My article on keeping costs low on document review appears on Law.com. I talk about outsourcing/offshoring, automated review, and per-unit pricing.

Link to article.

A story on Law.com entitled "Outbound E-Mails Spell Inbound Legal Trouble for Corporations" points to a recent study from Proofpoint.com on how corporations are concerned about the content of their outbound e-mail.

This is Proofpoint’s fifth annual study of outbound e-mail and is designed to examine the level of concern about the content of e-mail and how large organizations are mitigating the risks associated with outbound messaging. This year’s study also expanded to include a look at Web-based e-mail, blogs, social networking sites, etc.

The study received responses from a total of 424 "IT decision makers" including CIOs and IT directors from the US, UK, Germany, France and Australia.

Here are a few highlights that perked up my e-discovery ears:

"In non-compliant e-mail messages leaving your organization, what is the most common form of inappropriate content?"

• 30% - Adult, obscene or potentially offensive content
• 26% - Confidential or proprietary business information about your organization
• 17% - Personal healthcare, financial or identity data which may violate privacy and data protection regulations
• 13% - Valuable intellectual property or trade secrets which should not leave the organization

"Using your best estimate, what percent of your organization’s outbound e-mail contains content that poses a legal, financial, or regulatory risk to your organization?" Answer - 12%.

56% of US respondents indicated that they are "concerned" or "very concerned" about e-mail sent from mobile devices (smartphones or other wireless, Internet-connected devices) as a potential conduit for exposure of confidential or proprietary information.

56% of US respondents indicated that they are "concerned" or "very concerned" about Web-based  e-mail (i.e. services such as Google Mail, Yahoo! Mail, Hotmail, etc.) as a conduit for the exposure of confidential information.

Regarding Policies:

• 98% of US companies (100% in UK) have an "acceptable use policy for e-mail" that includes personal use rules, monitoring and privacy policies, offensive language policies, etc.
• 84% of US companies (75% in UK) have an "e-mail retention policy" that defines what information sent or received by e-mail should be retained and for how long.

24% of US companies reported that they produced employee e-mail in the past 12 months subject to a civil or criminal subpoena. In US companies with 20,000 employees or more, that number rose to 34%. Elsewhere in the world, employee e-mail was subpoenaed less frequently - 6% in UK, 10% in Germany, 10% in France, and 3% in Australia.

"How important to your organization is reducing the legal and financial risks associated with outbound e-mail in the next 12 months?" Answer - 57% of US companies answered that it is "important" or "very important" for their organizations.

"How important to your organization is reducing the legal and financial risks associated with outbound HTTP traffic (e.g., Web-mail, blog postings, etc.) in the next 12 months?" Answer - 51% of US companies answered that it is "important" or "very important" for their organizations.

Survey can be downloaded here or Rob Robinson has posted it here on his Complex Discovery blog.

A couple of recent stories provides some tips on creating a document retention policy and my comments are in italics:

• Properly define "document" to include information of all types-electronic or paper, historical or transient business record. Be sure to include all the different types of records. (A good starting place is Wikipedia’s entry for Records Management which points to the ISO definition of a "record" as "information created, received, and maintained as evidence and information by an organization or person, in pursuance of legal obligations or in the transaction of business".)
• Clearly state who and what function is the relevant retention authority for the most widely used categories of documents. (It’s important to have one person, one authority, that everyone can go to with questions about a document and it’s retention status.)
• Indicate the specific duration of retaining different types of documents. (Any good document retention policy that I’ve seen has listed out every document type and its corresponding retention period. They never cover everything but at least it’s a good starting point)
• Balance the needs of legal, IT and general users. This isn’t easy, because everyone has different needs, but doing so is worth it. (It’s always about communication across departments and across the company.)
• Clearly state the reasons that retention is necessary (e.g. Sarbanes-Oxley rules, HIPAA regulations). As those requirements change, the rationale for retention should be reviewed, and any changes to the retention period should be made. (This may be easier said than done, but it’s very important to revisit the document retention policy periodically to ensure that it’s up-to-date and accurate.)
• Give individual divisions or offices the authority to set retention policies for their own operational documents if approved by or coordinated with the General Counsel or Compliance Office. (This may sound antithetical and a little messy, but it can be a functional way to accommodate the different needs of different departments.)

Tips taken from:

"Effective document retention starts with smart policy" from ITBusinessEdge

"Four tips for crafting a document retention policy" from IDG.no

A story on CIO.com entitled "Electronic Discovery: Are You Really Ready?" discusses a survey done by IDC (commissioned by FTI Consulting Inc.) of 118 IT executives on their e-discovery readiness.

In contrast to the majority of surveys on e-discovery preparedness (such as this recent one from Xerox Litigation Services), this story reports that many of their respondents are actually "confident about their current abilities to respond to a litigation event" because a lot more attention is being paid to records management, archiving and information retention policies.

However, the data from the survey highlights an urgent need for organizations to adopt standardized policies and IT practices for activities related to the identification, preservation and collection of potentially responsive data.

The story states that nearly 79% of the IT executives surveyed rated their ability to respond to a litigation event from "above average" to "very well prepared."

Other choice sentences from the story:

IDC’s research concludes that corporations are enforcing the legal hold on an application and content-store basis.

While 86 percent of survey respondents claim to have formalized litigation communications policies in place, adoption of standardized processes and the ability to automate and document communications across records management, legal and compliance departments is lacking.

Approximately 55 percent of the companies surveyed are still in the early stages of automating the litigation communication process, 29 percent are using voice communications and in-person notices and 13 percent are still using paper-based surveys.

I have my usual spate of questions here: What defines an IT executive in this survey? Is it a CIO? An administrator? And are these IT executives at law firms or corporations?

Fortunately, my questions should be answered in the FTI/IDC Webcast on June 19 that will present the full findings from the study.

Link to story.

The Ohio State Bar Association held it’s annual convention on May 14-16, 2008, and I was honored to be invited to speak on the topic of “The Internet and Web 2.0 in the Practice of Law.”

Fortunately, my session was in the afternoon, which allowed me to attend a morning session entitled “Developments in Federal Practice: Discovery and Motions” which featured a magnificent panel of federal district judges from around Ohio. The panel was expertly moderated by Elizabeth “Missy” Wright from Thompson Hine LLP and Charles Faruki of Faruki Ireland & Cox P.L.L.

Judge John R. Adams of the Northern District of Ohio started things off by discussing in detail his Case Management Conference Scheduling Order. He lamented how few attorneys that come before him actually read this order. He also repeatedly emphasized that he always prefers to have parties before him that can fully discuss the case. He highly encourages as much dialog about the case as possible and always likes to have folks before him that have full settlement authority.

Judge Adams noted that e-discovery is becoming a much bigger issue in his court today although he commented that the vast majority of issues that arise are summarily resolved by the parties. He also recognized the Default Standard for Discovery of Electronically Stored Information that have been adopted by the Northern District of Ohio.

Judge Adams commented that he has found parties have generally been working together on e-discovery issues although some disagreements inevitably arise. he mentioned that he has appointed a forensic expert in at least one case to look at a hard drive.

Judge Adams stressed that he knows e-discovery issues are coming and they’re just on the horizon. He also stated that he hopes parties continue to work together in this area.

The other judges on the panel contributed some interesting perspectives on contemporary federal discovery and motion practice, but hardly any of them mentioned e-discovery as a primary concern. I wonder if this is because a) the issue never comes up in front of them; b) parties settle their own e-discovery controversies; or c) it’s simply a non-issue.

(The materials from the session are available on this page, but be aware that they are a 13MB PDF.)

A concise list of seven misconceptions that businesses have about ESI and their e-discovery obligations entitled “Why Your Business May Be At Risk…” from The Metropolitan Corporate Counsel. The authors are three attorneys from the New Jersey law firm Norris McLaughlin & Marcus.

Here are 5 of my favorite from the list:

1. Since we are not presently involved in a lawsuit, there is no need to concern ourselves with these new rules. The reality is that there need not be an active lawsuit or court order in place for there to be an obligation on a business to preserve ESI.
2. If we were required to save data every time a lawsuit is threatened, our company would be crippled and we’d lose our business. The reality is that the new rules recognize this problem and provide that a party need only preserve relevant ESI.
3. Even if we were to lose relevant ESI evidence, the loss was accidental and not intended to destroy harmful information; surely a court would understand. The reality is that even accidental or innocent loss of relevant ESI is sanctionable when it could have reasonably been prevented.
4. Many of our employees work from home and use their own personal computers; therefore, we don’t have to worry about those computers. The reality is that the new rules widen the scope of ESI to include personal home computers, cell phones, copy machines, fax machines, voice-mail, instant messaging, PDAs, websites, flash drives, etc. As long as your employees are working for you, it does not matter where they are located or what device they are using to generate electronic information related to your business.
5. We’re too small of a business to have to worry about these changes. The reality is that if you are a business with a computer or any other device that generates electronic data, you are within reach of the new rules.

Link to story.

Tom O’Connor authors the cover story for the May 2008 issue of Law Technology News entitled “Defining Documents.” Tom makes the excellent case that litigators in the digital age must move away from a page-centric attitude and focus instead on the whole document.

Electronic files do not have pages. Pages only happen when you reduce an electronically stored file to paper. The only reason that Microsoft Word or Adobe Acrobat offers a page view is because they know you’re eventually going to print the document. Web pages, Excel spreadsheets, and e-mail messages don’t have pages when you view them on your computer screen.

Most lawyers, however, cannot conceive of a document without considering the page count. If you insist on knowing the page count of an e-mail message, then the message must be processed to a TIFF image which is the electronic equivalent of printing the file. Not only is this an unnecessary step, but Tom points out that it’s also expensive and time-consuming.

To shed a little more light on the topic, the editor of Law Technology News, Monica Bay, interviewed Tom on her Law Technology Now podcast (playable online here from the Legal Talk Network). Tom explains that attorneys are “very wed” to the traditional Bates numbers that have managed documents for years in the legal world. The equivalent of a Bates number for electronic files is a hash function which is a unique string of numbers that can be applied to each individual, all-inclusive file. For more information on this concept, visit Ralph Losey’s blog post “The Days of the Bates Stamp are Numbered.”

Tom’s article provides a couple of options for getting around our page-centric thinking, but it mainly comes down to finding a comfort level with reviewing documents in their native format. The default should not be to have the documents automatically printed, or scanned, or processed to TIFF. Instead, we must consider keeping the documents in their native format and being open to new methods for referencing each document, moving away from the Bates stamp.

Tom states it well:

Attorneys and clients who focus on a document-based system will save time and money and can conduct native file review. In today’s world of vast quantities of electronic documents, the days of the Bates stamp are numbered.

Link to article.

In a fascinating February 18, 2008 opinion, Magistrate Judge John M. Facciola references the Federal Rules of Civil Procedure regarding electronically stored information (ESI) in a seemingly mundane federal criminal matter.

United States v. O’Keefe Case No. Cr. 06-249 (D.D.C. February 18, 2008) charges the defendant (formerly employed with the U.S. Department of State stationed in Canada) with accepting "gifts and other benefits" from a co-defendant in exchange for expediting visa requests for employees of the co-defendant’s company.

Judge Facciola recognizes:

"In criminal cases, there is unfortunately no rule to which the courts can look for guidance in determining whether the production of documents by the government has been in a form or format that is appropriate. This may be because the ‘big paper’ case is the exception rather than the rule in criminal cases."

and continues:

"It [would be] foolish to disregard [the Federal Rules of Civil Procedure] merely because this is a criminal case, particularly where, as is the case here, it is far better to use these rules than to reinvent the wheel when the production of documents in criminal and civil cases raise the same problems."

This is an intriguing but embraceable statement. Criminal cases can experience the same issues of collection and preservation of ESI that a civil matter would see. And since the issues have been (and continue to be) thoroughly vetted in the civil litigation world, there’s no reason that they can’t be equally applied in a criminal matter.

Judge Facciola details the search activities of the government which are disturbing at some points. I share Ralph Losey’s concerns that there was no mention of an attorney being involved when the Visa Unit Chief of the United States Consulate General in Toronto, Canada (presumably the defendant’s former supervisor) conducted the search for paper records and "responsive emails." Ralph does an excellent job of referring to the duties directed upon legal counsel to communicate with the key players to better understand how potentially relevant information is stored and located.

The more noteworthy issue in the opinion that others have commented upon is in the second to last paragraph where Judge Facciola writes that developing a set of "search terms or ‘keywords’ … is a complicated question involving the interplay … of the sciences of computer technology, statistic and linguistic."

Judge Facciola continues:

"Given this complexity, for lawyers and judges to dare opine that a certain search term or terms would be more likely to produce information than the terms that were used is truly to go where angels fear to tread. This topic is clearly beyond the ken of a layman and requires that any such conclusion be based on evidence that, for example, meets the criteria of Rule 702 of the Federal Rules of Evidence."

Mark Foley in his article "Expert Testimony May Be Needed for E-Discovery Keyword Searches" suggests that taking Judge Facciola’s comments literally would mean that any objection to a list of search terms would need to be supported by the testimony of an expert in the field of computer science, statistics, and/or linguistics.

I don’t believe Judge Facciola intends for us to take his comments to that extreme, but it does highlight the absolute necessity to seek agreement on search terms early and quickly. It’s also advisable to employ an expert to review the search terms, or at least earnestly discuss the issue with your e-discovery vendor. Some attorneys who may be more familiar with Westlaw or Lexis or Google type searches insist on developing a lengthy keyword list to circumvent the fear of "missing something." While I understand the concern, a foolhardy and over-broad keyword list will end up costing a party much more time and money in the long run.

My postings have been a little sparse lately due to several speaking engagements I’ve been grateful to have on my calendar.

First, I gave a presentation entitled "SaaS: The Time is Now" at the Litigation Support Leaders SuperConference down in Houston last week (Thursday 3/6). My presentation expanded on the themes I explored in my Law.com column entitled "SaaSsy Litigation Support."

I had been looking forward to this conference for a while (although I was disappointed that I had to leave early for another speaking engagement on Friday, March 7). There have not been many conferences specifically for litigation support professionals and I was thrilled to see that Chere Estrin and her group, Estrin LegalEd, used their conference-planning abilities to bring together the powerhouse of speakers for the event including:

• Tom O’Connor
• George Socha (more info on presentation)
• Michael Arkfeld (more info on presentation)
• Henry Alonso
• Lisa Rosen (more info on presentation)
• Charlotte Riser Harris (more info on presentation)
• "More info" posts courtesy of Monica Bay who was also present at the conference

The only other conference that I am aware of at the moment that is specifically geared towards litigation support professionals is The International Litigation Support Leaders Conference sponsored by the Litigation Support Today magazine. I have not been invited to speak at this conference, but I know the keynote by Browning E. Marean III will be worth the price of admission alone!

I hope that both organizations are realizing the benefits in marketing directly to litigation support professionals rather than the traditional audience of attorneys and/or paralegals. This shows the growing importance of the litigation support role.

Today I’m heading over to Chicago to attend the not-to-be-missed ABA TECHSHOW Thursday (3/13) through Saturday (3/15). There are some fantastic presentations in the E-Discovery Track (sort by "E-Discovery" on this page) and yours truly will be giving a presentation entitled "Small Volume E-Discovery: One Hard Drive Could Make, or Break, Your Case" on Friday along with Todd Flaming of Schopf & Weiss LLP.

Other wonderful highlights of this year’s TECHSHOW include the keynote on privacy and the Internet and the new tracks called "Large Firm/Corporate Counsel" and "Mac Track."

Craig Ball posted his insightful “Crystal Ball” predictions for the future of e-discovery in the January 2008 issue of Law Technology News. That inspired me to compile a list of other e-discovery prognostications from around the Web.

I am thrilled to see Craig Ball highlight virtual machines as an important trend for the collection of electronically stored information (ESI). I don’t hear many e-discovery vendors talking about this trend, but I do see a lot of IT professionals reporting the glories of virtualization. That means if you’re collecting ESI, you will encounter virtual environments so you better be prepared.

Next, Craig declares that “data is the ultimate portable commodity” because personal information today increasingly lives on portable media and the Internet. Who doesn’t have a USB memory stick? I have friends that use “portable apps” to transport their entire digital world (office work, e-mail, etc.) back and forth from the office.

Now we’re hearing more and more about “cloud computing” where applications and data storage are dispensed from server farms rather than local computers. For example, e-mail is handled completely online by Gmail, documents are hosted by Zoho Office, billing/invoicing is done by Freshbooks, projects are managed in Basecamp, and contacts are stored on Salesforce.

This prediction is echoed by Dennis Kennedy, who recognizes “EDD in the Cloud” as one of the three most important e-discovery trends out of his broader list of 26.

Those of us involved in electronic discovery must stay aware of these trends because we cannot afford to fall into the trap of thinking that everyone keeps their documents on their C: drive just because we do. Not everyone will keep their data in the cloud, but you can’t afford to leave that stone unturned.

Similarly, law firms and corporations who are reviewing large collections of documents for litigation are electing to host those files in the cloud rather than taxing their internal resources. This was a trend that Dennis raised in his legal technology trends for 2007. Craig Ball predicts that low-cost desktop review tools will become more popular while declaring that “hosted production” will soon become accepted:

“We bank and do our taxes online. Soon we’ll receive and review ESI the same way.”

The desktop review tool can simply be pointed to wherever the data lives - locally on a LAN, or across the world on a server farm.

Inspired by Craig Ball’s predictions, Tom O’Connor predicted five “general trends” for 2008.

Tom first posits that runaway spending in e-discovery will level off in 2008. I hope he’s right.

Tom also declares that “tension between corporate counsel and outside counsel will increase” as corporations strive to cut costs. Tom is right on the money here because corporate counsel are getting much better at educating themselves on e-discovery rather than blindly relying on their outside counsel.

This view is shared by Neil Squillante over at TechnoLawyer, who put forth some of his own predictions this year. Neil promotes what he calls the “apotheosis of the general counsel”:

“…with the rise of electronic discovery, corporate counsel find themselves in need of technology solutions that didn’t exist five years ago. Chief among these — applications for archiving email and other documents in anticipation of lawsuits, and applications for preserving and culling relevant documents from these archives after being sued but before engaging outside counsel.”

I wholeheartedly agree with Tom O’Connor’s third prediction: “growth in the market will occur at the state and local level.” I’ve written about the states adopting e-discovery rules before, and it is inevitable that lawyers who litigate in the state and local courts will have to deal with ESI, regardless of their penchant for avoiding it.

There will be some interesting action in the e-discovery space this year - some bad and some good. I continue to be amazed at how the inclusion of electronic data transforms the world of litigation. The practice of law is so dependent upon tradition for its survival, which means that change always comes slow. But dealing with e-discovery requires new strategies and new knowledge. There is no doubt that the legal profession will adapt (lawyers are constantly learning), it’s just going to be a bumpy ride.