Close
Enter your
text here

Collection

Social Tech eDiscovery: Use of Smarsh for Social Media Archiving
 

The online world thrives on social media, but for attorneys who must preserve sensitive social media data for discovery, the widespread growth of social technology presents a laundry list of problems.

Not only is it challenging to trace the communications shared on popular sites like Facebook, LinkedIn and Twitter when privacy settings can be turned on and off at whim, it’s also difficult to know whether the information available at any given time is complete, as content can be edited by users at any time or lost due to technical malfunctions.

In some cases, like this example, courts have ruled that even locked or private content on Facebook and other social networking sites is not protected from being requested as part of discovery. In other cases, such as this one, they have ruled differently.  You don’t know for sure how courts will rule, so you have to be prepared to preserve all types of social media content, even possibly content that is changed frequently by users, such as Facebook profiles and blog posts.  And, even though Facebook has introduced a self-collection mechanism, it may not capture all of the changes you need.  And, other social media sites have not yet provided a similar mechanism.  If items are changed or lost after the duty to preserve goes into effect, your organization can be sanctioned with steep fines even receive an adverse inference judgment based on the information you are unable to produce.

Fortunately, there are viable solutions that enable you to create a backup of all social networking activity and archive such information in the event it has to be produced in discovery. Portland-based Smarsh has archiving and compliance tools, including social media archiving and compliance that automate the archiving of social media accounts, preserving all necessary data in case you need it later for discovery.

Some of the benefits of Smarsh’s social media archiving tools include:

  • A complete, logged, and quantifiable record of all social media posts and administrator activity
  • The ability to define which social media features your employees have access to and to track all business communications
  • Compliance with SEC and FINRA regulations (including Regulatory Notice 10-06)
  • The tools to identify and minimize risk, saving your business time, effort, and money

Smarsh has been designed to satisfy all regulatory compliance objectives, transforming the data management hazards of social media into a system that automatically updates and archives itself – an attorney’s dream when litigation strikes. This application creates a simple and proactive approach to archival of social media data, enforcing preservation to ensure that the duty to preserve is met.

So, what do you think?  Do you use Smarsh or any other social media archival tool?  Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Trends: Forecast for More Clouds
 

No, eDiscoveryDaily has not begun providing weather forecasts on our site.  Or stock forecasts.

But, imagine if you could invest in an industry that could nearly sextuple in nine years? (i.e., multiply six-fold).

Well, the cloud computing, or Software-as-a-Service (SaaS), industry may be just the industry for you.  According to a Forrester report from last month, the global cloud computing market will grow from 40.7 billion dollars in 2011 to more than 241 billion dollars by 2020.  That’s a 200 billion dollar increase in nine years.  That’s enough to put anybody “on cloud nine”!

The report titled Sizing The Cloud by Stefan Ried (Principal Analyst, Forrester) and Holger Kisker (Sr. Analyst, Forrester), outlines the different market dynamics for three core layers of cloud computing, as follows:

  • Public Cloud: From 25.5 billion dollars to 159.3 billion dollars by 2020;
  • Virtual Private Cloud: From 7.5 billion dollars to 66.4 billion dollars by 2020;
  • Private Cloud: From 7.8 billion dollars to 159.3 billion dollars by 2020.

Public cloud providers include everything from Facebook and Twitter to Amazon.com and Salesforce.com.  As the name implies, a private cloud is where companies implement their own cloud environment to support its own needs.  A virtual private cloud is simply a private cloud located within a public cloud.

Forrester is not the only analyst firm that expects big things for cloud computing.  The Gartner Group projected that the cloud computing industry will have revenue of 148.8 billion dollars by 2014, even higher than Forrester’s forecast of 118.7 billion dollars for the same year.  Clearly, the benefits of the cloud are causing many organizations to consider it as a viable option for storing and managing critical data.

What does that mean from an eDiscovery perspective?  That means a forecast for more clouds.  If your organization doesn’t have a plan in place for managing, identifying, preserving and collecting data from its cloud solutions, things could get stormy!

So, what do you think?  Is your organization storing more data in the cloud?  Does your organization have an effective plan in place for getting to the data when litigation strikes?  Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Best Practices: Usefulness of Facebook’s Self Collection Mechanism
 

We’ve written about Facebook a lot on this blog.  Shortly after this blog was launched, we provided information on Facebook’s subpoena policy.  We’ve also talked about the eDiscovery implications associated with the rollout of Facebook’s new email messaging system, dubbed “Facemail”.  And, just last week, we chronicled a case involving Facebook where they were ordered to produce documents instead of just merely providing access to them.  And, we haven’t even mentioned the latest revelations that Facebook may have secretly hired a PR firm to plant negative stories about Google (oops, we just did!).

But perhaps our most popular post regarding Facebook was regarding the self collection mechanism that they rolled out last October, which we found out about via our LegalTech interview with Craig Ball published back in March after our February interview (Craig also wrote an article about the feature in Law Technology News in February).

Now, another article has been written about the usefulness of Facebook’s self collection mechanism (called “Download Your Information”) in the blog E-Discovery Law Alert, entitled How Useful is Facebook's "Download Your Information" Feature in E-Discovery?, written by Patrick V. DiDomenico.

The author of this article conducted a test by downloading his information via the utility, deleting some information from his Facebook profile – “an email message, some wall posts, comments, photos, and even a friend (not a close friend)” – hopefully, he added the friend back.  Then, he downloaded his information again, every day for four days, with no change for the first three days.  On the fourth day, most of the deleted information disappeared from the download, except the email message (which disappeared when he ran the utility one more time).

The conclusion was that the mechanism “does not appear to ‘look back’ and recover deleted information in the user’s account”.  Thoughts:

  • With no change in the download in the first three days, the author notes that “Facebook did not take a fresh snapshot of my account every day – it just re-downloaded the same file three days in a row”.  He doesn’t mention whether he added any content during this time.  It would be interesting to see if that would force a change.
  • I don’t believe that there is any specific documentation from Facebook as to how it handles additions and deletions and how often the snapshot is updated.  If not, it might behoove them to create some, it might save them some subpoena requests.
  • The author notes that “it is inadvisable for lawyers to rely solely on the Download Your Information feature for discovery of an adversary’s Facebook information” as it “gives no assurance that a litigant’s attempt to delete evidence will be revealed”.  On the other hand, it may be still an appropriate mechanism to use for your own discovery to preserve your own information.  Facebook may also store deleted information on backup tapes, so a subpoena could catch your opponent red-handed if you can justify the discovery of those tapes.  Food for thought.

So, what do you think?  Have you had any Facebook discovery requests in your eDiscovery projects?   Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Best Practices: Does Anybody Really Know What Time It Is?
 

Does anybody really know what time it is?  Does anybody really care?

OK, it’s an old song by Chicago (back then, they were known as the Chicago Transit Authority).  But, the question of what time it really is has a significant effect on how eDiscovery is handled.

Time Zone: In many litigation cases, one of the issues that should be discussed and agreed upon is the time zone to apply to the produced files.  Why is it a big deal?  Let’s look at one example:

A multinational corporation has offices from coast to coast and potentially responsive emails are routinely sent between East Coast and West Coast offices.  If an email is sent from a party in the West Coast office at 10 PM on June 30, 2005 and is received by a party in the East Coast office at 1 AM on July 1, 2005, and the relevant date range is from July 1, 2005 thru December 31, 2006, then the choice of time zones will determine whether or not that email falls within the relevant date range.  The time zone is based on the workstation setting, so they could actually be in the same office when the email is sent (if someone is traveling).

Usually the choice is to either use a standard time zone for all files in the litigation – such as Greenwich Mean Time (GMT) or the time zone where the producing party is located – or to use the time zone associated with each custodian, which means that the time zone used will depend on where the data came from.  It’s important to determine the handling of time zones up front in cases where multiple time zones are involved to avoid potential disputes down the line.

Which Date to Use?: Each email and efile has one or more date and time stamps associated with it.  Emails have date/time sent, as well as date/time received.  Efiles have creation date/time, last modified date/time and even last printed date/time.  Efile creation dates do not necessarily reflect when a file was actually created; they indicate when a file came to exist on a particular storage medium, such as a hard drive. So, creation dates can reflect when a user or computer process created a file. However, they can also reflect the date and time that a file was copied to the storage medium – as a result, the creation date can be later than the last modified date.  It’s common to use date sent for Sent Items emails and date received for Inbox emails and to use last modified date for efiles.  But, there are exceptions, so again it’s important to agree up front as to which date to use.

So, what do you think?  Have you had any date disputes in your eDiscovery projects?   Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Best Practices: 4 Steps to Effective eDiscovery With Software Analytics
 

I read an interesting article from Texas Lawyer via Law.com entitled “4 Steps to Effective E-Discovery With Software Analytics” that has some interesting takes on project management principles related to eDiscovery and I’ve interjected some of my thoughts into the analysis below.  A copy of the full article is located here.  The steps are as follows:

1. With the vendor, negotiate clear terms that serve the project's key objectives.  The article notes the important of tying each collection and review milestone (e.g., collecting and imaging data; filtering data by file type; removing duplicates; processing data for review in a specific review platform; processing data to allow for optical character recognition (OCR) searching; and converting data into a tag image file format (TIFF) for final production to opposing counsel) to contract terms with the vendor. 

The specific milestones will vary – for example, conversion to TIFF may not be necessary if the parties agree to a native production – so it’s important to know the size and complexity of the project, and choose only an experienced eDiscovery vendor who can handle the variations.

2. Collect and process data.  Forensically sound data collection and culling of obviously unresponsive files (such as system files) to drastically decrease the overall review costs are key services that a vendor provides in this area.  As we’ve noted many times on this blog, effective culling can save considerable review costs – each gigabyte (GB) culled can save $16-$18K in attorney review costs.

The article notes that a hidden cost is the OCR process of translating extracted text into a searchable form and that it’s an optimal negotiation point with the vendor.  This may have been true when most collections were paper based, but as most collections today are electronic based, the percentage of documents requiring OCR is considerably less than it used to be.  However, it is important to be prepared that there are some native files which will be “image only”, such as TIFFs and scanned PDFs – those will require OCR to be effectively searched.

3. Select a data and document review platform.  Factors such as ease of use, robustness, and reliability of analytic tools, support staff accessibility to fix software bugs quickly, monthly user and hosting fees, and software training and support fees should be considered when selecting a document review platform.

The article notes that a hidden cost is selecting a platform with which the firm’s litigation support staff has no experience as follow-up consultation with the vendor could be costly.  This can be true, though a good vendor training program and an intuitive interface can minimize or even eliminate this component.

The article also notes that to take advantage of the vendor’s more modern technology “[a] viable option is to use a vendor's review platform that fits the needs of the current data set and then transfer the data to the in-house system”.  I’m not sure why the need exists to transfer the data back – there are a number of vendors that provide a cost-effective solution appropriate for the duration of the case.

4. Designate clear areas of responsibility.  By doing so, you minimize or eliminate inefficiencies in the project and the article mentions the RACI matrix to determine who is responsible (individuals responsible for performing each task, such as review or litigation support), accountable (the attorney in charge of discovery), consulted (the lead attorney on the case), and informed (the client).

Managing these areas of responsibility effectively is probably the biggest key to project success and the article does a nice job of providing a handy reference model (the RACI matrix) for defining responsibility within the project.

So, what do you think?  Do you have any specific thoughts about this article?   Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Trends: Apple Responds to the iPhone/iPad Location Controversy
 

Yesterday, we talked about the latest litigation for Apple, which was sued for alleged privacy invasion and computer fraud by two customers in a federal complaint in Tampa, Florida who claim the company is secretly recording and storing the location and movement of iPhone and iPad users.  Yesterday, Apple issued a press release response to questions regarding this controversy, published here on Business Wire.

Highlights:

  • Apple reiterated that they are “not tracking the location of your iPhone. Apple has never done so and has no plans to ever do so.”
  • Instead, according to Apple, the iPhone is “maintaining a database of Wi-Fi hotspots and cell towers around your current location, some of which may be located more than one hundred miles away from your iPhone, to help your iPhone rapidly and accurately calculate its location when requested.”
  • Apple says that the “database is too big to store on an iPhone, so [they] download an appropriate subset (cache) onto each iPhone. This cache is protected but not encrypted, and is backed up in iTunes whenever you back up your iPhone.”
  • Geo-tagged Wi-Fi hotspot and cell tower data is sent to Apple in an anonymous and encrypted form” and “ Apple cannot identify the source of this data.”
  • The reason the iPhone stores up to a year’s worth of location data is “a bug we uncovered and plan to fix shortly”.  “We don’t think the iPhone needs to store more than seven days of this data.”
  • The iPhone sometimes shouldn’t continue updating its Wi-Fi and cell tower data when Location Services is turned off.  “This is a bug, which we plan to fix shortly”.
  • Apple also noted that they will release a free iOS software update “sometime in the next few weeks” that: “reduces the size” of the database cached on the iPhone, “ceases backing up the cache”, and “deletes this cache entirely when Location Services is turned off”.

We’ll see how this press release impacts the litigation and various regulatory investigations.

So, what do you think?  Have you been involved in a case where GPS location data was relevant?   Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Trends: It’s 10 PM, Does Apple Know Where You Are?
 

Over 30 years ago, local TV stations across the country ran this ad, asking the question “It’s 10 PM, do you know where you children are?”

Today, they could ask the question of many iPhone and iPad users, “It’s 10 PM, does Apple know where you are?”

According to Bloomberg on Monday, “Apple Inc. (AAPL) was sued for alleged privacy invasion and computer fraud by two customers who claim the company is secretly recording and storing the location and movement of iPhone and iPad users, according to a federal complaint filed…in Tampa, Florida.”

Vikram Ajjampur, an iPhone user in Florida, and William Devito, a New York iPad customer, sued April 22 in federal court in Tampa, Florida, seeking a judge’s order barring the alleged data collection and requesting refunds for their phones.

The lawsuit references a report from two computer programmers who indicated that “those of us who own either an iPhone or iPad may have been subjected to privacy invasion since the introduction of iOS 4.0” (operating system).  The report claims that Apple’s iOS4 operating system is logging latitude-longitude coordinates along with the time a spot is visited, is collecting about a year’s worth of location data, and logs location data to a file called "consolidated.db", which is unencrypted and unprotected.

“We take issue specifically with the notion that Apple is now basically tracking people everywhere they go,” Aaron Mayer, an attorney for the plaintiffs, said. “If you are a federal marshal, you have to have a warrant to do this kind of thing, and Apple is doing it without one.”

In addition to the Florida lawsuit, the Illinois Attorney General has asked to meet with Apple executives to discuss these reports and French, German, Italian and South Korean regulators are also investigating the alleged location collection feature as a result of the programmers’ report.

So far, Apple has not commented – officially.  However, MacRumors reports that Steve Jobs has responded to one emailer who requested “Maybe you could shed some light on this for me before I switch to a Droid. They don't track me.”  To which Jobs allegedly responded, “Oh yes they do. We don't track anyone. The info circulating around is false.  Sent from my iPhone.”

True or False?  We’ll hopefully see.  It seems that every week there is a new type of data that can be relevant to the eDiscovery process, doesn’t it?

So, what do you think?  Have you been involved in a case where GPS location data was relevant?   Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Trends: 2011 eDiscovery Errors Survey
 

As noted in Legal IT Professionals on Friday, LDM Global on Friday announced the results of its 2011 eDiscovery Errors survey. The company asked a selection of industry professionals their views on which errors they experienced most often during the discovery process. Results were collected from across the USA, Europe and Australia.

According to Scott Merrick, LDM Global Marketing Director and survey author, “Our goal was to find out what the real, day to day issues and problems are around the discovery process.”  He also noted that “Of particular interest was the ongoing challenge of good communication. Technology has not solved that challenge and it remains at the forefront of where mistakes are made.”

The respondents of the survey were broken down into the following groups: Litigation Support Professionals 47%, Lawyers 30%, Paralegals 11%, IT Professionals 9% and Others 3%.  Geographically, the United States and Europe had 46% of the respondents each, with the remaining 8% of respondents coming from Australia.  LDM Global did not identify the total number of respondents to the survey.

For each question about errors, respondents were asked to classify the error as “frequently occurs”, “occasionally occurs”, “not very common” or “never occurs”.  Based on responses, the most common errors are:

  • Failure to Effectively Communicate across Teams: 50% of the respondents identified this error as one that frequently occurs
  • An Inadequate Data Retention Policy: 47% of the respondents identified this error as one that frequently occurs
  • Not Collecting all Pertinent Data: 41% of the respondents identified this error as one that frequently occurs
  • Failure to Perform Critical Quality Control (i.e., sampling): 40% of the respondents identified this error as one that frequently occurs
  • Badly Thought Out, or Badly Implemented, Policy: 40% of the respondents identified this error as one that frequently occurs

Perhaps one of the most surprising results is that only 14% of respondents identified Spoliation of evidence, or the inability to preserve relevant emails as an error that frequently occurs.  So, why are there so many cases in which sanctions have been issued for that very issue?  Interesting…

For complete survey results, go to LDMGlobal.com.

So, what do you think?  What are the most common eDiscovery errors that your organization has encountered?   Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Case Law: Conclusion of Case Does Not Preclude Later Sanctions

In Green v. Blitz U.S.A., Inc., (E.D. Tex. Mar. 1, 2011), the defendant in a product liability action that had been settled over a year earlier was sanctioned for “blatant discovery abuses” prior to the settlement. Defendant was ordered to add $250,000 to its settlement with plaintiff, to provide a copy of the court’s order to every plaintiff in every lawsuit against defendant for the past two years or else forfeit an additional $500,000 “purging” sanction, and to include the order in its first responsive pleading in every lawsuit for the next five years in which defendant became involved.

Defendant, a manufacturer of gasoline containers, was named in several product liability lawsuits, including this case in which plaintiff alleged that her husband’s death was caused in part by the lack of a flame arrestor on defendant’s gas cans. The jury in plaintiff’s case returned a verdict for defendant after counsel for defendant argued that “science shows” that flame arrestors did not work. The case was settled after the jury verdict for an undisclosed amount, but two years later, counsel for plaintiff sought sanctions and to have the case reopened after learning in another case against defendant that while the gas can lawsuits were underway, defendant had been instructing its employees to destroy email.

The court described defendant’s failure to implement a litigation hold as gas can cases were filed. A single employee met with other employees to ask them to look for documents, but he did not have any electronic searches made for documents and he did not consult with defendant’s information technology department on how to retrieve electronic documents.

The court held that defendant willfully violated the discovery order in the case by not producing key documents such as a handwritten note indicating a desire to install flame arrestors on gas cans and an email noting that the technology for flame arrestors existed given the common use of flame arrestors in the marine industry. “Any competent electronic discovery effort would have located this email,” according to the court, through a key word search. Defendant’s employee in charge of discovery did not conduct a key word search and, despite acknowledging that he was as computer “illiterate as they get,” did not seek help from defendant’s information technology department, which was routinely sending out instructions to employees to delete email and rotating backup tapes every two weeks while the litigation was underway.

The court declined to reopen the case since it had been closed for a year. However, based on its knowledge of the confidential settlement of the parties, the court ordered defendant to pay plaintiff an additional $250,000 as a civil contempt sanction to match the minimum amount that the settlement would have been if plaintiff had been provided documents withheld by defendant. The court also ordered a “civil purging sanction” of $500,000 which defendant could avoid upon showing proof that a copy of the court’s decision had been provided to every plaintiff in a lawsuit against defendant for the past two years. The court added a requirement that defendant include a copy of the court’s opinion in its first pleading in any lawsuit for the next five years in which defendant became a party.

As Yogi Berra would say, “It ain’t over ‘til it’s over”.

So, what do you think?  Should cases be re-opened after they’re concluded for discovery violations?  Please share any comments you might have or if you’d like to know more about a particular topic.

Case Summary Source: Applied Discovery (free subscription required).  For eDiscovery news and best practices, check out the Applied Discovery Blog here.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

eDiscovery Best Practices: Your ESI Collection May Be Larger Than You Think
 

Here’s a sample scenario: You identify custodians relevant to the case and collect files from each.  Roughly 100 gigabytes (GB) of Microsoft Outlook email PST files and loose “efiles” is collected in total from the custodians.  You identify a vendor to process the files to load into a review tool, so that you can perform first pass review and, eventually, linear review and produce the files to opposing counsel.  After processing, the vendor sends you a bill – and they’ve charged you to process over 200 GB!!  What happened?!?

Did the vendor accidentally “double-bill” you?  That would be great – but no.  There’s a much more logical explanation and, unfortunately, you may wind up paying a lot more to process these files that you expected.

Many of the files in most ESI collections are stored in what are known as “archive” or “container” files.  For example, as noted above, Outlook emails are typically saved for each custodian in a personal storage (.PST) file format, which is an expanding container file. For most custodians, all of their email (and the corresponding attachments, if present) resides in a few PST files.  The scanned size for the PST file is the size of the file on disk.

Did you ever see one of those vacuum bags that you store clothes in and then suck all the air out so that the clothes won’t take as much space?  The PST file is like one of those vacuum bags – it typically stores the emails and attachments in a compressed format to save space.  When the emails and attachments are processed into a review tool, they are expanded into their normal size.  This expanded size can be 1.5 to 2 times larger than the scanned size (or more).  And, that’s what many vendors will bill on – the expanded size.

There are other types of archive container files that compress the contents – .zip and .rar files are two examples of compressed container files.  These files are often used to not only to compress files for storage on hard drives, but they are also used to compact or group a set of files when transmitting them, usually in – you guessed it – email.  With email comprising a majority of most ESI collections and the popularity of other archive container files for compressing file collections, the expanded size of your collection may be considerably larger than it appears when stored on disk.  It’s important to be prepared for that and know your options when processing that data, so you can effectively anticipate those processing costs.

So, what do you think?  Have you ever been surprised by processing costs of your ESI?   Please share any comments you might have or if you’d like to know more about a particular topic.