Redaction

Private and Privileged Data: Public Records and FOIA Requests

By:  Julia Romero-Peter, Esq

Information requested from a government agency through a local public records request or the federal Freedom of Information Act (FOIA), may be considered private, personally identifiable information (PII) or privileged. These designations can apply in an ongoing investigation when personal information about an individual is disclosed.  And, in some cases, these designations can be appealed.

What Is Private and Privileged Information?

Private information considered personal in nature can be designated as PII. This can include medical records, financial information, or personal correspondence. Private information is typically exempt from public disclosure laws meaning, government agencies are not required to release such data in a public records request.

Privileged information is not subject to disclosure under the law. Examples of this can include attorney-client privilege, work product, matters of national security, or data related to an ongoing criminal investigation. Privileged information is typically exempt from public disclosure laws, which again, means government agencies are not required to release it in response to a public records request.

If the data requested contains private, privileged information, it may be redacted before being released to a requesting party to prevent the disclosure of national security information, for example.

Tools to Prepare Data for a Public or FOIA Request

CloudNine’s cloud-based solutions can help you locate relevant information for a public record or FOIA request.  CloudNine’s simplified review automation platform can help you manage, review, classify, redact, and prepare productions among all types of digital information. Your team can optimize your workflow and analyze data with precision using the CloudNine Suite, which includes CloudNine ESi Analyst —  the industry’s only investigation platform built and prepared to handle today’s modern data types, such as chat, text, social media, geotracking and more.

To see CloudNine software in action and learn how to save time and costs with an integrated, cloud-based review platform, contact us to schedule a consultation today.

 

To learn about the rise of modern data including social media, SMS, geolocation and corporate chat applications such as Slack and Teams, or click the link to request our newest eBook:  Modern Data Blueprint: Including All Data Sources in Your eDiscovery

 

Improve Data Processing Efficiency, One File At A Time

One of the keys to success for any great legal service provider (LSP) is to reduce as many inefficiencies from your operations as possible. 

While there are several areas where you can make marked improvements, data processing can provide you with a great ROI so you can be more efficient and offer improved service levels to your clients. 

Common Inefficiency Challenges for Your LSP’s Data Processing

When it comes down to it, any eDiscovery process that takes unnecessary time or adds costs hurts your LSP. A few of the more common inefficiencies that affect your business include:

  • Overly-expensive data storage costs
  • Slow handoff time between steps in the eDiscovery process
  • Workflows that include too many unnecessary steps

However, one major inefficiency that doesn’t get mentioned enough is the thoroughness or depth of your data processing solution. 

Some data processing software has been found to miss as much as 3% of the files provided. We are not talking about junk embedded files but Word, PowerPoint, PDFs, Excel, etc. When you think of it as only 3 out of 100, it doesn’t seem that detrimental. However, when you consider that your LSP may have to process more than a million files, you’re now missing tens of thousands of documents.

The reason this happens is data processing software doesn’t go deep enough when extracting and indexing files. 

For example, you may have an email with a PowerPoint presentation attached. Your software will most likely pull both of these with no issues. The problem comes when you have a document embedded in that PowerPoint presentation. That last document isn’t extracted which means it’s not indexed or searchable. 

With a data processing software that does not provide your LSP with the value you need, your clients take note. Learn how you can grow your organization sustainably without sacrificing quality in our eBook: 4 Ways Legal Service Providers Can Built Value & Boost Margins.

How Data Processing Inefficiencies Impact Your LSP 

Data processing inefficiencies can lead to some major challenges to your LSP operations. They slow down your workflows, tie up key personnel that could be focusing their energies elsewhere and cost you money. 

Additionally, if your data processing solution doesn’t go deep enough and extract 100% of the files you’ve received through your eDiscovery services, you’re opening your LSP up to three primary risks:

  • Missing critical data that could either help or hinder your clients’ litigation
  • Neglecting to share requested data resulting in sanctions 
  • Inadvertently sharing privileged information with unauthorized parties

Any of these scenarios can negatively affect how you run your business while potentially damaging your reputation and your relationship with your clients. 

How to Make Your LSP Data Processing More Efficient

One of the easier ways to make your data processing more efficient is to simply streamline your workflow processes by following best practices:

  • Establish your settings/tagging procedures upfront
  • Make sure you have enough data storage and human resources for your machine/workflow
  • Allow for compound document extraction
  • Allow for language analysis
  • Get automated OCRs
  • Establish family relationships between the data 

In CloudNine Explore, you can create workflow processes that perform all of these tasks during the initial upload so the data is extracted, indexed, and prepared for the next step faster and with more automation. 

You just set up the tasks you want to perform and create the case. Automation handles the rest. This cuts out an unnecessary and irrelevant manual intervention that slows down the process and ties you to slow and cumbersome tasks. 

Plus, you can rest assured that CloudNine Explore will be thorough, so you don’t miss out on any important or critical documents. Then you can convert everything to text or OCR, index it all for search and cull the data so you have a more streamlined data collection. 

You shouldn’t be constrained by your data processing software. With CloudNine Explore, you can build unique workflows that leverage the automation so you can have full control over your workflow, using the software in new, inventive ways. This allows you to save time and money to explore new, revenue-generating ventures like offering improved levels of services. 

Discover what CloudNine Explore can do for your LSP, learn more about our eDiscovery engine here.

Using Data Processing to Offer Better LSP Service Levels

While your LSP may have launched offering a simple eDiscovery solution like data processing, there’s an opportunity to grow your business by offering additional services to your clients. 

Some LSPs perform data processing but outsource their document review services to 3rd parties. By doing so, you quickly lose control of the data and give away revenue that you can easily keep in-house. By controlling the data processing and review, you control the project, the timeline, and the costs. 

Ready or not, it’s time to up your offering and make your data processing more efficient. Discover how CloudNine offers the best eDiscovery software to help you save time and increase your revenue; schedule a free demo today.

 

Court Denies Motion to Redact Portions of eDiscovery Teleconference: eDiscovery Case Law

In Pacific Biosciences of California, Inc. v. Oxford Nanopore Tech., Inc. et al., Nos. 17-275-LPS, 17-1353-LPS (D. Del. Nov. 4, 2019), Delaware Magistrate Judge Jennifer L. Hall denied the defendants’ Motion to Redact Portions of the August 14, 2019 Discovery Teleconference and the related submissions, stating: “The public has an interest in understanding judicial proceedings, even if they have a limited interest in documents submitted in connection with discovery dispute proceedings.”

Judge’s Ruling

In making her ruling, Judge Hall stated that “although there is no presumptive right of public access to discovery motions and supporting documents filed with the court,…the public does have a right of access to hearing transcripts.”  She also quoted Softview LLC v. Apple Inc., No. 10-389, 2012 WL 3061027, at *9 (D. Del. Jul. 26, 2012), which said: “[T]he party seeking the closure of a hearing or the sealing of part of the judicial record bears the burden of showing that the material is the kind of information that courts will protect and that disclosure will work a clearly defined and serious injury to the party seeking closure.”

Ruling on that, Judge Hall stated: “In this case, Defendants have failed to meet their burden to show that disclosure of the unredacted transcript would work a ‘clearly defined and serious injury’ upon them…I have also reviewed each of the proposed redactions, and I think that it is unlikely that the particular information at issue is capable of working the kind of serious injury contemplated by the rule. For example, the proposed redactions do not contain trade secrets, scientific data, strategic plans, or financial information. And merely stating that the proposed redactions contain discussions of documents marked ‘Confidential’ or ‘Highly Confidential’ is insufficient to support a motion to redact a transcript of a judicial proceeding…Finally, any minimal potential harm that disclosure might cause is outweighed by the public interest in having access to judicial proceedings.”

For those reasons, Judge Hall denied the defendants’ motion.

So, what do you think?  Are there situations where parties should be able to have proceedings redacted?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Grants Motion to Compel Production of Telephone Records from Individual Plaintiff: eDiscovery Case Law

In Siemers v. BNSF Railway Co., No. 8:17-cv-360 (D. Neb. Apr. 8, 2019), Nebraska Magistrate Judge Susan M. Bazis finding that the plaintiff’s telephone records are discoverable pursuant to Fed. R. Civ. P. 26, that they are not subject to a privilege claim just because plaintiff’s counsel’s telephone number may appear in the records and that privacy issues are minimal to non-existent (since the at-issue records do not contain the substance of communications), ordered the plaintiff to produce his telephone records within one week of the order.

Case Background

In this case regarding the plaintiff’s suit against his former employer for alleged violations of the Federal Employers Liability Act (“FELA”), the defendant requested production of the plaintiff’s cellular telephone records from November 1, 2016 (the day before the claimed injury incident that is the basis of Plaintiff’s lawsuit) to present. After the plaintiff refused to produce any records in response to the defendant’s request, a discovery dispute conference was held in October 2018, with the Court finding that the plaintiff’s communications with coworkers or others from the defendant and telephone records evidencing the same were relevant and discoverable, and ordered the parties to further confer regarding production of these items.

The plaintiff then issued a subpoena to his cellular telephone provider and received a listing of incoming and outgoing telephone calls and text messages, but not the substance of any communications. Nonetheless, the plaintiff refused to produce to the defendant the telephone records produced to him in response to his subpoena.

In the final pretrial conference, the defendant argued that the records were discoverable because whether and how often plaintiff has communicated with BNSF coworkers or management since his alleged injury could have credibility considerations, that identifying the fact that a communication occurred between the plaintiff and his attorney was not privileged or, alternatively, that it was not unduly burdensome to redact those references and that no privacy interest was implicated in the telephone records because the records do not contain the substance of any communications.  The plaintiff argued that the defendant’s request was “overbroad on its face and therefore not reasonably calculated to lead to the discovery of relevant information” and also contended that the discovery sought by the defendant was “unreasonably cumulative or duplicative and could have been obtained from other sources that is more convenient, less burdensome, or less expensive.”

Judge’s Ruling

Considering the respective arguments, Judge Bazis ruled as follows:

  1. “Plaintiff’s telephone records from November 1, 2016 to present and any other records received by Plaintiff in response to his subpoena to his cellular telephone provider are discoverable pursuant to Fed. R. Civ. P. 26. BNSF is entitled to discover whether and how often Plaintiff has communicated with coworkers or BNSF management since his alleged injury.
  2. The fact that Plaintiff’s counsel’s telephone number may appear in the records does not render them subject to a privilege claim. Plaintiff may redact references to communications between Plaintiff and Plaintiff’s counsel, which the Court finds is not overly burdensome.
  3. Privacy considerations of Plaintiff or third parties not involved in this litigation are minimal to non-existent since the at-issue records do not contain the substance of communications.”

As a result, Judge Bazis ordered (in all caps, no less) the plaintiff “to produce to BNSF all records received in response to Plaintiff’s subpoena to his cellular telephone carrier” within one week of the order, noting that he could “redact references to communications between Plaintiff’s counsel and Plaintiff (but is not required to do so to maintain privilege claims regarding the substance of the communications).”

So, what do you think?  Was that appropriate or was the defendant’s request overbroad?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Craig Ball’s Wayback Machine and Look at the Mueller Report: eDiscovery Best Practices

Some weeks there is so much to cover in eDiscovery that it’s difficult to get to everything.  This is one of those weeks.  Like me, several of you are fans of Rob Robinson’s quarterly eDiscovery Business Confidence Survey on his Complex Discovery blog and he has just published the results of his Spring 2019 Survey, which are very interesting and I will (hopefully) post my normal analysis on that tomorrow.  But, Craig Ball has posted – not just one, but two – interesting posts on his Ball in Your Court blog this week that definitely need to be covered as well.  “Ball” comes before “Robinson” alphabetically, so I’ll cover his posts first.  ;o)

In Craig’s post Storage Media: Long Past Herman Hollerith, he gives a terrific history lesson on storage media – all the way back to the old punch card storage and tabulation technologies Herman Hollerith used to revolutionize the 1890 U.S. census.  That same punch card technology was adopted by used for close to, if not more than, 100 years.  My first computer programming course (does anybody remember Fortran?) at Baylor in the early 1980s was on an IBM System 3 (link to a picture of that system here) with the old punch card technology that we used to “write” our programs on.  Each card was a single line of code and you had to keep the cards in order for the program to run correctly – you’ll never see a more devastated look on a person than when they drop their punch card deck of several hundred cards and realize there is no way to put them back in order (thankfully, that wasn’t me).

Craig jumped from punch cards to 3.5-inch floppy disks commonly used from the mid-1980s to early 2000s which held 1.44MB (about 13,653 IBM cards worth of data).  In comparison to today’s world, as Tom O’Connor and I discussed in yesterday’s webcast, by next year, about 1.7MB of new information will be created every second for every human being on the planet.

In between were 8-inch and 5 1/4-inch floppy disks (which were truly “floppy”) that held a lot less storage (I know because I used both).  As Craig notes, you can now get a 1-terabyte drive for about $50, which is the equivalent of about ten billion IBM cards.  And, a 30-TB LTO-8 backup tape cartridge is approximately the equivalent of 305 billion IBM cards.  Yikes!

Oh, and by the way, the Georgetown Law Center eDiscovery Training Academy is coming up in less than a month!  More to come on that in an upcoming post.

In Craig’s post, Mueller? Mueller? More E-Discovery Lessons from Bill and Bob (get the 80’s movie reference, there?), he uses the Robert Mueller report just released to compare the common practice of “fixing” the content of a document by printing the file to a static image format like TIFF or PDF to “the way we speak of ‘fixing’ a cat; that is, cutting its balls off.”  Ouch!  And, Craig notes that he’s written about this extensively elsewhere (including his excellent Lawyers’ Guide to Forms of Production).  But, the best part of his post (other than the humor, of course – I won’t steal his thunder here), is his discussion of native redaction and the move a dozen years ago by Microsoft to Open XML (Extensible Markup Language) for Office files (which is why Office file extensions have an “X” at the end – e.g., DOCX, XLSX, etc.).  And, you get to find out where the “PK” in PKZIP came from!  Excellent stuff!

So, why don’t we redact natively instead of sticking to “dumbing down” file formats to TIFF, then OCRing them, then redacting them?  As Craig asks, “Mueller, Mueller?”

By the way, speaking of the Mueller report, our friends at Complete Legal have made it available in a CloudNine Review database.  Can’t believe I haven’t mentioned THAT before now!  You can email them at info@completelegalkc.com to request access to the report and really search and examine it in detail.  Even if the report does represent a cat with no balls.  ;o)

So, what do you think?  Have you ever redacted documents natively?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Why Does Production Have to be Such a Big Production?, Part Two

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.  He has also been a great addition to our webinar program, participating with me on several recent webinars.  Tom has also written several terrific informational overview series for CloudNine, including his most recent one, Understanding Blockchain and its Impact on Legal Technology, which we covered as part of a webcast on March 27.  Now, Tom has written another terrific overview regarding production challenges and what to do about them titled Why Does Production Have to be Such a Big Production? that we’re happy to share on the eDiscovery Daily blog.  Enjoy! – Doug

Tom’s overview is split into four parts, so we’ll cover each part separately.  Part one was Monday, here’s the second part.

Redaction Issues and Confidentiality Considerations

One of the most common technical mistakes lawyers make involve issues with redactions – there are frequent stories that make the news regarding lawyers publishing documents that were improperly redacted.  Redaction issues are also the most common error in document productions in eDiscovery as well.  There are a variety of issues associated with redactions and they have considerable impact on a lawyer’s ethical duty to confidentiality.  Let’s take a look.

Image Redaction Issues

Some of the more common mistakes I see involve redaction issues on images. And they go back years. In 2009, the TSA released a manual on the Internet that had not been redacted properly. In 2013, a Chicago lawyer was reprimanded when he failed to ensure that personal information was redacted in federal student loan collection actions he filed on behalf of the U.S. government.

In 2014, a Kentucky lawyer received a public reprimand for, among other misconduct, failing to redact his client’s social security number in bankruptcy filings he made on her behalf. Also in 2014, The New York Times reportedly failed to properly redact a PDF file of leaked National Security Administration documents and inadvertently released the name of an NSA agent.

In 2018, a reporter investigating an SEC settlement with alleged fraudsters downloaded from the federal PACER database an affidavit from one of the defendants in the matter. The PDF file contained about 100 pages of financial transactions that were blacked out in the PDF file. But when the affidavit was copied and pasted into another application’s text file for uploading, the black redaction boxes vanished, revealing all the private financial information that was supposed to be hidden. A clerk at the federal courthouse where the document in question was filed said that the party filing the document was responsible for ensuring that it was properly redacted.

Also, in 2018, the school district in the Parkland, Florida high school shootings case, apparently didn’t properly redact a document regarding the alleged shooter, which contained confidential information about him.  A Florida newspaper reported that the method used “made it possible for anyone to read the blacked-out portions by copying and pasting them into another file,” which the newspaper did — drawing a contempt threat from the judge presiding over the criminal case.

More recently, lawyers for President Trump’s former campaign chairman, Paul Manafort, apparently failed to redact a federal court document properly, permitting the blacked-out text to be viewed “with a few keystrokes.”

Clearly, redaction issues on images are common. Common mistakes here include:

  1. Failing to “burn-in” the redaction on the image
  2. Not updating or re-OCRing the text files to match
  3. Providing un-redacted native files
  4. Failing to redact certain metadata
  5. Improperly using redaction software

Other Redaction Issues

The last point above involves issues for documents that have been generated in a software and then either converted or printed before redaction.

The most common type of conversion involves saving a word processing document to PDF. How do you best handle redactions in that process? Here’s a few tips:

  1. Edit out sensitive information BEFORE converting.
  2. Be aware of any metadata that may carry into the PDF file. PDF conversion deletes MOST metadata but some may transfer (eg, Comments in Word)
  3. Use non-text PDF … image only
  4. Use the most current version of Adobe

Sometimes redaction involves paper. Hard to believe but true.  Some attorneys still use a dark marker to manually cover over confidential information. Much like the Manafort case mentioned above where a simple color change in an electronic document didn’t completely hide text, using a marker on paper may also fail.

In a 2015 article, “The Perils of Redaction: Simple Steps to Protect Confidential Information,”, Mark Crandley, a partner in the litigation department of Barnes & Thornburg in Indianapolis, wrote that  “many scanners are sensitive enough to perceive covered words even when the naked eye cannot.”

Confidentiality

Lawyers have an ethical duty to preserve clients’ privileges and property. So, aside from risking potential civil liability, lawyers also could face disciplinary action when they fail to properly redact court documents. Lawyers who fail to properly redact information in confidential documents could run afoul of the American Bar Association’s rule on safeguarding client property, which has been adopted by most states.

We’ll publish Part 3 – Load File Failures – on Friday.

So, what do you think?  Have you experienced problems with document productions in eDiscovery?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

It’s 2019, So it Must Be Time for Another Redaction Flub: eDiscovery Best Practices

I should probably put in a disclaimer that this is not a political post – I would write about this regarding which political party this involved.  It just so happens that the latest high-profile redaction flub happens to be tied to the Russia investigation and Paul Manafort.  Regardless, it leaves me asking the question: when will they ever learn?

As covered on Sharon Nelson’s terrific Ride the Lightning blog (here and here), defense lawyers for Paul Manafort used court papers that were made public last week to say that prosecutors were overblowing a text message exchange cited as proof that Manafort tried to mislead investigators probing Russia’s interference in the 2016 election.  Unfortunately for them, that portion of the filing that had been submitted under seal was improperly redacted in the public version, allowing the text to be lifted from the document with a few keystrokes.

Oops.

Surely, you can’t be serious! (I am serious and don’t call me Shirley!)

Yep, it’s the dreaded redaction flub.  As Sharon pointed out in her blog (and as we’ve pointed out before), all you have to do is to highlight the portion that is redacted, copy it to the clipboard and then paste it to a blank document anywhere.  Voila!  There’s your redacted text.

It doesn’t take a technical genius (much less a rocket scientist) to figure it out.  As Sharon points out, Adobe provides instructions on how to remove sensitive content from PDF files here.  That’s one of many ways to address the problem – there are others, especially if the document is contained within a litigation review platform where you can leverage the review tool to ensure a proper redaction of the file (i.e., any export burns the redaction into the resulting image, eliminating the ability to copy the redacted text).

Regardless, it seems like we see a high-profile redaction flub every 12 to 18 months. If Manafort’s lawyers want to feel a little better, the last redaction flub we covered was committed by the Department of Justice.  So it seems to happen to lawyers all over the place.  Maybe someday, we will have a redaction flub that is SO high-profile, that every lawyer will be familiar with it and know what to do to avoid it.  Or maybe law schools will start teaching how to avoid it.  One may happen – someday.

If you’re curious, Sharon’s blog post does provide a link to the document with the faulty redactions.  You can check it out for yourself.

Speaking of Sharon, she and her husband John Simek have a wonderful podcast called Digital Detectives.  I’m excited to say that I will be a guest on their podcast for the second time!  Sharon and John will be interviewing me next week and the podcast is targeted to be posted on January 28!  I’ll publish a link when it’s available!

So, what do you think?  Will we have redaction flub stories to cover until the end of time?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

The DOJ is the Latest to Learn that Redactions Aren’t as Straightforward as You Think: eDiscovery Best Practices

I keep thinking that all attorneys, especially those in large corporations, large law firms and federal agencies, understand best practices associated with performing redactions.  Once again, I find that is evidently not the case.

According to Law360 (DOJ Redaction Flub May Undermine Libor Case, written by Jody Godoy, subscription required), U.S. Department of Justice lawyers made a potentially serious error in a Libor-rigging case against a former Deutsche Bank trader Wednesday when they mistakenly revealed the nature of testimony he was compelled to give to U.K. authorities in a separate probe.

According to the author, the DOJ partially redacted a motion to conceal the content of former Deutsche Bank trader Gavin Black’s testimony before the U.K. Financial Conduct Authority out of concern it could taint the DOJ’s Libor-rigging case against him. But the DOJ lawyers failed to properly excise the sensitive information until Law360 inquired about the faulty redactions last week.

The DOJ has since replaced the document — which was publicly available for more than 12 hours — with a properly redacted version, but the mistake had the potential to undermine their case against Black, especially in light of a July Second Circuit ruling in a similar Libor-rigging case, where they held that testimony compelled in the U.K. cannot be used in U.S. criminal cases and reversed two high-profile convictions. The reversal sent a strong warning to U.S. prosecutors working on cross-border cases.

The day the Second Circuit ruled in that case, Black notified U.S. District Judge Colleen McMahon that he would seek a “Kastigar” hearing in which the government would have to show that its case was developed independently from compelled interviews. The DOJ is fighting the request in large part on the basis that prosecutors on the case have been shielded from the material.  The DOJ asked the judge on Aug. 25 for permission to file a response to Black’s hearing request under partial seal. One reason is that compelled testimony is treated as “confidential” under British law and that the FCA had requested it not be publicly filed.  The attorneys at the DOJ’s criminal division who work separately from prosecutors on Black’s case also expressed concerns that a publicly filed document could expose the trial team or potential witnesses to the material.

Protecting the FCA testimony was crucial to the case against Black, particularly after the Second Circuit’s ruling reversing the convictions of Anthony Allen and Anthony Conti. The court found a witness may have been influenced by reading Allen’s and Conti’s statements, which were compelled under the threat of imprisonment.  The Second Circuit said that fact undermined the case entirely, as the statements were not admissible at trial nor in a grand jury proceeding but had potentially tainted a witness who testified at both.

In the unredacted portions of the brief, the DOJ argued Black is not entitled to a hearing for several reasons. One of them was that the DOJ had taken great pains not to expose its prosecution team to inadmissible material, including asking that the U.K. prosecutors not share any compelled statements with the team as the two countries’ authorities pursued parallel investigations.

In the inadequately redacted portions of the brief, the prosecutors described the content of Black’s interview with the FCA. One sentence was highlighted in black and written in a gray font that was clearly legible. Other portions of the brief were blocked out with what appeared to be black highlighting but were easily read by copying and pasting the contents of the brief into another text document. Word searches of the document returned text that was barely hidden behind the faulty redactions.

A DOJ spokesperson attributed the exposure of the information to “a technical error in the electronic redaction process” that allowed for “manipulation” of the file’s “metadata.”

While I don’t know the specifics, it sounds like the DOJ experienced the first redaction “failure” that I described in this blog post here.  Apparently, it still happens.

So, what do you think?  Are you aware of any other recent redaction “fails” that have become public knowledge?  (other than this one, of course).  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Lessons to Be Learned from the Wells Fargo eDiscovery Inadvertent Disclosure: eDiscovery Best Practices

When you’re a lawyer and you find out that you’ve inadvertently produced client confidential information in litigation, it’s a bad day.  When you find out that confidential information is personal information on thousands of the most wealthy investors in your client’s portfolio, it’s an even worse day.  And, when you find out that disclosure is being covered by The New York Times, it’s a lawyer’s worst nightmare.

Such is the story of Angela A. Turiano, a lawyer with Bressler, Amery & Ross, an outside law firm of Wells Fargo based in New Jersey.  In response to a New Jersey court case involving a dispute between ex-Wells Fargo employee Gary Sinderbrand and his brother who also worked there, Turiano inadvertently produced tens of thousands of client names, Social Security numbers, account balances and more.  This was on behalf of Wells Fargo as a third party to the New Jersey court case.

The documents and spreadsheets containing client information were originally provided to Aaron Miller, Sinderbrand’s lawyer in the New Jersey case on July 8 (according to the New York Times article linked below).  Miller later shared knowledge of what the documents contained to Aaron Zeisler, who is representing Sinderbrand in a New York case against Wells Fargo Advisors.  Miller notified Turiano of the disclosure of confidential information on July 20 (according to her affirmation filed with the New York Supreme Court on July 24).  The following day, the Times article was published with quotes from both Zeisler and Gary Sinderbrand, detailing the disclosure.  After Wells Fargo asked the NY and NJ courts to intervene, lawyers for Gary Sinderbrand were ordered to hand back over the data on July 26.

In Turiano’s affirmation, she described how the inadvertent disclosure evidently happened.  It’s based on this description of events that I offer up some suggestions about ways to avoid the scenario.  Here is the description provided by Turiano in paragraph 3 from the affirmation as to how the disclosure happened (I have put in bold a few key points that I reference below):

“Based upon my discussion with Mr. Miller, Wells Fargo agreed to conduct a search of four custodians’ email boxes using designated search terms.  Wells Fargo, like many large corporations, uses an outside e-discovery service to conduct e-mail searches.  The vendor conducted the search and, upon completion, I personally conducted a review of the voluminous search results to exclude from production any e-mails containing confidential or privileged information.  Specifically, using the vendor’s e-discovery software, I reviewed what I thought was the complete search results and for documents that contained confidential or privileged information, I thought I marked them as confidential or privileged.  I then coordinated with the vendor with both written instructions and by telephone and instructed the vendor to produce the emails in the database that I had marked, but that the vendor should withhold from the production anything that I tagged privileged-withhold and confidential and client-information withhold.  What I did not realize, was that there were documents that I had not reviewed.  Unbeknownst to me, the view I was using to conduct the review had a set limit of documents that it showed at one time.  Thus, I thought I was reviewing a complete set, when in fact, I only reviewed the first thousand documents.  I thus inadvertently provided documents that had not been reviewed by me for confidentiality and privilege.  In addition, it was my understanding that the vendor was going to apply redactions for documents I flagged as needing redactions.  Thus, I thought that responsive documents that contained confidential information would be redacted prior to production.  The documents, however, were not redacted prior to production.  I realize now that I misunderstood the role of the vendor.  Finally, I now understand that I may have miscoded some documents during my review.”

As a vendor, here are some of the things I would be doing to avoid the situation:

Communicate Search Results Completely and Clearly: I’m frequently asked to perform searches on behalf of clients and I always document the search results clearly in a spreadsheet with total documents retrieved for each term and a grand total of documents retrieved from all of the terms.  I also communicate that to the client clearly in an email, reiterating (in the email) the total count of documents retrieved via the searches (and usually follow up via phone as well).  I can’t say that the vendor didn’t do that here (maybe they did and the attorney glossed over – or forgot – the info), but a clear communication of search results may have helped ensure that Turiano had the correct count of documents and led her to realize that there were more documents than displayed on the first page of the eDiscovery software program.  It’s also important to realize that most (if not all) eDiscovery software applications deliver result sets in manageable batches of documents for efficiency sake – nobody wants to wait for all the data to load for 100,000 documents retrieved in a large search result – so the applications deliver the results in pages or batches.

Track Documents Reviewed and Report Anomalies: In a project where you know that the attorney is reviewing all retrieved documents for confidentiality and privilege, it’s good to track the documents actually reviewed and be able to report if there is an anomaly.  This could be done either by setting a specific field to mark a document as “Reviewed”.  Or it could be done via audit log tracking within the software.  Regardless, if either was done here, the vendor could have then informed the attorney that there were documents not reviewed and the mistake could have been discovered.

Confirm Documents Tagged for Redaction Were Actually Redacted: The workflow when dealing with native ESI is typically to flag documents that need redaction (which the attorney apparently did, at least for the documents she reviewed), then for the vendor to convert those native files to image format, then for the attorney to apply the redactions.  It doesn’t appear that the last two steps actually happened.  I’m not sure how the attorney expected the vendor to apply redactions simply based on a tag of “needs redactions” unless there was also a description field with a detailed description of where – even then, most vendors would still expect the attorney to ultimately apply them.  One check that should always be made before ESI is produced is to confirm that redactions were properly applied and if documents were tagged for redaction, there should be a step to make sure that they were actually redacted.  That’s a production QC step that should always be done before signing off on the production (by both vendor and attorney).

Perform a Pattern Search for Personally Identifiable Information (PII): With data privacy becoming more important than ever and GDPR looming, it’s becoming necessary to do more than just manual review to identify potential personal data – after all, people make mistakes.  Pattern searches are specialized searches, looking for specific types of information, such as 3 digits, then 2 digits, then 4 digits (i.e., the pattern for a social security number).  Searches for other patterns, like client account numbers or credit card numbers, could also be performed to determine whether personal data exists in the production set, which may need to be redacted or removed altogether.

Recognize When Your Client Needs More Hand Holding: Some attorneys are experienced and tech-savvy with regards to eDiscovery and want to drive the process, others are not.  Based on the description of events, I would suggest that this attorney was not very experienced in eDiscovery matters or in using eDiscovery software.  When that’s the case, it’s important for the vendor to be prepared to take more of a lead in driving the production QC and raising issues like those I discussed above.  As Turiano stated, “I realize now that I misunderstood the role of the vendor.”  Evidently, there was certainly a lack of communication on who was “driving the bus” on this production – when that’s the case, “the bus” tends to end up in a ditch.

So, what do you think?  What steps do you take to avoid inadvertent disclosures?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Denies Defendant’s Motion to Overrule Plaintiff’s Objections to Discovery Requests

Court Approves Defendant’s Proposed Random Sampling Production Plan: eDiscovery Case Law

In Duffy v. Lawrence Memorial Hospital, No. 14-2256 (D. Kansas, Mar. 31, 2017), Kansas Magistrate Judge Teresa J. James granted the Motion to Modify Discovery Order from the defendant (and counterclaimant), where it asked the Court to enter a protective order directing it to produce a random sampling of 252 patient records, along with five spares, in order to respond to the plaintiff/relator’s document requests.

Case Background

In this case, the plaintiff alleged that the defendant submitted false information to the government to maximize reimbursement for federal medical care programs; in turn, the defendant counterclaimed for breach of contract and fraud.  In a February 2017 order, the Court ordered the defendant to produce documents responsive to certain plaintiff requests in her Second Request for Production of Documents within 14 days.  Defendant produced the most of the requested documents, except for those associated with four requests that were the subject of an instant motion.

As the defendant conducted searches for documents responsive to these requests, it determined that 15,574 unique patient records would have to be located and gathered.  In an effort to calculate the time necessary to locate and produce the relevant patient records, the defendant’s Medical Records department obtained a sample of ten patient records and determined that it would take 30 minutes per record to process and review the records to respond to the four RFP requests.  As a result, the defendant estimated that it would take 7,787 worker hours to locate and produce responsive information for 15,574 patient records, at a cost of $196,933.23.  Redaction of patients’ personal confidential information would take another ten reviewers and one quality control attorney fourteen days at a cost of $37,259.50.  So, the total cost to produce information relevant to the RFPs was estimated to be over $230,000.

Given these costs, the defendant asked the Court to modify its order by limiting the required production to a random sampling of 252 patient records plus five spares, using a statistical tool known at RAT-STATS used by the Department of Health and Human Services Office of Inspector General to randomly select the patient records.  The plaintiff objected, claiming that the defendant did not attempt to meet and confer and also because the Court had already rejected the defendant’s previous contention of undue burden.  The plaintiff also argued that redaction was unnecessary because a protective order was in place to designate the patient info as confidential information.

Judge’s Ruling

With regard to the previous rejection of undue burden, Judge James stated: “Had Defendant presented such evidence in response to Plaintiff’s Motion to Compel, the Court may have found the requests at issue unduly burdensome and disproportional to the needs of the case. Contrary to Plaintiff’s assertion, Defendant did not waive its right to seek protection once the enormity of the task became apparent.”  As for the plaintiff’s objection that the defendant did not meet and confer beforehand, Judge James noted that the “parties conferred following Defendant’s objections to the discovery requests, and that was the point at which some meeting of the minds could have produced a different response by Defendant or an alteration of the discovery request by Plaintiff. At this point, however, Defendant is seeking relief from this Court’s order rather than from a party’s discovery request.”

As a result, Judge James stated: “The Court will modify its order (ECF No. 133) to direct Defendant to utilize RAT-STATS and produce a random sampling of 252 patient records, along with five spares, to respond to RFP Nos. 40, 41, 43 and 58.”  She also directed the defendant to use RAT-STATS (as requested) to randomly select the patient records to be produced and sided with the defendant to redact personal confidential information from the patient records that “Defendant has a legal duty to safeguard.”

So, what do you think?  Is random sampling an appropriate option for cases where production of a larger set may be an undue burden?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.