e-discovery 2.0

The data explosion that has burdened organizations across the globe for the past decade has become increasingly expensive to manage.  Many experts point to storage as the most obvious culprit for higher information governance costs.  There are, however, other factors driving those costs.  For example, demands for electronically stored information in legal and regulatory proceedings have significantly increased expenses surrounding data management.  Those demands have forced organizations to meet the high expectations that courts and regulatory bodies have for how they address their information or face the consequences.

Those consequences include sanctions and regulatory fines for groups that fail to account for how they store, manage and discover their information.  The $919 million verdict rendered in the E.I. du Pont de Nemours v. Kolon Industries case is paradigmatic of this trend.  That verdict was inextricably intertwined with the court’s instruction to the jury that executives and employees for defendant Kolon Industries deleted key evidence after the company’s preservation duty was triggered.

Going to Cloud Services for Data Archiving and eDiscovery

These rising data costs – and the risks they pose – are driving organizations to explore new technologies and methods for managing their data.  The latest alternative to traditional on-premise solutions involves leveraging cloud-based services.

The hype surrounding the cloud has generally focused on the opportunity for cheap and unlimited storage.  While cost effective data storage is important, that factor alone should not be determinative for selecting a cloud service provider.  Organizations must have the actual – not theoretical – ability to retrieve their data and do so in real time.  Otherwise, they may not be able to satisfy legal or regulatory requests, let alone the day-to-day demands of their operations.

In an analogous context, courts have traditionally compelled paper document productions even though the requested materials may be buried in a messy warehouse.  In one such case from this year, a U.S. district court in New York ordered a company to turn over decades-old records that were commingled with other materials in poorly labeled, shrink-wrapped boxes.  The court reasoned that disorganized record-keeping should not excuse an organization from producing relevant information.  See Brooks v. Macy’s (S.D.N.Y. May 6, 2011).

The rationale from the Brooks case is equally applicable to cloud-based services.  Cloud-based data must be intelligently organized so that companies can retrieve data in a timely fashion for business and legal purposes.  Otherwise, the savings achieved through cheap storage will be negated by the resulting legal quagmire.

Paring Back Superfluous and Duplicative Information

To facilitate the data retrieval process, the right cloud service provider should have the capacity to implement and observe applicable company retention policies.  An effective retention policy will generally help a company retain information that must be kept for business, legal or regulatory purposes – and nothing else.  The service provider should enable automated retention rules to ensure that information is kept only for a designated time period.  This will allow data to be expired once it reaches the end of that period.  And by expiring that data, the company will limit the amount of potentially relevant information available for follow-on litigation.

The pool of information can also be decreased through single instance storage.  This deduplication technology eliminates redundant data by preserving only a master copy of each document placed into the cloud.  This will reduce the amount of data that needs to be identified, collected and reviewed as part of the electronic discovery process.  For while unlimited data storage may seem ideal now, reviewing unlimited amounts of data will quickly become a logistical and costly nightmare.

Tools to Facilitate Discovery

A cloud service provider should ideally have eDiscovery functionality.  At a minimum, the service provider should be able to deploy legal holds to prevent users or automated policies from overwriting and destroying data.  Advanced search capabilities should also be included within the cloud-based service to reduce the amount of data that must be analyzed and then reviewed.  Moreover, the provider should support compatible load formats for export to third party review software.

Another key discovery issue is whether the cloud service provider can establish a clear audit trail for transmissions of company data.  Since information could be modified in transit by the routine operation of a service provider’s computer systems, an audit trail is necessary to prove that company documents and their metadata were not affected or otherwise compromised during transmission.  Without this assurance, a company may not be able to demonstrate the authenticity of its data before a tribunal or comply with key regulations.

A cloud server provider that can quickly retrieve and efficiently discover data has the potential to help organizations address their legal and regulatory demands in a cost effective manner.  Such a provider may be just the solution for organizations that are looking to properly address their runaway information governance costs.

Outcry from many in the legal community has caused a number of groups to consider whether the Federal Rules of Civil Procedure (FRCP) should be amended.  The dialogue began in earnest a year ago at the Duke Civil Litigation Conference and picked up speed following an eDiscovery “mini-conference” held in Dallas last month (led by the Discovery Subcommittee –  appointed by the Advisory Committee on Civil Rules).  The rules amendment topic is so hot that the Sedona Conference (WG1) spent most of its two day annual meeting discussing the need for amendments and evaluating a range of competing proposals.

During this dialogue (which I can’t quote verbatim) a number of things became clear to me…

1.  This rules amendment quandary is a bit of a chicken and egg riddle — meaning that it’s hard to cast support wholeheartedly for a rules change if there isn’t a good consensus for what a particular change would accomplish and what the long term consequences might be as technology quickly morphs.  As an example, if there was a redefined preservation trigger that started the duty to preserve when there was a reasonable “certainty” of litigation (versus a mere “likelihood”), would this really make a material impact?  Or, would this inquiry still be as highly fact specific as it is today?  Would this still be similarly prone to the 20/20 hindsight judgment that’s inevitable as well?

2. While it is clear that preservation has become a more complex and risk laden process, it’s not clear that this “pain” is causally related to the FRCP.  In the notes from the Dallas mini-conference, a pending Sedona survey was quoted, referencing the fact that preservation challenges were overwhelmingly increasing:

“[S]ome trends can be noted. 95% (of the surveyed members) agreed that preservation issues were more frequent. 75% said that development was due to the proliferation of information.”

3. Another camp of stakeholders complain that the existing rules (as amended in 2006) aren’t being followed by practitioners or understood by the judiciary.  While this may be the case, it then begs the critical question: If folks aren’t following the amended rules (utilizing proportionality, leveraging FRE 502, etc.) is it really reasonable to think that any new rules would be followed this time around?

4. The role of technology in easing the preservation burden represents another murky area for debate.  For example, it could be argued that preservation pains (i.e., costs) are only really significant for organizations that haven’t deployed state of the art information governance solutions (e.g., legal hold solutions, email archives, records retention software, etc.) to make the requisite tasks less manual.

5. And finally, even assuming that the FRCP is magically re-jiggered to ease preservation costs, this would only impact organizations with litigation in Federal court. This leaves many still exposed to varying standards for the preservation trigger, scope and associated sanctions.

So, in the end, it’s unclear what the future holds for an amended FRCP landscape.  Given the range of divergent perspectives, differing viewpoints on potential solutions and the time necessary to navigate the Rules Enabling Act, the only thing that’s clear is that the cavalry isn’t coming to the rescue any time soon.  This means that organizations with significant preservation pains should endeavor to better utilize the rules that are on the books and deploy enabling technologies where possible.

As a proxy for risk assessment, many legal practitioners are simply asked, “What keeps you up at night?”  Aside from (i) small children and (ii) spicy Thai food, it’s becoming increasingly clear that eDiscovery is moving to the head of this inauspicious list, particularly for corporate boards, which now view risk management and regulatory compliance as their top concerns.

In a recent survey, BDO queried more than 100 directors at public companies with revenues between $250 million and $750 million and found that risk management factored heavily into the survey’s findings.  Over half of respondents identified managing risk as the topic they should be spending more time on, with 61% saying that their liability risk has increased during the financial downturn.

“In recent years, the responsibilities of corporate boards have grown considerably and much of their time has been dedicated to responding to new regulatory requirements,” says Wendy Hambleton, a partner in BDO’s corporate governance practice, in a statement about the survey. “What we are seeing in this study is a willingness of boards to take a more proactive role in risk management and it seems to be related to the risk they face as directors.”

On a similar risk management theme, another survey queried general counsel about what keeps them up at night.  Of these nearly 500 directors and GCs, 56% cited electronic discovery for litigation and investigation, which represented a marked increase since 2007, when only 36% of general counsel said they had the same nightmares.

This increasing concern around compliance and information governance isn’t surprising giving that the regulatory environment (FCPA, UK Bribery Act, Dodd-Frank, etc.) is much more rigorous than it was even a few years ago.  And, the fears are that this supercharged regulatory environment will only increase in fervor, with the majority of GCs feeling strongly that it will be the single biggest contributor to their workload through the rest of this year and leading into 2012.

What is interesting about these concerns is the disconnect between the very real fears and the lack of action – since many practitioners simply aren’t taking proactive steps to mitigate their information governance risks.  In an extension of the nightmare analogy, it’s like repeatedly watching scary movies right before bedtime and then being surprised when Freddy Kruger shows up in their dreams.

As noted previously, Symantec’s recent Information Retention and eDiscovery Survey revealed how blissfully ignorant some enterprises are about their shoddy information governance hygiene. Despite the numerous risks that are keeping so many up at night, the survey found nearly half of the respondents did not have an information retention plan in place, and of this group, only 30% were discussing how to do so.  Most shockingly, 14% appear to be ostriches with their heads in the sand and have no plans to implement any retention plan whatsoever.  When asked why folks weren’t taking action, respondents indicated lack of need (41%), too costly (38%), nobody has been chartered with that responsibility (27%), don’t have time (26%) and lack of expertise (21%) as top reasons.

While it is important to get a good night’s sleep, it isn’t wise to slumber through the night with an army of ESI zombies ravaging your house, particularly when it’s possible to implement even the most basic information governance plans.  It’s beyond blissfully ignorant to ignore real risks and snooze away during what is assuredly an escalating regulatory climate.  Instead, put the best possible people, processes and technology in place, and start again, well rested, in the morning.

The Ninth Circuit unequivocally extended the protections of the Electronic Communications Privacy Act (“ECPA”) to foreign citizens yesterday.  In Suzlon Energy Ltd. v. Microsoft Corp. — F.3d — (9th Cir. 2011), the court held that the ECPA protects the emails of non-citizens that are stored in the United States from disclosure.

At issue were various emails belonging to an Indian citizen that were stored in his Microsoft Hotmail account.  Relying on the plain language of the statute, the district court rejected the plaintiff energy provider’s request that Microsoft turn over the emails for use in an Australian-based legal proceeding.  The Ninth Circuit agreed, finding that the protections of the ECPA expressly encompassed “any person” whose emails were stored “on a domestic server, by a domestic corporation.”

The Suzlon Energy opinion has three additional noteworthy points.  First, the Ninth Circuit declined to create by judicial fiat a “civil litigation” exception that would allow the production of the emails.  Such an exception would have eviscerated the privacy concerns regarding electronically stored communications that Congress specifically invoked in enacting the statute.

The court also refused to find that the defendant’s status as a party to litigation constituted “implied consent” to the production of his Hotmail emails.  Such a finding is consistent with other jurisprudence holding that participation in legal proceedings does not waive the protections of the ECPA.

Last but not least, the court’s holding applies only to emails stored in the United States.  It does not apply to information maintained or acts that occurred beyond the United States.

The Suzlon Energy case represents a growing chorus of opinions that have toughened the privacy protections of the ECPA.  As more courts follow the lead of the Ninth Circuit on the ECPA, the clamor for Congress to enact amendments that would modernize the statute will undoubtedly increase.  Stay tuned; the fight over privacy on the internet is just beginning.

In the eDiscovery universe, hot trends and evolving technologies tend to capture the attention of the legal community.  Discoverable data sources have been the focus in the courtroom for quite some time, and just like the “popular kids” from high school, email has held the crown of eDiscovery darling.  Not surprisingly, the more time end-users spend in a specific medium (on Facebook, for example), the more likely data will be created – and as that data multiplies, it has the potential to become compelling in discovery.  It seems that many U.S. organizations are electing to allow social media use at work and for work, rather than blocking access.  For obvious reasons, granting this access is culturally desirable, but from an eDiscovery perspective social media use introduces new complications.  However, don’t be mystified.  There is nothing that new here.

Recently, Symantec issued the findings of its second annual Information Retention and eDiscovery Survey, which examined how enterprises are coping with the tsunami of electronically stored information.  Having lost some popularity, email came in third place (58%) to files/documents (67%) and database/application data (61%) when respondents were asked what type of documents were most commonly part of an eDiscovery request.  The new kid on the block for data sources is social media, reported by 41% of those surveyed.  Social media is in essence no different than any other data type in the eDiscovery process, it’s just the newest.  Said another way; social media is the new email.

Of course, it’s no longer news to proclaim that communications from social networking sites are discoverable.  What is newsworthy is the question of how to effectively store, manage and discover these communications which come in such varying forms, making the logistics of doing so for social media different than for traditional mediums.  Like email, social media is used by everyone (ubiquitous), is viral (fast), has mixed uses (professional and personal) and there is a lot of it (high volume).  Unlike email, social media comes in many different forms (Facebook, LinkedIn, Twitter, etc.), is not controlled within an organization’s firewalls (custody, possession and control issues), and has more complex requirements within the information governance lifecycle (technology is needed to ingest social media into an archive).

The two main areas to examine in relation to social media use and an organization’s policies are: 1) the legal issues that apply specifically to the organization, and 2) the logistical and technical requirements for preservation and collection.  Essentially, what is the organization’s policy surrounding social media use, and how can the information be accessed if need be? Luckily, technology exists that is nimble enough to be able to ingest social media and archive it in accordance with an organization’s policy, should one exist.  Organizations that have recognized social media as the newest kid on the block have, ideally: developed a social media policy, purchased (or deployed) collection and retention technology, and instituted training for their employees.  They have also integrated social media into their information governance strategy and document retention policy. Remember, not all organizations will have to archive social media, but all should address social media with a policy and training.

Other organizations have not accepted social media as part of the evolutionary process of eDiscovery.  They proceed at their own peril – as did the organizations that did not control their email some ten years ago!

These organizations will be in crisis when they need to collect social media for litigation and will most likely have a large lesson in damage control, as well as an equally large bill.  They will be uneducated, ill-prepared and overwhelmed about how to discover social media.  Without a policy, they will have to over collect by default, which will drive up the costs for collection and possibly for downstream review.  Given that the aforementioned survey found nearly half of the respondents did not have an information retention policy in place, and of this group, only 30% were discussing how to do so, it is likely that many of these organizations do not yet have a social media policy either.

With this background in mind, organizations should evaluate which laws and regulations apply to their organization, develop a policy and train their employees on that policy.  Plus ça change, plus c’est la même chose.

For more information about how IT and Legal can manage the impact of social media on their organization and to learn how archiving social media can be accomplished, please join this webcast from Symantec.

It is axiomatic that the law helps those who help themselves.  Perhaps nowhere is that truism more applicable than in the context of electronic discovery.  The organization that implements an effective information governance strategy – including developing reasonable data retention policies – will likely avoid court sanctions and reduce its legal costs.  This was confirmed in a recent industry survey, which found that organizations “help themselves” when they develop information retention policies.  According to the survey, better retention practices drive dramatically better outcomes in litigation, particularly in the context of retention and preservation.

Such a finding is echoed by a recent case issued from the District of Indiana.  In Haraburda v. Arcelor Mittal U.S.A., Inc. (D. Ind. June 28, 2011), the court tied a litigant’s preservation duty to its document retention efforts.  In order to discharge its duty to reactively preserve evidence, the court reasoned that enterprises must proactively create “a ‘comprehensive’ document retention policy that will ensure that relevant documents are retained.”  Failing to implement a retention policy often results in a loss of key information.  And this, opined the court, may result in sanctions.

Such a finding is not limited to an isolated case.  Court decisions from across the United States in 2011 have found the same connection; better data retention practices yield more successful document preservation results.  For example, in the E.I. du Pont de Nemours v. Kolon Industries (E.D. Va. April 27, 2011), the plaintiff manufacturer defeated a sanctions motion due to its effective information retention procedures.   The manufacturer implemented a document retention policy that typically kept emails from former employee accounts for 60 days, after which the emails were overwritten and deleted.   Among the emails deleted pursuant to that policy were several that the defendant argued were relevant to its counter-claims.  The DuPont court declined to impose sanctions, however, since the emails in question were overwritten before the duty to preserve was triggered.  Instead, the court lauded the manufacturer’s preservation efforts, finding that it “took positive steps reasonably calculated to ensure that information . . . was preserved for litigation.”  Because the manufacturer faithfully observed its established retention policy, it reduced a stockpile of email, made relevant documents unavailable for discovery and was still protected from court sanctions.

Similarly, in Viramontes v. U.S. Bancorp (N.D.Ill. Jan. 27, 2011), the defendant bank relied on its data retention protocols to stave off a sanctions motion after deleting several years of email.  Because those emails were destroyed pursuant to a neutral retention policy before a preservation duty attached, the bank was protected from sanctions under the Federal Rule of Civil Procedure 37(e) safe harbor for the destruction of electronic information.

The converse, of course, is also true.  Those organizations that failed to implement effective retention policies have fared poorly in discovery because they have not preserved relevant ESI.  Take the defendant, for instance, in Northington v. H & M International (N.D.Ill. Jan. 12, 2011).  The court issued an adverse inference jury instruction against that company because it spoliated significant emails and other data.  The genesis of this spoliation was the company’s failure to establish a formal document retention policy.  Instead of having a thoughtful, top-down approach, “data retention . . . was evidently handled on an ad hoc, case-by-case basis.”  The company’s failure to develop a pre-litigation information retention policy eventually led to the loss of key information and the court’s sanctions award.

These recent cases and others confirm the correlation between retention and preservation.  Simply put, proactive retention leads to better preservation in eDiscovery.  Anything less could be disastrous in litigation.

Symantec today issued the findings of its second annual Information Retention and eDiscovery Survey, which examined how enterprises are coping with the tsunami of electronically stored information (ESI) that we see expanding by the minute.  Perhaps counter intuitively, the survey of legal and IT personnel at 2,000 enterprises found that email is no longer the primary source of ESI companies produced in response to eDiscovery requests.  In fact, email came in third place (58%) to files/documents (67%) and database/application data (61%).  Marking a departure from the landscape as recently as a few years ago, the survey reveals that email does not axiomatically equal eDiscovery any longer.

Some may react incredulously to these results. For instance, noted eDiscovery expert Ralph Losey continues to stress the paramount importance of email: “In the world of employment litigation it is all about email and attachments and other informal communications. That is not to say databases aren’t also sometimes important. They can be, especially in class actions. But, the focus of eDiscovery remains squarely on email.”   While it’s hard to argue with Ralph, the real takeaway should be less about the relative descent of email’s importance, and more about the ascendency of other data types (including social media), which now have an unquestioned seat at the table.

The primary ramification is that organizations need to prepare for eDiscovery and governmental inquires by casting a wider ESI net, including social media, cloud data, instant messaging and structured data systems.  Forward-thinking companies should map out where all ESI resides company-wide so that these important sources do not go unrecognized.  Once these sources of potentially responsive ESI are accounted for, the right eDiscovery tools need to be deployed so that these disparate types of ESI can be defensibly collected and processed for review in a singular, efficient and auditable environment.

The survey also found that companies which employ best practices such as implementing information retention plans, automating the enforcement of legal holds and leveraging archiving tools instead of relying on backups, fare dramatically better when it comes to responding to eDiscovery requests. Companies in the survey with good information governance hygiene were:

• 81% more likely to have a formal retention plan in place
• 63% more likely to automate legal holds
• 50% more likely to use a formal archiving tool

These top-tier companies in the survey were able to respond much faster and more successfully to an eDiscovery request, often suffering fewer negative consequences:

• 78% less likely to be sanctioned
• 47% less likely to lead to a compromised legal position
• 45% less likely to disclose too much information

This last bullet (disclosing too much information) has a number of negative ramifications beyond just giving the opposition more ammo than is strictly necessary.  Since much of the eDiscovery process is volume-based, particularly the eyes-on review component, every extra gigabyte of produced information costs the organization in both seen and unseen ways.  Some have estimated that it costs between $3-5 a document for manual attorney review – and at 50,000 pages to a gigabyte, these data-related expenses can really add up quickly.

On the other side of the coin, there were those companies with bad information governance hygiene.  While this isn’t terribly surprising, it is shocking to see how many entities fail to connect the dots between information governance and risk reduction.  Despite the numerous risks, the survey found nearly half of the respondents did not have an information retention plan in place, and of this group, only 30% were discussing how to do so.  Most shockingly, 14% appear to be ostriches with their heads in the sand and have no plans to implement any retention plan whatsoever.  When asked why folks weren’t taking action, respondents indicated lack of need (41%), too costly (38%), nobody has been chartered with that responsibility (27%), don’t have time (26%) and lack of expertise (21%) as top reasons.  While I get the cost issue, particularly in these tough economic times, it’s bewildering to think that so many companies feel immune from the requirements of having even a basic retention plan.

As the saying goes, “You don’t need to be a weatherman to tell which way the wind blows.”  And, the winds of change are upon us.  Treating eDiscovery as a repeatable business process isn’t a Herculean task, but it is one that cannot be accomplished without good information governance hygiene and the profound recognition that email isn’t the only game in town.

For more information regarding good records management hygiene, check out this informative video blog and Contoural article.

A famous quote from intellectual George Santayana provides an appropriate backdrop for organizations to better understand why they should deploy technology to strengthen their litigation response effort.  As Santayana explained in The Life of Reason: Reason in Common Sense, “[t]hose who cannot remember the past are condemned to repeat it.”

The “past” can be a powerful playbook in the game of eDiscovery.  Fortunately for organizations, the lessons of eDiscovery history abound.  Indeed, the decisions that courts issue every day across the United States and in other countries provide substantial guidance on what organizations should and should not do to properly prepare for the discovery phase of litigation.

One of the principal lessons that can be gleaned from American court cases in 2011 is that technology can help organizations address the demands of eDiscovery in litigation.  Technology has assumed such a significant role because it facilitates the oversight process that lawyers must engage in to ensure that pertinent documents are preserved for discovery.  This year alone, the failure to exercise that oversight has in many instances culminated in evidence destruction and sanctions.

That message was emphasized this summer by a Virginia based federal court in a hotly contested trade secret dispute.  In E.I. du Pont de Nemours v. Kolon Industries (E.D. Va. July 21, 2011), the court determined that it would issue an adverse inference jury instruction against defendant Kolon Industries as a sanction for its evidence spoliation.  The spoliation at issue occurred when Kolon deleted emails and other records relevant to DuPont’s trade secret claims.  After being apprised of the lawsuit and then receiving multiple litigation hold notices, several Kolon executives and employees met together and identified emails and other documents that should be deleted.  The ensuing destruction was staggering.  Nearly 18,000 files and emails were deleted.  Furthermore, many of these materials went right to the heart of DuPont’s claim that key aspects of its Kevlar© formula were allegedly misappropriated to improve Kolon’s competing product line.

Surprisingly, however, the court did not finger the Kolon employees as the principal culprits for spoliation.  Instead, the court laid the blame on Kolon’s attorneys and executives, reasoning they could have prevented the destruction of information through better oversight.  The hold process was particularly flawed.  The notices were either too limited in their distribution, ineffective since they were prepared in English for Korean-speaking employees, or too late to prevent or otherwise alleviate the spoliation.  Given the logistical challenges of implementing a hold in this instance, perhaps only the automated functions of technology such as archiving software might have strengthened the oversight process and obviated the spoliation that took place.

The lack of attorney oversight also factored into another pertinent sanctions order this year, this time from a federal court in Chicago.  In Northington v. H & M International (N.D.Ill. Jan. 12, 2011), the court issued an adverse inference jury instruction against a company that destroyed relevant emails and other data.  The spoliation occurred in large part because the company neglected to establish a global litigation response effort.  For example, there was no process for issuing or ensuring compliance with a litigation hold.  Nor was counsel engaged in the critical steps of preservation, identification or collection of electronically stored information (ESI).  Into this vacuum stepped rank and file employees – some of whom were accused by the plaintiff of harassment – who were tasked with identifying and collecting discoverable emails from their workstations.  Predictably, key documents were never found and the court had little choice but to promise to inform the jury that the company destroyed evidence.

The problems associated with the lack of oversight in DuPont and Northington are compelling reasons why organizations should consider using technology tools as part of their overall litigation response strategy.  One of the most helpful tools in this regard is archiving software.  Indeed, having the right archiving solution in place might have preserved the spoliated records in these actions.

For example, archiving software can be programmed to prevent employees from deleting emails and other electronically stored information.  By ingesting data into a central repository and leaving copies of the materials on local computers, employees could have access to their archived records.  They would not, however, be able to delete those documents from the software archive.  In addition, a litigation hold could have been placed on archived data to prevent automated retention rules from overwriting information.  Either of these features might have prevented much of the spoliation – and the resulting sanctions – that occurred in both the DuPont and Northington cases.

The automated functions of archiving technology can benefit a company’s litigation response in other ways.  For example, such a tool may limit the amount of potentially relevant information available for follow-on litigation.  Absent a legal hold, retention rules that are programmed into the software will ensure that ESI is expired once it reaches the end of a designated period.  In DuPont, such a feature could arguably have eliminated entire categories of older documents before a duty to preserve those materials ever ripened.  This facet not only has the potential to reduce legal exposure, but also the attendant costs associated with reviewing those documents in litigation.

DuPont, Northington and other cases from the recent past delineate the steps companies can take to address the challenges of eDiscovery.  Organizations do not have to “repeat” past mistakes that victimized clients and counsel alike.  Instead, they can implement the right technology tools as part of a thoughtful, proactive approach to litigation.  By so doing, organizations will avoid Santayana’s judgment by “remembering” the lessons of eDiscovery history.

In my last post I announced that discussions are taking place that could change the way preservation and sanctions issues are handled within the federal court system.  The next round of discussions about possible amendments to the Federal Rules of Civil Procedure (FRCP) is scheduled to take place on September 9th in Dallas, Texas as part of a “mini-conference” led by the Discovery Subcommittee – a committee appointed by the Advisory Committee on Civil Rules.  This post discusses three different rule amendment approaches that attendees have been asked to consider in order to help them prepare for the mini-conference.  A complete list of attendees, preparation materials, and questions the group will consider are included in the Advisory Committee’s June 29, 2011 memorandum to the participants.

The debate about whether or not rule amendments are even required is far from over.  A 452-page document located on the U.S. Courts’ website chronicles many of the meetings, notes, and submissions driving the current discussion.  Page 265 of the document contains a memorandum prepared by the Civil Rules Advisory Committee earlier this year, stating that:

“the Subcommittee has reached no conclusion on whether rule amendments would be a productive way of dealing with preservation/sanctions concerns, much less what amendment proposals would be useful.”

Despite concerns that amending the current rules now would amount to jumping the gun, there is an undeniable desire for more clarity around when the duty to preserve electronically stored information (ESI) is triggered, what must be preserved, and when the duty expires.  This momentum has resulted in the crafting of draft proposals that are likely to help frame the discussion on September 9th. The “proposals” are really draft approaches that have been broken down into three general categories described in the Civil Rules Advisory Committee’s memorandum, titled: “PRESERVATION/SANCTIONS ISSUES” (see page 263).  The Category 1 approach can best be described as providing a higher degree of specificity than the other approaches.  For example, the Category 1 approach provides a fairly detailed explanation of the duty to preserve evidence (Rule 26.1(a)) and details possible triggers (26.1(b)), the scope of the duty to preserve (26.1(c)), and sanctions (Rule 37).  Category 2 proposes a more general preservation rule, while Category 3 only addresses sanctions as a tool for influencing behavior.  The three categories are discussed in more detail below.

Category 1: Specific Rule

This draft includes many different exemplary lists, alternative approaches, and footnotes that highlight the fact that one of the key challenges with drafting a specific rule is trying to foresee all of the challenges that might lie in the road ahead.  For example, the draft rule provides a long list of events that could trigger the duty to preserve evidence, including everything from serving a pleading to taking “any other action” in anticipation of litigation.   The rule also provides a list of information types that are “presumptively excluded” from the preservation duty, such as deleted data on hard drives, temporary internet files, and physically damaged media.

The lists are helpful in that they provide guidance.  However, each list also includes a “catch-all” provision to address scenarios that might not be foreseeable.  The inclusion of catch-all provisions highlights the inherent challenge of providing more clarity and certainty without creating rules that are so inflexible that they are difficult to apply to unforeseen factual scenarios or technological developments.  Some might argue that trying to provide a laundry list of examples will make passage of new rules difficult because each item on the list will stir debate.  Others contend that the lists add little value because the catch-all provisions will still require litigators to pass the sniff test of “reasonableness.”

Despite the inherent challenges related to drafting rules with specificity, most practitioners would likely support the inclusion of lists or examples that provide at least some direction.  What is likely to be far more controversial with respect to Category 1 is the use of alternative language proposing fixed limits around custodians and litigation holds.  For example, one alternative would limit data preservation requirements to a fixed number of custodians and the duty to preserve evidence would similarly expire after a fixed number of years.  Bright line rules like these may be easier to understand, but they also tend to be controversial since they lack the flexibility necessary to fairly address every conceivable situation.

Category 2: General Rule

Like the Category 1 proposal, the Category 2 proposal uses lists and outlines several alternative approaches throughout the rule.  However, the Category 2 proposal fundamentally differs from Category 1 by outlining a more general approach.  For example, one of the alternatives essentially states that the duty to preserve evidence is triggered whenever a “reasonable person” would expect to be a party to an action.  Similarly, the ongoing duty to preserve information after the duty has been triggered would be evaluated based on what is described as a “reasonable period” under the circumstances.

The beauty of this more general approach lies in its simplicity and flexibility.  The idea is that evaluating conduct based on the “reasonableness” of a person’s actions is much easier than attempting to draft bright line legal guidelines that account for every possible factual scenario.  The flip side is that reasonable minds could differ and results could be inconsistent if there are no bright line rules.  What this means in the context of the federal rule discussion is that one judge might find a party’s conduct with respect to data preservation efforts reasonable, while another judge might issue sanctions based on the same set of facts.  In large part, it is this lack of certainty and guidance in the current rules that sparked the current debate in the first place.

Category 3: Sanctions-Based Rule

Unlike the first two categories, the Category 3 approach focuses only on sanctions and would act like more of a “back-end” rule.  In other words, the rule would not contain any specific directives about preservation, but it would provide direction in the areas of when and how sanctions might be applied.

Despite the draconian image a “sanctions” based rule might conjure up, the Category 3 rule may seem surprisingly lenient to some.  For example, absent extraordinary circumstances, the court would be prohibited from imposing any of the sanctions listed in Rule 37(b)(2) or from giving an adverse-inference instruction unless:

“the party’s failure to preserve discoverable information was willful or in bad faith and caused [substantial] prejudice in the litigation.”

The sanctions based approach would almost certainly have an impact on how parties handle upstream preservation related issues.  However, the key ingredients that will impact what kind of behavior this rule drives are the severity of the threatened sanction as well as the applicable standard.  For example, a party facing severe sanctions for conduct that is either negligent, willful or in bad faith is likely to take their preservation obligations seriously.  On the other hand, if the realm of possible sanctions is trivial, parties are less likely to take their preservation related obligations seriously.

Conclusion

The three rule approaches represent very early attempts at framing possible approaches to amending the FRCP.  If the Discovery Subcommittee chooses to recommend rule amendments following the September 9th mini-conference in Dallas, the proposed language is likely to be closer to final form and easier to assess than the current proposals.  I will continue to monitor the rule making discussion and provide commentary in future posts.  Stay tuned for my next post where former US Magistrate Judge Ron Hedges explains why he thinks the rule changes are unnecessary and why the current proposals might run afoul of the Rules Enabling Act.

Today, I am delighted to report that Clearwell Systems has become part of Symantec. We have, of course, been working closely together since obtaining regulatory approval for the acquisition last month, but this makes it official: Symantec can now offer customers Clearwell’s market-leading eDiscovery platform as well as its market-leading Symantec Enterprise Vault archiving solution. We are excited to be part of the Symantec team, and to work alongside so many talented people to create the next generation of eDiscovery and information governance solutions.

There are already a large number of joint customers using the Clearwell and Symantec solutions as part of an integrated eDiscovery and archiving workflow, and we are well underway towards building more robust integration between Clearwell and Symantec Enterprise Vault. In updating our product roadmaps, all our decisions are guided by feedback from customers who have told us over and over again that they want to:

• Reduce costs across all phases represented in the Electronic Discovery Reference Model, from information management through review and production
• Reduce risk by improving the defensibility and repeatability of their archiving and eDiscovery processes
• Streamline their end to end archiving and eDiscovery lifecycle to meet legal and regulatory deadlines
• Start managing information and conducting eDiscovery in as little as one day; whether on-premise, as a hosted solution or in the cloud
• Meet their enterprise-wide archiving and eDiscovery needs, whether they have less than 25 to more than one million users

As we’ve discussed before, our plan as part of Symantec is to deliver a seamless, integrated archiving and eDiscovery management workflow that benefits all our customers. To keep everyone in the loop, we will continue to post updates and answer questions on the integrated product portfolio here and on the Symantec eDiscovery blog.

For more on the acquisition, and the response from our customers, partners and the industry at large, visit: http://www.symantec.com/clearwell.