December 21, 2010

Judge Richard A. Kramer comments on the California Electronic Discovery Act, one year later

by Cary J. Calderone


This blog covered the California Electronic Discovery Act (CEDA) when it was signed into law, more than a year ago. Now that a fair amount of time has passed, we may wonder whether it has helped, hurt, or had any effect at all on discovery proceedings and litigation in California state courts? To find the answer, I went to the Honorable Richard A. Kramer to ask his opinion.  Judge Kramer's department handles Complex Litigation for the Superior Court and he is nationally known for his rulings on same-sex marriage. However, I selected him for this piece because I had the pleasure of listening to Judge Kramer speak about electronic discovery and in particular, his practice of requiring litigants in his courtroom to agree to a “bring your geek to court day.” He is one of the most knowledgeable judges on the current issues surrounding electronic discovery and this makes him one of the very best sources for follow-up comments on the CEDA. After 3 weeks of pleasant, yet persistent pestering, the Judge was able to speak with me on Friday December 17. Here is the interview:

Calderone
: More than a year has passed since CEDA was enacted and signed into law. Have you noticed any changes? Can you say if attorneys and litigants are better or worst prepared to handle electronic discovery?
Judge Kramer: No difference. The attorneys who were familiar with the discovery of electronically stored information before, still are. And, those who did not understand it, still don't.
 

Calderone: Has the general understanding of what is necessary to comply improved?
Judge Kramer: The CEDA clarified a few concepts and some of the issues with electronic discovery. The law really did not change but those attorneys who were not very techno-savvy have now at least heard of the concepts and definitions. So perhaps there are fewer who look like a deer in the headlights when we discuss these matters in Court.

Calderone: Has anything with electronic discovery gone from bad to worse? Are there more disputes and accusations of inadequate production?
Judge Kramer: No difference under CEDA. The Court already had and has broad powers and discretion around discovery matters to protect the parties. If I could give one bit of advice to attorneys it would be, "if you don't know, fess up!" Do not make up unsubstantiated claims of cost or not being able to access the data.

Calderone: Can you comment on whether certain subject matters or types of litigation have had more or fewer issues with electronic discovery?
Judge Kramer: No difference.

Calderone: Where would you like to see continued improvement? Could the Act be clarified? Are lawyers still lacking in their understanding in some specific areas?
Judge Kramer: The CEDA is fine. It did not really change any law, just clarified some of the issues.

Calderone: Do you have any other particular hopes for the continued evolution of electronic discovery in litigation?
Judge Kramer: I would like to see attorneys subscribe to the Sedona Cooperation Proclamation, be more cooperative, and be more like a geek. A geek is the person who, when asked to fix your computer, he starts doing it. He is not always able to fix the problem completely, or, give you exactly what you ask, but the geek gets started and makes progress. Attorneys need to be more willing to indicate what they can do and can provide, instead of just claiming “it can't be done” or "it will cost a million dollars!" Eventually a smart geek on one side or the other will probably prove the attorney wrong.

In closing, let me express my great appreciation, respect, and gratitude to Judge Kramer for taking time from his busy schedule to speak with the DredLaw.com blog simply to help us better understand the CEDA and the state of electronic discovery in California today. In return, we hope that a few more of those attorneys and litigants who enter his, and other courtrooms in the state, will be a little better prepared for electronic discovery.

December 20, 2010

Breaking tradition-A review of my Asus Eee PC netbook, a great tool for the Cloud

by Cary J. Calderone

Over the past year and a half I have written about the move to the "Cloud" but covered primarily the Cloud providers and the move to hosted applications.  Now, as I sit typing away on my ASUS netbook, there is another reason to move my data skywards. This computer is so small, sometimes I have trouble finding it on my cluttered desk and I worry about leaving it behind at the coffee shop!  I would not feel safe carrying this around unless my data was stored someplace else, like the Cloud.  Let me disclose, I have no connection to ASUStek Computers, Inc. or ASUS.  I do not want to start reviewing hardware and software products or become the Walt Mossberg of the West. While many of you may not recognize the ASUS name, I know it to mean quality computer components. I used ASUS motherboards when configuring clone desktop computers in the 1990s but I have not been in that business since 1999.  Since an article I wrote in 1995 for Law Office Computing Magazine, I have not reviewed a hardware product.  So,why am I breaking with this tradition?  Because this netbook was inexpensive (under $400), surprisingly powerful, has an advertised 10.5 hours of battery life, and I love it!
 

Back when I reviewed the first “component laptop” with upgradeable features like RAM, micro-processor and hard drive, upgradeable meant it could serve you longer before becoming obsolete.  This could save you money. From today's perspective, 1995 was still the dark ages of laptop computing.  Think about a weapons dealer describing how effective his pointy stick would be back in 1995, and today describing the range of unmanned drones equipped with missiles. That is what the leap feels like between my review of a $2100.00, 386 20 Mhz Kiwi laptop then, (abstract of the article here) and this ASUS Eee 1005HA model equipped with an Intel Atom N280 1.66Ghz processor now. It also has a quiet 250G hdd, and the typical built-in networking and USB ports.
 
Pros
  • It has worked reliably for a year. Yes that is correct. I purchased this unit in December of 2009. So this is not the typical review one week after somebody gets their new electronic toy and is in the honeymoon phase. I used this netbook almost every day for the past year.
  • When I blog at a conference, the battery lasts me all day. I never have to worry about finding an outlet or resorting to paper and pen. I know I have used it on battery life for 8 hours before running low.
  • Unlike an iPad, I can use it like any full-sized laptop. It can sit on my lap, on a table, or, on the counter at the coffee shop. I felt I had the superior work tool while I typed on my Eee netbook while sitting next to someone whose iPad was teetering precariously on the multifunction cover/stand and would fall over frequently while he was reading it. My netbook stayed put!
  • Touch pad controls to scroll, zoom or shrink fonts and pages depending on your mood. (Think of shrinking or enlarging your view on an iPhone or iPad simply by moving two of your fingers closer or further apart) How do I know I like this feature? When I am on my full-sized laptop connected to my desk monitor, I find myself trying in vain to use this feature and it does not exist on my other computer. Fortunately it usually only takes a few seconds of trying before I realize this, and then I think fondly of my netbook.
  • The keyboard is large enough to type on. Some netbooks really make your fingers feel cramped.
  • Inexpensive and free offerings for cloud storage for your backup or data. Nice to have for those who have not yet tried other cloud options.
Cons-
  • Better video resolution would be nice but if it shortened the battery life too much, I am not sure I would like the trade-off. 
  • Tried video chatting and it worked, but was not even close to a typical desktop video chat experience. Will look to see how newer Eee models can improve this.
  • When it is not plugged in and is working in battery mode, it is noticeably slower. Once again, this has to be balanced against increased battery life.  
  • It took a while to get used to the touch pad features that I now love. When you have fairly large hands, you may have one or more pieces of your hand or thumbs accidentally touching the touch pad. So it is occasionally frustrating to be working and have an unexpected zoom or shrink of the page.
On balance, I had high hopes for this Eee PC, and they have been exceeded.  It proved to be a fantastic tool that helped me work more effectively and efficiently, in the Cloud.

December 17, 2010

What's that up in the Cloud? It's better infrastructure by EMC Atmos

by Cary J. Calderone

In a follow up to a few other posts on Cloud computing I am happy to report that EMC has been focusing on improving your Cloud experience. Their latest Atmos Cloud Delivery product line will enable Cloud providers to meter and provision Cloud usage. How does this help you in your DRED work?  As mentioned in my previous Cloud articles, Cloud providers, even the biggest names, have had a difficult time avoiding bottlenecks and slowdowns as Cloud usage grows. (What's that up in the Cloud?) They have not been able to adequately anticipate or control how and when some users will over-burden their equipment and cause a slowdown for all their Cloud users. If Atmos works as advertised, it will go a long way towards eliminating one of the biggest concerns companies face when considering a move to the Cloud; "will it work fast when we need it to work?"
Up until now, the Cloud providers have not been able to sufficiently monitor (and report) usage and data flow statistics. So they were faced with the very challenging task of trying to persuade a company to move to the Cloud while they could not actually show that availability and throughput would not be a recurring issue. Now with better monitoring and provisioning tools available, Cloud providers should be able to offer better availability and more reliability to their new and existing Cloud customers. Readers of this blog may ask, "who is EMC?"  Well, EMC is the largest providers of data storage technology and I would put in the category of a company like Cisco Systems. Even if you have not ever heard of them, if you use a phone or computer on the internet, then you use EMC products.  This is good news for the evolution of the Cloud.

November 19, 2010

Follow Up Conversation with Don Skupsky. The offer I couldn't refuse

by Cary J. Calderone, Esquire

After my last blog article, I wanted to follow up and share some of the items that I discussed with Donald Skupsky, JD, CRM, FAI, MIT, after his presentation.   It seemed like we had very different ideas on email management best-practices for organizations.  Just to be fair, open and up front, I shared my concerns with him and in typical fashion, once we had a more in depth discussion on the issues, it turns out we agreed on quite a bit.  For example, we agreed that most employees keep far too much email. 

The numbers he presented estimated that only 5% of email actually includes content substantial enough to be considered a Record.  I would add a few more percentage points for material related to Records. He also explained that there are some companies, a few, that do have a policy to tag and keep business record emails and have the rest deleted in 30-45 days, and they have been successful in defending their practices. They use a folder for Work-In-Progress but the main inbox gives the user a very short period of time to decide if an email is a Record, and then to move it to another location or repository for safekeeping, otherwise, it gets deleted.  There are a few companies that purport to use this policy, but I sure would like to see if they actually adhere to the policy in sufficient fashion to have it withstand legal scrutiny.

Mr. Skupsky also believes too many companies use a fall-back policy where they end up keeping pretty much everything, and this is a terrible practice.  I have witnessed this policy in action quite a few times. One company kept so much electronic information that when they needed to search its email archive, they were limited to 4 concurrent searches and it would take upwards of 12 days to get the first search results back. Not a very good system for Early Case Assessment or a Litigation Response team, to be sure.  So we both agree that when it comes to email, keeping everything, is a bad policy.

Ultimately Mr. Skupsky described himself as a bit of a devil's advocate.  By challenging a company with a 45 day email deletion policy, he believed it was more likely that ultimately, even if they would not agree to 45 days, they would agree to a relatively short deletion period of 6 months or a year.  He explained that if they were not challenged early, so they had to act to manage their email, users always defaulted to retention periods that are too conservative and too long or, they never take any action at all.  The end result would once again be email inboxes that are not managed.  His position is that if they are not going to manage it, then they are better off not keeping it.  So, while I cannot argue with Mr. Skupsky's goals, I will still persuade my readers to consider employing a different tact.  I prefer to suggest simple and straight-forward policies and guidelines that will help them eliminate upwards of 50% of their non-record and non-business related email quickly.  Too many users have stated that they would love to delete many emails but they were not sure if they could or should, so they kept them all.  Mr. Skupsky and I are both shooting for keeping less mismanaged information, but my method is likely to err on the side of keeping more business emails rather than fewer.  The lawyer in me wants you to keep information that may help us understand your case.  Is it a perfect system?  No.  But making users affirmatively move Records, to safeguard them from deletion seems riskier.  After the first 50% is removed from the inbox, we can then work on managing the next 30-45%, which will likely be more challenging, but can be better managed with some department and function-specific policies and procedures, and perhaps some of the great new search and management tools that are available.  Either system correctly employed and monitored will reduce a great deal of email clutter.  And, this, in and of itself, will provide a huge cost-savings for the over-stressed IT department.  It will also enhance any Litigation Response program that needs to address eDiscovery.  I just want to be more comfortable that the Litigation Response team will find relevant information on their own servers, before they see it produced by an adverse party in litigation!

My approach comes from the basic belief that the use of technology is critical to an organization's success and they must keep up with new productivity features to stay competitive.  So, I want to allow for expanded usage, and less effort to manage that usage.  Mr. Skupsky believes records retention practice actually can help support the use of technology too.  He just abhors mismanaged data growth.  So while on the surface we agree, I lean toward recommending any Retention and Records and Information Management policy will be flexible enough to be updated, and amended to reflect the ever-changing needs of the users.  And, whenever possible, allowing the users more use of the data and any new technology enhancements.  The new reality is many companies are now contracting and performing other substantial business functions via email, electronic exchanges, and even Social Networking sites.  So if the RIM program is too limiting on the use and retention of electronic data, it runs the risk it will become impossible for employees to follow it thereby making it irrelevant. The days of following simple static rules that worked fine for slow moving paper are gone.  It is time to keep up with email, Facebook, Twitter, and whatever may come next.

Special thanks to Donald Skupsky, for taking the time to consider and respond to my comments.  

November 11, 2010

ARMA Session-Retention for Electronic Records-Or, Don Skupsky, some of your tips should sleep with the fishes

by Cary J. Calderone, Esquire

Donald S. Skupsky, JD, CRM, FAI, MIT is certainly one of the most respected and recognized Records Management thought leaders.  If he is not the Godfather of Records Management, he is certainly a Godfather.  His book/treatise is still the foundation for many corporate Record Information Management programs.  However, coming from my background as a lawyer and IT consultant, (see blog post "Who are you talking to?") some of the RIM ideas he presented in this talk are really not applicable in the 21st century world of managing electronic data.  Case in point, he suggested companies have a policy to delete email after only 30-45 days?  Whoa!  This is really not a "best practice" for most companies.   Let me explain.  

When I started helping companies update their RIM programs and become DRED ready, I found some challenges with the old guard Records Managers who cut their teeth, and perhaps their fingers, on paper. The drill was, declare a Record, protect it for the retention period and shred the other convenience copies.  Simple.  As readers of this blog already know, there are many reasons why this approach no longer works for email and other fast-moving electronic forms of communication.  (see Shout out to Records Managers)

While Mr. Skupsky has expanded on his original definition of what is a "Record" to allow companies to define it to include various electronic forms, at other times during his presentation, he seems to completely forget the main reasons companies have and use technology.  For example, let's consider his suggestion of as little as a 30 day retention period for email.  Under his 30 day policy, users are supposed to take any email that qualifies as a "Record," (defined by the company policy) and move it to another document management system or, print it out for safekeeping and storage.  Even if your company does not already have a specific legal requirement (like SEC 17 a-4, or Sarbanes-Oxley) to retain email communications, there is a very good chance employees who use their email as a work productivity tool have a habit of keeping them for later reference for at least a year or two, if not forever.  Can you imagine how many people would not bother complying with the rule if it meant moving only select "Record" emails to another system or printing them out for safekeeping? 

In today's world, employees are using search technology, like Google Desktop and other search engines and crawlers, to mine their own electronically stored information for answers.  It is a basic form of Knowledge Management and in many cases, a major productivity enhancement.  So, if you have a 30 day deletion rule, and nobody wants to follow it, chances are, they won't.  Which means you will end up with a policy that ultimately shows at least one part of your RIM program is a sham.  Not a good move if you end up in litigation someday.  

Moreover, even if the 30 day policy is supported enough to pass a test in a discovery dispute in court, it is still not advisable.  What about your early case assessment needs?  Email that might be critical to determine if a potential matter has merit, may be deleted from your servers, but it will likely still be in the possession of your potential adversaries.  Or, perhaps it was printed out, or kept in another management program.  How many hours will it take to retrieve and review those stored emails?

Even assuming your employees are willing to perform all the extra work to print and/or move those potentially critical emails, some of them may have content that would show that your employee(s) made a mistake.  How much effort will your employee(s) expend to store, search and retrieve those darn emails that may show they should be terminated?  I would bet that at least a few employees might just let those pesky emails get deleted after 30 days and hope for the best.  Once again, the result is potential discovery trouble for your company.

While I appreciated much of the presentation, it was a little bothersome to hear Mr. Skupsky's dismissive description of "groupware tools" which he "does not like."  In the tech industry these might be separate development applications or wikis or even Instant Message comment threads.  Does Mr. Skupsky believe that all of these amazing advances in the area of software and collaborative development will just go away because they are difficult to track and maintain according to a simple Records Retention Schedule???   I am betting the answer is a resounding "No."  These will be distributed and used and even more tools will be invented.  And, realistically, this will be so even if these tools make records management, more challenging.  Facebook, Twitter, and Cloud applications, may make managing records more difficult, but they are not going away.  We have to learn to proactively manage them.

I understand and respect the established industry protocols and efforts of any company in maintaining a working RIM program, but without a better understanding of how and why the new technologies are employed, creating "dream world" easy-to-manage electronic records policy, is not ultimately going to be productive, and may cause very serious issues in an otherwise well-intentioned RIM program. 

I could not argue against some of his ideas without giving Mr. Skupsky a chance to explain himself, so I spoke with him after the session.  The next blog post will cover our discussion.   

November 10, 2010

ARMA Show-A couple of useful new products and upgrades for your DRED project

by Cary J. Calderone, Esquire

Here are a few interesting product offerings I noticed at the ARMA Show this week.  This is not a product review.   I have not tested the products but just looked at their demonstration modules.   However, I like to point out when I find a product that can and will fix specific challenges for many companies.  The two products I noticed come from,  Page Freezer, and ZL Technologies Inc.


Page Freezer  simplifies the task of maintaining and tracking copies of your website and other online representations and communications.  In my experience I have found many organizations need or want to keep copies of their website information and twitter feeds.  These may include representations of service or product features and sometimes they must be tracked in order to comply with a Public Information request or Legal Hold.  Either way, it is difficult to keep and track a website that may be updated daily by many different departments and authors.  Who is responsible to archive all the changes?  Page Freezer can automatically archive selected pages or entire websites on the fly according to the rules you setup. The product also tracks Twitter updates and supposedly will be able to archive Facebook updates as well.  I know quite a few organizations that would like to be using this tool right now.
ZL Technologies Inc. has added new features that allow its customers to "manage in place."  Many companies operate internationally, and are faced with very challenging and frequently conflicting laws concerning email communications and electronic data storage and retention management.  ZL technologies has added features that will allow its users to archive and manage electronic data in place, even in a location like Japan.  There are many solutions that can managing data in the US, especially when it is all in English.  But when information is collected from many places and in many languages, there are extra challenges to the solution, and there may even be prohibitions against moving some types of data, i.e., across country borders.  In these instances, managing in place can be a most useful feature.   Many companies have tried to move all the electronic data to one central  location, to be managed according to one set of rules.  Not only does this mean potential bandwidth and regulatory problems, but how many people in your main U.S. office can read and manage information that is in Japanese or some other language?  Usually, the answer is nobody.  So you have moved the data away from the very people who are most capable of managing it because they can read it and know the local rules that apply to it.  ZL Technologies is trying to give you, a better way.     

November 3, 2010

Computer Forensics Show

by Cary J. Calderone, Esquire


I was able to spend limited time at The Computer Forensics Show in San Francisco this week. I understand when a show is debuting in a new city it may have issues, but the acoustics at the Herbst Pavilion at Fort Mason were pretty awful and, I am not the only one who noticed. It's too bad because the show did have some very good speakers and covered interesting DRED topics. Still, it was challenging to enjoy their presentations due to the acoustics.  Background noise notwithstanding, here are a few highlights:

Dean Gonsowski, Vice President, e-Discovery Services at Clearwell Systems, presented "Compliance in the Cloud and the Implications on eDiscovery. He provided a very nice overview of many issues that need to be considered when looking for a solution in the Cloud. Even when I asked about a tricky issue, i.e., "what to do when your data may be co-located across international borders?", he provided a thoughtful and practical approach. He had other terrific "checklists" to use when you look at Cloud solutions, but I am not listing them here. You'll have to see one of his presentations yourself.

I also enjoyed the session run by Michael Glick, Vice President of Encore Discovery Solutions "How Advances in Modern Electronic Discovery Practice are Changing Commonly Held Notions About Conflicts of Interest." He described the advantages to litigants following the Sedona Conference Cooperation Proclamation and waiving some potential conflict issues, and cooperating with adversaries during electronic discovery. There area even times when using a single provider and platform can save everybody money and hassles. I asked if Encore had protocols conflict checks for their eDiscovery clients? Much like lawyers and law firms, Encore follows high standards and protocols to ensure they do not represent parties with adverse interests. Pre-engagement conflict checking is too often an afterthought with some consulting groups in the DRED space and it shouldn't be.

On balance, I hope that this conference grows, finds a better location, and returns to San Francisco next year. If they continue with legal tracks that include good DRED discussions, I will attend again.

October 28, 2010

Attending the Computer Forensics Show

by Cary J. Calderone, Esquire
 
I will be checking out The Computer Forensics Show Nov 1 and 2 at the Fort Mason Center right here in San Francisco. (You know San Francisco, where the Giants play World Series baseball...) It is my first time attending this particular event but I expect it to be worthwhile. As my readers know, there is a very important relationship between DRED and computer forensics, so I will observe the legal tracks and hopefully learn more about when and what specific factors trigger forensic investigation, and how forensic tools may be used proactively, to avoid pain and greater costs later. 

Given some of the panel discussions they have scheduled, I am sure I will find some "blog-worthy" material.

October 26, 2010

Who are you talking to? You talking to me?

by Cary J. Calderone, Esquire

Here comes a little rant.  I try to be nice, really I do.  But it is very frustrating when my energy and efforts to help a client are thwarted or, challenged by more aggressive and "less informed" consultants and sales representatives posing as consultants.  Attorneys, sales reps and consultants usually have different education backgrounds, different experiences, and different motivations.  So I wanted to devote this blog post to summarize and distinguish these three professionals who may be employed to assist you with your DRED project. 

First, there is the sales representative who makes some or all of their salary by making a sale.  They have to get you to say "yes" to their product or service in order to earn their commission.  Accordingly, they are not the most motivated when it comes to telling you how their product might fail you or how over-simplified their "form data retention policy" might be.  Most seasoned customers recognize the motivation of the nice and helpful sales rep and view their information as potentially inaccurate. 

Next there is the consultant, (and not one that is really tied to a specific product which makes them a sales rep disguised as a consultant) offering you "best practices." The consultant needs to make you happy with the service and/or product they select so getting you to say "yes," is not always enough.  If it doesn't work out as advertised, you probably will not want to pay for it.  So, where a sales rep might proclaim a product definitely can handle your needs, the experienced consultant will hedge a bit, to avoid possible fallout later on.  I get quite a few questions from "consultants" asking me to explain some point of law to them so they can explain it to their client. I typically do not help them.  It is their intention to take complex legal points and simplify them because, "that is what their clients like." Needless to say, simple is not accurate and frequently will cause their client more harm than good.  A little information truly can be a dangerous thing.

Lastly, there is the attorney (cue dramatic background music).  The attorney is risk-adverse and picky about simple statements of the law.  We learn that words have meaning and appreciate that even when sales reps and consultants use our words or case law appropriately, they often find a way to mess up the scope or analysis of the legal principle. While attorneys are often derided for making the simple seem complex, in our defense,  frequently things that appear simple, are simply not.  And, when it comes to your legal obigations, we attorneys are the ultimate and best source to evaluate your legal hold, data retention and eDiscovery policies and procedures.  Most good sales reps and consultants agree with this.  even if they occasionally forget it while they try to "help" their client.

So, who are you talking to?   When it comes to legal points, I hope it is your very wise and well-informed attorney. Can you hear me now?

October 18, 2010

ARMA International Conference and Expo in San Francisco November 7-10

The ARMA (Association of Records Managers and Administrators) Show is coming to San Francisco November 7-10 and should be excellent.  Although I was not able to attend the show in Orlando last year, I attended the Las Vegas Show in 2008 and found the panel discussions and presentation to be very worthwhile.  The highlight for me is that the speakers are often practitioners with a gift for educational presentations, and not just sales gurus and product marketers. 

The guidelines for ARMA prohibit speakers from simply selling their services.  The end result is that they offer more "real-world" examples of tackling and succeeding with Records Management, Litigation Preparedness and e-Discovery projects.  I have participated in local ARMA chapter events in Silicon Valley, San Francisco and Contra Costa County but will just blog about this event.  The local and national organizations are a great resource for anyone interested in learning more about Records and Information Management, or DRED.  For more information you may go to their website www.arma.org.   See you at the show.

September 28, 2010

Virtual LegalTech- Neat technology but where are my t-shirts and snacks?

Last week I checked out Virtual LegalTech for the second time this year.  In brief, it employed very cool technology and some of the presentations used streaming video and the new technology very effectively.  Others, not so much.  On the bright side, a boring Powerpoint presentation can be put in a smaller window to the side and I can surf the web while the boring speaker drones on.  In person at typical conferences, escaping a boring presentation can be much more challenging.  While some features of a "virtual conference" mirror the real world experience, others are missing.  

If you loiter near a booth, or, even walk by a little to slowly, at a conference, a sales representative will jump out at you, scan your data to get you on an email list, and then strike up a conversation or try to show you their demo and maybe get you on a path towards a sale.  At Virtual LegalTech, you are only bothered by the occasional pop-out chat window asking if they can answer any questions.   Less bothersome to be sure and not a bad way to type hello to a few people you may already know.  And, they already have your name and email.  Do I believe this technology will replace live, in-person conferences?  No.  Business people will always need excuses to network and showcase their wares and trade shows are still the superior showcase.  However, I do believe this technology will reduce the frequency of the live events and perhaps dramatically so.  During the past two years during this dismal economy, everyone involved has noticed an overall decline in attendance.   Virtual conferences have to be significantly more cost effective and that alone will make them an alternative, or an add-on to marketing budgets.  I did hear some excellent presentations and received Continuing Legal Education credits for some of them.  But it is still kind of sad that I attended two of these Virtual LegalTechs and didn't get a candy bar, snack, toy, or even one single t-shirt as a memento.  Maybe as the technology improves...

September 27, 2010

Do you Tweet? Are you on Facebook? You need a policy!

Some companies have really benefited by using Twitter and Facebook accounts to grow and cultivate their customer base.  And many other companies are taking notice and making plans to do the same.  But, there are some very important precautions you should be taking before you ask your clients and friends to "Like" you online.  Do you have a policy or retention schedule that covers your social media interactions?  If not, you need one.  This type of communication is potentially "relevant" material to any matter dealing with customer representations and advertising.  Depending on your industry, you may be specifically required to manage and retain this information or, your lawyer might just suggest it as a good idea.   I know there are more lawyers who are learning about this new area of business communication, but there are still too few.  Please find one who understands it and speak with them, or, contact us so we can help. 

May 18, 2010

IQPC eDiscovery Panel-Protecting Privileged Communication

by Cary J. Calderone, Esquire

Moderator, Mark Michels, Managing Attorney, Cisco Systems, Inc.
Craig Carpenter, Vice President and General Counsel, Recommind, Inc.
Martin T. Tulley, Partner and E-Discovery Practice Chair, Katten, Muchin, Rosenman, LLP

This panel was focused on Federal Rule of Evidence (FRE) 502 which governs attorney-client privilege and work product; limitations on waiver.  502 was drafted specifically to cover electronic discovery and inadvertent disclosures.  I have had the pleasure of listening to Mark Michels at other presentations and, as an audience member, I always appreciate that he tries to make his panel discussions interesting, lively, and a little bit fun.   After sitting in on 5 or 6 eDiscovery sessions over the two days at the IQPC eDiscovery conference, I believe anybody sitting in this audience appreciated that he made the panel discussion entertaining, as well as informative.

The first hot topic was protective orders with claw-back provisions. The panel was interested in whether people had ever had a "quick peak" (i.e., noticed that your opposition sent you privileged information and had to report it to them) and made the following points:

  • Mistakes will happen.  We are dealing with an enormous volume of data.  There is fear of privilege waiver but there is also significant cost in taking precautions. 
  • FRE 502- Now with 2 years of precedent it is better understood.
  • 502(d) limits waivers of attorney/client privilege, promotes certainty and reduces litigation risks.
  • 502(e) indicates that a Protective Order is still prudent.
  • There is a big presumption against broad subject waiver.
Mark asked, "when is a disclosure not a waiver of privilege?"
Martin provided a checklist of factors:

  • Privilege?-Was it privileged to begin with?
  • Inadvertent?-Was the disclosure inadvertent?  Some courts not-intentional equals inadvertent. Other courts have a checklist of factors to consider.
  • Reasonable?-Advisory committee notes to 502 do not define it.  Rather, the Committee notes list factors to consider such as precautions and steps taken after disclosure to attempt to rectify?
  • Extent of the disclosure?-Overriding issues of fairness.  Was there a defensible Records Management program?  For example, was it 4 out of 10,000 documents?  Did the disclosing party take quick action?  Court found it reasonable and therefore there was no waiver of the privilege.  
  • Best practice-Always have a protective order with a claw-back provision.
  • Waivers have been found where the producing party could not describe what they did...so document your procedures.
  • Perfection is not expected.
It was pointed out that whether FRE 502 would be binding in state courts, has not been tested.
Citing the Victor Stanley case and Judge Grimm be prepared to answer, "did you do enough to find the privileged documents?"
   
The panel also mentioned the Amobi v. District of Columbia case where Judge Facciola discussed "inadvertent."  The Judge's analogy was paraphrased; "while 502b would allow me to round up the animals and put them back in the barn, were reasonable steps taken to avoid letting the animals out?"
One of the precedents was clear.  When the data had been produced to the expert witness for review, privilege was waived.

The panel then examined what would be considered "reasonable" efforts to find and protect your privileged information.  Keyword search alone is usually not sufficient as it finds only 25% of documents, so you should add in sampling.  The type of vendor you are working with can make a difference.  Do they understand the methodology and work flows around it.

Craig Carpenter provided an extensive list of search features that could help.  He mentioned threading, email de-duping, visualization (being able to see who spoke with whom and when on certain topics), concept search (relate documents that are substantively similar but may not share keywords), clustering-(particular set of keywords-take first few documents that relate to the category), grouping-(more sophisticated clustering-take all documents that relate to the category) automatic categorization (the tool does it for you), amd predictive coding (form of automated review). 
Not surprisingly, Recommind's impressive products are capable of helping you with all of these search techniques.   Craig was in "teaching mode" and not in sales mode and his examples and explanations were excellent.


The panel discussed an instance of dealing with 2.5 million documents and the client did not want to pay for privilege review but rather, instructed outside counsel not to turn over anything privileged. LOL!  Obviously it would cost too much.   So, with client's consent, they used automated review tools with some direction from knowledgeable people.  They were able to save 3 or 4 months of processing time and several million dollars.

Mark Michels said "hypothetically," what if he was the "impecunious client?"  "How could they be reasonable and save money too?"  The panel proposed technology search with Bayesian models and sample seed sets to help cull down the data but then made it clear that "at some point, you have to put some eyes on it."  100% automated tools or 100% manual and people-powered processes have not been favored by the courts.

The last "best practice" was to re-iterate that it was critical to define "reasonableness" or, through agreement with the other party(s), take "reasonableness" out of the equation by agreeing what both parties would do for production and what would happen in the event of any inadvertent disclosure.  They closed with one of the best lessons for those who would rely solely on FRE 502 to save you from waiving privilege during disclosure:  Crediting Judge Grimm for the analogy, 502 was "like a bungee cord.  It can save you, but it is still a terrifying experience."


May 17, 2010

IQPC eDiscovery Panel-Global Issues

by Cary J. Calderone, Esquire

David C. Shonka, Esquire-Principal Deputy General Counsel, Federal Trade Commission
Benton Armstrong - Principal, Analytic and Forensic Technology, Deloitte Financial Advisory Services LLP

David Shonka stressed from the beginning, "if there is one takeaway best practice from this session-get local advice.  European Union directives are not the last bit of advice.  Each nation has its own interpretation of it.  Local law firms in Europe and Asia are much more sophisticated now and can offer better advice."

Initial considerations for global eDiscovery:

  • Who has Jurisdiction?
  • Who has control of the data?(maybe a 3rd party?) (Where is that party sitting?)
  • Duplicate copies in the US?
  • Where does the data sit?
  • If you can get it, can you move it?  Lot of restrictions on transfer (personal and sensitive data)
(Source-Sedona Conference Framework for Analysis of Cross-Border Discovery Conflicts August 2008)

Companies are employing new mobile technologies to go in with a small data center to process out personal and private data, then you can negotiate for collection/transfer from that point.  For example, data sitting on server in Eastern Europe but it is Austrian employees' data.  It was treated as though they were doing a collection in the Czech Republic.  They ultimately collected what they needed but it was a very long and difficult process-got consent from the Data Privacy officer in the Czech Republic.  Since this is a relatively new phenomenon, they are being extra cautious. Multinational organizations need to anticipate this.

There can be problems when parties do not want to cooperate but ultimately they do.  Preservation process- while the consent process is going on the data is not preserved.  Employees delay and then 5000 deletions will occur just before the data is supposed to be preserved.

We are getting better and more sensitive to private data in the US but still not equal to the EU.  Convergence going on-don't think they will ever meet-but the realities of dealing with a global economy is forcing people to cooperate.  Reminder that under the EU directive, looking at data equals "processing" and there are different stages:

  • Retention
  • Disclosure 
  • Onward transfer 
  • Secondary use
There are also international collection considerations such as:

  • Who collects?  Employees?  Can cause problems
  • In what form?  Native or a forensic copy? Physical or logical?  Remote or direct connect?

Best practice from Benton Armstrong-"get all stakeholders together at the outset."Records Managers, Legal, IT from many if not all different offices and locations. Get the potential roadblocks out in the open early so you can plan for some of them. It will make the process much faster.

One positive thing I learned from this panel is that, since I first started this blog, the best practices for international eDiscovery have evolved. While certainly not simple and without potential pitfalls, there are now better operating procedures and protocols for negotiating this tricky area. I suspect as more and more global companies implement policies and procedures and have better trained and more experienced practitioners involved, the potential pitfalls will continue to dissipate.

IQPC eDiscovery Panel-Roles of In-House Counsel and Outside Counsel

Vincent Miraglia, Chief Counsel - Employment Litigation & Electronic Discovery International Paper
Vickie Lee Clewes, Senior Manager, Commercial Legal Affairs, Gilead Sciences, Inc.
Moderator, Wayne C. Matus, Partner Pillsbury Law Firm

Wayne Matus started the discussion rolling by asking the panel, "What keeps you up at night?"
There were two answers:
  1. For things like government subpoenas and investigations, it is very hard to have processes already in place, so managing the discovery is very challenging. 
  2. For inside counsel, it is very difficult to manage many legal holds and keep mindful of when they "anticipate" new litigation. 

The panel noted it was difficult to have a cohesive company-wide plan. They still had to address the individuality of each office/department while balancing the tie between discovery and risk.

Vinnie thought that "less is more" and that he does not want all of the data, just the relevant stuff.
He gave an example of PST files.  They had established a delete policy (60 or 90 days) and used legal hold and archiving tools to move and archive necessary email. 

They referred to the Zubulake case (6) and explained that since "terminating employees" could lead to litigation, a best practice would be to freeze all data for terminations for a set period of time.


Question from Wayne-What about the fact that they may get hit with a lawsuit in a new area?   The panel believes in meeting and discussing potential new stuff often with outside counsel.  They also found that, almost always, outside counsel is conservative about when legal holds are necessary. 


What keeps Wayne up is the eDiscovery process maps he creates with his clients do not say all decisions should be documented.  For example, "this is why I did or did not issue a legal hold."

Vicki thinks they do need to document more.  Since we are shooting for "reasonableness" better to show what you considered at the time.


Question from Wayne-How important is communication between inside and outside counsel?
Vinnie's response-Keep it like a working partnership so Vinnie may respond to some discovery requests and outside counsel may respond to others.  He thought that the legal bills go down with better communication.

May 6, 2010

IQPC Judges Panel on eDiscovery

by Cary J. Calderone, Esquire



Readers of this blog know that I am always happy when we have the opportunity to learn about DRED issues directly from judges.  I had the privilege of attending the Judges Panel on eDiscovery at the IQPC eDiscovery Conference in San Francisco.  This was a very worthwhile session and attendees learned some great insights about the "Real World" of eDiscovery that occurs in actual court cases.  And, by actual court cases, I mean the majority of cases you will probably never read about because they do not involve extreme examples of eDiscovery misconduct and multi-million dollar sanctions.  Hopefully, these are the cases that your legal matter will most closely resemble.  Moderated by Craig Carpenter, V.P. and General Counsel, Recommind, Inc., U.S. Magistrate Judge Robert B. Collings, District of Massachusetts, and U.S. Magistrate Judge Elizabeth D. Laporte, Northern District of California, provided updates to the law.  I am happy to report that in the 3-plus years since I have been working almost exclusively with eDiscovery issues, there has been evolution and progress, and there are now better guidelines to help keep your business or department DRED-ready.


Some of Judge Collings recommendations included:

  • Reading the article by Judge Facciola-Federal Courts Law Review on privilege review   
  • Urging counsel get a court order with respect to a Section 502 waiver
  • Whittle eDiscovery down the the issues you have actually have in dispute
  • As an Observer to the Sedona Judicial Working Group-Courts are looking for more cooperation between counsel and less adversarial posturing during the Meet and Confer process
  • Parties need to be more transparent about what, how, and where their data is located
  • Don't take expensive 30(b)6 depositions unless necessary
  • Bring your IT experts to the Meet and Confers
  • A reasonable proposal and approach will get the Judge's support
  • Settling cases for purely economic reasons has always occurred -eDiscovery is exacerbating this
Judge Laporte also provided some important insights:

  • There is a wide range of parties and sophistication-She has given attorneys eDiscovery homework
  • Lawyers who typically do not deal with eDiscovery now have to learn it
  • Client is responsible for getting it right-Courts look to see who is really engaged in the wrong-doing (citing Qualcomm case where the court found no bad faith on the part of outside counsel)
  • Standard is what is reasonable at the time
  • If you agree with opposing counsel as to procedures, and reduce it to writing, you should be safe from sanctions
  • Get a section 502 claw-back provision embodied in a court order
  • Sanction cases-Repeated misrepresentations and a failure to be careful cause most of the sanctions, regardless of the provision the Judge may cite as authority for imposing sanctions.
The best practice comments were interrupted when Wayne C. Matus,  Partner, Pillsbury Law Firm, asked a question from the audience that caused a noticeable "pause for reflection" by the Judges before they could answer.  He asked if there was ever a situation where the standard for Legal Holds was going to be always on hold?  He gave the hypothetical of a construction company that knows there will always be litigation with a certain size development project, so from the beginning, they can "reasonably anticipate litigation."  After giving it some thought the Judges, while not answering the hypothetical directly, did point to similar industries, like pharmaceuticals, and technology development, where future litigation is always a consideration.  Since I have advised clients in this area, I commented to Wayne afterward that it was almost an "unanswerable question" and jokingly asked if he had ever been banned from participating in Q&A with Judges Panels because he asked such tough questions?  The truth is, tough questions like that are the best part of these panel discussions.


Judge Collings clarified the role of inside versus outside counsel: "What is subject to legal review is the role of outside counsel."  He recognized that making money for the corporation and keeping money for the corporation (a penny saved is a penny earned) is a major goal of inside counsel, but noted they will run into problems if Legal Hold notices are not going to the correct custodians or they are not being issued on time.

Judge Laporte referred to the Pension Committee case to remind us that Circuits have different standards for issuing Legal Holds.  She also commented on Judge Shira Scheindlin's recent dicta about always issuing a written hold.  Judge Laporte observed that "when you have a small family or small business litigant, it could be a very different situation and standard.  On the other hand, why wouldn't you issue a Legal Hold?"

Patrick Oot, a well-known eDiscovery expert and Sedona Conference participant made an interesting point from the audience about wage and hour disputes and when you may not want to issue Legal Holds in the standard fashion but might choose to separate the Legal Hold policy from the class certification.

Great point from the Judges on reviewing your own Legal Hold procedures:  "Imagine if you have to explain what you are doing to the Judge later."  For example, even an email is now a written record of what you did to issue a Legal Hold and it creates a trail.  Discussing the Quan case and text messaging, there were conflicting views on what the company policy was.  The Judges recommended audits regarding private versus company usage.  Best practice, "Have a clear cut policy" and people need to know it!

I had one what I like to call "cringe moment" when Judge Collings mentioned that lawyers are going to have to learn about technology to adequately represent their clients in court.  He mentioned the long tradition and ability of lawyers to be able to learn a great deal about a particular subject matter in order to prepare for trial.  They can study and learn an amazing amount of information in order to explain the subject to a judge and jury.  While judges are never "wrong," they are only "misinterpreted," my worry is that too many techno-deficient lawyers will believe they can learn the technology and its language in a few weeks.  They can not.  To them, in addition to offering my expert services (shameless plug), I suggest a more appropriate analogy would be like trying to learn to speak French in a few weeks.  In other words, learn what you can, but bring your expert interpreter along.  Merci beau coup...

April 9, 2010

What's that up in the Cloud Part 2? Do you have a Policy?

by Cary J. Calderone, Esquire

In the first article on the subject I presented an overview of some of the risks with moving your company data and/or applications to the Cloud (link to Part 1). This article is about moving to the Cloud whether you want to or not. Let me explain. Do you think you are in control of your companies' data? Maybe, or maybe not! Companies like Dropbox, Mozy and many others are offering free cloud storage to users. And, we are talking about free gigabytes of storage. Enough to hold far too much of your important, privileged and/or proprietary company information. These new product offerings are simple to use, and extremely easy to setup in a matter of a minute or two. This means that if you do not have a policy on storing your work product off site, like on USB flash drives or tapes, then you had better at least get one for Cloud storage. USB ports can be disabled. Stopping user access to all the Cloud storage sites would be very challenging. This means all a user has to do is download a small application, setup a folder on their desktop computer, and from that point forward, anything they place in that folder gets copied to the cloud. As a warning to all my potential clients, you do not want your first knowledge of this new technology coming after you have been served with a Request for Production in a lawsuit.
Now, personally I think this is the greatest thing since sliced bread, or, at least the greatest thing since free personal email accounts. I have setup test accounts with both Mozy and Dropbox. Having the latest copy of my draft blog post available on my netbook, my laptop, or my desktop machine, is a great time saver and backup mechanism. In the past, and even though I seldom need to share my information with another person, I have wasted countless hours and email storage space moving my data from one of my computers to another of my computers via USB or email. I no longer have to do this. Additionally, if I am ever away from one of my computers, I have the option of getting to my data by using any computer that has internet access. In conclusion, two quick words of advise: 1) If your company policies do not cover Cloud storage, they should. 2) If you are a lawyer making a discovery request or taking a deposition, you should know how to ask about this stuff.

March 5, 2010

IQPC eDiscovery Summit in San Francisco coming in April

by Cary J. Calderone, Esquire

For those of you who do not think that a couple of my blog articles will be enough information for you, then consider attending the eDiscovery Summit in San Francisco on April 26-28. I plan on covering the Judges Panel on eDiscovery with U.S. Magistrate Judge, Elizabeth D. Laporte, and another session focused on Cloud Computing and eDiscovery. In 2008 I covered a keynote delivered by Judge Laporte. (link to 2008 keynote article) so I am looking forward to getting an update from her. As I have mentioned on this blog previously, it is a rare treat to be able to get eDiscovery information and education directly from judges, as opposed to interpretations by other "experts" and "pundits." U.S. Magistrate Judge Robert B. Collings is also scheduled to speak. Additionally, there will be quite a few inside counsel who will share their "hands-on" experience with eDiscovery.


February 25, 2010

Legal Tech 2010-Best Practices in Compliance and Email Management in the Cloud

by Cary J. Calderone, Esquire

The participants (listed at end) on this panel had many years of eDiscovery experience and came from a variety of backgrounds including legal, consulting and product vendor. This was like getting a "Quick Tips" guide to eDiscovery because they chose to a conversational approach instead of doing a lecture and presentation. They started off first, by agreeing with Malcolm Gladwell's keynote comment, "we are in massive information overload." Then they got right at some important distinctions for the new language describing eDiscovery and, in some cases, updated the definitions for some of the old labels. For example, they talked about the "Cloud" and basic definitions, but the panel thought it was necessary to be more specific now and gave examples:
  1. Public cloud-3rd party provider
  2. Private cloud-you set it up yourself
  3. Storage Cloud-as opposed to applications
  4. Infrastructure-the network behind the Cloud
The driving force behind the use of the Cloud is that "head count is expensive."
Peter Lesser believed that private cloud is the safest way to store and use data because then users keep it off their laptops, etc.

The panel drilled down on Infrastructure and asked about variables like:
  • International considerations.
  • Where is the data really stored?
  • What about Virtualization?
  • Can you identify and distinguish between "primary" and "backup" data?
Tom Gelbman commented that the de facto Policy might be just to keep everything forever.

They noted some of the really difficult questions. How are you going to apply your Retention Policy? Where is the data? For example, a Swiss based parent company with data kept in Arizona? Is it now subject to Arizona and US jurisdiction?

What happens when a broker-dealer uses Facebook but can't capture the Facebook data-that is a problem under the current rules. And, if Corporations think they are just going to shut these things down “they are delusional.” Between, Twitter feeds and text messages etc., even with policies in place, they may be unenforceable. "Behavior does not change because you have a policy." This author would disagree. I believe that you can change some behavior with a well designed policy and training but agree that just having a policy, is seldom enough.

They claimed that without some sort of auto-classification tool, the management of the data is impossible due to the volume. They also recognized the sobering fact that it is much easier to get money budgeted for eDiscovery than it is for Retention. No arguments from me! Oil changes and routine maintenance seem to get quickly cut from budgets, but once the car breaks down, you have no choice but to call the tow truck and prepare for a big bill from the mechanic. Is your company being "proactive," with litigation preparedness, or, will they have to be "reactive" and pay for the blown engine when litigation erupts?

Tom Allman's Cloud checklist:
  • Can you suspend all auto deletion and move the data to an eDiscovery location?
  • What about meta-data?
  • Do you have backups to the cloud?
  • Neither Google nor Microsoft will implement legal holds. There is no Microsoft product to stop users from deleting a message. Journaling is the only option. Do you have it?
  • Does the Cloud help with cleanup of the digital landfill? Yes, it can.
Rosenthal and Lesser noted that the move to the Cloud has a positive effect in that it “Forces companies to engage in legacy retirement programs.”

Allman added one of his favorite funny-but-true tips, If you have backup tapes that are 25 years old, make sure when you sell a division, all the tapes go with it!

Weiss believed for many instances of email, you keep it 10 years then delete it, because access to it becomes more and more difficult.

Rosenthal added that legacy program are linked to applications and clients. So how would you ever be able to sample, search and analyze the data?

They posed another great question: Can you determine the value of the data?
Lesser-Storage is getting cheaper every year but the cost of the people to organize it far outweighs the cost of storage.
Brian Weiss added that yes, storage is cheap, but retrieval is expensive. Moreover, to scale up to index large amounts of data is still very expensive.

The final thoughts or hopes were that in five years from now, there would be no applications stored locally on computers and there would be much better search tools.

We shall see!

Panel participants:
Tom Gelbmann, Managing Director, Gelbmann & Associates
Tom Y. Allman, Editor, The Sedona Principles
Peter Lesser, Director of Global Technology, Skadden, Arps, Slate, Meagher & Flom, LLP
John J. Rosenthal, Partner, Winston and Strawn, LLP
Barry Murphy, Principal, Murphy's Insights
Moderator:
Brian Weiss, VP eDiscovery and Information Governance, Autonomy


Legal Tech 2010-A couple of neat new DRED products even smaller businesses can afford.

by Cary J. Calderone, Esquire

Let me start by hedging a bit. I am not recommending these products. I played with only demonstration versions. I do not test and review products unless I have been specifically hired by a client to help them decide what product they should purchase for their particular needs. However, at this past Legal Tech Show I was happy to demo two new products that smaller companies could afford to use. This is good news because in the DRED space, most of the initial products released targeted large clients and installations and had pretty large price tags. It is hard to imagine a smaller business working with a product that starts at 300k to solve a retention or eDiscovery problem. The two products I noticed: 1)Legal Hold Pro by Zapproved and 2) BitFlare by SunBlock Systems.


These are both products that may help many smaller businesses. Legal Hold Pro allows a customer to track Legal Holds, and more importantly, all the communications around the Legal Hold (LH). There are many challenges with issuing LHs. The obvious issues involve when the LH should be issued and what it should cover. However, it is also critical that the LH is adequately communicated to the correct custodians and that you can validate the communication for compliance with your LH policy. Legal Hold Pro is a SaaS product (in the Cloud) that helps users track not only the initial distribution of the LH but also, subsequent updates. I think the best feature may be that it helps users remove the LH when it is no longer necessary. This is an issue that has not been discussed as much. Even those who are proficient at the initial LH process will admit that they are much more disorganized when it comes to removing the LH. And, if you are holding data, whether you need to be or not, it now may be subject to a new discovery request and/or a new LH. So the product may help you legally "clean house" a little better.

Similarly, BitFlare gives smaller companies the ability to lock down computers for LH or data forensic purposes. There are other forensic tools, some of them more affordable than others, but the focus of BitFlare is that a non-techy can follow simple instructions and secure data on a computer, in a fashion that Bitflare claims (I do not know if it has been tested in court) will preserve the chain-of-custody and accordingly, preserve its use as evidence. BitFlare is not a Cloud or SaaS product, but rather is a software product that comes on a bootable CD disc and can be run on any laptop or desktop computer (not sure about Operating System limitations).

They have an interesting pricing schedule. You can download the software for free and use it (provided you know how to burn an ISO cd) but then if you want the spreadsheet that lists the content on the computer, it will cost you $250. My hunch is they use this approach so when you think you might need contents for a LH you can lock it down. Then, and only if and when you need to analyze the data, you can pay $250 to see what is actually on the computer.

Once again, I have not used either of these products other than the demo versions, so you will need to test and verify that they will work for you. Still, it is very nice to see a few products capable of helping smaller companies tackle issues around DRED law. Let's hope this is just the beginning and there will be more affordable products to help companies become and stay DRED ready.

February 16, 2010

Legal Tech Keynote by Mark Howitson of Facebook-Social Media and eDiscovery

by Cary J. Calderone Esquire

I had the pleasure of listening to Mark Howitson (aka Howey), Deputy General Counsel of Facebook, Inc. deliver the keynote address on Day 2 of Legal Tech. He started off with some staggering facts about Facebook:
  1. Currently, ½ of all Americans over the age of 14 use Facebook.
  2. 350 million users have logged into Facebook, in just the last 30 days.
If you think this social networking thing might just be catching on, you are right!

Howey came to Legal Tech to talk about Social Media and eDiscovery or, as he described it, dealing with Social Media and the information that he provides for discovery requests.
He divided his presentation into two responsibilities of managing data at Facebook:

1) Social media and discovery
  • Social media is going to be all around us-There is already an application (Forceware) that uses the iPhone GPS to provide live location reporting
  • The technology is everywhere
  • The technology is here to stay
Howey mentioned things he can't and won't do. He distinguished between when the law “allows” disclosure versus what it “requires” for civil discovery and this is a critical distinction because Facebook is dealing with huge volume.

In this regard, Howey relies heavily on the
Electronic Communication Privacy Act (ECPA) and the Stored Communications Act (SCA) CA 18 USC 2701 for wire intercepts, and Section 2702a for “covered provider,”“remote computing,” and “electronic communications services.” He noted that there is an issue of when Facebook may provide information to a requester under Section 2702b and the substantial legal necessity of having “lawful consent.” Customer Records would be covered by Section 2702c for example, if a subpoena is asking about User X and all communications. In that instance, even with a subpoena, Facebook can only give basic subscriber information.

Howey is “itching for a fight” as he wants user information to be declared “content” and therefore completely protected from disclosure. The SCA was created in 1986 so Howey believes it is time that the Federal Court clarifies the rules with case law that involves present day fact patterns and current technology.

He discussed the Colgan Air case involving Workers Compensation (WC) for a flight attendant. The WC appeals board sanctioned Facebook $200 a day for not providing the data about the flight attendant to Colgan Air but the appeals board later backed off because they recognized that Facebook was never provided the required consent.

Howey really had the audience pondering the question of what is “lawful consent?” For example, was compelled consent of parolees adequate under the SCA? And what about students subject to random drug testing?

There was also a case from Bozeman, Montana where job seekers were wrongfully required to list their social network screen names so they could be searched! And he talked about another case in Houston where they where the interviewers asked for the interviewee's Myspace password in order to review their Myspace page. The interviewee sued and won.

He believed the way to circumnavigate this law would be for a interviewer to ask the applicant to, “be my friend on Facebook?” This would appear to be a lawful approach as long as it is not coerced.

2) Managing Discovery at a Communications Company

  • We now live in a world with chat and Wikis which need policies written and enforced company-wide.
  • Howey described the basic tenets of discovery when it came to corporate material, which is a “yes” for discovery, versus personal material and items protected by the SCA, which would be a “no.”
  • There are still some gray areas, like email notification about Facebook communication which is residing on your computer system. Is it covered by SCA or not?

As a basic precaution to protect your privacy, he mentioned, “don't connect your business email to your Facebook account.”

When it came to the second item, “Managing all this Content” he had the following suggestions:
  1. Fee arrangements with law firms
  2. Single discovery counsel for all firms (I found this interesting but would really like to know how this could work given conflicts of interests and competition amongst law firms)
  3. Flat fees that delineate responsibility
  4. Companies first need to cut a deal with their outside counsel.
He mentioned some innovative firms and thought it was “insane” to pay law firms full freight. Howey also believed that the days of rooms full of people and monitors doing document review should end. He championed leveraging technology to keep costs down.

One of the high points of the entire conference for me was that Ms. Zubulake of the seminal eDiscovery decisions was in the audience. I have personally been involved in many debates about the correct pronunciation of her name. To his credit, once Howey found out she was in the audience he asked her. It turns out the first syllable sounds like “zoo” and the last syllable rhymes with “cake.” Lawyers and judges who read this may now rejoice!

On balance, Howey gave a very fun and informative keynote. He provided some answers and supporting authority and most definitely raised awareness to many of the critical issues going forward with eDiscovery and Social Media.

February 2, 2010

European Union data: What are the rules?

by Cary J. Calderone, Esquire

Those who attended this session at Legal Tech learned some interesting things about data protection in the European Union (EU) from a very impressive panel of experts (bio information and links below). My first foray into this area, the conflicts between EU and US rules governing electronic data, began about 3 years ago. While researching this subject for a particular client, I learned that international corporations had virtually impossible responsibilities to balance and implement. It became apparent that most issues would remain unresolved even as the best of international companies made progress towards becoming compliant company-wide. I was very interested in hearing about the current state of the EU and US data rules.


Nigel Murray offered some background information:
  • January 28, 2010 was the 4th European Data Protection Day – they have made it a holiday!
  • The EU Data Protection Directive will be updated to reflect new technology.
  • EU Data Protection rules will be written so users know when their personal data may be stored and that they have the right to say “no!”
  • The European Union has 27 member countries-No Norway, Switzerland, or Lichtenstein.
  • Bulgaria, Romania, and Turkey are not in the EU, but they are trying to join.

Judge Peck began by describing why the EU and US rules are in conflict. He explained that in the US the standard for discovery is information that is “reasonably calculated to lead to the discovery of admissible evidence.” In the US, even a claim of Confidentiality is not a basis for refusing to disclose or produce data. Sensitive items relating to HIPAA, Social Security Numbers, or credit card information would be redacted in accordance with a protective order or agreement, but the information is discoverable. On the other hand, under EU rules, Privacy is a fundamental right and anything that contains personal information, broadly defined as anything that can be used to identify a person, (see Definition Personal Information) can not even be searched, let alone collected or disclosed without the individual user's un-coerced consent. Judge Peck commented that “in the ideal world, a US Judge does not want to have to worry about EU or Asian rules” but we are not in the "ideal" world.

A few legal cases were discussed by the panel to show that the trend has been, if data is in the US, then Courts have been very hesitant to use EU Data Protection rules to keep it out.

Other observations:
  • Within EU jurisdictions, moving data from country to country also causes problems. If it seems odd to us in the US, remember that the US does not have a history of countries crossing borders to expand their empires.
  • There are times when cooperation can work. George Rudoy described one instance when the representatives of a company made him take a drink with them to show that his data collection would be used for only legitimate purposes. It may have been water. It may have been vodka. His willingness to participate reassured them.
  • Maura Grossman shared that no matter what your risk profile, it would be a best practice to establish relationships and get input from local counsel. She explained that there are many data protection rules where the exception for litigation is specific to litigation in that country. If your matter is filed in another country, even another EU country, the exception simply does not apply.
  • Consent is sometimes an option but not always. There are stringent standards to follow for gaining consent, and in some cases, consent of the individual is irrelevant.
  • Another best practice is to be “super-surgical” in targeting requests at specific data, and keeping the scope of the request bound by the borders of that particular country. What makes this very tricky is that it is not just moving data that causes a problem. Merely accessing the data can violate the rules! If data is hosted in Germany, a lawyer violates the rules if he accesses the data from his office in NY.
  • If a corporation has been freely operating with its worldwide data in an “open” fashion i.e., journaling all email communications in the US then Judge Peck believes it is more likely a US Judge will not protect that information from disclosure under EU data protection rules. Judge Peck says that “if it is here”, it comes in subject to comity with foreign countries.
  • George Rudoy and Browning Marean echoed that we should follow local rules and implement the safest technology we can.
  • Nigel Murray also stresses that it is critical to have “local boots on the ground.”
  • Maura Grossman pointed out that there are some very specific and important differences in the International community. For example, before heading to China to take a deposition she learned that American lawyers are not allowed to take depositions in China. She would have been jailed!
  • Browning Marean mentioned that the Pension Committee (Judge Scheindlin) case reminds us that failure to issue a Legal Hold when litigation is reasonably anticipated is gross negligence. He also added that Legal Holds are more effective when created and dispersed internally than when an outside law firm issues them.
The panel considered quite a few other issues that make EU data discovery more complicated, like:
  • Where is the data housed?
  • What if it is in another country in a cloud?
  • Who controls the data in a parent-subsidiary situation?
  • What is considered “reviewing or accessing the data?”

In conclusion, the rules are still evolving and for now, you need very competent and probably local advise to perform a risk/reward analysis to determine what you may or may not do with EU and other "non-US" data. After 3 years of following this tricky legal area, I had hoped there would be a few more straight answers and solutions, but not yet.

Panel Members:
George I. Rudoy, Director, Global Practice Technology & Information Services, Shearman & Sterling
Nigel Murray, Managing Director, Trilantic
Honorable Andrew J. Peck, Magistrate Judge, Southern District of New York
Browning E. Marean, Partner, DLA Piper LLP
Maura Grossman, Counsel, Wachtel, Lipton, Rosen and Katz
Senior Master Steven Whitaker, Senior Master of the Senior Court of England and Wales
Chris Dale, E-Disclosure Information Project
Vince Neicho, Litigation Support Manger, Allen & Overy LLP

Legal Tech 2010 Begins-First Keynote

By Cary J. Calderone, Esquire

This is the first post from Legal Tech 2010 in New York. Russell Stalters delivered the first keynote entitled "Don't build your E-Discovery Program on a Digital Landfill." Mr. Stalters discussed some of the very real-world issues that occur when companies try to manage their data better.
More and more, companies realize their attorneys and IT professionals do not have the necessary skills to manage data from the other's perspective. They often lack an understanding of the technology, law or the business reasons and realities around information management. Mr. Stalters believes companies would be wise to create a new C level position specifically in charge of RIM. Others have commented that Discovery Counsel or Information Czar types of positions are critical to success but he insists that they be at the C Level to get the job done well. He claims that even CIO's have had a different focus than what is necessary to apply best practices to managing information company-wide. He gave a brief overview of the Greenfield approach and how it can be employed. In conclusion, he never mentions the word "easy" but he insists that a fully compliant and functioning system can be achieved.