Close
Enter your
text here

Electronic Discovery

The DOJ is the Latest to Learn that Redactions Aren’t as Straightforward as You Think: eDiscovery Best Practices

I keep thinking that all attorneys, especially those in large corporations, large law firms and federal agencies, understand best practices associated with performing redactions.  Once again, I find that is evidently not the case.

According to Law360 (DOJ Redaction Flub May Undermine Libor Case, written by Jody Godoy, subscription required), U.S. Department of Justice lawyers made a potentially serious error in a Libor-rigging case against a former Deutsche Bank trader Wednesday when they mistakenly revealed the nature of testimony he was compelled to give to U.K. authorities in a separate probe.

According to the author, the DOJ partially redacted a motion to conceal the content of former Deutsche Bank trader Gavin Black’s testimony before the U.K. Financial Conduct Authority out of concern it could taint the DOJ’s Libor-rigging case against him. But the DOJ lawyers failed to properly excise the sensitive information until Law360 inquired about the faulty redactions last week.

The DOJ has since replaced the document — which was publicly available for more than 12 hours — with a properly redacted version, but the mistake had the potential to undermine their case against Black, especially in light of a July Second Circuit ruling in a similar Libor-rigging case, where they held that testimony compelled in the U.K. cannot be used in U.S. criminal cases and reversed two high-profile convictions. The reversal sent a strong warning to U.S. prosecutors working on cross-border cases.

The day the Second Circuit ruled in that case, Black notified U.S. District Judge Colleen McMahon that he would seek a “Kastigar” hearing in which the government would have to show that its case was developed independently from compelled interviews. The DOJ is fighting the request in large part on the basis that prosecutors on the case have been shielded from the material.  The DOJ asked the judge on Aug. 25 for permission to file a response to Black’s hearing request under partial seal. One reason is that compelled testimony is treated as “confidential” under British law and that the FCA had requested it not be publicly filed.  The attorneys at the DOJ’s criminal division who work separately from prosecutors on Black’s case also expressed concerns that a publicly filed document could expose the trial team or potential witnesses to the material.

Protecting the FCA testimony was crucial to the case against Black, particularly after the Second Circuit’s ruling reversing the convictions of Anthony Allen and Anthony Conti. The court found a witness may have been influenced by reading Allen’s and Conti’s statements, which were compelled under the threat of imprisonment.  The Second Circuit said that fact undermined the case entirely, as the statements were not admissible at trial nor in a grand jury proceeding but had potentially tainted a witness who testified at both.

In the unredacted portions of the brief, the DOJ argued Black is not entitled to a hearing for several reasons. One of them was that the DOJ had taken great pains not to expose its prosecution team to inadmissible material, including asking that the U.K. prosecutors not share any compelled statements with the team as the two countries’ authorities pursued parallel investigations.

In the inadequately redacted portions of the brief, the prosecutors described the content of Black’s interview with the FCA. One sentence was highlighted in black and written in a gray font that was clearly legible. Other portions of the brief were blocked out with what appeared to be black highlighting but were easily read by copying and pasting the contents of the brief into another text document. Word searches of the document returned text that was barely hidden behind the faulty redactions.

A DOJ spokesperson attributed the exposure of the information to “a technical error in the electronic redaction process” that allowed for “manipulation” of the file’s “metadata.”

While I don’t know the specifics, it sounds like the DOJ experienced the first redaction “failure” that I described in this blog post here.  Apparently, it still happens.

So, what do you think?  Are you aware of any other recent redaction “fails” that have become public knowledge?  (other than this one, of course).  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Nebraska is the Twenty Eighth State to Adopt Duty of Technology Competence: eDiscovery Trends

One of my favorite legal blogs is the LawSites blog by Bob Ambrogi.  Bob is a prolific blogger who writes several posts a week, not only on his LawSites blog, but also on MediaLaw, and he co-authors Law.com’s Legal Blog Watch, and cohosts the weekly legal-affairs podcast Lawyer2Lawyer.  And, he’s been doing it since 1993 (wow!).  Bob has also been keeping track of states that have adopted a duty of technology competence and he just reported that Nebraska has become the twenty eighth state to do so.

According to Bob, the Nebraska Supreme Courtadopted the amendmenton June 28, 2017.  It amends comment 6 to Nebraska Rule of Professional Conduct § 3-501.1 — the corollary to ABA Model Rule 1.1 on competence — to read as follows:

To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.

The italicized phrase is the same as the language that the ABA recommended in 2012 when it approved a change to the Model Rules of Professional Conduct to make clear that lawyers have a duty to be competent not only in the law and its practice, but also in technology.

While we’re up to 28 states, so far only two have apparently adopted a technology competence duty rule this year so far (Tennessee was the other state).  This after six states adopted such a rule last year and seven adopted one in 2015.  My rough graphic above has been updated to reflect the current states that have approved – still waiting for my home state of Texas to get with it.  Nonetheless, we are making progress, slowly but surely.  Thanks, Bob, for keeping track!

So, what do you think?  Are you aware of any other states that have adopted a duty of technology competence or working towards adopting one?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Here’s a Chance to Learn What You Need to Do When a Case is First Filed: eDiscovery Best Practices

The first days after a complaint is filed are critical to managing the eDiscovery requirements of the case efficiently and cost-effectively. With a scheduling order required within 120 days of the complaint and a Rule 26(f) “meet and confer” conference required at least 21 days before that, there’s a lot to do and a short time to do it. Where do you begin?

On Wednesday, September 27 at noon CST (1:00pm EST, 10:00am PST), CloudNine will conduct the webcast Holy ****, The Case is Filed! What Do I Do Now? (yes, that’s the actual title). In this one-hour webcast, we’ll take a look at the various issues to consider and decisions to be made to help you “get your ducks in a row” and successfully prepare for the Rule 26(f) “meet and confer” conference within the first 100 days after the case is filed. Topics include:

  • What You Should Consider Doing before a Case is Even Filed
  • Scoping the Discovery Effort
  • Identifying Employees Likely to Have Potentially Responsive ESI
  • Mapping Data within the Organization
  • Timing and Execution of the Litigation Hold
  • Handling of Inaccessible Data
  • Guidelines for Interviewing Custodians
  • Managing ESI Collection and Chain of Custody
  • Search Considerations and Preparation
  • Handling and Clawback of Privileged and Confidential Materials
  • Determining Required Format(s) for Production
  • Timing of Discovery Deliverables and Phased Discovery
  • Identifying eDiscovery Liaison and 30(b)(6) Witnesses
  • Available Resources and Checklists

I’ll be presenting the webcast, along with Tom O’Connor, who is now a Special Consultant to CloudNine!  If you follow our blog, you’re undoubtedly familiar with Tom as a leading eDiscovery thought leader (who we’ve interviewed several times over the years) and I’m excited to have Tom as a participant in this webcast!  To register for it, click here.

So, what do you think?  When a case is filed, do you have your eDiscovery “ducks in a row”?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Grants Defendant’s Request for $18.5 Million in Attorney Fees and Costs: eDiscovery Case Law

In Procaps S.A. v. Patheon Inc., 12-24356-CIV-GOODMAN, 2014 U.S. Dist. (S.D. Fla. Aug. 17, 2017), Florida District Judge Jonathan Goodman, in a very lengthy ruling, granted the defendant’s supplemental motion for attorney’s fees and non-taxable costs in the full amount requested of $18,494.846.

Case Background

In this case regarding an antitrust lawsuit filed by the plaintiff in which the defendant eventually won on summary judgment, the defendant filed a motion for costs and a motion for attorney’s fees and non-taxable costs.  The Court eventually entered an order on the defendant’s bill of taxable costs, awarding it a judgment of $173,480.80 in taxable costs.  After the plaintiff appealed, the Eleventh Circuit Court of Appeals affirmed the Court’s summary judgment ruling.  In doing so, the Eleventh Circuit explained that “at bottom, this is essentially a breach of contract case — and so Procaps’s failure to support an antitrust theory is not all that surprising.”

The defendant then filed, under seal, (after extensive briefing, a multi-hour hearing and motion practice on other legal issues) a Supplemental Motion for Attorney’s Fees and non-taxable costs, explaining that the revised total amount sought is $18,494,846.  In the defendant’s Supplemental Motion, while the defendant noted that it used higher hourly rates for fees incurred in 2016 and 2017 because its hourly rates increased over time, those rates still represented the 47.25% reduction off its primary law firm’s standard rates ordered by the Court.

Both parties agreed that the non-exhaustive list of discretionary factors that are considered when evaluating a Florida Deceptive and Unfair Trade Practices Act (FDUTPA) fee application was found in the case Humane Society of Broward County, Inc. v. Florida Humane Society, 951 So. 2d 966, 971-72 (Fla. 4th DCA 2007), which stated the factors as:

(1) the scope and history of the litigation; (2) the opposing party’s ability to satisfy the award; (3) whether an award would deter others from acting in similar circumstances; (4) the merits of the respective positions, including the degree of [Procaps’] culpability or bad faith; (5) whether the claim brought was not in subjective bad faith but was frivolous, unreasonable, or groundless; (6) whether the defense raised a defense mainly to frustrate or stall; and (7) whether the claim brought was to resolve a significant legal question under FDUTPA law.

Judge’s Ruling

Judge Goodman, in considering the first factor, noted that “Nothing was easy in this case. Nothing. Basically, the parties fought about anything and everything.”  He also observed that “Procaps largely based its FDUTPA claim on its antitrust claim theory and sought both damages and attorney’s fees under this count…It continued to press despite the Court’s warning that it might be liable for all of Patheon’s fees under FDUTPA.”  Judge Goodman, noting that “in December 2015, Patheon explained that Procaps’ market value was $238.9 million”, also ruled that the plaintiff “does have the ability to pay an $18.5 million judgment.”

Considering the plaintiff’s culpability or bad faith, Judge Goodman spent a lot of time on this issue, including time discussing alleged prior misconduct by the plaintiff’s lead counsel in another case.  While he stated that “the Court is not going to consider the Surgery Centers case and similarly will not specifically consider the 16 bad faith factors (from this case) and the alleged appellate-level misconduct asserted by Patheon”, he also stated that the “facts underlying the 16 bad faith factors are, for the most part, true or substantially true (sic). They happened. The Court knows that they happened (or substantially happened) because of its involvement in this case for the past four-and-a-half years.”

Ultimately, Judge Goodman determined that all the factors necessary to grant the fee request were present and stated that “the Court notes that even Procaps admits that the antitrust theory inherent in its FDUTPA claim was dependent on the success it had with the federal Sherman Act antitrust claim. Therefore, those federal claims concerned allegations of deceptive and unfair trade practices, which means that Patheon, as the prevailing party, is entitled to fees and costs for the entire action.”  As a result, Judge Goodman, determining that the defendant’s method for calculating the fees was proper, granted the defendant’s supplemental motion for attorney’s fees and non-taxable costs in the full amount requested of $18,494.846.

We’ve covered this case three other times previously – here are the three links to those previous rulings.

So, what do you think?  Is that a reasonable award, given all of the plaintiff’s alleged misconduct over the course of the case?  Please share any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Nominate Your Favorite Legal Blog at The Expert Institute: eDiscovery Trends

Do you have a favorite eDiscovery blog?  Or a favorite general legal blog?  If you do, here’s a chance to see it recognized as one of the best.

For the third year in a row, The Expert Institute is conducting its Best Legal Blog Contest.

From now until September 15th, legal blog fans can nominate their favorite blogs and bloggers for inclusion in the voting round of the competition by completing the form via the “Nominate a Blog” link on their site here. You’ll be expected to provide your name and email address, the name and URL of the blog and you can provide an optional description as to why the blog deserves to be nominated.  As with previous years, the nomination process is competitive, meaning the more nominations a blog receives, the more likely it is to be included in the public voting stage of the contest.

Once the contestants have been selected through the nomination process, the selected legal blogs will go head-to-head across nine different categories ranging from legal tech to criminal law. The blogs that receive the most votes will win a place in their Best Legal Blogs Hall of Fame (you can view the 2015 and 2016 winners here), while the three blogs that receive the most overall votes across all categories will win one of their three prizes.

The nomination period closes on September 15th at 12:00am (EDT), after which the nominations will be tallied and the contestants announced.

There are several excellent eDiscovery blogs out there and it would be great to see some of them make it through the nomination stage and at least one or two receive enough votes to be recognized as a top legal blog in legal tech.  So, if there’s one you like, feel free to nominate it!  Even if it’s eDiscovery Daily… :o)

Also, if you’ve been watching the news the past few days, you’ve seen the devastation in my hometown of Houston from Hurricane Harvey.  What can you do to help?  Consider donating online to the Houston Food Bank, Galveston County Food Bank or Corpus Christi Food Bank.  Or the Coastal Bend Disaster Recovery Group.  And, if you’re in the Houston area, you can volunteer at the American Red Cross here or by calling 713-526-8300.  Thanks for your help.

So, what do you think?  Do you have a favorite legal blog?  Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Daily will be back after the Labor Day holiday with a new post on Tuesday, September 5.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Ten Items to Keep in Mind When Considering Cloud Providers: Cybersecurity Best Practices

In my webcast discussion with Tom O’Connor yesterday, we had a terrific discussion of several pros and cons of both on-premise and off-premise (cloud) eDiscovery technology solutions as well as other factors to consider.  If you missed the webcast, you can check it out here.

While we talked about advantages of each approach, we also discussed how your overall eDiscovery solution could include both on-premises and cloud-based tools and mechanisms for a “best of breed” approach to meeting your eDiscovery needs.

But, if you’re considering a cloud solution, how do you know whether the solution(s) you’re considering have the security mechanisms your organization needs?

Earlier this week, Rocket Matter published an interesting post (written by Larry Port) that discussed vetting your cloud providers that might provide some insight.  While the article provided a link to the security standards developed by the Legal Cloud Computing Association (LCCA), it also provided a succinct list of ten items to address with your cloud provider to ensure that the provider can meet your needs.  Here they are:

  • You should own your data. The cloud provider should not own it.
  • You should be able to get your data out of a cloud system at any time in a usable format.
  • Encryption should be used to safeguard client information.
  • The cloud provider should be able to spell out their backup policies.
  • You need to determine who at the cloud provider has access to see your data and under what circumstances. You must be comfortable with the answer.
  • Find out if the company has had a breach before. If so, how did they respond to it?
  • What measures does the cloud company take to ensure cybersecurity on an operational level? In other words, aside from the application you’re spending money on, is the organization itself safe? Do they conduct background checks on employees? How do they manage passwords internally?
  • Does the application limit attempts to log in to prevent brute force and dictionary attacks?
  • Can you use two-factor authentication?
  • How does the company handle data destruction? It is important when you leave a service that copies of your data are not lying around.

This is a terrific list of guidelines to keep in mind when considering cloud providers and it’s a good idea to get an understanding of how they would address each of these areas.

Also, if you’ve been watching the news the past few days, you’ve seen the devastation in my hometown of Houston from Hurricane Harvey.  What can you do to help?  Consider donating online to the Houston Food Bank, Galveston County Food Bank or Corpus Christi Food Bank.  Or the Coastal Bend Disaster Recovery Group.  And, if you’re in the Houston area, you can volunteer at the American Red Cross here or by calling 713-526-8300.  Thanks for your help.

So, what do you think?  How do you evaluate cloud providers?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Today’s the Day to Learn Whether an On-Premise or Off-Premise Solution is Right For You: eDiscovery Best Practices

When consumers are considering their eDiscovery technology choices, there are more factors to consider today than ever. In addition to considering the functionality of the software application, you now also have to consider whether to buy or “rent” the application, how the software is delivered to you and whether it’s required to be within your firewall or can be an off-premises solution.

Today at noon CST (1:00pm EST, 10:00am PST), CloudNine will conduct the webcast On Premise or Off Premise? A Look at Security Approaches to eDiscovery.  This one-hour webcast will discuss different on-premise and off-premise eDiscovery solution options and considerations for each. Topics include:

  • Drivers for eDiscovery Technology Solution Decisions Today
  • eDiscovery Industry Market Trends and Their Relation to General Industry Trends
  • What Law Firms are Saying about the Technology
  • What Industry Analysts are Saying about the Technology
  • The Cloud vs. No Cloud Debate
  • Why Not All Cloud Solutions Are the Same
  • A Comparative Approach to eDiscovery Technology
  • Putting a Face on Solutions and Risks
  • Key Components of an eDiscovery Technology Solution

I’ll be presenting the webcast, along with (for the first time) Tom O’Connor, who is now a Special Consultant to CloudNine!  If you follow our blog, you’re undoubtedly familiar with Tom as a leading eDiscovery thought leader (who we’ve interviewed several times over the years) and I’m excited to have Tom as a participant in this webcast!  To register for it, click here.

Also, if you’ve been watching the news the past few days, you’ve seen the devastation in my hometown of Houston from Hurricane Harvey.  What can you do to help?  Consider donating online to the Houston Food Bank, Galveston County Food Bank or Corpus Christi Food Bank.  Or the Coastal Bend Disaster Recovery Group.  And, if you’re in the Houston area, you can volunteer at the American Red Cross here or by calling 713-526-8300.  Thanks for your help.

So, what do you think?  Do you use on-premise, off-premise or a combination for your eDiscovery solution(s)?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Defendant’s Request for Social Media Data is Reasonably Calculated to Be Overbroad: eDiscovery Case Law

In Ehrenberg v. State Farm Mut. Auto. Ins. Co., No. 16-17269 (E.D. La. Aug. 18, 2017), Louisiana Magistrate Judge Janis van Meerveld, rejecting the defendant’s request for the plaintiff’s social media data as “reasonably calculated to lead to the discovery of admissible evidence”, identified a level of social media data to be produced by the plaintiff that considered “weighing relevance and proportionality”.

Case Background

In this case where the plaintiff sued the defendant for additional damages to compensate her for all of her injuries and losses sustained when she was struck by a motor vehicle, after learning of numerous vacations taken by the plaintiff, the defendant requested complete social media data (“a complete copy of your post-accident…data link from your…account, including but not limited to messages, photos, wall posts, friends posts, your posts, metadata associated with photos, etc.) from the plaintiff’s Facebook, Twitter and Instagram accounts.  The defendant filed a Motion to Compel when the plaintiff objected to the requests as “invasion of privacy and not relevant”.

Judge’s Ruling

Judge van Meerveld began her analysis by pointing out the defendant’s request was not in line with current rules:

“Although State Farm focuses its briefing on whether its requests are ‘reasonably calculated to lead to the discovery of admissible evidence,’ the Court must point out that this phrase does not guide the scope of discovery. The amendments to the Federal Rules of Civil Procedure that went into effect in December 2015 deleted this language from Rule 26. That Rule now provides that ‘parties may obtain discovery regarding any nonprivileged matter that is relevant to any party’s claim or defense and proportional to the needs of the case.’” 

Judge van Meerveld also noted that “In addition to being relevant, discovery must be proportional to the needs of the case.”  With that in mind, she ruled that “after weighing relevance and proportionality, including privacy considerations, as to Ms. Ehrenberg’s Facebook, Twitter, and Instagram accounts, the Court finds discoverable the following categories of information from the date of the alleged accident through the present:

  1. Posts or photos that refer or relate to the accident.
  2. Posts or photos that refer or relate to physical injuries that Ms. Ehrenberg alleges she sustained as a result of the accident and any treatment she received therefore.
  3. Posts or photos that refer or relate to other, unrelated physical injuries suffered or sustained by Ms. Ehrenberg.
  4. Posts or photos reflecting physical activity by Ms. Ehrenberg and/or which reflect a physical capability of Ms. Ehrenberg.
  5. Posts or photos that refer or relate to emotional distress or mental anguish that Ms. Ehrenberg alleges she sustained as a result of the accident and any treatment she received therefore.
  6. Posts or photos that refer or relate to any alternative potential emotional stressors experienced by Ms. Ehrenberg.
  7. Posts or photos that refer or relate to any vacations taken by Ms. Ehrenberg, including but not limited to the specific vacations referred to by State Farm in its Motion to Compel.”

Judge van Meerveld also stated that if the defendant were to discover evidence that the plaintiff had deleted social media posts (which the defendant had suggested happened), then “it may return to the Court to request relief.”

So, what do you think?  What should courts do (if anything) to make sure parties know the current Rules?  Please share any comments you might have or if you’d like to know more about a particular topic.

If you’ve been watching the news the past few days, you’ve seen the devastation in my hometown of Houston from Hurricane Harvey.  What can you do to help?  Consider donating online to the Houston Food Bank, Galveston County Food Bank or Corpus Christi Food Bank.  Or the Coastal Bend Disaster Recovery Group.  And, if you’re in the Houston area, you can volunteer at the American Red Cross here or by calling 713-526-8300.  Thanks for your help.

Case opinion link courtesy of eDiscovery Assistant.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

I Rarely Do This, But Today’s Post is Not About eDiscovery

Late last week, when several of us knew that Hurricane Harvey was bearing down on Texas and was expected to cause major flooding in the Houston area, a friend of mine made a joke on Facebook about seeing a six foot rabbit in the Gulf of Mexico.  It was a great Jimmy Stewart reference and a clever joke.

But, Hurricane Harvey has been no joke.  When the TV weather people (as early as mid-week last week) talked about major flooding and as much as 25 to 35 inches of rain expected on and near the Texas Gulf Coast, many people scoffed and figured that the TV news stations (as they often do with weather events like this) we’re overreacting and that it wasn’t going to be as bad as they predicted.

They were right.  It appears to be much worse than they predicted.  And, it may not be over for days yet.

According to The Weather Channel, over 27 inches of rain fell in southeastern Harris County (where Houston is located) from early Friday morning (as Hurricane Harvey approached and eventually made landfall that night) through early Sunday morning.  It has rained most of Sunday throughout the area as well.  The current prediction (as of 6:30pm on Sunday) is as much as 50 inches of rain total and Harvey may dump rain on some part of Texas for as many as 9 days.  It’s unprecedented.

When you get that much rain, obviously there is widespread flooding.  Here are just a few pictures, courtesy of Reuters, to give you a little sense of what’s going on here.

Flights at both Houston airports are grounded at least through tomorrow and probably longer.  Most Houston area school districts are out all week.  And, flooding even knocked our CBS affiliate (KHOU Channel 11) for most of the day so far (not back on the air as of 6:30pm after going off the air at around 10am).  But, not before a Channel 11 reporter flagged down a Harris County Sheriff to rescue a man from his flooded 18 wheeler truck (footage of both events here).

How extensive is the property damage?  Insurance experts have warned that flood damage across Texas from the bad weather may equal or exceed the trail of destruction left by Hurricane Katrina in 2005, which was the most expensive natural disaster in US history.  It’s not a record you want to set.

Thankfully, there have been few deaths, only 3 reported to date.  But, tens (if not hundreds) of thousands have experienced flood damage and had to evacuate.  And, more still may, given that we expect to continue to receive rain for the next two to three days at least.

What can you do to help?  Consider donating online to the Houston Food Bank, Galveston County Food Bank or Corpus Christi Food Bank.  Or the Coastal Bend Disaster Recovery Group.  And, if you’re in the Houston area, you can volunteer at the American Red Cross here or by calling 713-526-8300.  Several in the Houston area have already donated their time and helped with boats to evacuate those stranded by flooding.  It’s just one of the signs of what makes our city so great — Houstonians helping each other.

Stay safe, Houstonians!

Hopefully, we’ll be back to a regular eDiscovery post tomorrow.

Top Image Copyright (C) Universal International Pictures.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Lessons to Be Learned from the Wells Fargo eDiscovery Inadvertent Disclosure: eDiscovery Best Practices

When you’re a lawyer and you find out that you’ve inadvertently produced client confidential information in litigation, it’s a bad day.  When you find out that confidential information is personal information on thousands of the most wealthy investors in your client’s portfolio, it’s an even worse day.  And, when you find out that disclosure is being covered by The New York Times, it’s a lawyer’s worst nightmare.

Such is the story of Angela A. Turiano, a lawyer with Bressler, Amery & Ross, an outside law firm of Wells Fargo based in New Jersey.  In response to a New Jersey court case involving a dispute between ex-Wells Fargo employee Gary Sinderbrand and his brother who also worked there, Turiano inadvertently produced tens of thousands of client names, Social Security numbers, account balances and more.  This was on behalf of Wells Fargo as a third party to the New Jersey court case.

The documents and spreadsheets containing client information were originally provided to Aaron Miller, Sinderbrand’s lawyer in the New Jersey case on July 8 (according to the New York Times article linked below).  Miller later shared knowledge of what the documents contained to Aaron Zeisler, who is representing Sinderbrand in a New York case against Wells Fargo Advisors.  Miller notified Turiano of the disclosure of confidential information on July 20 (according to her affirmation filed with the New York Supreme Court on July 24).  The following day, the Times article was published with quotes from both Zeisler and Gary Sinderbrand, detailing the disclosure.  After Wells Fargo asked the NY and NJ courts to intervene, lawyers for Gary Sinderbrand were ordered to hand back over the data on July 26.

In Turiano’s affirmation, she described how the inadvertent disclosure evidently happened.  It’s based on this description of events that I offer up some suggestions about ways to avoid the scenario.  Here is the description provided by Turiano in paragraph 3 from the affirmation as to how the disclosure happened (I have put in bold a few key points that I reference below):

“Based upon my discussion with Mr. Miller, Wells Fargo agreed to conduct a search of four custodians’ email boxes using designated search terms.  Wells Fargo, like many large corporations, uses an outside e-discovery service to conduct e-mail searches.  The vendor conducted the search and, upon completion, I personally conducted a review of the voluminous search results to exclude from production any e-mails containing confidential or privileged information.  Specifically, using the vendor’s e-discovery software, I reviewed what I thought was the complete search results and for documents that contained confidential or privileged information, I thought I marked them as confidential or privileged.  I then coordinated with the vendor with both written instructions and by telephone and instructed the vendor to produce the emails in the database that I had marked, but that the vendor should withhold from the production anything that I tagged privileged-withhold and confidential and client-information withhold.  What I did not realize, was that there were documents that I had not reviewed.  Unbeknownst to me, the view I was using to conduct the review had a set limit of documents that it showed at one time.  Thus, I thought I was reviewing a complete set, when in fact, I only reviewed the first thousand documents.  I thus inadvertently provided documents that had not been reviewed by me for confidentiality and privilege.  In addition, it was my understanding that the vendor was going to apply redactions for documents I flagged as needing redactions.  Thus, I thought that responsive documents that contained confidential information would be redacted prior to production.  The documents, however, were not redacted prior to production.  I realize now that I misunderstood the role of the vendor.  Finally, I now understand that I may have miscoded some documents during my review.”

As a vendor, here are some of the things I would be doing to avoid the situation:

Communicate Search Results Completely and Clearly: I’m frequently asked to perform searches on behalf of clients and I always document the search results clearly in a spreadsheet with total documents retrieved for each term and a grand total of documents retrieved from all of the terms.  I also communicate that to the client clearly in an email, reiterating (in the email) the total count of documents retrieved via the searches (and usually follow up via phone as well).  I can’t say that the vendor didn’t do that here (maybe they did and the attorney glossed over – or forgot – the info), but a clear communication of search results may have helped ensure that Turiano had the correct count of documents and led her to realize that there were more documents than displayed on the first page of the eDiscovery software program.  It’s also important to realize that most (if not all) eDiscovery software applications deliver result sets in manageable batches of documents for efficiency sake – nobody wants to wait for all the data to load for 100,000 documents retrieved in a large search result – so the applications deliver the results in pages or batches.

Track Documents Reviewed and Report Anomalies: In a project where you know that the attorney is reviewing all retrieved documents for confidentiality and privilege, it’s good to track the documents actually reviewed and be able to report if there is an anomaly.  This could be done either by setting a specific field to mark a document as “Reviewed”.  Or it could be done via audit log tracking within the software.  Regardless, if either was done here, the vendor could have then informed the attorney that there were documents not reviewed and the mistake could have been discovered.

Confirm Documents Tagged for Redaction Were Actually Redacted: The workflow when dealing with native ESI is typically to flag documents that need redaction (which the attorney apparently did, at least for the documents she reviewed), then for the vendor to convert those native files to image format, then for the attorney to apply the redactions.  It doesn’t appear that the last two steps actually happened.  I’m not sure how the attorney expected the vendor to apply redactions simply based on a tag of “needs redactions” unless there was also a description field with a detailed description of where – even then, most vendors would still expect the attorney to ultimately apply them.  One check that should always be made before ESI is produced is to confirm that redactions were properly applied and if documents were tagged for redaction, there should be a step to make sure that they were actually redacted.  That’s a production QC step that should always be done before signing off on the production (by both vendor and attorney).

Perform a Pattern Search for Personally Identifiable Information (PII): With data privacy becoming more important than ever and GDPR looming, it’s becoming necessary to do more than just manual review to identify potential personal data – after all, people make mistakes.  Pattern searches are specialized searches, looking for specific types of information, such as 3 digits, then 2 digits, then 4 digits (i.e., the pattern for a social security number).  Searches for other patterns, like client account numbers or credit card numbers, could also be performed to determine whether personal data exists in the production set, which may need to be redacted or removed altogether.

Recognize When Your Client Needs More Hand Holding: Some attorneys are experienced and tech-savvy with regards to eDiscovery and want to drive the process, others are not.  Based on the description of events, I would suggest that this attorney was not very experienced in eDiscovery matters or in using eDiscovery software.  When that’s the case, it’s important for the vendor to be prepared to take more of a lead in driving the production QC and raising issues like those I discussed above.  As Turiano stated, “I realize now that I misunderstood the role of the vendor.”  Evidently, there was certainly a lack of communication on who was “driving the bus” on this production – when that’s the case, “the bus” tends to end up in a ditch.

So, what do you think?  What steps do you take to avoid inadvertent disclosures?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.