Close
Enter your
text here

Electronic Discovery

What I’m Thankful for This Thanksgiving – eDiscovery Thanks

As a devoted blog writer and eDiscovery geek, with Thanksgiving coming this Thursday, I thought it would be a good time to talk about what I’m thankful for this holiday season from an eDiscovery standpoint.  Maybe you’re thankful for some of these same things?

So Many Wonderful eDiscovery Resources: In addition to eDiscovery Daily, there are so many wonderful resources for eDiscovery news and trend information.  I’m thankful for that because (among other reasons) it makes it easier to identify blog topics.  Here are some of the best of the bunch:

  • Ball in Your Court: Craig Ball’s always interesting and insightful blog about eDiscovery trends and best practices – Craig’s analogies and no nonsense ways of communicating are unmatched;
  • e-Discovery Team®: Ralph Losey’s blog probably covers topics in more depth than any other;
  • Ride the Lightning: When you want to know the latest trends on data security and the latest data breaches, Sharon Nelson of Sensei Enterprises covers it here;
  • Litigation Support Guru: Amy Bowser-Rollins covers tips and best practices for litigation support professionals (and those aspiring to be lit support professionals);
  • Bow Tie Law’s Blog: Josh Gilliland provides analysis of case law decisions with a unique perspective that is always educational;
  • Complex Discovery: Rob Robinson is the master at compiling stories and statistics related to eDiscovery topics, ranging from industry acquisitions to case law related to predictive coding.

Industry Thought Leaders Sharing their Time: For the past four years, we have published a thought leader interview series with several eDiscovery industry thought leaders that have always been willing to share their time to discuss their thoughts on emerging trends in the industry.  I want to thank all of them, especially Brad Jenkins, Tom Gelbmann, Laura Zubulake, Alon Israely, Adam Losey, George Socha, Tom O’Connor, Ralph Losey and Craig Ball – each of whom have given their time for interviews more than once (some have done it all four years).  Links are to this year’s interviews – now is a great time to catch up!

eDiscovery Professionals: There are numerous eDiscovery professionals with interesting stories to tell – I’m thankful for those that agreed to tell their stories to our blog, including: Duane Lites, Charlotte Riser Harris, Stuart W. Hubbard, Stacia Sanders, Amy Bowser-Rollins, Caroline Sweeney, Kalani Munden, Paul Savoy, Jennifer Williams, Mark Lieb, Dawn Radcliffe, Julie Brown, Angie Gossen, Gordon Moffat and Cheryl Garner.

The Decade of Discovery: I’m also thankful that Joe Looby’s film The Decade of Discovery is currently on tour and coming to Houston next week.  Check here to see when it may be heading to a screening near you.

I’m also thankful for all of you who continue to read and follow this blog.  We couldn’t have made it for over four years and 1,059 posts (and counting) without you!  Thanks!

And, personally, I’m most thankful for my family, particularly my wife Paige and our kids Kiley and Carter.  I love you!

So, what do you think? What are you thankful for in eDiscovery or in general?  Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Daily will resume with new posts next Monday.  Happy Thanksgiving!

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Opts for Defendant’s Plan of Review including TAR and Manual Review over Plaintiff’s TAR Only Approach – eDiscovery Case Law
In Good v. American Water Works, 2:14-01374 (S.D. W. Vir. Oct. 29, 2014), West Virginia District Judge John T. Copenhaver, Jr. granted the defendants’ motion for a Rule 502(d) order that merely encouraged the incorporation and employment of time-saving computer-assisted privilege review over the plaintiffs’ proposal disallowing linear privilege review altogether.

Case Background

In this class action litigation involving the Freedom Industries chemical spill, the parties met and conferred, agreeing on all but one discovery issue: privilege review and 502(d) clawbacks.  The defendants proposed that the Rule 502(d) order merely encourage the incorporation and employment of computer-assisted privilege review, while the plaintiffs proposed that the order “limit privilege review to what a computer can accomplish, disallowing linear (aka ‘eyes on’) privilege review altogether”.

The plaintiffs would agree only to a pure quick peek/claw-back arrangement, which would place never-reviewed, never privilege-logged documents in their hands as quickly as physically possible at the expense of any opportunity for care on the part of a producing party to protect a client’s privileged and work product protected information.  On the other hand, the defendants did not wish to forego completely the option to manually review documents for privilege and work product protection.

The plaintiffs argued that if they were to proceed with a manual privilege review, then only 502(b) protection – the inadvertent waiver rule – should apply, and not 502(d) protection, which offers more expansive protection against privilege waivers.

Judge’s Ruling

Judge Copenhaver noted that “[t]he defendants have chosen a course that would allow them the opportunity to conduct some level of human due diligence prior to disclosing vast amounts of information, some portion of which might be privileged. They also appear to desire a more predictable clawback approach without facing the uncertainty inherent in the Rule 502(b) factoring analysis. Nothing in Rule 502 prohibits that course. And the parties need not agree in order for that approach to be adopted”.

Therefore, despite the fact that the plaintiffs were “willing to agree to an order that provides that the privilege or protection will not be waived and that no other harm will come to the Defendants if Plaintiffs are permitted to see privileged or work product protected documents”, Judge Copenhaver ruled that “[i]nasmuch as defendants’ cautious approach is not prohibited by the text of Rule 502, and they appear ready to move expeditiously in producing documents in the case, their desired approach is a reasonable one.”  As a result, he entered their proposed Rule 502(d) order, “with the expectation that the defendants will marshal the resources necessary to assure that the delay occasioned by manual review of portions of designated categories will uniformly be minimized so that disclosure of the entirety of even the most sensitive categories is accomplished quickly.”

So, what do you think?  Should the defendants have retained the right to manual review or should the plaintiffs’ proposed approach have been adopted?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Allows Costs for TIFF Conversion and OCR, Likens it to “Making Copies” – eDiscovery Case Law

In Kuznyetsov v. West Penn Allegheny Health Sys., No. 10-948 (W.D. Pa.Oct. 23, 2014), Pennsylvania Senior District Judge Donetta W. Ambrose upheld the Clerk of Courts issuance of Taxation of Costs for $60,890.97 in favor of the defendants and against the named the plaintiffs, including costs for “scanning and conversion of native files to the agreed-upon format for production of ESI”.

Case Background

The plaintiffs filed a collective action pursuant to §216(b) of the Fair Labor Standards Act (“FLSA”) against the defendants, which was ultimately decertified as Judge Ambrose ruled that the 824 opt-in plaintiffs were not similarly situated.  After that, the plaintiffs filed a Motion for Voluntary Dismissal, which Judge Ambrose granted, dismissing the claims of the opt-in Plaintiffs without prejudice and dismissing the claims of the named Plaintiffs with prejudice (the plaintiffs appealed and the Third Circuit dismissed the appeal for lack of jurisdiction).

On October 15, 2013, the defendants filed a Bill of Costs seeking a total of $78,561.77. On October 31, 2013, the Clerk of Courts filed a Letter calling for objections to the Bill of Costs, which was followed in January of this year by objections from the named plaintiffs (to which the Defendants filed a response). On August 1, the Clerk of Courts issued his Taxation of Costs in the amount of $60,890.97 in favor of Defendants and against the named Plaintiffs.

Judge’s Ruling

Stating that “Rule 54(d)(1) creates a strong presumption that costs are to be awarded to the prevailing party”, Judge Ambrose analyzed the costs as defined in 28 U.S.C. § 1920, including §1920(4), which covers “Fees for exemplification and the costs of making copies of any material where the copies are necessarily obtained for use in the case”.

Addressing the plaintiff’s contention that the costs awarded were for eDiscovery costs were not necessary and were awarded at unreasonably high rates and referencing the Race Tires case in her ruling, Judge Ambrose stated:

“With regard to unnecessary e-discovery costs and unreasonably high rates, Plaintiffs first argue that the costs associated with Optical Character Recognition (‘OCR’) were unnecessary…As Defendants point out, however, Plaintiffs requested the information be produced in, inter alia, OCR format…The ‘scanning and conversion of native files to the agreed-upon format for production of ESI constitutes `making copies of materials’ as pursuant to §1920(4)…Accordingly, I find the costs associated with OCR conversion are taxable.

Furthermore, I do not find the cost of 5 cents per page for TIFF services to be unreasonably high, nor do I find 24 cents per page for scanning paper documents to be unreasonably high…Consequently, I find not merit to this argument either.”

Rejecting the plaintiff’s arguments that “1) Defendants have unclean hands; 2) Plaintiffs are unable to pay the costs; and 3) it would be inequitable to force the three named Plaintiffs to pay the entire costs of defending against the claims of the opt-in Plaintiffs”, Judge Ambrose affirmed the amount of $60,890.97 in favor of Defendants.

So, what do you think?  Should the costs have been allowed for conversion of native files when they may have already been usable as is?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Twitter Might “Bug” You if You Want to Retrieve Archive Data – eDiscovery Best Practices
Thanks to the Google Alerts that I set up to send me new stories related to eDiscovery, I found an interesting blog post from an attorney that appears to shed light on an archival bug within Twitter that could affect people who may want to retrieve Twitter archival data for eDiscovery purposes.

In Erik J. Heels’ blog, his latest post (Twitter Bug Makes Tweet Archives Unreliable For eDiscovery), he starts by noting that his very first tweet of October 30, 2008 is no longer active on his site – his earliest tweet was dated September 5, 2010.  All attempts to try to locate the tweets were unsuccessful and customer service was no help.

After some digging, Erik found out that, on October 13, 2010, Twitter announced the “new Twitter” which included a new user interface.  As part of that revamping, Twitter changed the format for its status URLs (Tweets) so that the sequential number at the end of each Tweet (the Tweet ID) changed length, eventually doubling from nine digits in 2008 to 18 digits today (which supports up to one quintillion tweets).

Then, on December 12, 2012, Twitter announced that users could export archives of their Tweets (via your account’s Settings page).  The result is a nine field comma-separated values (CSV) file with information, including the tweet ID.  So, now you could retrieve your old tweets that were no longer actively stored, right?  Not necessarily.

As Erik found out, when he exported the file and went to retrieve old tweets, some of his tweet IDs actually pointed to other people’s tweets!  You can see the details of his tests in his blog post or via his 60 second YouTube video here.

Obviously, if you need to retrieve archived tweets for eDiscovery purposes, that’s not a good thing.

As it happens, CloudNine Discovery has our own Twitter account (@Cloud9Discovery) and has since August of 2009 (we were known as Trial Solutions back then), so I decided to run my own test and exported our archive.  Here’s what I found:

  • Our very first tweet was August 17, 2009 (Trial Solutions Ranks 2,830 on the Exclusive 2009 Inc. 5000).  It retrieved correctly.  The bit.ly link within the tweet isn’t hyperlinked, but if you copy and paste it into the browser address, it correctly retrieves (obviously, this will only be the case if the referenced web page still exists).
  • In fact, all of the early tweets that I tested retrieved with no problem.
  • Then, on December 1, 2010, I encountered the first tweet that didn’t retrieve correctly (one of our blog posts titled eDiscovery Project Management:  Effectively Manage Your Staff) with a tweet ID of 9924696560635900 (Full URL: https://twitter.com/Cloud9Discovery/status/9924696560635900).  It didn’t point to a different person’s tweet, it simply said “Sorry, that page doesn’t exist!”
  • From that point on, none of the tweets that I tried to retrieve would retrieve – all gave me the “page doesn’t exist” message.
  • I even tried to retrieve our tweet of yesterday’s blog post (Defendant Ordered to Produce Archived Emails Even Though Plaintiff Failed to Produce Theirs – eDiscovery Case Law) via the tweet ID provided in the archive file (535098008715538000).  Even it wouldn’t retrieve.  Wait a minute, what’s going on here!

I then retrieved our tweet of yesterday’s blog post by clicking on it directly within Twitter.  Here is the URL to the tweet with the ID at the end: https://twitter.com/Cloud9Discovery/status/535098008715538434.

See the problem?  The tweet IDs don’t match.

I ultimately determined that all of the tweet IDs provided in the archive file starting on December 1, 2010 end with two or more zeroes.  Starting on November 5, 2010, they all end with at least one zero.  When I started testing those, I re-created Erik’s problem:

Our tweet on November 29, 2010 titled eDiscovery Trends: Sanctions at an All-Time High, (tweet ID: 9199940811100160) actually retrieves a tweet by @aalyce titled @StylesFever snog liam marry louis and niall can take me out 😉 hehe.  Whoops!

It appears as though the archive file provided by Twitter is dropping all digits of the tweet ID after the fifteenth digit and replacing them with zeroes, effectively pointing to either an invalid or incorrect page and rendering the export effectively useless.  Hopefully, Twitter can fix it – we’ll see.  In the meantime, don’t rely on it and be prepared to address the issue if your case needs to retrieve archived data from Twitter.  Thanks, Erik, for the heads up!

So, what do you think?  Have you ever had to preserve or produce data from Twitter in litigation?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Defendant Ordered to Produce Archived Emails Even Though Plaintiff Failed to Produce Theirs – eDiscovery Case Law

In Finjan, Inc. v. Blue Coat Systems., 5:13-cv-03999-BLF (N.D. Cal. Oct. 17, 2014), California Magistrate Judge Paul S. Grewal granted the plaintiff’s motion ordering the defendant to produce relevant emails from its eight custodians, even though the plaintiff was unable to provide its own archival emails.

Case Background

As Judge Grewal stated “[t]o cut to the chase in this dispute over the scope and pace of Defendant Bluecoat Systems, Inc.’s document production in this patent infringement case”, the plaintiff moved to compel the defendant to produce email from eight custodians related to both technical documents and damages documents as well as damages testimony.  The defendant did not object to producing any of the technical discovery requested and raised only limited issues concerning the documents on damages, mostly objecting to producing custodial email from archival systems when the plaintiff was not able to do the same in return.

Each party agreed to identify eight custodians and ten terms per custodian for the other to search. The defendant did not dispute the relevance of either the custodians or search terms the plaintiff selected. But when the defendant learned that the plaintiff did not have former employees’ emails — except as produced in other litigations — the defendant balked at the idea that its custodians should have to turn over any email other than from active systems.

Judge’s Ruling

“Reduced to its essence, Rule 26(b)(2)(iii) requires this court to decide: have Blue Coat’s discovery responses been fair? Blue Coat’s discovery responses so far have largely been fair, but not entirely”, stated Judge Grewal.

Judge Grewal found that, with the exception of one document repository recently discovered (as acknowledged by defendant’s counsel), the defendant had completed its obligation regarding the technical document production.  Judge Grewal also ruled that the plaintiff “has identified no legitimate reason why it should be provided discovery on Blue Coat’s foreign sales or valuation on the whole”.  He also stated that the defendant “might reasonably be required to at least tell Finjan what the [third party] agreements are and the status of its efforts to secure consent.”

However, with regard to the archival email, Judge Grewal ruled as follows:

“Where Blue Coat has been less than fair is with respect to archival email for its eight custodians. Blue Coat may largely be in the right that it should not have to dig through legacy systems when Finjan is unable to the same for its custodians. But one party’s discovery shortcomings are rarely enough to justify another’s. And here, at least with respect to documents mentioning Finjan — the one specific category of documents Finjan could identify that it needed from archived email — Finjan’s request is reasonable.”

As a result, the defendant was ordered to “identify all license agreements whose production is awaiting third-party consent and the status of its efforts to secure that consent” within seven days and “produce all archival email from its eight designated custodians that mention Finjan and supplemental Interrogatories 5 and 6” within 21 days.

So, what do you think?  Should the defendant have to produce email when the plaintiff can’t do the same?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

More Organizations Have Data Breach Plans in Place, But More Are Reporting Data Breaches – eDiscovery Trends
You cannot talk about eDiscovery these days without talking about data security and breaches.  Bank of America, Home Depot and Target are just three examples of big name companies that have been hit by data breaches.  A recent study, conducted by the Ponemon Institute, shows that more organizations have data breach response plans and teams in place, yet more organizations are reporting at least one data breach in the past two years.

In this second annual study (Is Your Company Ready for a Big Data Breach?  The Second Annual Study on Data Breach Preparedness), sponsored by Experian® Data Breach Resolution, Ponemon Institute surveyed 567 executives in the United States about how prepared they think their companies are to respond to a data breach.  Here is a sampling of their key findings:

  • More companies have data breach response plans and teams in place. In 2014, 73% of companies had such a plan in place, up from 61% in last year’s study.  Also, more companies have teams to lead data breach response efforts – 72% of respondents, up from 67% last year.
  • Yet, data breaches have increased in frequency.  Last year, 33% of respondents said their company had a data breach involving the loss or theft of more than 1,000 records in the past two years. This year, the percentage has increased to 43%. Of those that experienced data breaches, 60% reported their company experienced more than one data breach in the past two years – up from 52% of respondents in 2013.
  • More companies have data breach response plans but they are not considered effective.  Despite the majority of companies having data breach plans, only 30% of respondents said their organizations are effective or very effective in developing and executing a data breach plan.
  • Maybe part of the reason is they don’t review their plans regularly.  Only 22% of respondents with data breach plans said their organizations review and update their plans at least yearly, with 41% of those respondents indicating no set time period for reviewing and updating the plan and 37% of those respondents having not reviewed or updated since the plan was put in place.

It’s also interesting to note that 17% of respondents were unsure whether their organization had a data breach in the past two years.  Really?  Well, at least that’s down from 22% in last year’s survey.

The 24 page report is chock-full of statistics and survey results and available here.  Thanks to Sharon Nelson and her always excellent Ride the Lightning blog for the tip.

So, what do you think? Does your organization have a plan for responding to data breaches?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

The Watergate 18 Minute Gap in Audio Recordings Has Nothing on This Case – eDiscovery Case Law

Anybody who remembers Watergate remembers the big deal made about an 18 1/2 minute gap in audio recordings reported by President Nixon’s secretary, Rose Mary Woods.  This case involves a gap in audio recordings much longer than that.

In Novick v. AXA Network, LLC, 07-CV-7767 (AKH) (KNF) (S.D.N.Y.Oct. 22, 2014), New York Magistrate Judge Kevin Nathaniel Fox granted the plaintiff’s request for sanctions against the defendant, awarding an adverse inference jury instruction for several weeks of spoliated audio recordings and also awarding “reasonable attorney’s fees and costs” associated with the motion as well as retaking several depositions.

Case Background

In this wrongful termination case, the plaintiff contended that the defendants committed several “strikes” justifying his request for sanctions, including spoliating audio recordings because “audio recordings from the time period August 28, 2006 through November 5, 2006 (approximately one-third of the entire time period ordered) are missing,” and “Defendants admit that they were likely erased and taped over” (per defendants letter to the plaintiff on October 25, 2013).  According to the plaintiff, “these recordings are from the most important time period of all – directly before and directly after Mr. Novick’s termination.”  The plaintiff also contended that the defendant had numerous deficiencies in their email production, where the defendant again made several promises to rectify the mistakes.

The defendants contended that “no responsive emails have been withheld and there is no evidence that any emails are missing.”  They did, however, “acknowledge that there are approximately eight weeks of audio recordings, within the period of time for which production of audio recordings was eventually ordered, that cannot be located or produced,” but “[t]his is not a new issue,” and the defendants advised plaintiff of it, on October 17, 2013, when the majority of the recordings were produced to him, and “[t]he fact that these weeks of recordings are missing constitutes the only real issue in plaintiff’s sanctions motion.”  The defendant also acknowledged that they “cannot now explain the absence of these recordings”.

Judge’s Ruling

Judge Fox stated that the court “determined that ‘[t]he defendants’ duty to preserve evidence arose when the plaintiff’s counsel notified the defendants, in the October 16, 2006 letter, that the audio recordings should be preserved because they may be relevant to future litigation’” and that the defendants conceded that “‘there are approximately eight weeks of audio recordings that are missing within the period for which defendants have been ordered to produce audio recordings,’ namely the period of August 28-31, 2006, and September 8-November 5, 2006, and they ‘have not been able to determine when, why or how these audio recordings came to be missing from the group of other audio recordings that were stored on DVDs and have been produced.’”  As a result, Judge Fox ruled that “the Court finds that the defendants spoliated relevant evidence, namely, audio recordings for the period August 28-31, 2006, and September 8-November 5, 2006”.

Judge Fox also noted that “Moreover, the defendants’ misconduct respecting the audio recordings was compounded by their deliberate and unjustified failure to search for and locate e-mail messages, as directed by the September 25, 2013 order. The defendants now admit that it was not until March 2014, that they realized that the Frontbridge archive was not searched for responsive documents, but contend this delay was ‘due to human error,’ without explaining what that error was or why they waited until March 2014 to conduct the investigation concerning the production of e-mail messages.”

As a result, Judge Fox Fox granted the plaintiff’s request for sanctions against the defendant, awarding an adverse inference jury instruction for the defendant’s actions and also awarding “reasonable attorney’s fees and costs” associated with the motion as well as retaking several depositions.

So, what do you think?  Did defense counsel’s quick reaction to the disclosure save the email’s privileged status?  Please share any comments you might have or if you’d like to know more about a particular topic.

BTW, we also covered a ruling on this case last year here.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Simply Deleting a File Doesn’t Mean It’s Gone – eDiscovery Best Practices
I seem to have picked up a bit of a bug and I’m on cold medicine, so my writing brain is a bit fuzzy.  As a result, so I’m revisiting a topic that has come up a few times over the years that we covered early on in the blog’s history.  I should be back in the saddle with new posts next week!

Disk drives use an index or table to keep track of where each file begins and ends on the disk.  You may have heard terms such as “FAT” (file allocation table) or NTFS ({Windows} NT File System) – these filing systems enable the file to be retrieved quickly on the drive.  They’re like a “directory” of all of the active files on the disk.  When a file is “deleted” (i.e., actually deleted, not just moved to the Recycle Bin), the data for that file isn’t actually removed from the disk (in most cases).  Instead, the entry pertaining to it is removed from the filing system.  As a result, the area on the disk where the actual data is located becomes unallocated space.

Unallocated space, also known as inactive data or drive free space, is the area of the drive not allocated to active data. On a Windows machine, deleted data is not actually destroyed, but the space on the drive that can be reused to store new information. Until the unallocated space is overwritten with new data, the old data remains.  This data can be retrieved (in most cases) using forensic techniques. On MAC O/S 10.5 and higher, there is an application that overwrites sectors when a file is deleted. This process more securely destroys data, but even then it may be possible to recover data out of unallocated space.

Because the unallocated space on a hard drive or server is that portion of the storage space to which data may be saved, it is also where many applications “temporarily” store files when they are in use. For instance, temporary Internet files are created when a user visits a web page, and these pages may be “cached” or temporarily stored in the unallocated space.  Rebooting a workstation or server can also clear some data from the unallocated space on its drive.

Since computers are dynamic and any computer operation may write data to the drive, it is nearly impossible to preserve data in the unallocated space on the hard drive and that data is not accessible without special software tools. To preserve data from the unallocated space of a hard drive, the data must be forensically collected, which basically copies the entire drive’s contents, including every sector (whether those sectors contain active data or not). Even then, data in the unallocated space may not be complete. Because the unallocated space is used to store new data, writing a new file may overwrite part of a deleted file, leaving only part of that file in the unallocated space.

Nonetheless, “deleted” files have been recovered, collected and produced in numerous lawsuits, despite efforts of some producing parties to destroy that evidence.

So, what do you think?  Have you ever recovered deleted data that was relevant to litigation?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

The Importance of Metadata – eDiscovery Best Practices

This topic came up today with a client that wanted information to help justify the request for production from opposing counsel in native file format, so it’s worth revisiting here…

If an electronic document is a “house” for information, then metadata could be considered the “deed” to that house. There is far more to explaining a house than simply the number of stories and the color of trim. It is the data that isn’t apparent to the naked eye that tells the rest of the story. For a house, the deed lines out the name of the buyer, the financier, and the closing date among heaps of other information that form the basis of the property. For an electronic document, it’s not just the content or formatting that holds the key to understanding it. Metadata, which is data about the document, contains information such as the user who created it, creation date, the edit history, and file type. Metadata often tells the rest of the story about the document and, therefore, is often a key focus of eDiscovery.

There are many different types of metadata and it is important to understand each with regard to requesting that metadata in opposing counsel productions and being prepared to produce it in your own productions.  Examples include:

  • Application Metadata: This is the data created by an application, such as Microsoft® Word, that pertains to the ESI (“Electronically Stored Information”) being addressed. It is embedded in the file and moves with it when copied, though copying may alter the application metadata.
  • Document Metadata: These are properties about a document that may not be viewable within the application that created it, but can often be seen through a “Properties” view (for example, Word tracks the author name and total editing time).
  • Email Metadata: Data about the email.  Sometimes, this metadata may not be immediately apparent within the email application that created it (e.g., date and time received). The amount of email metadata available varies depending on the email system utilized.  For example, Outlook has a metadata field that links messages in a thread together which can facilitate review – not all email applications have this data.
  • Embedded Metadata: This metadata is usually hidden; however, it can be a vitally important part of the ESI. Examples of embedded metadata are edit history or notes in a presentation file. These may only be viewable in the original, native file since it is not always extracted during processing and conversion to an image format.
  • File System Metadata: Data generated by the file system, such as Windows, to track key statistics about the file (e.g., name, size, location, etc.) which is usually stored externally from the file itself.
  • User-Added Metadata: Data created by a user while working with, reviewing, or copying a file (such as notes or tracked changes).
  • Vendor-Added Metadata: Data created and maintained by an eDiscovery vendor during processing of the native document.  Don’t be alarmed, it’s impossible to work with some file types without generating some metadata; for example, you can’t review and produce individual emails within a custodian’s Outlook PST file without generating those out as separate emails (either in Outlook MSG format or converted to an image format, such as TIFF or PDF).

Some metadata, such as user-added tracked changes or notes, could be work product that may affect whether a document is responsive or contains privileged information, so it’s important to consider that metadata during review, especially when producing in native format.

Here’s an example of one case where the production of metadata was ordered and an answer to the question “Is it Possible for a File to be Modified Before it is Created?” (you might be surprised at the answer).

So, what do you think? Have you been involved in cases where metadata was specifically requested as part of discovery? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Plaintiff Can’t “Pick” and Choose When it Comes to Privilege of Inadvertent Disclosures – eDiscovery Case Law

In Pick v. City of Remsen, C 13-4041-MWB (N.D. Iowa Sept. 15, 2014), Iowa District Judge Mark W. Bennett upheld the magistrate judge’s order directing the destruction of an inadvertently-produced privileged document, an email from defense counsel to some of the defendants, after affirming the magistrate judge’s analysis of the five-step analysis to determine whether privilege was waived.

Case Background

In this wrongful termination case, the plaintiff served a request for production of documents that included “all relevant non-privileged emails initiated by or received by the City of Remsen in regard to the Plaintiff and/or any of the issues set forth in Plaintiff’s complaint”.  Among the documents produced was an email, dated July 14, 2012, from defense counsel to Remsen Utility Board members and others discussing an upcoming Utility Board meeting.  Defense counsel learned of the email’s inadvertent disclosure on March 25, 2014, when the plaintiff served supplemental discovery responses on defense counsel and contacted plaintiff’s counsel within 34 minutes of the discovery.

Defense counsel asked that the email be destroyed. The plaintiff’s counsel suggested the email could be redacted to protect “advice relating to procedure,” but indicated he intended to rely on the remainder of the email unless ordered otherwise by the court.  The defendants’ filed a motion requesting that the court order the email’s destruction as an inadvertently produced privileged document, which the magistrate judge granted.

Judge’s Ruling

The Magistrate Judge, Leonard Strand, had applied the five-step analysis to determine the proper range of privilege to extend.  Those five factors were, as follows:

  1. The reasonableness of the precautions taken to prevent inadvertent disclosure in view of the extent of document production: Judge Strand found that the privileged email was “inconspicuously located among various non-privileged email messages”, which, based on the fact that defendants turned over to their counsel 440 pages of documents (including 183 pages of email messages, some pages of which contained more than one email), was upheld as “completely fair and accurate”;
  2. The number of inadvertent disclosures: Since there was only one inadvertent disclosure, Judge Bennett upheld the ruling as “not clearly erroneous”;
  3. The extent of the disclosures: Though the email was sent to six people, all six were privileged recipients of the email, so Judge Bennett upheld the ruling as “not clearly erroneous”;
  4. The promptness of measures taken to rectify the disclosure: Because defense counsel contacted plaintiff’s counsel just 34 minutes after learning of the email’s inadvertent disclosure and requested its destruction, Judge Bennett upheld the ruling as “not clearly erroneous”; and
  5. Whether the overriding interest of justice would be served by relieving the party of its error: Judge Strand, finding that the plaintiff “clearly has other evidence that he intends to rely on in support of his various claims”, ruled in favor of the defendant in this factor as well, which Judge Bennett upheld.

Judge Bennett summarized as follows: “The email is classic legal advice that should be protected by the attorney-client privilege…This interest of justice would be harmed here by permitting Pick to use the email at trial…Given the important nature of the attorney-client privilege and the manner in which the email was inadvertently disclosed, Judge Strand’s conclusion that the overriding interest in justice factor weighed against waiver is not clearly erroneous. Accordingly, Pick’s objection is overruled.”

So, what do you think?  Did defense counsel’s quick reaction to the disclosure save the email’s privileged status?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.