by Cary J. Calderone, Esquire
After my last blog article, I wanted to follow up and share some of the items that I discussed with Donald Skupsky, JD, CRM, FAI, MIT, after his presentation. It seemed like we had very different ideas on email management best-practices for organizations. Just to be fair, open and up front, I shared my concerns with him and in typical fashion, once we had a more in depth discussion on the issues, it turns out we agreed on quite a bit. For example, we agreed that most employees keep far too much email.
The numbers he presented estimated that only 5% of email actually includes content substantial enough to be considered a Record. I would add a few more percentage points for material related to Records. He also explained that there are some companies, a few, that do have a policy to tag and keep business record emails and have the rest deleted in 30-45 days, and they have been successful in defending their practices. They use a folder for Work-In-Progress but the main inbox gives the user a very short period of time to decide if an email is a Record, and then to move it to another location or repository for safekeeping, otherwise, it gets deleted. There are a few companies that purport to use this policy, but I sure would like to see if they actually adhere to the policy in sufficient fashion to have it withstand legal scrutiny.
Mr. Skupsky also believes too many companies use a fall-back policy where they end up keeping pretty much everything, and this is a terrible practice. I have witnessed this policy in action quite a few times. One company kept so much electronic information that when they needed to search its email archive, they were limited to 4 concurrent searches and it would take upwards of 12 days to get the first search results back. Not a very good system for Early Case Assessment or a Litigation Response team, to be sure. So we both agree that when it comes to email, keeping everything, is a bad policy.
Ultimately Mr. Skupsky described himself as a bit of a devil's advocate. By challenging a company with a 45 day email deletion policy, he believed it was more likely that ultimately, even if they would not agree to 45 days, they would agree to a relatively short deletion period of 6 months or a year. He explained that if they were not challenged early, so they had to act to manage their email, users always defaulted to retention periods that are too conservative and too long or, they never take any action at all. The end result would once again be email inboxes that are not managed. His position is that if they are not going to manage it, then they are better off not keeping it. So, while I cannot argue with Mr. Skupsky's goals, I will still persuade my readers to consider employing a different tact. I prefer to suggest simple and straight-forward policies and guidelines that will help them eliminate upwards of 50% of their non-record and non-business related email quickly. Too many users have stated that they would love to delete many emails but they were not sure if they could or should, so they kept them all. Mr. Skupsky and I are both shooting for keeping less mismanaged information, but my method is likely to err on the side of keeping more business emails rather than fewer. The lawyer in me wants you to keep information that may help us understand your case. Is it a perfect system? No. But making users affirmatively move Records, to safeguard them from deletion seems riskier. After the first 50% is removed from the inbox, we can then work on managing the next 30-45%, which will likely be more challenging, but can be better managed with some department and function-specific policies and procedures, and perhaps some of the great new search and management tools that are available. Either system correctly employed and monitored will reduce a great deal of email clutter. And, this, in and of itself, will provide a huge cost-savings for the over-stressed IT department. It will also enhance any Litigation Response program that needs to address eDiscovery. I just want to be more comfortable that the Litigation Response team will find relevant information on their own servers, before they see it produced by an adverse party in litigation!
My approach comes from the basic belief that the use of technology is critical to an organization's success and they must keep up with new productivity features to stay competitive. So, I want to allow for expanded usage, and less effort to manage that usage. Mr. Skupsky believes records retention practice actually can help support the use of technology too. He just abhors mismanaged data growth. So while on the surface we agree, I lean toward recommending any Retention and Records and Information Management policy will be flexible enough to be updated, and amended to reflect the ever-changing needs of the users. And, whenever possible, allowing the users more use of the data and any new technology enhancements. The new reality is many companies are now contracting and performing other substantial business functions via email, electronic exchanges, and even Social Networking sites. So if the RIM program is too limiting on the use and retention of electronic data, it runs the risk it will become impossible for employees to follow it thereby making it irrelevant. The days of following simple static rules that worked fine for slow moving paper are gone. It is time to keep up with email, Facebook, Twitter, and whatever may come next.
Special thanks to Donald Skupsky, for taking the time to consider and respond to my comments.
November 11, 2010
ARMA Session-Retention for Electronic Records-Or, Don Skupsky, some of your tips should sleep with the fishes
by Cary J. Calderone, Esquire
Donald S. Skupsky, JD, CRM, FAI, MIT is certainly one of the most respected and recognized Records Management thought leaders. If he is not the Godfather of Records Management, he is certainly a Godfather. His book/treatise is still the foundation for many corporate Record Information Management programs. However, coming from my background as a lawyer and IT consultant, (see blog post "Who are you talking to?") some of the RIM ideas he presented in this talk are really not applicable in the 21st century world of managing electronic data. Case in point, he suggested companies have a policy to delete email after only 30-45 days? Whoa! This is really not a "best practice" for most companies. Let me explain.
When I started helping companies update their RIM programs and become DRED ready, I found some challenges with the old guard Records Managers who cut their teeth, and perhaps their fingers, on paper. The drill was, declare a Record, protect it for the retention period and shred the other convenience copies. Simple. As readers of this blog already know, there are many reasons why this approach no longer works for email and other fast-moving electronic forms of communication. (see Shout out to Records Managers)
While Mr. Skupsky has expanded on his original definition of what is a "Record" to allow companies to define it to include various electronic forms, at other times during his presentation, he seems to completely forget the main reasons companies have and use technology. For example, let's consider his suggestion of as little as a 30 day retention period for email. Under his 30 day policy, users are supposed to take any email that qualifies as a "Record," (defined by the company policy) and move it to another document management system or, print it out for safekeeping and storage. Even if your company does not already have a specific legal requirement (like SEC 17 a-4, or Sarbanes-Oxley) to retain email communications, there is a very good chance employees who use their email as a work productivity tool have a habit of keeping them for later reference for at least a year or two, if not forever. Can you imagine how many people would not bother complying with the rule if it meant moving only select "Record" emails to another system or printing them out for safekeeping?
In today's world, employees are using search technology, like Google Desktop and other search engines and crawlers, to mine their own electronically stored information for answers. It is a basic form of Knowledge Management and in many cases, a major productivity enhancement. So, if you have a 30 day deletion rule, and nobody wants to follow it, chances are, they won't. Which means you will end up with a policy that ultimately shows at least one part of your RIM program is a sham. Not a good move if you end up in litigation someday.
Moreover, even if the 30 day policy is supported enough to pass a test in a discovery dispute in court, it is still not advisable. What about your early case assessment needs? Email that might be critical to determine if a potential matter has merit, may be deleted from your servers, but it will likely still be in the possession of your potential adversaries. Or, perhaps it was printed out, or kept in another management program. How many hours will it take to retrieve and review those stored emails?
Even assuming your employees are willing to perform all the extra work to print and/or move those potentially critical emails, some of them may have content that would show that your employee(s) made a mistake. How much effort will your employee(s) expend to store, search and retrieve those darn emails that may show they should be terminated? I would bet that at least a few employees might just let those pesky emails get deleted after 30 days and hope for the best. Once again, the result is potential discovery trouble for your company.
While I appreciated much of the presentation, it was a little bothersome to hear Mr. Skupsky's dismissive description of "groupware tools" which he "does not like." In the tech industry these might be separate development applications or wikis or even Instant Message comment threads. Does Mr. Skupsky believe that all of these amazing advances in the area of software and collaborative development will just go away because they are difficult to track and maintain according to a simple Records Retention Schedule??? I am betting the answer is a resounding "No." These will be distributed and used and even more tools will be invented. And, realistically, this will be so even if these tools make records management, more challenging. Facebook, Twitter, and Cloud applications, may make managing records more difficult, but they are not going away. We have to learn to proactively manage them.
I understand and respect the established industry protocols and efforts of any company in maintaining a working RIM program, but without a better understanding of how and why the new technologies are employed, creating "dream world" easy-to-manage electronic records policy, is not ultimately going to be productive, and may cause very serious issues in an otherwise well-intentioned RIM program.
I could not argue against some of his ideas without giving Mr. Skupsky a chance to explain himself, so I spoke with him after the session. The next blog post will cover our discussion.
Donald S. Skupsky, JD, CRM, FAI, MIT is certainly one of the most respected and recognized Records Management thought leaders. If he is not the Godfather of Records Management, he is certainly a Godfather. His book/treatise is still the foundation for many corporate Record Information Management programs. However, coming from my background as a lawyer and IT consultant, (see blog post "Who are you talking to?") some of the RIM ideas he presented in this talk are really not applicable in the 21st century world of managing electronic data. Case in point, he suggested companies have a policy to delete email after only 30-45 days? Whoa! This is really not a "best practice" for most companies. Let me explain.
When I started helping companies update their RIM programs and become DRED ready, I found some challenges with the old guard Records Managers who cut their teeth, and perhaps their fingers, on paper. The drill was, declare a Record, protect it for the retention period and shred the other convenience copies. Simple. As readers of this blog already know, there are many reasons why this approach no longer works for email and other fast-moving electronic forms of communication. (see Shout out to Records Managers)
While Mr. Skupsky has expanded on his original definition of what is a "Record" to allow companies to define it to include various electronic forms, at other times during his presentation, he seems to completely forget the main reasons companies have and use technology. For example, let's consider his suggestion of as little as a 30 day retention period for email. Under his 30 day policy, users are supposed to take any email that qualifies as a "Record," (defined by the company policy) and move it to another document management system or, print it out for safekeeping and storage. Even if your company does not already have a specific legal requirement (like SEC 17 a-4, or Sarbanes-Oxley) to retain email communications, there is a very good chance employees who use their email as a work productivity tool have a habit of keeping them for later reference for at least a year or two, if not forever. Can you imagine how many people would not bother complying with the rule if it meant moving only select "Record" emails to another system or printing them out for safekeeping?
In today's world, employees are using search technology, like Google Desktop and other search engines and crawlers, to mine their own electronically stored information for answers. It is a basic form of Knowledge Management and in many cases, a major productivity enhancement. So, if you have a 30 day deletion rule, and nobody wants to follow it, chances are, they won't. Which means you will end up with a policy that ultimately shows at least one part of your RIM program is a sham. Not a good move if you end up in litigation someday.
Moreover, even if the 30 day policy is supported enough to pass a test in a discovery dispute in court, it is still not advisable. What about your early case assessment needs? Email that might be critical to determine if a potential matter has merit, may be deleted from your servers, but it will likely still be in the possession of your potential adversaries. Or, perhaps it was printed out, or kept in another management program. How many hours will it take to retrieve and review those stored emails?
Even assuming your employees are willing to perform all the extra work to print and/or move those potentially critical emails, some of them may have content that would show that your employee(s) made a mistake. How much effort will your employee(s) expend to store, search and retrieve those darn emails that may show they should be terminated? I would bet that at least a few employees might just let those pesky emails get deleted after 30 days and hope for the best. Once again, the result is potential discovery trouble for your company.
While I appreciated much of the presentation, it was a little bothersome to hear Mr. Skupsky's dismissive description of "groupware tools" which he "does not like." In the tech industry these might be separate development applications or wikis or even Instant Message comment threads. Does Mr. Skupsky believe that all of these amazing advances in the area of software and collaborative development will just go away because they are difficult to track and maintain according to a simple Records Retention Schedule??? I am betting the answer is a resounding "No." These will be distributed and used and even more tools will be invented. And, realistically, this will be so even if these tools make records management, more challenging. Facebook, Twitter, and Cloud applications, may make managing records more difficult, but they are not going away. We have to learn to proactively manage them.
I understand and respect the established industry protocols and efforts of any company in maintaining a working RIM program, but without a better understanding of how and why the new technologies are employed, creating "dream world" easy-to-manage electronic records policy, is not ultimately going to be productive, and may cause very serious issues in an otherwise well-intentioned RIM program.
I could not argue against some of his ideas without giving Mr. Skupsky a chance to explain himself, so I spoke with him after the session. The next blog post will cover our discussion.
November 10, 2010
ARMA Show-A couple of useful new products and upgrades for your DRED project
by Cary J. Calderone, Esquire
Here are a few interesting product offerings I noticed at the ARMA Show this week. This is not a product review. I have not tested the products but just looked at their demonstration modules. However, I like to point out when I find a product that can and will fix specific challenges for many companies. The two products I noticed come from, Page Freezer, and ZL Technologies Inc.
Page Freezer simplifies the task of maintaining and tracking copies of your website and other online representations and communications. In my experience I have found many organizations need or want to keep copies of their website information and twitter feeds. These may include representations of service or product features and sometimes they must be tracked in order to comply with a Public Information request or Legal Hold. Either way, it is difficult to keep and track a website that may be updated daily by many different departments and authors. Who is responsible to archive all the changes? Page Freezer can automatically archive selected pages or entire websites on the fly according to the rules you setup. The product also tracks Twitter updates and supposedly will be able to archive Facebook updates as well. I know quite a few organizations that would like to be using this tool right now.
ZL Technologies Inc. has added new features that allow its customers to "manage in place." Many companies operate internationally, and are faced with very challenging and frequently conflicting laws concerning email communications and electronic data storage and retention management. ZL technologies has added features that will allow its users to archive and manage electronic data in place, even in a location like Japan. There are many solutions that can managing data in the US, especially when it is all in English. But when information is collected from many places and in many languages, there are extra challenges to the solution, and there may even be prohibitions against moving some types of data, i.e., across country borders. In these instances, managing in place can be a most useful feature. Many companies have tried to move all the electronic data to one central location, to be managed according to one set of rules. Not only does this mean potential bandwidth and regulatory problems, but how many people in your main U.S. office can read and manage information that is in Japanese or some other language? Usually, the answer is nobody. So you have moved the data away from the very people who are most capable of managing it because they can read it and know the local rules that apply to it. ZL Technologies is trying to give you, a better way.
Here are a few interesting product offerings I noticed at the ARMA Show this week. This is not a product review. I have not tested the products but just looked at their demonstration modules. However, I like to point out when I find a product that can and will fix specific challenges for many companies. The two products I noticed come from, Page Freezer, and ZL Technologies Inc.
Page Freezer simplifies the task of maintaining and tracking copies of your website and other online representations and communications. In my experience I have found many organizations need or want to keep copies of their website information and twitter feeds. These may include representations of service or product features and sometimes they must be tracked in order to comply with a Public Information request or Legal Hold. Either way, it is difficult to keep and track a website that may be updated daily by many different departments and authors. Who is responsible to archive all the changes? Page Freezer can automatically archive selected pages or entire websites on the fly according to the rules you setup. The product also tracks Twitter updates and supposedly will be able to archive Facebook updates as well. I know quite a few organizations that would like to be using this tool right now.
ZL Technologies Inc. has added new features that allow its customers to "manage in place." Many companies operate internationally, and are faced with very challenging and frequently conflicting laws concerning email communications and electronic data storage and retention management. ZL technologies has added features that will allow its users to archive and manage electronic data in place, even in a location like Japan. There are many solutions that can managing data in the US, especially when it is all in English. But when information is collected from many places and in many languages, there are extra challenges to the solution, and there may even be prohibitions against moving some types of data, i.e., across country borders. In these instances, managing in place can be a most useful feature. Many companies have tried to move all the electronic data to one central location, to be managed according to one set of rules. Not only does this mean potential bandwidth and regulatory problems, but how many people in your main U.S. office can read and manage information that is in Japanese or some other language? Usually, the answer is nobody. So you have moved the data away from the very people who are most capable of managing it because they can read it and know the local rules that apply to it. ZL Technologies is trying to give you, a better way.
November 3, 2010
Computer Forensics Show
by Cary J. Calderone, Esquire
I was able to spend limited time at The Computer Forensics Show in San Francisco this week. I understand when a show is debuting in a new city it may have issues, but the acoustics at the Herbst Pavilion at Fort Mason were pretty awful and, I am not the only one who noticed. It's too bad because the show did have some very good speakers and covered interesting DRED topics. Still, it was challenging to enjoy their presentations due to the acoustics. Background noise notwithstanding, here are a few highlights:
Dean Gonsowski, Vice President, e-Discovery Services at Clearwell Systems, presented "Compliance in the Cloud and the Implications on eDiscovery. He provided a very nice overview of many issues that need to be considered when looking for a solution in the Cloud. Even when I asked about a tricky issue, i.e., "what to do when your data may be co-located across international borders?", he provided a thoughtful and practical approach. He had other terrific "checklists" to use when you look at Cloud solutions, but I am not listing them here. You'll have to see one of his presentations yourself.
I also enjoyed the session run by Michael Glick, Vice President of Encore Discovery Solutions "How Advances in Modern Electronic Discovery Practice are Changing Commonly Held Notions About Conflicts of Interest." He described the advantages to litigants following the Sedona Conference Cooperation Proclamation and waiving some potential conflict issues, and cooperating with adversaries during electronic discovery. There area even times when using a single provider and platform can save everybody money and hassles. I asked if Encore had protocols conflict checks for their eDiscovery clients? Much like lawyers and law firms, Encore follows high standards and protocols to ensure they do not represent parties with adverse interests. Pre-engagement conflict checking is too often an afterthought with some consulting groups in the DRED space and it shouldn't be.
On balance, I hope that this conference grows, finds a better location, and returns to San Francisco next year. If they continue with legal tracks that include good DRED discussions, I will attend again.
I was able to spend limited time at The Computer Forensics Show in San Francisco this week. I understand when a show is debuting in a new city it may have issues, but the acoustics at the Herbst Pavilion at Fort Mason were pretty awful and, I am not the only one who noticed. It's too bad because the show did have some very good speakers and covered interesting DRED topics. Still, it was challenging to enjoy their presentations due to the acoustics. Background noise notwithstanding, here are a few highlights:
Dean Gonsowski, Vice President, e-Discovery Services at Clearwell Systems, presented "Compliance in the Cloud and the Implications on eDiscovery. He provided a very nice overview of many issues that need to be considered when looking for a solution in the Cloud. Even when I asked about a tricky issue, i.e., "what to do when your data may be co-located across international borders?", he provided a thoughtful and practical approach. He had other terrific "checklists" to use when you look at Cloud solutions, but I am not listing them here. You'll have to see one of his presentations yourself.
I also enjoyed the session run by Michael Glick, Vice President of Encore Discovery Solutions "How Advances in Modern Electronic Discovery Practice are Changing Commonly Held Notions About Conflicts of Interest." He described the advantages to litigants following the Sedona Conference Cooperation Proclamation and waiving some potential conflict issues, and cooperating with adversaries during electronic discovery. There area even times when using a single provider and platform can save everybody money and hassles. I asked if Encore had protocols conflict checks for their eDiscovery clients? Much like lawyers and law firms, Encore follows high standards and protocols to ensure they do not represent parties with adverse interests. Pre-engagement conflict checking is too often an afterthought with some consulting groups in the DRED space and it shouldn't be.
On balance, I hope that this conference grows, finds a better location, and returns to San Francisco next year. If they continue with legal tracks that include good DRED discussions, I will attend again.
October 28, 2010
Attending the Computer Forensics Show
by Cary J. Calderone, Esquire
I will be checking out The Computer Forensics Show Nov 1 and 2 at the Fort Mason Center right here in San Francisco. (You know San Francisco, where the Giants play World Series baseball...) It is my first time attending this particular event but I expect it to be worthwhile. As my readers know, there is a very important relationship between DRED and computer forensics, so I will observe the legal tracks and hopefully learn more about when and what specific factors trigger forensic investigation, and how forensic tools may be used proactively, to avoid pain and greater costs later.
Given some of the panel discussions they have scheduled, I am sure I will find some "blog-worthy" material.
I will be checking out The Computer Forensics Show Nov 1 and 2 at the Fort Mason Center right here in San Francisco. (You know San Francisco, where the Giants play World Series baseball...) It is my first time attending this particular event but I expect it to be worthwhile. As my readers know, there is a very important relationship between DRED and computer forensics, so I will observe the legal tracks and hopefully learn more about when and what specific factors trigger forensic investigation, and how forensic tools may be used proactively, to avoid pain and greater costs later.
Given some of the panel discussions they have scheduled, I am sure I will find some "blog-worthy" material.
October 26, 2010
Who are you talking to? You talking to me?
by Cary J. Calderone, Esquire
Here comes a little rant. I try to be nice, really I do. But it is very frustrating when my energy and efforts to help a client are thwarted or, challenged by more aggressive and "less informed" consultants and sales representatives posing as consultants. Attorneys, sales reps and consultants usually have different education backgrounds, different experiences, and different motivations. So I wanted to devote this blog post to summarize and distinguish these three professionals who may be employed to assist you with your DRED project.
First, there is the sales representative who makes some or all of their salary by making a sale. They have to get you to say "yes" to their product or service in order to earn their commission. Accordingly, they are not the most motivated when it comes to telling you how their product might fail you or how over-simplified their "form data retention policy" might be. Most seasoned customers recognize the motivation of the nice and helpful sales rep and view their information as potentially inaccurate.
Next there is the consultant, (and not one that is really tied to a specific product which makes them a sales rep disguised as a consultant) offering you "best practices." The consultant needs to make you happy with the service and/or product they select so getting you to say "yes," is not always enough. If it doesn't work out as advertised, you probably will not want to pay for it. So, where a sales rep might proclaim a product definitely can handle your needs, the experienced consultant will hedge a bit, to avoid possible fallout later on. I get quite a few questions from "consultants" asking me to explain some point of law to them so they can explain it to their client. I typically do not help them. It is their intention to take complex legal points and simplify them because, "that is what their clients like." Needless to say, simple is not accurate and frequently will cause their client more harm than good. A little information truly can be a dangerous thing.
Lastly, there is the attorney (cue dramatic background music). The attorney is risk-adverse and picky about simple statements of the law. We learn that words have meaning and appreciate that even when sales reps and consultants use our words or case law appropriately, they often find a way to mess up the scope or analysis of the legal principle. While attorneys are often derided for making the simple seem complex, in our defense, frequently things that appear simple, are simply not. And, when it comes to your legal obigations, we attorneys are the ultimate and best source to evaluate your legal hold, data retention and eDiscovery policies and procedures. Most good sales reps and consultants agree with this. even if they occasionally forget it while they try to "help" their client.
So, who are you talking to? When it comes to legal points, I hope it is your very wise and well-informed attorney. Can you hear me now?
Here comes a little rant. I try to be nice, really I do. But it is very frustrating when my energy and efforts to help a client are thwarted or, challenged by more aggressive and "less informed" consultants and sales representatives posing as consultants. Attorneys, sales reps and consultants usually have different education backgrounds, different experiences, and different motivations. So I wanted to devote this blog post to summarize and distinguish these three professionals who may be employed to assist you with your DRED project.
First, there is the sales representative who makes some or all of their salary by making a sale. They have to get you to say "yes" to their product or service in order to earn their commission. Accordingly, they are not the most motivated when it comes to telling you how their product might fail you or how over-simplified their "form data retention policy" might be. Most seasoned customers recognize the motivation of the nice and helpful sales rep and view their information as potentially inaccurate.
Next there is the consultant, (and not one that is really tied to a specific product which makes them a sales rep disguised as a consultant) offering you "best practices." The consultant needs to make you happy with the service and/or product they select so getting you to say "yes," is not always enough. If it doesn't work out as advertised, you probably will not want to pay for it. So, where a sales rep might proclaim a product definitely can handle your needs, the experienced consultant will hedge a bit, to avoid possible fallout later on. I get quite a few questions from "consultants" asking me to explain some point of law to them so they can explain it to their client. I typically do not help them. It is their intention to take complex legal points and simplify them because, "that is what their clients like." Needless to say, simple is not accurate and frequently will cause their client more harm than good. A little information truly can be a dangerous thing.
Lastly, there is the attorney (cue dramatic background music). The attorney is risk-adverse and picky about simple statements of the law. We learn that words have meaning and appreciate that even when sales reps and consultants use our words or case law appropriately, they often find a way to mess up the scope or analysis of the legal principle. While attorneys are often derided for making the simple seem complex, in our defense, frequently things that appear simple, are simply not. And, when it comes to your legal obigations, we attorneys are the ultimate and best source to evaluate your legal hold, data retention and eDiscovery policies and procedures. Most good sales reps and consultants agree with this. even if they occasionally forget it while they try to "help" their client.
So, who are you talking to? When it comes to legal points, I hope it is your very wise and well-informed attorney. Can you hear me now?
October 18, 2010
ARMA International Conference and Expo in San Francisco November 7-10
The ARMA (Association of Records Managers and Administrators) Show is coming to San Francisco November 7-10 and should be excellent. Although I was not able to attend the show in Orlando last year, I attended the Las Vegas Show in 2008 and found the panel discussions and presentation to be very worthwhile. The highlight for me is that the speakers are often practitioners with a gift for educational presentations, and not just sales gurus and product marketers.
The guidelines for ARMA prohibit speakers from simply selling their services. The end result is that they offer more "real-world" examples of tackling and succeeding with Records Management, Litigation Preparedness and e-Discovery projects. I have participated in local ARMA chapter events in Silicon Valley, San Francisco and Contra Costa County but will just blog about this event. The local and national organizations are a great resource for anyone interested in learning more about Records and Information Management, or DRED. For more information you may go to their website www.arma.org. See you at the show.
The guidelines for ARMA prohibit speakers from simply selling their services. The end result is that they offer more "real-world" examples of tackling and succeeding with Records Management, Litigation Preparedness and e-Discovery projects. I have participated in local ARMA chapter events in Silicon Valley, San Francisco and Contra Costa County but will just blog about this event. The local and national organizations are a great resource for anyone interested in learning more about Records and Information Management, or DRED. For more information you may go to their website www.arma.org. See you at the show.
September 28, 2010
Virtual LegalTech- Neat technology but where are my t-shirts and snacks?
Last week I checked out Virtual LegalTech for the second time this year. In brief, it employed very cool technology and some of the presentations used streaming video and the new technology very effectively. Others, not so much. On the bright side, a boring Powerpoint presentation can be put in a smaller window to the side and I can surf the web while the boring speaker drones on. In person at typical conferences, escaping a boring presentation can be much more challenging. While some features of a "virtual conference" mirror the real world experience, others are missing.
If you loiter near a booth, or, even walk by a little to slowly, at a conference, a sales representative will jump out at you, scan your data to get you on an email list, and then strike up a conversation or try to show you their demo and maybe get you on a path towards a sale. At Virtual LegalTech, you are only bothered by the occasional pop-out chat window asking if they can answer any questions. Less bothersome to be sure and not a bad way to type hello to a few people you may already know. And, they already have your name and email. Do I believe this technology will replace live, in-person conferences? No. Business people will always need excuses to network and showcase their wares and trade shows are still the superior showcase. However, I do believe this technology will reduce the frequency of the live events and perhaps dramatically so. During the past two years during this dismal economy, everyone involved has noticed an overall decline in attendance. Virtual conferences have to be significantly more cost effective and that alone will make them an alternative, or an add-on to marketing budgets. I did hear some excellent presentations and received Continuing Legal Education credits for some of them. But it is still kind of sad that I attended two of these Virtual LegalTechs and didn't get a candy bar, snack, toy, or even one single t-shirt as a memento. Maybe as the technology improves...
If you loiter near a booth, or, even walk by a little to slowly, at a conference, a sales representative will jump out at you, scan your data to get you on an email list, and then strike up a conversation or try to show you their demo and maybe get you on a path towards a sale. At Virtual LegalTech, you are only bothered by the occasional pop-out chat window asking if they can answer any questions. Less bothersome to be sure and not a bad way to type hello to a few people you may already know. And, they already have your name and email. Do I believe this technology will replace live, in-person conferences? No. Business people will always need excuses to network and showcase their wares and trade shows are still the superior showcase. However, I do believe this technology will reduce the frequency of the live events and perhaps dramatically so. During the past two years during this dismal economy, everyone involved has noticed an overall decline in attendance. Virtual conferences have to be significantly more cost effective and that alone will make them an alternative, or an add-on to marketing budgets. I did hear some excellent presentations and received Continuing Legal Education credits for some of them. But it is still kind of sad that I attended two of these Virtual LegalTechs and didn't get a candy bar, snack, toy, or even one single t-shirt as a memento. Maybe as the technology improves...
September 27, 2010
Do you Tweet? Are you on Facebook? You need a policy!
Some companies have really benefited by using Twitter and Facebook accounts to grow and cultivate their customer base. And many other companies are taking notice and making plans to do the same. But, there are some very important precautions you should be taking before you ask your clients and friends to "Like" you online. Do you have a policy or retention schedule that covers your social media interactions? If not, you need one. This type of communication is potentially "relevant" material to any matter dealing with customer representations and advertising. Depending on your industry, you may be specifically required to manage and retain this information or, your lawyer might just suggest it as a good idea. I know there are more lawyers who are learning about this new area of business communication, but there are still too few. Please find one who understands it and speak with them, or, contact us so we can help.
May 18, 2010
IQPC eDiscovery Panel-Protecting Privileged Communication
by Cary J. Calderone, Esquire
Moderator, Mark Michels, Managing Attorney, Cisco Systems, Inc.
Craig Carpenter, Vice President and General Counsel, Recommind, Inc.
Martin T. Tulley, Partner and E-Discovery Practice Chair, Katten, Muchin, Rosenman, LLP
This panel was focused on Federal Rule of Evidence (FRE) 502 which governs attorney-client privilege and work product; limitations on waiver. 502 was drafted specifically to cover electronic discovery and inadvertent disclosures. I have had the pleasure of listening to Mark Michels at other presentations and, as an audience member, I always appreciate that he tries to make his panel discussions interesting, lively, and a little bit fun. After sitting in on 5 or 6 eDiscovery sessions over the two days at the IQPC eDiscovery conference, I believe anybody sitting in this audience appreciated that he made the panel discussion entertaining, as well as informative.
The first hot topic was protective orders with claw-back provisions. The panel was interested in whether people had ever had a "quick peak" (i.e., noticed that your opposition sent you privileged information and had to report it to them) and made the following points:
Martin provided a checklist of factors:
Citing the Victor Stanley case and Judge Grimm be prepared to answer, "did you do enough to find the privileged documents?"
The panel also mentioned the Amobi v. District of Columbia case where Judge Facciola discussed "inadvertent." The Judge's analogy was paraphrased; "while 502b would allow me to round up the animals and put them back in the barn, were reasonable steps taken to avoid letting the animals out?"
One of the precedents was clear. When the data had been produced to the expert witness for review, privilege was waived.
The panel then examined what would be considered "reasonable" efforts to find and protect your privileged information. Keyword search alone is usually not sufficient as it finds only 25% of documents, so you should add in sampling. The type of vendor you are working with can make a difference. Do they understand the methodology and work flows around it.
Craig Carpenter provided an extensive list of search features that could help. He mentioned threading, email de-duping, visualization (being able to see who spoke with whom and when on certain topics), concept search (relate documents that are substantively similar but may not share keywords), clustering-(particular set of keywords-take first few documents that relate to the category), grouping-(more sophisticated clustering-take all documents that relate to the category) automatic categorization (the tool does it for you), amd predictive coding (form of automated review). Not surprisingly, Recommind's impressive products are capable of helping you with all of these search techniques. Craig was in "teaching mode" and not in sales mode and his examples and explanations were excellent.
The panel discussed an instance of dealing with 2.5 million documents and the client did not want to pay for privilege review but rather, instructed outside counsel not to turn over anything privileged. LOL! Obviously it would cost too much. So, with client's consent, they used automated review tools with some direction from knowledgeable people. They were able to save 3 or 4 months of processing time and several million dollars.
Mark Michels said "hypothetically," what if he was the "impecunious client?" "How could they be reasonable and save money too?" The panel proposed technology search with Bayesian models and sample seed sets to help cull down the data but then made it clear that "at some point, you have to put some eyes on it." 100% automated tools or 100% manual and people-powered processes have not been favored by the courts.
The last "best practice" was to re-iterate that it was critical to define "reasonableness" or, through agreement with the other party(s), take "reasonableness" out of the equation by agreeing what both parties would do for production and what would happen in the event of any inadvertent disclosure. They closed with one of the best lessons for those who would rely solely on FRE 502 to save you from waiving privilege during disclosure: Crediting Judge Grimm for the analogy, 502 was "like a bungee cord. It can save you, but it is still a terrifying experience."
Moderator, Mark Michels, Managing Attorney, Cisco Systems, Inc.
Craig Carpenter, Vice President and General Counsel, Recommind, Inc.
Martin T. Tulley, Partner and E-Discovery Practice Chair, Katten, Muchin, Rosenman, LLP
This panel was focused on Federal Rule of Evidence (FRE) 502 which governs attorney-client privilege and work product; limitations on waiver. 502 was drafted specifically to cover electronic discovery and inadvertent disclosures. I have had the pleasure of listening to Mark Michels at other presentations and, as an audience member, I always appreciate that he tries to make his panel discussions interesting, lively, and a little bit fun. After sitting in on 5 or 6 eDiscovery sessions over the two days at the IQPC eDiscovery conference, I believe anybody sitting in this audience appreciated that he made the panel discussion entertaining, as well as informative.
The first hot topic was protective orders with claw-back provisions. The panel was interested in whether people had ever had a "quick peak" (i.e., noticed that your opposition sent you privileged information and had to report it to them) and made the following points:
- Mistakes will happen. We are dealing with an enormous volume of data. There is fear of privilege waiver but there is also significant cost in taking precautions.
- FRE 502- Now with 2 years of precedent it is better understood.
- 502(d) limits waivers of attorney/client privilege, promotes certainty and reduces litigation risks.
- 502(e) indicates that a Protective Order is still prudent.
- There is a big presumption against broad subject waiver.
Martin provided a checklist of factors:
- Privilege?-Was it privileged to begin with?
- Inadvertent?-Was the disclosure inadvertent? Some courts not-intentional equals inadvertent. Other courts have a checklist of factors to consider.
- Reasonable?-Advisory committee notes to 502 do not define it. Rather, the Committee notes list factors to consider such as precautions and steps taken after disclosure to attempt to rectify?
- Extent of the disclosure?-Overriding issues of fairness. Was there a defensible Records Management program? For example, was it 4 out of 10,000 documents? Did the disclosing party take quick action? Court found it reasonable and therefore there was no waiver of the privilege.
- Best practice-Always have a protective order with a claw-back provision.
- Waivers have been found where the producing party could not describe what they did...so document your procedures.
- Perfection is not expected.
Citing the Victor Stanley case and Judge Grimm be prepared to answer, "did you do enough to find the privileged documents?"
The panel also mentioned the Amobi v. District of Columbia case where Judge Facciola discussed "inadvertent." The Judge's analogy was paraphrased; "while 502b would allow me to round up the animals and put them back in the barn, were reasonable steps taken to avoid letting the animals out?"
One of the precedents was clear. When the data had been produced to the expert witness for review, privilege was waived.
The panel then examined what would be considered "reasonable" efforts to find and protect your privileged information. Keyword search alone is usually not sufficient as it finds only 25% of documents, so you should add in sampling. The type of vendor you are working with can make a difference. Do they understand the methodology and work flows around it.
Craig Carpenter provided an extensive list of search features that could help. He mentioned threading, email de-duping, visualization (being able to see who spoke with whom and when on certain topics), concept search (relate documents that are substantively similar but may not share keywords), clustering-(particular set of keywords-take first few documents that relate to the category), grouping-(more sophisticated clustering-take all documents that relate to the category) automatic categorization (the tool does it for you), amd predictive coding (form of automated review). Not surprisingly, Recommind's impressive products are capable of helping you with all of these search techniques. Craig was in "teaching mode" and not in sales mode and his examples and explanations were excellent.
The panel discussed an instance of dealing with 2.5 million documents and the client did not want to pay for privilege review but rather, instructed outside counsel not to turn over anything privileged. LOL! Obviously it would cost too much. So, with client's consent, they used automated review tools with some direction from knowledgeable people. They were able to save 3 or 4 months of processing time and several million dollars.
Mark Michels said "hypothetically," what if he was the "impecunious client?" "How could they be reasonable and save money too?" The panel proposed technology search with Bayesian models and sample seed sets to help cull down the data but then made it clear that "at some point, you have to put some eyes on it." 100% automated tools or 100% manual and people-powered processes have not been favored by the courts.
The last "best practice" was to re-iterate that it was critical to define "reasonableness" or, through agreement with the other party(s), take "reasonableness" out of the equation by agreeing what both parties would do for production and what would happen in the event of any inadvertent disclosure. They closed with one of the best lessons for those who would rely solely on FRE 502 to save you from waiving privilege during disclosure: Crediting Judge Grimm for the analogy, 502 was "like a bungee cord. It can save you, but it is still a terrifying experience."
May 17, 2010
IQPC eDiscovery Panel-Global Issues
by Cary J. Calderone, Esquire
David C. Shonka, Esquire-Principal Deputy General Counsel, Federal Trade Commission
Benton Armstrong - Principal, Analytic and Forensic Technology, Deloitte Financial Advisory Services LLP
David Shonka stressed from the beginning, "if there is one takeaway best practice from this session-get local advice. European Union directives are not the last bit of advice. Each nation has its own interpretation of it. Local law firms in Europe and Asia are much more sophisticated now and can offer better advice."
Initial considerations for global eDiscovery:
Companies are employing new mobile technologies to go in with a small data center to process out personal and private data, then you can negotiate for collection/transfer from that point. For example, data sitting on server in Eastern Europe but it is Austrian employees' data. It was treated as though they were doing a collection in the Czech Republic. They ultimately collected what they needed but it was a very long and difficult process-got consent from the Data Privacy officer in the Czech Republic. Since this is a relatively new phenomenon, they are being extra cautious. Multinational organizations need to anticipate this.
There can be problems when parties do not want to cooperate but ultimately they do. Preservation process- while the consent process is going on the data is not preserved. Employees delay and then 5000 deletions will occur just before the data is supposed to be preserved.
We are getting better and more sensitive to private data in the US but still not equal to the EU. Convergence going on-don't think they will ever meet-but the realities of dealing with a global economy is forcing people to cooperate. Reminder that under the EU directive, looking at data equals "processing" and there are different stages:
Best practice from Benton Armstrong-"get all stakeholders together at the outset."Records Managers, Legal, IT from many if not all different offices and locations. Get the potential roadblocks out in the open early so you can plan for some of them. It will make the process much faster.
One positive thing I learned from this panel is that, since I first started this blog, the best practices for international eDiscovery have evolved. While certainly not simple and without potential pitfalls, there are now better operating procedures and protocols for negotiating this tricky area. I suspect as more and more global companies implement policies and procedures and have better trained and more experienced practitioners involved, the potential pitfalls will continue to dissipate.
David C. Shonka, Esquire-Principal Deputy General Counsel, Federal Trade Commission
Benton Armstrong - Principal, Analytic and Forensic Technology, Deloitte Financial Advisory Services LLP
David Shonka stressed from the beginning, "if there is one takeaway best practice from this session-get local advice. European Union directives are not the last bit of advice. Each nation has its own interpretation of it. Local law firms in Europe and Asia are much more sophisticated now and can offer better advice."
Initial considerations for global eDiscovery:
- Who has Jurisdiction?
- Who has control of the data?(maybe a 3rd party?) (Where is that party sitting?)
- Duplicate copies in the US?
- Where does the data sit?
- If you can get it, can you move it? Lot of restrictions on transfer (personal and sensitive data)
Companies are employing new mobile technologies to go in with a small data center to process out personal and private data, then you can negotiate for collection/transfer from that point. For example, data sitting on server in Eastern Europe but it is Austrian employees' data. It was treated as though they were doing a collection in the Czech Republic. They ultimately collected what they needed but it was a very long and difficult process-got consent from the Data Privacy officer in the Czech Republic. Since this is a relatively new phenomenon, they are being extra cautious. Multinational organizations need to anticipate this.
There can be problems when parties do not want to cooperate but ultimately they do. Preservation process- while the consent process is going on the data is not preserved. Employees delay and then 5000 deletions will occur just before the data is supposed to be preserved.
We are getting better and more sensitive to private data in the US but still not equal to the EU. Convergence going on-don't think they will ever meet-but the realities of dealing with a global economy is forcing people to cooperate. Reminder that under the EU directive, looking at data equals "processing" and there are different stages:
- Retention
- Disclosure
- Onward transfer
- Secondary use
- Who collects? Employees? Can cause problems
- In what form? Native or a forensic copy? Physical or logical? Remote or direct connect?
Best practice from Benton Armstrong-"get all stakeholders together at the outset."Records Managers, Legal, IT from many if not all different offices and locations. Get the potential roadblocks out in the open early so you can plan for some of them. It will make the process much faster.
One positive thing I learned from this panel is that, since I first started this blog, the best practices for international eDiscovery have evolved. While certainly not simple and without potential pitfalls, there are now better operating procedures and protocols for negotiating this tricky area. I suspect as more and more global companies implement policies and procedures and have better trained and more experienced practitioners involved, the potential pitfalls will continue to dissipate.
IQPC eDiscovery Panel-Roles of In-House Counsel and Outside Counsel
Vincent Miraglia, Chief Counsel - Employment Litigation & Electronic Discovery International Paper
Vickie Lee Clewes, Senior Manager, Commercial Legal Affairs, Gilead Sciences, Inc.
Moderator, Wayne C. Matus, Partner Pillsbury Law Firm
Wayne Matus started the discussion rolling by asking the panel, "What keeps you up at night?"
There were two answers:
The panel noted it was difficult to have a cohesive company-wide plan. They still had to address the individuality of each office/department while balancing the tie between discovery and risk.
Vinnie thought that "less is more" and that he does not want all of the data, just the relevant stuff.
He gave an example of PST files. They had established a delete policy (60 or 90 days) and used legal hold and archiving tools to move and archive necessary email.
They referred to the Zubulake case (6) and explained that since "terminating employees" could lead to litigation, a best practice would be to freeze all data for terminations for a set period of time.
Question from Wayne-What about the fact that they may get hit with a lawsuit in a new area? The panel believes in meeting and discussing potential new stuff often with outside counsel. They also found that, almost always, outside counsel is conservative about when legal holds are necessary.
What keeps Wayne up is the eDiscovery process maps he creates with his clients do not say all decisions should be documented. For example, "this is why I did or did not issue a legal hold."
Vicki thinks they do need to document more. Since we are shooting for "reasonableness" better to show what you considered at the time.
Question from Wayne-How important is communication between inside and outside counsel?
Vinnie's response-Keep it like a working partnership so Vinnie may respond to some discovery requests and outside counsel may respond to others. He thought that the legal bills go down with better communication.
Vickie Lee Clewes, Senior Manager, Commercial Legal Affairs, Gilead Sciences, Inc.
Moderator, Wayne C. Matus, Partner Pillsbury Law Firm
Wayne Matus started the discussion rolling by asking the panel, "What keeps you up at night?"
There were two answers:
- For things like government subpoenas and investigations, it is very hard to have processes already in place, so managing the discovery is very challenging.
- For inside counsel, it is very difficult to manage many legal holds and keep mindful of when they "anticipate" new litigation.
The panel noted it was difficult to have a cohesive company-wide plan. They still had to address the individuality of each office/department while balancing the tie between discovery and risk.
Vinnie thought that "less is more" and that he does not want all of the data, just the relevant stuff.
He gave an example of PST files. They had established a delete policy (60 or 90 days) and used legal hold and archiving tools to move and archive necessary email.
They referred to the Zubulake case (6) and explained that since "terminating employees" could lead to litigation, a best practice would be to freeze all data for terminations for a set period of time.
Question from Wayne-What about the fact that they may get hit with a lawsuit in a new area? The panel believes in meeting and discussing potential new stuff often with outside counsel. They also found that, almost always, outside counsel is conservative about when legal holds are necessary.
What keeps Wayne up is the eDiscovery process maps he creates with his clients do not say all decisions should be documented. For example, "this is why I did or did not issue a legal hold."
Vicki thinks they do need to document more. Since we are shooting for "reasonableness" better to show what you considered at the time.
Question from Wayne-How important is communication between inside and outside counsel?
Vinnie's response-Keep it like a working partnership so Vinnie may respond to some discovery requests and outside counsel may respond to others. He thought that the legal bills go down with better communication.
May 6, 2010
IQPC Judges Panel on eDiscovery
by Cary J. Calderone, Esquire
Readers of this blog know that I am always happy when we have the opportunity to learn about DRED issues directly from judges. I had the privilege of attending the Judges Panel on eDiscovery at the IQPC eDiscovery Conference in San Francisco. This was a very worthwhile session and attendees learned some great insights about the "Real World" of eDiscovery that occurs in actual court cases. And, by actual court cases, I mean the majority of cases you will probably never read about because they do not involve extreme examples of eDiscovery misconduct and multi-million dollar sanctions. Hopefully, these are the cases that your legal matter will most closely resemble. Moderated by Craig Carpenter, V.P. and General Counsel, Recommind, Inc., U.S. Magistrate Judge Robert B. Collings, District of Massachusetts, and U.S. Magistrate Judge Elizabeth D. Laporte, Northern District of California, provided updates to the law. I am happy to report that in the 3-plus years since I have been working almost exclusively with eDiscovery issues, there has been evolution and progress, and there are now better guidelines to help keep your business or department DRED-ready.
Some of Judge Collings recommendations included:
Judge Collings clarified the role of inside versus outside counsel: "What is subject to legal review is the role of outside counsel." He recognized that making money for the corporation and keeping money for the corporation (a penny saved is a penny earned) is a major goal of inside counsel, but noted they will run into problems if Legal Hold notices are not going to the correct custodians or they are not being issued on time.
Judge Laporte referred to the Pension Committee case to remind us that Circuits have different standards for issuing Legal Holds. She also commented on Judge Shira Scheindlin's recent dicta about always issuing a written hold. Judge Laporte observed that "when you have a small family or small business litigant, it could be a very different situation and standard. On the other hand, why wouldn't you issue a Legal Hold?"
Patrick Oot, a well-known eDiscovery expert and Sedona Conference participant made an interesting point from the audience about wage and hour disputes and when you may not want to issue Legal Holds in the standard fashion but might choose to separate the Legal Hold policy from the class certification.
Great point from the Judges on reviewing your own Legal Hold procedures: "Imagine if you have to explain what you are doing to the Judge later." For example, even an email is now a written record of what you did to issue a Legal Hold and it creates a trail. Discussing the Quan case and text messaging, there were conflicting views on what the company policy was. The Judges recommended audits regarding private versus company usage. Best practice, "Have a clear cut policy" and people need to know it!
I had one what I like to call "cringe moment" when Judge Collings mentioned that lawyers are going to have to learn about technology to adequately represent their clients in court. He mentioned the long tradition and ability of lawyers to be able to learn a great deal about a particular subject matter in order to prepare for trial. They can study and learn an amazing amount of information in order to explain the subject to a judge and jury. While judges are never "wrong," they are only "misinterpreted," my worry is that too many techno-deficient lawyers will believe they can learn the technology and its language in a few weeks. They can not. To them, in addition to offering my expert services (shameless plug), I suggest a more appropriate analogy would be like trying to learn to speak French in a few weeks. In other words, learn what you can, but bring your expert interpreter along. Merci beau coup...
Readers of this blog know that I am always happy when we have the opportunity to learn about DRED issues directly from judges. I had the privilege of attending the Judges Panel on eDiscovery at the IQPC eDiscovery Conference in San Francisco. This was a very worthwhile session and attendees learned some great insights about the "Real World" of eDiscovery that occurs in actual court cases. And, by actual court cases, I mean the majority of cases you will probably never read about because they do not involve extreme examples of eDiscovery misconduct and multi-million dollar sanctions. Hopefully, these are the cases that your legal matter will most closely resemble. Moderated by Craig Carpenter, V.P. and General Counsel, Recommind, Inc., U.S. Magistrate Judge Robert B. Collings, District of Massachusetts, and U.S. Magistrate Judge Elizabeth D. Laporte, Northern District of California, provided updates to the law. I am happy to report that in the 3-plus years since I have been working almost exclusively with eDiscovery issues, there has been evolution and progress, and there are now better guidelines to help keep your business or department DRED-ready.
Some of Judge Collings recommendations included:
- Reading the article by Judge Facciola-Federal Courts Law Review on privilege review
- Urging counsel get a court order with respect to a Section 502 waiver
- Whittle eDiscovery down the the issues you have actually have in dispute
- As an Observer to the Sedona Judicial Working Group-Courts are looking for more cooperation between counsel and less adversarial posturing during the Meet and Confer process
- Parties need to be more transparent about what, how, and where their data is located
- Don't take expensive 30(b)6 depositions unless necessary
- Bring your IT experts to the Meet and Confers
- A reasonable proposal and approach will get the Judge's support
- Settling cases for purely economic reasons has always occurred -eDiscovery is exacerbating this
- There is a wide range of parties and sophistication-She has given attorneys eDiscovery homework
- Lawyers who typically do not deal with eDiscovery now have to learn it
- Client is responsible for getting it right-Courts look to see who is really engaged in the wrong-doing (citing Qualcomm case where the court found no bad faith on the part of outside counsel)
- Standard is what is reasonable at the time
- If you agree with opposing counsel as to procedures, and reduce it to writing, you should be safe from sanctions
- Get a section 502 claw-back provision embodied in a court order
- Sanction cases-Repeated misrepresentations and a failure to be careful cause most of the sanctions, regardless of the provision the Judge may cite as authority for imposing sanctions.
Judge Collings clarified the role of inside versus outside counsel: "What is subject to legal review is the role of outside counsel." He recognized that making money for the corporation and keeping money for the corporation (a penny saved is a penny earned) is a major goal of inside counsel, but noted they will run into problems if Legal Hold notices are not going to the correct custodians or they are not being issued on time.
Judge Laporte referred to the Pension Committee case to remind us that Circuits have different standards for issuing Legal Holds. She also commented on Judge Shira Scheindlin's recent dicta about always issuing a written hold. Judge Laporte observed that "when you have a small family or small business litigant, it could be a very different situation and standard. On the other hand, why wouldn't you issue a Legal Hold?"
Patrick Oot, a well-known eDiscovery expert and Sedona Conference participant made an interesting point from the audience about wage and hour disputes and when you may not want to issue Legal Holds in the standard fashion but might choose to separate the Legal Hold policy from the class certification.
Great point from the Judges on reviewing your own Legal Hold procedures: "Imagine if you have to explain what you are doing to the Judge later." For example, even an email is now a written record of what you did to issue a Legal Hold and it creates a trail. Discussing the Quan case and text messaging, there were conflicting views on what the company policy was. The Judges recommended audits regarding private versus company usage. Best practice, "Have a clear cut policy" and people need to know it!
I had one what I like to call "cringe moment" when Judge Collings mentioned that lawyers are going to have to learn about technology to adequately represent their clients in court. He mentioned the long tradition and ability of lawyers to be able to learn a great deal about a particular subject matter in order to prepare for trial. They can study and learn an amazing amount of information in order to explain the subject to a judge and jury. While judges are never "wrong," they are only "misinterpreted," my worry is that too many techno-deficient lawyers will believe they can learn the technology and its language in a few weeks. They can not. To them, in addition to offering my expert services (shameless plug), I suggest a more appropriate analogy would be like trying to learn to speak French in a few weeks. In other words, learn what you can, but bring your expert interpreter along. Merci beau coup...
April 9, 2010
What's that up in the Cloud Part 2? Do you have a Policy?
by Cary J. Calderone, Esquire
In the first article on the subject I presented an overview of some of the risks with moving your company data and/or applications to the Cloud (link to Part 1). This article is about moving to the Cloud whether you want to or not. Let me explain. Do you think you are in control of your companies' data? Maybe, or maybe not! Companies like Dropbox, Mozy and many others are offering free cloud storage to users. And, we are talking about free gigabytes of storage. Enough to hold far too much of your important, privileged and/or proprietary company information. These new product offerings are simple to use, and extremely easy to setup in a matter of a minute or two. This means that if you do not have a policy on storing your work product off site, like on USB flash drives or tapes, then you had better at least get one for Cloud storage. USB ports can be disabled. Stopping user access to all the Cloud storage sites would be very challenging. This means all a user has to do is download a small application, setup a folder on their desktop computer, and from that point forward, anything they place in that folder gets copied to the cloud. As a warning to all my potential clients, you do not want your first knowledge of this new technology coming after you have been served with a Request for Production in a lawsuit.
Now, personally I think this is the greatest thing since sliced bread, or, at least the greatest thing since free personal email accounts. I have setup test accounts with both Mozy and Dropbox. Having the latest copy of my draft blog post available on my netbook, my laptop, or my desktop machine, is a great time saver and backup mechanism. In the past, and even though I seldom need to share my information with another person, I have wasted countless hours and email storage space moving my data from one of my computers to another of my computers via USB or email. I no longer have to do this. Additionally, if I am ever away from one of my computers, I have the option of getting to my data by using any computer that has internet access. In conclusion, two quick words of advise: 1) If your company policies do not cover Cloud storage, they should. 2) If you are a lawyer making a discovery request or taking a deposition, you should know how to ask about this stuff.
In the first article on the subject I presented an overview of some of the risks with moving your company data and/or applications to the Cloud (link to Part 1). This article is about moving to the Cloud whether you want to or not. Let me explain. Do you think you are in control of your companies' data? Maybe, or maybe not! Companies like Dropbox, Mozy and many others are offering free cloud storage to users. And, we are talking about free gigabytes of storage. Enough to hold far too much of your important, privileged and/or proprietary company information. These new product offerings are simple to use, and extremely easy to setup in a matter of a minute or two. This means that if you do not have a policy on storing your work product off site, like on USB flash drives or tapes, then you had better at least get one for Cloud storage. USB ports can be disabled. Stopping user access to all the Cloud storage sites would be very challenging. This means all a user has to do is download a small application, setup a folder on their desktop computer, and from that point forward, anything they place in that folder gets copied to the cloud. As a warning to all my potential clients, you do not want your first knowledge of this new technology coming after you have been served with a Request for Production in a lawsuit.
Now, personally I think this is the greatest thing since sliced bread, or, at least the greatest thing since free personal email accounts. I have setup test accounts with both Mozy and Dropbox. Having the latest copy of my draft blog post available on my netbook, my laptop, or my desktop machine, is a great time saver and backup mechanism. In the past, and even though I seldom need to share my information with another person, I have wasted countless hours and email storage space moving my data from one of my computers to another of my computers via USB or email. I no longer have to do this. Additionally, if I am ever away from one of my computers, I have the option of getting to my data by using any computer that has internet access. In conclusion, two quick words of advise: 1) If your company policies do not cover Cloud storage, they should. 2) If you are a lawyer making a discovery request or taking a deposition, you should know how to ask about this stuff.
March 5, 2010
IQPC eDiscovery Summit in San Francisco coming in April
by Cary J. Calderone, Esquire
For those of you who do not think that a couple of my blog articles will be enough information for you, then consider attending the eDiscovery Summit in San Francisco on April 26-28. I plan on covering the Judges Panel on eDiscovery with U.S. Magistrate Judge, Elizabeth D. Laporte, and another session focused on Cloud Computing and eDiscovery. In 2008 I covered a keynote delivered by Judge Laporte. (link to 2008 keynote article) so I am looking forward to getting an update from her. As I have mentioned on this blog previously, it is a rare treat to be able to get eDiscovery information and education directly from judges, as opposed to interpretations by other "experts" and "pundits." U.S. Magistrate Judge Robert B. Collings is also scheduled to speak. Additionally, there will be quite a few inside counsel who will share their "hands-on" experience with eDiscovery.
For those of you who do not think that a couple of my blog articles will be enough information for you, then consider attending the eDiscovery Summit in San Francisco on April 26-28. I plan on covering the Judges Panel on eDiscovery with U.S. Magistrate Judge, Elizabeth D. Laporte, and another session focused on Cloud Computing and eDiscovery. In 2008 I covered a keynote delivered by Judge Laporte. (link to 2008 keynote article) so I am looking forward to getting an update from her. As I have mentioned on this blog previously, it is a rare treat to be able to get eDiscovery information and education directly from judges, as opposed to interpretations by other "experts" and "pundits." U.S. Magistrate Judge Robert B. Collings is also scheduled to speak. Additionally, there will be quite a few inside counsel who will share their "hands-on" experience with eDiscovery.
Subscribe to:
Posts (Atom)