Close
Enter your
text here

Identification

eDiscovery Best Practices: Data Mapping Doesn’t Have to be Complicated
 

Some time ago, we talked about the importance of preparing a data map of your organization’s data to be ready when litigation strikes.

Back then, we talked about four steps to create and maintain an effective data map, including:

  • Obtaining early “buy-in” with various departments throughout the organization;
  • Document and educate to develop logical and comprehensive practices for managing data;
  • Communicate regularly so that new data stores (or changes to existing ones) can be addressed as they occur;
  • Update periodically to keep up with changes in technology that create new data sources.

The data map itself doesn’t have to be complicated.  It can be as simple as a spreadsheet (or series of spreadsheets, one for each department or custodian, depending on what level of information is likely to be requested).  Here are examples of types of information that you might see in a typical data map spreadsheet:

  • Type of Data: Prepare a list and continue to add to it to ensure all of the types or data are considered.  These can include email, work product documents, voice mail, databases, web site, social media content, hard copy documents, and any other type of data in use within your organization.
  • Department/Custodian: A data map is no good unless you identify the department or custodian responsible for the data.  Some of these may be kept by IT (e.g., Exchange servers for the entire organization) while others could be down to the individual level (e.g., Access databases kept on an individual’s laptop).
  • Storage Classification: The method(s) by which the data is stored by the department or custodian is important to track.  You’ll typically have Online, Nearline, Offline and Inaccessible Data.  A type of data can apply to multiple or even all storage classifications.  For example, email can be stored Online in Exchange servers, Nearline in an email archiving system, Offline in backup tapes and Inaccessible in a legacy format.  Therefore, you’ll need a column in your spreadsheet for each storage classification.
  • Retention Policy: Track the normal retention policy for each type of data stored by each department of custodian (e.g., retain email for 5 years).  While a spreadsheet won’t automatically identify when specific data is “expired”, a regular process of looking for data older than the retention time period will enable your organization to purge “expired” data.
  • Litigation Hold Applied: Unless of course, that data is subject to an active litigation hold.  If so, you’ll want to identify the case(s) for which the hold is applied and be prepared to update to remove those cases from the list once the hold obligation is released.  If all holds are released on normally “expired” data and no additional hold obligations are expected, that may be the opportunity to purge that data.
  • Last Update Date: It’s always a good idea to keep track of when the information in the data map was last updated.  If it’s been a while since that last update, it might be time to coordinate with that department or custodian to bring their portion of the data map current.

As you see, a fairly simple 9 or 10 column spreadsheet might be all you need to start gathering information about the data stores in your organization.

So, what do you think?  Has your organization implemented a data mapping program?  If not, why not? Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Trends: NY Times Says US Government Has Its Head in the Clouds
 

No, this isn’t a post bashing our government – you can find plenty of articles on the web for that!  😉

As noted a few months ago, Forrester and Gartner have predicted big growth for the cloud computing industry, with Forrester predicting nearly a six-fold growth in nine years.  Many organizations are finding that cloud computing solutions, including Software-as-a-Service (SaaS) solutions for using applications over the web, are saving those organizations significant costs over the costs of having to provide their own software, hardware and infrastructure.  In eDiscovery, these SaaS solutions support every phase of the EDRM life cycle, from Identification to Presentation.

Earlier this week, the New York Times published an article entitled Tight Budget? Look to the ‘Cloud’, written by Vivek Kundra, the Obama administration’s chief information officer from 2009 until earlier this month.  Mr. Kundra noted that there were “vast inefficiencies” in the $80 billion federal IT budget when he took office, and that the Defense Department spent $850 million over ten years on one personnel system alone.

In response, Kundra and his staff instituted a “Cloud First” policy, which advocates the adoption of cloud computing solutions by government agencies.  It even went as far as to mandate the transition of at least three projects for every agency to the cloud by next summer.  As a result, some agencies, such as the General Services Administration, have embraced cloud computing and cut IT costs on some systems by over 50 percent.

Some agencies, like the State Department, have balked at the transition to the cloud, citing security concerns.  However, Kundra notes that “cloud computing is often far more secure than traditional computing, because companies…can attract and retain cyber-security personnel of a higher quality than many governmental agencies”.  Here is an example of the security associated with cloud based solutions, using the facility used by CloudNineDiscovery (formerly Trial Solutions).  As you will see, there are numerous mechanisms to secure sensitive client data.

Kundra notes that a shift to cloud-based services in health care alone to achieve a 1 percent productivity increase over ten years would result in a $300 billion savings.  Noting significant growth in cloud computing in Japan and India, he advocates the creation of a global Cloud First policy to enable nations to determine how the flow of information internationally should be handled, leading to global efficiencies.

So, what do you think? Do you use any cloud based solutions in managing your discovery needs?  Please share any comments you might have or if you'd like to know more about a particular topic.

Full disclosure: I work for CloudNine Discovery (formerly Trial Solutions), which provides SaaS-based eDiscovery review applications FirstPass® (for first pass review) and OnDemand® (for linear review and production).  Our clients’ data is hosted in a secured Tier 4 Data Center in Houston, Texas.

Have a Happy Labor Day!

eDiscovery Trends: A Site Designed to Facilitate Meet and Confer Conferences
 

The past two days, we discussed the basics of the Rule 26(f) “meet and confer” conference and details regarding the topics to discuss during that conference.  Hopefully, you found that review informative.

Now, as noted in a recent Law Technology News article by Sean Doherty, there’s a web application to facilitate the process to prepare for and conduct the Rule 26(f) conference.

MeetandConfer.com, provided by 26F LLC, was created to help attorneys prepare for court mandated “meet and confer” meetings.  The application is designed for law firms and corporate clients to help them determine the content, scope, and extent of ESI associated with the case.  There are four modules to coordinate the process, as follows:

  • Manage Enterprise Information: Enables users to map out organizational information, allowing all parties to understand where potentially relevant ESI is located, policies and practices associated with the ESI, and who is responsible for the ESI.  This module also enables various aspects of the organization to be documented, including backup policies and disaster recovery plans.
  • Matter Scoping: Enables users to track the various matters, and, for each matter, it enables users to track custodians and generate surveys to gather information about the locations of potentially responsive ESI.
  • Meet and Confer: Allows attorneys to define essential ESI needs for both parties while projecting a budget to identify, collect and process the data.  This module also provides a mechanism for computer-aided video conferencing (which can be facilitated by an independent mediator) to actually conduct the conference.
  • System Administration: Supports the creation of clients and users and establish rights for each user group.

Sean’s article mentioned above goes into more detail into each module, reflecting his “hands on” experience in “test driving” the application.  MeetandConfer.com is offering a free one month trial to “qualified” users (i.e., attorneys and judges), with the monthly rate of $149 per user to be billed after the free trial.

So, what do you think? Would an application like this make it easier to fully prepare for “meet and confer” conferences? Would you consider using such an application?  Please share any comments you might have or if you'd like to know more about a particular topic.

eDiscovery Rules: ESI Topics of the "Meet and Confer"
 

Yesterday, we talked about the basics of the Rule 26(f) “meet and confer” conference, Today, let’s go into more detail about the topics that are typically covered during the “meet and confer”, and why.

The "meet and confer" conference focuses on the exchange of information regarding discovery and the creation of a comprehensive plan that will govern the sharing and privilege of ESI. Accordingly, the requirements of this meeting specify discussion of the following topics:

  • Initial Disclosures: This exchange may be specific and detailed or very basic, depending on the needs of the case and the attorney's agendas. Proposed changes to the requirements, timing, or form of these disclosures may be discussed.
  • Topics on which Discovery may be Needed: It may be easy to agree on subjects for which discovery is necessary, or it may require prolonged discussion to reach an accord. In some instances, time and expense can be saved by beginning with a single area and later expanding discovery to include other topics, if necessary. Known as "phased discovery", this can be a very effective choice, as long as it is conducted in a way that does not require duplication of effort in later phases.
  • Format of Production of ESI: Although the actual discovery process may be conducted over weeks or even months after the conference, it's important to agree now on the format of production to prevent parties from accidentally converting files into a type that will later prove to be inconvenient or result in loss of data. This is especially important if one party has a request for a particular format.
  • Privilege, Inadvertent Disclosure, and Protective Orders: Although we all strive to prevent disclosure of privileged information, it's important to discuss in advance the possible implications and a process for dealing with such an eventuality, if it should occur.
  • Potential Deviations from Discovery Rules Requirements: In some cases, opposing attorneys will agree that they can accomplish discovery in fewer depositions than specified by Federal Rules or local rules. If so, this discussion and any related proposals should be part of the "meet and confer" conference so they can be incorporated into the discovery plan.
  • Any Other Orders or Concerns about Discovery: From discovery agreements to questions or requests, almost any topic related to eDiscovery can be part of the "meet and confer" conference.

To get the most out of the "meet and confer," and to save time and expense, most attorneys will prepare an extensive agenda of the topics for discussion in advance of the meeting itself. Although there are many other topics that may be included in the conference, this list covers key requirements of the Rule 26(f) "meet and confer" conference and the discovery plan to be created there.

So, what do you think? Did you learn something that you didn’t already know about the Rule 26(f) "meet and confer" conference?  If so, then we accomplished our goal! Please share any comments you might have or if you'd like to know more about a particular topic.

eDiscovery Rules: What's Really Required for the "Meet and Confer"?
 

Almost any litigation professional who works with eDiscovery is aware of the Rule 26(f) "meet and confer" conference, but many don't fully understand its parameters and how it affects ESI. What exactly is the "meet and confer" and what are some of its implications in regard to eDiscovery?

What is the "Meet and Confer"?

The "meet and confer" conference is now a requirement in Federal cases as of the rules changes of 2006 to the Federal Rules of Civil Procedure. In addition to Rule 26(f) for Federal cases, an increasing number of states now have (or are contemplating) a similar rule.  It provides an opportunity for the parties in a lawsuit to discuss discovery and create a plan for the sharing of information during and before trial.

The goal of the "meet and confer" rules is to provide a basis for an open exchange of information and a productive dialogue about discovery-related topics. Even in the antagonistic world of litigation, it is possible to reach an accord on the details of discovery by conforming to the requirements of these rules and of the discovery process.

What are the Parameters of the "Meet and Confer"?

Rule 26(f) states that attorneys must meet and discuss "any issues about preserving discoverable information" as well as developing a "discovery plan." It also specifies that:

  • Attorneys must already be aware of the location and nature of their own clients' computer systems and discoverable documents, and must be prepared to ask questions about their opponents' ESI, electronic systems, and data preservation actions.
  • In order to be fully prepared for this conference, an attorney needs to know as much as possible about the location, volume, and logistical challenges that surround the collection of ESI, as well as the client's preferences regarding privilege, protective orders, and document review.
  • The more informed the attorneys are on each of these counts, the more capable they will be to address relevant issues, streamline the discovery process, and minimize eDiscovery costs.
  • Attorneys may exchange either in-depth or limited information about the legal holds process.
  • The result of the "meet and confer" conference is to establish a comprehensive discovery plan and lay the groundwork for the discovery aspects of the rest of the proceeding.

Tomorrow, I’ll go into more details about the specific topics to be covered at the Rule 26(f) conference.  Oh, the anticipation!

So, what do you think? Do you have any experience with Rule 26(f) conferences that went awry or cases where having a Rule 26(f) conference would have helped? Please share any comments you might have or if you'd like to know more about a particular topic.

eDiscovery Case Law: Downloading Confidential Information Leads to Motion to Compel Production

The North Dakota District Court has recently decided in favor of a motion to compel production of electronic evidence, requiring imaging of computer hard drives, in a case involving the possible electronic theft of trade secrets.

In Weatherford U.S., L.P. v. Chase Innis and Noble Casings Inc., No. 4:09-cv-061, 2011 WL 2174045 (D.N.D. June 2, 2011), the court ruled to allow the plaintiff to select and hire a forensic expert at its own expense to conduct imaging of the defendants’ hard drives. The purpose of this investigation was to discern whether or not confidential data that was downloaded from the plaintiff’s computers was, in fact, used in the building of the defendants’ own oil services firm.

Although the judge noted that courts are generally “cautious” in authorizing such hard drive imaging, this motion was substantiated by the defendant, Innis’s, “acknowledgment that he downloaded [plaintiff’s] files to a thumb drive without permission.” The court believed that circumstances of the case warranted further investigation into the defendant’s computer history:

  • The plaintiff, Weatherford US LP, had previously alleged that Chance Innis, a former employee, had downloaded confidential and proprietary information and used it to his advantage in starting his own competing company, Noble Casing Inc.
  • Innis had admitted to returning to Weatherford US offices late in the evening of the day he was terminated and downloading files onto a thumb drive without permission. Two weeks later, he launched his own competing oil services company, the co-defendant in this case, Noble Casing Inc. However, Innis maintains that he did not later access the files stored on his thumb drive and never used them in the process of starting his own company.
  • Contrary to these assertions, forensic examination of the thumb drive showed that the files were later accessed; whether or not they were instrumental in the startup of Noble Casing Inc. remains in question.
  • The plaintiff requested access to the defendant’s computers in the pursuit of previously subpoenaed documents, proposing that they select, hire, and pay for the services of a forensic investigator to image the defendants’ hard drives.
  • The defendants objected, proposing instead that an expert be chosen in agreement by all parties.
  • The court ruled in favor of the plaintiff’s motion in this instance, agreeing that all materials imaged will be shown to the defendant to screen for privilege before being shared with the plaintiff.
  • The court maintained that it is not unusual for imaging of hard drives to be allowed by the court in cases such as this, “particularly in cases where trade secrets and electronic evidence are both involved.”

So, what do you think?  Do you agree that Weatherford should have been allowed to examine images of the defendants’ hard drives, or should Innis’ privacy and that of his company have been protected?  Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Best Practices: Avoiding eDiscovery Nightmares: 10 Ways CEOs Can Sleep Easier
 

I found this article in the CIO Central blog on Forbes.com from Robert D. Brownstone – it’s a good summary of issues for organizations to consider so that they can avoid major eDiscovery nightmares.  The author counts down his top ten list David Letterman style (clever!) to provide a nice easy to follow summary of the issues.  Here’s a summary recap, with my ‘two cents’ on each item:

10. Less is more: The U.S. Supreme Court ruled unanimously in 2005 in the Arthur Andersen case that a “retention” policy is actually a destruction policy.  It’s important to routinely dispose of old data that is no longer needed to have less data subject to discovery and just as important to know where that data resides.  My two cents: A data map is a great way to keep track of where the data resides.

9. Sing Kumbaya: They may speak different languages, but you need to find a way to bridge the communication gap between Legal and IT to develop an effective litigation-preparedness program.  My two cents: Require cross-training so that each department can understand the terms and concepts important to the other.  And, don’t forget the records management folks!

8. Preserve or Perish: Assign the litigation hold protocol to one key person, either a lawyer or a C-level executive to decide when a litigation hold must be issued.  Ensure an adequate process and memorialize steps taken – and not taken.  My two cents: Memorialize is underlined because an organization that has a defined process and the documentation to back it up is much more likely to be given leeway in the courts than a company that doesn’t document its decisions.

7. Build the Three-Legged Stool: A successful eDiscovery approach involves knowledgeable people, great technology, and up-to-date written protocols.  My two cents: Up-to-date written protocols are the first thing to slide when people get busy – don’t let it happen.

6. Preserve, Protect, Defend: Your techs need the knowledge to avoid altering metadata, maintain chain-of-custody information and limit access to a working copy for processing and review.  My two cents: A good review platform will assist greatly in all three areas.

5. Natives Need Not Make You Restless: Consider exchanging files to be produced in their original/”native” formats to avoid huge out-of-pocket costs of converting thousands of files to image format.  My two cents: Be sure to address how redactions will be handled as some parties prefer to image those while others prefer to agree to alter the natives to obscure that information.

4. Get M.A.D.?  Then Get Even: Apply the Mutually Assured Destruction (M.A.D.) principle to agree with the other side to take off the table costly volumes of data, such as digital voicemails and back-up data created down the road.  My two cents: That’s assuming, of course, you have the same levels of data.  If one party has a lot more data than the other party, there may be no incentive for that party to agree to concessions.

3. Cooperate to Cull Aggressively and to Preserve Clawback Rights: Setting expectations regarding culling efforts and reaching a clawback agreement with opposing counsel enables each side to cull more aggressively to reduce eDiscovery costs.  My two cents: Some parties will agree on search terms up front while others will feel that gives away case strategy, so the level of cooperation may vary from case to case.

2. QA/QC: Employ Quality Assurance (QA) tests throughout review to ensure a high accuracy rate, then perform Quality Control (QC) testing before the data goes out the door, building time in the schedule for that QC testing.  Also, consider involving a search-methodology expert.  My two cents: I cannot stress that last point enough – the ability to illustrate how you got from the large collection set to the smaller production set will be imperative to responding to any objections you may encounter to the produced set.

1. Never Drop Your Laptop Bag and Run: Dig in, learn as much as you can and start building repeatable, efficient approaches.  My two cents: It’s the duty of your attorneys and providers to demonstrate competency in eDiscovery best practices.  How will you know whether they have or not unless you develop that competency yourself?

So, what do you think?  Are there other ways for CEOs to avoid eDiscovery nightmares?   Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Best Practices: Competency Ethics – It’s Not Just About the Law Anymore
 

A few months ago at LegalTech New York, I conducted a thought leader interview with Tom O’Connor of Gulf Coast Legal Technology Center, who didn’t exactly mince words when talking about the trend for attorneys to “finally tak[e] technology seriously”.  As he noted, “lawyers are finally trying to take some time to try to get up to speed – whining and screaming pitifully all the way about how it’s not fair, and the sanctions are too high and there’s too much data.  Get a life, get a grip.  Use the tools that are out there that have been given to you for years.” 

Strong words, indeed.  The American Bar Association (ABA) Model Rules of Professional Conduct (Model Rules) require that an attorney possess and demonstrate a certain requisite level of knowledge in order to be considered competent to handle a given matter.  Specifically, Model Rule 1.1 states that, "[a] lawyer shall provide competent representation to a client. Competent representation requires the legal knowledge, skill, thoroughness, and preparation reasonably necessary for the representation."

Preparation not only means understanding a specific area of the law (for example, antitrust or patent law, both highly specialized.).  It also means having the technical knowledge and skills necessary to serve the client in the area of discovery.

The ethical responsibilities of counsel these days includes competently directing and managing the identification, preservation, collection, processing, analysis, review and production of electronically stored information (ESI) required to be produced pursuant to lawful discovery requests.  If counsel does not have that level of competency in a particular area, he or she is obligated to either acquire the knowledge or skill necessary to support those needs, or include someone else who does have the requisite skills as part of the representation.

Not too long ago, I met with an attorney and discussed how they handled preservation obligations with their clients.  The attorney indicated that he expected his clients to self-manage their own preservation and collection.  When I asked him why he didn’t try to get more involved to make sure it was being handled properly, he said, “I don’t want to alarm them.  They might decide they need a bigger firm.”

Recent case law is full of cases where counsel didn’t fully understand their eDiscovery obligations, and got themselves and their clients “burned” in the process.  If your organization gets involved in litigation, make sure to include eDiscovery competence among the factors you consider when determining counsel qualifications to represent you.

So, what do you think?  Is your counsel eDiscovery savvy?  If not, do they use a provider that is?  Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Trends: Forecast for More Clouds
 

No, eDiscoveryDaily has not begun providing weather forecasts on our site.  Or stock forecasts.

But, imagine if you could invest in an industry that could nearly sextuple in nine years? (i.e., multiply six-fold).

Well, the cloud computing, or Software-as-a-Service (SaaS), industry may be just the industry for you.  According to a Forrester report from last month, the global cloud computing market will grow from 40.7 billion dollars in 2011 to more than 241 billion dollars by 2020.  That’s a 200 billion dollar increase in nine years.  That’s enough to put anybody “on cloud nine”!

The report titled Sizing The Cloud by Stefan Ried (Principal Analyst, Forrester) and Holger Kisker (Sr. Analyst, Forrester), outlines the different market dynamics for three core layers of cloud computing, as follows:

  • Public Cloud: From 25.5 billion dollars to 159.3 billion dollars by 2020;
  • Virtual Private Cloud: From 7.5 billion dollars to 66.4 billion dollars by 2020;
  • Private Cloud: From 7.8 billion dollars to 159.3 billion dollars by 2020.

Public cloud providers include everything from Facebook and Twitter to Amazon.com and Salesforce.com.  As the name implies, a private cloud is where companies implement their own cloud environment to support its own needs.  A virtual private cloud is simply a private cloud located within a public cloud.

Forrester is not the only analyst firm that expects big things for cloud computing.  The Gartner Group projected that the cloud computing industry will have revenue of 148.8 billion dollars by 2014, even higher than Forrester’s forecast of 118.7 billion dollars for the same year.  Clearly, the benefits of the cloud are causing many organizations to consider it as a viable option for storing and managing critical data.

What does that mean from an eDiscovery perspective?  That means a forecast for more clouds.  If your organization doesn’t have a plan in place for managing, identifying, preserving and collecting data from its cloud solutions, things could get stormy!

So, what do you think?  Is your organization storing more data in the cloud?  Does your organization have an effective plan in place for getting to the data when litigation strikes?  Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Best Practices: What Are the Skeletons in Your ESI Closet?
 

At eDiscoveryDaily, we try not to re-post articles or blog posts from other sources.  We may reference them, but we usually try to add some commentary or analysis to provide a unique spin on the topic.  However, I read a post Thursday on one of the better legal blogs out there – Ride the Lightning from Sharon Nelson – that was a guest post by Jim McGann, VP of Information Discovery at Index Engines that I thought was well done and good information for our readers.  Jim has been interviewed by eDiscoveryDaily here and here and always has terrific insight on ESI issues.  You can click here to read the post directly on Ride the Lightning or simply read below.

Law firms and corporations alike tend to keep data storage devices well beyond what their compliance requirements or business needs actually dictate.  These so-called “skeletons in the closet” pose a major problem when the entity gets sued or subpoenaed. All that dusty data is suddenly potentially discoverable. Legal counsel can be proactive and initiate responsible handling of this legacy data by defining a new, defensible information governance process.

  1. Understand all data sources. The first choice when faced with an ESI collection is to look at current online network data. However, many other sources of email and files exist on corporate networks, sources that may be more defensible and even cost effective to collect from, including offsite storage typically residing on backup tapes. Tape as a collection source has been overlooked because it was historically difficult and expensive to collect from legacy backup tapes.
  2. Get proactive with legal requirements. Defining what ESI data should be kept and placed on litigation hold and what can be purged are the first steps in a proactive strategy. These legal requirements will allow clients to put a policy in place to save specific content, certain custodians and intellectual property so that it is identifiable and ready for on demand discovery.
  3. Understand technology limitations. Only use tools that index all the content, and don’t change any of the metadata. Some older search solutions compromise the indexing process, and this may come to haunt you in the end.
  4. Become a policy expert. As new technology comes on the market, it tends to improve and strengthen the discovery process. Taking the time to understand technology trends allows you to stay one step ahead of the game and create a current defensible collection process and apply policy to it.

So, what do you think?  Do you have “skeletons” in your ESI closet?   Please share any comments you might have or if you’d like to know more about a particular topic.