Kermit was right: It’s not that easy, being green

by Cary J. Calderone, Esquire

At a recent ARMA Golden Gate chapter meeting presenters gave real-life accounts of two law firms that had taken on the challenge to become “Green Certified.” Even if you do not believe Al Gore’s reasoning for going Green and that “the debate is over,” going Green may serve an unintended but very useful purpose. It is one more justification for updating the document retention practices and policies in your organization. One obvious and continuing hurdle to becoming document retention and electronic discovery (“Dred”) ready is the cost. IT, Legal, Compliance may need to make significant investments in new technology to better manage electronic data. Even if you have adequate hardware and software, employees may have to devote more time and effort to help the company achieve and maintain this goal. Even though it is less obvious, the work involved can be substantial and it may affect HR, IT, Legal, Compliance and every other department in your organization. Unless your company is currently operating with under-worked and under-utilized employees (LOL-very doubtful) the people in these departments already have full-time responsibilities and making the move towards Dred-ready means a lot of extra time involved in reviewing and updating retention schedules, policies and procedures. It would be nice to be able to dangle another reward carrot and justification for doing the work. Going Green can really help justify the cost and effort of this often arduous undertaking.

At this talk, I expected to learn of great new paperless approaches to records management but instead the “real-life” examples centered on trying to save paper by mandating duplex printing, while at the same time demanding that 100% consumer recyclable paper was being used. I was surprised to learn that this type of recycled paper can cost 3-4 times more than standard copy/printer paper. This conflicted with my stated purpose of using “greening” in connection with Dred to make it more compelling. However, from my perspective, pushing towards Dred compliant and avoiding most of the printing of electronic documents would make for a much “Greener” approach and avoids the issue of spending extra money for more expensive paper. I certainly can respect that law firms would have an awful lot of time, money and focus on paper, so firms in less paper dominated fields should find it easier to pursue Green Certification.

And, although I was hoping to learn about some new groundbreaking scanning technologies or other methods to avoid using paper, we all should recognize that paper will continue to fade away in importance as better electronic document and email management systems are adopted. These types of systems work pro-actively which is by far the best way to avoid the need to print and store information on paper. For example, the Federal Courts have used the Pacer system for electronic filing for a number of years. California law has recognized email is the equivalent of a “writing” since about 1998. California has been considering adopting rules simlar to the Federal Rules of Civial Procedure demanding that Electronically Stored Information ("ESI") is exchanged to perform litigation discovery. These changes to the law, and the practices that are modified to comply with these changes to the law, will continue to reduce the need to focus much time and investment on scanning and other paper management technologies. The obvious flip-side to this is that file and email management and archiving will continue to grow in importance.

Since this blog is focused on Dred, I will not bore or disgust you with the helpful hints about recycling and composting office waste for the achieving a rating of Green. It is always nice to avoid waste but in a word, yuck. And you thought keeping the company lunch area clean and odor-free was difficult before! Given the volume of articles written and the number of presentations scheduled at trade shows, one thing becomes certain; in this day and age going Green has become hip. In summary, I will close with more of the insightful and, as it turns out, prophetic lyrics sung by Kermit the Frog, “Green can be cool and friendly-like.” (For Kermit singing on you tube : ) . Read Full Article!

RSA Conference 2009-Mock Hearing and Appeal re: Spoliation of Digital Evidence

by Cary J. Calderone, Esquire

This was a treat. The Mock Hearing and Appeal, presided over by the Hon. John Facciola at the trial level and the Hon. Shira Scheindlin and Hon. Richard Kramer at the Appellate level, examined a spoliation challenge, its defense, and had an interactive discussion after the decision. It is very rare to get a chance to observe and learn about the decision-making process of any active Judge, let alone have veritable "rock stars" of electronic discovery, walk you through a hypothetical case and explain the issues as they rule, but that is exactly what the Mock Trial and Mock Appeal sessions provided. For those who do not have a legal background, all active Judges are governed by strict rules of professional conduct and must avoid "even the appearance of impropriety." This, in addition to the fact that they are monumentally busy, is why we seldom hear from these brilliant and experienced people on the evening news or talk shows. We are generally limited to reading their opinions and using them as precedent to argue similar case facts follow or can be distinguished from those previous cases. However, these mock trials are hypothetical and accordingly, the judges are at liberty to point out why the lawyers and witnesses won or lost their arguments. I implore anybody who is in the Legal, IT, Compliance, Records Management or Risk departments and, is in any way responsible for or involved in Records Retention or Electronic Discovery at their companies, to seek out this type of session at an upcoming conference and attend. Short of going into real court and observing (See Federal Court for Discovery-Be a Boy Scout) this type of presentation provides the best opportunity to learn why we are dealing with Record Retention Schedules and Policies in the first place.

In brief, the hypothetical involved an airline, who had an incident allegedly occur between a disgruntled passenger and an angry flight attendant. The airline had a document retention policy where handwritten Incident Reports from flight attendants would get entered into electronic format. Then the handwritten original would be destroyed. Also, there was a court ordered Legal Hold in place and the flight attendant shockingly had no recollection of the events that happened. It is not necessary to go through all the details that were discussed but a couple of important items relevant to Document Retention and Electronic Discovery are that: 1) Check to see if your company is actually following its Policy? Judge Scheindlin commented that "if you follow a policy that allows for routine destruction of data, before a duty to preserve it on Legal Hold arises, you are safe." 2) Is your policy reasonable or will it look like it is designed to eliminate any potentially relevant and/or harmful evidence? 3) Know your facts when it comes to claiming or defending claims of spoliation. For example, the Second Circuit does not require malicious acts. Mere gross negligence will be sufficient to justify an "adverse inference instruction" from the Judge.

At the trial level Judge Facciola ruled that the airline had disobeyed the Legal Hold when it destroyed the original handwritten document. Further, he found that the electronic version did not include a signature or an attestation from the flight attendant so the electronic version was not "complete" which violated the airline's own retention policy. He ordered an adverse inference instruction be given. An adverse inference instruction means the before the jury deliberates, the Judge explains that because this evidence was destroyed they may assume that it meant it was evidence harmful to the airline. Not good for the airline! On appeal, the panel overturned the lower court and found that given it was negligence and not malicious acts, the adverse inference instructions was too harsh and monetary sanctions would be more appropriate. Better for the airline, but they did not discuss the amount of the sanctions so it might not have been that much better.

When I expressed my condolences to Judge Facciola for getting reversed by the mock Appeal panel he said that he was very confident that the Appeal would have been reversed back in his favor at the mock Supreme Court level. :)

Panelists: Honorable John Facciola, United States Magistrate Judge
United States District Court for the District of Columbia
Honorable Shira Scheindlin United States District Judge
United States District Court for the Southern District of New York
Honorable Richard Kramer San Francisco Superior Court Judge
Stephen Wu, Esq. Partner Cooke, Kobrick & Wu, LLP
Hoyt Kesterson II Consultant
Randy Sabett Attorney Sonnenschein Nath & Rosenthal
Joseph Burton Attorney/Managing Partner
Duane Morris LLP
Moderator and Counsel for Mock Plaintiff: Steven Teppler, Esq. Senior Counsel Kamber Edelson, LLC
Read Full Article!

"Reasonable" is graded on a scale

by Cary J. Calderone, Esquire

The Silicon Valley chapter of ARMA International held an ITRIM (Trim your data) one-day conference recently and I was fortunate to attend the lunch panel discussion. The panel members, Grant Law, Esquire of Shook Hardy & Bacon, Nathan Walker, Senior Technical Marketing Engineer of NetApp Corporation, Lisa Ripley, CISSP, Electronic Discovery Manager of Sun Microsystems, Inc., and Greg Lipptez, Esquire of the Jones Day law firm, gave brief presentations covering many familiar data retention and electronic discovery ("DRED") themes: 1) You will get sued therefore having a Data Map that explains what you have and where you have it is critical.. 2) Legal needs to be able to listen to IT and vice versa.
3) There is a constant struggle between lawyers who prefer to keep very little data and IT personnel who keep as much as possible. 4) Too many organizations have too many employees who are “surprised” to learn they actually have a record retention policy (and this is especially bad when their legal team learns of this fact during sworn testimony). And finally, 5) the law requiring what you need to keep, is not static, it changes. While it is nice to know that concepts that I have previously covered in this blog are out there being discussed and adopted by more data managers and professionals, I would almost have declined to write about the discussion but for one really great quote from Nathan Walker. Answering a question on "how best to avoid getting into trouble" with the production of Electronic Discovery for Meet and Confer conferences and motions to compel hearings, Nathan said: “The more you appear to know what you have and where you have it, the more your threshold for “reasonable” goes down.” This comment was cheered by the audience and maybe the best simple explanation for why Records and Information Managers, IT, Compliance and Legal departments need to make retention schedules, train people to follow them, and continually monitor them. To paraphrase the famous Billy Crystal character Nando, on Saturday Night Live, when it comes to electronic discovery, it is more important to appear to “look absolutely marvelous” than actually "feel absolutely marvelous." Bottom line-it is always best to know what you have and where you have it. Read Full Article!

Industry Blurb Follow Up: Symantec Discovery Attorney Annie Goranson

by Cary J. Calderone, Esquire

Last summer I commended the move by Symantec Corporation to create a Discovery Attorney position in their Enterprise Vault applications group (See, Smart Move by Symantec). From my own personal experience, the often used phrase, “bridging the gap” does not adequately describe the lack of understanding between the Legal and Information Technology departments. In many organizations, the “gap” looks more like the Grand Canyon. After applauding the fact that Symantec recognized that someone with a legal perspective, Annie Goranson, could be a useful addition to a technology team, I wanted to take the opportunity to discuss some real world experiences with her. After all, she has now served in the position of Discovery Attorney for approximately eight months and indicated she was ready to describe some of her findings, both good and bad, learned from her attempts to help bridge the gap between Legal and IT.

Calderone: Why was the position of Discovery Attorney created? Goranson: It was determined that there was a need to add an electronic discovery educational resource on the sales side to better explain general legal issues around email archiving and the e-discovery process. In the past, before e-discovery was the driving force, sales was driven by IT and Legal was out of the loop. Now that has changed. Legal may be the driving force for the sale, and legal compliance is a critical component to satisfying the customer with their implementation of Enterprise Vault.

Calderone: What interested you in the position? Goranson: I thought it would be fun to help customers understand the bigger issues and the different ways they might accomplish their goals with Enterprise Vault. I also wanted to help the sales team understand some of the bigger legal issues as well.

Calderone: Any general comments on what you learned working with customers? Goranson: While they often ask about “Best Practices” around legal compliance, in reality there is a huge range of sophistication in the way technology is used and employed from customer to customer. This depends on how the legal department is structured and the frequency with which it is involved in litigation or investigatory matters.

Calderone: What surprised you the most in dealing with customers? Goranson: Many customers just think it is a good idea to keep everything forever. They are really afraid to delete something they may want to look at in the future.

Calderone: What retention or electronic discovery issue was present most often? Goranson: Customers really struggle with retention requirements questions. They would like a simple Best Practices answer but I cannot answer that for them. We try to raise issues that should be considered, but at the end of the day, every organization will have unique considerations, so we refer them to their own Legal Departments or outside counsel or e-discovery consultants to develop their processes.

Calderone: Any other issues you noticed frequently? Goranson: Having good Legal Hold processes is a big driver for email archiving, due, in large part, to the many court cases in the news recently where there were big discovery sanctions awarded. But, similarly to retention practices, customers may not realize that good Legal Hold strategy is about the tools, the processes, and the training, and not simply having a written Legal Hold policy.

I wish to thank Annie Goranson, for taking time to answer some interesting questions and to provide her perspective as a Discovery Attorney, to this Document Retention and Electronic Discovery blog. Her opinions are a welcome addition to the insights of others (not just my own) that have been published here. Read Full Article!

A Shout-out to Records Managers: Don’t forget the lecords and becords

by Cary J. Calderone, Esquire

No, this was not an attempt to increase my Blog’s page visit time by using a few strange typos in the title. Rather it is my well-intentioned plan to add some new words to our Electronic Discovery language. Records managers have been using the term RECORD for decades to separate a mere copy, draft or scribble from an important company document that needs special attention. The RECORD copy was subject to retention schedules and possibly higher security and archiving protocols as well. Non-RECORDS were largely considered unimportant. Two things have changed to make Record and Information Managers' (RIM) jobs a bit less fun.

Firstly, we have the introduction of the desktop computer as an office productivity tool and with it, email. RECORD and Non-RECORD distinctions simply do not work very well with email. For example, does an email that has a RECORD attached to it, or a copy of a RECORD attached to it, and may discuss the subject matter of the RECORD, get the same treatment under the Retention Schedule? Secondly, the lawyers got involved (do we ever make things any easier?) and have been directed by State Courts and the Federal Rules of Civil Procedure to work with Electronically Stored Information (“ESI”). To the Courts and the litigants what is important is not whether an email is a RECORD or non-RECORD but whether it might be a “business record” or “legal record.” If it falls in either of those two categories a company may need to preserve it as part of its reasonable computer record keeping practices. This is especially true when a particular industry is highly regulated or the company is preserving data pursuant to a Legal or Litigation Hold. Hence, I thought it was time for newly invented ESI Retention words to use because when legal discovery documents refer to “Records” they mean lecords (legal records) and becords (business records).

These new words work well with the modern rule that says anything that documents how a company makes business or legal decisions, i.e., lecords and becords, are determined by content and not whether they are a word document, an email message or an old fashioned piece of paper. They may even include telephone voicemail messages that are stored on a computer or PDA. Also, lecords and becords may include all copies that appear to be identical and previously would have been distinguished and separated from the RECORD copy but now need to be treated as potentially important evidence. Sometimes this is because of the content and the distribution list, but other times copies may be important because they contain hidden meta-data that reveals things like who opened or edited the document and when. The world of RIM was never designed to capture this type or volume of information. Even a separate log document to determine who checked out or edited a RECORD will not work nearly well enough.

Moreover, thinking about lecords and becords helps one to understand why an Instant Message, where one co-worker asks another co-worker out to lunch might be important enough to keep. There is not RECORD category for seemingly innocent chit chat between co-workers. There is no Retention Schedule covering Instant Messages about lunch dates. However, if the message said, “want to get together for lunch to talk about why we might miss our quarterly numbers” it may certainly be considered a becord. Or, if it was the 4th IM from the same employee asking out another employee who complained to a supervisor about sexual harassment, then it would be a lecord. As a becord or lecord there could arguably be a duty to preserve these messages, even if according to the rules of RECORDS and non-RECORDS and the Retention Schedule, these messages do not merit special attention. By thinking about becords and lecords, a company can stay a little safer. I have used both these examples with Records managers to illustrate my point, and while they do not necessarily like the new perspective, and obligations it creates, it does make sense to them given our usage of email and IMs.

In my dealings with Records Managers, this has been a very difficult distinction to comprehend and appreciate. I understand their frustration and hope that the idea of RECORDS, lecords and becords may make their jobs easier. I want to keep Records Managers involved in the retention management process because there is nobody in a corporation, who has more experience tagging and organizing information. True, the tagging and organizing processes have changed from paper to the new world of ESI, but I believe RIMs will be the most important part of the solution moving forward.
Read Full Article!

How to Modify a Form Data Retention Policy for Your Company's Use

By Cary J. Calderone, Esquire

Do you have a Records Retention Policy (“RRP”) form we can work from? Without question, this is the most frequent favor request from friends and associates and occasionally, even from relative strangers. So this article explains five steps to follow to take some other company’s form and make it your own without having to use an attorney, like myself, or a reputable document and management or eDiscovery consulting firm to assist you in the process.

1) Start by finding a form that might be a relatively good fit. While RRPs all generally look similar and contain descriptions of computer content and timelines for retention, the ideal situation would be to have a form from someone in your industry that is about your size, with offices and products that cover the same legal jurisdictions. Also, they should have about the same technology as your company. Some may consider looking at forms used by a competitor.

2) If it is well written and thorough then you will need to make sure your other company documents that may overlap with or refer to information in this form, conform to it. Check your employee manuals, your technology, Email, Instant Messaging, PDA and cell phone policies to make sure they are consistent with the language of your new RRP. If not, you may need to acquire copies of those documents from the same source as the RRP. Also, be sure to replace the custodian names from the source document with the people from your company, who are likely to be called as witnesses and placed under oath to verify that the retention procedures are regularly followed. Be forewarned, some of your co-workers may feel uncomfortable with accepting this new responsibility.

3) Upper management needs to sign off on your new documents. The CEO, CFO, General Counsel and other high-ranking executives will be the ones who may face criminal penalties if the new policies do not pass muster in a court or audit proceeding-so get their signatures. Caution-they may not really want to know all the details of the source of the new RRP.

4) Now that you have your policy paperwork in order you need to make sure all the employees will understand and follow it. This may involve re-arranging your company’s current data file structure on the network and any current retention and records review habits, but it is a necessary step. It would also be preferable if you have the same archiving and backup procedures to match your form.

5) Warning Warning Warning. Now that you have saved money by modifying someone else’s forms all you need to do to complete the procedure is protect against the following missteps: a) Your company’s software applications must work the way the source company’s do. So if your applications are less capable you will need to purchase upgrades, or if you have better software, you may need to disable some of the features to comply with your new RRP. b) Check that your electronic storage also matches in capacity and security features, otherwise, follow the same routine as for software and upgrade or disable accordingly. c) Make sure your business group leaders understand that any growth plans or upgrades may need to be delayed unless they match those of your source company. d) Always a good idea to check your source company to find out if the form you have borrowed was successfully tested in court and did not lead to sanctions of a few million dollars. e) If it was tested in court than verify that the source company is the source company and used best practices to develop their Policy. Otherwise, it may have been copied and adopted from a dubious source and not be all that great a starter form. f) Lastly, make sure you do a very good job with search and replace for the source company and your company’s name because there is a good chance that this policy form contains confidential and privileged and/or trade secret information that may make it a crime for your company to have it in its possession. This would be especially bothersome if the form did come from one of your competitors.

In conclusion, my writing approach for this post was in honor of the late professor Dr. Randy Pausch who’s YouTube video, The Last Lecture, made him a celebrity. In following with his style of teaching, did you catch the head-fake? This was not really a way for you to work off somebody else’s form but rather a list of real-world reasons why you should not even attempt it. Records Retention Policies and Legal Hold Policies are like fire escapes and exit procedures for emergency evacuations. They really need to meet the needs of your particular building, layout and people. This is simply not an area where cookie-cutter form documents will do the job very well, if at all. Read Full Article!

Industry Blurb: Smart Move by Symantec

by Cary J. Calderone, Esquire

Symantec has made a very interesting move in creating a new Discovery Counsel position to work with the Enterprise Vault team. Annie Goranson, an attorney from their legal department, has been promoted to this position. She will work with the Systems Engineers and Enterprise Vault clients to help with system design and implementation. This is a bold strategic move in an effort to address....
the legal issues around email archiving that typical Systems Engineers and consultants can not or may not handle. Her real-world e-discovery experience should help Symantec keep their people operating within the rules that prohibit non-lawyers from practicing law while providing clearer advice to the customers who want to use E-Vault to be better prepared. I would not be surprised to see other companies in the electronic information management space follow suit and utilize more knowledgeable legal personnel to avoid potential problems in this area. While we lawyers do deserve some of the criticism directed at us, sidestepping legal traps and distinguishing critical legal facts and issues is not usually handled best by sales people and systems engineers without extensive legal backgrounds. Score one for the lawyers! Read Full Article!