Close
Enter your
text here

Electronic Discovery

Interview with Pete Feinberg of Consilio Regarding the Huron Legal Acquisition: eDiscovery Trends

Consolidation within the eDiscovery industry continues.  Last week, Consilio announced a “definitive agreement” to acquire the Huron Legal Practice of Huron Consulting Group – their third acquisition in the past four months.  Yesterday, I interviewed Pete Feinberg, Senior Vice President, Products & Marketing at Consilio about the Huron Legal acquisition.

Huron Legal is one of Huron Consulting Group’s four operating segments and offers a variety of services to law firms and corporate law departments including eDiscovery, document review, information governance and compliance, law department management and legal analytics.  Huron Legal has operations primarily in the U.S., including Chicago, Charlotte, Raleigh, Miramar, New York, Washington, D.C., San Francisco and Houston, as well as international locations.  Not to mention, a regular contributor to this blog… :o)

I asked Feinberg about the acquisition and why Huron Legal made sense as an acquisition target for the company.

“Huron Legal has really done a great job building a dominant position around document review and eDiscovery services, particularly in the US market, which was very attractive to us”, said Feinberg.  “Consilio has been strong in international eDiscovery and it was important for us to solidify a foothold here in the US.  Frankly, we couldn’t think of a better partner to do so than with Huron Legal, who has been providing great services to their clients for almost ten years now.”

“Beyond that, as we got to know the Huron Legal team better, we saw that there are more than a hundred consultants within the Huron Legal business unit focused in a variety of practice areas, including information governance, compliance, law department management and legal analytics.  Those practice areas are very attractive to Consilio as they are areas in which we have not been as strong historically.  But, we understand where the market is moving and, through engaging with our clients, we understand some of the added value that those consulting services and strategic relationships can afford.  Also, though both Consilio and Huron Legal serve very similar clients in terms of characteristic – large, multinational corporations within particular vertical sectors such as financial services, life sciences, pharma and technology and global presence law firms – fewer than 5% of our clients are shared between our two organizations.  So, it is a highly complementary transaction from that perspective.”

With regard to what the acquisition will mean for current clients of Huron Legal, Feinberg made it clear that there would be “first and foremost, no service interruption.  The Huron Legal management team is coming over almost in totality to Consilio and joining Consilio’s leadership team.  We don’t look at this as an acquisition, we look at this as more of a merger of two complementary businesses.  Each of our companies has certain capabilities that are stronger than the other, so the key for us is to find the strengths within each of the two businesses and leverage those into the combined entity and we expect to work with the Huron Legal management team to help build a larger, more capable entity going forward.  We also don’t want to rush this transition, we want to be very thoughtful and purposeful about it to avoid creating any kind of tension for either legacy client base, or employee base.  That said, we see considerable benefits for the clients over the mid-term and long term horizons, particularly by expanding the services for those clients who have operations around the world, particularly in continental Europe and Asia Pacific.”

Huron Legal is not Consilio’s only recent acquisition, they also acquired predictive coding provider Backstop back in September and, only days ago, acquired Proven Legal Technologies as well.  Feinberg said that a change in private equity owners was a key factor in the recent acquisitions.  “We felt that it was important to have a private equity owner that was aligned in our vision that there is going to be consolidation in the eDiscovery space.  We were very fortunate to find a partner like Shamrock Capital Advisors (who acquired controlling interest in Consilio earlier this year) who had the same strategic vision that we did.  We’ve been able to work with Shamrock to take a look at businesses that fit our business model and client base, such as Backstop, with which we’ve had great experiences.  Like Huron Legal in the US market, Proven Legal Technologies has a great bench of resources and experience in the UK market and experience in Relativity, which we had not hosted previously.  With the Huron Legal acquisition, which was somewhat coincidental in terms of timing, we were able to add a bench of even greater scale and experience with Relativity here in the US.”

Thanks, Pete, for the interview!

So, what do you think? Is consolidation within the eDiscovery industry beginning to happen more quickly? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

The Sedona Conference Provides Guidance for Protection of Privileged ESI: eDiscovery Best Practices

As volumes of electronically stored information (ESI) stored in the world doubles every 1.2 years, it becomes more challenging to identify the ESI that is subject to a claim of attorney-client privilege or work product protection and log and exclude that ESI from production.  Federal Rule of Evidence 502 was intended to address waiver of such privilege claims and reduce the discovery costs, but many attorneys and judges don’t realize the protections the rule offers.  Now, The Sedona Conference® has issued a new final commentary to “breathe some needed life” into the understanding and use of Rule 502.

Last week, Working Group 1 of The Sedona Conference, announced the final release of The Sedona Conference Commentary on Protection of Privileged ESI, which reflects changes made after release of the public comment version in November 2014.

The Commentary attempts to “breathe some needed life” into the understanding and use of Rule 502 by:

  1. Reminding counsel of the basics of the law on privilege in the context of modern document productions;
  2. Encouraging parties, lawyers, and the courts to consider employing Rule 502(d)-type orders in every complex civil matter;
  3. Articulating a “safe harbor” presumption that protects parties from claims of waiver in connection with the inadvertent production of privileged materials, provided that there is adherence to certain basic best practices in the context of ESI privilege review;
  4. Encouraging cooperation among litigants to lower the cost and burden of identifying privileged information; and
  5. Identifying protocols, processes, tools, and techniques that can be used to limit the costs associated with identifying and logging privileged material, and avoiding or resolving disputes relating to the assertion of privileges.

The 64 page Commentary covers the four Principles on Protection of Privileged ESI, which are as follows:

  • Principle 1: Parties and their counsel should undertake to understand the law of privilege and its appropriate application in the context of electronically stored information.
  • Principle 2: Parties, counsel, and courts should make use of Federal Rule of Evidence 502(d) and its state analogues.
  • Principle 3: Parties and their counsel should follow reasonable procedures to avoid the inadvertent production of privileged information.
  • Principle 4: Parties and their counsel should make use of protocols, processes, tools, and technologies to reduce the costs and burdens associated with the identification, logging, and dispute resolution relating to the assertion of privilege.

The Commentary also provides appendices that include an Explanatory Note on Evidence Rule 502 Prepared by the Judicial Conference Advisory Committee on Evidence Rules, two model Rule 502(d) orders (including the one we previously discussed here from Hon. Andrew J. Peck (S.D.N.Y.)) and state law analogues of Federal Rule 502 adopted by several states.

You can download the Commentary here.  Consider it an early Christmas present from The Sedona Conference!

So, what do you think? Do you use 502(d) orders in your cases?  If not, why not?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Most Firms Are More Concerned About Security Threats Than They Were Just Two Years Ago: eDiscovery Trends

If you’ve been paying attention to the headlines at all this year, it should come as no surprise that most firms are more concerned about security threats than they were just two years ago.  But, what percentage of firms and what is their biggest security concern?

The LegalTech News article, By the Numbers: Cybersecurity in the 2015 Am Law-LTN Tech Survey, provides some interesting key stats on firms’ handling of cybersecurity and their top concerns.  Here are some key numbers:

  • 77% of firms are more concerned about security threats than they were just two years ago: In addition, the majority of respondents to the survey indicated that their security concerns have increased over the past year, with none indicating a decrease in concern over the past year;
  • 25% of respondents identified phishing as their perceived biggest security threat to the firm: In addition to the practice where hackers pose as legitimate sites to trick people into providing their credentials, 23% of respondents identified “outsiders trying to break into the data network as their biggest threat, for a total of 48% of respondents where their biggest concern was unauthorized outsider access. 27% of respondents identified a lack of knowledge about their security status as the biggest threat, either a lack of knowledge if data has been compromised (16%) or a lack of knowledge when the firm is under attack (11%).
  • 83% of responding firms have implemented mobile device management software to protect data on BYOD devices: That’s probably a big reason why only 5% of respondents identified “mobile” as their biggest security threat.
  • 31% of firms plan to migrate to Windows 10 in the next year: As the survey indicates, support for older operating systems can dwindle, resulting in a greater possibility of security exploits in those older operating systems (though it’s my experience that the newer systems can sometimes be as vulnerable).

So, what do you think? What do you consider to be the biggest security threat to your firm? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Denies Plaintiff’s Request for In Camera Review of Defendants’ Privileged Emails: eDiscovery Case Law

In Armouth International, Inc. v. Dollar General Corp. et. al., No. 14-0567 (M.D. Tenn., November 2, 2015), Tennessee Magistrate Judge Barbara D. Holmes, calling the plaintiff’s request a “fishing expedition”, denied the plaintiff’s expedited motion to compel, requesting that the defendants be required to produce emails that were either withheld or redacted based on claims of attorney-client privilege for an in camera review of the emails by the Court to confirm the privilege claims.

Case Background

In this dispute between a discount retailer and one of its suppliers over failure to pay invoices and cancelled orders, the defendants withheld certain email communications and redacted other emails on the basis of attorney-client privilege.  The disputed emails related to a decision made by the defendants’ Assistant General Counsel (AGC) to release a hold (that was originally placed by the defendants because the merchandise failed to conform to the labeling standards set forth by the Federal Trade Commission) on merchandise that was to be distributed to the defendants’ retail stores for sale.  The defendant contended that the AGC’s decision was purely legal and involved, at most, minor business considerations.

Citing the AGC’s role as “head of the Compliance Department” and “supervisor to the Senior Director of Global Sourcing”, the plaintiff argued that the AGC was acting with his “business hat,” as opposed to his “legal hat,” and that the emails withheld and redacted by the defendant involving the AGC were therefore not subject to the attorney-client privilege.  As a result, the plaintiff filed an expedited motion to compel, requesting that the defendants be required to produce all 52 of the communications withheld or redacted by the defendant for an in camera review by the Court to determine which emails are protected by the privilege.

Judge’s Ruling

Referencing the defendant’s contention that the decision to release the hold was made by the AGC precisely because it required the legal opinion of an attorney, Judge Holmes stated:

“The Court is not persuaded that this series of events, nor Armouth’s unsupported speculation, forms a ‘factual basis adequate to support a good faith belief by a reasonable person’ that an in camera review of the emails contained in Dollar General’s privilege log would reveal communications involving business advice unprotected by the attorney-client privilege. Armouth is unwilling to believe that Mr. Stephenson was acting in a legal capacity when the decision was made to release the hold on its merchandise, despite the fact that the hold was originally implemented due to legal considerations, i.e. the failure of Armouth’s merchandise to comply with federal law with respect to labeling standards.”

Continuing, Judge Holmes stated: “The Court agrees with Dollar General that Armouth’s blanket request for review of the entire privilege log suggests a ‘fishing expedition,’ as opposed to a specific request to discover relevant information. The Court also notes that granting Armouth’s motion, which broadly requests a review of all of Dollar General’s emails withheld based on attorney-client privilege, would open the floodgates and allow any party to demand an in camera review of the opposing party’s attorney-client communications so long as the former expressed an unfounded suspicion that counsel for the latter had misrepresented the basis for the privilege claim. For the these reasons, Armouth’s motion is DENIED.”

So, what do you think?  Should the court have allowed for the in camera review?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Protective Orders Help Guard Against Data Breaches by Your Opponents: eDiscovery Trends

A couple of years ago Mandiant reported that 80 percent of the country’s largest law firms have been hacked.  In litigation, you may have to produce your data to one of those firms representing the opposing party.  Here’s how you can protect your organization.

In the Bloomberg BNA article How to Mitigate Risk When Handing Data to Outside Law Firms (written by Gabe Friedman), Aaron Crews, senior associate general counsel and head of eDiscovery at Walmart, explained that a company normally stores all of its data, including its most sensitive items, among vast troves.

“eDiscovery is [really] fraught with a fair amount of risk,” said Crews.  “The gems of your data, the really risk-bearing stuff is kind of hidden among the rest of the data,” he said. “But in the eDiscovery space, you’re hosting a slice of data that has been particularly selected because it has those gems in it.”  Turning those “gems” over to a law firm with inadequate cybersecurity protocols can put your organization at risk.

To protect against a data breach in the context of discovery, some practitioners have begun requiring opposing parties in litigation to sign protective orders. Crews said he asks the opposing side to agree to one of the following three provisions:

  1. To sign a protective order attesting that their firm meets certain basic cybersecurity protocols and that it indemnifies his company against any risk of breach.
  2. To use a trusted eDiscovery vendor.
  3. If all else fails, it must access the data through his own trusted eDiscovery vendor.

Paul Weiner, a shareholder at Littler Mendelson who is national eDiscovery counsel for the firm, said he drafted an order with such protections because the risk and consequences of a data breach during eDiscovery are simply too great to ignore.  He provided a sample of the language in the protective orders that he uses in the article and indicated that, though a protective order requires a judge’s approval, so far he hasn’t experienced any problems or push back in requiring one.

If 2015 is remembered for anything in the legal technology world, it may be remembered as the year of the data breach.  You may not know whether the law firm holding your data has suffered a data breach, but you can require them to adhere to certain basic cybersecurity protocols, either within their firm, within their trusted eDiscovery vendor or within yours.

So, what do you think? Have you considered requiring opposing parties to sign protective orders in your litigation cases? Please share any comments you might have or if you’d like to know more about a particular topic.

As always, thanks to Rob Robinson’s Complex Discovery site for the tip on the article!

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

You Should “Categorically” Remember to Use Our Blog as a Knowledge Base: eDiscovery Trends

As a daily blog that has been around for over 5 years, eDiscovery Daily has published over 1,310 posts to date. We’ve covered a lot of different categories related to eDiscovery over that time.  But, do you know how to take advantage of the “Categories” feature on this blog to check them out?

We have yet to remove any posts that we’ve published from our site – as a result, we have developed quite a knowledge base resource about eDiscovery topics. Even though I’ve written most of the posts on this blog, I find myself using it from time to time, because, honestly, my brain can only retain so much.  It’s only a matter of time before I post something I’ve already posted without realizing it!  :o)

One of the useful features that our site provides is the Library section. You should see it on the left sidebar underneath the Subscription Center. There are two sub-sections that can be useful, Categories and Monthly Archives. As the name implies, Monthly Archives provides an entry for each month’s set of posts – all the way back to the launch of the blog in September 2010. It’s a great way to catch up on topics if you’ve missed them.

As for the Categories sub-section, you may have noticed at the bottom of each post under the Disclaimer, there is a “Filed under” section to show the categories that the post is filed under. Most posts relate to at least a couple of categories (for example, this one relates to Electronic Discovery and Industry Trends; not surprisingly, almost every post relates to electronic discovery because, after all, this is an eDiscovery blog).

The Categories drop down in the Library section enables you to see the classification categories that we use and select a category of interest. So, if you’re interested in viewing the posts related to eDiscovery Case Law (440 (!) of them to date, including yesterday’s post), simply select ‘Case Law’ from the drop down and the site will display a listing of post summaries, starting with the most recent post.

Do you have an interest in activities within the EDRM (198) or want to know more about Information Governance (148)? Want to know more about Federal eDiscovery Rules (82, including the rules newly adopted just last week) or State eDiscovery Rules (35)? Would you like to review cases where Sanctions (189) have been applied, or at least considered? How about articles related to Searching (281) and searching best practices?  One simple click is all it takes to get there.

Feel free to not only read each daily post, but also to use this blog as a knowledge base resource. If it’s a significant eDiscovery trend, key case law decision or best practice over the past 5+ years, we probably have it here.

So, what do you think? Are there additional categories that you’d like to see us track? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Grants Defendants’ Motion to Exclude Plaintiff’s Use of Spoliation Evidence: eDiscovery Case Law

In West v. Talton, No. 13-338 (M.D. Ga., Nov. 2, 2015), Georgia District Judge C. Ashley Royal granted the defendants’ Motion in Limine to exclude all evidence and argument regarding spoliation, reserving its ruling on the remaining issues in the Motion in Limine.

Case Background

In this employment discrimination case, during a deposition of defendants’ representatives in June 2014, the plaintiff discovered that the defendants failed to search and preserve some e-mail accounts as requested during discovery.  Based on this information, the Court granted the plaintiff’s motion to reopen discovery in September 2014. During the additional discovery period, the plaintiff discovered one individual defendant’s email account was deleted shortly after his resignation and backup tapes of the defendants’ server were written over as part of an automatic backup performed every six months which erased any backup of his email account.

Ultimately, the defendants were still able to retrieve the departed employee’s old computer and hire a third-party company to preserve and search the hard drive, from which they were eventually able to produce over a thousand documents and emails.  Nonetheless, the plaintiff sought a spoliation instruction to the jury regarding the deletion of emails, or in the alternative, an opportunity to present evidence of the defendants’ failure to preserve emails to the jury, claiming that he would have discovered more emails to support his claim had the defendants preserved the backup tapes and Holt’s email account.  The defendants argued that this evidence should be excluded because the emails were not deleted in bad faith, and they still retrieved the employee’s hard drive, which included the evidence the plaintiff requested.

Judge’s Ruling

After conducted a hearing to consider the arguments, Judge Royal stated:

“Based on the evidence presented during the hearing, it is not clear that Defendants’ failure to preserve Holt’s email account and the server’s backup tapes was a malicious act or done in bad faith. On the contrary, it appears Holt’s email was deleted pursuant to a routine procedure to delete an employee’s email account shortly after the employee left the Sheriff’s Department and to rewrite over the backup tapes of the server every six months. Plaintiff contends this procedure was more than just “mere negligence” because Defendants were on notice after receiving an EEOC complaint. However, even assuming Plaintiff’s contention is true, it is completely speculative Plaintiff was prejudiced by these events in any way. Defendants hired an outside company to restore Holt’s hard drive and recovered over 70,000 documents from the hard drive. The search terms used were broad and extensive and produced 1,205 hits. Indeed, Plaintiff received more information based on these search terms than what was originally requested during discovery. Further, the third-party company stated there was no evidence on the hard drive of any ‘mass destruction’ or ‘wiping.’”

Judge Royal rejected the plaintiff’s use of Woodward v. Wal-Mart Stores East, LP as an analogous case, noting in that case, the plaintiff did not have other evidence to replace a lost video tape.  Stating that “[t]he Court finds the danger of confusing the issues and misleading the jury outweighs the probative value of such evidence”, Judge Royal granted the defendants’ Motion in Limine to exclude all evidence and argument regarding spoliation.

So, what do you think?  Should the court have allowed for a spoliation instruction to the jury or was the defendant’s efforts to provide ESI for the departed employee sufficient?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Is Information Governance “Too Important to Be Left to Humans”?: eDiscovery Trends

According to a recent report by AIIM, there are “huge volumes of content in most organizations that are not under any form of information governance (IG), retention management, or eDiscovery”.  In their new report (Information Governance: too important to be left to humans), AIIM takes an in-depth look at the scale of IG issues, the drivers to bring it under control, the effectiveness of automated classification, and the impact on risks and costs.

The survey used to provide report results was taken using a web-based tool by 398 individual members of the AIIM community.  In the Executive Summary, AIIM provided key findings in a number of areas, including IG Drivers and Issues, IG Maturity, Storage and Data Reduction, Automating IG, Cloud, E-Discovery and Spend.  Here is a sample of some of the findings:

IG Drivers and Issues

  • In the light of recent leaks, hacks and email issues, IG is very high on the senior management agenda for 28% of organizations, and 53% have new IG initiatives. 57% of respondents say senior management are only interested when things go wrong;
  • 51% have had data-related incidents in the past 12 months, including 16% suffering a data breach – half from external hacking and half from staff. Staff negligence or bad practice is the most likely cause of data loss (20%).

IG Maturity

  • The volume of paper records is increasing in 33% of organizations, and decreasing in 39%. This net difference of 6% decreasing compares to 10% increasing in 2014. The largest organizations (5,000+ employees) are making most progress (21% net decreasing).
  • Information retention, access security and data protection are covered by most IG policies, but only 47% cover mobile access and mobile devices, including BYOD (39%). Only 36% have specific policies for cloud-based content sharing.

Storage Reduction and Data Retention

  • As well as replacing file-shares with ECM, 22% are considering a cloud model to reduce storage costs, and 25% are automating retention, deletion and data cleaning. 25% will just go on buying more discs.

Automating IG

  • 34% feel that automated classification is more consistent than humans, including 20% who feel it’s more accurate too. 48% prefer the idea of machine prompt with human review.

Cloud

  • Cost saving is the biggest driver for cloud (66%), then business resilience (49%). Easier cross-enterprise access and adoption is cited by 42%.

eDiscovery

  • 50% rely on manual search for eDiscovery across electronic and paper records. 14% have a dedicated eDiscovery application within or across systems.
  • 54% of the largest organizations will have multiple legal holds applied per year. But so will 11% of the smallest.

As the Introduction notes, even if day-forward policies are adopted to classify and tag the currently unclassified content, the volumes involved, and the change in staff attitudes needed, represent a huge hurdle to jump. Automated processes or prompted assistance are likely to provide the only enduring solutions. Tagging and classifying the existing content to add value and remove redundant, obsolete and trivial content (for which the clever acronym is “ROT”) would be quite impossible without automated agents working on rules-based algorithms that match the defined governance policies.

You can download the FREE Executive Summary with a more comprehensive list of key findings here.  If you’re an AIIM Professional Member, the entire report is free; if not, you can become a member for only $169 to access this report as well as other AIIM resources.

So, what do you think?  Is Information Governance “too important to be left to humans”?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

“We Don’t Need No Stinking Badges” – On Facebook: eDiscovery Case Law

If you’re near my age and love movies, you probably love the classic Mel Brooks comedy Blazing Saddles.  My favorite quote from that movie is when the bandido says “Badges?  We don’t need no stinking badges!”*  Apparently, there’s a new trend where people post pictures of their employee badges on social media.  Guess what that leads to?  Hacker access into their employer’s facilities.

According to an article on Forbes.com (Here’s Why Your Employer Gets Nervous When You Post Pictures On Facebook), there’s a new trend on social media where people are posting photos of their new employee ID badges called “badge bragging”.  Not surprisingly, according to Brian Varner, Cyber Security Services at Symantec, this trend can give a cyber criminal enough information to compromise personal or company security systems.

One example he cited involved a person who just started a new job at a prestigious hospital. He posted a photo of his new employee ID badge on social media. With just that photo, a hacker could copy the security bar code and make a fake badge to gain access to various systems. Also, the hacker would know the employee’s full name, department he worked in, his education, and the date he started.

Varner identified a few best practices that included developing a policy for employees that addresses posting images or details about work activities online, making security training a part of new employee onboarding and regular reinforcement of good security “hygiene” with constant communication to reinforce best practice behavior.

It’s amazing the ways that hackers can get personal information these days – avoiding security breaches is more challenging than ever.

*By the way, here’s a little trivia: this is not the first time that quote appeared on film or TV.  Most people think the Blazing Saddles quote is taken directly from the classic (not comedy) movie The Treasure of the Sierra Madre.  But, that quote is a little bit different (“Badges? We ain’t got no badges! We don’t need no badges!  I don’t have to show you any stinking badges!”).

The exact quote actually appeared first in an episode of the sixties TV comedy show The Monkees (the first episode of Season 2 in 1967, 6 1/2 years before it was used in Blazing Saddles).  Maybe Mel Brooks was a fan of The Monkees?  Stump your friends with that little piece of trivia!

So, what do you think?  Does your organization have policies in place regarding information shared by employees on social media?  Please share any comments you might have or if you’d like to know more about a particular topic.

Image Copyright © Warner Bros. Inc.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Defendant Ordered to Produce Unredacted Versions of Agreements and Shipment Data: eDiscovery Case Law

In Mervyn v. Atlas Van Lines, Inc. et. al., No. 13-3587 (N.D. Ill., Oct. 23, 2015), Illinois Magistrate Judge Susan E. Cox granted the plaintiff’s motion to compel the defendants to produce unredacted owner-operator agreements and shipment data, rejecting the defendants’ argument that producing both would be an undue burden.

Case Background

In this dispute between a shipping company and an independent owner-operator over compensation calculations, the plaintiff requested certain owner-operator lease agreements (known as “PVOs”) from the defendants to support its class claims.  After the court entered an order directing the parties to hold an ESI liaison meeting to resolve the discovery issues, the defendants produced 18 PVOs with the names of the owner-operators redacted, stating that the sample of PVOs demonstrated that the contracts all differ greatly and showed insufficient commonality or typicality among the owner-operators to adequately define a workable class.  The defendants refused to produce unredacted versions of the PVOs, expressing concern that the plaintiff was likely to misuse the information it gained through discovery to bring additional claims or lawsuits against the defendant.

The plaintiff also requested specific shipping data related to a certain time period in “usable electronic format”, to which the defendants objected, indicating that database searching to provide that information would require the defendants to spend two weeks writing a “script” and that the request was beyond the scope of discovery as envisioned by the Federal Rules of Civil Procedure because it required them to create a new document.  In response, the plaintiff filed a Motion to Compel both the unredacted PVOs and the shipping data in the requested format.

Judge’s Ruling

Finding that the defendants claims regarding misuse of the owner-operators’ names to be “[b]aseless”, that the owner-operator names were relevant to the case and that producing additional PVOs necessary to determine issues related to class certification would not create an undue burden on the defendants, Judge Cox found that “Atlas has failed to show any threat of misuse and is incorrect that the names are irrelevant, thereby mooting its argument that redaction would be unduly burdensome”.

As for the request for shipping data in a particular format, Judge Cox cited Apple v Samsung to illustrate that requiring a party to query an existing database to produce reports for opposing parties is not the same as requiring the creation of a new document.  Finding that the argument that the plaintiff’s request is outside the scope of Rule 34 was unfounded and that the plaintiff “needs this data for Plaintiff’s expert to determine whether, and to what extent, the owner-operators’ in the putative class were damaged by the terms in the PVOs”, Judge Cox granted the plaintiff’s motion to compel the defendants to produce unredacted owner-operator agreements and the shipment data in the format requested.

So, what do you think?  Is querying a database to produce information creation of a new document or does it fall within the scope of Rule 34?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.