Close
Enter your
text here

Privileged

eDiscovery Trends: Metadata Mining Ethics
 

Years ago, I put together a CLE course about metadata awareness and how hidden data (such as tracked changes and comments) can cause embarrassment or even inadvertent disclosures in eDiscovery.  The production of metadata with ESI continues to be a big issue in eDiscovery and organizations need to consider how to handle that metadata (especially if it’s hidden), to avoid issues.

For those who don’t know, metadata can be simply defined as “data about data”, which is to say it’s the data that describes each file and includes information such as when it was created, when it was last modified and who last modified it.  Metadata can often be used in identifying responsive files based on time frame (of creation or last editing) or other criteria.

Many types of files can contain other hidden metadata, such as a record the changes made to a file, who made those changes, and any comments that those parties may have also added (for example, Microsoft Word has Tracked Changes and Comments that aid in collaboration to obtain feedback from one or multiple parties regarding the content of the document).  Embedded objects can also be hidden, for example, depending on how you embed an Excel table into a Word document; the entire Excel file may be accessible within the document, even though only a small part of it is displayed.

Last fall, the American Bar Association published an article with a look at metadata ethics opinions, which was also recently referenced in this article.  The opinions issued to date have focused on three topics with regard to metadata production:

  • The sender's responsibility when transmitting or producing electronic files;
  • The recipient's right to examine (or "mine") files for metadata; and
  • The recipient's duty to notify the sender if sensitive data is discovered.

Sender’s Responsibility

Jurisdictions agree that an attorney sending or producing ESI has a duty to exercise caution to avoid inadvertently disclosing confidential information, though the level of caution required may vary depending upon the jurisdiction and situation.  In SBA Ethics Opinion 07-03, the State Bar of Arizona's Ethics Committee indicated that level of caution may depend upon "the sensitivity of the information, the potential consequences of its inadvertent disclosure, whether further disclosure is restricted by statute, protective order, or confidentiality agreement, and any special instructions given by the client."

Ignorance of technology is no excuse.  The Colorado Bar Association Ethics Committee states that attorneys cannot limit their duty "by remaining ignorant of technology relating to metadata or failing to obtain competent computer support." (CBA Ethics Opinion 119).

Recipient’s Right to Examine

There is less jurisdictional agreement here.  Colorado, Washington D.C. and West Virginia allow metadata mining unless the recipient is aware that the data was sent unintentionally. On the other hand, New York and Maine prohibit metadata mining – the New York State Bar Association's Committee on Professional Ethics based its decision in part on the "strong public policy in favor of protecting attorney-client confidentiality." (NYSBA Opinion 749).  Minnesota and Pennsylvania have not set a bright-line rule, stating that the decision to allow or prohibit metadata mining should depend on the case.

Recipient’s Duty to Notify

Most jurisdictions rely on their local variation of ABA Model Rule of Professional Conduct 4.4(b), which indicates that an attorney who receives confidential data inadvertently sent is obligated to notify the sender.  Maryland is one exception to that position, stating that "the receiving attorney can, and probably should, communicate with his or her client concerning the pros and cons of whether to notify the sending attorney." (MSBA Ethics Docket 2007-09).

Bottom Line

You may not be able to control what a recipient can do with your inadvertently produced metadata, but you can take steps to avoid the inadvertent production in the first place.  Office 2007 and greater has a built in Document Inspector that eliminates the hidden metadata in Office files, while publishing files to PDF will remove some metadata (the amount of metadata removed depends on the settings).  You can also use a metadata “scrubber” application such as Workshare Protect or Metadata Assistant to remove the metadata – most of these will even integrate with email so that you have the option to “scrub” the file before sending.

So, what do you think?  Have you been “stung” by hidden metadata?  Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Case Law: Privilege Waived for Produced Servers

If you were at the International Legal Technology Association (ILTA) trade show this past August, you may have noticed a huge unfinished building in the middle of the strip – the Fontainebleau Resort.  It sits idle after financing was pulled, forcing Fontainebleau Las Vegas LLC to file for Chapter 11 bankruptcy in June of 2009.  Naturally, lawsuits followed, between the Term Lenders and Fontainebleau Resort, LLC (FRLLC), the third party parent of Fontainebleau Las Vegas – In re Fontainebleau Las Vegas Contract Litig., (S.D. Fla. Jan 7, 2011)

A company that responded to a third party subpoena and court orders compelling production by handing over three servers to lenders without conducting any relevancy review and without reviewing two of the servers for privileged materials waived privilege for documents on the two servers that were not reviewed.

The parent company of a resort in bankruptcy proceedings was served by lenders to the resort with a subpoena for production of documents. The company did not object to the scope of the subpoena, and the court granted a motion of the lenders to compel production. Counsel for the company then halted work by an e-discovery vendor who had completed screening the company’s email server for responsive documents but had not started a privilege review because of concerns that the company could not pay for the services. Counsel for the company also sought to withdraw from the case, but the company was unable to find new counsel.

Rather than seeking a stay or challenging discovery rulings from the court, the company turned over data from a document server, an accounting server, and an email server. According to the court, the three servers were turned over to the lenders without any meaningful review for relevancy or responsiveness. Despite an agreement with the lenders on search terms for the email server, the company produced a 126 gigabyte disk with 700,000 emails from that server and then, without asking for leave of court, was late in producing a privilege log for data on the email server. The lenders sought direction from the court on waiver of privilege and their obligation if they found privileged materials in the data produced by the company. The company for the first time then raised objections to the burdensomeness of the original subpoena served over six months earlier given the company’s lack of resources or employees to conduct a document review.

The court held that the company “waived the attorney-client privilege and work product protection, and any other applicable privileges, for the materials it produced from two of three computer servers in what can fairly be described as a data dump as part of a significantly tardy response to a subpoena and to court-ordered production deadlines.” The court stated that in effect, the company “took the two servers, which it never reviewed for privilege or responsiveness, and said to the Term Lenders ‘here, you go figure it out.’”

However, because the company prepared a privilege log for the email server, the court added that privileges were not waived for materials from the email server. Also, the lenders were directed to alert the company to any “clearly privileged material they may find during their review of the production on the documents and accounting servers.” Although the court was not ruling on admissibility at trial of that privileged material, the lenders would be allowed to use it during pre-trial preparations, including depositions.

So, what do you think?  Was justice served?  Please share any comments you might have or if you’d like to know more about a particular topic.

Case Summary Source: Applied Discovery (free subscription required).  For eDiscovery news and best practices, check out the Applied Discovery Blog here.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

eDiscovery Case Law: Rajala v. McGuire Woods

Yesterday, we took a look at “Pension Committee”, Judge Shira Scheindlin’s significant opinion regarding the duty for plaintiffs (as well as defendants) to preserve ESI and sanctions for failing to live up to that duty.

The holiday week look back at cases continues with Rajala v. McGuire Woods LLP, (D. Kan. July 22, 2010), which addresses the applicability of Federal Rule of Evidence 502(d) and (e) in McGuire Woods’ request for a clawback provision for privileged documents.

As part of negotiations over an appropriate protective order covering the treatment of confidential information, defendant McGuire Woods drafted a proposed order that included a clawback provision. Plaintiff opposed inclusion of a clawback provision in the agreement, arguing that the protective order should not deal with privilege issues and that “[t]he parties are free to enter stipulations at other times over other discovery issues, including … waiver of privileges and clawbacks… There is no need to force the issue here.” The protective order was subsequently entered without a clawback provision. After further meet and confer sessions, plaintiff still would not enter into a clawback agreement, and defendant filed a motion for entry of a clawback provision.

Agreeing with defendant’s arguments, the Court held that both Federal Rule of Civil Procedure 26(f) and Federal Rule of Evidence 502 contemplated the use of clawback provisions and that “entry of an order containing a clawback provision is not dependent on the agreement of the parties.” Because of the extensive amount of ESI in the litigation, and because defendant is a law firm with thousands of clients and a high risk of potential inadvertent disclosure, the Magistrate Judge concluded that defendant had made the requisite showing of good cause for entry of a clawback provision:

“[T]his case is precisely the type of case that would benefit from a clawback provision. Such a provision will permit the parties to conduct and respond to discovery in an expeditious manner, without the need for time-consuming and costly pre-production privilege reviews, and at the same time preserve the parties’ rights to assert the attorney-client privilege or work product immunity.”

So, what do you think?  Is this the most significant eDiscovery case of 2010?  Please share any comments you might have or if you’d like to know more about a particular topic.

Case Summary Source: Sidley Austin LLP.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

eDiscovery Case Law: Discovery Compelled for Social Media Content

Discoverability of social-media usage continues to be a hot topic for eDiscovery.  Information for litigants’ LinkedIn, Facebook, Twitter and MySpace accounts can be the “smoking gun” for litigators looking to pursue or defend a claim.

In McMillen v. Hummingbird Speedway, Inc., No. 113-2010 CD (C.P. Jefferson, Sept. 9, 2010), defendant Hummingbird Speedway, Inc. sought to compel discovery of the plaintiff’s social network account log-in names, and passwords.  A copy of the opinion granting that Motion to Compel is available here.

The plaintiff was allegedly injured during a stock car race in the summer of 2007.  During the litigation that followed, defendant Hummingbird Speedway, Inc. requested production of plaintiff’s user names, log-in names, and passwords for any social network accounts – to which the plaintiff objected, arguing that the information was confidential.  Based on information in the public sections of the plaintiff’s social network accounts, the defendant filed a Motion to Compel.

In his opposition to the motion, the plaintiff argued that communications with friends via social media sites were private and protected from disclosure. The court disagreed, indicating that the plaintiff was essentially asking the court to recognize an evidentiary privilege for such communications, but that there is no “social media privilege” recognized by Pennsylvania’s court or legislature.

The court also noted that those communications were not privileged based on “Wigmore’s test for privilege”, which requires the plaintiff to establish four factors:

  • “His communications originated in the confidence that they would not be disclosed”;
  • “The element of confidentiality is essential to fully and satisfactorily maintain the relationship between the affected parties”;
  • “Community agreement that the relationship must be sedulously fostered”; and
  • “The injury potentially sustained to the relationship because of the disclosure of the communication outweighs the benefit of correctly disposing of litigation”.

Because the plaintiff failed to establish these factors, the court ultimately ruled that “Where there is an indication that a person’s social network sites contain information relevant to the prosecution or defense of a lawsuit…and the law’s general dispreference for the allowance of privileges, access to those sites should be freely granted”.

So, what do you think?  There have been other cases where the discoverability of social media was called into question – have you experienced any?  Please share any comments you might have or if you’d like to know more about a particular topic.

P.S. – For those (like me) who didn’t know what the word “sedulously” meant, I’ve provided a link to the definition above… 🙂