e-discovery 2.0

It’s already a few weeks into the new year and it’s easy to spot the big lines at the gym, folks working on fad diets and many swearing off any number of vices.  Sadly perhaps, most popular resolutions don’t even really change year after year.  In the corporate world, though, it’s not good enough to simply recycle resolutions every year since there’s a lot more at stake, often with employee’s bonuses and jobs hanging in the balance.

It’s not too late to make information governance part of the corporate 2012 resolution list.  The reason is pretty simple – most companies need to get out of the reactive firefighting of eDiscovery given the risks of sloppy work, inadvertent productions and looming sanctions.  Yet, so many are caught up in the fog of eDiscovery war that they’ve failed to see the nexus between the upstream, proactive good data management hygiene and the downstream eDiscovery chaos.

In many cases the root cause is the disconnect between differing functional groups (Legal, IT, Information Security, Records Management, etc.).  This is where the emerging umbrella concept of Information Governance comes to play, serving as a way to tackle these information risks along a unified front. Gartner defines information governanceas the:

“specification of decision rights, and an accountability framework to encourage desirable behavior in the valuation, creation, storage, use, archiving and deletion of information, … [including] the processes, roles, standards, and metrics that ensure the effective and efficient use of information to enable an organization to achieve its goals.”

Perhaps more simply put, what were once a number of distinct disciplines—records management, data privacy, information security and eDiscovery—are rapidly coming together in ways that are important to those concerned with mitigating and managing information risk. This new information governance landscape is comprised of a number of formerly discrete categories:

• Regulatory Risks – Whether an organization is in a heavily regulated vertical or not, there are a host of regulations that an organization must navigate to successfully stay in compliance.  In the United States these include a range of disparate regimes, including the Sarbanes-Oxley Act, HIPPA, the Securities and Exchange Act, the Foreign Corrupt Practices Act (FCPA) and other specialized regulations – any number of which require information to be kept in a prescribed fashion, for specified periods of time.  Failure to turn over information when requested by regulators can have dramatic financial consequences, as well as negative impacts to an organization’s reputation.

• Discovery Risks – Under the discovery realm there are any number of potential risks as a company moves along the EDRM spectrum (i.e., Identification, Preservation, Collection, Processing, Analysis, Review and Production), but the most lethal risk is typically associated with spoliation sanctions that arise from the failure to adequately preserve electronically stored information (ESI).  There have been literally hundreds of cases where both plaintiffs and defendants have been caught in the judicial crosshairs, resulting in penalties ranging from outright case dismissal to monetary sanctions in the millions of dollars, simply for failing to preserve data properly.  It is in this discovery arena that the failure to dispose of corporate information, where possible, rears its ugly head since the eDiscovery burden is commensurate with the amount of data that needs to be preserved, processed and reviewed.  Some statistics show that it can cost as much as $5 per document just to have an attorney privilege review performed.  And, with every gigabyte containing upwards of 75,000 pages, it is easy to see massive discovery liability when an organization has terabytes and even petabytes of extraneous data lying around.

• Privacy Risks – Even though the US has a relatively lax information privacy climate there are any number of laws that require companies to notify customers if their personally identifiable information (PII) such as credit card, social security, or credit numbers have been compromised.  For example, California’s data breach notification law (SB1386) mandates that all subject companies must provide notification if there is a security breach to the electronic database containing PII of any California resident.  It is easy to see how unmanaged PII can increase corporate risk, especially as data moves beyond US borders to the international stage where privacy regimes are much more staunch.

• Information Security Risks – Data breaches have become so commonplace that the loss/theft of intellectual property has become an issue for every company, small and large, both domestically and internationally.  The cost to businesses of unintentionally exposing corporate information climbed 7 percent last year to over $7 million per incident.  Recently senators asked the SEC to “issue guidance regarding disclosure of information security risk, including material network breaches” since “securities law obligates the disclosure of any material network breach, including breaches involving sensitive corporate information that could be used by an adversary to gain competitive advantage in the marketplace, affect corporate earnings, and potentially reduce market share.”  The senators cited a 2009 survey that concluded that 38% of Fortune 500 companies made a “significant oversight” by not mentioning data security exposures in their public filings.

Information governance as an umbrella concept helps organizations to create better alignment between functional groups as they attempt to solve these complex and interrelated data risk challenges.  This coordination is even more critical given the way that corporate data is proliferating and migrating beyond the firewall.  With even more data located in the cloud and on mobile devices a key mandate is managing data in all types of form factors. A great first step is to determine ownership of a consolidated information governance approach where the owner can:

• Get C-Level buy-in
• Have the organizational savvy to obtain budget
• Be able to define “reasonable” information governance efforts, which requires both legal and IT input
• Have strong leadership and consensus building skills, because all stakeholders need to be on the same page
• Understand the nuances of their business, since an overly rigid process will cause employees to work around the policies and procedures

Next, tap into and then leverage IT or information security budgets for archiving, compliance and storage.  In most progressive organizations there are likely ongoing projects that can be successfully massaged into a larger information governance play.  A great place to focus on initially is information archiving, since this one of the simplest steps an organization can take to improve their information governance hygiene.  With an archive organizations can systematically index, classify and retain information and thus establish a proactive approach to data management.  It’s this ability to apply retention and (most importantly) expiration policies that allows organizations to start reducing the upstream data deluge that will inevitably impact downstream eDiscovery processes.

Once an archive is in place, the next logical step is to couple a scalable, reactive eDiscovery process with the upstream data sources, which will axiomatically include email, but increasingly should encompass cloud content, social media, unstructured data, etc.  It is important to make sure  that a given  archive has been tested to ensure compatibility with the chosen eDiscovery application to guarantee that it can collect content at scale in the same manner used to collect from other data sources.  Overlaying both of these foundational pieces should be the ability to place content on legal hold, whether that content exists in the archive or not.

As we enter 2012, there is no doubt that information governance should be an element in building an enterprise’s information architecture.  And, different from fleeting weight loss resolutions, savvy organizations should vow to get ahead of the burgeoning categories of information risk by fully embracing their commitment to integrated information governance.  And yet, this resolution doesn’t need to encompass every possible element of information governance.  Instead, it’s best to put foundational pieces into place and then build the rest of the infrastructure in methodical and modular fashion.

On November 28, 2011, The White House issued a Presidential Memorandum that outlines what is expected of the 480 federal agencies of the government’s three branches in the next 240 days.  Up until now, Washington, D.C. has been the Wild West with regard to information governance as each agency has often unilaterally adopted its own arbitrary policies and systems.  Moreover, some agencies have recently purchased differing technologies.  Unfortunately,  with the President’s ultimate goal of uniformity, this centralization will be difficult to accomplish with a range of disparate technological approaches.

Particular pain points for the government traditionally include retention, search, collection, review and production of vast amounts of data and records.  Specifically, these pain points include examples of: FOIA requests gone awry, the issuance of legal holds across different agencies leading to spoliation, and the ever present problem of decentralization.

Why is the government different?

Old Practices. First, in some instances the government is technologically behind (its corporate counterparts) and is failing to meet the judiciary’s expectation that organizations effectively store, manage and discover their information.  This failing is self-evident via  the directive coming from the President mandating that these agencies start to get a plan to attack this problem.  Though different than other corporate entities, the government is nevertheless held to the same standards of eDiscovery under the Federal Rules of Civil Procedure (FRCP).  In practice, the government has been given more leniency until recently, and while equal expectations have not always been the case, the gap between the private and public sectors in no longer possible to ignore.

FOIA.  The government’s arduous obligation to produce information under the Freedom of Information Act (FOIA) has no corresponding analog for private organizations, who are responding to more traditional civil discovery requests.  Because the government is so large with many disparate IT systems, it is cumbersome to work efficiently through the information governance process across agencies and many times still difficult inside one individual agency with multiple divisions.  Executing this production process is even more difficult if not impossible to do manually without properly deployed technology.  Additionally, many of the investigatory agencies that issue requests to the private sector need more efficient ways to manage and review data they are requesting.  To compound problems, within the US government there are two opposing interests are at play; both screaming for a resolution, and that solution needs to be centralized.  On the one hand, the government needs to retain more than a corporation may need to in order to satisfy a FOIA request.

Titan Pulled at Both Ends. On the other hand, without classification of the records that are to be kept, technology to organize this vast amount of data and some amount of expiry, every agency will essentially become their own massive repository.  The “retain everything mentality” coupled with the inefficient search and retrieval of data and records is where they stand today.  Corporations are experiencing this on a smaller scale today and many are collectively further along than the government in this process, without the FOIA complications.

What are agencies doing to address these mandates?

In their plans, agencies must describe how they will improve or maintain their records management programs, particularly with regard to email, social media and other electronic communications.  They must also move away from such a paper-centric existence.  eDiscovery consultants and software companies are helping agencies through this process, essentially writing their plans to match the President’s directive.  The cloud conversation has been revisited, and agencies also have to explain how they will use cloud-based services and storage solutions, as well as identify gaps in existing laws or regulations that presently prevent improved management.  Small innovations are taking place.  In fact, just recently the DOJ added a new search feature on their website to make it easier for the public to find documents that have been posted by agencies on their websites.

The Office of Management and Budget (OMB), National Archives and Records Administration (NARA), and Justice Department will use those reports to come up with a government-wide records management framework that is more efficient, maintains accountability by documenting agency actions and promotes “appropriate” public access to records.  Hopefully, the framework they come up with will be centralized and workable on a realistic timeframe with resources sufficiently allocated to the initiative.

How much will this cost?

The President’s mandate is a great initiative and very necessary, but one cannot help but think about the costs in terms of money, time and resources when considering these crucial changes.  The most recent version of a financial services and general government appropriations bill in the Senate extends $378.8 million to NARA for this initiative.  President Obama appointed Steven VanRoekel as the United States CIO in August 2011 to succeed Vivek Kundra.  After VanRoekel’s speech at the Churchill Club in October of 2011, an audience member asked him what the most surprising aspect of his new job was.  VanRoekel said that it was managing the huge and sometimes unwieldy resources of his $80 billion budget.  It is going to take even more than this to do the job right, however.

Using conservative estimates, assume for an agency to implement archiving and eDiscovery capabilities as an initial investment would be $100 million.  That approximates $480 billion for all 480 agencies.  Assume a uniform information governance platform gets adopted by all agencies at a 50% discount due to the large contracts and also factoring in smaller sums for agencies with lesser needs.  The total now comes to $240 billion.  For context, that figure is 5% of what was spent by Federal Government ($4.76 trillion) on the biggest bailout in history in 2008. That leaves a need for $160 billion more to get the job done. VanRoekel also commented at the same meeting that he wants to break down massive multi-year information technology projects into smaller, more modular projects in the hopes of saving the government from getting mired in multi-million dollar failures.   His solution to this, he says, is modular and incremental deployment.

While Rome was not built in a day, this initiative is long overdue, yet feasible, as technology exists to address these challenges rather quickly.  After these 240 days are complete and a plan is drawn the real question is, how are we going to pay now for technology the government needed yesterday?  In a perfect world, the government would select a platform for archiving and eDiscovery, break the project into incremental milestones and roll out a uniform combination of solutions that are best of breed in their expertise.

The New Year has now dawned and with it, the certainty that 2012 will bring new developments to the world of eDiscovery.  Last month, we spotlighted some eDiscovery trends for 2012 that we feel certain will occur in the near term.  To understand how these trends will play out, it is instructive to review some of the top eDiscovery cases from 2011.  These decisions provide a roadmap of best practices that the courts promulgated last year.  They also spotlight the expectations that courts will likely have for organizations in 2012 and beyond.

Issuing a Timely and Comprehensive Litigation Hold

Case: E.I. du Pont de Nemours v. Kolon Industries (E.D. Va. July 21, 2011)

Summary: The court issued a stiff rebuke against defendant Kolon Industries for failing to issue a timely and proper litigation hold.  That rebuke came in the form of an instruction to the jury that Kolon executives and employees destroyed key evidence after the company’s preservation duty was triggered.  The jury responded by returning a stunning $919 million verdict for DuPont.

The spoliation at issue occurred when several Kolon executives and employees deleted thousands emails and other records relevant to DuPont’s trade secret claims.  The court laid the blame for this destruction on the company’s attorneys and executives, reasoning they could have prevented the spoliation through an effective litigation hold process.  At issue were three hold notices circulated to the key players and data sources.  The notices were all deficient in some manner.  They were either too limited in their distribution, ineffective since they were prepared in English for Korean-speaking employees, or too late to prevent or otherwise ameliorate the spoliation.

The Lessons for 2012: The DuPont case underscores the importance of issuing a timely and comprehensive litigation hold notice.  As DuPont teaches, organizations should identify what key players and data sources may have relevant information.  A comprehensive notice should then be prepared to communicate the precise hold instructions in an intelligible fashion.  Finally, the hold should be circulated immediately to prevent data loss.

Organizations should also consider deploying the latest technologies to help effectuate this process.  This includes an eDiscovery platform that enables automated legal hold acknowledgements.  Such technology will allow custodians to be promptly and properly apprised of litigation and thereby retain information that might otherwise have been discarded.

Another Must-Read Case: Haraburda v. Arcelor Mittal U.S.A., Inc. (D. Ind. June 28, 2011)

Suspending Document Retention Policies

Case: Viramontes v. U.S. Bancorp (N.D. Ill. Jan. 27, 2011)

Summary: The defendant bank defeated a sanctions motion because it modified aspects of its email retention policy once it was aware litigation was reasonably foreseeable.  The bank implemented a retention policy that kept emails for 90 days, after which the emails were overwritten and destroyed.  The bank also promulgated a course of action whereby the retention policy would be promptly suspended on the occurrence of litigation or other triggering event.  This way, the bank could establish the reasonableness of its policy in litigation.  Because the bank followed that procedure in good faith, it was protected from court sanctions under the Federal Rules of Civil Procedure 37(e) “safe harbor.”

The Lesson for 2012: As Viramontes shows, an organization can be prepared for eDiscovery disputes by timely suspending aspects of its document retention policies.  By modifying retention policies when so required, an organization can develop a defensible retention procedure and be protected from court sanctions under Rule 37(e).

Coupling those procedures with archiving software will only enhance an organization’s eDiscovery preparations.  Effective archiving software will have a litigation hold mechanism, which enables an organization to suspend automated retention rules.  This will better ensure that data subject to a preservation duty is actually retained.

Another Must-Read Case: Micron Technology, Inc. v. Rambus Inc., 645 F.3d 1311 (Fed. Cir. 2011)

Managing the Document Collection Process

Case: Northington v. H & M International (N.D.Ill. Jan. 12, 2011)

Summary: The court issued an adverse inference jury instruction against a company that destroyed relevant emails and other data.  The spoliation occurred in large part because legal and IT were not involved in the collection process.  For example, counsel was not actively engaged in the critical steps of preservation, identification or collection of electronically stored information (ESI).  Nor was IT brought into the picture until 15 months after the preservation duty was triggered. By that time, rank and file employees – some of whom were accused by the plaintiff of harassment – stepped into this vacuum and conducted the collection process without meaningful oversight.  Predictably, key documents were never found and the court had little choice but to promise to inform the jury that the company destroyed evidence.

The Lesson for 2012: An organization does not have to suffer the same fate as the company in the Northington case.  It can take charge of its data during litigation through cooperative governance between legal and IT.  After issuing a timely and effective litigation hold, legal should typically involve IT in the collection process.  Legal should rely on IT to help identify all data sources – servers, systems and custodians – that likely contain relevant information.  IT will also be instrumental in preserving and collecting that data for subsequent review and analysis by legal.  By working together in a top-down fashion, organizations can better ensure that their eDiscovery process is defensible and not fatally flawed.

Another Must-Read Case: Green v. Blitz U.S.A., Inc. (E.D. Tex. Mar. 1, 2011)

Using Proportionality to Dictate the Scope of Permissible Discovery

Case: DCG Systems v. Checkpoint Technologies (N.D. Ca. Nov. 2, 2011)

The court adopted the new Model Order on E-Discovery in Patent Cases recently promulgated by the U.S. Court of Appeals for the Federal Circuit.  The model order incorporates principles of proportionality to reduce the production of email in patent litigation.  In adopting the order, the court explained that email productions should be scaled back since email is infrequently introduced as evidence at trial.  As a result, email production requests will be restricted to five search terms and may only span a defined set of five custodians.  Furthermore, email discovery in DCG Systems will wait until after the parties complete discovery on the “core documentation” concerning the patent, the accused product and prior art.

The Lesson for 2012: Courts seem to be slowly moving toward a system that incorporates proportionality as the touchstone for eDiscovery.  This is occurring beyond the field of patent litigation, as evidenced by other recent cases.  Even the State of Utah has gotten in on the act, revising its version of Rule 26 to require that all discovery meet the standards of proportionality.  While there are undoubtedly deviations from this trend (e.g., Pippins v. KPMG (S.D.N.Y. Oct. 7, 2011)), the clear lesson is that discovery should comply with the cost cutting mandate of Federal Rule 1.

Another Must-Read Case: Omni Laboratories Inc. v. Eden Energy Ltd [2011] EWHC 2169 (TCC) (29 July 2011)

Leveraging eDiscovery Technologies for Search and Review

Case: Oracle America v. Google (N.D. Ca. Oct. 20, 2011)

The court ordered Google to produce an email that it previously withheld on attorney client privilege grounds.  While the email’s focus on business negotiations vitiated Google’s claim of privilege, that claim was also undermined by Google’s production of eight earlier drafts of the email.  The drafts were produced because they did not contain addressees or the heading “attorney client privilege,” which the sender later inserted into the final email draft.  Because those details were absent from the earlier drafts, Google’s “electronic scanning mechanisms did not catch those drafts before production.”

The Lesson for 2012: Organizations need to leverage next generation, robust technology to support the document production process in discovery.  Tools such as email analytical software, which can isolate drafts and offer to remove them from production, are needed to address complex production issues.  Other technological capabilities, such as Near Duplicate Identification, can also help identify draft materials and marry them up with finals that have been marked as privileged.  Last but not least, technology assisted review has the potential of enabling one lawyer to efficiently complete the work that previously took thousands of hours.  Finding the budget and doing the research to obtain the right tools for the enterprise should be a priority for organizations in 2012.

Another Must-Read Case: J-M Manufacturing v. McDermott, Will & Emery (CA Super. Jun. 2, 2011)

Conclusion

There were any number of other significant cases from 2011 that could have made this list.  We invite you to share your favorites in the comments section or contact us directly with your feedback.

For more on the cases discussed above, watch this video:

William Butterfield is a partner at Hausfeld LLP with over 33 years of experience as a trial attorney and a track record of success.  In addition to serving as a leader in several legal think tanks and teaching law, Mr. Butterfield’s achievements include reaching multiple settlements in the neighborhood of $100 million in complex legal matters.  Last week Mr. Butterfield had the rare opportunity to testify before Congress regarding the Costs and Burdens of eDiscovery in Washington D.C.  The following dialogue captures his experiences and observations testifying before the House Judiciary Committee’s Subcommittee on the Constitution.

Matthew Nelson: What was it like testifying before Congress and why did you feel compelled to testify?

William P. Butterfield: It was my first time testifying before Congress, so I wasn’t sure what to expect.  But it was a positive experience for me, and I’m glad that I was asked to testify.  While there is an organized, and well-financed effort by some in the corporate community to make drastic revisions to the Federal Rules of Civil Procedure, or civil rules, there is also a large segment of the bar (including many attorneys who are thought leaders in this area) who think that the types of “cures” under consideration will do more harm than good.  I think it’s important to give voice to that view, and that is why I testified.

Nelson: What were some of the key points you and other witnesses with different viewpoints made during the hearing?

Butterfield: Rebecca Kourlis, executive director of the Institute for the Advancement of the American Legal System (IAALS), testified that the cost of litigation is in part responsible for fewer trials.  She said that IAALS supports a three-pronged approach to address the problem:  1) More effective judicial case management, 2) Increased cooperation and 3) Rules revisions.  Importantly, Justice Kourlis said that we should defer to the Standing Committee and the Civil Rules Advisory Committee of the Judicial Conference, which is addressing the issues.

William Hubbard, assistant professor of law at the University of Chicago, testified about the costs of preservation and eDiscovery, noting that the costs are relatively modest in most cases.  He testified that most of the high discovery costs are occurring in a very few (5%) cases.

Thomas Hill, associate general counsel at General Electric, testified that the current Federal Rules of Civil Procedure (FRCP) result in American companies waste billions of dollars on unnecessary document preservation and production.  He indicated that part of the problem is that companies must preserve documents before a lawsuit is filed, and often they preserve where no lawsuit is ever filed.  He provided examples of occasions where GE spent more in preservation than the money at stake in the litigation.

My testimony focused on three things:  1) Our legal system depends on discovery and some of the proposals from those seeking drastic rules changes would undermine our goal of searching for the truth in litigation and resolving disputes on the merits; 2) The fear of sanctions that some companies claim are causing them to over-preserve is overblown, given that sanctions are sought in just 1/15th of 1% of federal court cases, and are granted in only about half of those cases; 3) A review of sanctions decisions demonstrates that parties are not getting sanctioned where they acted in good faith.  Rather, they are being sanctioned for egregious conduct.

Nelson: Did you sense a split among party lines or among certain members of Congress or some kind of overwhelming consensus on any issues?

Butterfield: Predictably, there appeared to be some differences between parties, although it is hard to say what reflects the views of Republicans on the committee, because only one of their members participated.  The Democrats expressed two general views:  1) Although eDiscovery presents challenges to litigants, it has been valuable in uncovering critical evidence and is very beneficial to the goals of discovery in general, 2) Congress should not interfere with the Rules Committee, which is carefully studying these issues.  The Republicans, represented by the Subcommittee Chair, Trent Franks, took the position that the current discovery rules do not promote the objectives of Rule 1, which provides that litigation should be just, speedy and inexpensive.  Franks said that the civil rules regarding preservation and spoliation sanctions are too vague, and parties are therefore required to preserve excessive amounts of information.  But despite those differences, I didn’t observe any member calling for congressional intervention at this time.

Nelson: What struck you as interesting or important and what do you expect will be the outcome or next steps for Congress?

Butterfield: What struck me as interesting (and surprising) was that only one member from the majority participated in the hearing.  Nothing during the hearing led me to believe that Congress would interfere with the Rules Committee’s work and process.

For those interested in hearing more, visit the United States Courts website to listen to a full recording of the hearing. To learn more about FRCP developments follow Matt Nelson on Twitter at @InfoGovlawer

The eDiscovery frenzy that has gripped the American legal system over the past decade has become increasingly expensive.  Particularly costly to both clients and courts is the process of preserving, collecting and producing documents.  This was supposed to change after the Federal Rules of Civil Procedure (FRCP) were amended in 2006.  After all, weren’t the amended rules designed to streamline discovery, allowing parties to focus on the merits while making discovery costs more reasonable?  Instead, it seems the rules have spawned more collateral discovery disputes than ever before about preservation, collection and production issues.

As a solution to these costs, the eDiscovery cognoscenti are emphasizing the concept of “proportionality.”  Proportionality typically requires that the benefits of discovery be commensurate with its corresponding burdens.  Under the Federal Rules of Civil Procedure, the directive that discovery be proportional is found in Rules 26(c), 26(b)(2)(C) and Rule 26(b)(2)(B).  Under Rule 26(c), courts may generally issue protective orders that limit or even proscribe discovery that causes “annoyance, embarrassment, oppression, or undue burden or expense.”  More specifics are set forth in Rule 26(b)(2)(C), which enables courts to restrict discovery if the requests are unreasonably cumulative or duplicative, the discovery can be obtained from an alternative source that is less expensive or burdensome, or the burden or expense of the discovery outweighs its benefit.  In the specific context of electronic discovery, Rule 26(b)(2)(B) restricts the discovery of backup tapes and other electronically stored information that are “not reasonably accessible” due to “undue burden or cost.”

Despite the existence of these provisions, they are often bypassed.  The most recent and notable example of this trend is found in Pippins v. KPMG (S.D.N.Y. Oct. 7, 2011).  In Pippins, the court ordered the defendant accounting firm to continue preserving thousands of employee hard drives.  In so doing, the court sidestepped the firm’s proportionality argument, citing Orbit One v. Numerex (S.D.N.Y. 2010) for the premise that such a standard is “too amorphous” and therefore unworkable.  Regardless of cost or burden, the court reasoned that “prudence” required preservation of all relevant materials “until a more precise definition [of proportionality] is created by rule.”

The Pippins order and its associated costs for the firm – potentially into the millions of dollars – has given new fuel to the argument that an amended federal rule should be implemented to include a more express mandate regarding proportionality.  Surprisingly enough, a blueprint for such an amended rule is already in place in the State of Utah.  Effective November 1, 2011, Utah implemented sweeping changes to civil discovery practice through amended Civil Procedure Rule 26.  The new rule makes proportionality the standard now governing eDiscovery in Utah.

Proportionality Dictates the Scope of Permissible Discovery

Utah Rule 26 has changed the permissible scope of discovery to expressly condition that all discovery meet the standards of proportionality.  That means parties may seek discovery of relevant, non-privileged materials “if the discovery satisfies the standards of proportionality.”  This effectively shifts the burden of proof on proportionality from the responding party to the requesting party.  Indeed, Utah Rule 26(b)(3) specifically codifies this stunning change:  “The party seeking discovery always has the burden of showing proportionality and relevance.”  This stands in sharp contrast to Federal Rules 26(b)(2) and 26(c), which require the responding party to show the discovery is not proportional.

The “standards of proportionality” that have been read into Utah Rule 26 incorporate those found in Federal Rule 26(b)(2)(C).  In addition, Utah Rule 26 requires that discovery be “reasonable.”  Reasonableness is to be determined on the needs of a given case such as the amount in controversy, the parties’ resources, the complexity and importance of the issues, and the role of the discovery in addressing such issues.  Last but not least, discovery must expressly comply with the cost cutting mandate of Rule 1 and thereby “further the just, speedy and inexpensive determination of the case.”

Proportionality Limits the Amount of Discovery

To further address the burdens and costs of disproportionate discovery, Utah Rule 26(c) limits the amount of discovery that parties may conduct as a matter of right based on the specific amounts in controversy.  For those matters involving damages of $300,000 or more, parties may propound 20 interrogatories, document requests and requests for admissions.  Total fact deposition time is restricted to a mere 30 hours.  For matters between $50,000 and $300,000, those figures are halved.  And for matters under $50,000, only five document requests and requests for admissions are allotted to the parties.  Fact depositions are curtailed to three hours total per side, while interrogatories are eliminated.

If these limits are too restrictive, parties may request “extraordinary discovery” under Rule 26(c)(6).  However, any such request must demonstrate that the sought after discovery is “necessary and proportional” under the rules.  The parties must also certify that a budget for the discovery has been “reviewed and approved.”

A Potential Model for Federal Discovery Rule Amendments

Utah Rule 26 could perhaps serve as a model for amending the scope of permissible discovery under the Federal Rules.  Like Utah Rule 26, Federal Rule 26 could be amended to expressly condition discovery on meeting the principles of proportionality.  The Federal Rules could also be modified to ensure the propounding party always has the burden of demonstrating the fact specific good cause for its discovery.  Doing so would undoubtedly force counsel and client to be more precise with their requests and do away with the current regime of “promiscuous discovery.”  Calcor Space Facility, Inc. v. Superior Court, 53 Cal.App.4th 216, 223 (1997) (urging courts to “aggressively” curb discovery abuses which, “like a cancerous growth, can destroy a meritorious cause or defense”).

Tiering the amounts of permitted discovery based on alleged damages could also reduce the costs of discovery.  With limited deposition time and fewer document requests, discovery of necessity would likely focus on the merits instead of eDiscovery sideshows.  Coupling this with an “extraordinary discovery” provision would enable courts to exercise greater control over the process and ensure that genuinely complex matters are litigated efficiently.

If all of this seems like a radical departure from established discovery practice, consider that the new Model Order on E-Discovery in Patent Cases has also incorporated tiered and extraordinary discovery provisions.  See DCG Systems v. Checkpoint Technologies (N.D. Ca. Nov. 2, 2011) (adopting the model order and explaining the benefits of limiting eDiscovery in patent cases).

For those who are seeking a vision of how proportionality might be incorporated into the Federal Rules, new Utah Rule 26 could be a blueprint for doing so.

As 2011 comes quickly to a close we’ve attempted, as in years past, to do our best Carnac impersonation and divine the future of eDiscovery.  Some of these predictions may happen more quickly than others, but it’s our sense that all will come to pass in the near future – it’s just a matter of timing.

1. Technology Assisted Review (TAR) Gains Speed.  The area of Technology Assisted Review is very exciting since there are a host of emerging technologies that can help make the review process more efficient, ranging from email threading, concept search, clustering, predictive coding and the like.  There are two fundamental challenges however.  First, the technology doesn’t work in a vacuum, meaning that the workflows need to be properly designed and the users need to make accurate decisions because those judgment calls often are then magnified by the application.  Next, the defensibility of the given approach needs to be well vetted.  While it’s likely not necessary (or practical) to expect a judge to mandate the use of a specific technological approach, it is important for the applied technologies to be reasonable, transparent and auditable since the worst possible outcome would be to have a technology challenged and then find the producing party unable to adequately explain their methodology.
2. The Custodian-Based Collection Model Comes Under Stress. Ever since the days of Zubulake, litigants have focused on “key players” as a proxy for finding relevant information during the eDiscovery process.  Early on, this model worked particularly well in an email-centric environment.  But, as discovery from cloud sources, collaborative worksites (like SharePoint) and other unstructured data repositories continues to become increasingly mainstream, the custodian-oriented collection model will become rapidly outmoded because it will fail to take into account topically-oriented searches.  This trend will be further amplified by the bench’s increasing distrust of manual, custodian-based data collection practices and the presence of better automated search methods, which are particularly valuable for certain types of litigation (e.g., patent disputes, product liability cases).
3. The FRCP Amendment Debate Will Rage On – Unfortunately Without Much Near Term Progress. While it is clear that the eDiscovery preservation duty has become a more complex and risk laden process, it’s not clear that this “pain” is causally related to the FRCP.  In the notes from the Dallas mini-conference, a pending Sedona survey was quoted referencing the fact that preservation challenges were increasing dramatically.  Yet, there isn’t a consensus viewpoint regarding which changes, if any, would help improve the murky problem.  In the near term this means that organizations with significant preservation pains will need to better utilize the rules that are on the books and deploy enabling technologies where possible.
4. Data Hoarding Increasingly Goes Out of Fashion. The war cry of many IT professionals that “storage is cheap” is starting to fall on deaf ears.  Organizations are realizing that the cost of storing information is just the tip of the iceberg when it comes to the litigation risk of having terabytes (and conceivably petabytes) of unstructured, uncategorized and unmanaged electronically stored information (ESI).  This tsunami of information will increasingly become an information liability for organizations that have never deleted a byte of information.  In 2012, more corporations will see the need to clean out their digital houses and will realize that such cleansing (where permitted) is a best practice moving forward.  This applies with equal force to the US government, which has recently mandated such an effort at President Obama’s behest.
5. Information Governance Becomes a Viable Reality.  For several years there’s been an effort to combine the reactive (far right) side of the EDRM with the logically connected proactive (far left) side of the EDRM.  But now, a number of surveys have linked good information governance hygiene with better response times to eDiscovery requests and governmental inquires, as well as a corresponding lower chance of being sanctioned and the ability to turn over less responsive information.  In 2012, enterprises will realize that the litigation use case is just one way to leverage archival and eDiscovery tools, further accelerating adoption.
6. Backup Tapes Will Be Increasingly Seen as a Liability.  Using backup tapes for disaster recovery/business continuity purposes remains a viable business strategy, although backing up to tape will become less prevalent as cloud backup increases.  However, if tapes are kept around longer than necessary (days versus months) then they become a ticking time bomb when a litigation or inquiry event crops up.
7. International eDiscovery/eDisclosure Processes Will Continue to Mature. It’s easy to think of the US as dominating the eDiscovery landscape. While this is gospel for us here in the States, international markets are developing quickly and in many ways are ahead of the US, particularly with regulatory compliance-driven use cases, like the UK Bribery Act 2010.  This fact, coupled with the menagerie of international privacy laws, means we’ll be less Balkanized in our eDiscovery efforts moving forward since we do really need to be thinking and practicing globally.
8. Email Becomes “So 2009” As Social Media Gains Traction. While email has been the eDiscovery darling for the past decade, it’s getting a little long in the tooth.  In the next year, new types of ESI (social media, structured data, loose files, cloud context, mobile device messages, etc.) will cause headaches for a number of enterprises that have been overly email-centric.  Already in 2011, organizations are finding that other sources of ESI like documents/files and structured data are rivaling email in importance for eDiscovery requests, and this trend shows no signs of abating, particularly for regulated industries. This heterogeneous mix of ESI will certainly result in challenges for many companies, with some unlucky ones getting sanctioned because they ignored these emerging data types.
9. Cost Shifting Will Become More Prevalent – Impacting the “American Rule.” For ages, the American Rule held that producing parties had to pay for their production costs, with a few narrow exceptions.  Next year we’ll see even more courts award winning parties their eDiscovery costs under 28 U.S.C. §1920(4) and Rule 54(d)(1) FRCP. Courts are now beginning to consider the services of an eDiscovery vendor as “the 21st Century equivalent of making copies.”
10. Risk Assessment Becomes a Critical Component of eDiscovery. Managing risk is a foundational underpinning for litigators generally, but its role in eDiscovery has been a bit obscure.  Now, with the tremendous statistical insights that are made possible by enabling software technologies, it will become increasingly important for counsel to manage risk by deciding what types of error/precision rates are possible.  This risk analysis is particularly critical for conducting any variety of technology assisted review process since precision, recall and f-measure statistics all require a delicate balance of risk and reward.

In their latest survey, entitled “E-Discovery Market Trends: A View from the Legal Department,” Enterprise Strategy Group (ESG) analysts Brian Babineau and Katey Wood analyze a number of interesting statistics and provide a range of insightful conclusions.  By surveying general counsel from large, mid-market (500-999 employees) and enterprise-class organizations in North America they were able to dive into a range of eDiscovery topics, including pain points, operational expenses and prioritizations on a go-forward basis.  Some are more intuitive than others, but in either case the results serve as good calibration metrics for those who endeavor to understand the corporate eDiscovery state of the nation.

“Most corporations are not tracking e-discovery spending…” In what may be the most notable finding of this ESG report, 60% of survey respondents claim that they did not track annual eDiscovery spending in 2010.  The authors correctly note that the eDiscovery process, “which can be highly unpredictable due to its project-by-project nature to begin with, has historically been outsourced to service providers charging at variable rates and often billed back to companies via their law firms.”  Despite the significant challenges of tracking eDiscovery spending, it’s nevertheless irresponsible for organizations to keep their heads in the sand regarding such a significant operational expense.

As the old saw goes, “you can’t manage what you can’t measure,” so it’s almost inconceivable to think that so many organizations aren’t tracking such a significant expense category.  For organizations who want to create a repeatable business process, as opposed to the fire-drill chaos that is typically associated with eDiscovery, it’s vitally important to accurately capture core eDiscovery metrics.  For starters, it’s useful to understand basic collection parameters, such as of the typical numbers of key custodians, average data volumes per custodian, data expansion rates, de-duplication statistics, etc.  Once these metrics are in place, it then becomes possible to manage the process and reduce costs.

Katey went on to expound in an exclusive quote for EDD 2.0:

“E-discovery can be managed as a strategic business process with an understanding of costs, performance and outcomes. When there’s no basis for reporting or comparison, it’s pin the tail on the donkey.  Corporate litigants won’t ever know they’re getting their money’s worth if they don’t even know what they’re spending.”

“E-Discovery accuracy/efficiency isn’t being measured, in large part.” Similar to the failure to measure eDiscovery costs, a full two thirds of GCs (67%) aren’t tracking the “efficiency and/or accuracy of e-discovery document review.” Until corporate counsel can link expectations of competency/efficiency with oversight and performance metrics, outside law firms will likely avoid having their feet held to the fire.  This passive stance makes transparency and process improvement difficult at best.  Additionally, this model of having expectations for efficiency, with low or no accountability, doesn’t bode well for the quick adoption of enabling technologies like predictive coding, since the driver has to inherently be the need/desire for increased efficiency (which axiomatically equals lower law firm review bills).

“Corporate information governance and litigation readiness (especially defensible deletion) are a priority, but not yet a reality.” From an internal prioritization perspective, more than two thirds (69%) of respondents identified their desire to expire/delete data more consistently, “thereby limiting unnecessary data retention for future litigation requests.”  Savvy enterprises correctly recognized the “multi-prong threat of unregulated data retention: the large amounts of irrelevant data ultimately produced for legal review, the greater difficulty of hanging onto potentially litigious documents past their required retention periods.”

This finding is very encouraging, and it ties into the upward momentum the industry is seeing regarding information governance generally – particularly linking the reactive (right) side of the EDRM with the logically connected and proactive (left) side of the EDRM.  As a good first step it’s critical to see organizations now associating good information governance hygiene with lower costs and better eDiscovery response times.  The ESG finding also triangulates with results from the recent Information Retention and eDiscovery Survey, which found that companies having good information governance hygiene were often able to respond much faster and more successfully to an eDiscovery/investigation requests, often suffering fewer negative consequences.

The only downside to the positive information governance trend, as reported by the survey, was that,

“while there are great benefits to defensible deletion, internal initiatives for implementing it too often are stymied by difficulty in obtaining cross functional consensus and authorization, particularly as it touches so many other critical processes like regulatory compliance and legal hold.”

“Legal hold processes are still very manual.” Another similar question revealed that many companies are attempting to get their information governance house in order, but are still in the very early stages.  When asked about their  current legal hold notification and tracking process, a whopping 69% of organizations said that they are using a “manual process performed by internal staff using e-mail and spreadsheets, etc.”  And, another 6% said they either had no formal process or tracking mechanism.

Given the risks attendant to flaws in the preservation process this area is ripe for improvement.  The good news is that 54% of survey respondents are intending to improve their legal hold process, with 25% planning improvement within the next 12 months.  This is a healthy acknowledgement that there is risk, and with a modicum of investment (time, personnel, procedures, and technology) the legal hold area can be brought up to current best practices.

The ESG survey is a welcome temperature gauge into the state of corporate legal departments.  It notes, in conclusion, “with the staggering growth, diversity and dispersion of data, the pain e-discovery is currently causing large and serial litigants are only a symptom of the larger problem of unwieldy and under-developed information management affecting all businesses.”  With data insights from the ESG survey, it’s becoming clear that foundational information governance elements (like deploying auditable legal hold procedures, tracking eDiscovery spending, updating data maps, etc.) are desperately needed by the many organizations that want to turn eDiscovery into a repeatable business process.  The good news is that many of these organization have improvements in mind for the next 12 months, and the challenge will be to make sure these proactive projects maintain the same level of organizational urgency that it often present for more reactive tasks.

Fulbright & Jaworski has conducted their Litigation Trends survey for nearly the past decade and the results are always interesting since they tend to capture the mindset of inside counsel and litigators as they anticipate the upcoming year.  In their 8th Annual Litigation Trends Survey, Fulbright noted that 92% of U.S. respondents predict that litigation will either increase or stay the same in the upcoming year.  This trend bodes well for players in the litigation services and eDiscovery sectors, and confirms the counter cyclical nature of the industry.  Breaking down the perceived increases across industry verticals, the Survey noted that the biggest anticipated jumps were in the technology, financial services, healthcare and insurance sectors.  Meanwhile energy (the leading sector from the prior year) was one of the few that predicted a decrease.

Going behind the scenes, there were a number of factors that caused respondents to predict litigation increases.  First and foremost, respondents indicated that “stricter regulation was the number one reason” for the increases, particularly with insurance, financial services, health care and retail sectors.  These concerns around regulatory compliance have been increasingly keeping GCs and corporate boards awake as the governance climate continues to heat up.  This regulation driver showed a demonstrable increase with 46% of all respondents having retained outside counsel to assist with regulatory proceedings, up from 37% in the prior year.  The Survey noted that U.S. companies facing a regulatory investigation were most likely to be under pressure from the DOJ (27%), State Attorney General (24%), OSHA (18%), the EPA (16%) and U.S. Attorney (13%).  Also on the regulatory front, U.S. respondents have increasingly begun to recognize the potential jurisdictional reach of the U.K. Bribery Act, with 25% of U.S. companies stating that they have already conducted a review of existing procedures in preparation for implementation.

In addition to managing risk, most in-house counsel are keenly concerned with controlling litigation costs.  The good news here is that associated costs are predicted to be generally flat.  Yet, eDiscovery remained the largest category targeted for increased spending, with 18% of respondents making this their top priority.  Interestingly, though, large enterprises seem to have been doing a good job of getting eDiscovery expenses under control (likely by taking expensive elements of the EDRM in-house), with these expenses declining among the largest companies, from 42% last year to 24% this year.

The Survey noted that the use of cloud computing has gained speed, with 34% of all public companies using the cloud.  And yet, only 40% of those companies using cloud computing have had “to preserve and/or collect data from the cloud in connection with actual or threatened litigation, disputes or investigations.”  This number appears curiously light, and it should definitely rise during the upcoming year as the plaintiff’s bar gets more savvy about this relatively new source of responsive electronically stored information (ESI).

On the narrower eDiscovery front, the Survey honed in on newer issues like cooperation.  Here, the Survey noted that this Sedona-sponsored concept still hasn’t completely taken hold, with nearly 40% of all respondents claiming that “their company has not made the effort to be more transparent or cooperative” due to a litigation strategy of “defending on all fronts.”  This area appears particularly muddled, with one third saying their previous attempts haven’t been reciprocated and another quarter feeling that their company was already transparent.

All in all,  the 2011 Fulbright Litigation Trends Survey notes trends that appear to be largely in line with the primary drivers of (1) managing risk and (2) lowering litigation costs.  On the risk side, compliance with an increasingly complex regulatory environment is offsetting any potential lull in the litigation environment.  And, on the cost side, eDiscovery continues to be a hot button issue, particularly with the relatively new challenges associated with ESI distributed on social media, cloud computing and mobile sources.

The data explosion that has burdened organizations across the globe for the past decade has become increasingly expensive to manage.  Many experts point to storage as the most obvious culprit for higher information governance costs.  There are, however, other factors driving those costs.  For example, demands for electronically stored information in legal and regulatory proceedings have significantly increased expenses surrounding data management.  Those demands have forced organizations to meet the high expectations that courts and regulatory bodies have for how they address their information or face the consequences.

Those consequences include sanctions and regulatory fines for groups that fail to account for how they store, manage and discover their information.  The $919 million verdict rendered in the E.I. du Pont de Nemours v. Kolon Industries case is paradigmatic of this trend.  That verdict was inextricably intertwined with the court’s instruction to the jury that executives and employees for defendant Kolon Industries deleted key evidence after the company’s preservation duty was triggered.

Going to Cloud Services for Data Archiving and eDiscovery

These rising data costs – and the risks they pose – are driving organizations to explore new technologies and methods for managing their data.  The latest alternative to traditional on-premise solutions involves leveraging cloud-based services.

The hype surrounding the cloud has generally focused on the opportunity for cheap and unlimited storage.  While cost effective data storage is important, that factor alone should not be determinative for selecting a cloud service provider.  Organizations must have the actual – not theoretical – ability to retrieve their data and do so in real time.  Otherwise, they may not be able to satisfy legal or regulatory requests, let alone the day-to-day demands of their operations.

In an analogous context, courts have traditionally compelled paper document productions even though the requested materials may be buried in a messy warehouse.  In one such case from this year, a U.S. district court in New York ordered a company to turn over decades-old records that were commingled with other materials in poorly labeled, shrink-wrapped boxes.  The court reasoned that disorganized record-keeping should not excuse an organization from producing relevant information.  See Brooks v. Macy’s (S.D.N.Y. May 6, 2011).

The rationale from the Brooks case is equally applicable to cloud-based services.  Cloud-based data must be intelligently organized so that companies can retrieve data in a timely fashion for business and legal purposes.  Otherwise, the savings achieved through cheap storage will be negated by the resulting legal quagmire.

Paring Back Superfluous and Duplicative Information

To facilitate the data retrieval process, the right cloud service provider should have the capacity to implement and observe applicable company retention policies.  An effective retention policy will generally help a company retain information that must be kept for business, legal or regulatory purposes – and nothing else.  The service provider should enable automated retention rules to ensure that information is kept only for a designated time period.  This will allow data to be expired once it reaches the end of that period.  And by expiring that data, the company will limit the amount of potentially relevant information available for follow-on litigation.

The pool of information can also be decreased through single instance storage.  This deduplication technology eliminates redundant data by preserving only a master copy of each document placed into the cloud.  This will reduce the amount of data that needs to be identified, collected and reviewed as part of the electronic discovery process.  For while unlimited data storage may seem ideal now, reviewing unlimited amounts of data will quickly become a logistical and costly nightmare.

Tools to Facilitate Discovery

A cloud service provider should ideally have eDiscovery functionality.  At a minimum, the service provider should be able to deploy legal holds to prevent users or automated policies from overwriting and destroying data.  Advanced search capabilities should also be included within the cloud-based service to reduce the amount of data that must be analyzed and then reviewed.  Moreover, the provider should support compatible load formats for export to third party review software.

Another key discovery issue is whether the cloud service provider can establish a clear audit trail for transmissions of company data.  Since information could be modified in transit by the routine operation of a service provider’s computer systems, an audit trail is necessary to prove that company documents and their metadata were not affected or otherwise compromised during transmission.  Without this assurance, a company may not be able to demonstrate the authenticity of its data before a tribunal or comply with key regulations.

A cloud server provider that can quickly retrieve and efficiently discover data has the potential to help organizations address their legal and regulatory demands in a cost effective manner.  Such a provider may be just the solution for organizations that are looking to properly address their runaway information governance costs.

It is axiomatic that the law helps those who help themselves.  Perhaps nowhere is that truism more applicable than in the context of electronic discovery.  The organization that implements an effective information governance strategy – including developing reasonable data retention policies – will likely avoid court sanctions and reduce its legal costs.  This was confirmed in a recent industry survey, which found that organizations “help themselves” when they develop information retention policies.  According to the survey, better retention practices drive dramatically better outcomes in litigation, particularly in the context of retention and preservation.

Such a finding is echoed by a recent case issued from the District of Indiana.  In Haraburda v. Arcelor Mittal U.S.A., Inc. (D. Ind. June 28, 2011), the court tied a litigant’s preservation duty to its document retention efforts.  In order to discharge its duty to reactively preserve evidence, the court reasoned that enterprises must proactively create “a ‘comprehensive’ document retention policy that will ensure that relevant documents are retained.”  Failing to implement a retention policy often results in a loss of key information.  And this, opined the court, may result in sanctions.

Such a finding is not limited to an isolated case.  Court decisions from across the United States in 2011 have found the same connection; better data retention practices yield more successful document preservation results.  For example, in the E.I. du Pont de Nemours v. Kolon Industries (E.D. Va. April 27, 2011), the plaintiff manufacturer defeated a sanctions motion due to its effective information retention procedures.   The manufacturer implemented a document retention policy that typically kept emails from former employee accounts for 60 days, after which the emails were overwritten and deleted.   Among the emails deleted pursuant to that policy were several that the defendant argued were relevant to its counter-claims.  The DuPont court declined to impose sanctions, however, since the emails in question were overwritten before the duty to preserve was triggered.  Instead, the court lauded the manufacturer’s preservation efforts, finding that it “took positive steps reasonably calculated to ensure that information . . . was preserved for litigation.”  Because the manufacturer faithfully observed its established retention policy, it reduced a stockpile of email, made relevant documents unavailable for discovery and was still protected from court sanctions.

Similarly, in Viramontes v. U.S. Bancorp (N.D.Ill. Jan. 27, 2011), the defendant bank relied on its data retention protocols to stave off a sanctions motion after deleting several years of email.  Because those emails were destroyed pursuant to a neutral retention policy before a preservation duty attached, the bank was protected from sanctions under the Federal Rule of Civil Procedure 37(e) safe harbor for the destruction of electronic information.

The converse, of course, is also true.  Those organizations that failed to implement effective retention policies have fared poorly in discovery because they have not preserved relevant ESI.  Take the defendant, for instance, in Northington v. H & M International (N.D.Ill. Jan. 12, 2011).  The court issued an adverse inference jury instruction against that company because it spoliated significant emails and other data.  The genesis of this spoliation was the company’s failure to establish a formal document retention policy.  Instead of having a thoughtful, top-down approach, “data retention . . . was evidently handled on an ad hoc, case-by-case basis.”  The company’s failure to develop a pre-litigation information retention policy eventually led to the loss of key information and the court’s sanctions award.

These recent cases and others confirm the correlation between retention and preservation.  Simply put, proactive retention leads to better preservation in eDiscovery.  Anything less could be disastrous in litigation.