Close
Enter your
text here

Preservation

eDiscovery Trends: A Site Designed to Facilitate Meet and Confer Conferences
 

The past two days, we discussed the basics of the Rule 26(f) “meet and confer” conference and details regarding the topics to discuss during that conference.  Hopefully, you found that review informative.

Now, as noted in a recent Law Technology News article by Sean Doherty, there’s a web application to facilitate the process to prepare for and conduct the Rule 26(f) conference.

MeetandConfer.com, provided by 26F LLC, was created to help attorneys prepare for court mandated “meet and confer” meetings.  The application is designed for law firms and corporate clients to help them determine the content, scope, and extent of ESI associated with the case.  There are four modules to coordinate the process, as follows:

  • Manage Enterprise Information: Enables users to map out organizational information, allowing all parties to understand where potentially relevant ESI is located, policies and practices associated with the ESI, and who is responsible for the ESI.  This module also enables various aspects of the organization to be documented, including backup policies and disaster recovery plans.
  • Matter Scoping: Enables users to track the various matters, and, for each matter, it enables users to track custodians and generate surveys to gather information about the locations of potentially responsive ESI.
  • Meet and Confer: Allows attorneys to define essential ESI needs for both parties while projecting a budget to identify, collect and process the data.  This module also provides a mechanism for computer-aided video conferencing (which can be facilitated by an independent mediator) to actually conduct the conference.
  • System Administration: Supports the creation of clients and users and establish rights for each user group.

Sean’s article mentioned above goes into more detail into each module, reflecting his “hands on” experience in “test driving” the application.  MeetandConfer.com is offering a free one month trial to “qualified” users (i.e., attorneys and judges), with the monthly rate of $149 per user to be billed after the free trial.

So, what do you think? Would an application like this make it easier to fully prepare for “meet and confer” conferences? Would you consider using such an application?  Please share any comments you might have or if you'd like to know more about a particular topic.

eDiscovery Rules: ESI Topics of the "Meet and Confer"
 

Yesterday, we talked about the basics of the Rule 26(f) “meet and confer” conference, Today, let’s go into more detail about the topics that are typically covered during the “meet and confer”, and why.

The "meet and confer" conference focuses on the exchange of information regarding discovery and the creation of a comprehensive plan that will govern the sharing and privilege of ESI. Accordingly, the requirements of this meeting specify discussion of the following topics:

  • Initial Disclosures: This exchange may be specific and detailed or very basic, depending on the needs of the case and the attorney's agendas. Proposed changes to the requirements, timing, or form of these disclosures may be discussed.
  • Topics on which Discovery may be Needed: It may be easy to agree on subjects for which discovery is necessary, or it may require prolonged discussion to reach an accord. In some instances, time and expense can be saved by beginning with a single area and later expanding discovery to include other topics, if necessary. Known as "phased discovery", this can be a very effective choice, as long as it is conducted in a way that does not require duplication of effort in later phases.
  • Format of Production of ESI: Although the actual discovery process may be conducted over weeks or even months after the conference, it's important to agree now on the format of production to prevent parties from accidentally converting files into a type that will later prove to be inconvenient or result in loss of data. This is especially important if one party has a request for a particular format.
  • Privilege, Inadvertent Disclosure, and Protective Orders: Although we all strive to prevent disclosure of privileged information, it's important to discuss in advance the possible implications and a process for dealing with such an eventuality, if it should occur.
  • Potential Deviations from Discovery Rules Requirements: In some cases, opposing attorneys will agree that they can accomplish discovery in fewer depositions than specified by Federal Rules or local rules. If so, this discussion and any related proposals should be part of the "meet and confer" conference so they can be incorporated into the discovery plan.
  • Any Other Orders or Concerns about Discovery: From discovery agreements to questions or requests, almost any topic related to eDiscovery can be part of the "meet and confer" conference.

To get the most out of the "meet and confer," and to save time and expense, most attorneys will prepare an extensive agenda of the topics for discussion in advance of the meeting itself. Although there are many other topics that may be included in the conference, this list covers key requirements of the Rule 26(f) "meet and confer" conference and the discovery plan to be created there.

So, what do you think? Did you learn something that you didn’t already know about the Rule 26(f) "meet and confer" conference?  If so, then we accomplished our goal! Please share any comments you might have or if you'd like to know more about a particular topic.

eDiscovery Rules: What's Really Required for the "Meet and Confer"?
 

Almost any litigation professional who works with eDiscovery is aware of the Rule 26(f) "meet and confer" conference, but many don't fully understand its parameters and how it affects ESI. What exactly is the "meet and confer" and what are some of its implications in regard to eDiscovery?

What is the "Meet and Confer"?

The "meet and confer" conference is now a requirement in Federal cases as of the rules changes of 2006 to the Federal Rules of Civil Procedure. In addition to Rule 26(f) for Federal cases, an increasing number of states now have (or are contemplating) a similar rule.  It provides an opportunity for the parties in a lawsuit to discuss discovery and create a plan for the sharing of information during and before trial.

The goal of the "meet and confer" rules is to provide a basis for an open exchange of information and a productive dialogue about discovery-related topics. Even in the antagonistic world of litigation, it is possible to reach an accord on the details of discovery by conforming to the requirements of these rules and of the discovery process.

What are the Parameters of the "Meet and Confer"?

Rule 26(f) states that attorneys must meet and discuss "any issues about preserving discoverable information" as well as developing a "discovery plan." It also specifies that:

  • Attorneys must already be aware of the location and nature of their own clients' computer systems and discoverable documents, and must be prepared to ask questions about their opponents' ESI, electronic systems, and data preservation actions.
  • In order to be fully prepared for this conference, an attorney needs to know as much as possible about the location, volume, and logistical challenges that surround the collection of ESI, as well as the client's preferences regarding privilege, protective orders, and document review.
  • The more informed the attorneys are on each of these counts, the more capable they will be to address relevant issues, streamline the discovery process, and minimize eDiscovery costs.
  • Attorneys may exchange either in-depth or limited information about the legal holds process.
  • The result of the "meet and confer" conference is to establish a comprehensive discovery plan and lay the groundwork for the discovery aspects of the rest of the proceeding.

Tomorrow, I’ll go into more details about the specific topics to be covered at the Rule 26(f) conference.  Oh, the anticipation!

So, what do you think? Do you have any experience with Rule 26(f) conferences that went awry or cases where having a Rule 26(f) conference would have helped? Please share any comments you might have or if you'd like to know more about a particular topic.

eDiscovery Case Law: Sanctions for Spoliation, Even When Much of the Data Was Restored

A Virginia court recently ordered sanctions against the defendant in a case of deliberate spoliation of electronic discovery documents.

In E.I. Du Pont De Nemours & Co. v. Kolon Indus., Inc., No. 3:09cv58, 2011 WL 2966862 (E.D. Va. July 21, 2011), the defendant was found to have committed spoliation “in bad faith” in a manner that constituted a “violation of duty… to the Court and the judicial process,” as follows:

  • The defendant, Kolon Industries Inc., was charged with misappropriation of trade secrets, conspiracy, information theft, and other allegations.
  • Within two days of receiving the plaintiff’s February 4, 2009 complaint, the defendant issued a litigation hold to upper-level employees. Several days after that, on February 10, a second hold notice was sent to all employees in English – even though most of Kolon’s staff members did not speak English.
  • Subsequently, many of the defendant’s key employees were found to have deleted files and emails that may have been relevant for discovery. After extensive investigation, the plaintiff’s expert discovered that the defendant had demonstrably deleted at least “17,811 files and email items” that should have been preserved for discovery.
  • The court determined that employees had deleted ESI “in bad faith,” conducting intentional spoliation and alteration of relevant evidence in direct contravention of the demands of discovery.
  • Even though many (but not all) of the documents were recovered (most from backup tape), the court rejected the defendant’s argument that “there can be no spoliation finding because many documents were recovered” and eventually produced, stating: “The fact that technology permits the undoing of spoliation does not change at all the fact that spoliation has occurred.”
  • Accordingly, the court leveled sanctions against the defendant, ordering it to pay the plaintiff’s legal fees, costs and expenses on this motion, and ordered an adverse inference instruction to the jury.  However, the court found that default judgment requested by the plaintiff was not appropriate, citing defendant’s attempts to place two litigation holds and the “good fortune that many deleted items were recoverable because of the preservation of Kolon’s backup tapes.”

So, what do you think? Were the sanctions appropriate, or should recovery of much of the deleted data have spared the defendant in this case? Have you ever been involved in a case where deleted electronic documents were recovered and sanctions avoided? Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Best Practices: When Collecting, Image is Not Always Everything
 

There was a commercial in the early 1990s for Canon cameras in which tennis player Andre Agassi uttered the quote that would haunt him for most of his early career – “Image is everything.”  The quote haunted him because, as a young player, he was considered to be more style than substance and unable to “win the big one” – a reputation that he ultimately overcame.

When it comes to eDiscovery preservation and collection, there are times when “Image is everything”, as in a forensic “image” of the media is necessary to preserve all potentially responsive ESI.  This is especially true when one party is suspected of deleting ESI to avoid producing it in Discovery.  For example, a forensic copy of a hard drive will include every byte of data on that drive, including data in unallocated space and file slack – these are locations on the drive that may contain data that was once actively used, but is now available to be overwritten after that data was “deleted”.

However, forensic imaging of media is usually not necessary for Discovery purposes. When it is necessary, the parties (usually in coordination with the court) must establish a protocol for how that inspection will take place. This protocol must be conducted in a manner that is verifiable and is usually conducted by an experienced professional, trained to collect data in a forensically sound manner and qualified to testify in court to that process if required.

For most cases, collection involves straightforward copying of the active targeted ESI as it exists on the producing party’s system.  However, to maintain the integrity of the metadata, not just any means of copying will do.  Copying files with “drag and drop” using Windows Explorer may get the files from one place to another, but key metadata (such as file creation date, which reflects the date of the copy, NOT the original) may be changed.

Fortunately when doing a targeted collection, there are several applications that, if used correctly, will copy files quickly and effectively while preserving the metadata.  Here are a few:

  • SafeCopy 2: Easy to use file copy utility created by Pinpoint Labs specifically for eDiscovery.
  • Robocopy: Microsoft utility for copying files from one location to another.
  • Upcopy: An “intelligent” file copy utility specifically suited for eDiscovery.

Also, FTK® Imager is an imaging and forensic image preview tool that is a free download and part of AccessData’s Forensic Toolkit®.  FTK® Imager also has the option to forensically acquire specific files using the custom content image option.

With any of these utilities, you can support the targeted collection needs for most cases.

So, what do you think? Have you used any of these utilities for eDiscovery collection?  Please share any comments you might have or if you'd like to know more about a particular topic.

eDiscovery Case Law: "Untimely" Motion for Sanctions for Spoliation Denied

A recent ruling by the US District Court of Tennessee has denied a motion for sanctions for spoliation on the grounds that the motion was “untimely.”

In Am. Nat’l Prop. & Cas. Co. v. Campbell Ins., Inc., No. 3:08-cv-00604, 2011 WL 3021399 (M.D. Tenn. July 22, 2011), the plaintiff argued that the defendants’ admitted failure to preserve evidence “warrants a harsh penalty,” but the court found in favor of the defense that the motion was untimely.

  • The defendants, Tommy Campbell, Marshall C. Campbell and Campbell Insurance, Inc. were previously found to have failed to preserve email evidence from the period between April and July 2009. The plaintiff claimed that these emails contained “damning evidence” and that this discovery spoliation was deliberate.
  • This spoliation was discovered in May 2010, but the plaintiff did not file a motion for sanctions until July 16, 2011 – more than fourteen months after the spoliation was discovered and almost five months after discovery closed in February of 2011.
  • With the trial less than seven weeks way, the court considered this motion for sanctions for spoliation in the light of the summary of the law on spoliation that was provided in Goodman v. Praxair Services, Inc., 632 F.Supp.2d 494 (D.Md.2009). Among other points, the district court in Goodman v. Praxair encouraged courts to be aware of the time between the close of discovery and a motion related to spoliation, as well as cautioning against spoliation motions “made on the eve of trial.”
  • The court rejected the plaintiff’s excuse for the timing on the basis that “because the relevant emails were deleted and cannot possibly be produced, the Motion for Sanctions ‘is not a discovery motion.'”
  • Because of the “disruptive” timing of the motion, and the inability of the plaintiff to effectively explain why they delayed so long in filing a motion after this spoliation was encountered in discovery, the court ultimately ruled against the motion for sanctions, calling it “untimely”.

So, what do you think? Does spoliation of evidence “expire” or should timeliness matter at all in a case like this one? Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Trends: Cloud Covered by Ball
 

What is the cloud, why is it becoming so popular and why is it important to eDiscovery? These are the questions being addressed—and very ably answered—in the recent article Cloud Cover (via Law Technology News) by computer forensics and eDiscovery expert Craig Ball, a previous thought leader interviewee on this blog.

Ball believes that the fears about cloud data security are easily dismissed when considering that “neither local storage nor on-premises data centers have proved immune to failure and breach”. And as far as the cloud's importance to the law and to eDiscovery, he says, "the cloud is re-inventing electronic data discovery in marvelous new ways while most lawyers are still grappling with the old."

What kinds of marvelous new ways, and what do they mean for the future of eDiscovery?

What is the Cloud?

First we have to understand just what the cloud is.  The cloud is more than just the Internet, although it's that, too. In fact, what we call "the cloud" is made up of three on-demand services:

  • Software as a Service (SaaS) covers web-based software that performs tasks you once carried out on your computer's own hard drive, without requiring you to perform your own backups or updates. If you check your email virtually on Hotmail or Gmail or run a Google calendar, you're using SaaS.
  • Platform as a Service (PaaS) happens when companies or individuals rent virtual machines (VMs) to test software applications or to run processes that take up too much hard drive space to run on real machines.
  • Infrastructure as a Service (IaaS) encompasses the use and configuration of virtual machines or hard drive space in whatever manner you need to store, sort, or operate your electronic information.

These three models combine to make up the cloud, a virtual space where electronic storage and processing is faster, easier and more affordable.

How the Cloud Will Change eDiscovery

One reason that processing is faster is through distributed processing, which Ball calls “going wide”.  Here’s his analogy:

“Remember that scene in The Matrix where Neo and Trinity arm themselves from gun racks that appear out of nowhere? That's what it's like to go wide in the cloud. Cloud computing makes it possible to conjure up hundreds of virtual machines and make short work of complex computing tasks. Need a supercomputer-like array of VMs for a day? No problem. When the grunt work's done, those VMs pop like soap bubbles, and usage fees cease. There's no capital expenditure, no amortization, no idle capacity. Want to try the latest concept search tool? There's nothing to buy! Just throw the tool up on a VM and point it at the data.”

Because the cloud is entirely virtual, operating on servers whose locations are unknown and mostly irrelevant, it throws the rules for eDiscovery right out the metaphorical window.

Ball also believes that everything changes once discoverable information goes into the cloud. "Bringing ESI beneath one big tent narrows the gap between retention policy and practice and fosters compatible forms of ESI across web-enabled applications".

"Moving ESI to the cloud," Ball adds, "also spells an end to computer forensics." Where there are no hard drives, there can be no artifacts of deleted information—so, deleted really means deleted.

What's more, “[c]loud computing makes collection unnecessary”. Where discovery requires that information be collected to guarantee its preservation, putting a hold on ESI located in the cloud will safely keep any users from destroying it. And because cloud computing allows for faster processing than can be accomplished on a regular hard drive, the search for discovery documents will move to where they're located, in the cloud. Not only will this approach be easier, it will also save money.

Ball concludes his analysis with the statement, "That e-discovery will live primarily in the cloud isn't a question of whether but when."

So, what do you think? Is cloud computing the future of eDiscovery? Is that future already here? Please share any comments you might have or if you'd like to know more about a particular topic.

eDiscovery Case Law: Court Upholds Sanctions for Intentional Spoliation of Unallocated Space Data

The Supreme Court of Delaware recently upheld the sanctions against the defendant for wiping the unallocated space on his company’s computer system, despite a court order prohibiting such destruction.

In Genger v. TR Investors, LLC, No. 592,2010, 2011 WL 2802832 (Del. July 18, 2011), Arie Genger, CEO of Trans-Resources, Inc., argued that sanctions against him were unreasonable and made a motion for the court to overturn its previous decision regarding spoliation of discovery materials. Instead, after due process, the court upheld its earlier decision, as follows:

  • In TR Investors, LLC v. Genger, 2009 WL 4696062 (Del. Ch. Dec. 9, 2009), the defendant was found to have intentionally spoliated electronic discovery documents by instructing an IT consultant to wipe unallocated space on his company’s computers. This action was taken in contempt of court and in contravention of a Status Quo order directing all parties to prevent alteration or destruction of any company documents.
  • Genger was penalized with an order to produce 10 documents for discovery that had previously been considered privileged, the raising of the burden of persuasion with regard to his defense, a preclusion from his testimony being permitted as factual evidence, and several sanctions.
  • The sanctions included attorney’s fees and expenses related to the sanctions motions, which totaled roughly $3.2 million. At the time, this amount was agreed upon by all parties.
  • Following this 2009 order, the defendant appealed the sanctions, arguing that because the court’s Status Quo order did not explicitly refer to unallocated hard drive space, the obligation to preserve documents and discoverable materials found there became “an impossible burden… effectively requiring the company to refrain from using its computers entirely.”
  • On July 18, the court decided in favor of upholding the sanctions against Genger. The reasoning behind this decision revolved around the fact that Genger did not unknowingly delete discoverable documents in the normal course of using his company’s computers, but instead, deliberately set out to destroy information that was included in the court’s Status Quo order.
  • The court was clear in emphasizing that this decision is meant to apply only in such a situation, “where a party is found intentionally to have taken affirmative steps to destroy or conceal information to prevent its discovery at a time that party is under an affirmative obligation to preserve that information.”
  • The court also recommended that, in the future, parties be clear in discussing unallocated space on computer hard drives and in deciding to either include or exclude such space from preservation orders like this one.

So, what do you think? Have you been involved in any cases resulting in sanctions associated with deletion of unallocated space data? Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Case Law: Court Orders Sanctions in Response to "Callous and Careless Attitude" of Defendant in Discovery

A Special Master determined that multiple discovery failures on the part of the defendant in an indemnity action were due to discovery procedures “wholly devoid of competence, yet only once motivated by guile”. Accordingly, the court ordered sanctions against the defendant and also ordered the defendant to pay all costs associated with its discovery failures, including plaintiff’s attorney fees and costs.

The defendant’s discovery efforts in PIC Group, Inc. v. LandCoast Insulation, Inc., No. 1:09-CV-662-KS-MTP, 2011 WL 2669144 (S.D. Miss. July 7, 2011) resulted in several discovery failures, including spoliation of data, mostly through carelessness and incompetence:

  • After consideration of the computer forensics experts recommended by the parties in this case, the court rejected all seven recommendations and appointed its own Special Master (Craig Ball, a previous thought leader interviewee on eDiscovery Daily) to conduct an investigation into the indemnity case, which would revolve around the collapse of scaffolding erected by the defendant.
  • The defendant’s efforts resulted in multiple discovery failures, including: 1) failure to impose “any corporate policy, procedure, or concerted effort [to] preserve electronic data”; 2) no effort to preserve or collect ESI until it was too late to protect the relevant data; 3) the theft of an employee’s laptop and subsequent loss of the backup of that hard drive; and 4) the erasure of another computer containing relevant ESI sometime two or three months after the collapse of the scaffolding at issue in this lawsuit.
  • As a result, the Special Master recommended sanctions against the defendant for its “callous and careless attitude” and sloppy measures taken in the course of discovery.
  • In response to these proposed sanctions, the defendant argued that none of its failures in the course of discovery were due to bad faith, and demonstrated that the plaintiff suffered only minimal prejudice.
  • Although the Special Master determined that the discovery failures were caused by a lack of caution while collecting and preserving evidence, rather than willful intent to alter discovery, he still recommended, and the court ordered, sanctions against the defendant.
  • Accordingly, the defendant was ordered to pay the plaintiff’s attorney fees and expenses accrued as a result of the defendant’s discovery failures, as well as pay the Special Master’s fees and expenses.  The defendant was also compelled to produce an image of the laptop that had been erased (from imaging conducted after the erasure) and the court reopened discovery in this case.  The court declined the Special Master’s recommendation for additional monetary sanctions ($50,000), though it did adopt his recommendation that the defendant “shall not seek indemnification or reimbursement from their insurance company” to pay the assessed fees.

So, what do you think? Were these sanctions merited, or should there be clear intent to deceive for such sanctions to be awarded? Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Breaking News: News International to Suspend Deletion of Emails and Other Documents
 

According to The Independent, staff at Rupert Murdoch’s newspapers has been warned to stop deleting any documents that may be relevant to the current investigations, as a suspension of its usual policy about deletion of documents goes into effect.

Over the course of the 2011 investigation into illegal voicemail hacking by News International employees, there has been contention over the ongoing deletion of documents at the newspaper and its subsidiaries. But only during this past weekend did News International's parent company, News Corp, finally send an email to all of its employees instructing them to take measures preventing the deletion of documents that might be related to the investigation, including emails and other ESI.  Specifically, the email instructed employees to “Please suspend any automatic deletion or discarding of any documents, whether electronic or paper, including emails or drafts of documents… If you are uncertain whether a document is relevant… you should preserve it.”

Of course, the News Corp scandal has been not only significant eDiscovery news, but major world news as well.

  • Since January 2011, police have been investigating a list of roughly 4,000 potential targets whose voicemails may have been hacked as part of this scandal – including Hollywood celebrities, sports figures, politicians, and even members of the British Royal Family, most of whom were unaware of how easily their cell phone functions were hacked.
  • The newsroom at News of the World, the newspaper implicated in the systematic phone hacking, has been closed.
  • Sean Hoare, the whistle-blower who disclosed phone hacking at News of the World, was found dead in his home in Watford, Hertfordshire.  No cause of death has yet been identified.
  • During testimony to Parliament last week, Rupert Murdoch was attacked – by a pie wielding comedian, who was thwarted by Murdoch’s wife Wendi.

Although this email sends a positive message about News Corp's willingness to protect eDiscovery information from this point forward, the instruction arguably comes too late to protect the documents and other ESI that have potentially been destroyed in the months since the investigation into the paper's illegal phone hacking began as well as the years when News Corp faced numerous hacking claims during key periods associated with the those claims.  News International has acknowledged that some messages may be recoverable on backup disks, and the police are trying to recover that information now, said Tom Watson, a Labor Party member of Parliament.

From an eDiscovery perspective, this story may become “Enron-esque” before it’s all over.

So, what do you think? Is this instruction from News International a step toward greater openness and responsibility in this investigation, or is it simply a case of too little, too late? Please share any comments you might have or if you'd like to know more about a particular topic.