Stipulations for Discovery of ESI: America’s Next Top Model

In federal court—and in most state courts—parties must meet and confer at the beginning of the litigation to discuss various case management issues, and hopefully reach stipulated agreements about those issues. The discussions must address the discovery of electronically stored information, a subject that in too many cases causes needless amounts of disagreement, delay, expense, and overall angst among the litigants and counsel.

Why is the negotiation of ESI stipulations so difficult? For starters, many matters have an imbalance of e-discovery experience on opposite sides of the “v.” That imbalance can lead to protracted negotiations and difficulty in reaching practical, effective agreements. Another asymmetry often present in litigation can also pose ESI discovery challenges—where one party possesses a disproportionate amount of ESI subject to discovery (and thus bears an unequal burden), it can be more difficult for the parties to reach agreement. But even in symmetrical litigation, where both sides engage experienced, technically-savvy counsel, the complexity of e-discovery today (and the quick-changing nature of the technology we use) can still present obstacles to the efficient agreement of ESI stipulations.

Legal Technology Professionals Institute Stipulations of ESI Discovery

Enter LTPI to the rescue. The Legal Technology Professionals Institute is a non-profit trade association created for and run by legal technology professionals, which aims to represent the common interests of all participants in the legal technology industry. A cross-section of experienced industry professionals participate in its projects, with the goal of providing operational and ethical standards, best practices, guidelines, resources, forums, and public advocacy. I am proud to serve on LTPI’s Advisory Panel, and to work on one of the organization’s first projects—the publication of a model ESI Stipulations agreement.

Model ESI Stipulations Agreement

By creating a model agreement, we hope to give counsel and litigants of all levels of e-discovery experience a reasonable, practical starting place for their ESI discovery negotiations. The drafting team included legal technologists, defense-side litigation counsel, plaintiff-side litigation counsel, and in-house corporate counsel. Of course, there is no one-size-fits-all-cases agreement, and litigants will need to think critically about our suggested provisions before proposing or agreeing to them. But our document is a good place to start, and it covers a comprehensive list of issues. Please take a look at our public comment draft, which is open for feedback. This model agreement is a work in progress—we welcome your input, and intend to make frequent updates to reflect changes in technology and best practices.

And while you’re there, take a look at the very first project we launched, the Production Glossary. The glossary is designed as an educational resource on terminology used in connection with producing electronically stored information.  While a number of useful industry-wide glossaries exist, we could not find one that specifically discussed document production, nor one that discussed not only the “what,” but also the “why”—so we created one.

Finally, if you’re a legal technology professional, please consider joining LTPI. We’re looking for new members, especially if you’ve got great ideas for industry resources and the enthusiasm to bring your ideas to life!

“Deflategate” and Text Messages: e-Discovery Lessons

E-Discovery finds itself in the headlines of the mainstream media again. This time, the general public gets a chance to learn about the discoverability of text messages—and the potential consequences of evidence spoliation—thanks to Tom Brady and the “deflategate” scandal. (For those of you who don’t follow sports, “deflategate” refers to allegations that the New England Patriot’s quarterback played with deliberately deflated footballs in the team’s victory over the Indianapolis Colts in the AFC Championship.)

Deflategate Text Messages and eDiscoveryAs reported by CNN Money, on the day the NFL first interviewed Brady about deflategate, he directed his assistant to destroy his Samsung phone and its SIM card. Specifically, Brady instructed him “to destroy the phone so that no one can ever, you know, reset it or do something where the information is available to anyone.” Stored on the destroyed phone were thousands of text messages Brady sent before and after the game, which the NFL sought to review to assess Brady’s potential involvement in deflating the game balls below the required air pressure.

So, if this matter ends up in court, do we have a clear-cut case of spoliation? And grounds for sanctions? Maybe. Maybe not. One of the questions a judge will need to answer is whether the texts truly are unavailable. The CNN article gives a good explanation of how text messages from a destroyed or lost phone might still be available in the cloud or on some other remote server. And the judge also will have to assess Brady’s culpability in destroying the phone. The requisite state of mind for a finding of sanctionable spoliation depends on the jurisdiction (state, federal). And if in federal court, it will depend on whether the proposed new version of FRCP 37 has taken effect and created a uniform national standard for spoliation sanctions.

In the meantime, Brady has taken to social media to tell his side of the story. My e-discovery advice to him? Better not delete that Facebook post.

Have questions about spoliation of evidence, sanctions, or the upcoming amendments to the Federal Rules of Civil Procedure? Contact me and let’s chat.

Data Security and Privacy in Discovery – Finally Getting the Attention it Deserves

Data Security and Privacy in DiscoveryLast week at LegalTech West, as part of DiscoverReady’s Corporate Counsel CLE track, I facilitated a panel discussion on “Managing Data Security and Privacy in Discovery.” And I had the very good fortune of moderating a panel comprised of three experienced, smart, engaging in-house data security and privacy experts—along with one equally impressive law firm attorney with a national reputation for his expertise in this area. The presentation was so well received that I thought I’d share some highlights here on our blog.

Early in the program Amie Taal, Vice President of Digital Forensics/Investigations at Deutsche Bank, expressed her gratitude that data security and privacy in legal matters finally is getting the attention it deserves. The rise of information governance in the age of big data is one driving force, helping to land data security and privacy on the desks of C-suite executives. But unfortunately another factor is the heightened risk from cybercrime and fraud. With reports of data breaches on the front page of newspapers almost daily, and with the average cost of a breach approaching $150 million, organizations have no choice but to address security and privacy in every facet of their business. All of the panelists agreed that another major influence in this area is the globalization of business, and the need for all organizations—regardless of where they call home—to understand and respect the privacy laws of countries around the world.

John Davis, Executive Director and Counsel for Global eDiscovery at UBS, suggested that with respect to litigation and regulatory discovery, legal departments should develop sound, overarching policies and procedures around data security and privacy proactively, before a specific need arises for a particular legal matter. Those procedures should include vetting service providers and law firms ahead of time, and establishing detailed security and privacy expectations for those providers. John observed that law firms historically received less scrutiny than service providers and vendors, because of the their privileged status as trusted advisors. But in today’s environment law firms no longer can escape that scrutiny—indeed, as holders of their clients’ most secret and valuable information, law firms must step up and develop security protocols equal to other providers.

Speaking of law firms stepping up—Scott Carlson, Chair of the eDiscovery and Information Governance Group at Seyfarth Shaw, explained how his firm became a leader in this area. Seyfarth emerged as one of the first firms to recognize the need for better information security, and to develop and implement best practices. At his firm, a strong CIO played a pivotal role. From there, good training for lawyers and staff was key, along with a gradual but permanent change in the culture around data security. Now the firm conducts—and passes—the most stringent audits and penetration testing its clients can demand.

In the context of legal discovery, however, trusting your law firms and service providers isn’t enough. At some point, an organization will have no choice but to produce highly sensitive and private information to an adverse party. When that adversary is an opponent in civil litigation, many of the tried-and-true methods can adequately protect that information. Strong protective orders, attorneys-eyes-only designations, Federal Rule 502(d) orders, and the use of third-party hosted repositories remain valuable solutions. But Patrick Zeller, Director and Senior Counsel for eDiscovery and Privacy at Gilead Sciences, observed that those solutions are worthless in certain matters—namely, when the party requesting your information is the U.S. Government. If the information must be produced to an agency subject to FOIA, it can be tricky to ensure that sensitive data isn’t made public in response to a FOIA request. Even more troubling: if the information must be produced to the legislative branch, representatives can introduce it on the open floor of the House or Senate! Never mind that disclosing the information was impermissible; the parliamentary privilege prevents prosecution.

Another point on which the entire panel agreed—effective screening and searching for sensitive and private information in large document collections must incorporate cutting-edge technology. We are past the point where we can hire huge teams of human document reviewers and expect them to be effective. Organizations need to consider predictive coding and other advanced analytics—including tools already being used by big data—to help them find and isolate information warranting heightened security and privacy protection.

Thanks to all four panelists for a lively discussion! Our sole complaint was having only an hour to cover this complex, wide-ranging topic. And LegalTech kudos to my colleague Amy Hinzmann, who also moderated a terrific panel. LegalTech News reported on her standing-room-only presentation, in which four in-house counsel discussed the unique e-discovery challenges in government investigations and regulatory actions.

All of us at DiscoverReady had a great experience at LegalTech West—we look forward to seeing you early next year at LegalTech New York!

 

To learn about DiscoverReady’s industry-leading data security and privacy program, contact us, and we’ll arrange an introduction with a member of our information security team.

The Internet of Things — Let the Litigation Commence

The Internet of ThingsLast year I posted on our blog about the “Internet of Things,” and explored some ideas about how the IoT could generate new types of litigation and create complex challenges for e-discovery practice. At the time of my post, there were no reported cases in the U.S. implicating an IoT device, so my discussion was largely theoretical. (A case from Canada garnered some attention last year; it involved evidence from the plaintiff’s Fitbit device, which she used to support her personal injury claims.)

But not long ago the theoretical turned into reality, when a group of plaintiffs sued automakers Toyota, Ford, and General Motors. In their proposed nationwide class action, plaintiffs allege that the defendants sold unsafe cars, because their internet connectivity creates vulnerability to hackers, who could hypothetically take control of the cars’ breaking, acceleration, and steering. According to the complaint, “Defendants failed consumers … when they sold or leased vehicles that are susceptible to computer hacking and are therefore unsafe. Because Defendants failed to ensure the basic electronic security of their vehicles, anyone can hack into them, take control of the basic functions of the vehicle, and thereby endanger the safety of the driver and others.”

This lawsuit raises many interesting issues at the intersection of technology and law. But perhaps most significantly from a legal perspective, the plaintiffs do not allege that any car has actually been hacked yet. The suit rests on the mere possibility that such hacks could take place. Is that enough to sustain legal claims? Could other plaintiffs succeed with allegations that personal health and fitness information generated by a Fitbit might fall into the wrong hands? Or that an internet-connected pacemaker potentially could be hijacked, and its wearer murdered? To some extent, this issue may be clarified by the Supreme Court next term, when it hears Spokeo, Inc. v. Robins, No. 13-1339. In Spokeo, the Court will decide whether a plaintiff has standing to sue if she has not suffered any actual injury, but can nevertheless prove a violation of some federal statute. If the Court answers in the affirmative, the repercussions in class action practice—and potential ligation about IoT threats—could be quite broad.

In the meantime, what are some takeaways for e-discovery practitioners looking to stay abreast of IoT developments? Primarily, counsel your clients to think ahead about the legal risks of IoT data in their business, and what they can do to mitigate those risks. Encourage them to incorporate IoT devices into their information governance programs. Help them develop contingency plans for preserving and collecting IoT data reasonably likely to become relevant in litigation. And brainstorm with them about ways to affirmatively use IoT data to defend or support existing types of litigation—this information can create risk, but it can also create opportunities.

To brainstorm with DiscoverReady about the discovery implications of IoT litigation, contact us, and we’ll arrange an introduction with a member of our e-discovery consulting team.

 

How to Go Where Angels Fear to Tread: Best Practices for Developing and Negotiating Keyword Search Terms

In United States v. O’Keefe, United States v. O’Keefe, 537 F. Supp. 2d 14 (D.D.C. 2008), former U.S. Magistrate Judge John Facciola tackled the subject of using keyword search terms to help identify relevant documents for production in discovery. Observing that the proper use of search terms involves “the sciences of computer technology, statistics and linguistics,” the Judge offered the now famous quip that, for lawyers and judges to opine on the effectiveness of a given set of search terms “is truly to go where angels fear to tread.”

Yet litigators go there all the time. (They are a fearless bunch, to be sure.) Here at DiscoverReady, when we consult with clients on projects that involve the use of search terms to cull document collections, we encourage them to follow a few best practices. In a nutshell, the use of search terms should involve: (1) a collaborative, iterative, negotiated approach with the other side, and (2) statistical sampling and measurement to test and validate the results.

We recently gained some additional judicial support for this approach in an order from Magistrate Judge Donna Ryu of the Northern District of California. In In Re: Lithium Ion Batteries Antitrust Litigation, N.D. Cal. (Feb. 24, 2015), the court resolved a dispute between the parties regarding the final details of a mostly-agreed-upon protocol for using search terms. The plaintiffs insisted that, if a quantitative analysis of a challenged search term couldn’t resolve the dispute, defendants must turn over a qualitative sampling of some randomly selected “false positive” (not relevant) documents being returned by the search. Defendants objected to this aspect of the protocol, on the grounds that the federal rules do not entitle plaintiffs to obtain non-responsive, irrelevant documents in discovery.

The judge agreed with plaintiffs, noting that “the best way to refine searches and eliminate unhelpful search terms is to analyze a random sample of documents, including irrelevant ones, to modify the search in an effort to improve precision.” The court went on to explain:

[A] random sample that shows that a search is returning a high proportion of irrelevant documents is a bad search and needs to be modified to improve its precision in identifying relevant documents. The proposed sampling procedure is designed to prevent irrelevant documents from being reviewed or produced in the litigation, and will obviate, or at least clarify, motion practice over the search terms themselves.

But recognizing Defendants’ concern that the sampling protocol would result in the production of irrelevant information to which Plaintiffs have no right, the court ordered protections to guard against the production of any privileged or otherwise sensitive documents in the sample. Indeed, Defendants were given the right to “remove any irrelevant document(s) from the sample for any reason, provided that they replace the document(s) with an equal number of randomly generated document(s)” (emphasis added).

In my view, Lithium Ion underscores the idea that lawyers need to loosen their death grip on the notion that irrelevant documents should never voluntarily be produced in discovery. Sure, the other side is not entitled to see non-responsive documents. But if producing a small sampling of them while engaged in search term optimization will reduce motion practice, streamline the discovery process, and save both sides time and money, why not permit the opposing party to see some? Of course, such a voluntary production needs to have safeguards similar to those from Lithium Ion. And in some matters, there may be valid reasons to resist such a process. But in many instances, a facilitative approach to discovery is the better way.