e-discovery 2.0

One of the new buzz words of the last few years in computing has been Cloud Computing. After the initial hype, and the subsequent shakeout of its potential, everyone is beginning to recognize that it represents a paradigm shift in how we purchase, deploy, and utilize computing resources. The general impetus for the cloud has been its potential to reduce capital costs, offer flexibility in purchasing computing resources, and reduce operational costs in maintaining hardware resources.

A lot of what the cloud offers is achievable using existing technologies, but repurposed in new and innovative ways. Several forms of the cloud, with specific benefits to customers, are being packaged and promoted. The offerings are delivered as cloud services, such as Platform as a Service (PaaS), Infrastructure as a Service (IaaS) and Software as a Service (SaaS). Without getting into specifics, each service offering comes with a set of service agreements between the purchaser and provider of the cloud services.

As with any new initiative, there are new challenges to contend with including security and compliance with corporate policies and industry regulations.  Although these issues are substantial, for this article, let us consider the legal implications as it relates to electronic discovery. We all know that sooner or later, every organization faces litigation, and increasingly, fair number of them involves e-discovery. Traditionally, in house legal and IT teams have had an understanding of how to respond to legal requests and have focused on litigation readiness. But, how do these translate to the new cloud computing paradigm? I’ll examine some of the challenges in a series of posts on e-discovery and the cloud. For starters, let’s analyze the challenges and considerations inherent with the duty to preserve electronically stored information (ESI).

Duty to Preserve ESI

Before we get to the mechanics of electronic discovery and actual preparation for Rule 26(f) conference, the duty to preserve arises. The duty to preserve may be triggered when a legal proceeding is “reasonably anticipated” and increases in importance on receipt of pre-litigation correspondence or a similar trigger event. Traditionally, such duty to preserve is reflected by placing litigation holds. It is often the case that litigation holds are placed on at least a portion of the ESI well ahead of an actual triggering event. See Adams v. Dell as perhaps an extreme example. In fact, some organizations invest in litigation support software technologies for classifying data and placing holds on the most reasonable subset.

How does such a litigation hold translate into the cloud? As a customer of a cloud, one should craft service agreements to dedicate certain cloud-resident data, in the form of folders or other broad categories, to be preserved. If the cloud provider has deployed technology to ensure that no party within the customer’s user community can delete the preserved data, it is well and good. However, placing such restrictive access impedes normal running of the business, and becomes impractical. Essentially, data in the cloud that is available for normal course of business is in the hands of user-custodians. If they then delete the data either deliberately, or inadvertently, or through normal business functions, that data deletion is subject to spoliation claims. Even though the “safe harbor” from spoliation sanctions of Rule 37(f) applies when information is lost due to the “routine, good faith” operation of electronic information systems, when preservation order is in place, shelter under 37(f) is not possible. Thus, the actual implementation of litigation hold comes under scrutiny. Because of this, many implementations adopt preservation using a “copy and preserve” model. However, this model is at odds with live business data that is constantly evolving. Even if the latest point-in-time snapshot technology at the physical volume is employed, the result is inadequate – you end up preserving massive volumes of data in the cloud, unrelated to actual logical messages or files that need to be preserved. What is needed is some smartness in the form of an application in the cloud itself that can translate a litigation hold request into specific ESI in the cloud. Who owns and manages this application and what the service levels are for this application is a significant issue.

Now, the view from the cloud provider’s perspective is very different. In light of the flexible data management architectures available, there is a great temptation to share both data with a litigation hold and data without a litigation hold on the same physical infrastructure. As a result, the cloud provider   preserves all data from every customer that is resident on that infrastructure – a very conservative approach. As a consequence, this would preserve another customer’s ESI accidentally and that data is now discoverable, in the context of a different litigation, despite the second customer’s active management of the data. Preserving a set of live, constantly changing data in the context of a single enterprise is technically difficult; doing so across multiple customers, sharing the data infrastructure is exponentially harder.

Another related issue with preservation is the need for the ability to release preservation holds. Typically, when the litigation response team determines that the legal hold is not necessary, the hold is released. In the “copy and preserve” model of litigation hold, one has to verify that the released ESI does not overlap with other litigation holds and is marked for destruction. One of the benefits of the cloud is the flexibility in storing bits and pieces of data wherever data capacity is available. Applying the release can again be tricky for both cloud customer and the cloud provider.

Given these additional complexities of evidence in the cloud and the fact that the duty to preserve may arise well before the trigger event of litigation, the costs associated with the duty to preserve can add up very quickly. It’s essential to understand three critical items related to the duty to preserve in the cloud: 1) what the cloud provider would charge for ongoing preservation, 2) whether agreements with the cloud provider cover the legal issues raised by the duty to preserve and 3) what the cloud provider offers in terms of a flexible workflow for applying and releasing legal holds.

To me, litigation holds in electronic discovery are like Federal sentencing.  Most Federal criminal cases end in a plea agreement, so very few are ever tried in front of a jury, but sentencing must occur in 100% of the cases.  Preservation is very similar – although you are likely to collect and produce in only a subset of cases, you must preserve in 100% of the cases.  So, just as sentencing law is extremely important to the Federal criminal bar, preservation is one of the most important phases of e-discovery to corporate or litigation counsel.  Naturally, I am surprised when I talk to corporate law departments that do not have a documented, repeatable process for legal holds that also includes standard procedures for IT.  Simply emailing a hold notice to a custodian and recording the hold on a spreadsheet is not enough given Judge Shira Sheindlin’s recent opinion in Pension Committee v. Banc of America Securities.

So, what is a defensible litigation hold strategy, and how do you get it done?  It is important to remember that the ultimate goal is preservation of any and all evidence that may be relevant to the matter at hand.  There are no hard and fast rules or checklists – only opinions from the bench of what is not enough.  The keys to defensibility are consistency, standardization, documentation, and diligence.  The place to start is with standardized policies and procedures as well as a person (or a portion of a resource) designated within the enterprise as the single point of contact for all issues related to preservation of evidence (read: project management).  Technology can help, but a great preservation strategy can be developed without an expensive or vast technology investment.  So, how do you get this done?  Here are four steps you should take now:

I. Define the Process (You cannot execute a plan that does not exist):

The first step to creating a great litigation hold strategy is defining a process or set of procedures that can be followed repeatedly.  This process could include setting up tiers for ESI sources, with tier one sources always being preserved (these might include frequently requested sources like email, file servers, and perhaps computers of key custodians), tier two sources being preserved on a case by case basis (including sources that are more industry-specific to the enterprise and therefore not always relevant in routine employment litigation or contract disputes), and finally tier three sources which include everything else.  By tiering ESI sources, the enterprise can focus on developing detailed preservation protocols for the tier one and tier two sources while developing a less detailed protocol for tier three sources which would include simply naming IT subject matter experts who would be consulted in the event that those sources were ever subject to preservation requirements.  This approach would allow the enterprise to prioritize data mapping and cataloging efforts on the tier one and tier two sources first.  Data mapping can be an enormous undertaking, so the enterprise might do well to know as much as it can about the email system rather than spending critical time focusing on ESI that may never be subject to any preservation requirement.

II. Dedicate Resources Appropriately and Engage Them Early:

Personnel are a key concern for preservation.  Allowing too many people to initiate and manage litigation holds could lead to confusion for IT and will certainly yield different results across multiple matters.  A single person or team should be appointed to manage litigation holds for the enterprise, and that person or team should develop a sound relationship with IT, paying particular attention to the subject matter experts who manage tier one data sources.  By forging the relationship early, communication and expectations will align before mistakes are made or spoliation occurs.  Of course, consistency is a key component of defensibility, and this cannot be achieved with a reactive, undocumented approach.  IT must understand the scope and consequences of spoliation, and they must be alerted early enough to halt routine destruction of ESI from the company’s systems.  Most corporate law departments have policies in place for “opening files” when new matters occur; it would be relatively easy to include a step in this procedure for engaging the appropriate personnel to begin preserving ESI at this early stage.  Leaving it up to individual attorneys or paralegals could cause preservation procedures to get implemented at various stages in the litigation, exposing the corporation to unpredictable and varying degrees of liability.

III. Audit, Log, and then Audit the Log:

Auditing the process is also critical to defensibility.  When ESI is moved, the process must be documented (even retaining shipping receipts for ESI that must be transported), and all conversions or alterations of the ESI must be documented (preferably with a procedure for commonly-encountered issues and then in a log as performed).  Log every step along the preservation path – including correspondence with custodians, when litigation hold reminders are sent, and any action performed on the preserved ESI (throughout the duration of the litigation).

IV. Talk to Your Custodians!

Interviews with custodians can go a long way toward achieving the diligence element of defensibility.  Acknowledgment by the custodian that they understand the preservation requirement being placed upon them and that they agree to preserve ESI is critical.  Often, custodians can also provide information about additional custodians who should be contacted or ESI sources that may not have been considered.  These and other matter-specific questions should be asked of the key custodians at a minimum.  This information may also prove useful when developing keywords for early case assessment or meet and confer preparation.

As you may have noticed, I have not mentioned any technology yet.  That is because a sound preservation strategy begins with sound policy, not simply purchasing a technology solution that purports to solve all of your problems.  Invest time in analyzing your litigation history, open matters, ESI sources, and personnel.  From there, processes can be developed, and where there are processes, there are then opportunities for automation and optimization through technology.  Simply defining the process is not enough – it must be repeatable and implemented consistently.  One of the best ways to ensure that a process is repeated is to automate it, removing the potentially error-prone manual work  where it is not required.

Following these steps should help jumpstart the development of a defensible preservation strategy, and once developed, you may be surprised to find that existing technology can help automate many of the procedures you have created.  Where existing technology investments fall short, venture into the market place informed and with the keys to defensibility in mind: consistency, standardization, documentation, and diligence.

I was recently asked: “what are the first things you do when your client calls you about a case requiring e-discovery?”  So, for the benefit of all, I’ll post my answer.

My first caveat to the advice was context.  Since, while a lot of attorneys have attended CLEs or have read about e-discovery, it’s not the same in the real world.  As the old Spanish Proverb goes:

It’s not the same to talk of bulls as to be in the bullring.

Keeping in mind that reality may differ significantly from academics, here are some things to consider when the next e-discovery case comes up.   Please also keep in mind that these steps (like the EDRM workflow) aren’t linear and may in fact occur cyclically or in parallel:

1. Preserve, preserve, preserve

Nothing is more important than meeting the initial preservation obligation, which begins when litigation is “reasonably likely” – as opposed to just when the complaint is filed.  This first step in the long journey can easily be a trap for the unwary/unprepared.

The challenge once you’re past the trigger issue is to then identify the boundaries of the duty to preserve, i.e., what evidence must be preserved?   This inquiry is often initially comprised of identifying key players, date ranges and data types.

Another significant challenge in this step is to monitor and update the legal hold process.  And, given that litigation more often than not spans years, it’s easy to initially succeed at the preservation effort, but then later fail on execution.  The best way to minimize risk in this step is to move quickly from preservation to collection.  See Is Preservation in E-Discovery Overrated?

2. Work backwards

Once preservation (and ideally collection) is adequately covered, the next step is to start thinking about the end of the process and what success (or lack of failure) looks like.  The exposure and profile of the matter are important to consider when you embark upon an e-discovery project since it’s critical to scale discovery efforts appropriately.

One thing, in particular, that is very important to consider early in the process is the type of production format that will be preferred by reviewing counsel and the opposition.  TIFF-based image productions (which are historically well accepted) are often pitted against native file ESI reviews.  Either format may or may not be acceptable given the situation and the applicability of FRCP Rule 34.

3. Understand the technical landscape

Most attorneys, but for a rare few, aren’t capable of really comprehending technical nuances of the complex and interrelated IT systems found at most Fortune 2,500 enterprises.  Fortunately, they are quite adept at working with experts (either consulting or testifying) to help them get to the bottom of difficult to comprehend and explain issues.  The key is find the right technical people who understand IT systems and who can explain it to judges, juries, and attorneys alike, especially for some of the most common ESI repositories like: email servers, archival systems, shared network drives, instant messaging servers, archival repositories (e.g., tape libraries, real time back-up systems, etc.), records management systems, knowledge management systems, proprietary, but highly leveraged, internal applications, offsite repositories (e.g., hosted IT or email systems) and significant partner or subsidiary data stores.  In many instances it will make sense to leverage or create a map of the data universe so that nothing is missed and inaccessibility arguments can be cogently detailed.

4. Get your lingo straight

Assumptions, whether in e-discovery or not, are often dangerous.  In the complex undertaking where multiple parties are handling ESI it’s critical to make sure that everyone is on the same page especially since every company handles IT, records management, ILM and information security differently.  So, when working with these disparate constituents the outset of an engagement is the right time to make sure everyone is on the same page.  Therefore, standardize on a set of commonly used terms. Examples of potentially ambiguous topics include “imaging” ,“archive”, and “records.”

5. Don’t assume your client will really be helpful

I’ve been involved with hundreds of e-discovery engagements and I’ve found that almost universally the end client professes a profound willingness to help out.  And yet, actual “help” is relatively rare.  To qualify this, it may be prudent to ask several additional questions:

• Does the Client have the time to actually help?  Everyone at the client’s site has a day job that they’re tasked with above and beyond transient e-discovery needs.  So, while bandwidth generally is important, what’s more critical is the ability to comply with aggressive judicial deadlines.
• Are the people helping the ones you’d want to see on the stand?  It’s often not realistic to have internal folks (especially IT and Records Managers) stay isolated during the various pre-trial events – meet & confer conferences and potentially 30(b)(6) depositions so it’s important to evaluate how a given witness will fare when providing testimony.
• How likely is it that you client would throw you under the bus if things went wrong?  In my opinion, there is now more reason for outside counsel to manage the risks of an e-discovery project going awry.  See, Sullivan and Cromwell’s suit against EED.  Some will wisely bring in 3rd party consultants/experts to have a neutral, unbiased constituent in the process.

6. Build a budget and team (internal/external)

Everyone is probably now aware of how expensive e-discovery can be if managed improperly.  This makes it all that more imperative to work quickly to get a rough sense of the scope (which will lead to a budget) and the client’s willingness to absorb associated charges.  The most important step is to right-size the e-discovery effort with the risks inherent in the corresponding litigation/investigation.  Otherwise, there’s a high likelihood that e-discovery process will be over-engineered (too expensive) or under-scoped (cutting dangerous corners).

7. Figure out your risk profile

Similar to right-sizing the budget, it also makes sense to adopt a “horses for courses” approach to e-discovery since there is no singular way to handle a given matter.  For example, in one case you make take forensic images, restore backup tapes, capture instant messaging data, harness metadata, or decide to do an automated review with a with a “clawback” provision. In either case, the only mistake is to assume that an approach from another, dissimilar matter is warranted in the instant case.

8. Assume the opposition is better informed than you are

While this actually may not be the case, it’s a safer bet that assuming a level of naiveté that may not exist.  What is certain is that the Plaintiff’s bar is increasingly well informed and can be very aggressive.  They’ve seen the playbook that calls for baiting the opposition into a discovery misstep that can result in significant, case altering sanctions.  According to a recent survey, 63% of the polled attorneys said that e-discovery is being abused by counsel, so it’s important to be wary initially.

It’s also important to consider the potential reciprocity of a given matter and adjust your position accordingly.  In many instances it’s easy to consider your role only as a producing party, but with cross/counter claims it may be possible to simultaneously be propounding discovery and in the opposition’s shoes.

9. Prepare for an early case assessment

A recent industry survey found that effective early case assessment (ECA) approaches reduced overall litigation in half of the cases evaluated, and resulted in favorable outcomes for 76 percent of the cases.   The key to this methodology is to use the available next generation case analysis solutions earlier in the process, not just to review data for relevancy and privilege, but to:

• Identify the key players. This is critical in order to have a defensible legal hold process
• Evaluate the posture of the case to determine how it looks on the merits
• Diagnose potential outliers in the e-discovery process to facilitate meet and confer discussions and help create “inaccessibility” arguments
• Conduct a search term analysis for keyword negotiations during meet and confer discussions.  Objectively demonstrating the results of proposed search queries can go a long way in speeding up keyword negotiations

10. Don’t take search for granted

For many attorneys, e-discovery search is just like Lexis or Google.  Unfortunately, that isn’t the case.  Instead, it’s become highly complex and is now receiving significant judicial scrutiny.  In Victor Stanley v. Creative Pipe Judge Grimm suggested that attorneys need to rethink how they’ve traditionally managed the search process:  “[F]or lawyers and judges to dare opine that a certain search term or terms would be more likely to produce information than the terms that were used is truly to go where angels fear to tread.”  It’s now important to devise (and share at early meet & confer conferences) a defensible search strategy that can withstand judicial scrutiny.

The recent announcement of $18 million in financing for PSS Systems got me thinking about preservation.  PSS is a provider of enterprise-class preservation and litigation hold management systems with solutions starting in, from what I can tell, six figures.  Nevertheless, this begs the question, why would a Fortune 500 company need such an expensive enterprise class software application to manage legal holds?

So, let’s start from the top…

With the advent of e-discovery during the last decade an entirely new class of evidence spoliation came into existence – i.e., situations where electronically stored information (ESI), particularly back-up tapes, could inadvertently become overwritten, lost, erased, etc.  In the good old days of paper-based discovery, there was certainly an opportunity for spoliation, but paper documents didn’t routinely become lost or otherwise unavailable, unless in extreme instances of intentional spoliation.  For a particularly comprehensive tome on this type of negligent spoliation, please see this excellent piece written by Judge Scheindlin (of Zubulake fame).

Accordingly, in the past several years litigators have had to learn and then re-learn the notion that the duty to preserve ESI begins once litigation is “reasonably likely.”  Unfortunately, this duty to preserve is fraught with a number of practical challenges, including:

• When is the duty triggered?  For example, the duty is in most instances certainly in place prior to a complaint being actually served.  But, as you move upstream from that crystalline moment reasonable minds certainly can differ about when litigation is “reasonably likely.”  EEOC claims, in the HR context, are a good example of potentially early trigger points.
• Then, assuming that the duty is triggered what must then be preserved?  Is it just the ubiquitous email?  Or, as is more likely, will an increasingly broad and voluminous set of ESI be implicated, such as loose files, instant messaging, blog posts (maybe this one?), mobile or PDA/handheld data, deleted but forensically recoverable files, etc.?

Those two thorny problems aren’t the only issues that counsel needs to deal with when they embark upon issuing a legal “hold” – the decree that instructs custodians of their obligation to preserve all relevant information related to the matter at hand.  But, the duty to preserve is only the start of the challenge.  This is where folks like PSS come in, meaning that they manage the potentially complex logistical tasks associated with hold notification, monitoring, and compliance.

Here’s where I start to have a problems with large scale, complex preservation efforts.  Let’s take a somewhat common example:  a multi-national enterprise is sued for misappropriation of trade secrets.  Even prior to the complaint being filed, plaintiff’s counsel issued a demand letter, which in some cases could be held as a triggering event.  But, in either case, once the complaint hits the GC’s desk the duty to preserve is clearly in force.   Let’s then say that in consultation with outside counsel they wisely embark on a set of interviews to determine the scope of departments/locations/custodians that may be reasonably implicated.  Then, following the synthesis of this information they issue a legal hold notice to 2,500 people located throughout numerous domestic and international offices.

Now, here’s where the risk comes in…   One thing is statistically certain with that number of custodians: the legal hold will not be followed to perfection.  If I were more mathematically inclined I’d say it could be reduced to a formula along these lines:

Legal hold compliance *decreases* exponentially as you multiply:

• The number of custodians
• The length of time the legal hold is in effect
• The types and volumes of potential ESI that may be relevant
• The presence of individuals who don’t want data to be preserved due to their own perceived errors/foibles/omissions

The answer, in my mind, doesn’t lie in a better mouse trap to manage the vagaries of the legal hold process.  No, the best way to take the risk out of the legal hold process is to move very rapidly from preservation to collection.

Once ESI is collected two main things start to happen:

1. Subjective notions about the universe of data (allegedly) covered by the preservation process can be changed into objective observations that the custodians really are the right ones.  For example, in the above example the 2,500 custodian list is again almost certainly not correct.  Since the decision process was made subjectively (likely without insight into the data) the custodian list is inherently either under or over-inclusive.  However, with the advent of early case assessment solutions, the preserving party can now quickly collect and assess an initial corpus of data to ensure that exactly the right folks are in the collection/preservation process.
2. Once the ESI is collected, the risk of loss, deletion, etc. will largely have been taken out of the equation meaning that the danger of spoliation is greatly reduced.

My belief is that the larger the preservation effort the more likely there will be gaps that the opposition can use as leverage.  Scaling up the preservation effort is only one way to skin the cat.  Instead, the better practice is to start small, collect quickly, and then expand collection efforts once your legal team has objective insights into the case data.

Yes, preservation is still important. But, biting off more that you can chew simply means a statistically greater chance of failure.

Technology companies are notorious for aggressive marketing, whereby they either announce products that do not exist or wildly exaggerate their capabilities. So when ZANTAZ announced its new Desktop Legal Hold solution alongside an image claiming that it can help you “become your company’s superhero”, I was naturally wary. Reading the press release only heightened my suspicion that ZANTAZ’s marketing department may be running ahead of its product development team. For example:

• The release cannot name a single customer using Desktop Legal Hold. The best ZANTAZ could do was quote a retired executive from BASF, who spoke about the potential value from this type of solution (not the actual value realized from this specific solution by a current customer);
• ZANTAZ makes a series of wild claims about the solution. My personal favorite: “Desktop Legal Hold automatically overcomes spoliation, obfuscation, misclassification and non-classification of important data” Need I say more?
• Desktop Legal Hold is not listed in the “Solutions” or “Products” sections of ZANTAZ’s website. Perhaps I’m missing something, but I can only find it mentioned in the press release.

All of this will be re-assuring in the short-term to Guidance, whose Encase product is the leading desktop collection and preservation tool. I doubt customers will be rushing to entrust something as important as their legal holds to ZANTAZ until the product looks more proven, and its capabilities are more clear.

That said, ZANTAZ has clearly signaled its intention to attack Guidance’s core market. ZANTAZ wants to make it easier for its customers to get data into its archives. And it wants a piece of the revenue in this market: from Guidance’s quarterly financials, if you deduct revenue from services and its e-discovery product, it looks like the Encase business is worth $30-35M per year in license revenue. That’s a meaningful prize for ZANTAZ.

It will be interesting to watch how this develops.