e-discovery 2.0

Google has publicly released the number of U.S. Government requests it had for email productions in the six months preceding December 31, 2009.  They have had to comply with 94% of these 4,601 requests.  Granted, many of these requests were search warrants or subpoenas, but many were not.  Now take 4,601 and multiply it by at least 3 for other social media sources for Facebook, LinkedIn, and Twitter.  The number is big – and so is the concern over how this information is being obtained.

What has becoming increasingly common (and alarming at the same time) is the way this electronically stored information (ESI) is being obtained from third party service providers by the U.S. Government. Some of these requests were actually secret court orders; it is unclear how many of the matters were criminal or civil.  Many of these service providers (Sonic, Google, Microsoft, etc.) are challenging these requests and most often losing. They are losing on two fronts:  1) they are not allowed to inform the data owner about the requests, nor the subsequent production of the emails, and 2) they are forced to actually produce the information.  For example, the U.S. Government obtained one of these secret orders to get WikiLeaks volunteer Jacob Applebaum’s email contact list of the people he has corresponded with over the past two years.  Both Google and Sonic.net were ordered to turn over information and Sonic challenged  the order and lost.  This has forced technology companies to band together to lobby Congress to require search warrants in digital investigations.

There are three primary laws operating at this pivotal intersection that affect the discovery of ESI that resides with third party service providers, and these laws are in a car wreck with no ambulance in sight.  First, there is the antiquated Federal Law, the Electronic Communications Privacy Act of 1986, over which there is much debate at present.  To put the datedness of the ECPA in perspective, it was written before the internet.  This law is the basis that allows the government to secretly obtain information from email and cell phones without a search warrant. Not having a search warrant is in direct conflict with the U.S. Constitution’s 4th Amendment protection against unreasonable searches and seizures.  In the secret order scenario, the creator of data is denied their right to know about the search and seizure (as they would if their homes were being searched, for example) as it is transpiring with the third party.

Where a secret order has been issued and emails have been obtained from a third party service provider, we see the courts treating email much differently than traditional mail and telephone lines.  However, the intent of the law was to give electronic communications the same protections that mail and phone calls have enjoyed for some time. Understandably, the law did not anticipate the advent of the technology we have today.  This is the first collision, and the reason the wheels have gone off the car, since the standard under the ECPA sets a lower bar for email than that of the former two modes of communication.  The government must only show “reasonable grounds” that the records would be “relevant and material” to an investigation, criminal or civil, compared to the other higher standard.

The third law in this collision is the Freedom of Information Act (FOIA).  While certain exceptions and allowances are made for national security and in criminal investigations, these secret orders are not able to be seen by the person whose information has been requested.  Additionally, the public wants to see these requests and these orders, especially if they have no chance of fighting them.  What remains to be seen is what our rights are under FOIA to see these orders, either as a party or a non-related individual to the investigation as a matter of public record.  U.S. Senator Patrick Leahy, (D-VT), the author of the ECPA, acknowledged in no uncertain terms that the law is “significantly outdated and outpaced by rapid changes in technology.”   He has since introduced a bill with many changes that third party service providers have lobbied for to bring the ECPA up to date. The irony of this situation is that the law was intended to provide the same protections for all modes of communication, but in fact makes it easier for the government to request information without the author even knowing.

This is one of the most important issues now facing individuals and the government in the discovery of ESI during investigations and litigation.  A third party service provider of cloud offerings is really no different than a utility company, and the same paradigm can exist as it does with the U.S. Postal Service and the telephone companies when looking to discover this information under the Fourth Amendment, where a warrant is required. The law looks to be changing to reflect this and FOIA should allow the public to access these orders.  Amendments to the Act have been introduced by Senator Leahy, and we can look forward to the common sense changes he proposes that are necessary.  The American people don’t like secrets. Lawyers, get ready to embrace the revisions into your practice by reading up on the changes as they will impact your practices significantly in the near future.

As a proxy for risk assessment, many legal practitioners are simply asked, “What keeps you up at night?”  Aside from (i) small children and (ii) spicy Thai food, it’s becoming increasingly clear that eDiscovery is moving to the head of this inauspicious list, particularly for corporate boards, which now view risk management and regulatory compliance as their top concerns.

In a recent survey, BDO queried more than 100 directors at public companies with revenues between $250 million and $750 million and found that risk management factored heavily into the survey’s findings.  Over half of respondents identified managing risk as the topic they should be spending more time on, with 61% saying that their liability risk has increased during the financial downturn.

“In recent years, the responsibilities of corporate boards have grown considerably and much of their time has been dedicated to responding to new regulatory requirements,” says Wendy Hambleton, a partner in BDO’s corporate governance practice, in a statement about the survey. “What we are seeing in this study is a willingness of boards to take a more proactive role in risk management and it seems to be related to the risk they face as directors.”

On a similar risk management theme, another survey queried general counsel about what keeps them up at night.  Of these nearly 500 directors and GCs, 56% cited electronic discovery for litigation and investigation, which represented a marked increase since 2007, when only 36% of general counsel said they had the same nightmares.

This increasing concern around compliance and information governance isn’t surprising giving that the regulatory environment (FCPA, UK Bribery Act, Dodd-Frank, etc.) is much more rigorous than it was even a few years ago.  And, the fears are that this supercharged regulatory environment will only increase in fervor, with the majority of GCs feeling strongly that it will be the single biggest contributor to their workload through the rest of this year and leading into 2012.

What is interesting about these concerns is the disconnect between the very real fears and the lack of action – since many practitioners simply aren’t taking proactive steps to mitigate their information governance risks.  In an extension of the nightmare analogy, it’s like repeatedly watching scary movies right before bedtime and then being surprised when Freddy Kruger shows up in their dreams.

As noted previously, Symantec’s recent Information Retention and eDiscovery Survey revealed how blissfully ignorant some enterprises are about their shoddy information governance hygiene. Despite the numerous risks that are keeping so many up at night, the survey found nearly half of the respondents did not have an information retention plan in place, and of this group, only 30% were discussing how to do so.  Most shockingly, 14% appear to be ostriches with their heads in the sand and have no plans to implement any retention plan whatsoever.  When asked why folks weren’t taking action, respondents indicated lack of need (41%), too costly (38%), nobody has been chartered with that responsibility (27%), don’t have time (26%) and lack of expertise (21%) as top reasons.

While it is important to get a good night’s sleep, it isn’t wise to slumber through the night with an army of ESI zombies ravaging your house, particularly when it’s possible to implement even the most basic information governance plans.  It’s beyond blissfully ignorant to ignore real risks and snooze away during what is assuredly an escalating regulatory climate.  Instead, put the best possible people, processes and technology in place, and start again, well rested, in the morning.

The Ninth Circuit unequivocally extended the protections of the Electronic Communications Privacy Act (“ECPA”) to foreign citizens yesterday.  In Suzlon Energy Ltd. v. Microsoft Corp. — F.3d — (9th Cir. 2011), the court held that the ECPA protects the emails of non-citizens that are stored in the United States from disclosure.

At issue were various emails belonging to an Indian citizen that were stored in his Microsoft Hotmail account.  Relying on the plain language of the statute, the district court rejected the plaintiff energy provider’s request that Microsoft turn over the emails for use in an Australian-based legal proceeding.  The Ninth Circuit agreed, finding that the protections of the ECPA expressly encompassed “any person” whose emails were stored “on a domestic server, by a domestic corporation.”

The Suzlon Energy opinion has three additional noteworthy points.  First, the Ninth Circuit declined to create by judicial fiat a “civil litigation” exception that would allow the production of the emails.  Such an exception would have eviscerated the privacy concerns regarding electronically stored communications that Congress specifically invoked in enacting the statute.

The court also refused to find that the defendant’s status as a party to litigation constituted “implied consent” to the production of his Hotmail emails.  Such a finding is consistent with other jurisprudence holding that participation in legal proceedings does not waive the protections of the ECPA.

Last but not least, the court’s holding applies only to emails stored in the United States.  It does not apply to information maintained or acts that occurred beyond the United States.

The Suzlon Energy case represents a growing chorus of opinions that have toughened the privacy protections of the ECPA.  As more courts follow the lead of the Ninth Circuit on the ECPA, the clamor for Congress to enact amendments that would modernize the statute will undoubtedly increase.  Stay tuned; the fight over privacy on the internet is just beginning.

In the eDiscovery universe, hot trends and evolving technologies tend to capture the attention of the legal community.  Discoverable data sources have been the focus in the courtroom for quite some time, and just like the “popular kids” from high school, email has held the crown of eDiscovery darling.  Not surprisingly, the more time end-users spend in a specific medium (on Facebook, for example), the more likely data will be created – and as that data multiplies, it has the potential to become compelling in discovery.  It seems that many U.S. organizations are electing to allow social media use at work and for work, rather than blocking access.  For obvious reasons, granting this access is culturally desirable, but from an eDiscovery perspective social media use introduces new complications.  However, don’t be mystified.  There is nothing that new here.

Recently, Symantec issued the findings of its second annual Information Retention and eDiscovery Survey, which examined how enterprises are coping with the tsunami of electronically stored information.  Having lost some popularity, email came in third place (58%) to files/documents (67%) and database/application data (61%) when respondents were asked what type of documents were most commonly part of an eDiscovery request.  The new kid on the block for data sources is social media, reported by 41% of those surveyed.  Social media is in essence no different than any other data type in the eDiscovery process, it’s just the newest.  Said another way; social media is the new email.

Of course, it’s no longer news to proclaim that communications from social networking sites are discoverable.  What is newsworthy is the question of how to effectively store, manage and discover these communications which come in such varying forms, making the logistics of doing so for social media different than for traditional mediums.  Like email, social media is used by everyone (ubiquitous), is viral (fast), has mixed uses (professional and personal) and there is a lot of it (high volume).  Unlike email, social media comes in many different forms (Facebook, LinkedIn, Twitter, etc.), is not controlled within an organization’s firewalls (custody, possession and control issues), and has more complex requirements within the information governance lifecycle (technology is needed to ingest social media into an archive).

The two main areas to examine in relation to social media use and an organization’s policies are: 1) the legal issues that apply specifically to the organization, and 2) the logistical and technical requirements for preservation and collection.  Essentially, what is the organization’s policy surrounding social media use, and how can the information be accessed if need be? Luckily, technology exists that is nimble enough to be able to ingest social media and archive it in accordance with an organization’s policy, should one exist.  Organizations that have recognized social media as the newest kid on the block have, ideally: developed a social media policy, purchased (or deployed) collection and retention technology, and instituted training for their employees.  They have also integrated social media into their information governance strategy and document retention policy. Remember, not all organizations will have to archive social media, but all should address social media with a policy and training.

Other organizations have not accepted social media as part of the evolutionary process of eDiscovery.  They proceed at their own peril – as did the organizations that did not control their email some ten years ago!

These organizations will be in crisis when they need to collect social media for litigation and will most likely have a large lesson in damage control, as well as an equally large bill.  They will be uneducated, ill-prepared and overwhelmed about how to discover social media.  Without a policy, they will have to over collect by default, which will drive up the costs for collection and possibly for downstream review.  Given that the aforementioned survey found nearly half of the respondents did not have an information retention policy in place, and of this group, only 30% were discussing how to do so, it is likely that many of these organizations do not yet have a social media policy either.

With this background in mind, organizations should evaluate which laws and regulations apply to their organization, develop a policy and train their employees on that policy.  Plus ça change, plus c’est la même chose.

For more information about how IT and Legal can manage the impact of social media on their organization and to learn how archiving social media can be accomplished, please join this webcast from Symantec.

It is axiomatic that the law helps those who help themselves.  Perhaps nowhere is that truism more applicable than in the context of electronic discovery.  The organization that implements an effective information governance strategy – including developing reasonable data retention policies – will likely avoid court sanctions and reduce its legal costs.  This was confirmed in a recent industry survey, which found that organizations “help themselves” when they develop information retention policies.  According to the survey, better retention practices drive dramatically better outcomes in litigation, particularly in the context of retention and preservation.

Such a finding is echoed by a recent case issued from the District of Indiana.  In Haraburda v. Arcelor Mittal U.S.A., Inc. (D. Ind. June 28, 2011), the court tied a litigant’s preservation duty to its document retention efforts.  In order to discharge its duty to reactively preserve evidence, the court reasoned that enterprises must proactively create “a ‘comprehensive’ document retention policy that will ensure that relevant documents are retained.”  Failing to implement a retention policy often results in a loss of key information.  And this, opined the court, may result in sanctions.

Such a finding is not limited to an isolated case.  Court decisions from across the United States in 2011 have found the same connection; better data retention practices yield more successful document preservation results.  For example, in the E.I. du Pont de Nemours v. Kolon Industries (E.D. Va. April 27, 2011), the plaintiff manufacturer defeated a sanctions motion due to its effective information retention procedures.   The manufacturer implemented a document retention policy that typically kept emails from former employee accounts for 60 days, after which the emails were overwritten and deleted.   Among the emails deleted pursuant to that policy were several that the defendant argued were relevant to its counter-claims.  The DuPont court declined to impose sanctions, however, since the emails in question were overwritten before the duty to preserve was triggered.  Instead, the court lauded the manufacturer’s preservation efforts, finding that it “took positive steps reasonably calculated to ensure that information . . . was preserved for litigation.”  Because the manufacturer faithfully observed its established retention policy, it reduced a stockpile of email, made relevant documents unavailable for discovery and was still protected from court sanctions.

Similarly, in Viramontes v. U.S. Bancorp (N.D.Ill. Jan. 27, 2011), the defendant bank relied on its data retention protocols to stave off a sanctions motion after deleting several years of email.  Because those emails were destroyed pursuant to a neutral retention policy before a preservation duty attached, the bank was protected from sanctions under the Federal Rule of Civil Procedure 37(e) safe harbor for the destruction of electronic information.

The converse, of course, is also true.  Those organizations that failed to implement effective retention policies have fared poorly in discovery because they have not preserved relevant ESI.  Take the defendant, for instance, in Northington v. H & M International (N.D.Ill. Jan. 12, 2011).  The court issued an adverse inference jury instruction against that company because it spoliated significant emails and other data.  The genesis of this spoliation was the company’s failure to establish a formal document retention policy.  Instead of having a thoughtful, top-down approach, “data retention . . . was evidently handled on an ad hoc, case-by-case basis.”  The company’s failure to develop a pre-litigation information retention policy eventually led to the loss of key information and the court’s sanctions award.

These recent cases and others confirm the correlation between retention and preservation.  Simply put, proactive retention leads to better preservation in eDiscovery.  Anything less could be disastrous in litigation.

Symantec today issued the findings of its second annual Information Retention and eDiscovery Survey, which examined how enterprises are coping with the tsunami of electronically stored information (ESI) that we see expanding by the minute.  Perhaps counter intuitively, the survey of legal and IT personnel at 2,000 enterprises found that email is no longer the primary source of ESI companies produced in response to eDiscovery requests.  In fact, email came in third place (58%) to files/documents (67%) and database/application data (61%).  Marking a departure from the landscape as recently as a few years ago, the survey reveals that email does not axiomatically equal eDiscovery any longer.

Some may react incredulously to these results. For instance, noted eDiscovery expert Ralph Losey continues to stress the paramount importance of email: “In the world of employment litigation it is all about email and attachments and other informal communications. That is not to say databases aren’t also sometimes important. They can be, especially in class actions. But, the focus of eDiscovery remains squarely on email.”   While it’s hard to argue with Ralph, the real takeaway should be less about the relative descent of email’s importance, and more about the ascendency of other data types (including social media), which now have an unquestioned seat at the table.

The primary ramification is that organizations need to prepare for eDiscovery and governmental inquires by casting a wider ESI net, including social media, cloud data, instant messaging and structured data systems.  Forward-thinking companies should map out where all ESI resides company-wide so that these important sources do not go unrecognized.  Once these sources of potentially responsive ESI are accounted for, the right eDiscovery tools need to be deployed so that these disparate types of ESI can be defensibly collected and processed for review in a singular, efficient and auditable environment.

The survey also found that companies which employ best practices such as implementing information retention plans, automating the enforcement of legal holds and leveraging archiving tools instead of relying on backups, fare dramatically better when it comes to responding to eDiscovery requests. Companies in the survey with good information governance hygiene were:

• 81% more likely to have a formal retention plan in place
• 63% more likely to automate legal holds
• 50% more likely to use a formal archiving tool

These top-tier companies in the survey were able to respond much faster and more successfully to an eDiscovery request, often suffering fewer negative consequences:

• 78% less likely to be sanctioned
• 47% less likely to lead to a compromised legal position
• 45% less likely to disclose too much information

This last bullet (disclosing too much information) has a number of negative ramifications beyond just giving the opposition more ammo than is strictly necessary.  Since much of the eDiscovery process is volume-based, particularly the eyes-on review component, every extra gigabyte of produced information costs the organization in both seen and unseen ways.  Some have estimated that it costs between $3-5 a document for manual attorney review – and at 50,000 pages to a gigabyte, these data-related expenses can really add up quickly.

On the other side of the coin, there were those companies with bad information governance hygiene.  While this isn’t terribly surprising, it is shocking to see how many entities fail to connect the dots between information governance and risk reduction.  Despite the numerous risks, the survey found nearly half of the respondents did not have an information retention plan in place, and of this group, only 30% were discussing how to do so.  Most shockingly, 14% appear to be ostriches with their heads in the sand and have no plans to implement any retention plan whatsoever.  When asked why folks weren’t taking action, respondents indicated lack of need (41%), too costly (38%), nobody has been chartered with that responsibility (27%), don’t have time (26%) and lack of expertise (21%) as top reasons.  While I get the cost issue, particularly in these tough economic times, it’s bewildering to think that so many companies feel immune from the requirements of having even a basic retention plan.

As the saying goes, “You don’t need to be a weatherman to tell which way the wind blows.”  And, the winds of change are upon us.  Treating eDiscovery as a repeatable business process isn’t a Herculean task, but it is one that cannot be accomplished without good information governance hygiene and the profound recognition that email isn’t the only game in town.

For more information regarding good records management hygiene, check out this informative video blog and Contoural article.

A federal jury returned a stunning, $919 million verdict yesterday for DuPont in a trade secret theft case.  In E.I. du Pont de Nemours v. Kolon Industries, the verdict was the culmination of a two-and-a-half year battle that DuPont waged against Kolon Industries to prove that Kolon had misappropriated key aspects of its formula for Kevlar®.

The court delivered a decisive blow shortly before trial when it found that Kolon had destroyed emails and other electronically stored information linking it to the trade secret theft.  The sanction for that spoliation was an instruction to the jury that Kolon executives and employees had deleted key evidence after the company’s preservation duty was triggered.

The verdict against Kolon is just the beginning of its problems.  DuPont will now request over $50 million in punitive damages from Kolon, another $30 million for reimbursement of its attorney fees and a permanent injunction forbidding Kolon from using the stolen trade secrets.  Not surprisingly, Kolon’s stock dropped 15% after news of the verdict reached the markets today.

The eDiscovery sanctions order and corresponding verdict make it clear that organizations should invest the time and effort to properly prepare for litigation and discovery.  As we argued in our previous post on the DuPont case, having the right tools in place could have prevented much of the spoliation – and the resulting instruction to the jury – that occurred in the DuPont case.

If you’re anything like Dr. Evil, Tears for Fears, or Napoleon, ruling the world is at or near the top of your to-do list, and part of ruling the world is having as omniscient a knowledge as possible of what’s going on, in order to better control it. Ruling the world has also long been the dream of many software vendors, who want to own and understand all the information in an enterprise in order to, um, provide maximum value to their customers… oh, and also to lock them in to a single underlying platform that allows them to control as much of the organization’s information management decisions as possible.

In some cases, these dual interests are aligned. However, in e-discovery, it’s not so clear. Over the last couple of years, many vendors have pushed a notion of “index everything” or so-called “proactive” e-discovery, in which you have instant access to all the information in your enterprise, in real-time, from which to drive your e-discovery process. But is this feasible? Or even desirable?

The Myth of the Silver Bullet

It can be tempting for IT to turn to an enterprise search solution that can index all data sources – laptops, desktops, file servers, SharePoint servers, databases, email archives, content management systems – and enable e-discovery across the entire enterprise in an instant. The reality is that while such a solution may work for enterprise search in small and medium-sized companies with a finite scope of data, the level of complexity in scale and defensibility of operations makes this simply not an achievable approach for e-discovery at most large enterprises. As Anne Kershaw and Joe Howie of the Electronic Discovery Institute noted in their just-published Judges’ Guide to Cost-Effective E-Discovery:

“There is no single silver bullet that solves all problems associated with escalating discovery costs and delays. As noted above, the single most effective cost reduction method is the focused collection of records most likely to contain relevant information. Some argue that e‐discovery is best accomplished by taking large amounts of data from clients and then applying keyword or other searches or filters. While, in some rare cases, this method might be the only option, it is also apt to be the most expensive. In fact, keyword searching against large volumes of data to find relevant information is a challenging, costly, and imperfect process. A much better approach is to ask key client contacts to help you locate core relevant information and then, by reading that information, determine other sources of relevant information.”

What are the specific reasons why a targeted collection approach is superior? From our conversations with clients as we have been developing our solution to this problem over the last couple of years, three major drawbacks to the index-everything approach stand out.

1. Impact to Existing IT Environment

While the collect-and-preserve approach employed by Clearwell is widely accepted for e-discovery, index-everything and preserve-in-place solutions have recently emerged, originating from other enterprise applications such as knowledge management and enterprise search. These approaches from other domains have significant disadvantages when applied to e-discovery, including impact to existing IT infrastructure and processes that result in increased cost and complexity. For instance, the scope of e-discovery can exceed the amount of information being indexed by knowledge management or enterprise search applications. According to Forrester, the majority of enterprise search implementations range in size from the hundreds of thousands to tens of millions of records, not billions of documents that are potentially discoverable during litigation. Consequently, index-everything solutions must index a much larger volume of data across a broader range of applications and data stores than would typically be necessarily for enterprise search.

Indexing such a large amount of data has implications for the entire IT environment. These solutions either crawl data repositories over the network or employ agents on local desktops and laptops to find new and modified files. IT organizations using these solutions report experiencing disruptions including:

• Requiring read access and permissions to numerous line-of-business applications and storage systems where data resides

• Significant increases to disk I/O for enterprise applications, network file shares, and client machines

• Increased network consumption as large amounts of data are read over the network

• Increased consumption of local hard drive space on employee desktops and laptops for search indexes and redundant copies of preserved files

• Scheduling resource-intensive indexing tasks during off-peak hours, impacting the ability of IT departments to complete backups during shrinking backup windows

Taken together, these issues add cost and complexity to the deployment of index-everything and preserve-in-place solutions. This often results in organizations not fully deploying the solution after purchasing licenses and spending months or years trying to integrate with their existing systems.

2. Risk of Missing Critical Data

Another key concern of organizations seeking to meet e-discovery requests is the ability to find all relevant files and documents for a case. Missing even a few important documents may result in multimillion dollar fines and sanctions. UBS and Morgan Stanley each paid $29.2 million and $12.5 million, respectively, for losing key files during litigation. It is therefore critically important that e-discovery solutions have the ability to not only index and search common file types, but also a range of less common but equally important files such as those within nested container files, encrypted files, and TIFF images containing text. Solutions that originate from applications outside the e-discovery domain often skip these files because 100% accuracy is not required for other applications such as enterprise search. Across organizations with billions of documents, there may be hundreds of thousands of potentially relevant files which are in the dark and unknown to legal teams because they are not indexed.

Index corruption is another commonly reported issue with index-everything solutions that results in incomplete search results. Search indexes are susceptible to data corruption just like any other computer file, but the large size of indexes containing billions of records increases the probability of errors. In fact, this is a common problem of most archive solutions and other solutions that manage billions of records. A corrupt search index will result in incomplete results or in the worst case scenario, the inability to conduct searches until the index is repaired. In some situations, data must be re-indexed to rebuild a corrupt search index which is time consuming due to the slow speed of some solutions.

The net result isthat in-place solutions increase the likelihood of missing critical data, exposing the organization to considerable legal and financial risk.

3. Time Delays and Uncertainty in Searches

When embarking on a project to make all enterprise data searchable for e-discovery, an important consideration is indexing speed in relation to total outstanding data and projected data growth. Organizations deploying such a solution typically have a large amount of existing data that needs to be indexed, and this index must be continually updated as data is modified and new data is created. Many companies report that although vendors claim high processing rates, these high rates erode over time as companies index greater amounts of their existing data, increasing the size of search indexes. Beyond an application’s ability to index data, there are exogenous factors affecting indexing performance including network speed, disk I/O, and latency. Along with index size and the number of search indexes, these factors can also affect search query performance, resulting in searches that take hours or days to return results.

Another issue facing organizations deploying index-everything solutions is that end users may be creating and modifying documents faster than the solution can index them. As a result, there is a widening gap between the state of data in the wild and the solution’s picture of that data, leading to incomplete search results. Equally troubling, search results may include files that were moved after the search engine indexed them, and so they appear in the results but cannot be viewed, retrieved, or preserved. End users clicking on the link to an item may receive an error similar to the “404 Error: File Not Found” that everyone has experienced when browsing the web. This presents a significant defensibility problem in e-discovery, and IT teams often end up tracking down these missing files one-by-one to ensure they are preserved. The result is that organizations may be exposed to unnecessary legal risk while IT teams have the additional burden of manually tracking down hundreds of files for each legal matter.

A Better Approach to Collection and Preservation

Recognizing the challenges of collection and preservation, Clearwell has developed a targeted approach that enables organizations to defensibly collect and preserve data without increasing the work of IT or exposing the organization to risk. Targeted collection provides an easy way for IT or Legal teams to collect from all critical data sources and securely manage collected data in a preservation store for the duration of a case. Unlike index-everything and preserve-in-place approaches, Clearwell is up and running quickly, delivering value in hours or days without the cost and complexity of lengthy multi-month deployment timelines. In addition, Clearwell’s targeted collect-and-preserve approach has a number of benefits over in-place approaches:

Minimal impact to IT infrastructure: Clearwell only collects potentially relevant data from custodians involved in a case or investigation, targeting resources at the most important data instead of wasting resources on indexing all data across the entire organization. As a result, targeted collection requires less impact to existing applications and storage systems, does not cause significant increases to disk I/O or network consumption, and does not require agents to be installed on client machines or servers.

Finds all critical data: Purpose-built to support the complex and difficult to read file types required by e-discovery, Clearwell can index and search all critical content such as nested container files, encrypted files, images containing text, and hidden content.

Up-to-date collection: Clearwell collects all relevant data for e-discovery by targeting information that is related to custodians in the case. Because this approach is not limited by legacy indexing approaches, Clearwell is able to collect data that has been recently modified or moved.

Maintains existing workflow: With Clearwell, end users are able to continue using their existing workflows and business processes without interruption. Using targeted collection, Clearwell can collect data in the background without altering data where it resides. When users create or modify files in the normal course of business, Clearwell incrementally collects new data automatically.

Reduces risk: Targeted collection significantly reduces the risk of spoliation by retaining data in a secure preservation store, providing a defensible process that maintains chain of custody. As a result, data cannot be tampered with by end users or accidently lost on laptops, desktops, or other data repositories not under the control of IT.

Collecting and preserving evidence are critical steps in the e-discovery process. Solutions that promote indexing everything as the optimal solution for your e-discovery problems might be conceptually promising, but create new challenges for IT and increase risk in practice. As a result, organizations are seeking a solution that enables them to respond effectively to e-discovery without causing major disruptions or exposing the organization to additional risk. Clearwell’s targeted approach solves the challenges of collection and preservation by making it easy to collect data from all critical data sources and preserve data defensibly, without incurring greater risk or disrupting the organization’s business processes.

Yesterday, Clearwell announced a new module for identification and collection, which is available with Version 6 of its e-discovery platform. This sits alongside the existing modules for processing/analysis and review/production, extending Clearwell’s capabilities upstream to a part of the e-discovery process typically done by IT. The new module has already been purchased by GlaxoSmithKline, Nisource, and several other enterprises and government agencies, and the initial response has been incredibly positive. I wanted to say a few words about what led Clearwell to add the Identification and Collection Module, and how it’s different from other solutions.

Over the past few years, I have seen a transformation of the e-discovery software market. Previously, there were no specific people within corporations or government agencies dedicated to e discovery, and no formal budget was allocated to it. As a result, purchase decisions were typically made at the departmental level by legal or information security people who could “find the money” by borrowing from other projects. In stark contrast to that, today most major corporations have people specifically responsible for electronic discovery, and many of them have company-wide initiatives to lower costs by bringing e-discovery in-house. Companies are issuing more and more formal RFPs; performing proof-of-concepts as part of the evaluation process; and creating committees of both legal and IT to make purchase decisions.

Some vendors have sought to play up a “gap” between legal and IT teams when it comes to e-discovery. They manufacture survey information claiming that collaboration and communication between legal and IT is decreasing. Our experience has been exactly the opposite. At corporations like Coca Cola, Home Depot, and hundreds of others, we find close, collaborative relationships between legal teams and the IT professionals dedicated to help them. There’s now a new career path, sometimes called “legal IT” or “e-discovery manager”, for technically savvy IT folks who understand legal’s requirements. I was happy to see at LegalTech this year that legal professionals would often come by our booth with a colleague and say to us, “I brought my IT guy with me because I want him to see this”.

It is precisely because legal and IT are working so closely together that they want a single product to manage all their e-discovery activity. That’s what led us to add the Identification and Collection Module.

Why is offering a single product for everything from identification through production such a big deal? Clearwell’s approach offers two main advantages over alternative solutions. First, like earlier versions of Clearwell, the Identification and Collection Module is very easy to use – so much so that, with IT’s permission, legal could even manage the collection process itself. For example, existing products like Guidance Encase require users to write scripts to create filters for targeted collections; with Clearwell, everything is point-and-click through a simple web UI. That makes identification and collection accessible to non-technical users.

Second, because identification, collection, processing, early case assessment, review and production can now all be done using a single product, Clearwell is able to provide end-to-end reporting through the entire e-discovery life-cycle. For example, Autonomy’s disparate e-discovery products (Introspect, Aungate, etc.) require multiple log-ins, all have different UIs, and different data models. With Clearwell, all of these are the same, giving you complete control over your data – at significantly lower total cost of ownership.

You can sign up for a product demonstration or even evaluate the product for free. Take a look – and leave a comment to let us know what you think.

Learn More On Litigation Software & Litigation Support Software.

Learn More On Ediscovery Litigation.

Much of the business and personal productivity that comes in the digital world  is from email and its unique abilities. Email allows us to communicate in a way that helps us associate context to our discussions, namely in its ability to be chained into a sequential thread when email users reply to or forward emails they previously received. This accomplishes two important tasks: 1) it allows the person sending the reply or forward to get an understanding of the issues so he/she can craft a meaningful response, and 2) it allows the person receiving the response to understand that response in the context of other on-going discussions. Email programs such as Microsoft Outlook, Eudora, and Gmail help by automatically including content from prior emails, thus producing a long chain of reference.

It is no coincidence that emails thus constitute key evidentiary value in the context of litigation. The inherent value captured in emails is what makes email productions central to pre-trial disclosures and the electronic discovery that precedes it. Courts have long recognized that emails are a business record and subject to discovery. Establishing who said what in the context of a matter in dispute is greatly facilitated by examining the thread of emails recorded in email repositories. With respect to electronic discovery, however, email threading presents several unique challenges. The area of greatest confusion and uncertainty has been the determination of privilege when emails are exchanged with in-house counsel and attorneys and whether such emails are protected by attorney-client privilege or not. A central issue is the composition of privilege logs under these circumstances.

There are several legal opinions on the matter of intermingling privileged and non-privileged communications in an email chain. These opinions have left the matter with little clarity, especially regarding whether the entire email thread is privileged or whether individual emails must be separated out and classified as privileged, with a privilege log listing them. Typically, the most recent email in a thread contains all other emails in that thread. Separating out individual emails (i.e., the contained emails) from the containing email would allow for treatment of just the portions of the email thread that may have privilege. When such separation is permitted, some contained emails may be assessed as privileged while others may not. However, it is entirely possible that the contained email is also present as an independent email under possession of the same custodian or another custodian. When it is present, one could argue that the contained email can just be ignored, and if the corresponding email is responsive, one can ignore the contained email. But rarely does a collection include a complete set of custodians, so the question of whether the privilege log should include the contained item in question still remains. In terms of management of review, and for constructing a privilege log, treating the most recent email and all its contained emails as a single entity is less expensive and cleaner than separating and determining privilege status of each contained email.

Another complicating factor is simply a determination of privilege. Does the mere fact that an attorney was listed as a courtesy CC recipient make the entire email privileged? And, when such emails are then forwarded only to an attorney involved in the case, with a legal strategy discussed in the containing email, is only the new content added to the containing email privileged, or does the privilege determination extend to the other contained emails?  Let’s examine a few opinions for guidance.

With respect to privilege there is a significant body of opinions that would suggest that only communications that explicitly seek legal advice are privileged.

“With respect to internal communications involving in-house counsel, a party “must make a ‘clear showing’ that the ‘speaker’ made the communications for the express purpose of obtaining or providing legal advice”, Chevron Texaco Corp., 241 F. supp 2d) at 1076 (quoting In Re Sealed Case, 737 F.2d 94 (D.C. Cir. 1984)). If the legal and business advice are inextricably intertwined, “the legal advice must predominate over the business advice, and not be merely incidental, for the communications to be protected under attorney client privilege.” Evidently, attempts to include an incidental attorney in a thread would not offer privilege protections. However, the issue is complicated if the most recent containing email is indeed a genuine attempt to seek such guidance. Here again, there are two opinions. In United States v. Chevron Texaco Corp., 241 F. supp. 2d 1065, 1074 n.6 (N.D. Cal. 2002), we note that:

“With respect to each series of emails for which Chevron asserts protection under privilege, Chevron breaks the series into each discrete message. In our view, such a representation of the document is misleading. Each email/communication consists of the text of the sender’s message as well as all of the prior emails attached to it. Therefore, Chevron’s assertion that each separate email stands as an independent communication is inaccurate.”The above would have you prepare a single entity with the most recent containing email and all other quoted emails treated as a single unit. On the other hand, we see the opposite opinion in Universal Service Fund Telephone Billing Practices Litigation, 232 F.R.D. 669, 674 (D. Kan. 2005) where “the court strongly encourages counsel, in the preparation of future privilege logs, to list each email within a strand as a separate entry”. In a related ruling, the court notes: “Obviously, a sufficient (i.e., reasonably detailed) privilege log is vital if litigants and judges are to determine whether documents have been properly withheld from discovery.” As mentioned earlier, this can be much more expensive from a review and production standpoint.

In Chemtech Royalty Assoc., L.P. v. United States, Nos. 05-cv-00944, 06-cv-00258, 07-cv-00405, at (M.D. La. Mar. 30, 2009), we get another perspective: “Asserting privilege for an entire email thread in the privilege log, but only describing the last message in the thread is deficient.”

In Baxter Healthcare Corp. v. Fresenius Med. Care Holding, Inc., No. 07-cv-01359, 2008 BL 229777 at (N.D. Cal. Oct 10, 2008), the defendants are ordered to produce a privilege log that “separately identifies the author, recipient(s), copyee(s), and blind carbon copyee(s) for each logged email communication regardless of whether the communication is part of an email string”. The court directive is: “Each email is a separate communication, for which a privilege may or may not be applicable. Defendants cannot justify aggregating authors and recipients for all emails in a string and then claiming privilege for the aggregated emails.”

Thus, the contained emails must be treated as separate privilege log entries.

In Vioxx Products Liability Litigation, 501 F. Supp. 2d 789, 812 (E.D. La 2007) the court notes:

“Email threads in which attorneys are ultimately involved were usually listed on the privilege log as one message.”  Further, “Simply because technology has made it possible to physically link these separate communications (which in the past would have been separate memoranda) does not justify treating them as one communication and denying party a fair opportunity to evaluate privilege claims raised by the producing party.”

Again, the preference has been to separate out individual contained emails as independent emails with corresponding privilege log.

In C.T.  v.  Liberal School District, Nos. 06-cv-02093, 06-cv-02360, 06-cv-02359, 2007 BL 21826 at (D. Kan. May 24, 2007), the court orders the plaintiff to submit an amended privilege log that listed email in a string as a separate entry.

In Se. Pa. Transport Authority v. Caremark PCS Health, L.P., 254 F.R.D., 253, 264-65 (E.D., Pa 2008) court recommends “analyzing emails in chain separately to rule on defendant’s privilege claims”.

Another significant opinion is found in Muro v. Target Corp., 250 F.R.D. 350 (N.D. Ill. 2007). In addition to at least four motions, an in camera review  was requested for identifying the privilege status of eighty nine documents. Here, the court ruled that FRCP Rule 26(b)(5)(A)  does not require that all contained emails be separated out. However, the court sustains Target’s objection to the Magistrate Judge’s ruling that its privilege log was inadequate for failure to separately itemize each individual email quoted in an email string. In Muro, though, you are allowed to treat an entire email as a single entity only if the non-privileged communications in that chain are otherwise disclosed. Hence, if you wish to treat an email as a single unit, you are required to either disclose the individual contained emails from other custodians, or to list them as Derived Emails (see below).

Another important case is the Rhoads Industries Inc. v. Building Materials Corp. of America et al 2008, WL 5082993 (E.D. Pa Nov. 26, 2008), where the court rendered the opposite opinion:

“Each version of an email string (i.e., a forward or reply of a previous email message) must be considered a separate, unique document, and therefore each message of the string which is privileged must be separately logged in order to claim privilege in that particular document.”

Of course, the context of the Rhoades opinion is the statement: “In the world of electronic communications, a series of email messages, among people employed by the client, but working in different locations, can replace the meeting with an attorney and subsequent letter.” However, this opinion is very debatable.

An entirely different approach is suggested in Apsley v. Boeing Co., No. 05-cv-01368, 2008 BL 12035 at (D. Kan. Jan 22, 2008), with the opinion “Although Boeing listed on its privilege log entire email strings, it redacted only the portion of the string that contained legal communications.” While this seems to be a perfectly reasonable approach, wouldn’t this compromise case strategy since the very fact that certain portions of the non-privileged, unredacted emails were being exchanged with in-house counsel and is therefore part of an attorney communication can be damaging?

Suffice it to say, the courts differ in their opinions on how to handle email threads and their privileged logs. It is in this context that the Clearwell E-Discovery Platform’s treatment of email threads is extremely helpful for preparing your litigation response. In fact, Clearwell has received two patents related to email threading, one for constructing email threads and its ranking and another for determining derived emails from other containing emails and de-duplication in the context of original emails. Clearwell has advanced email meta-data and content analytics to piece together all emails of a thread. Furthermore, its Derived Email feature separates out contained emails as complete emails, which are then de-duplicated against other emails that are not derived from a contained email. In situations where such a duplicate is not identified, the derived email is maintained in a special state. Also, the containing email’s thread is separated out in such a way that each individual email’s privilege status can be determined. One can apply either a single- or multiple-record policy satisfying whatever the prevailing opinion is from the bench. Also, Clearwell’s redaction capabilities and its ability to produce the same set of documents for multiple parties allow the case team to provide a quick turnaround if there is a motion to produce either a privilege log or the non-privileged snippets of emails. Such technology can be a lifesaver when it comes to meeting electronic discovery obligations.