In the age of email, metadata, flash drives, and cloud computing, most attorneys are acutely conscious of their duty to ensure that their clients appropriately preserve documents. An attorney should issue a written litigation hold immediately upon notice of a triggering event (e.g., potential claim) or a suit, whichever comes first. In a perfect world, the initial demand for litigation hold would contain the universe of information necessary to capture all systems and parties relevant to the claim or suit.
But the real world is not always perfect. Lawyers and clients rarely have complete information at the outset of a dispute. As such, document preservation is not a one-time process initiated at the commencement of a case or upon some other pre-litigation triggering event. It is an ongoing obligation, continuing throughout the course of the litigation. With that in mind, here are four things lawyers should do when implementing and updating a litigation hold.
Communicate. Communication is key to effective document preservation. Counsel must communicate with the client and discuss, inter alia, the who (source of potential documents), the what (documents and data the client must preserve), the when (relevant date range), the where (location of documents), and the why (crafting of explanation to be disseminated to employees).
Notably, other parties also may have pertinent information early in the case to which the attorney is not privy, particularly in regard to identifying relevant people who need to receive the litigation hold memo. In In Re Weekley Homes (2009), the Texas Supreme Court encouraged early communication among parties before promulgation of requests for electronic information. It's prudent for attorneys to speak to counsel for other parties to ferret out information pertinent to his or her client's document preservation.
To Continue Reading: Click Here
------------------------------------------------
Source: law.com
By: Barbara S. Nicholas
Wednesday, November 30, 2011
e-Discovery in The Cloud Not As Simple As You Think
Cloud computing is a hot and controversial topic. One recent event highlights the issue that the cloud may not be worth the initial hype.
Two years ago, the City of Los Angeles approved a $7.25 million budget to move its e-mail and productivity infrastructure to Google Apps with the assistance of a systems integration contractor. However, the migration has still not been completed because the Los Angeles Police Department and other agencies are unsatisfied with security related to the handling of criminal history data. The city is also demanding Google and the contractor provide credits to keep an on-premise GroupWise System until November 2012 while it completes the migration. Additional credits are being demanded because “e-Discovery will not be implemented.”
The City of Los Angeles is no different than many other organizations increasingly adopting cloud-based solutions for activities like email archiving, collaboration and storage. Indeed, it is difficult to avoid the buzz-phrase “the cloud” across the information management spectrum. The city’s dissatisfaction, however, highlights problems that are typical of ambitious efforts to transition to an entirely cloud-based solution. The events in L.A. also bring up a thorny issue that many people don’t even think about: eDiscovery in the cloud.
While organizations are utilizing cloud-based solutions more and more, eDiscovery from those solutions often remains an afterthought. In many cases, there is little consideration of how information in the cloud will be placed on legal hold, or how it will be accessed, reviewed and produced in response to litigation or regulatory requests. While there seems to be a widespread assumption that information in the cloud is at an organization’s fingertips at all times with the touch of a search button, that is not necessarily the case.
To Continue Reading: Click Here
------------------------------------------------
Source: forbes.com
By: Barry Murphy
Two years ago, the City of Los Angeles approved a $7.25 million budget to move its e-mail and productivity infrastructure to Google Apps with the assistance of a systems integration contractor. However, the migration has still not been completed because the Los Angeles Police Department and other agencies are unsatisfied with security related to the handling of criminal history data. The city is also demanding Google and the contractor provide credits to keep an on-premise GroupWise System until November 2012 while it completes the migration. Additional credits are being demanded because “e-Discovery will not be implemented.”
The City of Los Angeles is no different than many other organizations increasingly adopting cloud-based solutions for activities like email archiving, collaboration and storage. Indeed, it is difficult to avoid the buzz-phrase “the cloud” across the information management spectrum. The city’s dissatisfaction, however, highlights problems that are typical of ambitious efforts to transition to an entirely cloud-based solution. The events in L.A. also bring up a thorny issue that many people don’t even think about: eDiscovery in the cloud.
While organizations are utilizing cloud-based solutions more and more, eDiscovery from those solutions often remains an afterthought. In many cases, there is little consideration of how information in the cloud will be placed on legal hold, or how it will be accessed, reviewed and produced in response to litigation or regulatory requests. While there seems to be a widespread assumption that information in the cloud is at an organization’s fingertips at all times with the touch of a search button, that is not necessarily the case.
To Continue Reading: Click Here
------------------------------------------------
Source: forbes.com
By: Barry Murphy
Tuesday, November 29, 2011
Obtaining Disclosure of ESI From Non-Parties
It must be hard to be a computer network professional. You're responsible to maintain security, you have little or no control over what people send and receive from the computers you maintain, and you may be the only person with the technical knowledge and access to identify the source and availability of electronically stored information. I imagine these folks hate subpoenas, especially if they have nothing to do with their employer's business.
In Tener v. Cremer,[FOOTNOTE 1] the plaintiff sought to compel a non-party, New York University, to respond to a subpoena that might enable the plaintiff to identify the source of a posting on "Vitals.com," an internet opinion website that advertises itself as the place "where doctors are examined." This appears to be one of many internet sites that solicit opinions that others may use in making consumer decisions, and the plaintiff in Tener was a board certified physician who wanted to sue the author of allegedly defamatory remarks.
The Vitals.com posting was anonymous,[FOOTNOTE 2] but the plaintiff had learned of an Internet Protocol (IP) address[FOOTNOTE 3] associated with the offending message. This IP address did not identify the author's computer, but did lead to the server for the entire computer network maintained by NYU. Relying on this clue, the plaintiff subpoenaed the university, seeking to identify all persons using the NYU server who had accessed the internet on the date of the offensive posting, and to identify which of those computers had connected to the Vitals.com site.
It apparently was not easy for the university to comply with the plaintiff's requests. Although only NYU personnel could obtain access to the system, the "network address translation portal" used by NYU essentially acted as a switchboard, and through this "portal," many thousands of persons had access to outside websites. When NYU did not produce information satisfactory to the plaintiff, she moved to hold the university in contempt of court.
To Continue Reading: Click Here
------------------------------------------------
Source: law.com
By: Thomas F. Gleason
In Tener v. Cremer,[FOOTNOTE 1] the plaintiff sought to compel a non-party, New York University, to respond to a subpoena that might enable the plaintiff to identify the source of a posting on "Vitals.com," an internet opinion website that advertises itself as the place "where doctors are examined." This appears to be one of many internet sites that solicit opinions that others may use in making consumer decisions, and the plaintiff in Tener was a board certified physician who wanted to sue the author of allegedly defamatory remarks.
The Vitals.com posting was anonymous,[FOOTNOTE 2] but the plaintiff had learned of an Internet Protocol (IP) address[FOOTNOTE 3] associated with the offending message. This IP address did not identify the author's computer, but did lead to the server for the entire computer network maintained by NYU. Relying on this clue, the plaintiff subpoenaed the university, seeking to identify all persons using the NYU server who had accessed the internet on the date of the offensive posting, and to identify which of those computers had connected to the Vitals.com site.
It apparently was not easy for the university to comply with the plaintiff's requests. Although only NYU personnel could obtain access to the system, the "network address translation portal" used by NYU essentially acted as a switchboard, and through this "portal," many thousands of persons had access to outside websites. When NYU did not produce information satisfactory to the plaintiff, she moved to hold the university in contempt of court.
To Continue Reading: Click Here
------------------------------------------------
Source: law.com
By: Thomas F. Gleason
Friday, November 25, 2011
How Private Is Your Email? It Depends
Do the police need a warrant to read your email? Believe it or not, two decades into the Internet age, the answer to that question is still "maybe." It depends on how old the email is, where you keep it — and it even depends on whom you ask.
Some big-name tech companies are now asking Congress to step in and clarify Americans' online privacy rights.
If you do run afoul of the law and you happen to be one of the millions of people who use Gmail then cops will likely be directing their inquiries to the legal department at Google, in Mountain View, Calif.
This building has the same college-dorm feel as the rest of the Google campus: a pool table, free food, young people in T-shirts. But that doesn't mean they're not busy. Every month, Google gets about 1,000 government requests for user data.
"We get agents calling us on the phone," says Richard Salgado, senior counsel at Google. "We get faxes and emails and snail mail. Sometimes we'll have an investigator show up in the lobby with a piece of paper."
Salgado says most law enforcement requests are legitimate, and Google complies promptly. But there are times when Google says "not so fast."
To Continue Reading: Click Here
------------------------------------------------
Source: npr.org
By: Martin Kaste
Some big-name tech companies are now asking Congress to step in and clarify Americans' online privacy rights.
If you do run afoul of the law and you happen to be one of the millions of people who use Gmail then cops will likely be directing their inquiries to the legal department at Google, in Mountain View, Calif.
This building has the same college-dorm feel as the rest of the Google campus: a pool table, free food, young people in T-shirts. But that doesn't mean they're not busy. Every month, Google gets about 1,000 government requests for user data.
"We get agents calling us on the phone," says Richard Salgado, senior counsel at Google. "We get faxes and emails and snail mail. Sometimes we'll have an investigator show up in the lobby with a piece of paper."
Salgado says most law enforcement requests are legitimate, and Google complies promptly. But there are times when Google says "not so fast."
To Continue Reading: Click Here
------------------------------------------------
Source: npr.org
By: Martin Kaste
A Growing Trend: Use of E-Discovery 'Special Masters'
The use of e-discovery "special masters" -- who help parties frame and execute the discovery of electronically stored information -- is a growing trend. At last week's Georgetown Law Advanced eDiscovery Institute, there were podium discussions about court-related pilot programs as well as informal conversations among attendees about the new job opportunities.
On a Friday panel, Judge Joy Conti of the U.S. District Court for the Western District of Pennsylvania outlined a pilot project in progress to help ligitants identify and use special masters. Conti, who chairs the court's Alternate Dispute Resolution Implementation Committee, said the court decided to create a list of approved special masters. Finalists were selected for the one year pilot effort, that began in May, she explained.
Acccording to the court's website, a subcommittee, led by Judge Nora Fischer, and including court IT personnel and local practitioners with EDD experience, provided recommendations to the ADR committee, ultimately resulting in approved application and selection criteria. "The final set of criteria approved by the ADR Committee includes active bar admission; demonstrated litigation experience, particularly with electronic discovery; demonstrated training and experience with computers and technology; and mediation training and experience."
To Continue Reading: Click Here
------------------------------------------------
Source: law.com
By: Monica Bay
On a Friday panel, Judge Joy Conti of the U.S. District Court for the Western District of Pennsylvania outlined a pilot project in progress to help ligitants identify and use special masters. Conti, who chairs the court's Alternate Dispute Resolution Implementation Committee, said the court decided to create a list of approved special masters. Finalists were selected for the one year pilot effort, that began in May, she explained.
Acccording to the court's website, a subcommittee, led by Judge Nora Fischer, and including court IT personnel and local practitioners with EDD experience, provided recommendations to the ADR committee, ultimately resulting in approved application and selection criteria. "The final set of criteria approved by the ADR Committee includes active bar admission; demonstrated litigation experience, particularly with electronic discovery; demonstrated training and experience with computers and technology; and mediation training and experience."
To Continue Reading: Click Here
------------------------------------------------
Source: law.com
By: Monica Bay
Sunday, November 20, 2011
Google Apps vs. Microsoft Office: The Battle for Your Business Gets Ugly
Last Monday, I attended Google's Atmosphere, a conference at its Silicon Valley headquarters. Other than journalists, the packed audience consisted of CIOs attending at Google's invitation.
The event's nominal topic was cloud computing, and the speaker lineup -- including Google employee and Internet co-creator Vint Cerf, Harvard Law School Professor Jonathan Zittrain, and DreamWorks Animation's Kate Swanborg -- was impressive. But Google's overarching goal was obvious: It wanted to sell all those CIOs on the idea of dumping Microsoft's venerable Office suite and Exchange server software in favor of its Google Apps services. And maybe even replacing PCs with the Web-centric devices known as Chromebooks.
By bringing so many business IT strategists to its home court, Google hoped to get their undivided attention. But up in Redmond, Wash. Microsoft was busy lobbing snarky little missiles of fear, uncertainty, and doubt in the direction of the conference.
It did so in the form of two blog posts -- here's one, and here's the other -- explicitly designed to raise troubling questions about Google's Atmosphere pitch even before the conference got underway.
To Continue Reading: Click Here
------------------------------------------------
Source: allbusiness.com
By: Harry McCracken
The event's nominal topic was cloud computing, and the speaker lineup -- including Google employee and Internet co-creator Vint Cerf, Harvard Law School Professor Jonathan Zittrain, and DreamWorks Animation's Kate Swanborg -- was impressive. But Google's overarching goal was obvious: It wanted to sell all those CIOs on the idea of dumping Microsoft's venerable Office suite and Exchange server software in favor of its Google Apps services. And maybe even replacing PCs with the Web-centric devices known as Chromebooks.
By bringing so many business IT strategists to its home court, Google hoped to get their undivided attention. But up in Redmond, Wash. Microsoft was busy lobbing snarky little missiles of fear, uncertainty, and doubt in the direction of the conference.
It did so in the form of two blog posts -- here's one, and here's the other -- explicitly designed to raise troubling questions about Google's Atmosphere pitch even before the conference got underway.
To Continue Reading: Click Here
------------------------------------------------
Source: allbusiness.com
By: Harry McCracken
Georgetown Panel Focuses on Discovery Rules
A wide-ranging discussion about e-discovery and the Federal Rules of Civil Procedure highlighted Friday morning's sessions at the Georgetown Law Center Advanced eDiscovery Institute.
The panel, "Future of the Rules/New Developments," included federal judges Joy Flowers Conti, of Pittsburgh, Paul Grimm, of Baltimore, and Lee Rosenthal, of Houston, along with attorneys William Butterfield of the Hausfeld law firm and Jeane Thomas of Crowell & Moring, both of Washington, D.C.
"Take our brains back to what the e-discovery world was a generation ago -- the late 1990s," Rosenthal began. Rules at the time were "the stuff of giant controversy," she noted, taking 20 years to mold and still being abstract and limited. "In the early 2000s we started looking really hard at e-discovery and we all had to go to school."
"The last time the rules were amended to take technology into account was in 1974 when the words data and data compilation were added," Rosenthal continued. Now that sounds quaint. Therefore, "we knew in 2006 [ when the rules were updated] that we were not finished with e-discovery," she said.
Now, the focus is on a FRCP e-discovery subcommittee, the members of which hope to have a rules proposal by March 2012, Grimm said. Whether that will be delivered on time may be determined in a conference call this week. There is also a congressional hearing on Dec. 13, added Butterfield, who is among the scheduled witnesses.
To Continue Reading: Click Here
------------------------------------------------
Source: law.com
By: Evan Koblentz
The panel, "Future of the Rules/New Developments," included federal judges Joy Flowers Conti, of Pittsburgh, Paul Grimm, of Baltimore, and Lee Rosenthal, of Houston, along with attorneys William Butterfield of the Hausfeld law firm and Jeane Thomas of Crowell & Moring, both of Washington, D.C.
"Take our brains back to what the e-discovery world was a generation ago -- the late 1990s," Rosenthal began. Rules at the time were "the stuff of giant controversy," she noted, taking 20 years to mold and still being abstract and limited. "In the early 2000s we started looking really hard at e-discovery and we all had to go to school."
"The last time the rules were amended to take technology into account was in 1974 when the words data and data compilation were added," Rosenthal continued. Now that sounds quaint. Therefore, "we knew in 2006 [ when the rules were updated] that we were not finished with e-discovery," she said.
Now, the focus is on a FRCP e-discovery subcommittee, the members of which hope to have a rules proposal by March 2012, Grimm said. Whether that will be delivered on time may be determined in a conference call this week. There is also a congressional hearing on Dec. 13, added Butterfield, who is among the scheduled witnesses.
To Continue Reading: Click Here
------------------------------------------------
Source: law.com
By: Evan Koblentz
Friday, November 18, 2011
Congress Reschedules Discovery Hearing
On Dec. 13, the U.S. Congress will hear testimony about prospective e-discovery-related additions to the Federal Rules of Civil Procedure -- the first such hearing since the rules were last updated in 2006.
The hearing, entitled "The Costs and Burdens of Civil Discovery," was originally scheduled for Nov. 16. Rep. Trent Franks, R-Ariz., chairman of the Subcommittee on the Constitution, will lead the hearing, which is intended to update the House on recent developments among FRCP committees of the Federal Judiciary and on witnesses' individual senses of which rules work, which do not, and which need modification.
Scheduled witnesses include William Hubbard, assistant professor at the University of Chicago Law School, and Rebecca Love Kourlis, executive director of the University of Denver's Institute for the Advancement of the American Legal System, both of whom spoke this week with Law Technology News.
Hubbard and Love Kourlis both agreed that rule changes are necessary, as the volume of electronically stored information increases faster than lawyers and the e-discovery software industry can keep up.
However, "I don't know what kind of questions I'm going to be asked, to tell you the truth," Hubbard said. "I don't think it's something that has attracted a lot of attention from Congress in the past."
To Continue Reading: Click Here
------------------------------------------------
Source: law.com
By: Evan Koblentz
The hearing, entitled "The Costs and Burdens of Civil Discovery," was originally scheduled for Nov. 16. Rep. Trent Franks, R-Ariz., chairman of the Subcommittee on the Constitution, will lead the hearing, which is intended to update the House on recent developments among FRCP committees of the Federal Judiciary and on witnesses' individual senses of which rules work, which do not, and which need modification.
Scheduled witnesses include William Hubbard, assistant professor at the University of Chicago Law School, and Rebecca Love Kourlis, executive director of the University of Denver's Institute for the Advancement of the American Legal System, both of whom spoke this week with Law Technology News.
Hubbard and Love Kourlis both agreed that rule changes are necessary, as the volume of electronically stored information increases faster than lawyers and the e-discovery software industry can keep up.
However, "I don't know what kind of questions I'm going to be asked, to tell you the truth," Hubbard said. "I don't think it's something that has attracted a lot of attention from Congress in the past."
To Continue Reading: Click Here
------------------------------------------------
Source: law.com
By: Evan Koblentz
Armies of lawyers gird for e-discovery battles in Penn State-Sandusky cases
Penn State and the parties involved by the alleged crimes of Jerry Sandusky will encounter ESI of all sorts in coming wave of litigation
The mushrooming scandal surrounding the allegations of serial child abuse by former Penn State football coach Jerry Sandusky will produce countless lawsuits against countless defendants by a still-unknown number of plaintiffs. A vital weapon in the legal battles will be the multitude of sources and custodians of electronically stored information that could provide vital evidence in lawsuits that will seek damages probably totaling several hundred million dollars.
The cases will provide crucial lessons in records management, preservation of electronically stored information (ESI), the interplay between the paper era and the electronic era, the limits of liability insurance policies where prior knowledge of similar acts was not conveyed to the insurer, best practices in the maintenance of surveillance cameras and devices to protect persons, and many others.
Paying close attention to these lessons will be the General Counsel, records managers, IT and litigation support staffs of all colleges, foundations, not-for-profit organizations, sports teams and public institutions of all kinds
University's 'Right to Know' exemption creates hurdles to ESI
The cases will be fought principally in Pennsylvania, which has laws that provide “blanket exceptions” to Penn State University from compliance with the state’s Right to Know" law, according to Terry Muchler, Executive Director of the Pennsylvania Office of Open Records. Whether in the face of strong public opinion the university foregoes its exemption is not known, though Mutchler tells ACEDS there is a “flurry of legislative activity” around the law.
The Right to Know law does not come into play when litigants sue the university or when criminal investigators or grand juries issue subpoenas. However, electronic communications between players and coaches in the form of emails, texts, and tweets are exempt from public records requests, Mutchler says.
To Continue Reading: Click Here
------------------------------------------------
Source: aceds.org
By: Seth Row and ACEDS staff
The mushrooming scandal surrounding the allegations of serial child abuse by former Penn State football coach Jerry Sandusky will produce countless lawsuits against countless defendants by a still-unknown number of plaintiffs. A vital weapon in the legal battles will be the multitude of sources and custodians of electronically stored information that could provide vital evidence in lawsuits that will seek damages probably totaling several hundred million dollars.
The cases will provide crucial lessons in records management, preservation of electronically stored information (ESI), the interplay between the paper era and the electronic era, the limits of liability insurance policies where prior knowledge of similar acts was not conveyed to the insurer, best practices in the maintenance of surveillance cameras and devices to protect persons, and many others.
Paying close attention to these lessons will be the General Counsel, records managers, IT and litigation support staffs of all colleges, foundations, not-for-profit organizations, sports teams and public institutions of all kinds
University's 'Right to Know' exemption creates hurdles to ESI
The cases will be fought principally in Pennsylvania, which has laws that provide “blanket exceptions” to Penn State University from compliance with the state’s Right to Know" law, according to Terry Muchler, Executive Director of the Pennsylvania Office of Open Records. Whether in the face of strong public opinion the university foregoes its exemption is not known, though Mutchler tells ACEDS there is a “flurry of legislative activity” around the law.
The Right to Know law does not come into play when litigants sue the university or when criminal investigators or grand juries issue subpoenas. However, electronic communications between players and coaches in the form of emails, texts, and tweets are exempt from public records requests, Mutchler says.
To Continue Reading: Click Here
------------------------------------------------
Source: aceds.org
By: Seth Row and ACEDS staff
Georgetown E-Discovery Conference Opens With Case Law Update
The eighth annual Georgetown Law Advanced eDiscovery Institute opened Thursday morning with a fast-paced case law update presented by six of the most well-known jurists in the legal industry: John Facciola (U.S. District Court for the District of Columbia); Lee Rosenthal (U.S. District Court for the Southern District of Texas); Andrew Peck, Shira Scheindlin, and James Francis (all three from the U.S. District Court for the Southern District of New York), and David Waxse (U.S. District Court for the District of Kansas). Baltimore's Paul Grimm was scheduled to participate, but had a conflict and was unable to attend.
The almost-two hour session at the Ritz-Carlton in Arlington, Va., covered cases that illustrated a wide range of issues that were in consideration during 2011.
Francis started with the long-litigated Rambus cases. (Micron Tech, Inc. v. Rambus Inc., 645 F. 3d 1336 (Fed .Cir. 2011), and Hynix Semiconductor, Inc. v. Rambus Inc., 645 F. 3d 1336 (Fed. Cir. 2011), which addressed the issue of when the duty to preserve kicks in, and what is reasonable anticipation of litigation. Francis described the "shredding parties" that Rambus held that were revealed during the litigation. "In some respects, [Rambus] was an easy case," he observed, because it was so dramatic.
But Rosenthal suggested that it is easier to jump to that conclusion after the fact. "The mystery comes in when you are trying to figure out -- not using hindsight, in real time -- if it's reasonable," observed Rosenthal. Scheindlin stressed that "reasonableness" is critical. "Was the conduct reasonable?" she asked, noting this can be a tough question for defendants.
To Continue Reading: Click Here
------------------------------------------------
Source: law.com
By: Monica Bay
The almost-two hour session at the Ritz-Carlton in Arlington, Va., covered cases that illustrated a wide range of issues that were in consideration during 2011.
Francis started with the long-litigated Rambus cases. (Micron Tech, Inc. v. Rambus Inc., 645 F. 3d 1336 (Fed .Cir. 2011), and Hynix Semiconductor, Inc. v. Rambus Inc., 645 F. 3d 1336 (Fed. Cir. 2011), which addressed the issue of when the duty to preserve kicks in, and what is reasonable anticipation of litigation. Francis described the "shredding parties" that Rambus held that were revealed during the litigation. "In some respects, [Rambus] was an easy case," he observed, because it was so dramatic.
But Rosenthal suggested that it is easier to jump to that conclusion after the fact. "The mystery comes in when you are trying to figure out -- not using hindsight, in real time -- if it's reasonable," observed Rosenthal. Scheindlin stressed that "reasonableness" is critical. "Was the conduct reasonable?" she asked, noting this can be a tough question for defendants.
To Continue Reading: Click Here
------------------------------------------------
Source: law.com
By: Monica Bay
Wednesday, November 16, 2011
Best Practices for Social and Mobile Media as Privacy Laws Evolve
As social media and mobile devices and apps ("social-mobile") continue to proliferate in the corporate enterprise, these new forms of collaboration and information sharing are putting a new spin on compliance issues. There has been a tidal wave of publications and seminars of late that address many of these issues. Topics range from preventing trade secrets from leaking on Facebook to the ethics of monitoring current and potential employees in and out of the workplace.
Garnering much less attention are the compliance and risk issues that new marketing initiatives using social-mobile can present. To minimize such issues, legal departments must develop a working relationship with both marketing and IT in order to fully understand how information acquired through social-mobile initiatives is being collected, stored, and utilized by the company, and to assess the impact on the company's electronic discovery, records retention, and regulatory compliance obligations.
In the U.S., several hundred state laws govern data captured by companies, including social-mobile data. These laws include statutes regarding data security and breach response, records retention and destruction, and data privacy regulations aimed at protecting personal information of employees and customers. An alphabet soup of federal regulations (e.g., HIPAA, COPPA, FACTA/FCRA, ECPA, and the VPPA) also governs this data. As emerging technologies continue to challenge societal expectations of privacy, new methods for collecting, storing, aggregating, and sharing information continue to push the boundaries of our legal frameworks. As a result we are now seeing:
To Continue Reading: Click Here
------------------------------------------------
Source: law.com
By: David White
Garnering much less attention are the compliance and risk issues that new marketing initiatives using social-mobile can present. To minimize such issues, legal departments must develop a working relationship with both marketing and IT in order to fully understand how information acquired through social-mobile initiatives is being collected, stored, and utilized by the company, and to assess the impact on the company's electronic discovery, records retention, and regulatory compliance obligations.
In the U.S., several hundred state laws govern data captured by companies, including social-mobile data. These laws include statutes regarding data security and breach response, records retention and destruction, and data privacy regulations aimed at protecting personal information of employees and customers. An alphabet soup of federal regulations (e.g., HIPAA, COPPA, FACTA/FCRA, ECPA, and the VPPA) also governs this data. As emerging technologies continue to challenge societal expectations of privacy, new methods for collecting, storing, aggregating, and sharing information continue to push the boundaries of our legal frameworks. As a result we are now seeing:
To Continue Reading: Click Here
------------------------------------------------
Source: law.com
By: David White
Getting Rid of Data: Why it's So Hard
Many organizations think they are taking the right approach to information overload: buy ever-cheaper storage solutions, lower compliance risk by saving all data and focus more resources on solutions for turning all this data into actionable intelligence. Unfortunately, storing and managing data stores that only get bigger with time is very expensive, and instead of reducing risk, it dramatically increases costs and risks associated with e-discovery.
According to Gartner, IT shops already spend between 2 and 3 percent of revenues on data management, which can add up to hundreds of thousands or even millions of dollars each year. And according to IDC, corporate data volumes grew by about 50 percent last year. The fact is, no matter how inexpensive storage devices become, the total cost of managing data will continue to grow. And while some data must be retained for its business, legal or compliance value, retaining data that has no such value increases the complexity and cost of every hold issued by the legal department in response to an e-discovery request.
How can IT organizations defensibly dispose of data to control IT costs while satisfying the requirement for legal holds? The answer is a robust, cross-functional information governance program.
The Rise of Information Governance
Gartner's defines information governance as "the specification of decision rights and an accountability framework to encourage desirable behavior in the valuation, creation, storage, use, archival and deletion of information. It includes the processes, roles, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals." This complex definition reveals that the domain of information governance is a function of information management and also extends beyond it, because it implies managing information according to its legal and regulatory obligations.
To Continue Reading: Click Here
------------------------------------------------
Source: information-management.com
By: Harry Pugh
According to Gartner, IT shops already spend between 2 and 3 percent of revenues on data management, which can add up to hundreds of thousands or even millions of dollars each year. And according to IDC, corporate data volumes grew by about 50 percent last year. The fact is, no matter how inexpensive storage devices become, the total cost of managing data will continue to grow. And while some data must be retained for its business, legal or compliance value, retaining data that has no such value increases the complexity and cost of every hold issued by the legal department in response to an e-discovery request.
How can IT organizations defensibly dispose of data to control IT costs while satisfying the requirement for legal holds? The answer is a robust, cross-functional information governance program.
The Rise of Information Governance
Gartner's defines information governance as "the specification of decision rights and an accountability framework to encourage desirable behavior in the valuation, creation, storage, use, archival and deletion of information. It includes the processes, roles, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals." This complex definition reveals that the domain of information governance is a function of information management and also extends beyond it, because it implies managing information according to its legal and regulatory obligations.
To Continue Reading: Click Here
------------------------------------------------
Source: information-management.com
By: Harry Pugh
Effective Use of Rule 502(d) in E-Discovery Cases
Used properly, Federal Rule of Evidence 502, and particularly Rule 502(d), can be one of the most valuable assets available to e-discovery counsel in dealing with the attorney-client and attorney work product privileges during review and production of electronically stored information (ESI). Carefully crafting a comprehensive electronic discovery process, and memorializing the process in a court order issued pursuant to Rule 502(d), can effectively minimize the time and expense associated with privilege review and virtually eliminate the potential for waiver of the privileges resulting from disclosure during the production process. Moreover, the privilege protection extends not only to the pending litigation, but also to any other federal or state proceeding.
The current Federal Rule of Evidence 502, which applies only to the attorney-client and attorney-work-product privileges, was passed by Congress on Sept. 8, 2008, and signed into law by the president on Sept. 19, 2008. Rule 502 specifically addresses the circumstances under which the disclosure of privileged information in the course of production in a federal proceeding will, or will not, effect a waiver of the privilege and the scope of the waiver.
The cornerstone of privilege protection under Rule 502 is Rule 502(d), which provides that "[a] Federal court may order that the privilege or protection is not waived by disclosure connected with the litigation pending before the court -- in which event the disclosure is also not a waiver in any other Federal or State proceeding." The protections available under Rule 502(d) do not depend on whether the disclosure was inadvertent. In fact, the Advisory Committee Note to Rule 502(d) establishes that a court order issued under the authority of Rule 502(d) may provide for non-waiver regardless of the care taken by the disclosing party.
To Continue Reading: Click Here
------------------------------------------------
Source: law.com
By: Thomas C. Gricks III
The current Federal Rule of Evidence 502, which applies only to the attorney-client and attorney-work-product privileges, was passed by Congress on Sept. 8, 2008, and signed into law by the president on Sept. 19, 2008. Rule 502 specifically addresses the circumstances under which the disclosure of privileged information in the course of production in a federal proceeding will, or will not, effect a waiver of the privilege and the scope of the waiver.
The cornerstone of privilege protection under Rule 502 is Rule 502(d), which provides that "[a] Federal court may order that the privilege or protection is not waived by disclosure connected with the litigation pending before the court -- in which event the disclosure is also not a waiver in any other Federal or State proceeding." The protections available under Rule 502(d) do not depend on whether the disclosure was inadvertent. In fact, the Advisory Committee Note to Rule 502(d) establishes that a court order issued under the authority of Rule 502(d) may provide for non-waiver regardless of the care taken by the disclosing party.
To Continue Reading: Click Here
------------------------------------------------
Source: law.com
By: Thomas C. Gricks III
Tuesday, November 15, 2011
Exploring Legal Issues in the Cloud
This article is the first in a two-part series examining the potential legal issues – for both the vendor and customer – involved with the deployment of cloud computing solutions.
A study reported earlier this year that 37 percent of all organizations worldwide are deploying cloud computing solutions, and predicted that by 2014, businesses in the U.S. will spend more than $13 billion on cloud computing, a 400 percent increase from today. Many companies are considering moving to cloud service providers that offer access to software applications on a SaaS basis, and many software companies are moving to cloud hosted environments as a means to offer their programs. Cloud computing, however, raises new and challenging legal issues for both cloud computing users and vendors.
Vendors typically have the advantage in negotiations for cloud services because they write the contracts and determine the terms they will offer. Many cloud services, particularly those used by small- and medium-sized companies, are made available only through click-wrap agreements that are non-negotiable. Consistent with the cloud model of a “one size fits all,” commodity service, vendors are also typically reluctant to negotiate different terms for different customers. Customers faced with non-negotiable contracts must review the terms of the agreement and do their diligence on the cloud vendor to be sure that the customer is not taking on more risk than it should and to determine whether the terms of the click-wrap agreement pose any problems to the customer.
Security and Data Privacy Issues
One of the most publicized concerns about the cloud is security and data privacy. Because cloud providers store large volumes of data from various parties, they present an attractive target for hackers. Google, Amazon and Salesforce.com have all reported major data breaches, and a survey this summer found that nearly half of IT executives reported a security lapse or security issue with their cloud services provider within the last 12 months.
A cloud customer could be liable for security breaches by the cloud provider it uses. Therefore, the cloud customer should be sure that their contract protects the customer’s data. Of course, the agreement with the cloud vendor should include confidentiality provisions requiring the vendor to protect the customer’s data as confidential. In addition, the customer should require the vendor to comply with SAS70, or the recent Statement on Standards for Attestation Engagements No. 16 (SSAE 16), which applies to reporting periods ending on or after June 15, 2011. SAS70 and SSAE 16 provide auditing standards covering, among others, a service provider's controls for safeguarding its customer's data. The customer should also require the vendor to comply with ISO 27002, which establishes data security standards. In addition, the customer should require the vendor to conduct the SAS70/SSAE 16 and ISO audits at least annually and the contract should obligate the vendor to correct any deficiencies revealed by the audits.
To Continue Reading: Click Here
------------------------------------------------
Source: wwpi.com
By: Andrew L. Goldstein
A study reported earlier this year that 37 percent of all organizations worldwide are deploying cloud computing solutions, and predicted that by 2014, businesses in the U.S. will spend more than $13 billion on cloud computing, a 400 percent increase from today. Many companies are considering moving to cloud service providers that offer access to software applications on a SaaS basis, and many software companies are moving to cloud hosted environments as a means to offer their programs. Cloud computing, however, raises new and challenging legal issues for both cloud computing users and vendors.
Vendors typically have the advantage in negotiations for cloud services because they write the contracts and determine the terms they will offer. Many cloud services, particularly those used by small- and medium-sized companies, are made available only through click-wrap agreements that are non-negotiable. Consistent with the cloud model of a “one size fits all,” commodity service, vendors are also typically reluctant to negotiate different terms for different customers. Customers faced with non-negotiable contracts must review the terms of the agreement and do their diligence on the cloud vendor to be sure that the customer is not taking on more risk than it should and to determine whether the terms of the click-wrap agreement pose any problems to the customer.
Security and Data Privacy Issues
One of the most publicized concerns about the cloud is security and data privacy. Because cloud providers store large volumes of data from various parties, they present an attractive target for hackers. Google, Amazon and Salesforce.com have all reported major data breaches, and a survey this summer found that nearly half of IT executives reported a security lapse or security issue with their cloud services provider within the last 12 months.
A cloud customer could be liable for security breaches by the cloud provider it uses. Therefore, the cloud customer should be sure that their contract protects the customer’s data. Of course, the agreement with the cloud vendor should include confidentiality provisions requiring the vendor to protect the customer’s data as confidential. In addition, the customer should require the vendor to comply with SAS70, or the recent Statement on Standards for Attestation Engagements No. 16 (SSAE 16), which applies to reporting periods ending on or after June 15, 2011. SAS70 and SSAE 16 provide auditing standards covering, among others, a service provider's controls for safeguarding its customer's data. The customer should also require the vendor to comply with ISO 27002, which establishes data security standards. In addition, the customer should require the vendor to conduct the SAS70/SSAE 16 and ISO audits at least annually and the contract should obligate the vendor to correct any deficiencies revealed by the audits.
To Continue Reading: Click Here
------------------------------------------------
Source: wwpi.com
By: Andrew L. Goldstein
Watchdog (SEC) v. Watchdog (FINRA): Destruction, Doctoring and Deflection
In the first settlement of its kind, FINRA settled with the SEC on October 27, 2011 due to allegations over a 2008 incident where a regional Kansas City office of FINRA doctored documents. The alleged doctored documents were from three internal staff meetings, where information was either edited or deleted and then provided to the SEC with the “inaccurate and incomplete” changes. Mary Shapiro, currently the Chairman of the SEC, is in an interesting spot as she was Chief Executive of FINRA at the time of the alleged wrongdoing. She apparently had no direct involvement with the decision to take action against FINRA.
The motives for doctoring the documents are unclear, and so is whether or not the alterations of the documents led to any material damage other than FINRA’s diminished credibility. Ironically, the SEC has had its own struggles in recent months with a slew of articles published in various newspapers highlighting their own challenges with document retention and the improper destruction of documents. Both of these scenarios have been called to light by whistleblowers within their respective agencies.
These antics certainly pose the question: Is it a good use of taxpayer money to have regulatory agencies fighting each other over document retention and record keeping practices? The answer is probably no. But the first question begs the second: If they don’t do it, who will? While information management is not the sexiest part of the SEC and FINRA’s responsibilities, it certainly is an important one and the foundation of their information intelligence. Without proper document retention and information governance, the probability of connecting the dots to discover insider trading or other malfeasance is low. Moreover, in order for agencies to retain credibility they need to be able to locate documents with ease and speed and those documents must be truthful and accurate.
To Continue Reading: Click Here
------------------------------------------------
Source: eDiscovery 2.0
By: Allison Walton
The motives for doctoring the documents are unclear, and so is whether or not the alterations of the documents led to any material damage other than FINRA’s diminished credibility. Ironically, the SEC has had its own struggles in recent months with a slew of articles published in various newspapers highlighting their own challenges with document retention and the improper destruction of documents. Both of these scenarios have been called to light by whistleblowers within their respective agencies.
These antics certainly pose the question: Is it a good use of taxpayer money to have regulatory agencies fighting each other over document retention and record keeping practices? The answer is probably no. But the first question begs the second: If they don’t do it, who will? While information management is not the sexiest part of the SEC and FINRA’s responsibilities, it certainly is an important one and the foundation of their information intelligence. Without proper document retention and information governance, the probability of connecting the dots to discover insider trading or other malfeasance is low. Moreover, in order for agencies to retain credibility they need to be able to locate documents with ease and speed and those documents must be truthful and accurate.
To Continue Reading: Click Here
------------------------------------------------
Source: eDiscovery 2.0
By: Allison Walton
Are You Operating A Legal Cloud?
Cloud computing did not exist when data protection regulations came in. John Roberts of Redstone explains how to keep within the law
The UK Data Protection Act (DPA) is often regarded as the world’s leading law on protecting personal data. But many UK companies now adopting cloud services are not only putting data at risk, but also themselves, by breaching data protection laws. How do you comply with the DPA, whilst maintaining a cloud presence?
When the UK government passed the DPA in 1998 it was heralded as the definitive way to guarantee personal data was protected. Over the following decade, refinements to the act ensured that personal data was not just secure, but more specifically, it was secure online. This worked well when data was held on-premise, within a company’s own data centre, but the advent of cloud technology has changed all that.
What do we mean by cloud?
Just to be clear, in this context we’re referring to ‘cloud’ as infrastructure as a service. Ask many cloud service providers (CSPs) where a specific piece of data is held, and it would take them a while to answer. In most instances the cloud does not recognise national boundaries. CSPs simply move data across their often globally dispersed infrastructure at will in the most efficient way for them. This means that the IT director no longer knows where his or her data is, nor are they able to comply with the DPA.
To Continue Reading: Click Here
------------------------------------------------
Source: eweekeurope.co.uk
By: John Roberts Redstone
The UK Data Protection Act (DPA) is often regarded as the world’s leading law on protecting personal data. But many UK companies now adopting cloud services are not only putting data at risk, but also themselves, by breaching data protection laws. How do you comply with the DPA, whilst maintaining a cloud presence?
When the UK government passed the DPA in 1998 it was heralded as the definitive way to guarantee personal data was protected. Over the following decade, refinements to the act ensured that personal data was not just secure, but more specifically, it was secure online. This worked well when data was held on-premise, within a company’s own data centre, but the advent of cloud technology has changed all that.
What do we mean by cloud?
Just to be clear, in this context we’re referring to ‘cloud’ as infrastructure as a service. Ask many cloud service providers (CSPs) where a specific piece of data is held, and it would take them a while to answer. In most instances the cloud does not recognise national boundaries. CSPs simply move data across their often globally dispersed infrastructure at will in the most efficient way for them. This means that the IT director no longer knows where his or her data is, nor are they able to comply with the DPA.
To Continue Reading: Click Here
------------------------------------------------
Source: eweekeurope.co.uk
By: John Roberts Redstone
Monday, November 14, 2011
Judge Orders Divorcing Couple To Swap Facebook And Dating Site Passwords
Most divorces require spouses to part with some of their property, but in Connecticut, a soon-to-be ex-husband and wife are being asked to give up more than just investments, cars, TVs, kids, and pets. They have to hand over their social networking passwords. At the end of September, Judge Kenneth Shluger ordered that the attorneys for Stephen and Courtney Gallion exchange “their client’s Facebook and dating website passwords.”
Everyone knows that evidence from social networking sites comes in handy for lawsuits and divorces. Attorneys usually get that material by visiting someone’s page or asking that they turn over evidence from their page, not by signing into their accounts. But judges are sometimes forcing litigants to hand over the passwords to their Facebook accounts. Should they be? What was the reason behind the court-authorized hacking in the Gallion case?
I spoke with Stephen Gallion’s divorce lawyer, Gary Traystman, who amazingly has no computer or e-mail account. “I see the information people can get from computers, in lawsuits and through hacking,” says Traystman. “They scare the hell out of me.”
Traystman tells me that his client saw a few incriminating things on the computer he shares with his wife at home that made him suspect that there would be more evidence in her social networking accounts. Traystman says there was evidence there of how she feels about her children and her ability to take care of them, and that it would help his client in arguing for full custody. During a deposition, Traystman asked Courtney Gallion for the passwords for her Facebook account, as well as EHarmony and Match (which she had apparently already joined). She initially refused but was then counseled by her lawyer to hand them over (Ed. note: questionable legal advice there).
To Continue Reading: Click Here
------------------------------------------------
Source: forbes.com
By: Kashmir Hill
Everyone knows that evidence from social networking sites comes in handy for lawsuits and divorces. Attorneys usually get that material by visiting someone’s page or asking that they turn over evidence from their page, not by signing into their accounts. But judges are sometimes forcing litigants to hand over the passwords to their Facebook accounts. Should they be? What was the reason behind the court-authorized hacking in the Gallion case?
I spoke with Stephen Gallion’s divorce lawyer, Gary Traystman, who amazingly has no computer or e-mail account. “I see the information people can get from computers, in lawsuits and through hacking,” says Traystman. “They scare the hell out of me.”
Traystman tells me that his client saw a few incriminating things on the computer he shares with his wife at home that made him suspect that there would be more evidence in her social networking accounts. Traystman says there was evidence there of how she feels about her children and her ability to take care of them, and that it would help his client in arguing for full custody. During a deposition, Traystman asked Courtney Gallion for the passwords for her Facebook account, as well as EHarmony and Match (which she had apparently already joined). She initially refused but was then counseled by her lawyer to hand them over (Ed. note: questionable legal advice there).
To Continue Reading: Click Here
------------------------------------------------
Source: forbes.com
By: Kashmir Hill
Sunday, November 13, 2011
KPMG Case Fuels Preservation Debate
Electronic discovery experts are on alert about an upcoming preservation ruling in Pippins v. KPMG, a case involving a labor dispute.
Outten & Goulden, representing former KPMG auditor Kyle Pippins and others, won a ruling from Magistrate Judge James Cott of the U.S. District Court for the Southern District of New York stating that KPMG must preserve the computer hard drives of all possible members in the not-yet certified class. KPMG argued that it should only work with 100 sampled drives.
KPMG is appealing to District Court Judge Colleen McMahon, also in the Southern District of New York, and a ruling is expected following a reply from Pippins' team early in December.
Outten & Goulden attorney Lauren Schwartzreich said the lesson is just to cooperate when your side has the opportunity.
"I'm not really concerned about this decision having too broad of an impact on the unintended consequences of mass preservation expectations," Schwartzreich said. "I think that the judge made it pretty clear in his ruling that the basis in his ruling was what he observed to be a lack of cooperation."
To Continue Reading: Click Here
--------------------------------------------------------------
Source: law.com
By: Evan Koblentz
Outten & Goulden, representing former KPMG auditor Kyle Pippins and others, won a ruling from Magistrate Judge James Cott of the U.S. District Court for the Southern District of New York stating that KPMG must preserve the computer hard drives of all possible members in the not-yet certified class. KPMG argued that it should only work with 100 sampled drives.
KPMG is appealing to District Court Judge Colleen McMahon, also in the Southern District of New York, and a ruling is expected following a reply from Pippins' team early in December.
Outten & Goulden attorney Lauren Schwartzreich said the lesson is just to cooperate when your side has the opportunity.
"I'm not really concerned about this decision having too broad of an impact on the unintended consequences of mass preservation expectations," Schwartzreich said. "I think that the judge made it pretty clear in his ruling that the basis in his ruling was what he observed to be a lack of cooperation."
To Continue Reading: Click Here
--------------------------------------------------------------
Source: law.com
By: Evan Koblentz
Facebook to be sued by German data protection authority
Hamburg to bring legal action over facial recognition in photos
The Hamburg Data Protection Authority (DPA) is starting preliminary procedures to bring legal action against Facebook over the facial recognition feature used for photo tagging on the social network. The authority decided that further negotiation is futile after the social networking giant didn't agree to obtain consent from users retroactively.
German data protection laws require companies to clearly inform users about how their personal information is being used and the Hamburg data protection agency says that this didn't happen when Facebook began using facial recognition technology for photo tag suggestions.
As a compromise, Facebook proposed the introduction of a checkbox for users to accept terms and conditions and guidelines on data usage, but the DPA feels that such a solution is not enough to legitimise the collection and use of biometric facial characteristics.
Furthermore, this checkbox would only be available to new users, which means that people who already signed up will not be asked for their consent. Johannes Caspar, the Hamburg commissioner for Data Protection and Freedom of Information, described the results of months of talks with the social networking company as disappointing.
To Continue Reading: Click Here
--------------------------------------------------------------
Source: cfoworld.co.uk
By: Lucian Constantin and Jeremy Kirk
The Hamburg Data Protection Authority (DPA) is starting preliminary procedures to bring legal action against Facebook over the facial recognition feature used for photo tagging on the social network. The authority decided that further negotiation is futile after the social networking giant didn't agree to obtain consent from users retroactively.
German data protection laws require companies to clearly inform users about how their personal information is being used and the Hamburg data protection agency says that this didn't happen when Facebook began using facial recognition technology for photo tag suggestions.
As a compromise, Facebook proposed the introduction of a checkbox for users to accept terms and conditions and guidelines on data usage, but the DPA feels that such a solution is not enough to legitimise the collection and use of biometric facial characteristics.
Furthermore, this checkbox would only be available to new users, which means that people who already signed up will not be asked for their consent. Johannes Caspar, the Hamburg commissioner for Data Protection and Freedom of Information, described the results of months of talks with the social networking company as disappointing.
To Continue Reading: Click Here
--------------------------------------------------------------
Source: cfoworld.co.uk
By: Lucian Constantin and Jeremy Kirk
Using Lean Six Sigma and Predictive Coding to Confront Data Volume
Traditional document review in the age of e-discovery is reaching the point of infeasibility. Setting hordes of attorneys in front of computer screens to review and code millions (sometimes billions) of records is not only prohibitively expensive, but often results in errors and inconsistent quality. At Morgan Lewis, the eData team is leveraging the combination of predictive coding and Lean Six Sigma techniques to offer clients higher-quality, lower-cost document review and thus a promising solution to the volume problem.
PREDICTIVE CODING
In order to reduce discovery costs, our focus is on defensible ways to reduce the volume of documents that require human review while maintaining (or even improving) the accuracy rates of those reviews. In most litigation, a lot of electronically stored information is collected and pushed through the e-discovery pipeline until it lands at the most expensive part of the process: attorney review. Predictive coding is an innovative tool that can help reduce the cost and also increase the accuracy of human document review by leveraging technology to reduce data volumes that require attorney review while enhancing the speed and quality of the review.
The current industry standard is to use keywords, deduplication and similar objective culling criteria to reduce the volume of data and then to perform a linear human review of any records that remain. Predictive coding can eliminate, escalate, categorize, and prioritize records for review, thus decreasing data volumes and enhancing human review.
To Continue Reading: Click Here
--------------------------------------------------------------
Source: law.com
By: Stephanie A. Blair and Tara Lawler
PREDICTIVE CODING
In order to reduce discovery costs, our focus is on defensible ways to reduce the volume of documents that require human review while maintaining (or even improving) the accuracy rates of those reviews. In most litigation, a lot of electronically stored information is collected and pushed through the e-discovery pipeline until it lands at the most expensive part of the process: attorney review. Predictive coding is an innovative tool that can help reduce the cost and also increase the accuracy of human document review by leveraging technology to reduce data volumes that require attorney review while enhancing the speed and quality of the review.
The current industry standard is to use keywords, deduplication and similar objective culling criteria to reduce the volume of data and then to perform a linear human review of any records that remain. Predictive coding can eliminate, escalate, categorize, and prioritize records for review, thus decreasing data volumes and enhancing human review.
To Continue Reading: Click Here
--------------------------------------------------------------
Source: law.com
By: Stephanie A. Blair and Tara Lawler
Wednesday, November 09, 2011
Will New Electronic Discovery Rules Save Organizations Millions or Deny Justice?
Lawyers and federal judges are currently discussing a formal proposal to amend the Federal Rules of Civil Procedure (“Rules”) that could save some organizations millions of dollars. The Rules are significant because they dictate the procedures every party in federal civil court must follow when negotiating the exchange, or discovery, of documents and other information as part of a lawsuit. Sometimes Rule changes simply include minor modifications to add clarity. Other times, Rule changes like those being considered at this week’s Federal Rules Advisory Committee (“Advisory Committee”) meeting on November 7 and 8 in Washington, D.C., are potentially game changing.
A recent jury verdict for almost $1 billion following a court-ordered eDiscovery sanction, combined with a steady overall increase in eDiscovery related sanctions since last year, have helped fuel enterprise concerns about the cost of data preservation. See E.I. Dupont De Nemours and Company v. Kolon Industries, Inc., (E.D. Va. Jul. 21, 2011); and Gibson Dunn, “2011 Mid Year E-Discovery Update” (July 2011) (eDiscovery related sanctions nearly doubled between July 2010 and 2011). As a result of these concerns, many large organizations with massive amounts of electronically stored information (“ESI”), are calling for Rule changes. They are looking to curb the cost of identifying and preserving potentially relevant ESI that could help them avoid paying attorneys millions of dollars to sift through mounds of emails and other electronic files to find the right documents for each new case. These large enterprise litigants claim the lack of clarity in the current Rules unfairly requires organizations to err on the side of preserving evidence early and broadly or face the risk of stiff court sanctions if information that may have been relevant to a case is lost or deleted. They see the problem as a double-edged sword because in many cases, the more ESI preserved, the higher the costs of eDiscovery. On the other hand, failure to preserve enough ESI increases their risk of sanctions.
Millions saved? What’s the problem?
For some, the discussion feels like déjà vu “all over again” considering the Rules were amended in 2006 to address electronic discovery (“eDiscovery”) challenges in a world where paper documents were once the norm. In fact, the 2006 Rule amendments not only clarified that ESI is discoverable in today’s era of electronic information, they provide a framework for addressing eDiscovery that forces parties to develop a proposed discovery plan and discuss “any issues related to disclosure or discovery of electronically stored information. . . .” Fed. R. Civ. P. 26(f)(3)(C). The problem, opponents contend, is that the 2006 Rules are not followed by attorneys or enforced by judges. To lend credibility to their argument, they cite broad judicial endorsement of the Sedona Conference Proclamation. The Proclamation was published by a well-respected legal technology think tank known as the Sedona Conference and it has been referenced frequently across multiple jurisdictions in case law decisions. Typically, the references are admonishments by judges to parties guilty of poor eDiscovery practices. A common mantra among these judges is that if the parties had engaged in “cooperative, collaborative, [and] transparent discovery,” id., as recommended in the proclamation, the problems they encountered could have been avoided. In short, opponents of new Rules tend to invoke the position so eloquently articulated by the sheriff in the 1967 film, Cool Hand Luke, starring Paul Newman: “What we’ve got here is a failure to communicate.”
To Continue Reading: Click Here
--------------------------------------------------------------
Source: forbes.com
By: Matthew Nelson Esq.
A recent jury verdict for almost $1 billion following a court-ordered eDiscovery sanction, combined with a steady overall increase in eDiscovery related sanctions since last year, have helped fuel enterprise concerns about the cost of data preservation. See E.I. Dupont De Nemours and Company v. Kolon Industries, Inc., (E.D. Va. Jul. 21, 2011); and Gibson Dunn, “2011 Mid Year E-Discovery Update” (July 2011) (eDiscovery related sanctions nearly doubled between July 2010 and 2011). As a result of these concerns, many large organizations with massive amounts of electronically stored information (“ESI”), are calling for Rule changes. They are looking to curb the cost of identifying and preserving potentially relevant ESI that could help them avoid paying attorneys millions of dollars to sift through mounds of emails and other electronic files to find the right documents for each new case. These large enterprise litigants claim the lack of clarity in the current Rules unfairly requires organizations to err on the side of preserving evidence early and broadly or face the risk of stiff court sanctions if information that may have been relevant to a case is lost or deleted. They see the problem as a double-edged sword because in many cases, the more ESI preserved, the higher the costs of eDiscovery. On the other hand, failure to preserve enough ESI increases their risk of sanctions.
Millions saved? What’s the problem?
For some, the discussion feels like déjà vu “all over again” considering the Rules were amended in 2006 to address electronic discovery (“eDiscovery”) challenges in a world where paper documents were once the norm. In fact, the 2006 Rule amendments not only clarified that ESI is discoverable in today’s era of electronic information, they provide a framework for addressing eDiscovery that forces parties to develop a proposed discovery plan and discuss “any issues related to disclosure or discovery of electronically stored information. . . .” Fed. R. Civ. P. 26(f)(3)(C). The problem, opponents contend, is that the 2006 Rules are not followed by attorneys or enforced by judges. To lend credibility to their argument, they cite broad judicial endorsement of the Sedona Conference Proclamation. The Proclamation was published by a well-respected legal technology think tank known as the Sedona Conference and it has been referenced frequently across multiple jurisdictions in case law decisions. Typically, the references are admonishments by judges to parties guilty of poor eDiscovery practices. A common mantra among these judges is that if the parties had engaged in “cooperative, collaborative, [and] transparent discovery,” id., as recommended in the proclamation, the problems they encountered could have been avoided. In short, opponents of new Rules tend to invoke the position so eloquently articulated by the sheriff in the 1967 film, Cool Hand Luke, starring Paul Newman: “What we’ve got here is a failure to communicate.”
To Continue Reading: Click Here
--------------------------------------------------------------
Source: forbes.com
By: Matthew Nelson Esq.
Cloud Computing and the Truth About SLAs
I was looking through the program for an upcoming cloud computing conference and noted a number of sessions devoted to negotiating contracts and service level agreements (SLAs) with cloud providers. Reading the session descriptions, one cannot help but draw the conclusion that carefully crafting an SLA is fundamental to successfully using cloud computing.
The sessions described at length how they would help attendees with cloud computing topics like:
* Definitions of uptime, availability and performance
* Negotiation techniques in crafting an SLA
* What factors to include in an SLA: virtual machines availability, response times, network latency, etc.
* Negotiating penalties for SLA violation
The sessions described at length how they would help attendees with cloud computing topics like:
* Definitions of uptime, availability and performance
* Negotiation techniques in crafting an SLA
* What factors to include in an SLA: virtual machines availability, response times, network latency, etc.
* Negotiating penalties for SLA violation
Having sat through a number of discussions on the topic of SLAs, these session descriptions ineluctably brought to mind the following truth: SLAs are not about increasing availability; their purpose is to provide the basis for post-incident legal combat.
However, none of the sessions pointed this out. The session descriptions seem to suggest that clever SLA negotiation somehow ensures that one's applications will be immune to outages.
To Continue Reading: Click Here
--------------------------------------------------------------
Source: computerworld.com
By: Bernard Golden
However, none of the sessions pointed this out. The session descriptions seem to suggest that clever SLA negotiation somehow ensures that one's applications will be immune to outages.
To Continue Reading: Click Here
--------------------------------------------------------------
Source: computerworld.com
By: Bernard Golden
Facebook, social networks, businesses ‘must adhere’ to EU law
The European Commission (EC), the governing body of 27 European member states, wants non-European businesses and social networks, including Facebook and Twitter, that store information on European citizens, to be subject to updated European data protection laws.
The European Commission’s justice commissioner Viviane Reding met with German Consumer Protection Minister Ilse Aigner, said in a joint statement:
“We both believe that companies who direct their services to European consumers should be subject to EU data protection laws. Otherwise, they should not be able to do business on our internal market. This also applies to social networks with users in the EU. We have to make sure that they comply with EU law and that EU law is enforced, even if it is based in a third country and even if its data are stored in a cloud”.
But social networks like Twitter and Facebook could face extreme difficulty in complying with the new law.
Two excerpts from the statement should send shivers down the spine of Facebook founder Mark Zuckerberg. His company was recently found under the privacy spotlight, after one Austrian student disclosed the vast amount of data the social network has on its users, even after the data was seemingly deleted.
To Continue Reading: Click Here
--------------------------------------------------------------
Source: zdnet.com
By: Zack Whittaker
The European Commission’s justice commissioner Viviane Reding met with German Consumer Protection Minister Ilse Aigner, said in a joint statement:
“We both believe that companies who direct their services to European consumers should be subject to EU data protection laws. Otherwise, they should not be able to do business on our internal market. This also applies to social networks with users in the EU. We have to make sure that they comply with EU law and that EU law is enforced, even if it is based in a third country and even if its data are stored in a cloud”.
But social networks like Twitter and Facebook could face extreme difficulty in complying with the new law.
Two excerpts from the statement should send shivers down the spine of Facebook founder Mark Zuckerberg. His company was recently found under the privacy spotlight, after one Austrian student disclosed the vast amount of data the social network has on its users, even after the data was seemingly deleted.
To Continue Reading: Click Here
--------------------------------------------------------------
Source: zdnet.com
By: Zack Whittaker
Tuesday, November 08, 2011
You’re Being Sued. Do You Know Where Your Data Is?
Once upon a time, you simply handed over the contents of your file
cabinets to the lawyers. In the digital age, the task is much more
complicated--and expensive.
Imagine your business is being sued. Suddenly, you're required by law
to unearth and deliver to a competitor or investigator massive amounts of
electronic data—those emails sent by salespeople, your receptionist's instant
messages, CAD files edited by your engineers, and more—with every bit of it
including metadata that reveals exactly when it was created, saved, or
transmitted.
Are you prepared for that?
What we're talking about here is e-Discovery. This is the process of
collecting, analyzing, and exchanging electronic data during litigation or as
part of an investigation by government agencies.
And it's not just a concern for the Apples and the Samsungs of the world that
are well-armed to take on the task. Even the smallest companies are legally on
the hook for doing their own data discovery.
While you can certainly try to do it on you're own, it's far more common to
outsource it.
"E-Discovery is a complicated, messy process," says Andrew Sieja, founder and
CEO of Chicago-based kCura, a company
that makes software called Relativity that manages the processing, review, and
analysis of data. "The collection phase involves the snatching of data from,
say, the laptops of 50 different people. It requires experts to really
understand where to pull data from the network." And then there's the task of
reviewing it. That's when companies rack up about 70 percent of the costs, says
Barry Murphy, principal analyst with eDJ Group, an Austin, Texas-based research
firm that specializes in e-Discovery.
To Continue Reading: Click Here
--------------------------------------------------------------
Source: Inc.com
By: Christina Desmarais
Fulbright’s 2011 Litigation Trends Report Predicts a Constant Litigation Pace and a Swell of Regulatory Investigations
Fulbright & Jaworski has conducted their Litigation Trends survey for nearly the past decade and the results are always interesting since they tend to capture the mindset of inside counsel and litigators as they anticipate the upcoming year. In their 8th Annual Litigation Trends Survey, Fulbright noted that 92% of U.S. respondents predict that litigation will either increase or stay the same in the upcoming year. This trend bodes well for players in the litigation services and eDiscovery sectors, and confirms the counter cyclical nature of the industry. Breaking down the perceived increases across industry verticals, the Survey noted that the biggest anticipated jumps were in the technology, financial services, healthcare and insurance sectors. Meanwhile energy (the leading sector from the prior year) was one of the few that predicted a decrease.
Going behind the scenes, there were a number of factors that caused respondents to predict litigation increases. First and foremost, respondents indicated that “stricter regulation was the number one reason” for the increases, particularly with insurance, financial services, health care and retail sectors. These concerns around regulatory compliance have been increasingly keeping GCs and corporate boards awake as the governance climate continues to heat up. This regulation driver showed a demonstrable increase with 46% of all respondents having retained outside counsel to assist with regulatory proceedings, up from 37% in the prior year. The Survey noted that U.S. companies facing a regulatory investigation were most likely to be under pressure from the DOJ (27%), State Attorney General (24%), OSHA (18%), the EPA (16%) and U.S. Attorney (13%). Also on the regulatory front, U.S. respondents have increasingly begun to recognize the potential jurisdictional reach of the U.K. Bribery Act, with 25% of U.S. companies stating that they have already conducted a review of existing procedures in preparation for implementation.
To Continue Reading: Click Here
------------------------------------------------
Source: e-Discovery 2.0
By: Dean Gonsowski
Going behind the scenes, there were a number of factors that caused respondents to predict litigation increases. First and foremost, respondents indicated that “stricter regulation was the number one reason” for the increases, particularly with insurance, financial services, health care and retail sectors. These concerns around regulatory compliance have been increasingly keeping GCs and corporate boards awake as the governance climate continues to heat up. This regulation driver showed a demonstrable increase with 46% of all respondents having retained outside counsel to assist with regulatory proceedings, up from 37% in the prior year. The Survey noted that U.S. companies facing a regulatory investigation were most likely to be under pressure from the DOJ (27%), State Attorney General (24%), OSHA (18%), the EPA (16%) and U.S. Attorney (13%). Also on the regulatory front, U.S. respondents have increasingly begun to recognize the potential jurisdictional reach of the U.K. Bribery Act, with 25% of U.S. companies stating that they have already conducted a review of existing procedures in preparation for implementation.
To Continue Reading: Click Here
------------------------------------------------
Source: e-Discovery 2.0
By: Dean Gonsowski
Preserving ESI in N.J. Federal Court
Even in the digital age, discovery obligations have not changed: preserve and produce all relevant, nonprivileged information. But, wait too long to preserve documents -- including electronically stored information -- and the stakes are high: e.g.,dismissal of claims, judgment in favor of a prejudiced party, evidence suppression, spoliation adverse inference, deeming facts admitted, striking privilege claims or trial witnesses, fines and/or attorneys' fees and costs.
With such costly sanctions, companies and their counsel in this jurisdiction must recognize that the federal standard regarding when document-preservation obligations are triggered often translates to "sooner than you think." And they must know where some of the unlikely ESI caches may be lurking.
WHEN PRESERVATION DUTIES BEGIN
The 2006 Advisory Committee Notes to FRCP 37(f) point out that "[a] preservation obligation may arise from many sources, including common law, statutes, regulations, or a court order in the case." Issuance of "litigation holds" to company personnel is one aspect of the e-preservation obligation. Unfortunately, "[t]he exact moment of when the duty to impose a 'litigation hold' is vague." Sanofi-Aventis Deutschland GMBH v. Glenmark Pharm., 2010 WL 2652412, at *1, 3 (D.N.J. July 1, 2010).
Common-law evidence-preservation duties arise in a variety of ways prior to litigation, based on the jurisdiction. In the District of New Jersey, "[t]he duty to preserve evidence arises when a party reasonably believes that litigation is foreseeable and, as such, may arise many years before litigation commences." Medeva Pharma Suisse A.G. v. Roxane Lab 2011 WL 310697 (D.N.J. Jan. 28, 2011). "While a litigant is under no duty to keep or retain every document in its possession, even in advance of litigation, it is under a duty to preserve what it knows, or reasonably should know, will likely be requested in reasonably foreseeable litigation." Sanofi, at *1, 3.
To Continue Reading: Click Here
------------------------------------------------
Source: law.com
By: Kristin E. Polovoy
With such costly sanctions, companies and their counsel in this jurisdiction must recognize that the federal standard regarding when document-preservation obligations are triggered often translates to "sooner than you think." And they must know where some of the unlikely ESI caches may be lurking.
WHEN PRESERVATION DUTIES BEGIN
The 2006 Advisory Committee Notes to FRCP 37(f) point out that "[a] preservation obligation may arise from many sources, including common law, statutes, regulations, or a court order in the case." Issuance of "litigation holds" to company personnel is one aspect of the e-preservation obligation. Unfortunately, "[t]he exact moment of when the duty to impose a 'litigation hold' is vague." Sanofi-Aventis Deutschland GMBH v. Glenmark Pharm., 2010 WL 2652412, at *1, 3 (D.N.J. July 1, 2010).
Common-law evidence-preservation duties arise in a variety of ways prior to litigation, based on the jurisdiction. In the District of New Jersey, "[t]he duty to preserve evidence arises when a party reasonably believes that litigation is foreseeable and, as such, may arise many years before litigation commences." Medeva Pharma Suisse A.G. v. Roxane Lab 2011 WL 310697 (D.N.J. Jan. 28, 2011). "While a litigant is under no duty to keep or retain every document in its possession, even in advance of litigation, it is under a duty to preserve what it knows, or reasonably should know, will likely be requested in reasonably foreseeable litigation." Sanofi, at *1, 3.
To Continue Reading: Click Here
------------------------------------------------
Source: law.com
By: Kristin E. Polovoy
Friday, November 04, 2011
Recent Case Law Provides Guidance for ESI Production
Production of electronically stored information (ESI) is now an expected part of the discovery process, and it is important for counsel to be aware of the recent 1st Department decision in Tener v. Cremer[FOOTNOTE 1] which addressed a variety of issues concerning a nonparty's obligation to produce ESI. In light of this decision, which was issued in the context of a contempt motion against a nonparty, counsel should review it as guidance in seeking to understand how courts may view the critical and often issue-dispositive defense of "inaccessibility" to the requested ESI. A recent trial court decision from Monroe County, Dartnell Enter. Inc. v. Hewlett Packard Co.,[FOOTNOTE 2] held that a party must index its ESI to each specific document demand and ordered that responsive materials need to be produced in electronic form (including its metadata), even if "hard" copies of such materials have been produced already. Finally, recent court decisions have found social media ESI to be particularly relevant with respect to the issue of damages, and have authorized its production.
DETERMINING "INACCESSIBILITY"
In Tener, the New York Appellate Division, 1st Judicial Department addressed "the obligation of a nonparty to produce ESI deleted through normal business operations"[FOOTNOTE 3] in connection with an underlying discovery dispute in which the nonparty asserted, as a defense to production, that it "did not have the ability to produce the materials plaintiff demanded" and that "it believed it could not, as a nonparty, be required to install forensic software on its system" that could arguably access such information.
Plaintiff served a subpoena seeking the identity of all persons who accessed the internet on a certain day via a particular IP address in furtherance of prosecuting her defamation claim. The subpoena, accompanied by a preservation letter, was served more than one year after the date in question. The 1st Department noted that "plaintiff's only chance to confirm the identity of the person who allegedly defamed her may lie with [the nonparty]." Movant's computer forensic expert opined that the nonparty could "access the information using software designed to retrieve deleted information." The 1st Department found that because "good cause" had been shown, a cost-benefit analysis was necessitated "to determine whether the needs of the case warrant retrieval of the data."
To Continue Reading: Click Here
------------------------------------------------
Source: law.com
By: Mark A. Berman
DETERMINING "INACCESSIBILITY"
In Tener, the New York Appellate Division, 1st Judicial Department addressed "the obligation of a nonparty to produce ESI deleted through normal business operations"[FOOTNOTE 3] in connection with an underlying discovery dispute in which the nonparty asserted, as a defense to production, that it "did not have the ability to produce the materials plaintiff demanded" and that "it believed it could not, as a nonparty, be required to install forensic software on its system" that could arguably access such information.
Plaintiff served a subpoena seeking the identity of all persons who accessed the internet on a certain day via a particular IP address in furtherance of prosecuting her defamation claim. The subpoena, accompanied by a preservation letter, was served more than one year after the date in question. The 1st Department noted that "plaintiff's only chance to confirm the identity of the person who allegedly defamed her may lie with [the nonparty]." Movant's computer forensic expert opined that the nonparty could "access the information using software designed to retrieve deleted information." The 1st Department found that because "good cause" had been shown, a cost-benefit analysis was necessitated "to determine whether the needs of the case warrant retrieval of the data."
To Continue Reading: Click Here
------------------------------------------------
Source: law.com
By: Mark A. Berman
5 Questions Boards Should Ask About Data Privacy Risks
Have you ever wondered what would happen to your organization if the corporate headquarters burned to the ground? The community and your customers would rally around you. The media would be sympathetic. With all of your corporate data backed up, your company would be back in business within days. And, of course, no organization would even consider not spending the appropriate amount of time, effort and money to protect against this risk.
But what if, instead, the calamity your company experiences is a large data breach of your customers’ private, sensitive information. The community and your customers will revile you, employees will be questioned, regulators will scrutinize your organization and the media will have a field day criticizing you and your business. Ask yourself, honestly, what are the chances you will have a data breach? The truth is: the risks of a data breach are much higher than the possibility of a catastrophic fire.
Any company that has customers needs to be on alert. The average cost of a privacy data breach has now reached $214 per record, according to the Ponemon Institute. And that is expected to rise. In addition, legal obligations and regulatory fines related to a breach are evolving, which creates a level of uncertainty about how to respond when a breach incident occurs. That uncertainty is potentially a very expensive risk.
To Continue Reading: Click Here
------------------------------------------------
Source: forbes.com
By: Bob Gregg
But what if, instead, the calamity your company experiences is a large data breach of your customers’ private, sensitive information. The community and your customers will revile you, employees will be questioned, regulators will scrutinize your organization and the media will have a field day criticizing you and your business. Ask yourself, honestly, what are the chances you will have a data breach? The truth is: the risks of a data breach are much higher than the possibility of a catastrophic fire.
Any company that has customers needs to be on alert. The average cost of a privacy data breach has now reached $214 per record, according to the Ponemon Institute. And that is expected to rise. In addition, legal obligations and regulatory fines related to a breach are evolving, which creates a level of uncertainty about how to respond when a breach incident occurs. That uncertainty is potentially a very expensive risk.
To Continue Reading: Click Here
------------------------------------------------
Source: forbes.com
By: Bob Gregg
Manage ESI Dangers With Targeted Collections
Over the past several years, courts have issued numerous decisions on sanctions for spoliation exclusively involving electronically stored information issues. According to a Duke Law Journal article from spring 2011, 188 different federal district court judges have issued written decisions on e-discovery sanctions, and another 111 federal magistrate judges have written opinions. These numbers do not include 2010, which all commentators agree was a banner year for e-discovery spoliation sanctions.
It seems like every day we read about a new decision on this issue. As a result, there is a growing sentiment among clients and lawyers alike for preservation and over-collection. "Better to be careful than sorry" is the mantra. As a result, data management costs consume litigation budgets in the blink of an eye. Clients are being forced to settle cases because the ESI costs alone make it too expensive to fight. And, all the while, everyone lives in fear of the next big "spoliation" case.
Is this the end of litigation as we know it? No. Like it always does, the pendulum is swinging back. The future is targeted collections. Preservation is cheap; collection and review is incredibly expensive. Smart clients and lawyers will learn how to use targeted collections as the key to bringing sanity back to their litigation practices.
Normally, the typical ESI production works as follows: Clients receive notice of potential litigation. At this point clients must retain all potentially relevant data. However, they are faced with determining the difficult question of what is potentially relevant in many cases where there isn't even a lawsuit yet. So, they do what any other logical person would do; they cast a wide net to preserve as much as possible.
To Continue Reading: Click Here
------------------------------------------------
Source: law.com
By: Dave Walton
It seems like every day we read about a new decision on this issue. As a result, there is a growing sentiment among clients and lawyers alike for preservation and over-collection. "Better to be careful than sorry" is the mantra. As a result, data management costs consume litigation budgets in the blink of an eye. Clients are being forced to settle cases because the ESI costs alone make it too expensive to fight. And, all the while, everyone lives in fear of the next big "spoliation" case.
Is this the end of litigation as we know it? No. Like it always does, the pendulum is swinging back. The future is targeted collections. Preservation is cheap; collection and review is incredibly expensive. Smart clients and lawyers will learn how to use targeted collections as the key to bringing sanity back to their litigation practices.
Normally, the typical ESI production works as follows: Clients receive notice of potential litigation. At this point clients must retain all potentially relevant data. However, they are faced with determining the difficult question of what is potentially relevant in many cases where there isn't even a lawsuit yet. So, they do what any other logical person would do; they cast a wide net to preserve as much as possible.
To Continue Reading: Click Here
------------------------------------------------
Source: law.com
By: Dave Walton
Thursday, November 03, 2011
Court Denies Motion to Re-Tax Costs Related to Conversion of ESI, Including Costs for "Project Management
Jardin v. DATAllegro, Inc., No. 08-CV-1462-IEG (WVG), 2011 WL 4835742 (S.D. Cal. Oct. 12, 2011)
Here, the court denied Plaintiff’s “motion to stay, deny, or re-tax the Clerk’s taxation of costs awarded to Defendants.” Specifically, the court declined to deny or re-tax costs awarded for converting data to the .TIFF format or to deny or re-tax costs related to a project manager who “oversaw the process of converting data to the .TIFF format to prevent inconsistent or duplicative processing.” Regarding the latter, the court reasoned that “[b]ecause the project manager’s duties were limited to the physical production of data, the related costs are recoverable.”
“Rule 54(d) creates a presumption in favor of awarding costs to prevailing parties, and it is incumbent upon the losing party to demonstrate why the costs should not be awarded.” However, "the court's discretion in awarding costs . . . is limited to awarding costs that are within the scope of 28 U.S.C. § 1920." 28 U.S.C. § 1920 lists taxable costs, including “[f]ees for exemplification and the costs of making copies of any materials where the copies are necessarily obtained for use in the case.”
After establishing the relevant legal standard, the court first addressed plaintiff's motion to deny costs entirely and quickly rejected plaintiff's arguments that costs should be denied because "he litigated the action in good faith," because "the issues in the case were close and difficult" or because "there is a significant economic disparity between Microsoft and him." The court then turned to the question of whether the costs should be reduced.
Addressing costs related to the conversion of data to the .TIFF format, the court recognized that “federal courts are divided over whether converting e-data from one format to another is a valid exemplification cost.” However, after noting that the Federal Rules require the production of ESI, the court recognized that “converting data into a format that all parties can utilize not only allows for more efficient and less expensive discovery, but is often necessary for any meaningful discovery at all” and that “the processes required . . . are ‘highly technical’ and ‘substantially different from ‘the types of services that attorneys or paralegals are trained for or capable of providing’’” and thus concluded:
To Continue Reading: Click Here
------------------------------------------------
Source: ediscoverylaw.com
Here, the court denied Plaintiff’s “motion to stay, deny, or re-tax the Clerk’s taxation of costs awarded to Defendants.” Specifically, the court declined to deny or re-tax costs awarded for converting data to the .TIFF format or to deny or re-tax costs related to a project manager who “oversaw the process of converting data to the .TIFF format to prevent inconsistent or duplicative processing.” Regarding the latter, the court reasoned that “[b]ecause the project manager’s duties were limited to the physical production of data, the related costs are recoverable.”
“Rule 54(d) creates a presumption in favor of awarding costs to prevailing parties, and it is incumbent upon the losing party to demonstrate why the costs should not be awarded.” However, "the court's discretion in awarding costs . . . is limited to awarding costs that are within the scope of 28 U.S.C. § 1920." 28 U.S.C. § 1920 lists taxable costs, including “[f]ees for exemplification and the costs of making copies of any materials where the copies are necessarily obtained for use in the case.”
After establishing the relevant legal standard, the court first addressed plaintiff's motion to deny costs entirely and quickly rejected plaintiff's arguments that costs should be denied because "he litigated the action in good faith," because "the issues in the case were close and difficult" or because "there is a significant economic disparity between Microsoft and him." The court then turned to the question of whether the costs should be reduced.
Addressing costs related to the conversion of data to the .TIFF format, the court recognized that “federal courts are divided over whether converting e-data from one format to another is a valid exemplification cost.” However, after noting that the Federal Rules require the production of ESI, the court recognized that “converting data into a format that all parties can utilize not only allows for more efficient and less expensive discovery, but is often necessary for any meaningful discovery at all” and that “the processes required . . . are ‘highly technical’ and ‘substantially different from ‘the types of services that attorneys or paralegals are trained for or capable of providing’’” and thus concluded:
To Continue Reading: Click Here
------------------------------------------------
Source: ediscoverylaw.com
Does the Fifth Amendment Protect Your Encryption Key?
The questions about the ability of the government to obtain information from cell phones and cloud computing providers keep changing as fast as technology changes. Over the last few years, courts have been struggling with the question of when and how police can search cell phones. For example, courts have provided conflicting answers to the question of whether the police may search the contents of a cell phone found on a person arrested for any criminal offense, including minor traffic violations.
In response to these decisions and generalized privacy concerns, people are increasingly using passwords and encryption to protect their phones and data. But this leads to a follow-up question: can law enforcement compel a person to provide a password or encryption key?
The Occupy Wall Street protestors have directly confronted this issue. The Electronic Frontier Foundation published a "Cell Phone Guide for Occupy Wall Street Protesters (and Everyone Else)." In this guide, the EFF recommended that people password protect their phones and encrypt the data. But the guide does not provide a definitive answer about what to do if the police demand the password or encryption key. Instead, the guide merely says, "If the police ask for the password to your electronic device, you can politely refuse to provide it and ask to speak to your lawyer."
Any answer begins with the right to remain silent under the Fifth Amendment. The Fifth Amendment privilege against self-incrimination protects a person from being compelled to provide a testimonial communication that is incriminating in nature. See Schmerber v. California, 384 U.S. 757, 761 (1966).
In cases starting to wind through state and federal courts, the government has sought to compel suspects and defendants to provide passwords and encryption keys. For example, in a Colorado case involving allegations of real estate fraud, the government seized several computers after executing search warrants at the defendant's residence. The government obtained an additional search warrant to search a laptop, but was unable to read the encrypted contents. The government then sought an order compelling the defendant to provide or enter the password.
To Continue Reading: Click Here
------------------------------------------------
Source: law.com
By: Joshua A. Engel
In response to these decisions and generalized privacy concerns, people are increasingly using passwords and encryption to protect their phones and data. But this leads to a follow-up question: can law enforcement compel a person to provide a password or encryption key?
The Occupy Wall Street protestors have directly confronted this issue. The Electronic Frontier Foundation published a "Cell Phone Guide for Occupy Wall Street Protesters (and Everyone Else)." In this guide, the EFF recommended that people password protect their phones and encrypt the data. But the guide does not provide a definitive answer about what to do if the police demand the password or encryption key. Instead, the guide merely says, "If the police ask for the password to your electronic device, you can politely refuse to provide it and ask to speak to your lawyer."
Any answer begins with the right to remain silent under the Fifth Amendment. The Fifth Amendment privilege against self-incrimination protects a person from being compelled to provide a testimonial communication that is incriminating in nature. See Schmerber v. California, 384 U.S. 757, 761 (1966).
In cases starting to wind through state and federal courts, the government has sought to compel suspects and defendants to provide passwords and encryption keys. For example, in a Colorado case involving allegations of real estate fraud, the government seized several computers after executing search warrants at the defendant's residence. The government obtained an additional search warrant to search a laptop, but was unable to read the encrypted contents. The government then sought an order compelling the defendant to provide or enter the password.
To Continue Reading: Click Here
------------------------------------------------
Source: law.com
By: Joshua A. Engel
Wednesday, November 02, 2011
Data Breach Costs: Beware Vendor Contract Fine Print
Organizations often end up paying the consequential costs of data breaches when third-party vendor contracts aren't scrutinized.
Whether it's from a vendor improperly securing database information it's hosting for a customer or a storage company that leaves backup information unlocked in a truck, data breaches caused by third parties happen all the time. If organizations are not careful in the way they construct their contracts with those vendors, the organization itself could end up being on the hook for far more of the breach liability than it expected. But if they do it right, they could use that contract as a tool to mitigate risk to their organization.
"As it currently stands, the focus of risk mitigation with respect to security are technical controls and other security measures, and the importance of the contract as a risk mitigating tool is overlooked," said David Navetta, founding partner of the Information Law Group. "As litigation increases in this area, for risk-conscious organizations, the protections in the service provider contracts are going to become very important."
Litigation in these cases of third-party breaches is a common occurrence, frequently with the third-party organization ducking under the radar as their customer gets hammered by class action suits. For example, when a breach that exposed data for 4.9 million active and retired U.S. military personnel was caused by the theft of backup tapes from the car of an employee at Science Applications International Corp. (SAIC), working on behalf of Tricare, in September, the $4.9 billion lawsuit by affected individuals filed last week was lodged against TRICARE and the Department of Defense, not SAIC.
To Continue Reading: Click Here
------------------------------------------------
Source: informationweek.com
By: Ericka Chickowski
Whether it's from a vendor improperly securing database information it's hosting for a customer or a storage company that leaves backup information unlocked in a truck, data breaches caused by third parties happen all the time. If organizations are not careful in the way they construct their contracts with those vendors, the organization itself could end up being on the hook for far more of the breach liability than it expected. But if they do it right, they could use that contract as a tool to mitigate risk to their organization.
"As it currently stands, the focus of risk mitigation with respect to security are technical controls and other security measures, and the importance of the contract as a risk mitigating tool is overlooked," said David Navetta, founding partner of the Information Law Group. "As litigation increases in this area, for risk-conscious organizations, the protections in the service provider contracts are going to become very important."
Litigation in these cases of third-party breaches is a common occurrence, frequently with the third-party organization ducking under the radar as their customer gets hammered by class action suits. For example, when a breach that exposed data for 4.9 million active and retired U.S. military personnel was caused by the theft of backup tapes from the car of an employee at Science Applications International Corp. (SAIC), working on behalf of Tricare, in September, the $4.9 billion lawsuit by affected individuals filed last week was lodged against TRICARE and the Department of Defense, not SAIC.
To Continue Reading: Click Here
------------------------------------------------
Source: informationweek.com
By: Ericka Chickowski
Google, Microsoft Renew Federal Cloud Email Battle
Interior Department has revamped its request for a cloud email service, and the two tech giants are fighting for it as well as other cloud service deals in government and beyond.
One month after a federal court agreed to drop Google's lawsuit claiming that the Department of the Interior unfairly discriminated against the tech company in favor of Microsoft in a $59 million cloud email contract, the two companies will need to gear up for another fight, as Interior is back in shopping mode.
Google moved in September to dismiss its own case on the grounds that Interior would cancel its old cloud email acquisition and order up a new one, which Interior did by issuing a new request for information for cloud email last Friday. The lawsuit had arisen after Interior sought to award the 88,000-seat email deal to a Microsoft partner, and Google quickly filed suit, claiming the agency had failed to justify its decision to exclude Google from the process.
The suit was just a skirmish in a much larger war that's playing out as more companies and organizations look to cut costs and better leverage internal IT resources by moving their email systems to the cloud. While Microsoft dominates the on-premises email market over former stalwart IBM, the company faces new and aggressive competition in the cloud market from the likes of Google.
To Continue Reading: Click Here
------------------------------------------------
Source: informationweek.com
By: J. Nicholas Hoover
One month after a federal court agreed to drop Google's lawsuit claiming that the Department of the Interior unfairly discriminated against the tech company in favor of Microsoft in a $59 million cloud email contract, the two companies will need to gear up for another fight, as Interior is back in shopping mode.
Google moved in September to dismiss its own case on the grounds that Interior would cancel its old cloud email acquisition and order up a new one, which Interior did by issuing a new request for information for cloud email last Friday. The lawsuit had arisen after Interior sought to award the 88,000-seat email deal to a Microsoft partner, and Google quickly filed suit, claiming the agency had failed to justify its decision to exclude Google from the process.
The suit was just a skirmish in a much larger war that's playing out as more companies and organizations look to cut costs and better leverage internal IT resources by moving their email systems to the cloud. While Microsoft dominates the on-premises email market over former stalwart IBM, the company faces new and aggressive competition in the cloud market from the likes of Google.
To Continue Reading: Click Here
------------------------------------------------
Source: informationweek.com
By: J. Nicholas Hoover
Report: U.K.'s NHS Faces Nearly Five Breaches of Patient Data Per Week
The United Kingdom's National Health Service experiences a patient data breach about five times per week, according to figures released by privacy advocacy group Big Brother Watch, UK Press Association/Google News reports (UK Press Association/Google News, 10/28).
For the report, Big Brother Watch used data obtained through public information requests sent to 428 NHS health care providers in England, Northern Ireland, Scotland and Wales.
Details of Breaches
The group found that between July 2008 and July 2011, 806 separate patient data breaches occurred at 152 NHS facilities (Laja, London Guardian, 10/27). Almost half of the facilities reported that there had been at least one data breach during the past year (Rainey, London Telegraph, 10/28).
To Continue Reading: Click Here
------------------------------------------------
Source: ihealthbeat.org
For the report, Big Brother Watch used data obtained through public information requests sent to 428 NHS health care providers in England, Northern Ireland, Scotland and Wales.
Details of Breaches
The group found that between July 2008 and July 2011, 806 separate patient data breaches occurred at 152 NHS facilities (Laja, London Guardian, 10/27). Almost half of the facilities reported that there had been at least one data breach during the past year (Rainey, London Telegraph, 10/28).
To Continue Reading: Click Here
------------------------------------------------
Source: ihealthbeat.org
Tuesday, November 01, 2011
Privacy compliance needn't be so scary
Regulators looking over your shoulder. Million-dollar fines lurking around the corner. Every flash drive a data breach booby trap. The world of healthcare data privacy may seem scarier than the latest horror flick.
It doesn’t have to be that way.
The 4 data breach response best practices discussed in the previous article can ease the fear factor and allow organizations to achieve what regulators call a “culture of compliance.”
But how do executives and privacy officers know that their compliance activities are effective? We’re not talking compliance with the HIPAA Privacy Rule. Rather, we mean privacy compliance, which offers a broader perspective on the outcome of a data breach response.
No certifying body or standard exists for determining privacy compliance. In the absence of legislation, we’re proposing that organizations set their own standards for measuring the success of a data breach response. The big question is: Has an organization done everything that is reasonable from a patient’s perspective to ensure a positive outcome from a data breach?
When looking at privacy compliance, an organization faces some tough challenges. For instance, a healthcare provider must:
To Continue Reading: Click Here
------------------------------------------------
Source: govhealthit.com
By: Rick Kam and Christine Arevalo
It doesn’t have to be that way.
The 4 data breach response best practices discussed in the previous article can ease the fear factor and allow organizations to achieve what regulators call a “culture of compliance.”
But how do executives and privacy officers know that their compliance activities are effective? We’re not talking compliance with the HIPAA Privacy Rule. Rather, we mean privacy compliance, which offers a broader perspective on the outcome of a data breach response.
No certifying body or standard exists for determining privacy compliance. In the absence of legislation, we’re proposing that organizations set their own standards for measuring the success of a data breach response. The big question is: Has an organization done everything that is reasonable from a patient’s perspective to ensure a positive outcome from a data breach?
When looking at privacy compliance, an organization faces some tough challenges. For instance, a healthcare provider must:
To Continue Reading: Click Here
------------------------------------------------
Source: govhealthit.com
By: Rick Kam and Christine Arevalo
Data protection: The cloud still has a silver lining but it may be costly
Not too long ago, any IT director would have been dismissed as irrational – if not dismissed from the business altogether – for proposing that critical company data be put on a shared computer, accessed via the internet.
Today, the IT industry is exhorting businesses to do just that, through cloud computing.
Some vendors are even bypassing the IT department, and going straight to business units to sell them services such as sales force automation, or customer relationship management. These services are invariably delivered via the cloud.
And by no means all cloud services operate with enterprise-grade security; many have origins in consumer services designed to be cheap and easy to use.
Neil Campbell, general manager for security at Dimension Data, an IT services vendor, cautions: “If it is a consumer service, you would expect basic security controls but not a high level approach to security.”
In part, this is a function of how cloud computing works. In order to be cost-effective, providers have to take a “one size fits all” approach to their business, including security. By comparison, much enterprise IT would more closely resemble bespoke tailoring.
William Beer, a director in the information security practice at PwC, the processional services firm, explains: “Vendors have focused on the flexibility and cost-saving elements of the cloud and have locked down the contracts very tightly. It’s a service that they want to be replicable.”
To Continue Reading: Click Here
------------------------------------------------
Source: ft.com
By: Stephen Pritchard
Today, the IT industry is exhorting businesses to do just that, through cloud computing.
Some vendors are even bypassing the IT department, and going straight to business units to sell them services such as sales force automation, or customer relationship management. These services are invariably delivered via the cloud.
And by no means all cloud services operate with enterprise-grade security; many have origins in consumer services designed to be cheap and easy to use.
Neil Campbell, general manager for security at Dimension Data, an IT services vendor, cautions: “If it is a consumer service, you would expect basic security controls but not a high level approach to security.”
In part, this is a function of how cloud computing works. In order to be cost-effective, providers have to take a “one size fits all” approach to their business, including security. By comparison, much enterprise IT would more closely resemble bespoke tailoring.
William Beer, a director in the information security practice at PwC, the processional services firm, explains: “Vendors have focused on the flexibility and cost-saving elements of the cloud and have locked down the contracts very tightly. It’s a service that they want to be replicable.”
To Continue Reading: Click Here
------------------------------------------------
Source: ft.com
By: Stephen Pritchard
Could E-Discovery Taxation Alter Discovery Paradigm?
The rising cost of e-discovery is well-known by litigants, particularly corporate defendants with multiple terabytes of electronically stored information that can become discoverable in litigation. For years, courts and litigants have struggled with the complexity and cost of e-discovery to the point that in many cases e-discovery has become the proverbial tail that wags the dog.
A pair of recent rulings from district courts in the 3rd Circuit, however, offers new hope for litigants hoping to control their e-discovery costs. In Race Tires America Inc., v. Hoosier Racing Tire Corp., a May 6 opinion, and Hank's Beverage Co. v. Ajinomoto Co., a July 26 case, district courts in the Western District of Pennsylvania and the Eastern District of Pennsylvania, respectively, approved the taxation of hundreds of thousands of dollars in e-discovery costs under Rule 54.
The prospect that parties requesting ESI in discovery may be forced to bear at least some of the e-discovery costs incurred by producing parties is a tectonic shift in litigation that may change the way in which e-discovery is handled in the future. This article will examine the possibility that federal courts across the country will follow the trend set by the 3rd Circuit and explore the ways that litigants may respond to the potential taxation of e-discovery costs.
TAXATION OF E-DISCOVERY COSTS IN THE 3RD CIRCUIT
Federal Rule of Civil Procedure 54(d) provides that a prevailing party may recover various costs. These costs, in turn, are specifically enumerated under 28 U.S.C. § 1920 and include "fees for exemplification and the costs of making copies of any materials where the materials are necessarily obtained for use in the case." Importantly, the language of § 1920(4) was amended in 2008: the amendment changed the phrase "fees for exemplifications of copies of papers" to "fees for exemplification and the costs of making copies of any materials." (emphasis added). This change in language has led two district courts within the 3rd Circuit to recently consider the technical complexities of discovery in modern litigation and to allow recovery of some e-discovery costs.
To Continue Reading: Click Here
------------------------------------------------
Source: law.com
By: Philip Yannella
A pair of recent rulings from district courts in the 3rd Circuit, however, offers new hope for litigants hoping to control their e-discovery costs. In Race Tires America Inc., v. Hoosier Racing Tire Corp., a May 6 opinion, and Hank's Beverage Co. v. Ajinomoto Co., a July 26 case, district courts in the Western District of Pennsylvania and the Eastern District of Pennsylvania, respectively, approved the taxation of hundreds of thousands of dollars in e-discovery costs under Rule 54.
The prospect that parties requesting ESI in discovery may be forced to bear at least some of the e-discovery costs incurred by producing parties is a tectonic shift in litigation that may change the way in which e-discovery is handled in the future. This article will examine the possibility that federal courts across the country will follow the trend set by the 3rd Circuit and explore the ways that litigants may respond to the potential taxation of e-discovery costs.
TAXATION OF E-DISCOVERY COSTS IN THE 3RD CIRCUIT
Federal Rule of Civil Procedure 54(d) provides that a prevailing party may recover various costs. These costs, in turn, are specifically enumerated under 28 U.S.C. § 1920 and include "fees for exemplification and the costs of making copies of any materials where the materials are necessarily obtained for use in the case." Importantly, the language of § 1920(4) was amended in 2008: the amendment changed the phrase "fees for exemplifications of copies of papers" to "fees for exemplification and the costs of making copies of any materials." (emphasis added). This change in language has led two district courts within the 3rd Circuit to recently consider the technical complexities of discovery in modern litigation and to allow recovery of some e-discovery costs.
To Continue Reading: Click Here
------------------------------------------------
Source: law.com
By: Philip Yannella
Subscribe to:
Posts (Atom)
