Sunday, December 5, 2010
New York Court Allows Discovery of Social Networking Content
Case/Rule Name: Romano v Steelcase Inc., 2010 NY Slip Op 20388, 1 (N.Y. Sup. Ct. Sept. 21, 2010).
Summary: In this personal injury action, the defendant sought access to the "[p]laintiff's current and historical Facebook and MySpace pages and accounts, including all deleted pages and related information upon the grounds that Plaintiff has placed certain information on these social networking sites which are believed to be inconsistent with her claims in this action concerning the extent and nature of her injuries, especially her claims for loss of enjoyment of life."
Though the plaintiff allegedly claimed that she sustained permanent injuries the public portions of her MySpace and Facebook revealed that she was leading an active lifestyle.The Court noted, "[b]oth Facebook and MySpace are social networking sites where people can share information about their personal lives, including posting photographs and sharing information about what they are doing or thinking.
Indeed, Facebook policy states that 'it helps you share information with your friends and people around you,' and that 'Facebook is about sharing information with others.' Likewise, MySpace is a 'social networking service that allows Members to create unique personal profiles online in order to find and communicate with old and news friends;' and, is self-described as an 'online community' where 'you can share photos, journals and interests with your growing network of mutual friends,' and, as a 'global lifestyle portal that reaches millions of people around the world.' Both sites allow the user to set privacy levels to control with whom they share their information."
The Court further noted that "[t]he information sought by Defendant regarding Plaintiff's Facebook and MySpace accounts is both material and necessary to the defense of this action and/or could lead to admissible evidence. In this regard, it appears that Plaintiff's public profile page on Facebook shows her smiling happily in a photograph outside the confines of her home despite her claim that she has sustained permanent injuries and is largely confined to her house and bed.
In light of the fact that the public portions of Plaintiff's social networking sites contain material that is contrary to her claims and deposition testimony, there is a reasonable likelihood that the private portions of her sites may contain further evidence such as information with regard to her activities and enjoyment of life, all of which are material and relevant to the defense of this action. Preventing Defendant from accessing to Plaintiff's private postings on Facebook and MySpace would be in direct contravention to the liberal disclosure policy in New York State."
After briefly discussing the Stored Communications Act, The Court rejected the plaintiffs argument that her privacy rights would be violated if this information on the sites was released. After reviewing several federal and state court decisions, the Court ordered that the defendant be given access to the different social networking sites.
The dangers of BCCing your client
Case/Rule Name: Charm v. Kohn, 27 Mass. L. Rep. 421 at *5-6(Mass. Super. Ct. 2010).
Summary: In a contractual dispute, defendant's counsel sent an e-mail to opposing counsel and blind copied (bcc) his client. His client than proceeded to respond to the e-mail and sent it using the "all reply" function which sent a copy of his privileged communication to opposing counsel.
Defendant's counsel immediately sent a request to opposing counsel to delete the privileged e-mail, but counsel refused to do so. This was the second time this had happened. The Court felt the question was close but refused to find waiver in the case but issued a warning for any future disclosures.
The Court stated, "[o]n balance, and perhaps with some indulgence for human fallibility, the Court finds that Kohn [defendant] has met his burden of showing that he took reasonable (although not maximum) steps to preserve the confidentiality of the particular communication in issue. The Court will therefore allow the motion to strike, and will preclude further use of the e-mail. Kohn [defendant] and his counsel should not expect similar indulgence again.
They, and others, should take note: Reply all is risky. So is bcc. Further carelessness may compel a finding of waiver."
Sunday, December 13, 2009
E-Discovery and the role of the CIO?
As the head gatekeeper of corporate information, the CIO faces many issues around E-discovery. For example, what information retention strategy should the CIO put in place in view of the fact that the company may one day face a significant lawsuit? And what should the role of the CIO be when the organization is threatened with a lawsuit?
Here are five key issues around E-discovery that the CIO needs to be aware of:
1. Litigation is an active and strategic focus of the business
It is important to recognize that in today's business climate, litigation is not always a last-resort alternative. Increasingly, it is becoming an active strategy of the business and is being critically assessed, based on its potential to generate a positive return on investment.
Other strategic factors, such as the potential impact on the organization's reputation and the ability to create competitive advantage, form part of the equation in evaluating litigation as an ongoing strategic focus.
2. In-house counsel should play an important role in information access and management
In many organizations, the in-house counsel group is treated as a separate silo -- a necessary adjunct that is strictly a cost of doing business -- and its role is to react to problems once they arise. But in-house counsel can also be an excellent resource for the CIO, assisting in the building of IT strategies around access to information, document retention, document destruction, information collaboration, and litigation.
E-discovery includes an obligation to preserve all relevant electronic evidence as soon as litigation is threatened or contemplated. That obligation simply cannot be fulfilled in the absence of complete information about the company's information structure and technology. And whose obligation does it become, the CIO's or in-house counsel's? This is an issue that the company needs to address.
3 more issues to come in the next blogpost....
Wednesday, November 18, 2009
7 Key Items When Planning an E-Discovery Strategy
Without an approved governance model, eDiscovery will be prone to failures associated with:
- Ill-defined roles and responsibilities, resulting in everyone doing everything and/or no one doing anything
- Inability to properly monitor the success of or adherence to policy and processes
- Inability to measure the effectiveness of policies and processes
- Inability to track the costs/benefits and properly budget for ongoing operational activities
- Inability to ensure that the eDiscovery strategy continues to align with business strategies
The program needs to encompass four core competencies: guiding/strategizing, designing/coordinating, executing and monitoring. Each of these competencies is necessary to ensure a relevant and sustainable governance model.
- Who will guide the company by defining policy for eDiscovery and aligning it with Information Management / Records Management policy?
- Who will design and coordinate processes to enable each business to consistently fulfill their execution obligations?
- Who within each business will execute and enforce the policies and processes?
- Who will audit and monitor adherence to the policies and processes?
2 -- eDiscovery is risky and costs money.
eDiscovery costs a lot of money. The primary costs occur at the review and the processing stage. The review stage is used to sort out responsive documents to produce and privileged documents to withhold. It is the time where the legal team can begin to gain a greater understanding of the factual issues in a case. 30-70 % of the eDiscovery budget is spent here. The processing stage must accommodate a wide variety of unstructured data, handle each form in a manner appropriate to its file type, and generate output that is structured in accordance with review requirements that often vary with law firm practices and client needs.
Connected to costs is risk. The most obvious risk is that e-mails, files or paper are destroyed after a litigation hold has been called. Sanctions can be significant if this procedure is violated. Such sanctions include but are not limited to:
1) Substantial fines; 2) Adverse inference instructions; and 3) Striking a Claim or Defense.
3 -- You need an e-mail policy with a specific section on eDiscovery.
Your e-mail policy should cover the aspects of eDiscovery. The section should describe what happens when your company is hit by litigation or by subpoena. It should state the mandatory process of litigation hold and all responsible contacts. But keep it simple and useable.
4 -- Use an accepted eDiscovery Framework.
Using an accepted framework helps your organization to speak the same language about the necessary task during the eDiscovery process. There are two common frameworks available:
The Sedona Principles (http://www.thesedonaconference.org), focusing on fourteen best practices recommendations and principles of eDiscovery issues, including comments on their application.
The Electronic Discovery Reference Model EDRM (http://edrm.net), guiding a common, flexible and extensible framework for the development, selection, evaluation and use of electronic discovery products and services. It can be used as the basis for comparison of your current eDiscovery practices
5 -- IT, Legal, Business and Administration must work together.
Being forced by court to produce tons of electronic stored information within a short time frame is the emergency case for IT, Legal, Business and Administration Departments. All four departments are stakeholders within an eDiscovery process and must be recognized by the Governance Model. They must closely work together during the phase of document preservation, document collection, processing, review, analysis and document production. All for one and one for all!
6 -- Think of in-house vs. SaaS and hosted eDiscovery solutions
During the current economic climate it is helpful to think about a hosted email archiving and hosted review platform, in order to avoid spending budgets on an inhouse solution. On the other hand an inhouse solution is a preferred way to control the eDiscovery process.
7 -- eDiscovery is not only an e-mail issue
Although most litigation focuses on e-mail, the changes driven by the Federal Rules of Civil Procedure (FRCP) do not focus on e-mail alone. E-mail is just an example. Other content types on file shares and desktops are of importance and the FRCP requires that all companies who conduct business in the U.S. must:
- Produce electronic information in its native format, with metadata intact (which precludes providing hardcopy of email, for example)
- Prove chain of custody for electronic information
- Ensure litigation hold policies are enforced
- Complete an exhaustive search of all electronically stored information (ESI), noting its description, category and location, prior to the first pre-trial discovery meeting (within 99 days)
- File an electronic discovery plan within 120 days of a complaint being filed in federal court
Tuesday, October 13, 2009
Roadmap to E-Discovery
There are three key components that make up an effective e-discovery and compliance program:
1. Governance
2. Process
3. Technology
Step 1: Governance for Compliance and Policy Management
The first step in developing a sustainable program is to mitigate the inherent discovery risks for your electronically stored information by adopting an enterprise governance package. A governance package sets organizational standards, processes and compliance rules for streamlining document-handling activities, providing ease of reference and reducing the amount
of information you need to manage. A document and records governance package can consist of anynum ber of policies and procedures, based on your organizational culture, external risks, infrastructure complexity and compliance impact.
A governance package can also supply technology domain rules to help your IT department manage your program. These policies and procedures or business rules can affect all of your organizational staff, including external contractors, or they may affect specific functions. At the core some of the rules are Records Management policy or standard, Electronic Messaging policy or standard, enterprise retention schedule, document handling procedures, inactive media and archival standards, Litigation hold order and so on.
Step 2: Process for Knowing your Information Universe
The second step of the e-discovery journey—process— is the most challenging and resource intensive. Understanding how information is processed throughout its lifecycle is essential. Process also means change, especially as it relates to electronically stored information.
If you do not have individual, departmental or functional standards for describing how electronic
documents and e-mail are to be indexed, retained or disposed, any imposed standards can change how you process information.
Implementing information lifecycle standards must account for the functional needs of your organization. But when data can be stored on PC or laptop hard drives, external drives, thumb (universal serial bus or USB) drives, or CDs and DVDs—as well as on servers, external Websites, share drives and backup devices, how can you disclose all of the locations where you
keep electronically stored information? Only by conducting surveys and interviewing users by department or function can you create a realistic picture of your complex enterprise. Only after you capture storage protocols and understand how information is currently cataloged or indexed can you begin to break down the silo effect of storing information. This begins the
process of developing classification standards and local procedures that link with your overall
governance package.
Some key things to think here are Chain of custody and avoiding spoliation, Authenticity, Metadata and "Meet & Confer" standards.
Step 3: Technology to bring it all together
The increasing demand for e-discovery with the exponential increase in electronic information
demands that every organization should be prepared. You should not have to react when litigation arises. You need to man age your information proactively as a core asset, not only to reduce the risk of e-discovery but to increase the productivity of your day-to-day operations. In order to implement a governance package and processes, you need to implement technology to help you manage your information as an asset across your enterprise. The magnitude of
the problem, the volume and wide distribution of information and the implication of not taking proactive measures indicate that managing your information is now mandatory. Organizations around the globe are looking at document and records management solutions with rigorous and unified records management to support their e-discovery preparedness and operational productivity.
Whether information is in a paper document, an elec tronic document or a record, it is discoverable. There fore, you need to capture information upon creation and manage it through its lifecycle to disposition. You need to apply retention management regardless of whether a document is a record, and you need an easy-to-use process for your end users, one that does not require them to know how to use your retention rules. When looking for a document and records man agement system, make sure that all electronically stored information is treated consistently
across your organi zation, that it is easily captured, that it is categorized for easy finding over large volumes and time, that retention policies are applied by default, and that liti ga tion holds are easily applied and managed. Successful document and records management solutions provide value to both end users and your organization while helping you prepare
for e-discovery.
Technology can support your preparedness for e-discovery through some of the following:
• Lifecycle management of electronic information— capturing information at the point of creation and managing it throughout its lifecycle in line with corporate policies
• The ability to capture information easily from existing, commonly used authoring applications, such as Microsoft word and e-mail
•Capturing electronic metadata from an authoring application and preserving it throughout its lifecycle, supporting authenticity for the information
• Managing information, whether a document or a record, according to your organization’s policies for retention and disposition of information
• The ability to prove chain of custody through extensive audit trails that are preserved with your electronic information
• The ability to preserve electronic evidence, including audit trails and business rules for deletion, with security controls
• The ability to find information easily over long periods of time and from former employees
• The ability to preserve electronically stored information for long periods of time, regardless of the technology in which it was created
• The ability to place litigation holds on all forms of electronically stored and physical information, regardless of its format and how many litigation holds may already be in place, to protect you from spoliation and to support your discovery processes
Saturday, September 26, 2009
What's the problem with Information Silos?
Consider how information is managed in one representative organization. In this
organization:
· Unstructured IM includes records management compliance . . . Information managers within one part of the company spearheaded the development of an ECM solution that supports records management to specifically address eDiscovery requirements. This targeted records management initiative addresses the content repositories housing the document types within the scope of this initiative but ignores many other content repositories housing valuable
information supporting other functions.
. . . . While other risk analysts focus on BI. Finance and risk analysts from another part of the company built a BI platform to reconcile disparate financial data from across the organization to provide management with a single source of truth to support financial reporting and risk
analysis. However, they did not scope customer, product, and employee data into this BI
initiative, and disparate versions of this other, critical data remain a problem that affects many
parts of the organization.
· The chief risk officer (CRO) spearheads strategic governance risk and compliance (GRC). . . The chief risk officer’s new initiative drives new policies and business processes to reduce legal and financial risk exposure. This initiative, driven from the CRO down, doesn’t take into account the eDiscovery efforts going on in one part of the organization or the BI efforts taking place in another group. Consequently, the CRO and her team have neither reports nor dashboards that present a unified rollup of all risks facing the enterprise nor scorecards showing how well the company is complying with GRC mandates.
. . . . Creating duplication of resources. The unfortunate result is unnecessary duplication of infrastructure, business and IT resources, applications, and other project deliverables. For
example, the records management initiative could have adopted a broader scope to consolidate
disparate enterprise content management repositories, and the BI initiative could have focused
on the creation of an enterprise data warehouse that could have reconciled and centralized a
wider variety of enterprise data.
But in this example, there is precious little sharing or reuse within and across the diverse IM initiatives. The company wastes valuable money, effort, and time and is hard pressed to document any coherent contribution to its strategic mission.
All of the example company’s projects support a single, top-down, executive-level mandate to
ensure corporate compliance with external regulations. However, per standard practices in many IT organizations, each of these initiatives has its own technical project team, and the various teams have no cross-project coordination or broader architectural strategy that might harmonize their efforts. Senior executives find it difficult to track or align disparate IM initiatives against a common strategic plan. But the example shows that it’s important to keep your IM strategy in sync with your business-level planning framework and priorities to ensure that various IM initiatives contribute to strategic success imperatives, as it has become untenable for CIOs to fund disparate silos that generate a massive number of tools and repositories.
Saturday, August 15, 2009
In the Event of an eDiscovery Emergency, Break Glass: Preparing for the Inevitable
Not having a well thought out information management structure that is adhered to by all employees and a means for quickly organizing the various information repositories and tools can cost more than just money. It can also cost a corporation in terms of lost claims, insufficient defenses, tarnished reputation, and employee frustration and turnover.
Assuming that a corporation has done as much as it possibly can to organize its information and records in a logical fashion while at the same time capturing appropriate metadata and doing all of the other fundamental records management activities, here are two specific things that a corporation can do to prepare for the inevitable litigation, as it is only a matter of time before the corporation wants to sue or is itself sued by another corporation or individual.
Prepare an eDiscovery "Break Glass" Plan
The obligation to preserve records/evidence in any litigation matter arises when litigation has commenced (i.e. the statement of claim has been issued) or it is reasonably foreseeable that litigation will occur. So what happens then? Obviously, relevant records need to be preserved, but how does your corporation go about doing that? It is absolutely essential that an "In the Event of eDiscovery, Break This Glass and Follow These Steps" plan is prepared in close consultation with a corporation's in-house and external legal counsel.
Some of the items to consider in preparing the "Break Glass" plan are as follows:
1. Who is on the eDiscovery Dream Team and who is responsible for notifying them of the actual or threatened litigation? The eDiscovery Dream Team likely comprises your external counsel, who will in all likelihood be leading the charge, together with in-house counsel, IT professionals (system architects, records management system administrators), members of the business that were involved in a particular deal or matter during the honeymoon (which is now ending in divorce) and so on.
2. How will custodians of information/records be identified?
3. Who will prepare the preservation/hold letter or email to send to all custodians?
4. Who will be responsible for taking physical or electronic possession of all relevant records and information sources (i.e. hard drives, etc.)?
5. What procedures will IT use to ensure that all records are collected and stored, including how metadata will be managed, the format that files will take, and so on?
6. When and how will external vendors form a part of the process?
7. Depending on the matter (e.g. termination of an employee), what needs to be done forensically to restore hard drives?
8. What internal auto-deletion processes need to be turned off and for which users/custodians?
Test the "Break Glass" Plan: Carry Out an eDiscovery Fire Drill
It is one thing to have a plan in place, but how well does it work in reality? As the potential consequences of getting eDiscovery wrong can be quite disastrous (for example, imagine if the information collection process/tool changed all of the metadata and made it impossible for any of the records to be authenticated, meaning they were inadmissible in court? Imagine further that in this example, the amount of money at risk in the claim could make or break your company...), it is important that all players involved, from internal IT, Law, and Business groups to external counsel and eDiscovery/records vendors, know their roles and responsibilities and that there are back-up personnel in place in all key areas that know what needs to be done, as timing will be critical.
Make sure that your external consultants and counsel evaluate how well the plan worked and implement their suggestions to improve the process. Every eDiscovery will have its nuances, but if you can have a eDiscovery Break Glass Plan in place, it will at least cover the most important bases and drive your corporation to continually improve its eDiscovery and records management capabilities, which will minimize the cost of eDiscovery and put you in the best position possible to win or significantly reduce potential losses through litigation.