Close
Enter your
text here

eDiscoveryDaily

Court Denies Plaintiff’s Motion to Compel Production of ESI Related to 34 Searches: eDiscovery Case Law

In Lareau v. Nw. Med. Ctr., No. 2:17-cv-81 (D. Vt. Mar. 27, 2019), Vermont District Judge William K. Sessions III denied the plaintiff’s motion to compel production of ESI related to 34 search terms proposed by the plaintiff during meet and confer with the defendant, based on the extrapolation from a single search term that the plaintiff’s production request would require 170 hours of attorney and paralegal time and would produce little, if any, relevant information.

Case Background

In this case related to claims of wrongful termination stemming (at least in part) from the plaintiff’s disability, the plaintiff initially asked the defendant to produce ESI using 18 search terms. Using only seven of those 18 terms, the defendant produced over 3,000 pages of documents and objected to the scope of the request. The plaintiff moved to compel, and the Court issued an order requiring the parties to confer and agree upon appropriate search terms.

The plaintiff subsequently proposed 34 search terms, some of which were in the original list to which the defendant had objected. The defendant informed plaintiff’s counsel that using just the first four of the proposed 34 terms, it had spent over 20 hours retrieving 2,912 documents totaling 5,336 pages. The plaintiff’s counsel later acknowledged in an email that the initial production was voluminous and unwieldy, and suggested that the defendant use only the newly-proposed search terms.

The defendant made another effort to comply, performing a search using the suggested term “Experian.” The process of searching, coding, and producing reportedly took five hours and identified 472 documents. the defendant represented to the plaintiff’s counsel that few of those documents were relevant. Extrapolating that work to 34 search terms, the defendant contended that the plaintiff’s production request would require 170 hours of attorney and paralegal time and would produce little, if any, relevant information.  As a result, the defendant informed opposing counsel that given the burden of production and the limited relevance of the search results, it would not expend any additional time performing the requested searches. The plaintiff’s counsel invited the defendant to offer additional suggestions as to search terms, but the defendant declined that invitation, leading to the plaintiff’s motion.

Judge’s Ruling

Judge Sessions noted that, under the FRCP, “a party is required to provide ESI unless it shows that the source of such information is ‘not reasonably accessible because of undue burden or cost.’”  With that in mind, Judge Sessions stated:

“Here, the Court ordered cooperation among counsel, and counsel’s efforts did not produce a workable solution. NMC has tried to comply and shown that, to date, the information sought using Lareau’s proposed search terms is not reasonably accessible. Indeed, NMC has expended considerable time and expense producing documents that reportedly have little relevance to this case.”

While noting that he “could nonetheless compel discovery for good cause shown”, Judge Sessions determined that “[h]ere, there has been no such showing.”  Judge Sessions stated: “Since the Court issued its prior Order, NMC has produced 3,384 additional documents containing little relevant information. Without any showing that additional searches are likely to result in a higher rate of success, the Court will not order NMC to engage in further problem-solving.”  As a result, he denied the plaintiff’s motion to compel.

So, what do you think?  Was the defendant’s analysis of expected effort a valid representative sample?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Answers to Your Frequently Asked CCPA Questions: Data Privacy Best Practices

As we discussed last year (here and here), the California Consumer Privacy Act (CCPA) is a comprehensive new consumer protection law set to take effect next January 1.  And, as we also reported recently, about half of surveyed companies haven’t even started preparing to be CCPA compliant.  Maybe that’s because they don’t know where to start to comply and don’t know whether the CCPA applies to their business, what rights will Californians have under CCPA and what impact CCPA will have on their privacy policy.  Here are answers to some of those questions.

In the Data Privacy Monitor site by Baker Hostetler (The California Consumer Privacy Act: Frequently Asked Questions, written by Alan L. Friel, Laura E. Jehl and Melinda L. McLellan), the authors address ten frequently asked questions that companies are asking about CCPA (if they’re not asking them, they should be).  Here are the questions they are addressing in this article:

  1. Does the CCPA apply to my business? What if we don’t have operations in California?
  2. Does the $25 million revenue threshold apply to California revenue specifically, or is it $25 million for the business as a whole?
  3. Will the CCPA be amended? What are the open issues?
  4. What new rights will the CCPA give to California residents?
  5. Will we need to amend our company’s online privacy policy?
  6. How do the “copycat” CCPA laws being proposed in other states compare with the CCPA?
  7. How does a business confirm that a person making an access or deletion request under the CCPA is a California resident, or who they claim to be?
  8. What should our company be focusing on right now, while we wait to see how these various state and federal law proposals shake out?
  9. What are the potential penalties for violations of the CCPA?
  10. Does my business qualify for one of the CCPA’s exceptions?

I won’t steal any thunder here – the authors give detailed and thoughtful answers to the questions that you will want to check out for yourself.

It’s interesting to note that there are at least 15 state data privacy laws that are working their way through the legislative process – some that are “virtually identical to the CCPA”, others that are similar, but with key differences.  As the authors note, the “prospect of having to comply with dozens of different state laws of this nature has fueled interest in a federal law to harmonize these proposals and provide businesses with clear compliance goals.”  That’s not surprising to me.

As the authors note in their conclusion: “A new era of consumer privacy rights has dawned in the U.S., and businesses will need to have a sound understanding of the personal information they collect, process, use and share to be able to comply with incoming rules and regulations.”  Given recent trends, it certainly appears that virtually every US business will be subject to new and developing data privacy laws sooner rather than later.

So, what do you think?  Is your company subject to CCPA?  If so, has it begun to address CCPA yet?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Denies Sanctions Request Because Defendant Didn’t Prove the Information was Irretrievable: eDiscovery Case Law

In Envy Hawaii LLC v. Volvo Car USA LLC, No. 17-00040 HG-RT (D. Haw. Mar. 20, 2019), Hawaii District Judge Helen Gillmor denied the defendant’s motion for spoliation sanctions, stating that the defendant “has not established that spoliation sanctions are available because the information it seeks is not “lost” within the meaning of Fed. R. Civ. P. 37(e).”

Case Background

In this case involves contract disputes and claims of improper business practices between a local automobile dealership and the national distributor of Volvo automobiles, the parties had engaged in two years of litigation, produced discovery, and conducted depositions.  The defendant claimed that the plaintiff and its sole owner and manager failed to preserve certain electronically stored information (Google e-mail accounts and electronic dealer management system records) in violation of Federal Rule of Civil Procedure 37(e).  The plaintiff and its owner claimed no spoliation had occurred because any relevant records are available from third-parties and sanctions were not appropriate.

Judge’s Ruling

Judge Gilmor noted that “[t]he text of Federal Rule of Civil Procedure 37(e) provides that evidence is ‘lost’ and subject to spoliation sanctions when a party failed to take reasonable steps to preserve it, and ‘it cannot be restored or replaced through additional discovery’” and that “[i]nformation is ‘lost’ for purposes of Rule 37(e) only if it is irretrievable from another source, including other custodians.”  She also stated that “[s]poliation sanctions are not available pursuant to the 2015 Amendment to Rule 37(e) when information is not lost.”

With regard to that, Judge Gilmor stated:

“Volvo Car USA LLC admits that it has not sought any of the discovery from either CDK Disk or Google Enterprise. Volvo Car USA LLC’s Motion is focused on Envy Hawaii LLC’s failure to preserve the information.”

Noting that “Volvo Car USA LLC may issue subpoenas to obtain records from Google and/or CDK Drive prior to May 15, 2019”, Judge Gilmor denied the defendant’s motion for spoliation sanctions.

So, what do you think?  Should parties be required to confirm with third parties that information is not available before filing motions for spoliation sanctions?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

A Mergers-Acquisitions-Investments Update and a CloudNine Product Update: eDiscovery Trends

Years ago, there was a TV commercial for chili where the spokesman said “Neighbors, how long has it been since you’ve had a big thick steaming bowl of Wolf brand chili?  Well, that’s too long.”  It’s been too long since we’ve provided an update of M&A+I activities in eDiscovery, so let’s fix that.  Also, I’ve had a lot of questions recently about what’s going on with the products that CloudNine acquired a year ago, so let’s provide an update on that as well.

As always, the best resource for tracking eDiscovery Mergers, Acquisitions, and Investments is Rob Robinson’s ComplexDiscovery site – after all, Rob via ComplexDiscovery has noted more than 375 M&A+I events between November 2001 and today.

Rob’s latest update is for the just completed Q1 of 2019.  His review was through March 22, but I’m not aware of any significant M&A+I announcements since then, so it’s probably good for the entire Q1.  Based on that, Rob notes five key findings for Q1 2019:

  • There have been at least 14 M&A+I events in the eDiscovery ecosystem during Q1 2019.
  • January was the most active month in Q1 2019 for M&A+I events with at least 11 total events. This is the most active January since the inception of eDiscovery ecosystem M&A+I pattern tracking in November 2001.
  • March was the least active month in Q1 2019 for M&A+I events with two known events.
  • The investment pulse rate for the three months of Q1 2019 appears to be higher than annual Q1 investment patterns. Q1 2019 is tied with Q1 2012 for the most active Q1 since the inception of eDiscovery ecosystem M&A+I pattern tracking in November 2001.
  • Q1 2019 investment pulse rate appears to be slightly higher than the investment pulse rate during the same period in Q1 2018.

As usual, Rob also provides some charts to reflect the activity graphically: for 2019 (so far), a per month history since Rob started tracking in November 2001 (January is the most active month historically) and activity on a per year basis, which does a great job of reflecting how many more transactions have occurred in recent years than in the past.  To wit: Q1 2019’s 16 transactions are more than all but one year from 2001 to 2009.

Interesting stuff.  BTW, speaking of ComplexDiscovery, Rob yesterday launched his Spring 2019 eDiscovery Business Confidence Survey.  As usual, the survey only takes about a minute or two to complete, so drop in and complete it if you have a minute (or two).  Rob says the survey will close around mid-April, so do it sooner rather than later to get your feedback included.

Anyway, speaking of acquisitions, it’s hard to believe that it was a year ago last week that CloudNine acquired the eDiscovery product lines from LexisNexis.  When I was at the University of Florida E-Discovery Conference a couple of weeks ago, several people asked me what was going on with the LAW, Concordance and EDA (now renamed Explore) product lines that we acquired.  So, let me address each of those (and our own CloudNine Review platform) with a brief update.

Normally, when I start to talk about CloudNine products, I preface it with a “shameless plug warning!”.  So, consider yourself warned.  And, if you want to complain that this blog post isn’t educational, remember that I started it with some interesting eDiscovery M&A+I info.  ;o)

LAW: LAW PreDiscovery is now known as CloudNine LAW and we just announced a new 7.1 release yesterday (unlike yesterday’s blog post, this was no April Fool’s Day joke).  This is our third release since the acquisition and our second in just the last two months!  The cornerstone of our 7.0 release back at the end of January was our new multi-core, multi-threaded Turbo Import ingestion engine to process and load data considerably faster than the traditional ED Loader module – with the 7.1 release now officially out, we have improved the ingestion speeds up to 12x faster compared to ED Loader.  Imagine having a super large PST file that used to take over 24 hours to process – now it can be processed in just over 2 hours.  Talk about saving time!

We have implemented several other new features and fixes over the past year and have partnered with Compiled to provide an automated link between LAW and Relativity (announced back in January).  And, we have several additional exciting features coming out over the next couple of quarters (targeting two more releases before Q4).

Explore: Also referenced in yesterday’s announcement, Explore has also seen some speed improvements and other feature additions over three releases since acquisition.  Explore has a unique index-in-place approach that also supports multi-threaded processing of large container files and the ability to distribute processing over multiple machines.  We recently partnered with a third party to conduct benchmarking of Explore and were able to index a terabyte (TB) of data in 7 hours, 15 minutes!  So, Explore is a terrific product for indexing and searching large collections of data quickly to support early data assessment, compliance on investigation needs and we have talked with a number of customers who are impressed with its speed and capabilities.

Concordance: Many people have asked what we’ve been doing with Concordance since we acquired it and we have had three software releases for Concordance as well since we acquired it.  We are currently working on brand new viewer technology to improve the experience for users of both the Concordance image viewer (e.g., support of color images, search within image) and Concordance native viewer (e.g., speed of image retrieval) that we expect to roll out around mid-year.  And, we are finalizing a link with Hot Neuron’s Clustify product to enable Concordance users to perform conceptual clustering, near dupe identification, email thread identification and predictive coding!

CloudNine Review: Our flagship CloudNine review platform is now known as CloudNine Review and we are also working on a number of new features and capabilities with that product as well.  We recently released a brand new managed review module within CloudNine Review and are currently working on several updates and improvements to the user interface overall – to provide a cleaner and even more intuitive look and feel.

There’s a lot more to say about each of these products – for example, we have doubled the size of our teams developing, testing, supporting and training on the products since acquisition – but, I try to keep our blog posts reasonably short.  Feel free to drop me a line if you want to know more.

So, what do you think?  Are investments in eDiscovery companies on the rise?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Rejects Carpenter Argument for Third Party Subpoena of Google Subscriber Info: eDiscovery Case Law

In U.S. v. Therrien, No. 2:18-cr-00085 (D. Vt. Mar. 13, 2019), Vermont District Judge Christina Reiss denied the defendant’s motion to suppress evidence obtained via a subpoena of Google for subscriber information, rejecting the defendant’s argument that the United States Supreme Court decision in Carpenter v. US forecloses the government’s ability to obtain this type of data without a warrant.

Case Background

In this case related to a one count Indictment against the defendant that he knowingly transported child pornography, an order for eighty-five photograph prints was placed with an online company in February 2018.  An employee of the online company’s outsource print provider informed the Federal Bureau of Investigations that it was concerned that some of the photographs may contain child pornography. Law enforcement subsequently discovered an e-mail address that was associated with the order.

A grand jury subpoena was issued in March 2018 to obtain subscriber information from Google pertaining to the account associated with the email address. In response, Google produced subscriber information, services utilized by the account, the date the account was created, the date and time of the last login, and the IP addresses associated with the account from December 6, 2017 through March 15, 2018. Asserting that law enforcement violated the Fourth Amendment in obtaining records from Google without a warrant, the defendant sought suppression of all evidence obtained pursuant to the grand jury subpoena, citing Carpenter v. US.

Judge’s Ruling

While noting that, in Carpenter, the Supreme Court held that cell-site location information (“CSLI”) was not subject to the third-party doctrine, Judge Reiss also noted that SCOTUS reasoned that “the notion that an individual has a reduced expectation of privacy in information knowingly shared with another” and that “reasoned that because there was no way for individuals possessing cell phones to avoid generating CSLI and because cell phones are now effectively a necessity of daily life, it was unreasonable to conclude that an individual voluntarily exposed CSLI information to a third party.”

Judge Reiss also observed that “Since Carpenter, courts have held that IP address information and similar information still fell ‘comfortably within the scope of the third-party doctrine’ because ‘[t]hey had no bearing on any person’s day-to-day movement’ and ‘[the defendant] lacked a reasonable expectation of privacy in that information.’”  Judge Reis cited several cases, including United States v. Rosenow, 2018 WL 6064949, at * 11 (S.D. Cal. Nov. 20, 2018), which said “The Court concludes that Defendant had no reasonable expectation of privacy in the subscriber information and the IP log-in information Defendant voluntarily provided to the online service providers in order to establish and maintain his account.”

As a result, Judge Reiss ruled as follows in denying the defendant’s motion to suppress the evidence obtained:

“In this case, law enforcement obtained information that an account holder voluntarily turned over to Google. This information is squarely within the third-party doctrine and requires a different result than in Carpenter. As a result, Defendant did not possess a reasonable expectation of privacy in the information obtained by law enforcement.”

So, what do you think?  Should people have a reasonable expectation of privacy for their email accounts in third party subpoenas?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Fired IT Guy Deleted 23 of His Ex-Employer’s AWS Servers: Cybersecurity Trends

When it comes to data breaches and other cybersecurity threats, many people discuss the threats from outside hackers.  But, it’s the internal employees who can do as much, if not a lot more, damage to an organization’s IT infrastructure.  Especially if the internal employee has been canned and is bent on getting revenge.

An article in Naked Security (Sacked IT guy annihilates 23 of his ex-employer’s AWS servers, written by Lisa Vaas) reports that the UK’s Thames Valley Police announced on Monday that 36-year-old Steffan Needham, of Bury, Greater Manchester, was jailed for two years at Reading Crown Court following a nine-day trial.  Needham pleaded not guilty to two charges of the Computer Misuse Act – one count of unauthorized access to computer material and one count of unauthorized modification of computer material – but was convicted in January 2019.

As the Mirror reported during Needham’s January trial, the IT worker was sacked after a month of lousy performance working at a digital marketing and software company called Voova in 2016.

In the days after he got fired, Needham got busy: he used the stolen login credentials to get into the computer account of a former colleague – Andy “Speedy” Gonzalez – and then began fiddling with the account settings. Next, he began deleting Voova’s AWS servers – 23 servers of data in all, which related to clients of the company.

The company lost big contracts with transport companies as a result. Police say that the wreckage caused an estimated loss of £500,000 (about $700,000 at the time). The company reportedly was never able to claw back the deleted data.  And, it took months to track down the culprit. Needham was finally arrested in March 2017, when he was working for a devops company in Manchester.

Prosecutor Richard Moss noted during the trial that security experts agreed that Voova could have done a better job at security.  Most notable was their failure to implement two-factor authentication.

According to the 2017 Verizon Data Breach Investigations Report (DBIR) (covered by us here), 81 percent of hacking-related breaches used stolen passwords and/or weak passwords.  But, according to this infographic from Symantec, 80 percent of data breaches could have been eliminated with the use of two-factor authentication.  With two-factor authentication, a stolen password is useless if the thief doesn’t also have the device where the authorization code is being sent.  So, you should implement two-factor authentication wherever possible – Voova sure wishes they did.

So, what do you think?  Do you use two-factor authentication to secure your technology solutions?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Today is the Day to Learn about Blockchain and How it Impacts Legal Technology: eDiscovery Webcasts

If you think you’re hearing more and more about blockchain and bitcoin, you’re probably right. Blockchain is even being discussed as having potential application in legal technology and electronic discovery. But, what exactly is it? How does it work? And, how do you need to be prepared to address it as a legal professional?  Today’s webcast that will answer those questions – and more!

Today at noon CST (1:00pm EST, 10:00am PST), CloudNine will conduct the webcast Understanding Blockchain and its Impact on Legal Technology. In this one-hour webcast that’s CLE-approved in selected states, we will discuss, define and describe blockchain and how it can apply to legal technology and eDiscovery today and in the future. Topics include:

  • History of Blockchain and Bitcoin
  • Defining Key Terms
  • How Blockchain Works
  • Advantages and Challenges of Blockchain
  • Smart Contracts and Other Use Cases for Blockchain
  • Impacts of Blockchain on Legal Technology and eDiscovery
  • Is Blockchain Really as Secure as People Think?
  • Future of Blockchain
  • Resources for More Info

As always, I’ll be presenting the webcast, along with Tom O’Connor, whose white paper of the same name was published on this blog a few weeks ago.  To register for it, click here.  Even if you can’t make it, go ahead and register to get a link to the slides and to the recording of the webcast (if you want to check it out later).  If you want to learn about blockchain and how it can affect your job as a legal professional, this webcast is for you!

So, what do you think?  Do you know the ins and outs of blockchain or even how it works?  If not, please join us!  If so, please join us anyway!  And, as always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Orders Defendant to Respond to Interrogatories to Identify Number of Phone Calls it Made: eDiscovery Case Law

In Franklin v. Ocwen Loan Serv., LLC, No. 18-cv-03333-SI (N.D. Cal. Mar. 12, 2019), California District Judge Susan Illston ordered the defendant to respond to interrogatories, “with, at minimum, information regarding the total number of phone calls defendant made during the relevant period to California residents (including any account associated with a California address and any account containing a California area code)” and ordered the parties to stipulate to a method for extrapolating the total number of recorded phone calls defendant made to California residents during the relevant period.

Case Background

In this case brought by the plaintiff, individually and on behalf of all others similarly situated, for illegal recording of cellular phone conversations pursuant to California Penal Code § 632.7, the plaintiff requested “information related to the number of California residents whose conversations with Defendant were recorded.”  The defendant objected that the request was “unduly burdensome and disproportionate to the needs of the case because responding to them would take thousand[s] or hundreds of thousands of hours of work”, requiring them “to examine each account with a California address or area code, determine if any calls were made on that account, attempt to locate those calls and any recordings of those calls, and then listen to the recordings to determine whether the person being called answered the call and was recorded rather than a message being left on voicemail or someone else answering the call.”  Instead, the defendant proposed that the parties stipulate that it called and recorded a minimum number of persons in California, such as “over 100 persons.”

Judge’s Ruling

Referencing Fed. R. Civ. P. 26(b)(1), Judge Illston stated “The Court agrees with plaintiff that information regarding the number of recorded calls defendant made is relevant to his motion for class certification, going not only to numerosity but also to the question of whether ‘a class action is superior to other available methods for fairly and efficiently adjudicating the controversy.’…It is also relevant, among other things, to the question of damages, particularly in light of the Court’s ruling that ‘plaintiff may seek a class-wide award of statutory damages in an amount up to $5,000 per class member[.]’…It will not suffice for defendant to stipulate to an arbitrary number such as ‘over 100 persons.’”

Both parties cited the case Ronquillo-Griffin v. Transunion Rental Screening Sols., Inc., No. 17-cv-129-JM (BLM), 2018 WL 325051 (S.D. Cal. Jan. 8, 2018), where the district court denied the plaintiff’s motion to compel production of the actual recordings defendant made with the potential class members.  However, Judge Illston stated: “Here, plaintiff is not seeking the recordings themselves but requests the total ‘number of California residents whose conversations with Defendant were recorded.’…This is consistent with what the Ronquillo-Griffin court ordered.”

As a result, Judge Illston ordered the defendant to respond to the plaintiff’s interrogatories, “with, at minimum, information regarding the total number of phone calls defendant made during the relevant period to California residents (including any account associated with a California address and any account containing a California area code)” and ordered the parties to stipulate to a method for extrapolating the total number of recorded phone calls defendant made to California residents during the relevant period – all by March 26, 2019.  Hey, that’s today!

So, what do you think?  Was this the right decision or should the judge have accepted the defendant’s proportionality argument?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

About Half of Surveyed Companies Haven’t Started Preparing for CCPA: Data Privacy Trends

Does this sound familiar?  Last week at the University of Florida E-Discovery Conference, I talked about the California Consumer Protection Act (CCPA) as one of the things that organizations need to be prepared to address these days as part of their compliance obligations.  Sounds like a lot of organizations haven’t gotten around to that just yet.

In an article in Legaltech® News (Almost Half of Companies Haven’t Started CCPA Compliance: Survey, written by Frank Ready), a recent survey of 250 executives and managers at U.S. technology, manufacturing, financial services, utilities and health care companies finds that 44 percent of companies that will impacted by the CCPA haven’t yet taken steps towards compliance.  Only 14 percent of respondents are fully CCPA compliant at this point.

The state’s forthcoming privacy regulation, which is scheduled to take effect next January 1st, empowers Californians with more control over the way their data is collected, shared or viewed by U.S. companies on a daily basis. According to the survey, a large majority of respondents, 71 percent, expect to spend at least $100,000 on compliance efforts. But consulting attorneys may not wind up seeing as much of that money as one might think.

The survey was conducted by Dimensional Research on behalf of the privacy compliance company TrustArc. Chris Bable, CEO of TrustArc, attributed some of the compliance delay to companies that have never had to wrap their heads around these issues before. While the European Union’s General Data Protection Regulation (GDPR) impacted only U.S. companies with business interests in Europe, the CCPA hits a little closer to home.

“One of the pieces that I had underestimated was truly the amount of companies that were not impacted by GDPR, so CCPA is their foray into doing this,” Babel said.

“The legal fees are going to play a role, but I don’t think the legal fee is going to be the largest chunk of the expense. It will really be the in-house kind of grind that needs to be done in order for the compliance steps to be in place,” said Jarno Vanto, a shareholder at Polsinelli.

The “grind” he’s referring to includes extensive work around understanding what data an organization holds and mapping the flow of that data. It also includes checking in with third party vendors and partners to determine what information they have access to as well.

So, how are companies planning on making the leap before the deadline? According to the survey, 72 percent of respondents plan on investing in some sort of technology to help smooth the way.  That doesn’t surprise me – as I discussed in Florida last week, Information Governance (IG) policies are vital to organizations’ ability to meet compliance obligations, but it’s going to take a combination of IG policies and technology for organizations to really get a handle on their data.

So, what do you think?  Are you surprised that so many companies haven’t begun to address CCPA yet?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Judge’s Facebook Friendship with Party Causes Decision to Be Reversed and Remanded to Different Judge: eDiscovery Case Law

In the case In Re the Paternity of B.J.M., Appeal No. 2017AP2132 (Wis. App. Feb. 20, 2019), the Court of Appeals of Wisconsin, concluding that “the circuit court’s undisclosed ESM connection with a current litigant in this case {by accepting a Facebook “friend” request from the litigant} created a great risk of actual bias, resulting in the appearance of partiality”, reversed and remanded the case for further proceedings before a different judge.

Case Background

In this case where the parties entered into an order granting parties Timothy Miller and Angela Carroll joint legal custody and shared physical placement of a minor child in 2011, Carroll filed a motion to modify the court order on the basis that Miller had engaged in a pattern of domestic abuse against Carroll. After the parties had submitted their written arguments, the judge deciding the motion – Judge Michael Bitney – accepted Carroll’s friend request on Facebook. Subsequently, Carroll “liked” eighteen of Judge Bitney’s Facebook posts and commented on two of his posts – none of which related to the pending litigation.  Judge Bitney did not “like” or comment on any of Carroll’s posts, nor did he reply to any of her comments on his posts; however, Carroll’s other activities (“liking” multiple posts from other parties and “sharing” one third-party photograph) did appear on Judge Bitney’s “newsfeed.” One of these shared stories related to domestic violence.

On July 14, 2017, Judge Bitney issued a decision granting Carroll’s modification motion. After the decision, Miller learned that Judge Bitney and Carroll were Facebook friends during the period prior to making his ruling, and moved to reconsider the judge’s decision.  At a hearing on Miller’s motion, Judge Bitney confirmed that he had accepted Carroll’s friend request after the custody hearing and before rendering his written decision. However, he concluded he was not subjectively biased by accepting Carroll’s “friend” request, because he already “had decided how I was going to rule, even though it hadn’t been reduced to writing.” Further, he concluded that “[e]ven given the timing of” his and Carroll’s Facebook connection, the circumstances did not “rise[] to the level of objective bias. . . .” Consequently, he denied Miller’s motion. Miller appealed the decision.

Court’s Ruling

In an opinion written by Justice J. Seidl, he noted that “This case involves what appears to be an issue of first impression in Wisconsin: a claim of judicial bias arising from a judge’s use of electronic social media (ESM)” and stated that “we need not determine whether a bright-line rule prohibiting the judicial use of ESM is appropriate or necessary”.  He also referenced a New Mexico supreme court in Thomas as “particularly instructive”, which said:

“While we make no bright-line ban prohibiting judicial use of social media, we caution that ‘friending,’ online postings, and other activity can easily be misconstrued and create an appearance of impropriety… A judge’s online ‘friendships,’ just like a judge’s real-life friendships, must be treated with a great deal of care.”

The opinion also stated that “the time when Judge Bitney and Carroll became Facebook ‘friends’ would cause a reasonable person to question the judge’s partiality. Although Judge Bitney apparently had thousands of Facebook ‘friends,’ Carroll was not simply one of the many people who ‘friended’ him prior to this litigation. Rather, Carroll was a current litigant who reached out to Judge Bitney and requested to become his Facebook ‘friend’ after testifying at a contested hearing, at which Judge Bitney was the sole decision-maker. Judge Bitney then took the affirmative step to accept this ‘friend’ request before issuing his decision in this case…This timing creates a great risk of actual bias and a resulting appearance of partiality because, even assuming that a Facebook ‘friendship’ does not denote the type of relationship traditionally associated with the term ‘friendship,’ it is unquestionably evidence of some type of affirmative social connection…Carroll’s choice to send a ‘friend’ request to Judge Bitney, combined with Judge Bitney’s choice to accept that request before issuing his decision, conveys the impression that Carroll was in a special position to influence Judge Bitney’s ultimate decision – a position not available to individuals that he had not ‘friended,’ such as Miller.”

As a result, the court reversed and remanded the case for further proceedings before a different judge.

So, what do you think?  Should judges accepting friend requests from litigants disqualify them from ruling in their cases?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Hat tip to Sharon Nelson’s Ride the Lightning blog for coverage of this case.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.