Guidance on eDiscovery

By Albert Barsocchini

April 8, 2010

Employers who wish to investigate employee electronic communications need to have clearly articulated written policies that employees do not have any expectation of privacy in their usage of employer provided computers.

In a recent decision by the New Jersey Supreme Court in Stengart v. Loving Care Agency, Inc., a former employee sued her employer for violating New Jersey’s Law Against Discrimination. In response, the employer searched the former employee’s company-owned laptop computer and found, in the web browser’s history, emails she had exchanged with her attorney using her own private, password protected email account. The e-mails were obtained by the forensic imaging of the employee’s company-owned computer.

The employer contended that the employee waived her privilege by using the company’s computer to send emails to her attorney, citing the company’s electronic communications policy, which stated, “Occasional personal use is permitted” and then described several prohibited uses including soliciting for outside business ventures, charitable organizations, or sending inappropriate sexual, discriminatory, or harassing messages.

However, in an effort to protect attorney client communications, the Court concluded that “[A]s written, the policy create[d] ambiguity about whether personal email use is company or private property when using a company owned computer.”

If the attorney / client privilege was not an issue, this case would likely have been decided differently. Why? Because although the Court correctly held Stengart had a limited expectation of privacy when communicating via email with her lawyer, the Court cited the ambiguity of the policy as the reason for its decision. In fact, the Court went on to say that “companies can adopt lawful policies relating to computer use to protect the assets, reputation, and productivity of a business and to ensure compliance with legitimate corporate policies.”

Here’s another example.

The United States Supreme Court recently granted review in Quon, et al. v. Arch Wireless, City of Ontario 2008 WL 2440559 (9th Cir. 2008), in which the Ninth Circuit Court of Appeals found the Ontario Police Department violated the Fourth Amendment when the Police Chief and others read an employee's text messages on employer-provided two-way pagers. This was another case in which the workplace policy regarding text messages was unclear.

It is expected that the Supreme Court will use the Quon case to make it clear that a company’s need to protect its intellectual property and monitor the workforce outweighs any privacy rights of employees, except in very limited situations like protecting attorney client privilege.

With data leakage, fraud, and cybersecurity threats increasing, companies need to be able to proactively audit and investigate all activity on their networks and remediate violations quickly. Clearly written policies about data stored on company computers can help ensure the success of these digital investigations.

By Albert Barsocchini

March 17, 2010

The EDRM framework was never intended to be a linear process, but limitations in technology made eDiscovery both expensive and time consuming because all steps had to be essentially completed in sequential order.  

Traditionally, eDiscovery linear process was: 1) Identify relevant potentially evidence, 2) Preserve, 3) Collect, 4) Process, 5) Review and Analysis, 6) Produce and Present (see the Electronic Discovery Reference Model framework at edrm.net for details).

New advances in technology have now made the eDiscovery process more flexible, faster and cost efficient.

For example, using EnCase eDiscovery's new analysis and review capabilities as an example, legal and IT can analyze and review ESI at any stage of the electronic discovery process, such as during collection, post collection, or during and after processing.  Traditionally, it could only be performed only after collection and processing is complete.

This truly early case assessment capability can significantly reduce costs since counsel will be able to make strategic decisions without having to take the evidence all the way through processing to load file. It allows attorneys to isolate key evidence and privileged documents earlier in the case, limit the scope of a litigation hold, and be better prepared for a meet and confer.

By Albert Barsocchini

February 9, 2010

There is confusion over the term “cloud” computing. In order to define an eDiscovery process around a cloud, you need to understand the type of cloud involved.

Public cloud: Public or external cloud is where resources are dynamically provisioned on a self-service basis over the Internet, via web applications/services, from an off-site third-party provider.  Sometimes referred to as SaaS (software as a service).

Hybrid cloud: A hybrid cloud consists of multiple internal and/or external providers which is typical for most enterprises. A hybrid cloud can consist of a local device, such as a plug in appliance with cloud services.

Private cloud: Private or internal cloud emulates cloud computing on a private network. It delivers some benefits of cloud computing, capitalizing on data security, corporate governance, and reliability. Private clouds require a company to buy, build, and manage them and as such do not benefit from lower up-front capital costs and less hands-on management.

The challenge in eDiscovery is how to collect and document information from the cloud in a legally defensible manner in this complex environment.

By Albert Barsocchini

January 4, 2010

For my first blog of 2010, and in an effort to build upon my last blog series from 2009, I'd like to highlight some recent judicial decisions that underscore why companies should begin bringing the eDiscovery process in-house.

In Phillip M. Adams & Assocs., L.L.C. v. Dell, Inc., 2009 U.S. Dist. LEXIS 26964 (D. Utah Mar. 27, 2009), the court scolded the producing part, Phillip Adams, for not having appropriate technology to reasonable access potentially relevant ESI. The court found it unacceptable for a party to hide behind inadequate information management systems for the reason why it could not produce relevant documents.

In Spieker v. Quest Cherokee, LLC, 2009 WL 2168892 (D. Kan. July 21, 2009) the court admonished defendant for claiming they do not having the ability to generate the requested ESI materials in-house. "This court is aware of no case where a party has been excused from producing discovery because its employees "have not previously been asked to search for and/or produce discovery materials."

Finally, a federal court imposed for the first time a monetary sanction for spoliation against an in-house counsel who was not an attorney of record or a party in the subject litigation. The September 29, 2009 decision comes from US District Court Judge Mary S. Scriven of the Middle District of Florida in Swofford v. Eslinger Case. No.6:08-cv-Orl-35DAB (FL.M.D. Sept. 28, 2009).

The court found the sanctioned in-house counsel was “the sole lawyer responsible for responding to the preservation letters.” and failed to ensure that e-mail, electronic files and other potential evidence was preserved. The court expects in house counsel to take charge of the preservation process. They too are exposed to sanctions, just like their counsel of record, if they are not diligent in the responsibilities they assume.

By Albert Barsocchini

December 15, 2009

The FRCP requirement for companies to have a systemized repeatable and defensible process is hard to accomplish when companies take an ad hoc approach by relying on various third party vendors to handle their eDiscovery obligations. Additionally, the Rule 16, Rule 26(a) and (f), framework for the parties and the court to give early attention to issues relating to electronic discovery is difficult to comply with when outsourcing.

By bringing the ediscovery process in-house, counsel can run their own customized searches and culling techniques to reduce the volume of data and have better control over potentially responsive documents from the time a legal hold is issued, until the time that a load file is generated for any of the leading attorney review platforms.

By Albert Barsocchini

December 11, 2009 

The growing risk of fraud and IP theft in outsourcing is a real concern to companies trying to protect valuable intellectual property. Companies often make the decision without a thorough assessment of the risks involved in determining what is to be outsourced, and to whom. A recent Kroll 2009 Global Fraud Report is a sobering look at the risk of outsourcing. The report noted a significant increase in IP fraud and theft when outsourcing.

Companies are looking at ways to minimize this risk by being more proactive in protecting ESI that leaves there firewall by culling and processing the data before transfer to third parties. An additional concern for attorneys is there ethical and legal obligation to zealously protect client confidences and secrets. That is very hard to do when a third party vendor is both collecting and processing the ESI before an attorney can even review it.

By Albert Barsocchini

December 7, 2009

The rising tide of per gigabyte charges from vendors are forcing companies to take a hard look at ways of bringing the eDiscovery process in house in order to control costs. In fact, at this year’s Association of Corporate Counsel Annual Meeting, the buzz was taking back control of the eDiscovery process from outside counsel, both for cost reasons and to mitigate risk.

This trend is reflected in Fulbright’s 2009 6th Annual Litigation Trend Report. Among the findings noted was a shift toward in-house lawyers managing litigation. That trend means a shift of control of case management from law firms to in-house to save money (at least the small ones) and take control of the eDiscovery process.