Category: Preservation

A story on CIO.com entitled "Electronic Discovery: Are You Really Ready?" discusses a survey done by IDC (commissioned by FTI Consulting Inc.) of 118 IT executives on their e-discovery readiness.

In contrast to the majority of surveys on e-discovery preparedness (such as this recent one from Xerox Litigation Services), this story reports that many of their respondents are actually "confident about their current abilities to respond to a litigation event" because a lot more attention is being paid to records management, archiving and information retention policies.

However, the data from the survey highlights an urgent need for organizations to adopt standardized policies and IT practices for activities related to the identification, preservation and collection of potentially responsive data.

The story states that nearly 79% of the IT executives surveyed rated their ability to respond to a litigation event from "above average" to "very well prepared."

Other choice sentences from the story:

IDC’s research concludes that corporations are enforcing the legal hold on an application and content-store basis.

While 86 percent of survey respondents claim to have formalized litigation communications policies in place, adoption of standardized processes and the ability to automate and document communications across records management, legal and compliance departments is lacking.

Approximately 55 percent of the companies surveyed are still in the early stages of automating the litigation communication process, 29 percent are using voice communications and in-person notices and 13 percent are still using paper-based surveys.

I have my usual spate of questions here: What defines an IT executive in this survey? Is it a CIO? An administrator? And are these IT executives at law firms or corporations?

Fortunately, my questions should be answered in the FTI/IDC Webcast on June 19 that will present the full findings from the study.

Link to story.

A concise list of seven misconceptions that businesses have about ESI and their e-discovery obligations entitled “Why Your Business May Be At Risk…” from The Metropolitan Corporate Counsel. The authors are three attorneys from the New Jersey law firm Norris McLaughlin & Marcus.

Here are 5 of my favorite from the list:

1. Since we are not presently involved in a lawsuit, there is no need to concern ourselves with these new rules. The reality is that there need not be an active lawsuit or court order in place for there to be an obligation on a business to preserve ESI.
2. If we were required to save data every time a lawsuit is threatened, our company would be crippled and we’d lose our business. The reality is that the new rules recognize this problem and provide that a party need only preserve relevant ESI.
3. Even if we were to lose relevant ESI evidence, the loss was accidental and not intended to destroy harmful information; surely a court would understand. The reality is that even accidental or innocent loss of relevant ESI is sanctionable when it could have reasonably been prevented.
4. Many of our employees work from home and use their own personal computers; therefore, we don’t have to worry about those computers. The reality is that the new rules widen the scope of ESI to include personal home computers, cell phones, copy machines, fax machines, voice-mail, instant messaging, PDAs, websites, flash drives, etc. As long as your employees are working for you, it does not matter where they are located or what device they are using to generate electronic information related to your business.
5. We’re too small of a business to have to worry about these changes. The reality is that if you are a business with a computer or any other device that generates electronic data, you are within reach of the new rules.

Link to story.

In a fascinating February 18, 2008 opinion, Magistrate Judge John M. Facciola references the Federal Rules of Civil Procedure regarding electronically stored information (ESI) in a seemingly mundane federal criminal matter.

United States v. O’Keefe Case No. Cr. 06-249 (D.D.C. February 18, 2008) charges the defendant (formerly employed with the U.S. Department of State stationed in Canada) with accepting "gifts and other benefits" from a co-defendant in exchange for expediting visa requests for employees of the co-defendant’s company.

Judge Facciola recognizes:

"In criminal cases, there is unfortunately no rule to which the courts can look for guidance in determining whether the production of documents by the government has been in a form or format that is appropriate. This may be because the ‘big paper’ case is the exception rather than the rule in criminal cases."

and continues:

"It [would be] foolish to disregard [the Federal Rules of Civil Procedure] merely because this is a criminal case, particularly where, as is the case here, it is far better to use these rules than to reinvent the wheel when the production of documents in criminal and civil cases raise the same problems."

This is an intriguing but embraceable statement. Criminal cases can experience the same issues of collection and preservation of ESI that a civil matter would see. And since the issues have been (and continue to be) thoroughly vetted in the civil litigation world, there’s no reason that they can’t be equally applied in a criminal matter.

Judge Facciola details the search activities of the government which are disturbing at some points. I share Ralph Losey’s concerns that there was no mention of an attorney being involved when the Visa Unit Chief of the United States Consulate General in Toronto, Canada (presumably the defendant’s former supervisor) conducted the search for paper records and "responsive emails." Ralph does an excellent job of referring to the duties directed upon legal counsel to communicate with the key players to better understand how potentially relevant information is stored and located.

The more noteworthy issue in the opinion that others have commented upon is in the second to last paragraph where Judge Facciola writes that developing a set of "search terms or ‘keywords’ … is a complicated question involving the interplay … of the sciences of computer technology, statistic and linguistic."

Judge Facciola continues:

"Given this complexity, for lawyers and judges to dare opine that a certain search term or terms would be more likely to produce information than the terms that were used is truly to go where angels fear to tread. This topic is clearly beyond the ken of a layman and requires that any such conclusion be based on evidence that, for example, meets the criteria of Rule 702 of the Federal Rules of Evidence."

Mark Foley in his article "Expert Testimony May Be Needed for E-Discovery Keyword Searches" suggests that taking Judge Facciola’s comments literally would mean that any objection to a list of search terms would need to be supported by the testimony of an expert in the field of computer science, statistics, and/or linguistics.

I don’t believe Judge Facciola intends for us to take his comments to that extreme, but it does highlight the absolute necessity to seek agreement on search terms early and quickly. It’s also advisable to employ an expert to review the search terms, or at least earnestly discuss the issue with your e-discovery vendor. Some attorneys who may be more familiar with Westlaw or Lexis or Google type searches insist on developing a lengthy keyword list to circumvent the fear of "missing something." While I understand the concern, a foolhardy and over-broad keyword list will end up costing a party much more time and money in the long run.

I hear so many attorneys declare that they don’t have to worry about e-discovery - either because they do not have huge corporate clients or that their clients aren’t “sophisticated” enough to use a computer.

My next question to them is usually “does your client use a cell phone?”

Where there’s a cell phone, there’s probably a text message. Text messaging is a simple, convenient, seemingly innocuous method of trading quick messages when a phone call or e-mail message might not be proper or possible. And because a text message seems like a private, innocent, little digital conversation between two tiny, insignificant mobile phones, inhibitions are routinely left at the keypad. But text messages, just like e-mail and all other electronic files, have a knack for sticking around, even through superficial attempts at deleting them.

The mayor of Detroit, MI found all this out the hard way. Mayor Kwame Kilpatrick and his female Chief of Staff, Christine Beatty, were apparently involved in an extra-marital affair several years ago. When a Detroit policeman on the mayor’s guard duty “blew the whistle” on the couple, he lost and job. He sued the city and when the mayor and Ms. Beatty took the stand, they denied that any relationship ever existed.

Last month, the Detroit Free Press obtained and released excerpts from at least 14,000 text messages sent between Mayor Kilpatrick and Ms. Beatty during 2002 and 2003 and now displays those excerpts for your convenience in both text and photos.

While I realize that many attorneys won’t have the mayor of Detroit as a client, it is important to remember that cell phones from anyone can hold relevant, discoverable information. As stated in a story from Crain’s Detroit Business (via edd blog online):

Kilpatrick and Beatty are public figures with fewer rights of privacy than most citizens. But once even private citizens start using company equipment in their communications — whether it’s e-mail from the office computer or text messages from the company cell phone or BlackBerry — expectations of privacy disappear.

As an e-discovery consultant, one might presume that I would take umbrage with Mr. Perkowski’s first paragraph in "Coping with the EDD Drumbeat," but I am positively assured he is not the only in-house attorney that feels this way:

"For the past several years, in-house litigators have been bombarded by swarms of consultants, vendors, and outside counsel reciting the potentially catastrophic effects of the 2006 amendments to the Federal Rules of Civil Procedure (FRCP)."

Mr. Perkowski accurately characterizes the FUD that has surrounded the e-discovery industry for several years now and likens it to the apocalyptical panic of Y2K.  There’s a reason that 2006 commercial EDD revenues were $2 billion, up 51% from 2005, and expected to be around $4 billion by 2009. Yes those numbers mean that there is a true need for e-discovery, but as Mr. Perkwoski states, "e-discovery is not too different from any other form of discovery," so there has to be a better explanation for the millions of dollars burned on e-discovery services every year - perhaps there’s a little FUD infecting the industry if we were honest about it. Fear is an effective and motivating marketing tool.

Mr. Perkowski’s pivotal point in his column is that you should involve and educate your IT group, which is a most noble suggestion.

"…engage the IT department. Make it your best friend … they have a much better chance than you of knowing where the employees store data."

Interacting with your IT department is absolutely imperative in my opinion. But I would guess the reality is that most in-house attorneys couldn’t even tell you where their company’s IT department is located, much less be able to tell you the full name of a help desk grunt, or a network administrator. Attorneys and techies have historically abided as oil and water; and in my experience, that’s a big hurdle to overcome.

I appreciate how Mr. Perkowski states, "once you have found your IT department, … charge them with locating electronically stored information (ESI)" (emphasis mine). Simply finding the IT department is a good first step for many in-house counsel.

Towards the end of his column, Mr. Perkowski offers some beneficial nuggets of advice for dealing with outside counsel on your e-discovery projects:

"To keep a lid on the scope, you need to keep a keen eye on outside counsel. All too often, outside counsel collaborate with opposing counsel and agree to overly broad word searches. Sometimes that’s due to an abundance of caution. But it’s also because law firms assign e-discovery responsibilities to relatively inexperienced lawyers. Tell them you don’t think much of that staffing practice."

I’m sure Mr. Perkowski speaks from experience when he laments that many "law firms assign e-discovery responsibilities to relatively inexperienced lawyers," but why is this true? I offer two reasons:

1. the "e-discovery responsibilities" are not considered as important as other tasks on a litigation matter at a law firm, and
2. most of the experienced partners at a law firm are utterly confused and probably terrified about e-discovery concepts so they delegate to "inexperienced" associates who will NOT say no.

I was thrilled to see Mr. Perkowski’s column provide some insight on the tough issues of e-discovery from an in-house perspective, and I would be grateful to see more attorneys in his position share their thoughts.

Link to column.

P.S. Readers might also be interested in my recent article for Inside Counsel magazine’s InsideTech section entitled “E-mail Emergencies” where I discuss some simple steps for managing the risk found in employee e-mail.

A great headline from InfoWorld.com that briefly looks at the effects the amended FRCP has on IT professionals who are tasked with purchasing storage platforms for their companies.

I don’t totally agree with this quote by author Mario Apicella, but I can certainly appreciate his perspective:

“… hosted services that offer remote access for e-discovery and similar activies are a worthwhile alternative to building a layer of compliance applications in-house.”

True it may be easier (and more efficient) for a company to outsource some of their storage/compliance responsibilities, but it is still imperative that the IT professionals and company attorneys discuss the issues revolving around the storage and preservation of electronic records (i.e. e-mails, e-docs, etc.).

Even though a hosted service may adequately handle the logistics of preserving e-mail, the amended rules still impose a quasi-duty upon lawyers to be familiar enough with their clients’ information systems so they can intelligently discuss the exchange of electronic data with the opposing party.

Link to article.

My article “The Easy Button” recently posted on InsideCounsel.com where I take a look at four vendors that provide tools for searching and analyzing e-mails. The four vendors mainly sell their products to in-house counsel with the alluring appeal that in-house attorneys can search employee e-mail and discover potential smoking guns before the litigation trigger is pulled.

The four vendors I talked to for the article were AXS-One, InBoxer, Clearwell Systems, and Estorian. Each vendor enjoys a certain sweet spot.

I wanted to talk to AXS-One after I read the great story on ComputerWorld.com about how KeyBank adopted the AXS-One Compliance Platform to help manage the laborious process of collecting and producing e-mails from their 300TB e-mail archive. The story provides a rare insight into how major corporations are dealing with the stress of complying with e-discovery requests.

I am very impressed with InBoxer and have blogged about the company in the past. The big seller to me with InBoxer is that it’s so easy to deploy - you either pop in a rack mounted server or install the software in a virtual appliance and it’s ready to go within an hour, or even a few minutes. In-house counsel search and analyze employee e-mail through an online interface (you can visit www.enronemail.com to test out InBoxer for yourself).

I’ve been following Clearwell for a while now, and I believe they have one of the most intuitive interfaces of the group. They made it very clear to me that they are not an e-mail archiving system, but that they work complementary to systems you may already have set up from Symantec or EMC. A Clearwell system can also get up and running very fast, and provides such a comfortable interface that I can see where some users may not even need training.

And lastly Estorian offers an interesting alternative to the slick-ness of InBoxer and Clearwell. Estorian’s LookingGlass software may not look as pretty, but I found that it provides an extensive array of options for searching, monitoring and saving potentially risky e-mail messages. The company views LookingGlass as more of a compliance tool because users can easily set up searches to automatically and continuously monitor employee e-mail for risky keywords.

I foresee in the near future that every corporation will have some sort of e-mail analysis tool constantly monitoring employee e-mail. And why not? In this country, the company owns the e-mail and has the right to read every message sent by an employee through the company-owned servers. Companies that purchase tools such as the ones mentioned above will enjoy a) the comfort of knowing that something is policing the e-mail servers for naughtiness, and b) the ability to quickly search and secure e-mail messages that are relevant to the latest litigation matter that flys across their desk.

Link to my article.

I found a small treasure trove of articles on e-discovery and computer forensics today from Burgess Forensics. I especially liked the article “How is data written, stored on, and erased from hard disks?” by Steve Burgess, where he likens hard drives to “a hybrid of a record album and pizza pie … or a dartboard” in an attempt to describe how data is stored on computer hard drives.

Last week I had the pleasure to present a Webinar for LegalSpan (Manexa) entitled “How and When to Use Computer Forensics Professionals.” In my research for this presentation, I realized how difficult it is to explain how operating systems store data on computer hard disks to non-technical folks. It’s always made perfect sense to me due to my background, but it’s tough to smoothly explain how bits, bytes, sectors, and clusters build upon each other, and why hard drives have “slack space,” and why data is rarely saved in consecutive clusters, etc. etc.

The Steve Burgess article does a great job of introducing the terminology, but the masterful Craig Ball takes your hand and gracefully leads you through the woods of bits and bytes in his concise compendium entitled ”4 on Forensics: Four Articles on Computer Forensics for Lawyers.” If you’re a lawyer that needs to understand how to preserve a computer’s hard drive, Craig’s “4 on Forensics” is an absolute must read. And due to Craig’s easy style, I guarantee that you will have a solid foundation on computer forensics when you’re done reading. The first of the four articles, “Computer Forensics for Lawyers Who Can’t Set a Digital Clock,” is the longest and the most relevant. Read that one if you can’t get to anything else.

I would be remiss if I did not mention Sensei Enterprises, Inc., the digital home of Sharon D. Nelson, Esq. and John W. Simek. Not only have the two collaborated on the terrific The Electronic Evidence and Discovery Handbook: Form, Checklists and Guidelines ABA book, but Sharon Nelson now authors the informative (and often entertaining) electronic evidence blog entitled “ride the lightning.” You can find a wonderful chunk of articles on their Website, and I will specifically recommend “Finding Wyatt Earp: Your Computer Forensics Expert” which provides a compact set of suggestions to consider when you need the services of a computer forensics examiner.

Computer forensics has always had a ”CSI mystique” about it, mainly because so many people have never had to worry (or care) about how their computer stores data on the hard drive. And while you really don’t need to know how the innards of a computer works to send e-mail or type a document, you should have a basic understanding of the technology in use so you can confidently communicate with the computer forensics professional you hire.

The blanket rule when it comes to computer forensics is DON’T DO IT YOURSELF (or don’t let your client do it themselves). Many IT professionals wrongly assume that they can make a full copy of the hard drive themselves that will preserve the data. Unfortunately, many of these copies will NOT be considered forensically sound images of the hard drive, and will reveal changes made to the data, which could lead to claims of spoliation.

It’s never worth the gamble - always call a professional, certified computer forensics professional when you need to preserve the data on a computer hard drive.

More cautionary words of wisdom about how employees routinely disregard the public nature of e-mail in “GCs to Employees: Think Before You Send” posted on Law.com.

Matthew W. Clarke, a partner at Smith, Gambrell & Russell, is quoted:

“The main problem that occurs over and over is that people have such a casual attitude and approach when it comes to writing and sending e-mails.”

And the article provides some examples of what’s been found in e-mails:

“Don’t put this in writing, but …

“can you believe that [expletive] is complaining about this?”

“I can’t believe she’s pregnant at such an inconvenient time at work.”

“we need to get rid of the dead wood.”

If you want to explore this incredible phenomenon first hand, you can visit www.enronemail.com and search through the multitude of e-mail messages collected during the Enron litigations. The site is set up by a company called InBoxer (which I’ve written about before) as a way to demonstrate their product, but it’s a sobering example of what can go wrong when employees use e-mail.

Link to story.

The August 2007 edition of the terrific e-newsletter Law Technology Today runs a story entitled “eDiscovery Sanctions - Staying out of Harms Way” which provides some practical tips on helping a client index and organize their electronic data.

I particularly enjoy the first couple of paragraphs that discuss the 1970 amendments to the Federal Rules of Civil Procedure.

In 1970, the Federal Rules of Civil Procedure incorporated the concept of “data compilations from which information can be obtained” into its text. From that moment on, digital documents on computers were available for discovery.

In reading the Advisory Committee Notes to the 1970 FRCP Amendments for Rule 34(a) (about midway down the page), it’s obvious that they wrestled with several of the same issues that the Advisory Committee struggled with on the 2006 Amendments.

The inclusive description of “documents” is revised to accord with changing technology. It makes clear that Rule 34 applies to electronic data compilations from which information can be obtained only with the use of detection devices … respondent may be required to use his devices to translate the data into usable form. In many instances, this means that respondent will have to supply a print-out of computer data. The burden thus placed on respondent will vary from case to case, and the courts have ample power under Rule 26(c) to protect respondent against undue burden or expense (copied from Cornell’s Legal Information Institute)

I also like how the article distinguishes between “gaining control of the e-mail system” and what they call the “file system” which refers to the “massive [electronic] system housing many of the corporation’s memos, strategic presentations, financial spreadsheets, corporate intellectual property and plenty of other critical digital assets.”

The point is well taken - with so much emphasis on e-mail (much of it deservedly so) many companies don’t pay enough attention to how their employees are saving and storing electronic documents.

In my experience, many companies simply leave it up to individual departments or employees to determine where documents are stored and how they’re named. Obviously, each department must provide input into how their documents are stored, but a confusing collections of document storage practices will always make it more difficult to find the data you need to produce.

Link to column.