e-discovery 2.0

It’s already a few weeks into the new year and it’s easy to spot the big lines at the gym, folks working on fad diets and many swearing off any number of vices.  Sadly perhaps, most popular resolutions don’t even really change year after year.  In the corporate world, though, it’s not good enough to simply recycle resolutions every year since there’s a lot more at stake, often with employee’s bonuses and jobs hanging in the balance.

It’s not too late to make information governance part of the corporate 2012 resolution list.  The reason is pretty simple – most companies need to get out of the reactive firefighting of eDiscovery given the risks of sloppy work, inadvertent productions and looming sanctions.  Yet, so many are caught up in the fog of eDiscovery war that they’ve failed to see the nexus between the upstream, proactive good data management hygiene and the downstream eDiscovery chaos.

In many cases the root cause is the disconnect between differing functional groups (Legal, IT, Information Security, Records Management, etc.).  This is where the emerging umbrella concept of Information Governance comes to play, serving as a way to tackle these information risks along a unified front. Gartner defines information governanceas the:

“specification of decision rights, and an accountability framework to encourage desirable behavior in the valuation, creation, storage, use, archiving and deletion of information, … [including] the processes, roles, standards, and metrics that ensure the effective and efficient use of information to enable an organization to achieve its goals.”

Perhaps more simply put, what were once a number of distinct disciplines—records management, data privacy, information security and eDiscovery—are rapidly coming together in ways that are important to those concerned with mitigating and managing information risk. This new information governance landscape is comprised of a number of formerly discrete categories:

• Regulatory Risks – Whether an organization is in a heavily regulated vertical or not, there are a host of regulations that an organization must navigate to successfully stay in compliance.  In the United States these include a range of disparate regimes, including the Sarbanes-Oxley Act, HIPPA, the Securities and Exchange Act, the Foreign Corrupt Practices Act (FCPA) and other specialized regulations – any number of which require information to be kept in a prescribed fashion, for specified periods of time.  Failure to turn over information when requested by regulators can have dramatic financial consequences, as well as negative impacts to an organization’s reputation.

• Discovery Risks – Under the discovery realm there are any number of potential risks as a company moves along the EDRM spectrum (i.e., Identification, Preservation, Collection, Processing, Analysis, Review and Production), but the most lethal risk is typically associated with spoliation sanctions that arise from the failure to adequately preserve electronically stored information (ESI).  There have been literally hundreds of cases where both plaintiffs and defendants have been caught in the judicial crosshairs, resulting in penalties ranging from outright case dismissal to monetary sanctions in the millions of dollars, simply for failing to preserve data properly.  It is in this discovery arena that the failure to dispose of corporate information, where possible, rears its ugly head since the eDiscovery burden is commensurate with the amount of data that needs to be preserved, processed and reviewed.  Some statistics show that it can cost as much as $5 per document just to have an attorney privilege review performed.  And, with every gigabyte containing upwards of 75,000 pages, it is easy to see massive discovery liability when an organization has terabytes and even petabytes of extraneous data lying around.

• Privacy Risks – Even though the US has a relatively lax information privacy climate there are any number of laws that require companies to notify customers if their personally identifiable information (PII) such as credit card, social security, or credit numbers have been compromised.  For example, California’s data breach notification law (SB1386) mandates that all subject companies must provide notification if there is a security breach to the electronic database containing PII of any California resident.  It is easy to see how unmanaged PII can increase corporate risk, especially as data moves beyond US borders to the international stage where privacy regimes are much more staunch.

• Information Security Risks – Data breaches have become so commonplace that the loss/theft of intellectual property has become an issue for every company, small and large, both domestically and internationally.  The cost to businesses of unintentionally exposing corporate information climbed 7 percent last year to over $7 million per incident.  Recently senators asked the SEC to “issue guidance regarding disclosure of information security risk, including material network breaches” since “securities law obligates the disclosure of any material network breach, including breaches involving sensitive corporate information that could be used by an adversary to gain competitive advantage in the marketplace, affect corporate earnings, and potentially reduce market share.”  The senators cited a 2009 survey that concluded that 38% of Fortune 500 companies made a “significant oversight” by not mentioning data security exposures in their public filings.

Information governance as an umbrella concept helps organizations to create better alignment between functional groups as they attempt to solve these complex and interrelated data risk challenges.  This coordination is even more critical given the way that corporate data is proliferating and migrating beyond the firewall.  With even more data located in the cloud and on mobile devices a key mandate is managing data in all types of form factors. A great first step is to determine ownership of a consolidated information governance approach where the owner can:

• Get C-Level buy-in
• Have the organizational savvy to obtain budget
• Be able to define “reasonable” information governance efforts, which requires both legal and IT input
• Have strong leadership and consensus building skills, because all stakeholders need to be on the same page
• Understand the nuances of their business, since an overly rigid process will cause employees to work around the policies and procedures

Next, tap into and then leverage IT or information security budgets for archiving, compliance and storage.  In most progressive organizations there are likely ongoing projects that can be successfully massaged into a larger information governance play.  A great place to focus on initially is information archiving, since this one of the simplest steps an organization can take to improve their information governance hygiene.  With an archive organizations can systematically index, classify and retain information and thus establish a proactive approach to data management.  It’s this ability to apply retention and (most importantly) expiration policies that allows organizations to start reducing the upstream data deluge that will inevitably impact downstream eDiscovery processes.

Once an archive is in place, the next logical step is to couple a scalable, reactive eDiscovery process with the upstream data sources, which will axiomatically include email, but increasingly should encompass cloud content, social media, unstructured data, etc.  It is important to make sure  that a given  archive has been tested to ensure compatibility with the chosen eDiscovery application to guarantee that it can collect content at scale in the same manner used to collect from other data sources.  Overlaying both of these foundational pieces should be the ability to place content on legal hold, whether that content exists in the archive or not.

As we enter 2012, there is no doubt that information governance should be an element in building an enterprise’s information architecture.  And, different from fleeting weight loss resolutions, savvy organizations should vow to get ahead of the burgeoning categories of information risk by fully embracing their commitment to integrated information governance.  And yet, this resolution doesn’t need to encompass every possible element of information governance.  Instead, it’s best to put foundational pieces into place and then build the rest of the infrastructure in methodical and modular fashion.

Symantec today issued the findings of its second annual Information Retention and eDiscovery Survey, which examined how enterprises are coping with the tsunami of electronically stored information (ESI) that we see expanding by the minute.  Perhaps counter intuitively, the survey of legal and IT personnel at 2,000 enterprises found that email is no longer the primary source of ESI companies produced in response to eDiscovery requests.  In fact, email came in third place (58%) to files/documents (67%) and database/application data (61%).  Marking a departure from the landscape as recently as a few years ago, the survey reveals that email does not axiomatically equal eDiscovery any longer.

Some may react incredulously to these results. For instance, noted eDiscovery expert Ralph Losey continues to stress the paramount importance of email: “In the world of employment litigation it is all about email and attachments and other informal communications. That is not to say databases aren’t also sometimes important. They can be, especially in class actions. But, the focus of eDiscovery remains squarely on email.”   While it’s hard to argue with Ralph, the real takeaway should be less about the relative descent of email’s importance, and more about the ascendency of other data types (including social media), which now have an unquestioned seat at the table.

The primary ramification is that organizations need to prepare for eDiscovery and governmental inquires by casting a wider ESI net, including social media, cloud data, instant messaging and structured data systems.  Forward-thinking companies should map out where all ESI resides company-wide so that these important sources do not go unrecognized.  Once these sources of potentially responsive ESI are accounted for, the right eDiscovery tools need to be deployed so that these disparate types of ESI can be defensibly collected and processed for review in a singular, efficient and auditable environment.

The survey also found that companies which employ best practices such as implementing information retention plans, automating the enforcement of legal holds and leveraging archiving tools instead of relying on backups, fare dramatically better when it comes to responding to eDiscovery requests. Companies in the survey with good information governance hygiene were:

• 81% more likely to have a formal retention plan in place
• 63% more likely to automate legal holds
• 50% more likely to use a formal archiving tool

These top-tier companies in the survey were able to respond much faster and more successfully to an eDiscovery request, often suffering fewer negative consequences:

• 78% less likely to be sanctioned
• 47% less likely to lead to a compromised legal position
• 45% less likely to disclose too much information

This last bullet (disclosing too much information) has a number of negative ramifications beyond just giving the opposition more ammo than is strictly necessary.  Since much of the eDiscovery process is volume-based, particularly the eyes-on review component, every extra gigabyte of produced information costs the organization in both seen and unseen ways.  Some have estimated that it costs between $3-5 a document for manual attorney review – and at 50,000 pages to a gigabyte, these data-related expenses can really add up quickly.

On the other side of the coin, there were those companies with bad information governance hygiene.  While this isn’t terribly surprising, it is shocking to see how many entities fail to connect the dots between information governance and risk reduction.  Despite the numerous risks, the survey found nearly half of the respondents did not have an information retention plan in place, and of this group, only 30% were discussing how to do so.  Most shockingly, 14% appear to be ostriches with their heads in the sand and have no plans to implement any retention plan whatsoever.  When asked why folks weren’t taking action, respondents indicated lack of need (41%), too costly (38%), nobody has been chartered with that responsibility (27%), don’t have time (26%) and lack of expertise (21%) as top reasons.  While I get the cost issue, particularly in these tough economic times, it’s bewildering to think that so many companies feel immune from the requirements of having even a basic retention plan.

As the saying goes, “You don’t need to be a weatherman to tell which way the wind blows.”  And, the winds of change are upon us.  Treating eDiscovery as a repeatable business process isn’t a Herculean task, but it is one that cannot be accomplished without good information governance hygiene and the profound recognition that email isn’t the only game in town.

For more information regarding good records management hygiene, check out this informative video blog and Contoural article.

Many organizations involved in litigation, investigations, or audits struggle to meet deadlines for collecting and producing electronically stored information (ESI) from employees without breaking the budget.  The biggest challenges are typically faced by large organizations with multiple offices and large numbers of employees.  However, even smaller organizations with few offices face challenges if they have remote employees or employees who travel frequently, aka road warriors.  In this first of a two-part series, I’ll discuss when and why organizations should choose a manual collection process.  Part two will discuss the advantages and disadvantages of two automated data collection approaches.

In each situation, the organization is faced with a request for ESI and some portion of the potentially relevant ESI is located in remote offices or on laptops used by road warriors.  Preserving and collecting ESI across multiple systems such as email and file servers, archival systems, Microsoft SharePoint, and personal computers can be challenging whether these systems are located centrally or in the cloud.  Common challenges include:

• Pressing deadlines
• Risk of data loss or deletion
• Failure to produce responsive data without legal justification
• Lack of information technology (IT) department resources
• Miscommunication between the IT and legal departments

These challenges are compounded for organizations with remote offices or road warriors because more coordination and effort is inevitably required, thereby increasing expenses and the risk of failure.   The key to success is determining which data collection approach is best for your organization.  First, let’s discuss the traditional manual approach.

The Traditional Manual Approach

There are two different manual data collection approaches that organizations utilize with varying degrees of success.  Employee self-collection and IT assisted collection.

Employee Self-Collection

The various data collection approaches often begin as part of an investigation, litigation, or audit that requires the identification of employees likely to have data relevant to a particular matter.   Those employees, or data custodians as they’re called, are asked to forward or copy any relevant ESI they possess to a centralized location or storage device where the data is stored for later analysis and review by the legal team.  One problem with this approach is that copying files could result in metadata information such as document dates being altered.  Another problem with this approach is that custodian’s memories fade over time and they may forget to produce relevant ESI.  Even worse, a custodian with a personal stake in the investigation may intentionally delete the very files being requested in an effort to thwart the investigation.  These scenarios could result in the organization facing sanctions or penalties, making employee self-collection a potentially risky and costly approach in almost any situation involving multiple custodians, offices, or large amounts of data.

IT Assisted Collections

The IT assisted collection approach is another manual approach that eliminates some of the risks associated with the employee self-collection method, but this approach often presents different challenges and often leads to “over collection” of ESI.  Typically one or more employees in the IT or IT Security Department are instructed to collect data from employees believed to have information relevant to a particular case.  To avoid overlooking or losing data, the IT resources collect data from numerous locations using computers loaded with specialized collection software.   Data to be collected from each relevant employee often resides on numerous devices including laptops, desktops, file servers, email servers, and other sources.   Once all the data for each custodian is collected from each data source, the data is copied and consolidated to a removable hard drive or drives where it awaits future processing, analysis, and review by the legal department.   Unfortunately for the IT department, this entire process is repeated for every new case and often results in a significant loss of productivity.

IT assisted collections were once the norm because this process was thought to represent the most efficient and effective way to avoid the risk of sanctions posed by the employee self-collection approach.   However, this approach is quickly falling out of vogue for two reasons:

First, IT assisted collections can increase the time, cost, and risk associated with data collection because the use of different technology tools can be challenging.   Organizations applying the IT assisted collection approach typically rely on off-the-shelf software such as Guidance Encase, Robocopy, ExMerge, Access Data’s Forensic Toolkit (FTK) or other tools to collect data from each relevant custodian. Frequently, different tools are utilized to collect data from different data sources.  For example, it is not uncommon for the IT department to use ExMerge to collect from Microsoft Exchange, Robocopy to collect from file servers, Encase to collect from laptops and desktops, and even other proprietary tools to collect data found in commonly used archives.  In addition to being time consuming, utilizing multiple tools to collect and consolidate data results in licensing, training, and maintenance costs for each product and the risk of data loss or alteration is heightened since data collected from multiple tools must eventually be exported and consolidated for further processing, analysis, and review.  Lastly, using multiple IT staff with varying levels of expertise to collect data arguably increases the risk of metadata being altered and complicates the ability to maintain accurate chain of custody logs.  In practice, many organizations using multiple collection tools spend countless hours trying to manually maintain chain of custody reports using Excel spreadsheets while other organizations simply neglect or ignore chain of custody requirements.  Each of these situations virtually invites evidentiary attacks by savvy opponents.

The second reason IT assisted collections are falling into disfavor is because the approach often results in the over collection of data.  To avoid the risk of sanctions or penalties resulting from data loss or deletion, sometimes entire laptop and desktop hard drives are copied or “imaged” (frequently called a “forensic image”).  Similarly, IT resources are often incentivized to “copy everything” simply to avoid being forced to revisit data sources from which data has already been partially collected in response to a new request for information.

The IT assisted approach of forensically imaging drives can be effective in limited situations including criminal investigations and intellectual property theft cases since these matters sometimes require the recovery and analysis of deleted files, internet browsing history, and other non-user generated files for a discreet number of custodians.  However, since most large matters do not require this degree of data recovery for most data sources, unnecessarily collecting data by making forensic images often results in a significant waste of time and money.

Which Approach is Right for Your Organization?

The risks and expenses associated with both manual approaches described above are often so high that organizations sometimes decide it is economically more efficient to settle lawsuits even when the lawsuit lacks merit.  This untenable position has led many organizations to seek more efficient and repeatable methods to manage data collection that are automated.  These automated approaches will be explored in my next post.

If you’re anything like Dr. Evil, Tears for Fears, or Napoleon, ruling the world is at or near the top of your to-do list, and part of ruling the world is having as omniscient a knowledge as possible of what’s going on, in order to better control it. Ruling the world has also long been the dream of many software vendors, who want to own and understand all the information in an enterprise in order to, um, provide maximum value to their customers… oh, and also to lock them in to a single underlying platform that allows them to control as much of the organization’s information management decisions as possible.

In some cases, these dual interests are aligned. However, in e-discovery, it’s not so clear. Over the last couple of years, many vendors have pushed a notion of “index everything” or so-called “proactive” e-discovery, in which you have instant access to all the information in your enterprise, in real-time, from which to drive your e-discovery process. But is this feasible? Or even desirable?

The Myth of the Silver Bullet

It can be tempting for IT to turn to an enterprise search solution that can index all data sources – laptops, desktops, file servers, SharePoint servers, databases, email archives, content management systems – and enable e-discovery across the entire enterprise in an instant. The reality is that while such a solution may work for enterprise search in small and medium-sized companies with a finite scope of data, the level of complexity in scale and defensibility of operations makes this simply not an achievable approach for e-discovery at most large enterprises. As Anne Kershaw and Joe Howie of the Electronic Discovery Institute noted in their just-published Judges’ Guide to Cost-Effective E-Discovery:

“There is no single silver bullet that solves all problems associated with escalating discovery costs and delays. As noted above, the single most effective cost reduction method is the focused collection of records most likely to contain relevant information. Some argue that e‐discovery is best accomplished by taking large amounts of data from clients and then applying keyword or other searches or filters. While, in some rare cases, this method might be the only option, it is also apt to be the most expensive. In fact, keyword searching against large volumes of data to find relevant information is a challenging, costly, and imperfect process. A much better approach is to ask key client contacts to help you locate core relevant information and then, by reading that information, determine other sources of relevant information.”

What are the specific reasons why a targeted collection approach is superior? From our conversations with clients as we have been developing our solution to this problem over the last couple of years, three major drawbacks to the index-everything approach stand out.

1. Impact to Existing IT Environment

While the collect-and-preserve approach employed by Clearwell is widely accepted for e-discovery, index-everything and preserve-in-place solutions have recently emerged, originating from other enterprise applications such as knowledge management and enterprise search. These approaches from other domains have significant disadvantages when applied to e-discovery, including impact to existing IT infrastructure and processes that result in increased cost and complexity. For instance, the scope of e-discovery can exceed the amount of information being indexed by knowledge management or enterprise search applications. According to Forrester, the majority of enterprise search implementations range in size from the hundreds of thousands to tens of millions of records, not billions of documents that are potentially discoverable during litigation. Consequently, index-everything solutions must index a much larger volume of data across a broader range of applications and data stores than would typically be necessarily for enterprise search.

Indexing such a large amount of data has implications for the entire IT environment. These solutions either crawl data repositories over the network or employ agents on local desktops and laptops to find new and modified files. IT organizations using these solutions report experiencing disruptions including:

• Requiring read access and permissions to numerous line-of-business applications and storage systems where data resides

• Significant increases to disk I/O for enterprise applications, network file shares, and client machines

• Increased network consumption as large amounts of data are read over the network

• Increased consumption of local hard drive space on employee desktops and laptops for search indexes and redundant copies of preserved files

• Scheduling resource-intensive indexing tasks during off-peak hours, impacting the ability of IT departments to complete backups during shrinking backup windows

Taken together, these issues add cost and complexity to the deployment of index-everything and preserve-in-place solutions. This often results in organizations not fully deploying the solution after purchasing licenses and spending months or years trying to integrate with their existing systems.

2. Risk of Missing Critical Data

Another key concern of organizations seeking to meet e-discovery requests is the ability to find all relevant files and documents for a case. Missing even a few important documents may result in multimillion dollar fines and sanctions. UBS and Morgan Stanley each paid $29.2 million and $12.5 million, respectively, for losing key files during litigation. It is therefore critically important that e-discovery solutions have the ability to not only index and search common file types, but also a range of less common but equally important files such as those within nested container files, encrypted files, and TIFF images containing text. Solutions that originate from applications outside the e-discovery domain often skip these files because 100% accuracy is not required for other applications such as enterprise search. Across organizations with billions of documents, there may be hundreds of thousands of potentially relevant files which are in the dark and unknown to legal teams because they are not indexed.

Index corruption is another commonly reported issue with index-everything solutions that results in incomplete search results. Search indexes are susceptible to data corruption just like any other computer file, but the large size of indexes containing billions of records increases the probability of errors. In fact, this is a common problem of most archive solutions and other solutions that manage billions of records. A corrupt search index will result in incomplete results or in the worst case scenario, the inability to conduct searches until the index is repaired. In some situations, data must be re-indexed to rebuild a corrupt search index which is time consuming due to the slow speed of some solutions.

The net result isthat in-place solutions increase the likelihood of missing critical data, exposing the organization to considerable legal and financial risk.

3. Time Delays and Uncertainty in Searches

When embarking on a project to make all enterprise data searchable for e-discovery, an important consideration is indexing speed in relation to total outstanding data and projected data growth. Organizations deploying such a solution typically have a large amount of existing data that needs to be indexed, and this index must be continually updated as data is modified and new data is created. Many companies report that although vendors claim high processing rates, these high rates erode over time as companies index greater amounts of their existing data, increasing the size of search indexes. Beyond an application’s ability to index data, there are exogenous factors affecting indexing performance including network speed, disk I/O, and latency. Along with index size and the number of search indexes, these factors can also affect search query performance, resulting in searches that take hours or days to return results.

Another issue facing organizations deploying index-everything solutions is that end users may be creating and modifying documents faster than the solution can index them. As a result, there is a widening gap between the state of data in the wild and the solution’s picture of that data, leading to incomplete search results. Equally troubling, search results may include files that were moved after the search engine indexed them, and so they appear in the results but cannot be viewed, retrieved, or preserved. End users clicking on the link to an item may receive an error similar to the “404 Error: File Not Found” that everyone has experienced when browsing the web. This presents a significant defensibility problem in e-discovery, and IT teams often end up tracking down these missing files one-by-one to ensure they are preserved. The result is that organizations may be exposed to unnecessary legal risk while IT teams have the additional burden of manually tracking down hundreds of files for each legal matter.

A Better Approach to Collection and Preservation

Recognizing the challenges of collection and preservation, Clearwell has developed a targeted approach that enables organizations to defensibly collect and preserve data without increasing the work of IT or exposing the organization to risk. Targeted collection provides an easy way for IT or Legal teams to collect from all critical data sources and securely manage collected data in a preservation store for the duration of a case. Unlike index-everything and preserve-in-place approaches, Clearwell is up and running quickly, delivering value in hours or days without the cost and complexity of lengthy multi-month deployment timelines. In addition, Clearwell’s targeted collect-and-preserve approach has a number of benefits over in-place approaches:

Minimal impact to IT infrastructure: Clearwell only collects potentially relevant data from custodians involved in a case or investigation, targeting resources at the most important data instead of wasting resources on indexing all data across the entire organization. As a result, targeted collection requires less impact to existing applications and storage systems, does not cause significant increases to disk I/O or network consumption, and does not require agents to be installed on client machines or servers.

Finds all critical data: Purpose-built to support the complex and difficult to read file types required by e-discovery, Clearwell can index and search all critical content such as nested container files, encrypted files, images containing text, and hidden content.

Up-to-date collection: Clearwell collects all relevant data for e-discovery by targeting information that is related to custodians in the case. Because this approach is not limited by legacy indexing approaches, Clearwell is able to collect data that has been recently modified or moved.

Maintains existing workflow: With Clearwell, end users are able to continue using their existing workflows and business processes without interruption. Using targeted collection, Clearwell can collect data in the background without altering data where it resides. When users create or modify files in the normal course of business, Clearwell incrementally collects new data automatically.

Reduces risk: Targeted collection significantly reduces the risk of spoliation by retaining data in a secure preservation store, providing a defensible process that maintains chain of custody. As a result, data cannot be tampered with by end users or accidently lost on laptops, desktops, or other data repositories not under the control of IT.

Collecting and preserving evidence are critical steps in the e-discovery process. Solutions that promote indexing everything as the optimal solution for your e-discovery problems might be conceptually promising, but create new challenges for IT and increase risk in practice. As a result, organizations are seeking a solution that enables them to respond effectively to e-discovery without causing major disruptions or exposing the organization to additional risk. Clearwell’s targeted approach solves the challenges of collection and preservation by making it easy to collect data from all critical data sources and preserve data defensibly, without incurring greater risk or disrupting the organization’s business processes.

Ordering a “company-wide” search is not enough to shield outside counsel and client from a potentially embarrassing electronic discovery sanction allocation hearing in the Southern District of New York.

In In re A & M FLORIDA PROPERTIES II, the parties disputed the terms and obligations relevant to a purchase and sale agreement for property.  The plaintiff claimed the defendant failed to disclose information that would ultimately have the effect of increasing plaintiff’s purchase price. The defendant claimed that the plaintiff was fully informed of the transaction details and requested emails and other documents from plaintiff to prove plaintiff had knowledge of the details. During e-discovery, the plaintiff’s counsel made the following two costly errors that led to a potentially embarrassing sanction show down with his client:

1. Issuing a broad instruction to perform a “company-wide” search without more detailed instructions
2. Failure to communicate with key IT personnel and employees to understand the client’s retention policies and data systems

The plaintiff’s early productions raised red flags for the defendant because they did not include any internal emails or an email that had previously been exchanged between the parties.  In response, the plaintiff’s outside counsel ordered his client to conduct a “company-wide” search to straighten out the email production issues. The plaintiff’s Chief Technology Officer (CTO) was tasked with overseeing the search, but the search was limited to email in the “live” system and did not include employee archives that the CTO knew existed.  The plaintiff’s counsel later admitted that he did not know the difference between archives and live inboxes and the CTO claimed access to the archives would have been provided to the defendant if only she had been asked. Following multiple searches by a forensic examiner and months of delay, over 9,500 additional emails were eventually produced from the archives that were initially overlooked.

Judge Gonzalez refused to order dismissal or an adverse instruction since the evidence was eventually produced and there was no evidence of bad faith.  However, Judge Gonzalez showed little sympathy for counsel’s failure to “understand the technical depths to which electronic discovery can sometimes go” or to “gain a better understanding of GFI’s [defendant’s] computer system” and issued monetary sanctions to cover the cost of defendant’s attorney fees and forensic examiner.  To make matters worse, the judge also ordered a future hearing to determine how to allocate the cost of sanction between the plaintiff and their lawyers.

Can You Say Embarrassing?

This type of hearing tends to uncomfortably pit client and counsel against each other in a game of he said, she said.  This isn’t Qualcomm revisited where sanctions were in the millions and attorneys from top law firms were scrapping to keep their licenses to practice law.  Nonetheless, the stakes are always high when you’re dealing with sanctions.  I can hear the arguments now:

Outside Counsel:  “When I said ‘company-wide’ search I meant a ‘company-wide’ search!”

Client:  “Well, if you would have been more specific, I would have known to search the archives.  You’re the lawyer after all.  Haven’t you done this before?”

Only a few know the details of what actually transpired and getting into the blame game with your client is something most attorneys want to avoid.

Lessons Learned

The lessons learned in this case are many, but here are a few key points to consider for both law firms and the clients they represent:

• Counsel and corporate IT must over-communicate: at the onset of litigation lawyers and IT should caucus to discuss critical e-discovery items and communicate with each other throughout the entire e-discovery process to ensure risk items related to technology (or anything else) are identified and minimized.
• Senior corporate executives need to take e-discovery seriously: the risk of poorly executed e-discovery isn’t just an issue for the GC. These issues can expose other senior executives (the CTO in this case) to embarrassment and their companies to monetary sanctions.
• The duty to preserve ESI is broad and organizations should utilize the right technology solutions to minimize the risk of error: searching email servers and ignoring other sources where relevant files may exist can harm the business as well as the personal reputations.  Companies should leverage technology solutions that allow for automated and repeatable data collections from multiple data sources like servers and laptops/desktops simultaneously to reduce the risk of human error and sanctions.

Conclusion

In Re Florida A&M Properties II serves as yet another reminder that the bench in the Southern District of New York has little tolerance when practitioners fail to understand the intersection between law and technology.  Since other jurisdictions often look to decisions from the Southern District of New York as persuasive authority, lawyers in other jurisdictions should take note.

It’s not just in New Jersey that corruption is in the news. It feels like everywhere you go, the authorities are investigating white collar crime and thus have an increasing need for electronic discovery technology.

Earlier this month, as those of you who follow my Twitter feed will know, I was visiting customers and partners in Germany. In virtually every meeting, data privacy and corruption investigations were top of mind, and with good reason. Following the Siemens case last year, German investigators have become much more active and it was easy for my hosts to list example after example of recent cases. There was the Deutsche Bahn case of management spying on its own employees, in violation of German privacy laws; the Deutsche Bank case of management spying on its own board; and, the Deutsche Telecom case of management phone tapping employees to find leaks. There were stories of price collusion among cable car companies in the Alps, and corruption investigations into the activities of German companies in Eastern Europe.

A similar focus on anti-corruption exists closer to home. I have written before about the increase in FCPA investigations and that’s been reflected in recent headlines. As the Wall Street Journal reports, Sun and Shell have recently come under the microscope, according to their public filings. And Frederic Bourke, a founder of the accessories firm Dooney & Bourke, was recently found guilty of conspiracy to violate the Foreign Corrupt Practices Act, which may result in jail time.

All indications are that the U.S. Department of Justice and its counterparts overseas are just warming up. It’s not a good time for white collar crime, wherever you are in the world.