Close
Enter your
text here

eDiscoveryDaily

Survey Says! Results of the ACEDS Community Survey: eDiscovery Trends

As part of its focus on offerings and opportunities that impact certifications, careers, contacts, and competence, the Association of Certified E-Discovery Specialists (ACEDS) recently conducted one of the more comprehensive online surveys of individuals currently working in the field of the eDiscovery that I’ve seen in a long time.  So, what were some of the findings?  Let’s take a look.

ACEDS posted Nineteen Observations on ACEDS in the Summer of 2019, written by Rob Robinson, editor of the excellent Complex Discovery blog and probably the unofficial survey king of eDiscovery.  Rob posted those same observations on his blog here.

Notably, the survey was open between May 15, 2019, and June 3, 2019. The survey was conducted by an outsourced and primary research firm, Hanover Research, and was designed to provide insight into survey areas through the responses to approximately 250 questions(!) organized around six general ACEDS-related topics.  Of those receiving invitations to participate, 149 eDiscovery professionals completed all 250 questions (I was one of those – kudos to ACEDS for generating so many responses to such a long survey). Partial responses to the survey were not tabulated as part of the survey results, and the reward for full survey completion was $20 directed by respondents to one of three charities.

Here are a few of the observations from the survey:

  • 93% of ACEDS Community Survey respondents were aware of the Certified E-Discovery Specialist (CEDS) certification, with 80% of these respondents being very familiar or extremely familiar with the CEDS certification.
  • The ACEDS Blog was noted as a primary source of legal news and thought leadership information by 79% of survey respondents.
  • Unsurprisingly given the target audience of the survey, 75% of respondents shared that they were current members of ACEDS. Additionally, 35% of respondents noted Women in eDiscovery (WiE) as the most common non-ACEDS membership to possess among presented legal industry groups.
  • 84% of respondents shared that they have a positive impression of ACEDS, and one-third of respondents noted that the reason for the positive impression was ACEDS educational content and certification course materials.
  • In considering the frequency respondents use skills acquired from certifications in their work, security-related certifications appeared to be the most utilized certification skills with 91% of respondents with security-related certifications reporting that they always use the skills related to that certification in their work. Also, 58% of respondent CEDS certificate holders noted that they always use CEDS-related skills in their work.
  • Only 7% of respondents shared that eDiscovery was taught as part of their law school or paralegal school curriculum. With just under two-thirds of that teaching (64%) being teaching as part of a course dedicated to eDiscovery.
  • 89% of ACEDS Community Survey respondents reported an increase in compensation during the last five years and 77% reported an increase in job offers.
  • 69% of survey respondents attended at least one industry professional development conference during the past year, with LegalTech NY, Relativity Fest, and ILTACON being the most attended conferences. 32% of respondents noted attending LegalTech NY, 24% of respondents noted attending Relativity Fest (Chicago or London), and 20% of respondents noted attending ILTACON.

These are just a few of the published results, check out the article for more.  Also, speaking of surveys, Rob launched the Summer 2019 eDiscovery Business Confidence Survey over the weekend, so you can participate in that one too.  I’ll cover the results of it in a few weeks as I have the previous surveys over the past 3+ years.

So, what do you think?  Are you surprised by any of the ACEDS survey results?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Daily will return next Monday.  Happy Independence Day!

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Plaintiff Requests His Entire PST File, Court Says No: eDiscovery Case Law

In Russell v. Kiewit Corp., No. 18-2144-KHV (D. Kan. June 4, 2019), Kansas Magistrate Judge James P. O’Hara denied the plaintiff’s motion seeking to compel supplemental discovery responses by the seven defendants, including the request to receive his entire e-mail personal storage (PST) file, agreeing with the defendants’ contention that the request was overly broad and not proportional.

Case Background

In this case where the plaintiff alleged he was fired in retaliation for opposing age discrimination, disability discrimination, and FMLA violations in the workplace through his role in the defendant’s human resources department, the parties had several unresolved issues that they could not agree on with regard to discovery.  The defendants proposed that the scope of electronic discovery would run from May 27, 2015 through April 22, 2016 and focus on specifically identified custodians using agreed and limited search terms, but the plaintiff did not agree with those propose limitations.

Among the areas where there were disputes were: 1) plaintiff’s email, where the plaintiff moved to compel defendants to produce the e-mail file from his entire employment with defendants as a PST file; 2) the scope of discovery searches; 3) discovery requests to additional entities beyond the plaintiff’s employer; and 4) the plaintiff’s request for policies related to the HR and IT operations of the defendants for whom plaintiff was not an employee.  The parties did resolve their dispute over production of the data from plaintiff’s company-issued iPhone.

Judge’s Ruling

With regard to production of the plaintiff’s PST file, the plaintiff argued that the defendants had an unfair advantage by having access to e-mails that the plaintiff could not access, also arguing that it was proportional to allow him to “see all emails in context maintained in his own email folders” because it “equalizes access.”  The defendants argued the plaintiff’s request was overly broad and not proportional, asserting they had searched for all terms requested by plaintiff, as well as many additional search terms not requested by plaintiff, and produced all responsive e-mails.

With regard to this dispute, Judge O’Hara stated: “The court agrees with defendants. Rule 26(b)(3)(c) relates to a party’s ‘own previous statement about the action or its subject matter.’ To the extent plaintiff seeks his own e-mails related to this action, those were captured in the e-mails defendants produced in response to plaintiff’s search terms, plus the additional terms defendants searched…Conspicuously, plaintiff has not cited any authority for the proposition that Rule 26(b)(3)(C) requires the production of all statements plaintiff has ever made in an e-mail about any subject, such that his entire e-mail file during his tenure with Kiewit Energy must be produced.

Although plaintiff is entitled to request the production of files in .pst format, which are ‘generally associated with the Microsoft Outlook email program,’ Document Request No. 29 seeks the entire file for the ‘email account assigned to plaintiff during his employment with defendants.’  Plaintiff purports to address the ‘proportionality standpoint’ by arguing the .pst file would allow him to more efficiently review the file. But producing the entire PST is ‘simply requesting discovery regardless of relevancy,’ which most definitely is not the standard under the 2015 amendments to Rule 26(b). The language in Document Request No. 29 is not tied to plaintiff’s protected activity or his employment with the company; rather, plaintiff requests the entire e-mail account during the entire length of his employment. That request is facially overly broad and not proportional. Plaintiff has not shown how every e-mail he has sent and received is relevant to this action, particularly in light of defendants’ production of 775 documents from e-mail searches.  The court sustains defendants’ objection to Document Request No. 29.”

Judge O’Hara also found that “defendants have adequately responded to plaintiff’s discovery requests” and rejected his requests for ESI from other entities, sustaining the defendants’ objection that the requests were overly broad and not proportional.

So, what do you think?  Should a former employee have the right to look at his or her entire email repository in litigation?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

From Legal Week to Legal Geek, The Conference You May Not Have Heard Of: eDiscovery Trends

Don’t feel bad – neither did I until after the fact.  But, the first ever Legal Geek North America conference happened last week in Brooklyn and it sounds like it might be one to check out in the future – if you can get in.

In Legal IT Professionals (Legal Geek North America Makes Its Mark in Brooklyn), Christy Burke described the “Legal Geek Ethos” as outlined by Legal Geek founder Jimmy Vestbirk as one that “prioritizes friendship over selling, recommends both learning and teaching, reminds of the importance of pitching in to help, and reminds about the all-important ‘no ties’ policy, which was strictly observed – no ties in sight!”  According to Christy, “Vestbirk compared the conference to Woodstock, the legendary American music festival of 1969 – a great analogy because the event’s clear aim was to bring a diverse group of people together for a memorable, singular experience that could never be recreated.”

Speakers included Marc Cohen of Legal Mosaic (who actually attended the original Woodstock), Dr. Eva Bruch of AlterWork, Tess Blair of Morgan Lewis, Lucy Dillon of Reed Smith, Susan Hackett of Legal Executive Leadership, Karl Chapman of EY Riverview Law, Karl Kong from Axiom, Nicole Bradick of software development and design firm Theory & Principle and Dan Reed, CEO of UnitedLex.  According to Reed, the push of innovation is coming from Boards and C-Suites of the best companies in the world.  “Law has lost its immunity,” he said, and “going digital” means extreme client centricity.  Corporate clients are thinking in terms of “value capture” – gains built on performance and quality, lowering risk and cost.  Reed said that law firms need value capture to be relevant in today’s world.

These were just some of the 60+ speakers from 6+ countries that spoke to 450 attendees (apparently a waitlist of another 100+ couldn’t get into the event).  So, clearly some people have heard of it and it sounds like it was a very interesting and entertaining event.  Christy’s article goes a lot more in depth into some of the content discussed by the speakers and it sounds like there will be a Legal Geek Festival in London for a whole week from October 14 through October 18.  Legal Geek – Week!

I’m intrigued and will have to consider it for next year.  Are you intrigued?

So, what do you think?  Are you a “legal geek”?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Firm IT Director Predicts “Carnage” in Legal Tech Consolidation: eDiscovery Trends

Not since Clubber Lang predicted “pain” in Rocky III has the state of legal tech consolidation been stated quite this way.  Is that good news or bad news for consumers of legal tech software and services?

As reported in Legaltech News (Consolidation is Inevitable in Legal Tech, Says Firm IT Director, written by Simon Lock), major consolidation within the legal tech market is unavoidable, according to the director of IT at international law firm Osborne Clarke.  That’s probably because it’s already happening as we speak…  ;o)

Speaking at Legal Week’s Strategic Technology Forum, Europe in Spain, Nathan Hayes said that the most successful legal tech ventures would not come out of one specific institution but instead via amalgamations and joint ventures between traditional law firms, accountants and legal tech firms.

“It’s not going to be one of those, it’s going to be a merging of them,” Hayes argued.

“We’re already beginning to see law firms buying up legal tech companies; law firms partnering with academia and legal tech, having stakes in them, investing in them,” he said. “I think we’re going to see different entities evolving rather than these siloed organisations.”

“We’re in a situation where we’ve just seen a massive explosion in legal tech which is great,” said Hayes.

“The carnage that will ensue though, there’s going to be a lot of consolidation, which is going to be incredibly helpful for people like me.”

Yes, he actually referred to it as “carnage”.

Stephanie Hamon, the former managing director and head of external engagement at Barclays, also expected greater collaboration to follow.

“The market is highly fragmented, so when you’re on the client side, you get solicitation all the time and it’s really hard to see the wood from the tree,” she said.

“It’s true for the law firms, and it’s even worse for legal tech.”

Also this week, Rob Robinson posted the eDiscovery Mergers, Acquisitions, and Investments in Q2 2019 on his excellent Complex Discovery blog.  Rob notes that there “have been at least 12 M&A+I events in the eDiscovery ecosystem during Q2 2019”.  That’s the second most in Q2 in the last five years – only last year with 15 events had more.  That’s after this Q1 had the most events in the past five years for Q1 with 15 events and last year’s Q1 was the second most with 14 events.  So, if that doesn’t show that the pace of M&A+I events is accelerating, I don’t know what does.  “I pity the fool” who doesn’t see that!  ;o)

So, what do you think?  Do you predict “carnage” in the consolidation of legal tech companies?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Image Copyright © United Artists

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Testing Your Search Using Sampling: eDiscovery Throwback Thursdays

Here is the third and final part in our Throwback Thursday series on sampling. Two weeks ago, we talked about how to determine an appropriate sample size to test your search results as well as the items NOT retrieved by the search, using a site that provides a sample size calculator.  Last week, we talked about how to make sure the sample size is randomly selected.  Today, we’ll walk through an example of how you can test and refine a search using sampling.

This post was originally published on April 5, 2011.  It was part of a three-post series that we have revisited over the past couple of weeks.  We have continued to touch on this topic over the years, including our webcast just last month.  One of our best!

The example is a somewhat simplified real-life example of a search scenario I encountered several years ago where I went through these steps for a similar search to get to a search term that provided the right balance of recall and precision.

TEST #1: Let’s say in an oil company we’re looking for documents related to oil rights.  To try to be as inclusive as possible, we will search for “oil” AND “rights”.  Here is the result:

  • Files retrieved with “oil” AND “rights”: 200,000
  • Files NOT retrieved with “oil” AND “rights”: 1,000,000

Using the site to determine an appropriate sample size that we identified before, we determine a sample size of 662 for the retrieved files and 664 for the non-retrieved files to achieve a 99% confidence level with a margin of error of 5%.  We then use this site, to generate random numbers and then proceed to review each item in the retrieved and NOT retrieved items sets to determine responsiveness to the case.  Here are the results:

  • Retrieved Items: 662 reviewed, 24 responsive, 3.6% responsive rate.
  • NOT Retrieved Items: 664 reviewed, 661 non-responsive, 99.5% non-responsive rate.

Nearly every item in the NOT retrieved category was non-responsive, which is good.  But, only 3.6% of the retrieved items were responsive, which means our search was WAY over-inclusive.  At that rate, 192,800 out of 200,000 files retrieved will be NOT responsive and will be a waste of time and resource to review.  Why?  Because, as we determined during the review, almost every published and copyrighted document in our oil company has the phrase “All Rights Reserved” in the document and will be retrieved.

TEST #2: Let’s try again.  This time, we’ll conduct a phrase search for “oil rights” (which requires those words as an exact phrase).  Here is the result:

  • Files retrieved with “oil rights”: 1,500
  • Files NOT retrieved with “oil rights”: 1,198,500

This time, we determine a sample size of 461 for the retrieved files and (again) 664 for the NOT retrieved files to achieve a 99% confidence level with a margin of error of 5%.  Even though, we still have a sample size of 664 for the NOT retrieved files, we generate a new list of random numbers to review those items, as well as the 461 randomly selected retrieved items.  Here are the results:

  • Retrieved Items: 461 reviewed, 435 responsive, 94.4% responsive rate.
  • NOT Retrieved Items: 664 reviewed, 523 non-responsive, 78.8% non-responsive rate.

Nearly every item in the retrieved category was responsive, which is good.  But, only 78.8% of the NOT retrieved items were not responsive, which means over 20% of the NOT retrieved items were actually responsive to the case (we also failed to retrieve 8 of the items identified as responsive in the first iteration).  So, now what?

TEST #3: This time, we’ll conduct a proximity search for “oil within 5 words of rights”.  Here is the result:

  • Files retrieved with “oil w/5 rights”: 5,700
  • Files NOT retrieved with “oil w/5 rights”: 1,194,300

This time, we determine a sample size of 595 for the retrieved files and (once again) 664 for the NOT retrieved files, generating a new list of random numbers for both sets of items.  Here are the results:

  • Retrieved Items: 595 reviewed, 542 responsive, 91.1% responsive rate.
  • NOT Retrieved Items: 664 reviewed, 655 non-responsive, 98.6% non-responsive rate.

Over 90% of the items in the retrieved category were responsive AND nearly every item in the NOT retrieved category was non-responsive, which is GREAT.  Also, all but one of the items previously identified as responsive was retrieved.  So, this is a search that appears to maximize recall and precision.

Had we proceeded with the original search, we would have reviewed 200,000 files – 192,800 of which would have been NOT responsive to the case.  By testing and refining, we only had to review 8,815 files –  3,710 sample files reviewed plus the remaining retrieved items from the third search (5,700595 = 5,105) – most of which ARE responsive to the case.  We saved tens of thousands in review costs while still retrieving most of the responsive files, using a defensible approach.

So, what do you think?  Do you use sampling to test your search results?   Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Today’s Webcast Will Help Plaintiff’s Attorneys Conquer Their Biggest eDiscovery Challenges: eDiscovery Webcasts

As we learned in Tom O’Connor’s recent five part blog series, it seems as though the eDiscovery deck is stacked against plaintiff’s attorneys.  Defendants seem to have all the resources, the technical know-how and the interest of the major eDiscovery vendors while the plaintiffs often have few resources, technical knowledge or eDiscovery experience.  How do plaintiff’s attorneys bridge that gap?  Today’s webcast that will help put those plaintiff’s attorneys on a more equal footing with their defendant counterparts.

Today at noon CST (1:00pm EST, 10:00am PST), CloudNine will conduct the webcast Conquering the Biggest eDiscovery Challenges Facing Plaintiff’s Attorneys. In this one-hour webcast that’s CLE-approved in selected states, we will discuss the biggest eDiscovery challenges facing plaintiff’s attorneys and provide best practices for addressing those challenges to give plaintiff’s attorneys the best chance to get the evidence they need for their case. Topics include:

  • Biggest eDiscovery Challenges Facing Plaintiff’s Attorneys
  • Ethical Duties and Rules for Understanding Technology
  • Does the eDiscovery Market Care About Plaintiff’s Attorneys?
  • Understanding the Fundamentals of eDiscovery
  • Your Clients May Have More ESI Than You Think
  • How to Request the Right Form of Production from Opposing Counsel
  • Mechanisms and Approaches for Getting the Data to Make Your Case
  • What You Need to Know About Technology Assisted Review
  • Resources You Need to Bridge Your Understanding Gap

As always, I’ll be presenting the webcast, along with Tom O’Connor, whose aforementioned white paper regarding the biggest eDiscovery challenges facing plaintiff’s attorneys was published last month on the blog.  To register for it, click here.  Even if you can’t make it, go ahead and register to get a link to the slides and to the recording of the webcast (if you want to check it out later).  If you’re a plaintiff’s attorney looking to better handle eDiscovery challenges or a defense attorney wondering what “secrets” we’re passing onto those plaintiff’s attorneys, this webcast is for you!

So, what do you think?  Are you a plaintiff’s attorney who feels that the eDiscovery deck is stacked against you?  If so, please join us!  If not, please join us anyway!  And, as always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Rules That Privilege Assertion and Potential Fraud Don’t Mix: eDiscovery Case Law

See what I did there?  ;o)

In Gates Corp. v. CRP Indus., Inc., No. 16-cv-01145-KLM (D. Colo. May 21, 2019), Colorado Magistrate Judge Kristen L. Mix overruled the Defendant’s Objection to Report and Recommendation of Special Master on Gates Corporation’s Motion to Pierce Attorney/Client Privilege and proceeded with the Discovery Master’s recommendation, ordering the defendant to submit for in camera review readable and searchable versions of the documents identified as privileged by the defendant (along with an Excel spreadsheet of the privilege log) to the Special Master for review.

Case Background

This dispute involved whether actions by the defendant (alleged to be “a direct competitor of” the plaintiff) in response to the plaintiff’s inquiry about its former employee’s theft of proprietary information can serve as the basis for invocation of the crime-fraud exception to the attorney-client privilege.  After plaintiff’s counsel notified the defendant of the potential theft of proprietary information by plaintiff’s former and defendant’s then-current employee, Laura Bale (“Bale”), the company eventually commenced an “investigation”, by having a non-lawyer human resources executive perform a keyword search of David Hirschhorn’s (“Hirschhorn”) emails, Bale’s supervisor throughout her employment with the defendant.  That search “did not find any evidence that [Hirschhorn] had received any proprietary information from Bale.”

As noted by Judge Mix in her recount of the facts “it is now undisputed that this conclusion [that Hirschhorn did not “receive” any of Plaintiff’s proprietary information from Bale] was incorrect.”  The defendant acknowledged that Hirschhorn subsequently admitted to the FBI that he received and opened the file containing Plaintiff’s confidential information, and the defendant had made no argument that Hirschhorn lied to the FBI.  Bale subsequently testified under oath that Hirschhorn knew about her possession of the plaintiff’s proprietary database approximately six months after she started working for the defendant, long before the “investigation” began. Despite Bale’s compromised credibility, her testimony in this regard had been amply confirmed by other evidence.

In objecting to the Discovery Master’s report, the defendant contended:

  1. That because Plaintiff’s counsel’s letter about the alleged theft “implicated Bale alone, [Defendant] reasonably focused its investigation on Bale, who worked off of her own laptop and used a personal email address, instead of launching a company-wide investigation”;
  2. That Hirschhorn did not admit any knowledge of wrongdoing at the time of the investigation and that the company only learned several years later that he received and opened the file containing Plaintiff’s confidential information;
  3. That the Discovery Master erroneously recognized mere spoliation as a “crime” or “fraud” which triggers the exception; and
  4. That the Discovery Master took it upon himself to find a basis for application of the crime-fraud exception on grounds not asserted by Plaintiff.

Judge’s Ruling

With regard to the defendant’s contentions, Judge Mix responded as follows:

  1. Noting that Bale “was not a solitary or isolated employee” and that “her work contemplated and required frequent interactions with other company employees”, Judge Mix stated that “I cannot agree that so limiting the investigation was reasonable or prudent.”
  2. Judge Mix noted that “if Defendant were correct, corporate parties to litigation could avoid scrutiny of their attorney-client communications by simply contending that although some employees did bad things, the wrongdoers neither admitted it to select company representatives nor did those representatives otherwise find out about it, so the crime-fraud exception does not apply.” She indicated that “argument flies in the face of long-standing precedent holding that corporate agents’ acts are attributable to the corporate entity.”
  3. Judge Mix observed that “spoliation can occur as a result of mere negligence or intentional destruction of evidence, so to the extent that the Discovery Master concluded that intentional spoliation supports application of the crime-fraud exception, his conclusion is not inconsistent with the intent requirement of the doctrine.” She also stated that “the Court need not decide whether Plaintiff presented sufficient evidence of intentional spoliation to invoke the crime-fraud exception, as the evidence of fraudulent concealment discussed above is a sufficient basis to do so.”
  4. Agreeing with the plaintiff’s contention that it actually did raise the issues discussed in the Discovery Master’s Order, Judge Mix pointed out that “Defendant itself concluded, in responding to Plaintiff’s Motion [#88], that Plaintiff was ‘insinuat[ing] that [Defendant] engaged in spoliation of materials relevant to this action.’”

As a result, Judge Mix overruled the Defendant’s Objection to the Discovery Master’s recommendation, ordering the defendant to submit its identified privileged documents for in camera review.

So, what do you think?  Should the defendant have have been forced to turn over the documents it identified as privileged?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Been Hacked? That May Be Because of an Unpatched Vulnerability in Your Software: Cybersecurity Trends

There are plenty of reasons that organizations experience a data breach, including weak or stolen passwords (despite the availability of two factor authentication technology to thwart those efforts).  Here’s another common cause of data breaches: unpatched vulnerabilities in your software.

According to ZDNet (Cybersecurity: One in three breaches are caused by unpatched vulnerabilities, written by Steve Ranger – hat tip to Sharon Nelson’s excellent Ride the Lightning blog here), more than one in three IT professionals (34 percent) in Europe admitted that their organization had been breached as a result of an unpatched vulnerability according to a survey by security company Tripwire.  The overall average isn’t much better at 27 percent.

Why?  Software vendors are constantly publishing new patches to fix problems in software that they have sold. It’s then up to the users of the software to apply the patches – or else risk leaving themselves open to attack via the backdoors that the vendors failed to spot when building the product in the first place.

But the sheer volume of patches, with many vendors publishing new fixes on a monthly basis, and the need to test those patches to ensure that they don’t cause other unexpected problems, means that there’s often a delay in getting systems secured. That leaves a gap that hackers can exploit.

Finding the stuff that needs patching can be a challenge: 59 percent of respondents said they can detect new hardware and software on their network within hours, but it’s a difficult manual effort for many, with 35 percent saying less than half of their assets are discovered automatically.  As a result, nearly half (42 percent) of respondents take more than a week to deploy security patches in their environment.

And, there are often several patches to implement per month – 42 percent of respondents indicated that they patch at least 10 vulnerabilities per month, 15 percent said at least 50 per month, 6 percent said more than 100 per month.  Four out of five companies said they had stopped using a product because of a vulnerability disclosure.

The 2017 WannaCry ransomware attack was probably the clearest example of what can go wrong when patches aren’t applied; while a patch for the vulnerability exploited by the ransomware had existed for several months many organizations such as parts of the UK’s National Health Service had failed to use it.  Now, that really makes you wanna cry!

So, what do you think?  Are you aware of a data breach that occurred because of an unpatched vulnerability in the organization’s software?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Simon Says – Once, Twice, Three Times a Spoliator: eDiscovery Case Law

OK, it’s not as catchy as Lionel Ritchie’s hit song, but it’s funny. :o)

In Univ. Accounting Serv., LLC v. Schulton, No. 3:18-cv-1486-SI (D. Or. June 7, 2019), Oregon District Judge Michael H. Simon granted in part the plaintiff’s Motion for Terminating Spoliation Sanctions Against Defendant Ethan Schulton, finding that the defendant “acted with the intent to deprive” the plaintiff of information that he deleted, but granted the plaintiff’s alternative motion for lesser sanctions, choosing to provide the jury with a permissive inference spoliation instruction against the defendant instead of case termination sanctions.

Case Background

In this dispute over a software platform provided to the plaintiff, named defendant Ethan Schulton was the lead software developer and chief architect of the software platform.  According to the plaintiff, in February 2016, named defendant ScholarChip told the plaintiff it would have to pay substantially higher fees if it wanted to continue using the software platform it developed.  In March 2016, Schulton recognized the possibility that the plaintiff might bring a lawsuit by asking ScholarChip’s CEO and CTO about giving the plaintiff the source code to avoid a lawsuit.  The following month, Schulton sent an email to his legal counsel, and copied others within ScholarChip, about forming a new legal entity.  The situation between the parties continued to deteriorate over the next several months, with the parties filing lawsuits against each other.

In July 2018, approximately seven months after Schulton voluntarily left ScholarChip’s employment, Schulton sent an email both to the plaintiff and the CTO of ScholarChip, where he announced his intent to create a loan servicing system that would compete directly with the plaintiff. He further said that he would create the system based on knowledge acquired during his 15 years at ScholarChip and added that he would be communicating with and soliciting business from the plaintiff’s customers that he learned about through his work at ScholarChip for the plaintiff.  The next month, the plaintiff filed this lawsuit.

On March 7, 2018, Schulton accepted service of a deposition and document subpoena to which he responded: “I left ScholarChip with nothing but the knowledge gained over 15 years of employment. To use definitions from my recent document subpoena, I have no ‘CLIENT DATA,’ ‘DELIVERABLES,’ ‘SOFTWARE,’ or ‘WORK PRODUCT.’”

Despite that, as the opinion noted, Schulton had previously acknowledged that he used a “mechanism called Take Out” to export his entire ScholarChip e-mail account, which included all of its contents dating back to 2014, to Schulton’s personal “One Drive” cloud storage account. He also saved a copy of his ScholarChip email account on his personal computer.  He also saved electronic copies of several webinars with the plaintiff’s clients to his personal computer, which he took with him and kept after he left ScholarChip’s employment.  And, the day before a hearing in August 2018, Schulton located and deleted the file known as UAS’s “Private Client List,” which listed the plaintiff’s clients in descending order by ScholarChip revenue.  In the hearing, he stated “I deleted the file as fast as I could, because I was petrified at its existence, because it’s exactly the type of damning information that UAS wants to catch me with.”

Judge’s Ruling

Noting that the information deleted was 1) electronically stored information, 2) that should have been preserved in the anticipation or conduct of litigation, 3) (that) is lost because a party failed to take reasonable steps to preserve it and, 4) cannot be restored or replaced through additional discovery, Judge Simon stated: “These four threshold or predicate conditions have been satisfied” (to impose sanctions).

Judge Simon summed up the spoliation, as follows:

“The Private Client List, the ScholarChip emails, and the webinar recordings are all electronically stored information. In March 2016, Shulton anticipated the possibility of litigation. By June 2017, litigation between UAS and ScholarChip had begun. In the fall of 2017, Schulton downloaded to his personal computer and personal cloud account the electronically stored information at issue. On March 7, 2018, with litigation pending between ScholarChip and UAS in federal court in New York, Schulton received a document subpoena, and his first act of spoliation occurred four days later, on March 11, 2018. Schulton’s second act of spoliation occurred on April 9, 2018. In August 2018, UAS commenced this lawsuit in federal court in Oregon and requested a TRO, which was scheduled for August 22, 2018. The day before the TRO, Schulton committed his third act of spoliation. The Private Client List, the ScholarChip emails, and the webinar recordings all appear to be relevant to the several lawsuits. Accordingly, they should have been preserved in the anticipation or conduct of litigation. Further, intentionally destroying evidence satisfies the standard for failing to take reasonable steps to preserve that evidence. Finally, UAS has attempted to restore or replace through additional discovery the deleted information but has been unsuccessful. Thus, UAS has satisfied the four threshold elements under Rule 37(e).”

As a result, Judge Simon granted in part the plaintiff’s motion, choosing to provide the jury with a permissive inference spoliation instruction against the defendant instead of case termination sanctions.

So, what do you think?  Should the defendant have received case termination sanctions?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

This Blog Post Will Not Be Automatically Deleted, But Your Instant Message Might Be: eDiscovery Trends

The sources of electronically stored information (ESI) are more varied than ever.  Now, they routinely include text messages and messages from instant messaging apps.  But, depending on the instant message app – or the archive option for any messaging app, that ESI might not be available at litigation time.

In LegalTech® News (This Article Will Self-Destruct: Behind Ephemeral Messaging’s In-House Rise, written by Rhys Dipshan), the author notes that the rise of ephemeral messaging, self-erasing communications “have gone from spy movie lore to everyday consumer technology.”  That technology may be welcomed by privacy advocates, but not so much by those responsible for compliance, investigations and litigation efforts.  And, while ephemeral messaging was once only the focus of a handful of messaging apps, they’re now being offered by widely used services like Gmail and Facebook.

Remember the Waymo v. Uber case?  In that case, Waymo sought sanctions for Uber’s use of the ephemeral messaging app Wickr for communications, but California District Judge William Alsup ruled that Waymo could inform the jury of the situation and have them reach their own conclusions – in part, because Waymo also disclosed it used ephemeral messaging apps in-house as well.

Ephemeral messaging apps are becoming more prevalent – and they’re even becoming more accepted from a regulatory standpoint.  In April 2019, for example, the Department of Justice (DOJ) rescinded a policy requiring companies to restrict their employees’ use of ephemeral messaging apps if they wanted credit for cooperating with DOJ enforcement actions under the Foreign Corrupt Practices Act. The new DOJ policy now only requires companies to implement “appropriate guidance and controls on the use of personal communications and ephemeral messaging platforms.”

Gareth Evans, eDiscovery expert and partner at Redgrave, noted that one of the most fundamental uses for ephemeral messaging is to help organizations more easily delete data they shouldn’t be keeping in the first place.

“Simply, if there is no business purpose or business need for retaining the messaging, if there is no legal requirement to keep it, that in itself is a good reason not to be keeping it. And by keeping communications [you don’t need], you run certain risks.”

That’s great when there isn’t a duty to preserve (i.e., when you anticipate litigation).  But, what about when that duty exists?

For years, we’ve discussed the importance of suspending auto delete programs when anticipating litigation and we’ve discussed cases where failure to do so can lead to sanctions (like this one and this one).  Historically, those auto delete programs have been associated with email, but they are becoming more associated with text and other messaging apps, as well.  And, it’s important to note that while some messaging apps are ephemeral by default, most (if not all) messaging apps can be set to automatically delete messages after a period of time – including text messaging apps like the text message app for iPhones, which is set to retain messages “forever” by default, but can be changed to a 1 year or even 30 day retention period.  That’s why it’s become more important than ever to address automatic deletion for text and other messaging apps when litigation is anticipated to avoid potential spoliation.

So, what do you think?  Does your organization use ephemeral messaging apps?  If so, how does it handle the use of those apps during litigation?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Image Copyright © CBS Television Distribution.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.