Close
Enter your
text here

Electronic Discovery

For Successful Discovery, Think Backwards – eDiscovery Best Practices

The Electronic Discovery Reference Model (EDRM) has become the standard model for the workflow of the process for handling electronically stored information (ESI) in discovery.  But, to succeed in discovery, regardless whether you’re the producing party or the receiving party, it might be helpful to think about the EDRM model backwards.

Why think backwards?

You can’t have a successful outcome without envisioning the successful outcome that you want to achieve.  The end of the discovery process includes the production and presentation stages, so it’s important to determine what you want to get out of those stages.  Let’s look at them.

Presentation

As a receiving party, it’s important to think about what types of evidence you need to support your case when presenting at depositions and at trial – this is the type of information that needs to be included in your production requests at the beginning of the case.

Production

The format of the ESI produced is important to both sides in the case.  For the receiving party, it’s important to get as much useful information included in the production as possible.  This includes metadata and searchable text for the produced documents, typically with an index or load file to facilitate loading into a review application.  The most useful form of production is native format files with all metadata preserved as used in the normal course of business.

For the producing party, it’s important to save costs, so it’s important to agree to a production format that minimizes production costs.  Converting files to an image based format (such as TIFF) adds costs, so producing in native format can be cost effective for the producing party as well.  It’s also important to determine how to handle issues such as privilege logs and redaction of privileged or confidential information.

Addressing production format issues up front will maximize cost savings and enable each party to get what they want out of the production of ESI.

Processing-Review-Analysis

It also pays to determine early in the process about decisions that affect processing, review and analysis.  How should exception files be handled?  What do you do about files that are infected with malware?  These are examples of issues that need to be decided up front to determine how processing will be handled.

As for review, the review tool being used may impact production specs in terms of how files are viewed and production of load files that are compatible with the review tool, among other considerations.  As for analysis, surely you test search terms to determine their effectiveness before you agree on those terms with opposing counsel, right?

Preservation-Collection-Identification

Long before you have to conduct preservation and collection for a case, you need to establish procedures for implementing and monitoring litigation holds, as well as prepare a data map to identify where corporate information is stored for identification, preservation and collection purposes.

As you can see, at the beginning of a case (and even before), it’s important to think backwards within the EDRM model to ensure a successful discovery process.  Decisions made at the beginning of the case affect the success of those latter stages, so don’t forget to think backwards!

So, what do you think?  What do you do at the beginning of a case to ensure success at the end?   Please share any comments you might have or if you’d like to know more about a particular topic.

P.S. — Notice anything different about the EDRM graphic?

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Leaving Your Hard Drives in a Rental House is Negligent, Court Rules – eDiscovery Best Practices

In Net-Com Services, Inc. v. Eupen Cable USA, Inc., No. CV 11-2553 JGB (SSx) (C.D. Cal. Aug. 5, 2013), the plaintiff’s destruction of evidence was negligent where its principal failed to take steps to preserve evidence he had stored in a home he rented to nonaffiliated lessees.

A principal of the plaintiff, Steve Moffatt, had custody and control over the company’s documents, which included its financial information. The company was using one accounting system but switched to another when it moved into a new location. When the employee looked for this data and could not find it, he assumed it had been “lost or stolen.” However, he did not report the loss to the company’s insurer or to the police.

Over the previous three years that the company was in operation, it was based in Moffatt’s home office. The company went out of business in October 2011, and as the company wound down, Moffatt stored all of the company’s computer hardware and software in his garage. Around that same time, in September or October 2011, Moffatt rented his home. The only precaution he took was to instruct his lessees not to throw any equipment or software away. Despite this instruction, he drove by the home either in September or October and noticed that the renters “had put a ‘big pile of office equipment and everything else in the front yard’” and were throwing them in dumpsters. As associate retrieved the computers’ hard drives from the renters’ trash in September 2011. The hard drives stored the company’s most recent accounting system; another back-up drive stored the same information, but it was most likely thrown out as well.

In 2012, during discovery, the court granted Eupen’s motion to compel “production of ‘missing accounting information,’ including financial data believed to be stored on purportedly ‘dead’ hard drives. Net-Com responded that the data “may no longer exist” and that its principals had had “no luck” accessing the information on the drives. The court ordered Net-Com to produce the missing information, aside from the company’s federal and state tax returns. It also required Net-Com “to produce ‘the computer hard drives containing potentially relevant ESI that Net-Com has been unable to restore’ to allow Eupen USA ‘to test Net-Com’s assertion that the information is inaccessible.’”

In July 2013, Eupen filed a motion for sanctions based on the loss of data and suggested that Net-Com “be precluded from offering evidence of its damages because its production of financial data was incomplete and insufficient due to the loss of information ‘allegedly contained on a computer hard drive that was apparently no longer functional.’” In response, Net-Com argued that no evidence existed that he hard drives had been “‘irreparably damaged’ such that their contents [were] irretrievable.’” The court declined to preclude the evidence but ordered Net-Com to send the hard drives to a vendor for forensic analysis.

Net-Com complied and submitted the drives to a vendor, Ai Networks. The vendor found “‘recoverable data on at least one of the hard drives,’” said it could retrieve it within three weeks, and estimated the cost to recover it would be between $2,000 and $3,000.

The court found that Net-Com’s duty to preserve arose at least by February 8, 2011, when it filed the lawsuit. The complaint alleged that Net-Com’s damages amounted to “millions of dollars”; therefore, the complaint placed the company’s financial and accounting data at issue. But “seven months after filing suit, Moffatt effectively abandoned the hardware and software containing Net-Com’s financial records by leaving the equipment and data in a garage in a house he rented out to third parties. Even if the eventual loss and destruction of evidence was not intentional, it was definitely negligent.”

The court found sanctions appropriate, noting that an adverse inference instruction is “‘adverse to the destroyer not because of any finding of moral culpability, but because the risk that the evidence would have been detrimental rather than favorable should fall on the party responsible for its loss.’” Although the court could not yet determine whether Eupen had been prejudiced, it ruled that Net-Com had to “bear the full cost of restoring and producing data on the hard drives” and ordered the company “to restore and produce any relevant data from the subject hard drives within fourteen days of the date of this Order.”

So, what do you think?  Were the sanctions severe enough?   Please share any comments you might have or if you’d like to know more about a particular topic.

Case Summary Source: Applied Discovery (free subscription required).  For eDiscovery news and best practices, check out the Applied Discovery Blog here.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Data Held Hostage by eDiscovery Provider! – eDiscovery Best Practices

On Monday
and Tuesday
of this week, we discussed 10 Things to
Know Before Moving eDiscovery to the Cloud, emphasizing the importance to
know where your data is located.  This
example illustrates the importance of that principle.

As reported by Robert Hilson in the Association of Certified E-Discovery
Specialists ® web site (Judge
eyes vendor contracts as ‘frightening’ ransoming of Glaxo data unfolds),
New York-based eDiscovery vendor Discovery Works Global has been accused of
holding hostage nearly four billion pages of data on behalf of its client, pharmaceutical
giant, GlaxoSmithKline.  Glaxo sued Discovery
Works and its CEO, Harry Debari, in January saying they withheld 20 terabytes
of sensitive information.

In a hearing on September 24, New York County state
Judge Shirley Werner Kornreich “ordered Discovery Works to provide a full
accounting by November 1 of all the Glaxo materials it has received. If it is
unable to do so, Glaxo may send its IT personnel to retrieve its data from
Discovery Works servers”.  As noted in
the article, “Judge Kornreich said representations by Discovery Works suggest
Glaxo data is dispersed randomly across its databases in raw uncoded form.
Retrieving it will take significant time and IT sources, she said.”

This is amid reports that Discovery Works is “said to
be insolvent” after “two recent judgments for more than $800,000 in New York state courts against Discovery Works for
unpaid invoices” and reports that the “telephone numbers listed on the
Discovery Works website have been disconnected”.

“It’s a frightening thought,” Judge Kornreich said.
“And a cautionary tale for anyone who uses a discovery vendor.”

Hilson’s article goes into more depth about this case
and provides some best practices for an organization using an eDiscovery vendor
to host its data, including insisting that all original materials provided to
the vendor are returned when the relationship is terminated and maintaining a
copy of all materials provided to the vendor.

Those are sound practices in dealing with an
eDiscovery vendor.  At CloudNine Discovery, we include in our
contracts with clients language giving them the option to request data
destruction, near ready retention or destruction of the data (with an export of
the data back to the client) once a project is concluded, so we cover the
handling of data whether or not our clients address it with us.

Judge Kornreich’s comments in her ruling make it seem
like this is a common occurrence, but, I have not seen any other instances
where eDiscovery hosting providers have behaved in such a manner, solvent or
insolvent, as Glaxo alleges that Discovery Works has done.  If you know of any other instances, feel free
to comment.  Nonetheless, it pays to make
sure that you protect yourself.  Know
where your data is located and have language in the contract that covers destruction
and return of the data at the conclusion of services.

So, what do you think?  How do you protect your online data?   Please share any comments you might have or
if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author,
and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational
purposes to provide general information about general eDiscovery principles and
not to provide specific legal advice applicable to any particular circumstance.
eDiscoveryDaily should not be used as a substitute for competent legal advice
from a lawyer you have retained and who has agreed to represent you.

Despite Missing and Scrambled Hard Drives, Court Denies Plaintiff’s Request for Sanctions – eDiscovery Case Law

In Anderson v. Sullivan, No. 1:07-cv-00111-SJM (W.D. Pa. 08/16/2013), a Pennsylvania court found “that no sanctions are warranted” despite the disappearance of one hard drive, “scrambling” of another hard drive and failure to produce several e-mails because the evidence was not relevant to the underlying claims and because there was no showing the defendants intentionally destroyed evidence.

In the underlying lawsuit, the plaintiff alleged that she was retaliated against by officials employed by, or associated with, the Millcreek Township School District (“MTSD”) because she made several whistleblower reports against the District and its top administrators, including Dean Maynard (MTSD’s former Superintendent) for violation of her First Amendment rights and the Pennsylvania Whistleblower Act.  In January of 2007, Maynard inadvertently sent an email to an MTSD teacher, instead of to the intended recipient.  The email allegedly revealed previously undisclosed personal relationships that Maynard had with two people he had recommended for employment with the District.  Maynard disclosed this letter to the School Board and an investigation ensued, where several computers were examined, including those of Maynard and the plaintiff.

As part of this examination, MTSD’s IT department removed the original hard drives from the targeted employees’ computers and replaced them with a new hard drive onto which the employee’s active files would be copied so that the laptop would function without interruption; however, the original hard drive from Maynard’s computer was lost.

When the new hard drive that was installed in Maynard’s computer was examined by Anderson’s expert in approximately June 2011, the expert discovered the hard drive was “scrambled” possibly by some type of wiping software.

At summary judgment, the court concluded that the plaintiff’s claims did not qualify as whistleblower reports under the PWA because they did not disclose any non-technical violation of law.  After her claims were dismissed on summary judgment, the plaintiff filed a motion for sanctions due to the disappearance of one hard drive, “scrambling” of a second hard drive, and withholding 44 pages of e-mails from a 10,000-page production to conceal that one of the hard drives was missing.  Although this court entered summary judgment in favor of all defendants, they retained jurisdiction to adjudicate the motion for sanctions.

Because the plaintiff’s claims were dismissed as a matter of law, the court found that sanctions were not warranted on either hard drive because they could not have contained relevant evidence.  The court also determined that there was a lack of evidence suggesting that evidence was intentionally destroyed.  With regard to the 44 pages of e-mails that were not produced, the court found there was nothing in the record to suggest they were intentionally withheld or even were relevant to the plaintiff’s claims.  So, the court denied the motion for sanctions.

So, what do you think?  Should the motion for sanctions have been granted?   Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Five More Things to Know Before Moving eDiscovery to the Cloud – eDiscovery Best Practices

Yesterday, we covered the first five items in Joel Jacob’s article in Information Management.com (10 Things to Know Before Moving E-Discovery to the Cloud), which provides an interesting checklist for those considering a move to cloud computing.  Here are the remaining five items, with some comments from me.

6. Assess potential – and realistic – risks associated with security, data privacy and data loss prevention.  The author notes the importance of assessing security risks, and, of course, it’s important to understand how the cloud provider handles security and that there are clear-cut policies and objectives in place.  It’s also important to compare the cloud provider’s security mechanisms to your own security mechanisms.  Any cloud provider “worth their salt” should have a comprehensive security plan that meets or exceeds that of most organizations.

7. Develop an implementation plan, including an internal communication strategy.  The author advocates getting legal and IT on the same page, testing and conducting a proof of concept on work procedures and identifying quantifiable metrics for evaluating the system/service.  All solid ideas.

8. Leverage the success or adoption of other SaaS solutions in the organization to lessen resistance.  The author notes that “process of moving to the cloud and/or moving e-discovery to the cloud will need to be driven through cultural change management”.  However, they already likely use several SaaS based solutions.  Here are some of the most popular ones: Amazon, Facebook, Twitter, eBay and YouTube.  Oh, and possibly Google Docs and SalesForce.com as well.  That should address resistance concerns.

9. Run a pilot on a small project before moving to larger, mission-critical matters.  The author advocates finding a test data set or dormant case that has known outcomes, and running it in the new cloud solution.  The cloud provider should enable you to do so via a no risk trial (shameless plug warning, here’s ours), so that you can truly try it before you buy it, with your own data.

10. Understand you are still the ultimate custodian of all electronically stored information.  As the author notes, “The data belongs to you, and the burden of controlling it falls on you. The Federal Rules of Civil Procedure state that no matter where the data is hosted, the company that owns it is ultimately responsible for it.”  That’s why it’s critical to address questions about where the data is stored and mechanisms for securing your company’s data.  If you can’t answer those questions to your satisfaction with the cloud provider you’re evaluating, perhaps they’re not the provider for you.

So, what do you think?  Have you implemented a SaaS based solution for eDiscovery?   Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

10 Things to Know Before Moving eDiscovery to the Cloud – eDiscovery Best Practices
 Software as a Service (SaaS) accounted for 49 percent of all eDiscovery software revenues tracked in 2011, according to Gartner’s report, Market Trends: Automated, Analytical Approaches Drive the Enterprise E-Discovery Software Market.  Joel Jacob’s article in Information Management.com (10 Things to Know Before Moving E-Discovery to the Cloud) provides an interesting checklist for those considering a move to cloud computing.  Here they are, with some comments from me.

1.     Actively involve all stakeholders across multiple departments.  The article promotes involving “as many stakeholders and members of management as possible, typically from legal, IT, compliance, security and any other department that may be impacted by a new model”.  Legal should also include outside counsel when appropriate – they will often be the heaviest users of the application, so it should be easy for them to learn and use.

2.     Document and define areas of potential cost savings.  Jacob advocates considering the eDiscovery process as defined by the Electronic Discovery Reference Model (EDRM).  It’s easy to forget some of the cost savings and benefits that cloud computing can offer – not only reduction or elimination of hardware and software costs, but also reduction or elimination of personnel to support in-house systems, as well.

3.     Evaluate the e-discovery platform first and the cloud options second.  Clearly, the eDiscovery platform must meet the needs of the organization and the users or it doesn’t matter where it’s located.  However, it seems counter-productive to spend time evaluating platforms that could be ruled out because of the cloud options.  At the very least, identify any cloud “deal breakers” and eliminate any platforms that don’t fit with the required cloud model.

4.     Benchmark your existing e-discovery processes including data upload, processing, review and export.  This, of course, assumes you have an existing solution that you are considering replacing.  You will compare those benchmarks to those of the potential cloud solution when you perform a small pilot project (as we will discuss in an upcoming step).  The eDiscovery platform that you choose should ideally give you the option to load and export your own data, as well as providing good or better turnaround by the vendor (when compared to your internal staff) for performing those same functions when needed.

5.     Learn the differences between public and private clouds.  As the article notes, “[c]ompanies need to understand where there [sic] data will go, how it is protected, and if it is secured according to any industry specific regulations that apply (e.g., HIPPA, Sarbanes-Oxley, etc.).”  It’s especially important to know where your data will go – if it’s stored internationally, access to it may be subject to different rules.  As for how it is protected, here is some more information regarding how data can be protected in a cloud environment.

Tomorrow, we will cover items 6 through 10 of the checklist.  Oh, the anticipation!

So, what do you think?  Have you implemented a SaaS based solution for eDiscovery?   Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Rejects Defendant’s “Ultra-Broad” Request, Denies Motion to Compel Production – eDiscovery Case Law
In NOLA Spice Designs, LLC v. Haydel Enters., Inc., No. 12-2515 (E.D. La. Aug. 2, 2013), Louisiana Magistrate Judge Joseph C. Wilkinson, Jr. denied a motion to compel a plaintiff and its principal (a third-party defendant) to produce their passwords and usernames for all websites with potentially relevant information and to compel a forensic examination of its computers.

In this trademark infringement case under the Lanham Act, the defendant moved to compel the plaintiff and its principal to produce “‘passwords and user names to all online websites related to the issues in this litigation, including social media, weblogs, financial information and records,’” and to “submit their computers to an exhaustive forensic examination . . . with ‘access to full electronic content [including] online pages and bank accounts, including without limitation, online postings, weblogs, and financial accounts, for a time period from October 13, 2009 to the present, including deleted and archived content.”

The plaintiff and its principal refused to disclose passwords and user names based on “privacy and confidentiality objections.”  While acknowledging that the defendant is correct in stating that “there is no protectable privacy or confidentiality interest in material posted or published on social media”, Judge Wilkinson noted that the defendant’s citation and arguments “miss the point”.  Judge Wilkinson stated that “ultra-broad request for computer passwords and user names poses privacy and confidentiality concerns that go far beyond published social media matters and would permit Haydel to roam freely through all manner of personal and financial data in cyberspace pertaining to” the plaintiff and its principal.

With regard to the request for forensic examination of the computers of the plaintiff and its principal, Judge Wilkinson acknowledged that such an examination is “within the scope of ESI discovery contemplated by Fed. R. Civ. P. 34(a)(1)(A).  However, “such requests are also subject to the proportionality limitations applicable to all discovery under Rule 26(b)(2)(C), including the prohibition of discovery that is unreasonably cumulative or duplicative or that could be obtained from some more convenient, less burdensome or less expensive source, or the benefit of which is outweighed by its burden or expense, when considering the needs of the case, the amount in controversy, the parties’ resources, the importance of the issues at stake and the importance of the proposed discovery to those issues.”  {emphasis added}

While “restrained and orderly computer forensic examinations” have been permitted when it’s been demonstrated that the producing party “has defaulted in its discovery obligations by unwillingness or failure to produce relevant information by more conventional means”, a party’s “mere skepticism that an opposing party has not produced all relevant information is not sufficient to warrant drastic electronic discovery measures”, added Judge Wilkinson.

As a result, Judge Wilkinson ruled that “this overly broad request seeking electronically stored information (ESI), which far exceeds the proportionality limits imposed by Fed. R. Civ. P. 26(b)(2)(C) – expressly made applicable to ESI by Rule 26(b)(2)(B) – is denied.” {emphasis added}

So, what do you think?  Did the defendant’s request exceed proportionality limits?   Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Can’t Agree on eDiscovery? Try Using an eMediator – eDiscovery Best Practices

The Rule 26(f) “meet and confer” conference is a requirement in Federal cases as of the rules changes of 2006 to the Federal Rules of Civil Procedure.  It enables the parties in a lawsuit to discuss discovery and create a plan for the sharing of information during and before trial.  But, what if you can’t agree on how discovery should be handled?  Considering using an “eMediator”!

Allison Skinner and Peter Vogel recently wrote an article in Law Technology News (E-Mediation Can Simplify E-Discovery Disputes) that discusses the idea of using mediation for resolving discovery disputes.  As they note in the article, “What do lawyers fight about most in a civil lawsuit? E-discovery. So, it makes sense that mediation is appropriate for resolving discovery disputes.”

Some key recommendations from the article:

  • Lawyers for the litigants should agree to an eMediation at the outset of the case to develop a discovery plan that maximizes efficiency, reducing time and cost for the discovery process.
  • Expect for the eMediator to request the organization’s CIO (or CTO), general counsel, and outside counsel to participate at the beginning of the lawsuit.
  • Topics for which the eMediator will help facilitate discussion include naming the proper email custodians, identifying electronic evidence, and determining which evidence should be preserved to avoid spoliation claims later.
  • Like other instances of mediation, the discussion in an eMediation is confidential, the parties are given an opportunity to discuss eDiscovery candidly.  Your team can disclose information about the evidence without fear that they will later be deposed on the issues discussed during the mediation.
  • Each party should prepare an “eMediation Statement” to provide details about the dispute to help the eMediator understand the issues.
  • Be prepared to discuss search terms, databases, available technology, forms of production, and other issues for creating an eDiscovery plan of action with the mediator.

As the article notes, an eMediator “should be trained and experienced not only in eDiscovery, but in alternative dispute resolution” (ADR).  Depending on the type of litigation, the eMediator may also need to “have specialized knowledge in a particular practice area”.

Training programs for ADR are available at the American College of E-Neutrals, the University of California Hastings College of the Law, the Organization of Legal Professionals and The Sedona Conference.

For more on requirements and topics for the meet and confer, click here and here.

So, what do you think?  Have you ever used mediation for discovery issues?   Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

A Model for Reducing Private Data – eDiscovery Best Practices

Since the Electronic Discovery Reference Model (EDRM) annual meeting just four short months ago in May, several EDRM projects (Metrics, Jobs, Data Set and the new Native Files project) have already announced new deliverables and/or requested feedback.  Now, the Data Set project has announced another new deliverable – a new Privacy Risk Reduction Model.

Announced in yesterday’s press release, the new model “is a process for reducing the volume of private, protected and risky data by using a series of steps applied in sequence as part of the information management, identification, preservation and collection phases” of the EDRM.  It “is used prior to producing or exporting data containing risky information such as privileged or proprietary information.”

The model uses a series of six steps applied in sequence with the middle four steps being performed as an iterative process until the amount of private information is reduced to a desirable level.  Here are the steps as described on the EDRM site:

  • Define Risk: Risk is initially identified by an organization by stakeholders who can quantify the specific risks a particular class or type of data may pose. For example, risky data may include personally identifiable information (PII) such as credit card numbers, attorney-client privileged communications or trade secrets.
  • Identify Available Data: Locations and types of risky data should be identified. Possible locations may include email repositories, backups, email and data archives, file shares, individual workstations and laptops, and portable storage devices. The quantity and type should also be specified.
  • Create Filters: Search methods and filters are created to ‘catch’ risky data. They may include keyword, data range, file type, subject line etc.
  • Run Filters: The filters are executed and the results evaluated for accuracy.
  • Verify Output: The data identified or captured by the filters is compared against the anticipated output. If the filters did not catch all the expected risky data, additional filters can be created or existing filters can be refined and the process run again. Additionally, the output from the filters may identify additional risky data or data sources in which case this new data should be subjected the risk reduction process.
  • Quarantine: After an acceptable amount of risky data has been identified through the process, it should be quarantined from the original data sets. This may be done through migration of non-risky data, or through extraction or deletion of the risky data from the original data set.

No EDRM model would be complete without a handy graphic to illustrate the process so, as you can see above, this model includes one that illustrates the steps as well as the risk-time continuum (not to be confused with the space-time continuum, relatively speaking)… 😉

Looks like a sound process, it will be interesting to see it in use.  Hopefully, it will enable the Data Set team to avoid some of the “controversy” experienced during the process of removing private data from the Enron data set.  Kudos to the Data Set team, including project co-leaders Michael Lappin, director of archiving strategy at Nuix, and Eric Robi, president of Elluma Discovery!

So, what do you think?  What do you think of the process?   Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Is a Blended Document Review Rate of $466 Per Hour Excessive? – eDiscovery Case Law

Remember when we raised the question as to whether it is time to ditch the per hour model for document review?  One of the cases we highlighted for perceived overbilling was ruled upon last month.

In the case In re Citigroup Inc. Securities Litigation, No. 09 MD 2070 (SHS), 07 Civ. 9901 (SHS) (S.D.N.Y. Aug. 1, 2013), New York District Judge Sidney H. Stein rejected as unreasonable the plaintiffs’ lead counsel’s proffered blended rate of more than $400 for contract attorneys—more than the blended rate charged for associate attorneys—most of whom were tasked with routine document review work.

In this securities fraud matter, a class of plaintiffs claimed Citigroup understated the risks of assets backed by subprime mortgages. After the parties settled the matter for $590 million, Judge Stein had to evaluate whether the settlement was “fair, reasonable, and adequate and what a reasonable fee for plaintiffs’ attorneys should be.” The court issued a preliminary approval of the settlement and certified the class. In his opinion, Judge Stein considered the plaintiffs’ motion for final approval of the settlement and allocation and the plaintiffs’ lead counsel’s motion for attorneys’ fees and costs of $97.5 million. After approving the settlement and allocation, Judge Stein decided that the plaintiffs’ counsel was entitled to a fee award and reimbursement of expenses but in an amount less than the lead counsel proposed.

One shareholder objected to the lead counsel’s billing practices, claiming the contract attorneys’ rates were exorbitant.

Judge Stein carefully scrutinized the contract attorneys’ proposed hourly rates “not only because those rates are overstated, but also because the total proposed lodestar for contract attorneys dwarfs that of the firm associates, counsel, and partners: $28.6 million for contract attorneys compared to a combined $17 million for all other attorneys.” The proposed blended hourly rate was $402 for firm associates and $632 for firm partners. However, the firm asked for contract attorney hourly rates as high as $550 with a blended rate of $466. The plaintiff explained that these “contract attorneys performed the work of, and have the qualifications of, law firm associates and so should be billed at rates commensurate with the rates of associates of similar experience levels.” In response, the complaining shareholder suggested that a more appropriate rate for contract attorneys would be significantly lower: “no reasonable paying client would accept a rate above $100 per hour.” (emphasis added)

Judge Stein rejected the plaintiffs’ argument that the contract attorneys should be billed at rates comparable to firm attorneys, citing authority that “clients generally pay less for the work of contract attorneys than for that of firm associates”:

“There is little excuse in this day and age for delegating document review (particularly primary review or first pass review) to anyone other than extremely low-cost, low-overhead temporary employees (read, contract attorneys)—and there is absolutely no excuse for paying those temporary, low-overhead employees $40 or $50 an hour and then marking up their pay ten times for billing purposes.”

Furthermore, “[o]nly a very few of the scores of contract attorneys here participated in depositions or supervised others’ work, while the vast majority spent their time reviewing documents.” Accordingly, the court decided the appropriate rate would be $200, taking into account the attorneys’ qualifications, work performed, and market rates.

For this and other reasons, the court found the lead counsel’s proposed lodestar “significantly overstated” and made a number of reductions. The reductions included the following amounts:

  • $7.5 million for document review by contract attorneys that happened after the parties agreed to settle; 20 of the contract attorneys were hired on or about the day of the settlement.
  • $12 million for reducing the blended hourly rate of contract attorneys from $466 to $200 for 45,300 hours, particularly where the bills reflected that these attorneys performed document review—not higher-level work—all day.
  • 10% off the “remaining balance to account for waste and inefficiency which, the Court concludes, a reasonable hypothetical client would not accept.”

As a result, the court awarded a reduced amount of $70.8 million in attorneys’ fees, or 12% of the $590 million common fund.

So, what do you think?  Was the requested amount excessive?   Please share any comments you might have or if you’d like to know more about a particular topic.

Case Summary Source: Applied Discovery (free subscription required).  For eDiscovery news and best practices, check out the Applied Discovery Blog here.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.