Close
Enter your
text here

eDiscoveryDaily

eDiscovery Trends: The Best SaaS Providers are Certifiable
 

The increasing popularity of cloud-based Software-as-a-Service (SaaS) solutions is becoming well documented, with this very blog noting Forrester and Gartner predictions of tremendous growth in cloud computing over the next several years.  We’ve also noted the importance of knowing where your data is stored, as many online poker players learned the hard way when the recent US government crackdown of several gambling sites left them without a way to recover their funds.

If only there were some sort of certification, administered by an impartial third party, to ensure that your SaaS provider has implemented policies and processes that keep your information secure, stable and safe.  There is such a certification.

SAS 70 (the Statement on Auditing Standards No. 70) defines the standards an auditor must employ in order to assess the contracted internal controls of a service provider. Service providers, such as insurance claims processors, credit processing companies and, especially pertinent to eDiscovery, hosted data centers, are evaluated by these standards. The SAS 70 was developed by the American Institute of Certified Public Accountants (AICPA) as a simplification of a set of criteria for auditing standards originally defined in 1988.  Standards such as SAS 70 became critical in the wake of the Sarbanes-Oxley, which created significant legal penalties for publicly traded companies who lacked sufficient control standards for their financial information.

Under SAS 70, auditor reports are classified as either Type I or Type II. In a Type I report, the auditor evaluates the service provider to prevent accounting inconsistencies, errors and misrepresentation. The auditor also evaluates the likelihood that those efforts will produce the desired future results. A Type II report goes a step further.  It includes the same information as that contained in a Type I report; however, the auditor also attempts to determine the effectiveness of agreed-on controls since their implementation. Type II reports also incorporate data compiled during a specific time period, usually a minimum of six months.

SAS 70 reports are either requested by the service provider or a user organization (i.e., clients). The ability for the service provider to provide consistent service auditor's reports builds a client's trust and confidence in the service provider, satisfying potential concerns. A SaaS (2 a’s, as opposed to one for SAS) provider that has received SAS 70 Type II certification has demonstrated to an impartial third party a proven track record of policies and processes to protect its clients’ data.  When it comes to your data, you want a provider that has proven to be certifiable.

So, what do you think?  Is your SaaS provider SAS 70 Type II certified?  Please share any comments you might have or if you’d like to know more about a particular topic.

Full disclosure: I work for Trial Solutions, which provides SaaS-based eDiscovery review applications FirstPass® (for first pass review) and OnDemand® (for linear review and production).  Our clients’ data is hosted in a secured, SAS 70 Type II certified Tier 4 Data Center in Houston, Texas.

Working Successfully with eDiscovery and Litigation Support Service Providers: Keeping a Preferred Vendor Program Up to Date, Part 2
 

Last week, we began talking about keeping a preferred vendor program up to date, and we covered establishing criteria to evaluate vendors after every project.  Here are the remaining steps in establishing a mechanism for keeping your preferred vendor program fresh and up to date:

2. Establish a mechanism for collecting evaluations from end-users on each project.  Once you’ve got a list of evaluation criteria for each service, you need to establish a mechanism for collecting evaluations from end-users after each project.  You might, for example, develop an electronic survey.  If you don’t think the attorneys and paralegals in your firm would fill that out, maybe in-person interviews after each project will be better.  Figure out what will work best in your firm and establish the process.

3. Establish a mechanism for compiling and analyzing the information collected in the surveys, and for ranking a vendor’s performance.  Build a database of the evaluation information you collect, and develop a ranking system so it’s easy to compare vendors, at a glance. 

4. Identify a Manager for the preferred vendor program.  Someone – probably in the firm’s litigation support department – needs to be responsible for monitoring the program.  The manager’s responsibilities may include:

  • Ensuring that end-of-project evaluations are done and that information is entered into the evaluation database.
  • Maintaining the evaluation database.
  • Providing feedback to vendors on performance evaluations.
  • Identifying vendors that – based on performance – should be removed from the preferred vendor list.
  • Communicating with vendors on administration issues (for example, on contracts and invoicing policies)

5. Periodically re-assess the program:  the last component of a preferred vendor program is a plan for “redoing” it every year or 18 months.  To really keep the program up to-date, it should be reviewed in it’s entirely on a set schedule.  Are their new services that should be added to the list?  Are there new vendors that should be looked at and evaluated?  Are there vendors on your list that may be meeting the bare requirements, but not the best of the lot?  Should they be removed?  Look at the program — in its entirety – with a fresh eye to ensure it’s doing what you need it to do and that it’s as good as it can be.

Have you developed a preferred vendor program?  How did you do it?  Please share any comments you might have and let us know if you’d like to know more about an eDiscovery topic.

Social Tech eDiscovery: Use of Smarsh for Social Media Archiving
 

The online world thrives on social media, but for attorneys who must preserve sensitive social media data for discovery, the widespread growth of social technology presents a laundry list of problems.

Not only is it challenging to trace the communications shared on popular sites like Facebook, LinkedIn and Twitter when privacy settings can be turned on and off at whim, it’s also difficult to know whether the information available at any given time is complete, as content can be edited by users at any time or lost due to technical malfunctions.

In some cases, like this example, courts have ruled that even locked or private content on Facebook and other social networking sites is not protected from being requested as part of discovery. In other cases, such as this one, they have ruled differently.  You don’t know for sure how courts will rule, so you have to be prepared to preserve all types of social media content, even possibly content that is changed frequently by users, such as Facebook profiles and blog posts.  And, even though Facebook has introduced a self-collection mechanism, it may not capture all of the changes you need.  And, other social media sites have not yet provided a similar mechanism.  If items are changed or lost after the duty to preserve goes into effect, your organization can be sanctioned with steep fines even receive an adverse inference judgment based on the information you are unable to produce.

Fortunately, there are viable solutions that enable you to create a backup of all social networking activity and archive such information in the event it has to be produced in discovery. Portland-based Smarsh has archiving and compliance tools, including social media archiving and compliance that automate the archiving of social media accounts, preserving all necessary data in case you need it later for discovery.

Some of the benefits of Smarsh’s social media archiving tools include:

  • A complete, logged, and quantifiable record of all social media posts and administrator activity
  • The ability to define which social media features your employees have access to and to track all business communications
  • Compliance with SEC and FINRA regulations (including Regulatory Notice 10-06)
  • The tools to identify and minimize risk, saving your business time, effort, and money

Smarsh has been designed to satisfy all regulatory compliance objectives, transforming the data management hazards of social media into a system that automatically updates and archives itself – an attorney’s dream when litigation strikes. This application creates a simple and proactive approach to archival of social media data, enforcing preservation to ensure that the duty to preserve is met.

So, what do you think?  Do you use Smarsh or any other social media archival tool?  Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Case Law: Completing Production AFTER Trial is Too Late

In DL v. District of Columbia, No. 05-1437 (RCL) (D.D.C. May 9, 2011), repeated, flagrant, and unrepentant failures of the District of Columbia to comply with discovery orders, failure to supplement discovery responses, and eventual production of thousands of e-mails—some more than two years old—after the date of trial resulted in a sanction of waiver of privilege over documents sought by plaintiffs.

Plaintiffs filed an action seeking injunctive and declaratory relief for the failure of the District of Columbia Government to provide them with a free appropriate public education as required under the Individuals with Disabilities and Education Act. On the first day of trial six years later, counsel for the District acknowledged that the District several days earlier had begun a rolling production of thousands of emails per day that was expected to continue through the end of trial. Counsel for the District stated that the court had not been informed of production problems because it had been hoped review of the documents for relevance and privilege and thus production of the documents could have been completed earlier. From the bench, the court ordered the District to produce all of the email without objection and with privilege waived within one week of the end of the trial so that plaintiffs could seek to supplement the trial record if necessary. The District sought reconsideration of the order.

Likening the District’s posture to an airplane with landing gear that deploys only after touchdown, the court denied the District’s motion. Waiver of privilege was an appropriate sanction because it was just and was proportional between offense and sanction, considering the District’s violation of multiple discovery orders and failure to meet its obligation to supplement its discovery responses. The court concluded that its sanction was justified considering prejudice to plaintiffs, prejudice to the judicial system, and the need to deter similar misconduct in the future. Since the District chose not to bring the situation to the court’s attention until the day of trial, the court “had no practical alternative short of entering a default.”

The court held that whether the District had acted in good faith and whether plaintiffs also had committed discovery violations was irrelevant:

Whether the District made a good-faith effort to produce all responsive e-mails before the trial is irrelevant. As explained above, it was not sanctioned for failing to make a good-faith effort. It was sanctioned for openly, continuously, and repeatedly violating multiple Court orders, failing to adhere to or even acknowledge the existence of the Federal Rules’ discovery framework, and committing a discovery abuse so extreme as to be literally unheard of in this Court. The Rules require more than simply making a good-faith effort to produce documents. They require adherence to a very precise framework for navigating the discovery process. Moreover, the duty to adhere to clear Court orders is among a lawyer’s most basic. Were it not for those two directives—the Federal Rules’ discovery framework and Court orders regarding discovery — discovery would devolve into pure bedlam. Disciplined adherence to those Rules and Orders on the part of courts as well as parties is the only tool our system has to wrangle the whirlwind as it were and tame an otherwise unmanageable part of the litigation process. A good-faith effort to produce documents in the absence of adherence to Court orders and the Federal Rules is useless.

So, what do you think?  Have you ever had opposing counsel try to produce documents at the beginning of trial – or even after?  Please share any comments you might have or if you’d like to know more about a particular topic.

Case Summary Source: Applied Discovery (free subscription required).  For eDiscovery news and best practices, check out the Applied Discovery Blog here.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

eDiscovery Trends: Email Footers Give Privilege Searches the Boot
 

This communication (including any attachments) is intended for the use of the intended recipient(s) only and may contain information that is confidential, privileged or legally protected.  Any unauthorized use or dissemination of this communication is strictly prohibited.  If you have received this communication in error, please immediately notify the sender by return e-mail message and delete all copies of the original communication. Thank you for your cooperation.

This is an example of a standard email disclaimer often automated to appear in the footer of outgoing emails to disclaim liability.  Many organizations choose to add disclaimers to their emails for legal protection to attempt to protect themselves from legal threats such as breach of confidentiality or accidental breach of privilege.

However, when it comes time to collect and search email collections for confidentiality and privilege, these email footers can wreak havoc with those searches.  Searches for the words “confidential” or “privileged” will essentially be rendered useless as they will literally retrieve every email with the email disclaimer footer in it.

So, what to do?

One way to address the issue is to identify any other variations of words and phrases that might imply privilege.  Searching for phrases like “attorney client” or “attorney work product” – provided those phrases are not in the footer – may identify many of the privileged files.

Another way is to shift your search focus to names of individuals likely to conduct privileged communications, such as the names of the attorneys communicating with the organization.  Sometimes you may not know the names of all of the attorneys, so a search for domains associated with the outside counsel firms should identify the names of the individuals sending from or receiving to those domains.

If searching for the term "privileged" is still the best way to ensure that you find all of the potentially privileged files, one of our readers, Mark Lyon, actually identified a better way to search for the term “privileged” that I sheepishly admit I did not think of late last night when I wrote this, so I had to amend this post to include it (a first!).   Identifying the various footers at use within at least the main companies included in the collection, then excluding those entire footers from the index will remove those footers from filling up your search results.  Another reader, Joe Howie, has discussed in more detail an approach for removing those footers from the index.  Thanks to both Mark and Joe for keeping me on my toes!  🙂

So, what do you think?  Are email disclaimer footers making your privileged searches more complicated?  Please share any comments you might have or if you’d like to know more about a particular topic.

Working Successfully with eDiscovery and Litigation Support Service Providers: Keeping a Preferred Vendor Program Up to Date
 

In the last several posts in this series, we talked about evaluating and selecting vendors for a preferred vendor program.  Once that’s done, you still have a bit of work to do before rolling out your program.  You need to establish a mechanism for on-going evaluation of the vendors on your list.  This is an important component of the program – you need to monitor the work of the vendors on your list to ensure that they continue to meet your requirements and live up to your expectations.  Here’s the first step in developing this part of the program:

1. Determine evaluation criteria for each service.  The first step in developing a preferred vendor program was to create a list of the services that you’d like vendors to provide.  Go back to that list, and for each service, identify evaluation criteria that you can apply to every project moving forward.  There are some general criteria points that will probably apply to all services.  Some examples are: 

  • Were our deadlines met?
  • Were costs what we expected?
  • Were quality expectations met?
  • Was the vendor easy to work with?
  • Was the vendor responsive?
  • If applicable, did we receive timely status reports with useful information?
  • Were invoices timely and accurate?

For each service, there are likely to be specific questions.  Some examples are: 

  • For electronic discovery processing services: were load files formatted correctly?
  • For coding services: were coding rules applied consistently?
  • For electronic discovery processing services:  were changes in priorities in processing implemented smoothly?
  • For OCR services:  was OCR quality sufficient?
  • For use of online review tools:  was searching easy?  Did the tool offer all the search features we needed? 

Your goal is to compile a list – for each service – of easy-to-answer questions that will let you know if the vendor performed well on a project

Next week, we’ll go over the remaining steps in establishing a mechanism for keeping your preferred vendor program up to date.

Do you evaluate vendor performance after each project?  How do you do it?  Please share any comments you might have and let us know if you’d like to know more about an eDiscovery topic.

eDiscovery Case Law: Sue Me and Lose? Pay My Costs.

In a ruling that may give some plaintiffs’ lawyers pause, a federal judge in Pittsburgh has ruled that the winning defendants in an antitrust case are entitled to reimbursement of more than $367,000 in eDiscovery costs.

In Race Tires Amer., Inc. v. Hoosier Racing Tire, Corp., No. 2:07-cv-1294, 2011 WL 1748620 (W.D. Pa. May 6, 2011), U.S. District Judge Terrence F. McVerry issued a 25 page opinion, finding that courts are increasingly approving awards of eDiscovery costs, noting that one judge described them as “the 21st century equivalent of making copies.”

In the suit, Race Tires America claimed that its competitor, Hoosier Racing Tire Corp., violated Sections 1 and 2 of the Sherman Act by entering into exclusive dealing contracts with motorsport sanctioning body Dirt Motor Sports Inc. that included a “single tire rule.”  Under the single tire rule, Dirt Motor Sports required that drivers and racers participating in its races use a specific brand of tire for a series of races or for the entire racing season, which Race Tires America argued shut it out of the market.

But Judge McVerry dismissed the suit on summary judgment, holding that such exclusive contracts are permissible in instances when a sports-related organization has freely decided that it wants exclusivity and has good-faith, pro-competitive or business justifications for doing so.  The decision was appealed to the 3rd Circuit, where the defendants won again and, after winning the appeal, the defendants filed their bills of costs in the district court.

The plaintiff argued that the costs should be disallowed because “electronic document collection, hard drive imaging and indexing and searching, commonly referred to as ‘eDiscovery charges,’ are not enumerated under Section 1920(4), and thus are not properly deemed recoverable costs.”  But Judge McVerry found that Congress, in the Judicial Administration and Technical Amendments Act of 2008, modified the wording of Section 1920(4), changing the phrase “fees for exemplifications and copies of papers” to read “fees for exemplification and the costs of making copies of any materials.”  Since that amendment, Judge McVerry said, “no court has categorically excluded eDiscovery costs from allowable costs.”  For example, in an Idaho case, Judge McVerry noted, the court awarded $4.6 million for the costs incurred for “the creation of a litigation database.”

Given the extent of the defendant’s eDiscovery activities, including copying nearly 500 gigabytes of data in response to over 400 search terms and creation of a litigation database, the court awarded $367,000 of the $389,000 eDiscovery costs requested by the defendants.

So, what do you think?  Should plaintiffs have to reimburse eDiscovery costs to defendants if they lose?  Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Trends: The Only Prescription is More Cloud
 

A famous “philosopher” once said, “I got a fever, and the only prescription is more cowbell”.  Sorry, I couldn’t resist…that line always makes me laugh.  😉

It seems that many corporations and law firms “got a fever” and “the only prescription is more cloud”.

As we noted earlier this week, Forrester has forecast that the global Software-as-a-Service (SaaS) “cloud” computing market will grow from 40.7 billion dollars in 2011 to more than 241 billion dollars by 2020 – a six-fold increase.  In addition, the Gartner Group has projected that the cloud computing industry will have revenue of 148.8 billion dollars by 2014 – an even faster growth rate than Forrester’s forecast of 118.7 billion dollars for the same year.

So, there are the predictions.  The question is why?

One reason is the continued trend toward decentralization and globalization of organizations today.  In my recent interview with Jeffrey Brandt, Editor of the Pinhawk Law Technology Daily Digest, he noted that a 250 lawyer firm in Ohio was the 83rd largest law firm in the country several years ago, but now that same sized firm might not make it into the AMLAW 250.  Firms are growing and, as technology shrinks the world for many organizations, the barriers to expansion (even globally) are minimized.  Cloud computing technology is one of the ways in which technology shrinks the world today and enables decentralized organizations share applications and data.

And then, there is the economy.

In the past few years, many corporations and law firms have reduced their IT staffs – in some cases, significantly. Also, while the use of technology has continued to increase “by leaps and bounds”, expenditures for training or upgrading skill sets has lagged behind. Cloud computing technology solves this issue because the burden of keeping up with technology advances is shifted from the organization to the service provider.  As a result, many organizations are finding that “the only prescription for their fever” is “more cloud”.

In the coming days, we will discuss other cloud benefits as well as issues to consider and address before making the move to the cloud.

So, what do you think?  Is your organization storing more data in the cloud?  Does your organization have an effective plan in place for getting to the data when litigation strikes?  Please share any comments you might have or if you’d like to know more about a particular topic.

As we are off on Monday for the Memorial Day holiday, eDiscoveryDaily would like to thank all veterans and the men and women serving in our armed forces and the sacrifices you make for our country.  Thanks to all of you and your families and have a happy and safe Memorial Day!

Working Successfully with eDiscovery and Litigation Support Service Providers: Establishing a Preferred Vendor Program, Part 2
 

Yesterday, we covered the first couple of steps in establishing a law firm preferred vendor program.  Here are the next steps in the process:

3. Review the vendors with which the firm has worked in the past year.  Make a list of the vendors with which the firm has recent experience.  For each, answer these questions:

  • What services were provided?
  • How much work did the vendor do for the firm?
  • Were deadlines met?
  • Did the vendor provide high-quality work?
  • Were costs reasonable and within expectations?
  • Was the vendor easy to work with?
  • Are there thresholds that if exceeded, the vendor might not be a good candidate (for example, high volume or quick turnaround projects)?

The vendors that pass muster in this initial review can be the starting point of your preferred vendor list.

4. Classify vendors by service.  So far, you’ve created two lists:  a list of the services you need provided, and a list of the vendors that have done good work for the firm.  Combine those lists.  Under each service, list the vendors that provide that service.  Make qualifying notes regarding thresholds, if applicable.

5. Evaluate additional vendors.  Fill in the holes on your list, if that’s necessary.  For each service, you should have multiple vendors.  If you need to add to your list, do some research and vendor evaluations.  Even if your lists are complete, it’s always a good idea to find out if there are other vendors you should be considering.  Talk to peers in the industry and do a little research to make sure you are not overlooking good candidates.

6. Finalize the list and negotiate “relationships”.  When your list is filled in, make sure you’ve met with each vendor and that you’ve clearly laid out the firm’s expectations and come to agreement on how you’ll work with the vendor.  This may involve negotiating standard pricing, standard deliverables, project start-up procedures, and communication protocols.

Next week we’ll focus on establishing the next component of a preferred vendor program:  establishing mechanisms for doing on-going evaluations of the vendors on your list.

Have you developed a preferred vendor program for your firm?  How did you do it?  Please share any comments you might have and let us know if you’d like to know more about an eDiscovery topic.

Working Successfully with eDiscovery and Litigation Support Service Providers: Establishing a Preferred Vendor Program
 

Last week, we talked about the components of a preferred vendor program.  Establishing a program is a “project”, and should be approached with a solid plan of action.  First, identify who will put the program together.  The team should be made up of experienced litigation support professionals and it should incorporate input from litigation team members.  Once the team is in place, you need a step-by-step approach for moving forward.

In the next few posts in this blog series, I’ll suggest an approach.  Here are the first couple of steps:

1. Create a list of the services to be provided by vendors.  You may need vendors to provide a variety of services – services that the firm’s litigation support department does not provide, and services for projects that exceed the capacity of the firm’s litigation support department offerings.  Your list may look something like this:

  • ESI collection
  • ESI processing
  • Tiffing
  • Photocopying and scanning
  • Coding / auto-coding
  • Hosting and providing online review platforms
  • Language translation
  • Document review staffing and management
  • Court reporting / deposition transcription
  • Trial support services 

2. Get input from litigation team members on preferences and priorities.  Survey attorneys and paralegals in the firm to determine what is most important to them.  For each service on the list, ask questions about pricing expectations, overall schedule requirements, and expectations on deliverables.  Ask them if they’ve worked with vendors that should be considered.  This is an important step.  First, it ensures that your evaluation process will take into account what’s most important to the users.  Second, litigation department members are more likely to embrace a program that they participated in developing.

We’ll continue with the next steps tomorrow.

Have you developed a preferred vendor program for your firm?  How did you do it?  Please share any comments you might have and let us know if you’d like to know more about an eDiscovery topic.