Subscribe to the
to stay up-to-date on the latest e-discovery trends.
Top Five Steps to Prepare for the Ediscovery-Related Amendments to the Federal Rules of Civil Procedure Cloud Computing: Data Has a New House HOT RELEASE: Concordance® Evolution 2.2.1 LexisNexis now offers Near dupe and email thread software
CALLING ALL AUTHORS! Got an idea for an article? Like something we wrote? Take issue with something? We’d love to hear from you. We’re always looking for feedback.
E-Discovery Checkpoints: A
360-Degree View-Part 3
Identifying, Assembling and Sorting
the Data From the Inside
Susan Winchurch, J.D.
In complex litigation involving discoverable
documents numbering in the tens of thousands, the first critical steps in the
discovery process are taken in-house.
LexisNexis recently assembled four speakers for a
Webinar to address the critical early stages of discovery, presenting the
perspectives of a U.S. Magistrate Judge, an experienced e-discovery litigator,
a corporate data security executive and a litigation technology expert, in a
complex hypothetical computer-hacking case.
Note: This is the
third in a four-part series covering what the speakers had to say. This article will focus on the practical
aspects of locating, identifying and processing of data-key concerns for
in-house attorneys and in-house data security professionals. Previous articles discussed the bench's
expectations for lawyers involved in discovery and the litigator's mandate to
work closely with her client to facilitate efficient production of discovery.
The speakers based their presentations on the
hypothetical case of Beta Co. v. Alpha
Co. which featured two corporate rivals.
Beta, the plaintiff, alleged that Alpha, the defendant, hacked into
Beta's databases in order to pirate proprietary information with the intent to
beat Beta to the market with a competing video game. Alpha countered that Beta launched a social
media campaign against Alpha to generate negative reviews of Alpha's competing
game. The claims ranged from patent infringement to corporate espionage and
implicated a massive volume of potentially discoverable information, spanning
four countries, including 20 million emails.
U.S. Magistrate Judge John M. Facciola started
the discussion by warning that the bench does not tolerate counsel or parties
who ignore discovery management protocols or those who pay only lip service to
the "meet and confer" requirement of Federal Rule of Civil Procedure 26. Lawyers must collaborate meaningfully to find
solutions to a discovery impasse, to demonstrate a firm grasp of the technical
issues inherent in electronic discovery, and to hire competent experts who can
guide them through the process. Lawyers
will need to have a command of the theories of liability underlying the
litigation, the nature of the case, and the appropriate methodologies for
searching, collecting and preserving electronic data. Any claim that a request is overbroad
requires support. "There is not a
federal judge left in the country who is going to let you get away with a one-sentence
page that says 'this is too burdensome,' " said Judge Facciola. Counsel will be called on to demonstrate
exactly why the request cannot be satisfied.
Twenty-five-year litigator and law professor
Mollie C. Nichols of Redgrave LLP, focused on the lawyer's role in counseling
the client, starting by establishing a solid working relationship with in-house
counsel, technology staff and business unit heads, to assess potentially
relevant company information, where it is stored and the technical challenges
inherent in locating and producing the information.
The process starts from the inside. Panelists Matthew McKeever, Vice President of
Security and Compliance with Reed Elsevier, and Trent Walton, President of
Electronic Legal LLC and Cumulus Data LLC, gave insight into the internal data
collection and preservation process.
Breaking it Down
The critical role of the security and compliance
professional emerges instantly, said McKeever.
When a lawsuit is filed, the company needs to be sure from the outset
that "we gather the appropriate data in a systematic and reasonable way," he said. Especially in a hacking case, McKeever noted
that the company needs to keep in mind, as data is assembled, that the civil
case may give rise to criminal allegations, and this possibility must inform
the data collection process from the beginning.
But the fundamental issue, McKeever noted, is the
large amount of data. Immediately, the
company must devise processes for breaking it down and deciding what portion of
it is relevant. Of the 20 million emails
in the database, only a portion of them are relevant. "We need to break that issue down and working
with internal and outside counsel, we need to scope that out," he said. He echoed Nichols' earlier comments, noting
that the company needs to identify its key custodians. In this case, the development teams who
devised the disputed computer game are within the scope of discovery. "But maybe the finance guys are, or are not,
in scope and we need to break that down," he said.
Because data-such as emails-may be dynamic, it is
subject to change and manipulation. The
company needs to implement controls quickly to stop material from being
deleted. At the earliest stage of the
case, McKeever said, "We don't know if it's a hack, or a bad actor on the
inside. We need to be careful, and as
covert as possible, and work with Molly's [legal] team to decide what to
collect," he said.
In a case like Beta v. Alpha, featuring data located in different geographic
locations, collection and assembly becomes more complicated, particularly as
the data crosses borders. Nichols noted
that the privacy laws of the various jurisdictions in which the data resides
will be implicated. For example,
Massachusetts data privacy laws are potentially applicable even if no computer
servers are located in Massachusetts-the involvement of a Massachusetts
resident is sufficient to implicate Massachusetts law, which, Nichols said,
covers the personal information of any Massachusetts resident and dictates how
that information is to be stored and encrypted, possibly even requiring the use
of armed guards if the data resides on non-encrypted backup tapes.
Choose Technology Wisely
As matters become more complicated, so do the
tools that are available for data sorting and likewise the decisions about how
much to spend on forensic and data collection technology.
The company needs to be mindful of costs, Walton
observed. "This is the point where you
can get technical experts involved, and learn about all the latest greatest
techniques to streamline the discovery and project costs." These include encrypted remote forensic
collection devices, being able to project data sizes, and techniques to project
the billable time that could be involved to go through and identify the
data. As useful as these tools are, each
one comes with a price tag, and the company needs to tailor its technology
"spend" to match its actual need.
Walton added that at the preservation stage, it
is important to remember that data doesn't have to be transported across
borders. It can be preserved in the
country in which it was generated. "It
all depends on what we determine to be discoverable evidence," he said.
It falls on the
in-house security expert to work with in-house and outside counsel to decide
what data is confidential, McKeever said.
"When we give out an encrypted hard drive, we need to make it clear if
one party's data is more sensitive than others." For example, the employee who generated
sensitive project plans and market research must be identified so that her data
can be handled appropriately.
also should periodically survey their databases, McKeever said, and identify
where the most sensitive information-such as credit card data-resides so that,
when e-discovery plans are being devised, privacy laws are respected. "It's always good to know where your
sensitive information is, so you can protect it," he said.
Manual Sorting: A Bygone Method
As the company devises its e-discovery plan, the
panel agreed, the idea of manually sorting the data should be dismissed out of
hand. In a case like Beta v. Alpha, the sheer volume of the
information forecloses any notion of manually sorting and delivering data. "If
you came into my court and said that you were going to do this manually you'd
be out of my court in about 30 seconds. I only have an eight-year term and I
don't plan to spend it on this case," Judge Facciola commented. "That's
preposterous." Each side, he said, will
be expected to hire a competent vendor to manage the e-discovery process.
"The judge is spot on here," said McKeever. While as recently as a few years ago, it was
still possible to survey the data "with a few tools and keyword searches and
get down to a manageable lot," today, companies will be dealing not just with
email, but with voicemail, videos, drawings and other media. The company needs to confer with its
e-discovery vendor and devise a method of converting voicemails, videos and
drawings to a reviewable format. The company must work with its vendor to
identify exactly what is relevant. If
there are 80,000 voicemails, perhaps only 100 people will have left potentially
relevant messages. The in-house team
needs to work with counsel to identify what is relevant "so that whatever we're
sending to the vendor is reasonable and helps keep the costs down," McKeever
"The days of linear document-by-document review are pretty much
gone. The amount of data is increasing
exponentially every single year," he said, adding that the volume is so high
and the formats so varied that finding the review methodology is a challenge
unto itself. "A lot is determined during
the meet and confer at the beginning to see what we do have and what techniques
we can apply to these different sources of data and get them down to a
manageable set," he said.
Narrow the Data Set
Also important for companies to remember,
observed Walton, McKeever and Nichols, is the question of preservation versus
production. While a broad set of data
may be preserved internally, the actual data that is subject to discovery
should be reasonable, but narrower. The
company may have 800 vendor contracts in its database, but you must query
whether the contracts with the companies that clean the offices or wash the
outside of the building are relevant.
"You really do have to work with your custodians
and your IT to narrow that data set as much as possible," Nichols said. "That's what the meet and confer is for, but
you have to be working with your client to drill down as to what needs to be
collected and reviewed."
"The name of the game," said Walton, "is what's
reasonable? What type of evidence is in
there, and is it going to be helpful to the case? What are the techniques we can apply to it,
what are the costs associated with it?" It is, he said, a cost-benefit
1. In-house security experts need to be
pro-active in the identification of sensitive data. The process starts with
occasional surveys of a company's databases to identify where particularly
sensitive data resides.
2. Practicality and reasonableness govern
what is produced. If a company has
80,000 voicemails, it must devise a sound methodology for determining which of
the 80,000 are potentially relevant.
3. Manual surveys of documents are a thing of
the past. With ever-increasing volumes
of data, companies must be prepared to hire competent vendors to manage
e-discovery. Courts will not tolerate
any company attempting to pass through a manual review process.
Note: Part 4 of
this series will focus further on the contributions collectively of Magistrate
Judge Facciola, Mollie C. Nichols of Redgrave LLP; Matthew McKeever, VP
Security & Compliance with Reed Elsevier; and Trent Walton, president of
Electronic Legal LLC and Cumulus Data LLC. Part 4 will address emerging trends