f) discovery confidence, and, therefore, moved for an Order to Preserve Evidence.

In ruling, the court reminded all parties that they have “a duty to preserve evidence when [they know], or should have known, that litigation was imminent.” “Evidence” includes any materials that are relevant or could be deemed relevant during the litigation, including such emails as the plaintiff had brought to the defendant’s attention via Ms. Stillman. A large corporation, therefore, has a duty to not only create a “comprehensive” data protection plan to ensure that documents are preserved, but to inform its employees of that policy so that it will be scrupulously upheld, said the court.

The court also expressed the belief that given the plaintiff’s potential for difficulty if relevant materials were not protected, and in the absence of additional burden on the defendant to preserve existing evidence, the plaintiff’s motion was reasonable.  Accordingly, the court ordered a litigation hold placed “on any and all documents and information that may reasonably be related to the pending litigation”.

So, what do you think? Given previous case law examples, are you surprised that the defendant tried to delay the litigation hold? Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Case Law: Connecticut Approves Rules Updates Governing eDiscovery
 

Last year, eDiscovery Daily identified states that have not currently enacted any rules changes for eDiscovery.  One of the states that had previously enacted eDiscovery rules changes – Connecticut – has updated their rules as Superior Court judges made several amendments to the Connecticut Practice Book that will affect eDiscovery and other legal practices in Connecticut courts.

A series of amendments to the Connecticut Practice Book, the document that governs all legal practice in the state of Connecticut, was adopted on June 20, 2011. Many of these changes affect eDiscovery practices as itemized below. The majority of the amendments, including those changes involving eDiscovery, are slated to take effect on January 1, 2012.

eDiscovery handling requirements are addressed in Connecticut's existing rules, but the revisions to the Practice Book lay out best practices more completely and explicitly, providing additional instruction for courts, attorneys, and their clients.

The relevant amendments to eDiscovery practices include:

  • New Rule 13-5(9): This Rule enables the court to issue a protective order allowing for cost allocation and preventing undue burden on any party in the course of retrieving documents and information for eDiscovery.
  • Revisions to Rule 13-9(d): These amendments deal with the format in which electronic documents are produced for the court and for eDiscovery purposes.
  • New Rule 13-14(d): This new Rule limits liability in cases where eDiscovery information has been lost or is inaccessible due to understandable flaws in normal routines, or reliance in good faith on systems that failed to back up data. Closely based on Federal Rule 37(f), it deals with accidental data loss in situations where there is a demonstrable absence of intention to destroy or avoid preserving records.
  • New Rule 13-33: This new Rule, Claim of Privilege or Protection After Production, defines the procedure by which parties may move to protect information as privileged after it has been produced for pre-trial discovery.

The complete text of the Connecticut Practice Book can be accessed online, as well as the new amendments that will come into effect in 2012.

So, what do you think? Do these amendments streamline eDiscovery and make it more practical and enforceable? Please share any comments you might have or if you'd like to know more about a particular topic.

eDiscovery Trends: Privacy is a Priority When Conducting International Discovery
 

US lawsuits are very public, involving discovery and other public disclosures that go against the cultural traditions and laws of many nations in other parts of the world. In the European Union (EU), for instance, many countries have privacy protection laws that forbid the disclosure of "personal information" – and the definition of personal information here can mean anything from addresses and phone numbers to even the names of individuals if they are used in work reports and business documents.

Despite the complications created by these privacy laws, US courts will apply the Federal Rules of Civil Procedure to non US entities if it has jurisdiction over them.  Nonetheless, litigators often find themselves in a bind where they must either impel evidence through means that are potentially illegal in the country of the non US entity, or lose traction in a US-based lawsuit. That means lawyers pursuing discovery in foreign locales often must take pains to familiarize themselves with the laws of the country and province where they are seeking information.

  • The EU Data Protection Directive does not forbid the transfer and processing of electronically stored information (ESI), but it does complicate the process considerably where it corroborates other European data protection laws.
  • US companies and litigators may legally request and receive documents protected under the Data Protection Directive if the company is a member of the US Department of Commerce Safe Harbor, a group whose mandate is based on seven key principles of data protection.
  • Even where the Safe Harbor and Data Protection Directive allows US companies to access information for pre-trial discovery, the laws of specific EU states may not permit businesses to disclose information without being subject to harsh penalties for violating national privacy laws.

Although US courts don’t always recognize the limitations placed on international discovery by these privacy laws, they do appreciate the balance of delicate factors involved in seeking discovery internationally. In assessing the importance of gaining access to specific ESI, the courts will generally consider a combination of factors, including the importance and origin of the information, the availability of access, the effects of non-compliance with international privacy laws on the US and the nation state where the information is located, and the potential hardship that would be imposed on the individuals or businesses who have the power to produce the information. A careful weighing of the privacy needs of individuals versus the needs of the parties involved in litigation must be assessed.

Individuals are capable of providing their consent to allow documents containing their personal information to appear in an international court. However, they can revoke this consent at any time. Even where consent is given, and certainly where it is not, every effort must be taken to protect the security of private information and to destroy such information within a reasonable amount of time. Electronically stored data must be anonymized or protected by pseudonyms, and personal identifiers such as names, addresses and phone numbers must be purged from information presented in eDiscovery.

So, what do you think? Have you ever dealt with privacy protection laws in international jurisdictions? Please share any comments you might have or let us know if you'd like to learn more about a particular topic.

Working Successfully with eDiscovery and Litigation Support Service Providers: Preparing a Collection & Forensics RFP, Part 2
 

Yesterday, we talked about the information you should include in a request for proposal for eDiscovery Collection and Forensics services.  Of course, that’s only half the picture.  To determine if a vendor is a good choice, you’ll also need to ask questions about the vendor’s offerings and experience and ask them for information about their operations. 

Of course, you’ll ask for pricing information and if the vendor can meet your schedule requirements.  In addition, here are questions to ask and information to request:

  1. Describe the qualifications, certifications, licensing, training and experience of your eDiscovery professionals.
  2. What collection tools do you use?  Describe the circumstances under which you use each tool.
  3. Describe the information that is tracked on chain of custody records.  Please provide a sample chain of custody form.
  4. Describe your approach to preparing a data collection plan.  What types of people in our organization will you require information/participation from?  What type of information will you need?
  5. Describe the searching/filtering audit history logs you maintain.
  6. Please provide at least three references.  We’re interested in speaking with clients who had requirements similar to ours.
  7. We may need you to provide testimony.  How often have you provided testimony?  Please describe the testimony you’ve provided.  Can we meet and interview the professional who will be doing our work and who may need to provide testimony?

The response to these questions and information requests should give you the information you need to choose a vendor that’s a good fit for your project.

What questions to you ask and what information do you request in an RFP for collection and forensics?  Please share any comments you might have and let us know if you’d like to know more about an eDiscovery topic.

eDiscovery Trends: An Insufficient Password Will Thwart Even The Most Secure Site
 

Several months ago, we talked about how most litigators have come to accept that Software-as-a-Service (SaaS) systems are secure.  For example, at Trial Solutions, the servers hosting data for our OnDemand® and FirstPass® (powered by Venio FPR™) platforms are housed in a Tier 4 data center in Houston (which is where our headquarters is).  The security at this data center is military grade: 24 x 7 x 365 onsite security guards, video surveillance, biometric and card key security required just to get into the building.  Not to mention a building that features concrete bollards, steel lined walls, bulletproof glass, and barbed wire fencing.

Pretty secure, huh?  Hacking into a system like this would be very difficult, wouldn’t you think?  I’ll bet that the CIA, PBS and Sony had secure systems as well; however, they were recently “hacked” by the hacker group LulzSec.  According to a recent study by the Ponemon Institute (linked to here via the Ride the Lightning blog), the chance of any business being hacked in the next 12 months is a “statistical certainty”.

No matter how secure a system is, whether it’s local to your office or stored in the “cloud”, an insufficient password that can be easily guessed can allow hackers to get in and steal your data.  Some dos and don’ts:

Dos:

  • If you need to write passwords down, write them down without the corresponding user IDs and keep the passwords with important documents like your passport, social security card and other important documents you’re unlikely to lose.  Or, better yet, use a password management application that encrypts and stores all of your passwords.
  • Mnemonics make great passwords.  For example, “I work for Trial Solutions in Houston, Texas” could become a password like “iw4tsiht”. (by the way, that’s not a password for any of my accounts, so don’t even try)  😉
  • Change passwords every few months.  Some systems require this anyway.

Don’ts:

  • Don’t use the same password for multiple accounts, especially if they have sensitive data such as bank account or credit card information.
  • Don’t email passwords to yourself – if someone is able to hack into your email, then they have access to those accounts as well.
  • Personal information may be easy to remember, but it can also be easily guessed, so avoid using things like your kids’ names, birthday or other information that can be guessed by someone who knows you.
  • Avoid logging into sensitive accounts when using public Wi-Fi as it is much easier for hackers to tap into what you’re doing in those environments.  If you’re thinking of checking your bank balance while having a latte at Starbucks, don’t.

So, what do you think?  Are you guilty of any of the “don’ts” listed above?  Please share any comments you might have or if you’d like to know more about a particular topic.

Full disclosure: I work for Trial Solutions, which provides SaaS-based eDiscovery review applications FirstPass® (for first pass review) and OnDemand® (for linear review and production).  Our clients’ data is hosted in a secured, SAS 70 Type II certified Tier 4 Data Center in Houston, Texas.