e-discovery 2.0

The eDiscovery frenzy that has gripped the American legal system over the past decade has become increasingly expensive.  Particularly costly to both clients and courts is the process of preserving, collecting and producing documents.  This was supposed to change after the Federal Rules of Civil Procedure (FRCP) were amended in 2006.  After all, weren’t the amended rules designed to streamline discovery, allowing parties to focus on the merits while making discovery costs more reasonable?  Instead, it seems the rules have spawned more collateral discovery disputes than ever before about preservation, collection and production issues.

As a solution to these costs, the eDiscovery cognoscenti are emphasizing the concept of “proportionality.”  Proportionality typically requires that the benefits of discovery be commensurate with its corresponding burdens.  Under the Federal Rules of Civil Procedure, the directive that discovery be proportional is found in Rules 26(c), 26(b)(2)(C) and Rule 26(b)(2)(B).  Under Rule 26(c), courts may generally issue protective orders that limit or even proscribe discovery that causes “annoyance, embarrassment, oppression, or undue burden or expense.”  More specifics are set forth in Rule 26(b)(2)(C), which enables courts to restrict discovery if the requests are unreasonably cumulative or duplicative, the discovery can be obtained from an alternative source that is less expensive or burdensome, or the burden or expense of the discovery outweighs its benefit.  In the specific context of electronic discovery, Rule 26(b)(2)(B) restricts the discovery of backup tapes and other electronically stored information that are “not reasonably accessible” due to “undue burden or cost.”

Despite the existence of these provisions, they are often bypassed.  The most recent and notable example of this trend is found in Pippins v. KPMG (S.D.N.Y. Oct. 7, 2011).  In Pippins, the court ordered the defendant accounting firm to continue preserving thousands of employee hard drives.  In so doing, the court sidestepped the firm’s proportionality argument, citing Orbit One v. Numerex (S.D.N.Y. 2010) for the premise that such a standard is “too amorphous” and therefore unworkable.  Regardless of cost or burden, the court reasoned that “prudence” required preservation of all relevant materials “until a more precise definition [of proportionality] is created by rule.”

The Pippins order and its associated costs for the firm – potentially into the millions of dollars – has given new fuel to the argument that an amended federal rule should be implemented to include a more express mandate regarding proportionality.  Surprisingly enough, a blueprint for such an amended rule is already in place in the State of Utah.  Effective November 1, 2011, Utah implemented sweeping changes to civil discovery practice through amended Civil Procedure Rule 26.  The new rule makes proportionality the standard now governing eDiscovery in Utah.

Proportionality Dictates the Scope of Permissible Discovery

Utah Rule 26 has changed the permissible scope of discovery to expressly condition that all discovery meet the standards of proportionality.  That means parties may seek discovery of relevant, non-privileged materials “if the discovery satisfies the standards of proportionality.”  This effectively shifts the burden of proof on proportionality from the responding party to the requesting party.  Indeed, Utah Rule 26(b)(3) specifically codifies this stunning change:  “The party seeking discovery always has the burden of showing proportionality and relevance.”  This stands in sharp contrast to Federal Rules 26(b)(2) and 26(c), which require the responding party to show the discovery is not proportional.

The “standards of proportionality” that have been read into Utah Rule 26 incorporate those found in Federal Rule 26(b)(2)(C).  In addition, Utah Rule 26 requires that discovery be “reasonable.”  Reasonableness is to be determined on the needs of a given case such as the amount in controversy, the parties’ resources, the complexity and importance of the issues, and the role of the discovery in addressing such issues.  Last but not least, discovery must expressly comply with the cost cutting mandate of Rule 1 and thereby “further the just, speedy and inexpensive determination of the case.”

Proportionality Limits the Amount of Discovery

To further address the burdens and costs of disproportionate discovery, Utah Rule 26(c) limits the amount of discovery that parties may conduct as a matter of right based on the specific amounts in controversy.  For those matters involving damages of $300,000 or more, parties may propound 20 interrogatories, document requests and requests for admissions.  Total fact deposition time is restricted to a mere 30 hours.  For matters between $50,000 and $300,000, those figures are halved.  And for matters under $50,000, only five document requests and requests for admissions are allotted to the parties.  Fact depositions are curtailed to three hours total per side, while interrogatories are eliminated.

If these limits are too restrictive, parties may request “extraordinary discovery” under Rule 26(c)(6).  However, any such request must demonstrate that the sought after discovery is “necessary and proportional” under the rules.  The parties must also certify that a budget for the discovery has been “reviewed and approved.”

A Potential Model for Federal Discovery Rule Amendments

Utah Rule 26 could perhaps serve as a model for amending the scope of permissible discovery under the Federal Rules.  Like Utah Rule 26, Federal Rule 26 could be amended to expressly condition discovery on meeting the principles of proportionality.  The Federal Rules could also be modified to ensure the propounding party always has the burden of demonstrating the fact specific good cause for its discovery.  Doing so would undoubtedly force counsel and client to be more precise with their requests and do away with the current regime of “promiscuous discovery.”  Calcor Space Facility, Inc. v. Superior Court, 53 Cal.App.4th 216, 223 (1997) (urging courts to “aggressively” curb discovery abuses which, “like a cancerous growth, can destroy a meritorious cause or defense”).

Tiering the amounts of permitted discovery based on alleged damages could also reduce the costs of discovery.  With limited deposition time and fewer document requests, discovery of necessity would likely focus on the merits instead of eDiscovery sideshows.  Coupling this with an “extraordinary discovery” provision would enable courts to exercise greater control over the process and ensure that genuinely complex matters are litigated efficiently.

If all of this seems like a radical departure from established discovery practice, consider that the new Model Order on E-Discovery in Patent Cases has also incorporated tiered and extraordinary discovery provisions.  See DCG Systems v. Checkpoint Technologies (N.D. Ca. Nov. 2, 2011) (adopting the model order and explaining the benefits of limiting eDiscovery in patent cases).

For those who are seeking a vision of how proportionality might be incorporated into the Federal Rules, new Utah Rule 26 could be a blueprint for doing so.

Few people on the planet know more about federal rulemaking than John Rabiej, The Sedona Conference’s Director for Judicial Outreach.  John’s experience is the result of serving as the Chief of the Rules Committee Support Office for nearly two decades, where he routinely worked with federal judges, including current Chief Justice of the U.S. Supreme Court, John Roberts.  A key part of supporting the rulemaking process included building consensus among many different groups and individuals who sometimes held vastly different notions of whether and how rules should be changed.

In addition to his role with The Sedona Conference, John is an accomplished author who has written extensively on rules related issues.  His publications include contributions to Moore’s Federal Practice, the Federal Lawyer, and Weinsten’s Federal Evidence.  I’m pleased to provide John’s take on the increasingly public debate about whether or not the Federal Rules of Civil Procedure (FRCP) should be amended.

Nelson: You are recognized as one of the leading experts on the Federal Rule making process.  How did you gain that experience and notoriety?

Rabiej: I established the rules committee office within the Administrative Office of United States Courts nearly two decades ago to provide staff support to the Judicial Conference Committee on Rules of Practice and Procedure and its five advisory rules committees.  In this capacity, I had the privilege and honor of working very closely with 31 federal circuit, district, and bankruptcy judges who chaired a rules committee. These chairs were personally selected by the Chief Justice and represented the very best of the federal judiciary.  I learned from each of them and put their wise counsel to good use when I, in turn, provided advice to their successors.  At the same time, I worked closely with the committee reporters, who are each stellar academics with national reputations for excellence.  Over the years, I built up an institutional knowledge of rule amendments based on first-hand experiences.

I soon realized that rulemaking is a transparent, formal, quasi-legislative process, which typically requires a great deal of information gathering, consultation with interested groups, and consensus building.  I played a unique role because I coordinated the rules work among the rules committees, other Judicial Conference committees, members of the Judicial Conference, Supreme Court staff, Congressional members and staff, Executive Branch officials, major bar organizations, academics, and interest groups.  Because the federal rules have the force of law, buy-in from all these various major actors was a critical component of success.  And many of my responsibilities were to ensure that the rules committees were advised of the concerns and different points of view of these various individuals and entities.

Nelson: Are there any interesting stories or life lessons you can share about working with any of the committee chairs and members?

Rabiej: Without exception, every rules committee chair in my experience has not only been exceptionally bright and intelligent, but also considerate and kind on a personal human level. They each displayed the highest level of judicial temperament.  A good example is Chief Justice (then Judge) John Roberts’ patience in handling a particularly difficult public hearing.  Several years ago, an elderly lawyer requested to testify on a proposed amendment to the Appellate Rules.  I was unable to persuade the lawyer to withdraw the request, even though his request was the only one.  Judge Roberts generously agreed to preside over the hearing by himself on the committee’s behalf.  Witnesses testifying at rules hearings typically are given 10 minutes to make their presentations.  With only Judge Roberts, a stenographer, and me in the hearing room, the lawyer made a 30-minute rambling presentation, which solely addressed a local incident allegedly involving criminal misconduct.  It had absolutely nothing to do with the procedural appellate rule proposal under consideration.  Judge Roberts never interrupted the lawyer.  He patiently listened, genuinely was interested in the lawyer’s story, and responded with courtesy to all the lawyer’s questions.  At the end, the lawyer was satisfied that he had his day in “court” and walked away content.  This is only one of many examples of my experiences with rules committee judges acting in the finest traditions of the federal judiciary.

Nelson: Who is lobbying for changes to the Federal Rules of Civil Procedure (“Rules”) and why?

Rabiej: Most rule amendment proposals are not controversial and are supported by general consensus.  But a few have been especially contentious.  Though rules are designed to apply to all parties in a neutral fashion, they can and do affect parties differently.  When large amounts of money hang in the balance, parties and their representatives go to great pains to make sure that the rules committees take into consideration their concerns and points of view. The current debate on preservation and sanctions issues is the most recent example.  The rules committees welcome such attention and close scrutiny because it leads to better and more informed rulemaking and greater buy-in from the affected parties and interest groups.

A loose coalition of officers from large corporations, corporate counsel, lawyers from large law firms, and interest groups, including Lawyers for Civil Justice, representing corporate and business clientele, is forming to advocate bold changes to the scope of discovery, which would narrow a party’s preservation obligations and limit a party’s vulnerability to spoliation sanctions.  They argue that the cost of preservation is skyrocketing and that the vast bulk of information preserved is unnecessary and has little to do with the merits of a case. They contend that all too often they are compelled by law to preserve voluminous information even though a law suit will never be filed. Opposing them is a similarly loose coalition of plaintiffs’ lawyers, law firms, and interest groups, including the Association for American Justice, representing interests of plaintiff lawyers, who defend the rules’ status quo, contending that little, if any, change is necessary and that any narrowing of the preservation obligation or discovery scope would deny the rights of their clients.  They contend that corporations are obligated under many different sources of law and regulations to preserve records irrespective of litigation demands.  They also contend that any change to the rules would unnecessarily increase the risk of destruction of evidence that is critical to the merits of the case.

Nelson: Are there viable alternatives to changing the Rules?

Rabiej: Lawyers in many cases do not raise any preservation or spoliation sanction issues with the court.  It is unclear to me whether such inaction in an individual case is a consequence of the lawyers’ ignorance of potential eDiscovery issues or of the lawyers’ cooperation in addressing eDiscovery issues before they become problems, which The Sedona Conference® strongly advocates.  (See The Sedona Conference® Cooperation Proclamation).  In wrestling with preservation and spoliation sanction issues, the rules committees recognize that rules rarely provide the entire answer and, in fact, rules typically have only a very limited effect.  Instead, judicial education, training of the bar, and changes in litigation culture offer more promising and permanent solutions.   The rules committees are actively exploring each of these avenues with outside groups, including the Federal Judicial Center and The Sedona Conference® among others, to promote such solutions.

Though the Judicial Conference of the United States strongly opposes direct amendment of the rules by legislation, it recognizes the Congressional prerogative to do so.  Congress has rarely exercised its prerogative, however, giving due deference to the rulemaking process and recognizing that the rules produced under the process are the best.  At the same time, rules committees understand that the Rules Enabling Act limits their authority to promulgating only procedural rules, which do “not abridge, enlarge or modify any substantive right.”  Rules committees are very circumspect about their rulemaking authority.  They are justifiably reluctant to pursue rules proposals that might be viewed by some to exceed their authority and encroach on Congress’s domain.  This “Rules Enabling Act” issue has been raised regarding some aspects of the preservation proposals under consideration. So the rules committees are confronted with issues that raise several exquisitely delicate questions of policy and comity.

Nelson: You’ve been involved in a lot of discussions regarding Rule amendments throughout your career.  How does the current discussion rate in terms of importance?

Rabiej: The current debate on preservation and spoliation sanctions raises issues about the scope of discovery, a major litigation cost.  Because the preservation costs incurred in some cases can be extremely large, the extent of spoliation sanctions for failing to preserve relevant information can be damaging, and the destruction of potentially critical evidence devastating.  It is not surprising that representatives of both plaintiffs and defendants are so passionately pressing their positions before the rule committees.  In my experience, the level of interest in these issues equals the interest shown in only a very few past controversial amendments, including proposals affecting class actions, Daubert evidentiary procedures, and the earlier discovery scope amendments in 2000.   The keen degree of interest in the issues under consideration is reflected by the extent of Congressional participation.  Five House Judiciary Committee members of the minority and majority staffs attended the recent Civil Rules Committee meeting on preservation-related amendments in Washington DC in November.  A hearing before the House Judiciary Subcommittee on the Constitution on preservation costs was recently scheduled, but later postponed until December 13, 2012.  It is clear to me that Congress will take a hard look at preservation costs and burdens.  The rules committees are not blind to Congressional interest.  The rulemaking process is a responsibility shared with Congress and the Executive Branch, and the rules committees give the views of the other two Branches due respect in their deliberations.

John Rabiej is an attorney, The Sedona Conference’s Director for Judicial Outreach, and former Chief of the Rules Committee Support Office.  To learn more about FRCP developments email Matt Nelson at Matt_Nelson@Symantec.com or follow Matt on Twitter at @InfoGovlawer.

Just like Marilyn Monroe stopped traffic in her white dress in The Seven Year Itch, enterprises are being stopped dead in their tracks by the data explosion, lack of information governance policies and overstuffed IT infrastructures.  During the 2004-05 timeframe, a large number of enterprises began migrating to an archive, and this trend has kept steady pace since.  Archiving historically began with email, but has been recently extended to many other forms of information, including social media, unstructured data and cloud content.  This adoption was somewhat related to the historic Zubulake ruling, that required preservation to attach upon “reasonable anticipation of litigation.”  Another significant driver behind the archive need is the ability to comply with a range of statutes and regulations.  The reality is it is difficult to preserve efficiently and defensibly without an archive and other automatic classification technologies.  Some companies still complete the information management and eDiscovery processes manually, but not without peril.

Currently, there is a sudden upsurge in corporations finally starting to shrink the archives that they implemented to manage email, legal preservation requirements and regulatory compliance.  After roughly seven years, over which time there have been many advances in technology, a shift in thinking is taking place with regard to information governance and data retention.  Change has been borne out of necessity, as infrastructures are suffering with the amount of data they are retaining and the pains associated with searching that data.  This shift will enable companies to delete with confidence, clean up their backup tapes, shrink their archives, and manage/expire data on a go-forward basis effectively.  Collectively, this type of good information governance hygiene allows organizations to minimize the litigation risk that’s attendant with bloated information stores.

One reason many archives have become so bloated is because many enterprises purchased archiving software, but did not properly enable expiry procedures according to a  defensible document retention policy.  This resulted in saving everything for the past seven or so years.  Another reason for retaining all data in the archive was because enterprises were afraid to delete anything fearing being accused of spoliation and/or the inability to retrieve data that should have been on legal hold.  These two reasons combined have resulted in companies being forced to address the impact of having to search this massive amount of data in the archive each time a matter arises.  The resulting workflow for data collection is time consuming and expensive, especially for companies that still employ third party vendors for data collection.  For many organizations, the situation has become unsustainable from both a legal and IT perspective.

In recent years, backup has been given less attention as archives have become more common, storage has become more affordable, and most lawyers argue that tapes are “inaccessible” – making restoration less common.  However, there is still an area of concern with regard to over-retention of backup, especially when organizations do not have an archive.  They may be required to produce backup tapes as much of the relevant information to a matter could be contained therein.  This has led to saving large numbers of backup tapes with no real knowledge of what data is on the tapes and no one wanting to be accountable for pulling the trigger on deletion.  When forced to restore backup tapes it can be expensive and an eDiscovery nightmare.

For example, in Moore v. Gilead Sciences (N.D. Ca. Nov. 16, 2011), the plaintiff sought production of “all archived emails” that he sent or received during his five-year tenure with the defendant pharmaceutical company.  The company objected to the request as being unduly burdensome.  The company argued that:

1. The emails were exclusively stored on its disaster recovery backup tapes;
2. It would cost $360,000 to index those tapes, exclusive of processing and review costs;
3. Many of the requested emails would not be retrieved since the company conducted its backups on monthly (not daily) intervals; and
4. Over 25,000 pages of the plaintiff’s emails had already been produced in the litigation.

It is common for the inaccessibility and unduly burdensome arguments to be made with regard to backup tapes to combat indexing and restoration.  However, where a discovery dispute has merit, courts routinely reject projected cost estimates (such as the company’s $360,000 figure) as being unfounded/speculative and order production nevertheless.  [See Pippins v. KPMG and Escamilla v. SMS Holdings Corp.]  Had the judge gone the other way on restoration in Moore, the outcome could have easily been different, expensive and detrimental to the company.

What does this mean for organizations keeping seven years or more of legacy content?  Firstly, take inventory on where backup tapes reside and determine if they need to be saved or if they can be deleted.  Most corporations have amassed many tapes that are only a legal liability at this point.  Technology exists today that can index and search what is on the tapes, enabling educated decisions to then be made about whether to delete and/or transfer to the archive for legal hold.  Essentially, new technology can give sight to the blind.  Those decisions must be made according to a plan and documented.  Backup should only be for disaster recovery.

Secondly, purchase an archive if the company does not yet have one and configure the archive to expire data according to the document retention policy that can protect the company’s data decisions under Safe Harbor laws.

Is the company experiencing what many others are right now, which is an archive that is bursting at the seams? If the company does have an archive, check to see if expiry has been properly deployed according to the company’s policy.  If not, initiate a project to free up the archive from information retention that is unnecessary and that should not be subject to discovery.  Again, this must be documented.  Archives are for discovery and they need to be lean, efficient, and executing the information management lifecycle.

Avoid the request for backup tapes in litigation by having a sufficient archive and clearly stating that backup tapes are solely for disaster recovery. Delete tapes when possible by analyzing what is on them with appropriate technology and through a documented process that will eliminate the possibility of them being discoverable in litigation.

In sum, it is very helpful to examine the EDRM model and carve out what technologies and policies will apply to each aspect of the continuum.  For the challenges addressed in this blog, backup tapes fall under information management as does an archive all the way to the left of the model.  Backup tapes need search and expiry in order to retain only what is necessary for legal hold and should be ingested into an archive;  then, the company’s disaster recovery policies should be enforced on a go-forward basis.  Similarly, the archive needs search and expiration according to document retention policies so it does not become overgrown. From left to right, the model logically walks through the lifecycle of data, and many of the responsibilities associated with the data can be automated.  This project will require commitment, resources and time, but in light of the fact that data is only growing, there aren’t any other options.

As 2011 comes quickly to a close we’ve attempted, as in years past, to do our best Carnac impersonation and divine the future of eDiscovery.  Some of these predictions may happen more quickly than others, but it’s our sense that all will come to pass in the near future – it’s just a matter of timing.

1. Technology Assisted Review (TAR) Gains Speed.  The area of Technology Assisted Review is very exciting since there are a host of emerging technologies that can help make the review process more efficient, ranging from email threading, concept search, clustering, predictive coding and the like.  There are two fundamental challenges however.  First, the technology doesn’t work in a vacuum, meaning that the workflows need to be properly designed and the users need to make accurate decisions because those judgment calls often are then magnified by the application.  Next, the defensibility of the given approach needs to be well vetted.  While it’s likely not necessary (or practical) to expect a judge to mandate the use of a specific technological approach, it is important for the applied technologies to be reasonable, transparent and auditable since the worst possible outcome would be to have a technology challenged and then find the producing party unable to adequately explain their methodology.
2. The Custodian-Based Collection Model Comes Under Stress. Ever since the days of Zubulake, litigants have focused on “key players” as a proxy for finding relevant information during the eDiscovery process.  Early on, this model worked particularly well in an email-centric environment.  But, as discovery from cloud sources, collaborative worksites (like SharePoint) and other unstructured data repositories continues to become increasingly mainstream, the custodian-oriented collection model will become rapidly outmoded because it will fail to take into account topically-oriented searches.  This trend will be further amplified by the bench’s increasing distrust of manual, custodian-based data collection practices and the presence of better automated search methods, which are particularly valuable for certain types of litigation (e.g., patent disputes, product liability cases).
3. The FRCP Amendment Debate Will Rage On – Unfortunately Without Much Near Term Progress. While it is clear that the eDiscovery preservation duty has become a more complex and risk laden process, it’s not clear that this “pain” is causally related to the FRCP.  In the notes from the Dallas mini-conference, a pending Sedona survey was quoted referencing the fact that preservation challenges were increasing dramatically.  Yet, there isn’t a consensus viewpoint regarding which changes, if any, would help improve the murky problem.  In the near term this means that organizations with significant preservation pains will need to better utilize the rules that are on the books and deploy enabling technologies where possible.
4. Data Hoarding Increasingly Goes Out of Fashion. The war cry of many IT professionals that “storage is cheap” is starting to fall on deaf ears.  Organizations are realizing that the cost of storing information is just the tip of the iceberg when it comes to the litigation risk of having terabytes (and conceivably petabytes) of unstructured, uncategorized and unmanaged electronically stored information (ESI).  This tsunami of information will increasingly become an information liability for organizations that have never deleted a byte of information.  In 2012, more corporations will see the need to clean out their digital houses and will realize that such cleansing (where permitted) is a best practice moving forward.  This applies with equal force to the US government, which has recently mandated such an effort at President Obama’s behest.
5. Information Governance Becomes a Viable Reality.  For several years there’s been an effort to combine the reactive (far right) side of the EDRM with the logically connected proactive (far left) side of the EDRM.  But now, a number of surveys have linked good information governance hygiene with better response times to eDiscovery requests and governmental inquires, as well as a corresponding lower chance of being sanctioned and the ability to turn over less responsive information.  In 2012, enterprises will realize that the litigation use case is just one way to leverage archival and eDiscovery tools, further accelerating adoption.
6. Backup Tapes Will Be Increasingly Seen as a Liability.  Using backup tapes for disaster recovery/business continuity purposes remains a viable business strategy, although backing up to tape will become less prevalent as cloud backup increases.  However, if tapes are kept around longer than necessary (days versus months) then they become a ticking time bomb when a litigation or inquiry event crops up.
7. International eDiscovery/eDisclosure Processes Will Continue to Mature. It’s easy to think of the US as dominating the eDiscovery landscape. While this is gospel for us here in the States, international markets are developing quickly and in many ways are ahead of the US, particularly with regulatory compliance-driven use cases, like the UK Bribery Act 2010.  This fact, coupled with the menagerie of international privacy laws, means we’ll be less Balkanized in our eDiscovery efforts moving forward since we do really need to be thinking and practicing globally.
8. Email Becomes “So 2009” As Social Media Gains Traction. While email has been the eDiscovery darling for the past decade, it’s getting a little long in the tooth.  In the next year, new types of ESI (social media, structured data, loose files, cloud context, mobile device messages, etc.) will cause headaches for a number of enterprises that have been overly email-centric.  Already in 2011, organizations are finding that other sources of ESI like documents/files and structured data are rivaling email in importance for eDiscovery requests, and this trend shows no signs of abating, particularly for regulated industries. This heterogeneous mix of ESI will certainly result in challenges for many companies, with some unlucky ones getting sanctioned because they ignored these emerging data types.
9. Cost Shifting Will Become More Prevalent – Impacting the “American Rule.” For ages, the American Rule held that producing parties had to pay for their production costs, with a few narrow exceptions.  Next year we’ll see even more courts award winning parties their eDiscovery costs under 28 U.S.C. §1920(4) and Rule 54(d)(1) FRCP. Courts are now beginning to consider the services of an eDiscovery vendor as “the 21st Century equivalent of making copies.”
10. Risk Assessment Becomes a Critical Component of eDiscovery. Managing risk is a foundational underpinning for litigators generally, but its role in eDiscovery has been a bit obscure.  Now, with the tremendous statistical insights that are made possible by enabling software technologies, it will become increasingly important for counsel to manage risk by deciding what types of error/precision rates are possible.  This risk analysis is particularly critical for conducting any variety of technology assisted review process since precision, recall and f-measure statistics all require a delicate balance of risk and reward.

In their latest survey, entitled “E-Discovery Market Trends: A View from the Legal Department,” Enterprise Strategy Group (ESG) analysts Brian Babineau and Katey Wood analyze a number of interesting statistics and provide a range of insightful conclusions.  By surveying general counsel from large, mid-market (500-999 employees) and enterprise-class organizations in North America they were able to dive into a range of eDiscovery topics, including pain points, operational expenses and prioritizations on a go-forward basis.  Some are more intuitive than others, but in either case the results serve as good calibration metrics for those who endeavor to understand the corporate eDiscovery state of the nation.

“Most corporations are not tracking e-discovery spending…” In what may be the most notable finding of this ESG report, 60% of survey respondents claim that they did not track annual eDiscovery spending in 2010.  The authors correctly note that the eDiscovery process, “which can be highly unpredictable due to its project-by-project nature to begin with, has historically been outsourced to service providers charging at variable rates and often billed back to companies via their law firms.”  Despite the significant challenges of tracking eDiscovery spending, it’s nevertheless irresponsible for organizations to keep their heads in the sand regarding such a significant operational expense.

As the old saw goes, “you can’t manage what you can’t measure,” so it’s almost inconceivable to think that so many organizations aren’t tracking such a significant expense category.  For organizations who want to create a repeatable business process, as opposed to the fire-drill chaos that is typically associated with eDiscovery, it’s vitally important to accurately capture core eDiscovery metrics.  For starters, it’s useful to understand basic collection parameters, such as of the typical numbers of key custodians, average data volumes per custodian, data expansion rates, de-duplication statistics, etc.  Once these metrics are in place, it then becomes possible to manage the process and reduce costs.

Katey went on to expound in an exclusive quote for EDD 2.0:

“E-discovery can be managed as a strategic business process with an understanding of costs, performance and outcomes. When there’s no basis for reporting or comparison, it’s pin the tail on the donkey.  Corporate litigants won’t ever know they’re getting their money’s worth if they don’t even know what they’re spending.”

“E-Discovery accuracy/efficiency isn’t being measured, in large part.” Similar to the failure to measure eDiscovery costs, a full two thirds of GCs (67%) aren’t tracking the “efficiency and/or accuracy of e-discovery document review.” Until corporate counsel can link expectations of competency/efficiency with oversight and performance metrics, outside law firms will likely avoid having their feet held to the fire.  This passive stance makes transparency and process improvement difficult at best.  Additionally, this model of having expectations for efficiency, with low or no accountability, doesn’t bode well for the quick adoption of enabling technologies like predictive coding, since the driver has to inherently be the need/desire for increased efficiency (which axiomatically equals lower law firm review bills).

“Corporate information governance and litigation readiness (especially defensible deletion) are a priority, but not yet a reality.” From an internal prioritization perspective, more than two thirds (69%) of respondents identified their desire to expire/delete data more consistently, “thereby limiting unnecessary data retention for future litigation requests.”  Savvy enterprises correctly recognized the “multi-prong threat of unregulated data retention: the large amounts of irrelevant data ultimately produced for legal review, the greater difficulty of hanging onto potentially litigious documents past their required retention periods.”

This finding is very encouraging, and it ties into the upward momentum the industry is seeing regarding information governance generally – particularly linking the reactive (right) side of the EDRM with the logically connected and proactive (left) side of the EDRM.  As a good first step it’s critical to see organizations now associating good information governance hygiene with lower costs and better eDiscovery response times.  The ESG finding also triangulates with results from the recent Information Retention and eDiscovery Survey, which found that companies having good information governance hygiene were often able to respond much faster and more successfully to an eDiscovery/investigation requests, often suffering fewer negative consequences.

The only downside to the positive information governance trend, as reported by the survey, was that,

“while there are great benefits to defensible deletion, internal initiatives for implementing it too often are stymied by difficulty in obtaining cross functional consensus and authorization, particularly as it touches so many other critical processes like regulatory compliance and legal hold.”

“Legal hold processes are still very manual.” Another similar question revealed that many companies are attempting to get their information governance house in order, but are still in the very early stages.  When asked about their  current legal hold notification and tracking process, a whopping 69% of organizations said that they are using a “manual process performed by internal staff using e-mail and spreadsheets, etc.”  And, another 6% said they either had no formal process or tracking mechanism.

Given the risks attendant to flaws in the preservation process this area is ripe for improvement.  The good news is that 54% of survey respondents are intending to improve their legal hold process, with 25% planning improvement within the next 12 months.  This is a healthy acknowledgement that there is risk, and with a modicum of investment (time, personnel, procedures, and technology) the legal hold area can be brought up to current best practices.

The ESG survey is a welcome temperature gauge into the state of corporate legal departments.  It notes, in conclusion, “with the staggering growth, diversity and dispersion of data, the pain e-discovery is currently causing large and serial litigants are only a symptom of the larger problem of unwieldy and under-developed information management affecting all businesses.”  With data insights from the ESG survey, it’s becoming clear that foundational information governance elements (like deploying auditable legal hold procedures, tracking eDiscovery spending, updating data maps, etc.) are desperately needed by the many organizations that want to turn eDiscovery into a repeatable business process.  The good news is that many of these organization have improvements in mind for the next 12 months, and the challenge will be to make sure these proactive projects maintain the same level of organizational urgency that it often present for more reactive tasks.

The legal battles during the discovery phase of the Oracle v. Google Java licensing and patent infringement complaint are now well documented. Just search for “Lindholm email” and you’ll find pages and pages of opinions and blog posts on the case. Why so much fuss over a piece of email? Well, as Judge Alsup aptly describes, this is the type of smoking gun email that has the potential to “turn the case on its head.”  More importantly, this inadvertent email never needed to happen, if the parties had better leveraged existing eDiscovery technologies.

The eDiscovery battle over admissibility of this email, as well as whether it can be a public record, is natural and to be expected, especially in such a high profile dispute. Google has already made five attempts to either claw back these documents or protect them under seal. Besides the question of whether privilege waiver is in fact granted simply by adding an “Attorney Work Product” annotation to email, which Judge Alsup has eloquently addressed in the filing here, there is another interesting question to be considered. In addition to the two email copies that had the above designation, there were nine other sequential drafts, created within a five minute period. These drafts were generated by the “auto save” capability of the email software, possibly as a way to prevent the author of the email from losing partial work. Don’t we all love that feature, since despite all the technological advances computers crash, networks fail, and software freezes, and in those times we’re thankful that our work was indeed automatically saved? However, if these are indeed present, are these drafts discoverable, especially if they have not been shared with anyone?

Although in this instance the intent of these drafts is made evident by the final email, which included the recipients, none of the nine drafts of the email have a TO:, CC: or BCC: address field filled in. So technically, the drafts in their “pre-final” form were never communicated to anyone else. If so, should they even be considered electronically stored information (ESI) that needs to be produced? Let’s say that these emails were never sent and merely existed as drafts, perhaps capturing a person’s train of thought. Are they discoverable?

Of course, determining whether such partial and non-evidentiary ESI exists among your millions and millions of documents to be examined for production becomes increasingly the purview of powerful search and analysis software. In this instance, Google and their legal team would have been well-served by email analytical software that can isolate drafts and offer them for removal from production. Also, using a capability such as Near Duplicate Identification would have identified these drafts as similar to the final ones that were marked as privileged. After all, if the legal team had known of their existence prior to production, they would not have been surprised by the opposing team producing them as key documents.

I invite your comments, especially on the notion that partially completed drafts are admissible as evidence.

In the first settlement of its kind, FINRA settled with the SEC on October 27, 2011 due to allegations over a 2008 incident where a regional Kansas City office of FINRA doctored documents.  The alleged doctored documents were from three internal staff meetings, where information was either edited or deleted and then provided to the SEC with the “inaccurate and incomplete” changes. Mary Shapiro, currently the Chairman of the SEC, is in an interesting spot as she was Chief Executive of FINRA at the time of the alleged wrongdoing.  She apparently had no direct involvement with the decision to take action against FINRA.

The motives for doctoring the documents are unclear, and so is whether or not the alterations of the documents led to any material damage other than FINRA’s diminished credibility.  Ironically, the SEC has had its own struggles in recent months with a slew of articles published in various newspapers highlighting their own challenges with document retention and the improper destruction of documents. Both of these scenarios have been called to light by whistleblowers within their respective agencies.

These antics certainly pose the question: Is it a good use of taxpayer money to have regulatory agencies fighting each other over document retention and record keeping practices? The answer is probably no. But the first question begs the second: If they don’t do it, who will?  While information management is not the sexiest part of the SEC and FINRA’s responsibilities, it certainly is an important one and the foundation of their information intelligence.  Without proper document retention and information governance, the probability of connecting the dots to discover insider trading or other malfeasance is low.  Moreover, in order for agencies to retain credibility they need to be able to locate documents with ease and speed and those documents must be truthful and accurate.

Because FINRA is a self-regulatory firm for securities and is overseen by the SEC, it seems appropriate that they investigate matters like the one at hand.  According to the SEC, the 2008 incident is the third instance in the past eight years where an employee of FINRA, or its predecessor, the National Association of Security Dealers, has provided altered or misleading documents to the SEC.  It remains to be seen if this is intentional on the part of FINRA to conceal undesirable facts or to promote an item on their agenda, or if in fact they are simply negligent with regard to their record keeping policies.  Either way, it is a problem for the SEC and the government in general as it undermines agency credibility and compromises the ability to intelligently leverage information.   This settlement also does no favors for FINRA at a time when they aim to expand their 4,600 base of supervisory authority to include 10,000 more investment advisory firms.

So, what can be done about this behavior and the risks it poses? Corporations and governments are facing the same issues that information governance poses due to the data explosion and the growing complexity of data sources today.  At a minimum, there needs to be a policy in place that governs how data, regardless of form, is handled and disposed of in the information lifecycle.  It also makes sense to form an audit committee within the government that can inspect and assess the information management practices of each agency, as well as serve as a  third party mediator between agencies when these challenges arise.  This is a good idea for two reasons.  One, agencies can focus on their responsibilities instead of getting sidetracked with issues they are not expert in, like document retention or record management.  Next, this problem has reached a point that it’s necessary to appoint an independent group to audit the government due to the data explosion and pace of technology today.  We have the SEC and FINRA to watch the financial industry and provide us with assurance that business is being conducted in a lawful manner.  We don’t need the SEC or FINRA to take up document retention as another responsibility, as there are other professionals that can do that more effectively and independently.

While expansion of government is not the goal of forming yet another committee, this committee could potentially free up agencies to do more of the work they are charged with.  This would also promote standardization across agencies and regulatory bodies, which would be a giant step in the right direction as data volumes grow.  The actions that resulted in this settlement were remedial in nature.  FINRA took decisive action to air a podcast about document integrity and scheduled an agency-wide town hall meeting addressing the same for all current and new employees.  They also hired an independent outside consultant to provide additional staff training on document retention and integrity.  This will be a continual educational process for the private and public sector, and employee training and auditing the process will be the lynchpins for success.  The element of deflection is also at work here, as the SEC is not a model example of best practices for document retention and the moment.

The SEC is working through allegations of document destruction, FINRA is accused of document doctoring, but all these assertions circle back to the central theme of having a document retention policy and compliance with that policy.  This naturally leads to the need for education and training, and the ultimate auditing of the process for compliance.  In this rare case of watchdog bites watchdog, three points become clear: 1) The SEC has a higher and best use other than policing these issues; 2) information management has reached a point that it requires a separate and independent body to monitor and regulate allegations of misconduct; and 3) sometimes it takes a dog biting a dog to truly illustrate the magnitude of a problem.

Fulbright & Jaworski has conducted their Litigation Trends survey for nearly the past decade and the results are always interesting since they tend to capture the mindset of inside counsel and litigators as they anticipate the upcoming year.  In their 8th Annual Litigation Trends Survey, Fulbright noted that 92% of U.S. respondents predict that litigation will either increase or stay the same in the upcoming year.  This trend bodes well for players in the litigation services and eDiscovery sectors, and confirms the counter cyclical nature of the industry.  Breaking down the perceived increases across industry verticals, the Survey noted that the biggest anticipated jumps were in the technology, financial services, healthcare and insurance sectors.  Meanwhile energy (the leading sector from the prior year) was one of the few that predicted a decrease.

Going behind the scenes, there were a number of factors that caused respondents to predict litigation increases.  First and foremost, respondents indicated that “stricter regulation was the number one reason” for the increases, particularly with insurance, financial services, health care and retail sectors.  These concerns around regulatory compliance have been increasingly keeping GCs and corporate boards awake as the governance climate continues to heat up.  This regulation driver showed a demonstrable increase with 46% of all respondents having retained outside counsel to assist with regulatory proceedings, up from 37% in the prior year.  The Survey noted that U.S. companies facing a regulatory investigation were most likely to be under pressure from the DOJ (27%), State Attorney General (24%), OSHA (18%), the EPA (16%) and U.S. Attorney (13%).  Also on the regulatory front, U.S. respondents have increasingly begun to recognize the potential jurisdictional reach of the U.K. Bribery Act, with 25% of U.S. companies stating that they have already conducted a review of existing procedures in preparation for implementation.

In addition to managing risk, most in-house counsel are keenly concerned with controlling litigation costs.  The good news here is that associated costs are predicted to be generally flat.  Yet, eDiscovery remained the largest category targeted for increased spending, with 18% of respondents making this their top priority.  Interestingly, though, large enterprises seem to have been doing a good job of getting eDiscovery expenses under control (likely by taking expensive elements of the EDRM in-house), with these expenses declining among the largest companies, from 42% last year to 24% this year.

The Survey noted that the use of cloud computing has gained speed, with 34% of all public companies using the cloud.  And yet, only 40% of those companies using cloud computing have had “to preserve and/or collect data from the cloud in connection with actual or threatened litigation, disputes or investigations.”  This number appears curiously light, and it should definitely rise during the upcoming year as the plaintiff’s bar gets more savvy about this relatively new source of responsive electronically stored information (ESI).

On the narrower eDiscovery front, the Survey honed in on newer issues like cooperation.  Here, the Survey noted that this Sedona-sponsored concept still hasn’t completely taken hold, with nearly 40% of all respondents claiming that “their company has not made the effort to be more transparent or cooperative” due to a litigation strategy of “defending on all fronts.”  This area appears particularly muddled, with one third saying their previous attempts haven’t been reciprocated and another quarter feeling that their company was already transparent.

All in all,  the 2011 Fulbright Litigation Trends Survey notes trends that appear to be largely in line with the primary drivers of (1) managing risk and (2) lowering litigation costs.  On the risk side, compliance with an increasingly complex regulatory environment is offsetting any potential lull in the litigation environment.  And, on the cost side, eDiscovery continues to be a hot button issue, particularly with the relatively new challenges associated with ESI distributed on social media, cloud computing and mobile sources.

Google has publicly released the number of U.S. Government requests it had for email productions in the six months preceding December 31, 2009.  They have had to comply with 94% of these 4,601 requests.  Granted, many of these requests were search warrants or subpoenas, but many were not.  Now take 4,601 and multiply it by at least 3 for other social media sources for Facebook, LinkedIn, and Twitter.  The number is big – and so is the concern over how this information is being obtained.

What has becoming increasingly common (and alarming at the same time) is the way this electronically stored information (ESI) is being obtained from third party service providers by the U.S. Government. Some of these requests were actually secret court orders; it is unclear how many of the matters were criminal or civil.  Many of these service providers (Sonic, Google, Microsoft, etc.) are challenging these requests and most often losing. They are losing on two fronts:  1) they are not allowed to inform the data owner about the requests, nor the subsequent production of the emails, and 2) they are forced to actually produce the information.  For example, the U.S. Government obtained one of these secret orders to get WikiLeaks volunteer Jacob Applebaum’s email contact list of the people he has corresponded with over the past two years.  Both Google and Sonic.net were ordered to turn over information and Sonic challenged  the order and lost.  This has forced technology companies to band together to lobby Congress to require search warrants in digital investigations.

There are three primary laws operating at this pivotal intersection that affect the discovery of ESI that resides with third party service providers, and these laws are in a car wreck with no ambulance in sight.  First, there is the antiquated Federal Law, the Electronic Communications Privacy Act of 1986, over which there is much debate at present.  To put the datedness of the ECPA in perspective, it was written before the internet.  This law is the basis that allows the government to secretly obtain information from email and cell phones without a search warrant. Not having a search warrant is in direct conflict with the U.S. Constitution’s 4th Amendment protection against unreasonable searches and seizures.  In the secret order scenario, the creator of data is denied their right to know about the search and seizure (as they would if their homes were being searched, for example) as it is transpiring with the third party.

Where a secret order has been issued and emails have been obtained from a third party service provider, we see the courts treating email much differently than traditional mail and telephone lines.  However, the intent of the law was to give electronic communications the same protections that mail and phone calls have enjoyed for some time. Understandably, the law did not anticipate the advent of the technology we have today.  This is the first collision, and the reason the wheels have gone off the car, since the standard under the ECPA sets a lower bar for email than that of the former two modes of communication.  The government must only show “reasonable grounds” that the records would be “relevant and material” to an investigation, criminal or civil, compared to the other higher standard.

The third law in this collision is the Freedom of Information Act (FOIA).  While certain exceptions and allowances are made for national security and in criminal investigations, these secret orders are not able to be seen by the person whose information has been requested.  Additionally, the public wants to see these requests and these orders, especially if they have no chance of fighting them.  What remains to be seen is what our rights are under FOIA to see these orders, either as a party or a non-related individual to the investigation as a matter of public record.  U.S. Senator Patrick Leahy, (D-VT), the author of the ECPA, acknowledged in no uncertain terms that the law is “significantly outdated and outpaced by rapid changes in technology.”   He has since introduced a bill with many changes that third party service providers have lobbied for to bring the ECPA up to date. The irony of this situation is that the law was intended to provide the same protections for all modes of communication, but in fact makes it easier for the government to request information without the author even knowing.

This is one of the most important issues now facing individuals and the government in the discovery of ESI during investigations and litigation.  A third party service provider of cloud offerings is really no different than a utility company, and the same paradigm can exist as it does with the U.S. Postal Service and the telephone companies when looking to discover this information under the Fourth Amendment, where a warrant is required. The law looks to be changing to reflect this and FOIA should allow the public to access these orders.  Amendments to the Act have been introduced by Senator Leahy, and we can look forward to the common sense changes he proposes that are necessary.  The American people don’t like secrets. Lawyers, get ready to embrace the revisions into your practice by reading up on the changes as they will impact your practices significantly in the near future.

The data explosion that has burdened organizations across the globe for the past decade has become increasingly expensive to manage.  Many experts point to storage as the most obvious culprit for higher information governance costs.  There are, however, other factors driving those costs.  For example, demands for electronically stored information in legal and regulatory proceedings have significantly increased expenses surrounding data management.  Those demands have forced organizations to meet the high expectations that courts and regulatory bodies have for how they address their information or face the consequences.

Those consequences include sanctions and regulatory fines for groups that fail to account for how they store, manage and discover their information.  The $919 million verdict rendered in the E.I. du Pont de Nemours v. Kolon Industries case is paradigmatic of this trend.  That verdict was inextricably intertwined with the court’s instruction to the jury that executives and employees for defendant Kolon Industries deleted key evidence after the company’s preservation duty was triggered.

Going to Cloud Services for Data Archiving and eDiscovery

These rising data costs – and the risks they pose – are driving organizations to explore new technologies and methods for managing their data.  The latest alternative to traditional on-premise solutions involves leveraging cloud-based services.

The hype surrounding the cloud has generally focused on the opportunity for cheap and unlimited storage.  While cost effective data storage is important, that factor alone should not be determinative for selecting a cloud service provider.  Organizations must have the actual – not theoretical – ability to retrieve their data and do so in real time.  Otherwise, they may not be able to satisfy legal or regulatory requests, let alone the day-to-day demands of their operations.

In an analogous context, courts have traditionally compelled paper document productions even though the requested materials may be buried in a messy warehouse.  In one such case from this year, a U.S. district court in New York ordered a company to turn over decades-old records that were commingled with other materials in poorly labeled, shrink-wrapped boxes.  The court reasoned that disorganized record-keeping should not excuse an organization from producing relevant information.  See Brooks v. Macy’s (S.D.N.Y. May 6, 2011).

The rationale from the Brooks case is equally applicable to cloud-based services.  Cloud-based data must be intelligently organized so that companies can retrieve data in a timely fashion for business and legal purposes.  Otherwise, the savings achieved through cheap storage will be negated by the resulting legal quagmire.

Paring Back Superfluous and Duplicative Information

To facilitate the data retrieval process, the right cloud service provider should have the capacity to implement and observe applicable company retention policies.  An effective retention policy will generally help a company retain information that must be kept for business, legal or regulatory purposes – and nothing else.  The service provider should enable automated retention rules to ensure that information is kept only for a designated time period.  This will allow data to be expired once it reaches the end of that period.  And by expiring that data, the company will limit the amount of potentially relevant information available for follow-on litigation.

The pool of information can also be decreased through single instance storage.  This deduplication technology eliminates redundant data by preserving only a master copy of each document placed into the cloud.  This will reduce the amount of data that needs to be identified, collected and reviewed as part of the electronic discovery process.  For while unlimited data storage may seem ideal now, reviewing unlimited amounts of data will quickly become a logistical and costly nightmare.

Tools to Facilitate Discovery

A cloud service provider should ideally have eDiscovery functionality.  At a minimum, the service provider should be able to deploy legal holds to prevent users or automated policies from overwriting and destroying data.  Advanced search capabilities should also be included within the cloud-based service to reduce the amount of data that must be analyzed and then reviewed.  Moreover, the provider should support compatible load formats for export to third party review software.

Another key discovery issue is whether the cloud service provider can establish a clear audit trail for transmissions of company data.  Since information could be modified in transit by the routine operation of a service provider’s computer systems, an audit trail is necessary to prove that company documents and their metadata were not affected or otherwise compromised during transmission.  Without this assurance, a company may not be able to demonstrate the authenticity of its data before a tribunal or comply with key regulations.

A cloud server provider that can quickly retrieve and efficiently discover data has the potential to help organizations address their legal and regulatory demands in a cost effective manner.  Such a provider may be just the solution for organizations that are looking to properly address their runaway information governance costs.