Preservation

internal software infrastructure

Optimizing Your Infrastructure for LAW & Explore eDiscovery

By: Joshua Tucker

It’s safe to say Microsoft isn’t going out of business anytime soon. Last year alone they grew 18 percent, reaching 168 billion dollars*. They are continuously making updates to their software, improving their products and functionality, and purchasing emerging software. They want to empower every person and organization on the planet to achieve more*, but the power you obtain from the software is up to you. Microsoft does not know your intended purpose or use of their software; all they can do is provide the software and the barebone requirements to make it run.

CloudNine software is no different. Let’s take a deep dive into your infrastructure and how you can optimize it with the CloudNine on-premise processing platforms.

We see that several of our clients run their environments with the most minimal recommended resources. Just like Microsoft can’t know how large your SQL server needs to be, we don’t know the level of demand your client’s data is putting on your workstation. What we DO know is that the number of files per case is growing, the complexity of files is growing, and resources are sparse.

We will cover the areas where we can make vast improvements in the efficiency in the way you are using your CloudNine software.

Your Local Area Network

Let’s use the common “business triangles” as a frame of reference. Examples would be “people, technology, and process” or “team, leadership, and mission”, or, my favorite, “price, speed, and quality”. The more your balanced business triangle, the better. Too much or not enough emphasis on one side and that balance will start to wane.

The eDiscovery version of the business triangle is called the ‘Local Area Network’. The first side of this ‘Local Area Network’ is the hardware or the backbone of your infrastructure. The second side would be the software, or the muscle needed to use that backbone. The third side is your network file server or the brain’s storage area, which will hold all the knowledge that our software is going to discover for you. And finally, the three sides are then connected, like sinew, with your local network speed.

You want to find the sweet spot that balances cost, throughput demands, speed to review, and hardware budget. Let us go ahead and call this the “Goldilocks Zone”.

Real-life case study: About 8 years ago, we were working with a client that had a few virtual machines and a few physical machines. The virtual machines were 4 core and 8GB of RAM. The physical machines were 8 core and 16GB of RAM.  IT wanted to get rid of the physical machines, but there was resistance to letting them go because they were able to process so much faster than the virtual machines. We conducted some testing to find the Goldilocks Zone between the amount of data being processed, the expected speed, and the cost. We created a few virtual machines with 4, 8, and 12 cores and ran tests to determine the correct core count for our company. We determined that an 8-core box with 16GB of RAM was able to process data much faster than a 4-core box with only 8GB of RAM.

After we completed optimizing the processing machines, we ventured forth into the other areas of our infrastructure.

Next, we reached out to our SQL team to see what would happen if we added more RAM and more SQL cores. We saw the same result. As we added more resources, we found that we were able to increase the speed on LAW’s communication with SQL. Faster communication equals a faster read/write, which equated to a faster processing speed. During this testing we also found that the more SQL cores, the more we could horizontally spread out the processing tasks on our LAW machines (i.e., we could have more machines writing to the same database).

Note: Today, I have a simple equation to determine the correct size of SQL:  Take the total number of read/write instances that can be communicating or interacting with SQL. Divide that number by three. The resulting number is the SQL cores needed. For RAM, take the same number of instances and multiply it by four.

After we completed this environment review, we had larger machines, faster read/write capability, and more machines to process on each matter. The Goldilocks Zone for SQL ensures that you have the right number of SQL cores and RAM per instances that have read/write work with SQL.

(For LAW workstations is highly suggested at 8 core and 16gb of RAM. For Explore that was 8 core and 32gb of RAM.)

Note: Your LAN does not have to be local to your office, but SQL, the LAW database folder structure and the workstations all need to be in close proximity to each other. The closer the better.

Software and Upgrades

Let’s go back to our Microsoft analogy. Microsoft keeps improving their product and each version of the operating system has the potential of changing the location or how certain files work. It is imperative that the operating system that is installed on your workstations is supported by the version of the product that you are going to use. If it isn’t, the software could act in a way that is completely unexpected – or worse.

The data we process can be a threat to our organization (and this does go for everyone!) and the best way to protect yourself is to be up to date on patches and virus software. I highly suggest that you first patch in a test environment, testing each part of the tool and making sure that the patching will not interfere with your work. The more up to date you can test, the more secure your, and your client’s, data will be.

One thing I like about the right test environment is that once your testing is done, you can make an image and deploy that image to the rest of your workstations. It is fast and efficient.

How your processing engine gets metadata to you matters. For instance, there are engines, like LAW, that will expand the files and harvest all the metadata. This type of processing is slower in getting the data in review, but much faster in the final export. There are also engines, like CloudNine Explore, that will hold off on expanding the data but harvest all the text and metadata extremely quickly. This workflow is great for ECA purposes.

How deep these tools dig into your data is also important. You never want a want privileged document produced because your processing engine did not discover it. Find out if your engine is collecting all the natives, text, and metadata that you need for these legal matters, and then come up with a workflow that will accentuate the strengths of your tool.

Having an Investment in your File Storage

The price of data storage has been coming down for years. Which is great news considering the fact that discoverable data keeps growing and will continue grow at an astounding pace. It is estimated that this past year, that each person on the planet created 1.7 megabytes of information each second. Every matter’s data size has increased and with it, the speed to review. All of this must run efficiently, all of it must be backed up, and all of it must be in your disaster recovery plans.

Network speeds matters. It ties your infrastructure together. If the processing machine can’t talk to the SQL machines quickly, or to the network storage efficiently, then it won’t perform at top speed, no matter how many cores you have. Network speed should be considered not only for the processing department, but for your whole company. We highly suggest a gigabit network, and if you are a firm or legal service provider, you might want to be looking at a 10-gigabit network.

Even with a gigabit network, your workstations, SQL server, and file server need to be local to each other. Having one data center or a or central location helps keep those resources working more effectively, getting you a higher return on investment on your machines.

Pro tip! There is a quick and easy way to test your network speed without having to contacted IT. Find a photo that is near 1mb and put it in the source location. Log into one of your workstations, open a window to that source location, and drag that image to your desktop. Then, drag it back. Both times that you move this image should be instantaneous to you. If either move takes a more than one second, then your network speed needs to be improved.

RECAP

It is our responsibility to figure out what we need to get full capacity out of outside tools. To run CloudNine’s LAW we need workstations that have at least an 8 core and 16gb RAM. For CloudNine Explore workstations, we need 8core and 32gb or RAM and SQL environment that adjusts to number of instances that are interacting with it.

Ensure that your software matches up with the recommended versions for your processing engine. If you are on or are working with an operating system that wasn’t on the list of that processing engine, we know that you could get unexpected results – or worse data. Line up the programs, test before you deploy, and stay up to date.

Know where your data is stored and the speed at which your systems talk to each other. Keep your environment in close proximity.

All in all, in order to get the top speed and performance out of CloudNine’s tools (or our third-party software your purchase), you must invest into the right resources.

Keep working towards your “Goldilocks Zone” – the sweet spot between speed, price, and quality.

If you are interested in having a CloudNine expert analyze your environment and provide recommendations for efficiencies, please contact us for a free Health Check.

 

*https://www.statista.com/statistics/267805/microsofts-global-revenue-since-2002/

* https://www.priceintelligently.com/blog/subscription-revenue-adobe-gopro-microsoft-gillette

* https://www.comparably.com/companies/microsoft/mission

* https://docs.microsoft.com/en-us/sql/sql-server/install/hardware-and-software-requirements-for-installing-sql-server-2019?view=sql-server-ver15

 

Do’s and Don’ts of Text Message Discovery

Discovery requests of the past had little reason to include text messages as a form of evidence. Emails were the primary concern since they held the bulk (if not all) of business communications. Finding relevant corporate emails was rather simple. Corporate servers stored the data, regardless of how the email was sent or received (via mobile device or work computer). Consequently, companies were able to locate ESI without the assistance of forensic experts. As text messages became the preferred method for informal communications, their usage in the business world also grew. [1] In 2015, research showed that 80% of professionals conducted business communications through texts. This percentage has likely skyrocketed in recent years due to the shift to remote work during the pandemic. Today, some industry experts refer to texts as the new email, citing them as the main source of relevant information. Litigants, however, must remember that phone carriers aren’t obligated to permanently preserve message records. Unless subpoenaed, they may refuse to participate in discovery investigations. Instead of depending on carriers, text messages must be preserved and obtained from the device itself. [2]

Text Message Spoliation Sanctions

  • Stinson v. New York City: The plaintiffs in this suit alleged that the NYPD was issuing summonses without probable cause. The court imposed an adverse inference sanction against New York City for failing to preserve and collect relevant text evidence.
  • Timms v. LZM, LLC: Plaintiff Heather Timms sued her employer for failing to compensate her overtime hours, but she removed text messages and a messaging app before submitting her cell phone as evidence. Consequently, attorney fees were issued, and the case was terminated.
  • First Fin. Sec. Inc. v. Lee: FFS, an insurance broker, requested the production of all written communication after the defendants violated their contract by sharing company information after termination. After failing to produce text message evidence, the Court arranged attorney fees and an adverse inference sanction against the defendant. [3]

Text Message Do’s

  • Develop policies about business messaging. Some companies may go as far as banning all employees from discussing work affairs over text. Others companies may impose regulations on who and how work messages are sent. If your company permits any kind of text-based business communications, set up retention policies and collection plans. Through the policies, ensure that the data is preserved if needed for litigation.
  • Once your retention policies are established, consistently enforce them. Update your employees on any changes that the policies undergo. Poorly enforced policies are no better (and sometimes worse) than having no policy at all.
  • Train employees on how to appropriately send work texts. Also, inform them of the risks associated with deleting potentially relevant information.
  • Issue litigation holds when anticipating litigation. In the litigation hold letter, remind employees to disable any automated deletion features. Companies should also specify if message preservation is required for company devices, personal devices, or both. [4]

Text Message Don’ts

  • Rely on screenshots alone as a way to create records. Text messages can be easily manipulated, so screenshots are not enough to validate their authenticity. Find additional means of proof such as witness or expert testimony. As a better alternative, companies can find a discovery solution to produce the evidence through native or near-native files.
  • Rely on phone carriers to preserve the messages. As stated above, carriers will only store the data for short periods of time. Take ownership of your preservation duties by establishing retention policies in advance.
  • Delete messages or conversation histories when anticipating litigation.
  • Manually preserve text messages by copying and pasting them into other sources. Manual efforts include forwarding text messages to email and exporting texts to Excel files. These methods are time-consuming and harder to authenticate in court. [5]

 

[1] Nicole Allen, “Text Messages: Preservation Lessons for Mobile E-discovery,” LitSmart E-Discovery, December 20, 2017.

[2] Bill Kammer, “In eDiscovery, Texts are the New Email,” SDCBA Blawg 401, January 7, 2020.

[3] Zac Muir, “Failure to Produce Text Messages in eDiscovery,” Microfocus, October 16, 2012.

[4] Anthony J. Diana, Catherine Bernard, and Therese Craparo, “Managing The Risks And Costs Of Text Messaging (Electronic Discovery & Records Management – Tip Of The Month),” April 3, 2013.

[5] “How Federal Agencies Can Capture Text Messages for E-Discovery,” February 4, 2021.

Spoliation Sanctions and Prevention Strategies

Emails, Slack messages, tweets, and digital documents are just a few data types that a company may generate on a daily basis. Thankfully, businesses aren’t required to store all electronic records indefinitely. A party, however, must preserve evidence before litigation begins or whenever the party suspects the information may be relevant to anticipated litigation. Spoliation refers to the failure to preserve relevant information during contemplated or pending litigation. According to the FRCP, intentional spoliation may result in dismissal of action, default judgment, or court/jury presumption that the missing information was unfavorable to the responsible party. If unintentional, the court may impose measures no greater than necessary to cure the prejudice. [1] Though the FRCP offers examples, sanctions may be imposed at the court’s discretion. Other sanctions for spoliation may include monetary fees, precluding a party from introducing other evidence, and a motion to strike out pleadings. [2]

Strategies for Preventing Spoliation

  • Identify all potentially relevant evidence by considering the mediums and locations in which the data may be stored. This can be done by questioning potential custodians through questionnaires or personal interviews. Be mindful that relevant evidence can come in various forms: videos, emails, Word documents, social media posts, etc.
  • Utilize a litigation hold to instruct employees against deleting relevant information. Make sure to send the litigation hold to the IT department if any automated deletion programs need to be stopped.
  • After sharing the litigation hold, issue reminders to custodians of its existence. Merely having the memorandum may not be enough to avoid sanctions. Thus, companies should remind custodians to fully comply with the instructions. [3] Companies may also opt to require written confirmation from employees to confirm they have received the litigation hold.
  • Check your employees’ understanding of their preservation obligations. This can be done by leaving space for questions and confusion surrounding the litigation hold’s instructions.
  • Properly collect and store your ESI. It may be wise to make copies of any relevant information. [4]
  • If necessary, hire an independent expert for the collection and production process. Doing so will reduce your risk of spoliation greatly. If spoliation still occurs, employment of the expert may be considered as evidence of the company’s good faith. [3]

[1] “E-discovery and the Duty to Preserve,” Constangy Brooks, Smith & Prophete LLP, June 20, 2016.

[2] Michael W. Mitchell and Edward Roche, “Lessons Learned: Destroying Relevant Evidence Can Be Catastrophic in Litigation,” Smith Anderson, August 6, 2020.

[3] Rebecca Edelson, Seong Kim, and Angela Reid, “3 Steps in Furtherance of Avoiding Devastating Spoliation Sanctions In Trade Secret Misappropriation Litigation,” Mondaq, December 9, 2019.

[4] James Floyd Jr. and Ryan Owen, “Don’t Delete That Data! Actions Required to Satisfy Document Preservation Obligations,” JD Supra, October 26, 2021.

Increasing Your Technological Competence, Part 1

From the CloudNine family to yours, we wish you a wonderful holiday season! As a gift of knowledge, this article will focus on defining and maintaining high levels of technological competence. To effectively represent their clients, a lawyer must actively update their knowledge on legislative changes. The American Bar Association referred to this skill in Rule 1.1 as “competence.” The rule originally called for lawyers to possess the “legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation.” [1] In 2012, the ABA expanded the definition through an amendment concerning technological competence. According to Matthew Knouff from ESI Survival Guide, 39 states adopted this rule in some form by March 2021. South Dakota, Rhode Island, Oregon, New Jersey, Nevada, Mississippi, Maryland, Maine, Hawaii, Georgia, and Alabama are the main exceptions to this trend. [2] Though Rule 1.1’s amendment laid out the framework, it didn’t provide instructions on how lawyers should build their technological competence. To achieve this duty, the California Bar committee issued an opinion, outlining 9 necessary skills. Since this opinion was crafted through examinations of federal cases, these skills could be applicable to various states.

Explanations of the First Five Skills

  1. Initially assess e-discovery needs and issues, if any.

In fear of the cost and rules of e-discovery, some lawyers try to avoid the practice altogether. By doing so, lawyers disadvantage their clients by missing out on relevant ESI. Instead of yielding to eDiscovery trepidation, conduct an initial assessment to determine the cost, timeframe, and data types needed for the investigation. Consider the value of the claims in comparison with the costs of processing and production. Determining which data types must be collected and how much time is allotted for the process. These examinations can act as a starting point in assessing the proportionality of the production request.

  1. Implement or cause to implement appropriate ESI preservation procedures.

To accomplish this skill, lawyers should acquaint themselves with their client’s IT setup. Once the preservation responsibilities have been established, clients and custodians should be informed with clear, written instructions. It’s important to follow up with clients and custodians to ensure that they are complying with the preservation requirements to avoid spoliation sanctions. If requesting ESI from opposing counsel, send a preservation letter that identifies what data should be preserved and where it can be found.

  1. Analyze and understand a client’s systems and storage.

Get familiar with your client’s IT environment and staff. It’s beneficial to request data maps of complex systems and speak directly to the IT staff. Through this knowledge and ease in communication, lawyers will gain a better sense of where relevant ESI may lie. After determining the location of the data, one can access how difficult and/or expensive it will be to access the information.

  1. Advise the client about available options for collection and preservation of ESI.

The scope and cost of preservation might be huge when dealing with larger companies due to their larger volumes of data and longer lists of custodians. However, lawyers should not concern themselves with burdensome collections unless the information is proportional to the case. During Rule 26(f) conferences, consult opposing counsel on the scope of discovery in relation to the costs of collection and production. If the parties determine that the discovery request is disproportional, seek guidance from the court.

  1. Identify custodians of relevant ESI.

After identifying the custodians who possess relevant data, categorize the list into two categories: primary custodians and secondary custodians. As the terms suggest, primary custodians have more direct involvement with the information than secondary custodians. To save money, counsel can decide to initially search for primary custodians within a limited time frame. If necessary and proportional, the search can be expanded to encompass secondary custodians. [3]

 

[1] Model Rules of Professional Conduct Rule 1.1

[2] Matthew Knouff, “How to Gain & Maintain Technology Competence — Element 1: Education — Part 1 of 3,” March 30, 2021.

[3] Hon. Joy Flowers Conti and Richard N. Lettieri, “E-Discovery Ethics: Emerging Standards of Technological Competence,” The Federal Lawyer, 2015.

Need a Data Retention Policy? Here’s How to Build One

Now that most industries are going paperless, companies must create a comprehensive data retention policy. The purpose of a data retention policy is to establish procedures for labeling, storing, and deleting electronic (and physical) records. [1]  Most companies acknowledge the need for a retention policy, but they don’t commit to creating one. A 2000 ABA study found that 83% of the responding companies had no established protocol for handling discovery requests. Despite this unsettling statistic, 77% of the companies expected discovery requests to increase in the future. [2]  Many reasons support the need for comprehensive retention policies. One of the most pressing reasons is the explosion of ESI in recent years. For instance, corporate email alone is estimated to increase annually at a compounded rate of over 13%.  Without a data retention policy, an organization in the midst of litigation would be responsible for organizing large volumes of data with little time to do so. By proactively developing data management policies, companies will avoid the pressures of looming deadlines. Ensuring that information is properly handled also minimizes a company’s risk for sanctions. [1]  The following is a list of steps and suggestions for developing a data retention policy.

  • Do your research on relevant laws

Certain state and federal laws mandate specific preservation and deletion practices. HIPAA and GLBA are older examples of ESI regulations enacted in the late 1990s. However, states are constantly reviewing and revising their ediscovery laws, so it’s important to stay on top of any legislation changes.

  • Determine when to archive or delete data

While corporations are not expected to store every single electronic document, deletions must be orderly and purposeful. The practice of strategically deleting unneeded data is referred to as “defensible deletion.” When done correctly, defensible deletion is cost-efficient, storage-friendly, and most importantly, legal. Defensible deletion is protected by Rule 37(e) of the Federal Rules of Civil Procedure (FRCP). The rule prohibits sanctions against electronic records that were lost during good-faith deletion procedures. [3]

  • Review how your data is housed

In this step of the process, it’s important to ask what, where, and how. What data types are being stored, and how should they be classified (i.e. social media, email, transactions)? What are the retention policies for each medium? What’s the purpose of preserving this information? Where is it being stored, and does this location need to be changed to a better one? How long does the data need to be stored in order to comply with applicable state and federal laws?

  • Monitor your policy

Regularly review your policy to ensure that your company is following its outlined regulations. If you notice that your company is deviating from the policy’s storage and deletion procedure, fix the issue as soon as possible to minimize any legal risks. Routine audits also make it easier to make policy adjustments as needed.

  • Assign accountability

Determine who will be responsible for enforcing the policy throughout the company. This person or department must be well-versed on the policy’s provisions, and they must be ready to testify in court about the company’s retention procedures. [2]

  • Limit your paper trail

Consider a provision that requires electronic copies of physical documents. Some companies are still hesitant to transition to completely paperless operations. Though this hesitancy is understandable, it’s recommended to save an electronic version of all paper records. This suggestion is merely that, just a suggestion. Completely converting to electronic records is not a mandatory step in creating an effective data retention policy. However, this step would speed up the process of identifying relevant data for litigation. [1]

[1] Carlos Leyva, “Data Retention & eDiscovery,” Digital Business Law Group.

[2] “Document Retention & Destruction Policies for Digital Data,” Applied Discovery, LexisNexis, 2004.

[3] Law Offices of Salar Atrizadeh, “Electronic Discovery and Data Retention Policies,” Internet Lawyer Blog, May 18, 2020.

Don’t Get Spooked by Communication Applications!

Since Halloween is approaching, it’s time to reflect on a scary part of the discovery process: handling communication applications. As a newer form of digital evidence, communication apps can be a legal team’s worst nightmare. Ephemeral messaging apps like Wickr and Signal make conversations disappear like ghosts in the night. Slack and Microsoft Teams have sunk their teeth into the communications of most corporations. Social media apps have entranced us with a spell, prompting our fingers to type a new DM or tweet every other hour. It’s easy to view these applications as monsters in the discovery process. They have revolutionized the world of e-discovery, expanding it to more than just emails and electronic files.  Whether you love them or hate them, communication apps aren’t going anywhere. In fact, their popularity is only rising. Approximately 2.5 billion people use at least one messaging app on their mobile devices. This number is expected to reach 3 billion by the end of next year. [1] Here’s another chilling statistic: in 2020, 41 million application messages were sent every minute. The volume of communication app data is frighteningly large, but its relevance is undeniable. Regardless of case type, (criminal, personal injury, defamation, etc.) litigants should consider its production. Within each channel and group chat lies a plethora of information that could make or break a case. Still afraid? Here’s a list of challenges and solutions for managing communication applications.

Understanding the missing context:

Messages sent on communication applications are often short and sent with little context. Bits and pieces of conversations might be spread out across multiple platforms and group chats. When handling a case, legal teams should identify all relevant communication platforms to connect the missing dots. Litigants should also consider deriving context from atypical sources such as emojis, liked messages, images, and GIFS. [2] These humorous icons and features can reflect the sender’s tone, a difficult thing to gather over text. Remember, images and emojis aren’t supported in all native file types, so it’s important to find an eDiscovery provider that will reconstruct the conversations. [3]

Managing large volumes of data:

Producing and reviewing voluminous data is stressful, time-consuming, and expensive. By creating comprehensive retention policies, businesses can proactively determine which data types and channels should be preserved. Within the policies, companies should outline the procedures for labeling, storing, and deleting records. [4] The deletion of unneeded data lowers the risk of massive data accumulation.

Remembering each application’s retention policies:

Applications like Slack and Microsoft Teams will retain all messages unless configured otherwise. Similarly, Facebook, Instagram, and Messenger store data until the account has been deleted. [5] If the account owner deletes or unsends a message, the data will still show on the recipient’s phone. Some of these platforms contain “Recently Deleted” features that make recovery much easier. The policies for collaboration and social media applications are rather straightforward. Ephemeral messaging apps are a bit different; however, the auto-deletion features can be adjusted to the user’s discretion. Auto-deletion settings should be turned off during or in anticipation of litigation.

 

[1] Damjan Jugovic Spajic, “Text, Don’t Call: Messaging Apps Statistics for 2020,” Komando Tech, December 11, 2019.

[2] Erin Tomine, “Chat Messages and eDiscovery: How to Ease the Burden and Get the Full Picture,” Conduent, July 7, 2021.

[3] Matthew Verga, “Discovery from Slack: It’s Complicated,” Xact Data Discovery, June 19, 2020.

[4] Law Offices of Salar Atrizadeh, “Electronic Discovery and Data Retention Policies,” Internet Lawyer Blog, May 18, 2020.

[5] “Data Policy,” Instagram Help Center, 2021.

The Risks and Benefits of Ephemeral Messages

What are Ephemeral Messages?

In the corporate world, Gmail, Microsoft Teams, and Slack are the most common forms of communication. Though these platforms are traditional and efficient, they create privacy and storage challenges. Ephemeral messages counteract these issues by disappearing shortly after the recipient has read the message. [1]

Platforms with disappearing messages:

  • Snapchat
  • Signal
  • Wickr
  • Cover Me
  • Confide
  • Telegram
  • Hash
  • WhatsApp
  • DingTalk

Court Cases Involving Ephemeral Messaging

  • Waymo, LLC v. Uber Technologies, Inc.: In this trade secrets case, Uber’s usage of Wickr and Telegram became a discovery headache. The judge granted both parties the opportunity to argue for or against the relevance of the messages. Thus, the case’s focus shifted from trade secrets to unrecoverable conversations. [2]
  • WeRide Corp v. Huang: After the defendant was accused of intellectual property theft, they took several measures to destroy communication evidence. One of those measures included communicating through DingTalk after the preliminary injunction. Since the messages were destroyed and post-injunction, terminating sanctions were issued. [3]
  • Herzig v. Arkansas Foundation for Medical Care, Inc.: In this age discrimination case, the plaintiffs started using Signal after receiving preservation orders. The judge noted that the plaintiffs manually configured the deletion settings; thus, the case was dismissed for intentional spoliation. [4]

Weighing the Risks and Benefits

Through automated deletion, ephemeral messaging apps eliminate issues concerning data volume. Smaller amounts of data provide greater security from data leaks and reductions in storage costs. Despite these benefits, ephemeral messages are a risky form of communication because they increase the likelihood of spoliation. [5] Spoliation sanctions can range from monetary payments to case dismissal. [6]

Best Practices for Preservation

  • Automated deletion settings should be shut off as soon as a complaint is filed.
  • Create comprehensive policies on managing ephemeral messages. These policies should outline legitimate reasons for the app’s usage, retention information, and destruction guidelines.
  • Train employees on ephemeral messaging etiquette in the workplace.
  • Monitor and document company usage of ephemeral messaging apps. [7]

[1] Dennis Kiker, “Now you see it, now you don’t: Ephemeral messaging may lead to sanctions,” DLA Piper, June 8, 2020, https://www.dlapiper.com/en/us/insights/publications/2020/06/now-you-see-it-now-you-dont-ephemeral-messaging-may-lead-to-sanctions/

[2] Robert M. Wilkins, “Client Litigation Risks When Using Ephemeral Messaging Apps,” Jones Foster, March 5, 2020, https://jonesfoster.com/our-perspective/pbcba-messaging-app-article

[3] Philip Favro, “INSIGHT: California Case Offers Warnings on Ephemeral Messaging,” Bloomberg Law, June 1, 2020, https://news.bloomberglaw.com/esg/insight-california-case-offers-warnings-on-ephemeral-messaging

[4] Scott Sakiyama, “This Message Will Self-Destruct in 5 Seconds,” Corporate Compliance Insights, March 26, 2020, https://www.corporatecomplianceinsights.com/self-destruct-ephemeral-messaging/

[5] Rebecca Cronin, “A Lawyer’s Guide to Ephemeral Messaging,” JD Supra, May 18, 2021, https://www.jdsupra.com/legalnews/a-lawyer-s-guide-to-ephemeral-messaging-4360652/

[6] Michael W. Mitchell and Edward Roche, “Lessons Learned: Destroying Relevant Evidence Can Be Catastrophic in Litigation,” Smith Anderson, https://www.smithlaw.com/resources-publications-1673

[7] Thomas J. Kelly, “The Rise of Ephemeral Messaging Apps in the Business Word,” National Law Review, April 23, 2019, https://www.natlawreview.com/article/rise-ephemeral-messaging-apps-business-world

Spoliation and Defensible Deletion: What’s the Difference?

Spoliation and Sanctions

Spoliation, the destruction or manipulation of ESI, has become a prevalent issue in e-discovery. As evidenced by Atalian US New England, LLC v. Navarro, spoliation is often done deliberately. In response to allegations of fraud, the defendant deleted mobile device data and replaced it with fabricated evidence. The judge sanctioned the company for intending to deprive the opposing counsel of relevant information.[1] Negligence is another cause for spoliation. In McCoy v. Transdev Svc., Inc., Transdev faced default judgment for “inadvertently” deleting cell phone data. Though the content was unknown, the Court upheld its relevance, maintaining that it could have supported the opposition’s claims.[2] Faulkner v. Aero Fulfillment Services demonstrates that spoliation can also be an accidental offense. Ms. Faulkner initially adhered to production requests and produced her LinkedIn data in the form of an Excel spreadsheet. But when the defendants asked for the evidence in a different format, Ms. Faulkner was unable to comply because she had deactivated her account. The court decided against sanctioning the plaintiff because she had followed the initial production request, and it was the counsel’s responsibility to inform her of preservation obligations.[3]

Per Rule 37(e) of the Federal Rules of Procedure, sanctions for irreversibly deleting ESI include:

  • Court involvement to remedy any prejudices suffered by the opposing counsel
  • Court and jury presumptions that the lost information was unfavorable to the responsible party if the deletion was intentional
  • Dismissal of the action or motion for default judgment[4]

 

Defining Defensible Deletion

Unlike spoliation, defensible deletion involves the ongoing elimination of unneeded data to reduce the costs of storage and retention. Deletion is permissible by the Federal Rules of Procedure when the ESI isn’t being held for a legal, statutory, or business purpose. Legal teams should carefully design a deletion strategy so that they can decide what to keep, archive, and eliminate.[5]

 

Things to Keep in Mind for Defensible Deletion

  • Prepare a retention policy and schedule. Defensible deletion is a slow, meticulous process. Take your time, especially when handling large amounts of big data.
  • Establish an inventory of legal preservation obligations. Within the inventory, identify which data types are currently under legal holds (or likely to be held). Proper documentation and classification of your data will simplify the retention process.
  • Properly staff the deletion project with a range of experts in various fields.[6]

 

[1] R. Thomas Dunn, “Intentional Deletion and Manipulation of Electronic Data Leads to Default Judgement,” JD Supra, August 12, 2021, https://www.jdsupra.com/legalnews/intentional-deletion-and-manipulation-8546367/

[2] Michael Berman, “Defendant Unsuccessfully Argued that Plaintiff Could Not Show That Data on Cell Phone That Defendant Destroyed Was Relevant,” E-Discovery LLC, August 18, 2021, http://www.ediscoveryllc.com/defendant-unsuccessfully-argued-that-plaintiff-could-not-show-that-data-on-cell-phone-that-defendant-destroyed-was-relevant/

[3] Brielle A. Basso, “In It for the Long Haul: The Duty to Preserve Social Media Accounts Is Not Terminated Upon an Initial Production,” Gibbons, June 30, 2020, https://www.gibbonslawalert.com/2020/06/30/in-it-for-the-long-haul-the-duty-to-preserve-social-media-accounts-is-not-terminated-upon-an-initial-production/

[4] “Rule 37. Failure to Make Disclosures or to Cooperate in Discovery; Sanction,” Legal Information Institute, https://www.law.cornell.edu/rules/frcp/rule_37

[5] “Defensible Deletion Strategy: Getting Rid of Your Unnecessary Data,” Special Counsel, November 16, 2019, https://blog.specialcounsel.com/ediscovery/defensible-data-deletion-strategy-basics/

[6] Andrew J. Peck, Jennifer M. Feldman, Leeanne Sara Mancari, Dennis Kiker, “Defensible deletion: The proof is in the planning,” DLA Piper, February 5, 2021, https://www.dlapiper.com/en/us/insights/publications/2021/02/defensible-deletion-the-proof-is-in-the-planning/

Top Ten Tips for Working with eDiscovery: eDiscovery Best Practices

I stumbled across a post in our blog that Tom O’Connor did over a year ago to conclude his series titled Will Lawyers Ever Embrace Technology?  As usual, Tom did a great job and, in this post, he offered his top ten tips for working with eDiscovery.  Tom provided a top ten list terrific enough to make David Letterman proud, but I thought the list could use some additions – in the form of links to resources for the items.  Here goes!

As a reminder, here are the top ten tips from Tom’s post:

  1. Read the Rules
  2. Read the Decisions
  3. Know the Terms
  4. Know Where Your Data Is
  5. Talk to The IT Department
  6. Talk to The Records Management People
  7. Make a Records Management Policy
  8. Make A Litigation Hold Policy
  9. Enforce the Litigation Hold Policy
  10. Meet with Your Client’s Inside Counsel

Let’s take them one (or sometimes two) at a time.

Read the Rules: As Tom notes, the Federal Rules of Civil Procedure (FRCP) lay out the framework for your obligations in handling eDiscovery, but many states have rules that may differ from the FRCP.  Not only that, but the FRCP is comprised of a lot of rules which don’t necessarily have to do with eDiscovery.  So, which ones do you need to know?  There are two notable Rules updates that have significant eDiscovery impact: the 2006 and 2015 updates.  Fortunately, we covered them both in our webcast titled What Every Attorney Should Know About eDiscovery in 2017, which (as you can tell by the title) is three years old now (but still relevant for this topic).  You can click on the webcast to get access to the slides (via the attachments link) if you don’t want to sit through the hour-long webcast.  As for states rules, K&L Gates has a listing of states that have enacted eDiscovery rules (not all of them have), so you can check your state (and other states) here.

Read the Decisions: To find decisions related to eDiscovery, you can find plenty of those right here on the eDiscovery Daily blog – for free!  We’re up to 734 lifetime case law related posts, covering 566 unique cases since our inception back in 2010.  You can see them all here or wind them down year by year here.  If you want even more decisions (1,500 to 2,000 a year, not to mention other terrific resources), you can find those at our go to site for case law – eDiscovery Assistant.

Know the Terms: Tom notes in his post the importance of knowing the terms and even provides a terrific resource – The Sedona Conference – for a great terms list, which was just updated and we covered it and how to get it here!

Know Where Your Data Is: When it comes to knowing where your data is, a data map comes in really handy.  And, with GDPR and other factors emphasizing data privacy, that’s more important than ever.  Here are several templates to get started.

Talk to The IT Department: Tom says “You’re Lewis and Clark, they’re Sacajawea. You cannot…absolutely cannot…navigate without them.”  Knowing the terms and understanding data maps (see previous two paragraphs) will help bridge the communication gap and help here too.

Talk to the Records Management People and Make a Records Management Policy: Records Management is a term that has been around for a long time.  A more recent term that has become synonymous is Information Governance.  eDiscovery Daily has over 200 posts related to Information Governance, including this seven blog post series from Tom here.  Enjoy!

Make A Litigation Hold Policy and Enforce the Litigation Hold Policy: We’ve covered the topic of litigation holds several times as well during the almost 9 1/2 years of the blog, including these two posts (recently updated) where we discuss several things you need to consider when implementing your own litigation hold.

Meet with Your Client’s Inside Counsel: With all of the info you learned above, you’re well equipped to (as Tom puts it) “discuss all of the above”.  One more thing that can help is understanding topics that can be covered during the meet and confer that will benefit both you and your client.  Here’s a webcast that will help – again, you can click on the webcast to get access to the slides (via the attachments link) if you don’t want to sit through the hour-long webcast.

One more thing that Tom notes in his post is that “eDiscovery is a process comprised of separate distinct stages, any one of which may have specific software available for that stage” and that’s very true.  Certainly, that’s true at CloudNine, where, in addition to our Review product mentioned above, we also have a product that collects data from O365 and One Drive (CloudNine Collection Manager™), an Early Data Assessment platform (CloudNine Explore™), a processing and production platform known as the “swiss-army knife of eDiscovery” (CloudNine LAW™) and a tried and true desktop review platform (CloudNine Concordance®).  There are as many workflows as there are organizations conducting eDiscovery and getting the most out of software products available from CloudNine or other providers to maximize your own workflow is key to succeeding at eDiscovery.  Work with your software provider (whoever they are) to enable them to help maximize your workflow.  Help us help you!  :o)

So, what do you think?  Are you familiar with all of these resources?  If not, now you can be!  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Here’s a Terrific Listing of eDiscovery Workstream Processes and Tasks: eDiscovery Best Practices

Let’s face it – workflows and workstreams in eDiscovery are as varied as organizations that conduct eDiscovery itself.  Every organization seems to do it a little bit differently, with a different combination of tasks, methodologies and software solutions than anyone else.  But, could a lot of organizations improve their eDiscovery workstreams?  Sure.  Here’s a resource (that you probably already know well) which could help them do just that.

Rob Robinson’s post yesterday on his terrific Complex Discovery site is titled The Workstream of eDiscovery: Considering Processes and Tasks and it provides a very comprehensive list of tasks for eDiscovery processes throughout the life cycle.  As Rob notes:

“From the trigger point for audits, investigations, and litigation to the conclusion of cases and matters with the defensible disposition of data, there are countless ways data discovery and legal discovery professionals approach and administer the discipline of eDiscovery.  Based on an aggregation of research from leading eDiscovery educators, developers, and providers, the following eDiscovery Processes and Tasks listing may be helpful as a planning tool for guiding business and technology discussions and decisions related to the conduct of eDiscovery projects. The processes and tasks highlighted in this listing are not all-inclusive and represent only one of the myriads of approaches to eDiscovery.”

Duly noted.  Nonetheless, the list of processes and tasks is comprehensive.  Here are the number of tasks for each process:

  • Initiation (8 tasks)
  • Legal Hold (11 tasks)
  • Collection (8 tasks)
  • Ingestion (17 tasks)
  • Processing (6 tasks)
  • Analytics (11 tasks)
  • Predictive Coding (6 tasks)*
  • Review (17 tasks)
  • Production/Export (6 tasks)
  • Data Disposition (6 tasks)

That’s 96 total tasks!  But, that’s not all.  There are separate lists of tasks for each method of predictive coding, as well.  Some of the tasks are common to all methods, while others are unique to each method:

  • TAR 1.0 – Simple Active Learning (12 tasks)
  • TAR 1.0 – Simple Passive Learning (9 tasks)
  • TAR 2.0 – Continuous Active Learning (7 tasks)
  • TAR 3.0 – Cluster-Centric CAL (8 tasks)

The complete list of processes and tasks can be found here.  While every organization has a different approach to eDiscovery, many have room for improvement, especially when it comes to exercising due diligence during each process.  Rob provides a comprehensive list of tasks within eDiscovery processes that could help organizations identify steps they could be missing in their processes.

So, what do you think?  How many steps do you have in your eDiscovery processes?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.