IT Law Today

IT Law Today

News & Updates on the Lifecycle of Electronic
Information Management

About IT Law Today

From insight into hot button issues like BYOD and PII to EIM industry news, IT Law Today is specifically geared toward the in-house counsel or professional seeking to keep abreast of the latest legal, IT and practical developments....More...

ESI & eDiscovery FRCP Changes @ 12/1/15 — While You Were Leftover-Eating

Posted in eDiscovery Law & Process, Federal Rules Changes, Meet and Confer, Preservation and Spoliation, Privilege Clawbacks

frcp-2015

Introduction Now that you’ve likely had your fill of turkey sandwiches, turkey salad, turkey soup and the like, there is a new development on which to focus.  On midnight December 1, 2015 the eDiscovery-related Federal Rules of Civil Procedure changed for the first time since their adoption exactly nine years ago. The changes fall into three categories:

  • I.     FRCP 26(b)(1)’s very definition of the scope of discovery now seems narrower than under the old version in that it includes a “proportional to the needs of the case” requirement.
  • II.     FRCP 37(e) now consists of an entirely rewritten rule as to spoliation (non-preservation) sanctions when electronically stored information (ESI) is at issue.
  • III.   A whole series of changes to various FRCP provisions have been enacted with the goals of increasing efficiency and cooperation and decreasing costs and delays.

This blog post covers some of the highlights as well as the potential impacts on each front – from both the optimistic and pessimistic points of view.      To learn more, I suggest you attend one of the following:

 proportional

I.  FRCP 26(b)(1) – Discovery’s Scope Defined to Include Proportionality

For decades, the old version of 26(b)(1) had been a mash-up of two vague and disparate definitions, namely “ . . . reasonably calculated to lead to the discovery of admissible evidence . . .” and “ . . . relevant to any party’s claim or defense . . .”  Proportionality factors existed implicitly but were merely cross-referenced vaguely in 26(b)(1) and buried way down in 26(b)(2)(C) and in the corresponding Advisory Committee Note. Now, 26(b)(1)’s definition of the scope of discovery simply begins with “Parties may obtain discovery regarding any nonprivileged matter that is relevant to any party’s claim or defense and proportional to the needs of the case,  . . . ” and then proceeds right into a modified list of the old 26(b)(2)(C)’s proportionality factors.  Those factors include the “amount in controversy” and “the parties’ resources”. As to possible impacts of this change:

  • Optimistic View re: Amended 26(b)(1)

HappyLawyersKickLine

  • Fishing expeditions can now be reined in more readily.
  • A responding party that is facile with its ESI environment will be more readily able to convince the other side (and, if need be, the judge) to reduce the scope of discovery.
  • Even before its effective date this new version of 26(b)(1) was already being effectively employed in some decisions.  See Samantha V. Ettari, Proportionality: The (Not So) New Kid on the Block, NYLJ (Oct. 5, 2015), citing various decisions, including:
  • This rule, when combined with amended FRCP 37(e) [see Section II below], implicitly adopts the logical holding of Pippins v. KPMG, 279 F.R.D. 245, 255 (S.D.N.Y. 2/3/12) (“proportionality   is necessarily a factor in determining a party’s preservation obligations”).
  • This rule, when combined with amended FRCP 1 – that now makes clear that not only the court but also the parties have a duty “to secure the just, speedy, and inexpensive determination of every action” – will foster collaboration and cooperation by prodding the parties to try to work together to refine scope
  • Pessimistic View re: Amended 26(b)(1)

Thumbdown

  • The newly amended rule will lead to:
    • more disputes and to costly motions entailing “discovery about discovery”; and
    • thereby a producing party having to spend on discovery motion practice to make an argument that it should be spending on discovery.
  • Results at home may vary, i.e., the contours of discovery will still be highly dependent on the proclivities and tech-savvy-ness (or relative lack thereof) of the particular judge or magistrate judge.

Flowchart

II.  FRCP 37(e) – New Version May Make it Easier to Fend off Spoliation Sanctions

From December 1, 2006 to November 30, 2015, FRCP 37(e) [re-lettered from 37(f) during that time] consisted of a potential “good faith” defense as to sanctions requests based only on the federal rules.  In other words, other sources of sanctions – such as the court’s “inherent power” – still loomed over a party accused of spoliation. In addition to that big loophole, that old version was skimpy and deficient in that it did not touch on any of the elements of spoliation, such as the requisite mental state to demonstrate a lack of “good faith,” i.e. to show bad faith.  Thus, different Circuits established different standards for “culpable state of mind”. Nor did the old rule distinguish among different types of spoliation sanctions, such that the severity of such sanctions varied nationwide and was always completely discretionary. As in the past, this rule applies only to ESI spoliation determinations. But the post-12/1/15 version of FRCP 37(e) takes a much different approach by actually defining a set of elements and also laying out – in a flowchart-type approach – the hurdles an accusing/requesting party must leap before getting any spoliation sanctions, let alone severe ones. As depicted wonderfully in this flowchart created by Eric Mandel, the new approach goes something like this:

  • If no ESI has been lost, the inquiry ends 
  • If there has been a loss of ESI as to which there was a duty to preserve, then if the producing party took “reasonable steps to preserve,” the inquiry ends.
  • If “reasonable steps” were not taken and there were resulting prejudice to the requesting party but the lost ESI can be replaced, . . . then there will not be sanctions.
  • But if the lost ESI cannot be replaced, then:
    • if the producing (non-preserving) party had no “intent to deprive,” then at most only curative measures/sanctions can ensue
    • but if there were an  “intent to deprive,” only then can the judge issue one of an enumerated list of severe sanctions, such as an adverse inference jury instruction or a terminating sanction (dismissal or “default judgment”).

The Advisory Committee Note provides a great deal of helpful color commentary, including that:

  • There is now a uniform mental state standard across the circuits. 
  • Second Circuit cases that espoused a mere negligence standard such as Residential Funding Corp. v. DeGeorge Financial Corp., 306 F.3d 99 (2d Cir. 2002)
  • The new regime is intended to move away from “excessive effort and money on preservation” and “avoid the risk of severe sanctions”
  • The new version of FRCP 37(e) “forecloses reliance on inherent authority or state law” as a basis for ESI spoliation sanctions.

As to possible impacts of this extensive re-draft:

  • Optimistic View re: 37(e) Halffull
    •  A lot more hoops for the accuser to jump through, less discovery about discovery and forum-shopping dis-incentivized.
    • Taking – and proving one took – reasonable steps can provide an effective defense to a motion for sanctions. Counsel who asks key questions up front and throughout and memorializes decisions (as to steps taken and steps not taken) serves his/her client well in this regard
  • Pessimistic View re: 37(e)

Thumbdown-2

 

  • In spite of the existence of the flow-chart/hurdles type approach, there will be a lot of motions/hearings entailing discovery about discovery,
  • Standards such as “reasonable steps” and “intent to deprive:” are welcome but are nonetheless quite vague and subject to multiple fact-based interpretations via 20-20 judicial hindsight and scrutiny.
  • Some judges have reportedly stated that the new version of FRCP 37(e) has not completely taken away the inherent power to sanction for spoliation.

 

Timing

III.   FRCP 4(m), 16(b)-(c), 26(d), 26(f), 26(c) & 34(b) – Timing, Efficiency, Cooperation & Collaboration

An amalgam of amendments (not necessarily ESI-centric) is intended to accomplish various goals, including putting some “meat” in the meet-and-confer process.  To many, the current meet-and-confer approach:

  • takes a while to occur;
  • can entail asynchronous participation in the initial scheduling conference;
  • often involves preservation negotiations in a vacuum; and
  • rarely includes much collaboration/ cooperation between the two sides.

Hence, now FRCP 4(m), FRCP 16(b)(2), FRCP 26(d)(2)(A)-(B) and FRCP 34(b)(2)(a) combine to speed things up as a lever to instigate more focused, meaningful meet-and-confer:

  • Under amended FRCP 4(m) the case must be dismissed if service of the summons/complaint fails to occur within 90 days (as opposed to 120 days under the old rule). Similarly, a 30 day speed-up is found in amended FRCP 16(b)(2), which provides that the 16(b) scheduling order must be issued “the earlier of 90 days after any defendant has been served with the complaint or 60 days after any defendant has appeared.” [The new 90-or-60 rule used to be 120-or-90.] The Advisory Committee Note to each of 4(m) and 16(b)(2) states flat out that this double-change “will reduce delay at the beginning of litigation.”
  • A similar “double play” is wrought by the combination of FRCP 26(d)(2)(A)-(B) and FRCP 34(b)(2)(a), which: enable the service of a request for production (RFP) to be served as early as 21 days after service of the summons/complaint; and “consider[ the RFP] to have been served at the first Rule 26(f) conference.”

In addition, as to the substantive aspects of early meet-and-confer:

  • The judge’s case management conference (CMC) consultation with the parties may not occur by snail mail or email under amended FRCP 16(b)(1)(B). It can no longer be asynchronous. As the Advisory Committee Note states: “A scheduling conference is more effective if the court and parties engage in direct simultaneous communication. The conference may be held in person, by telephone, or by more sophisticated electronic means.”
  • The amended versions of both FRCP 16(b)(3)(iii)-(iv) and FRCP 26(f)(3)(C)-(D) now encourage the parties to address preservation as well as a possible (court-endorsed) claw-back stipulation under Federal Rule of Evidence 502 (as to attorney-client privilege and attorney work-product).

Moreover, as to efficiency as the lawsuit moves forward, two additional amendments in the mix provide as follows:

  • FRCP 26(c)(1)(B) adds “the allocation of expenses” to the items the judge might include in a protective order. Significantly, this amended rule has no requirement that the underlying information needing to be ESI that is “not reasonably accessible” [compare 26(b)(2)(B) and 45(d)(1)(D)].
  • FRCP 34(b)(2)(A)-(B) now contains “[s]everal amendments . . . . aimed at reducing the potential to impose unreasonable burdens by objections to requests to produce. . . .   Rule 34(b)(2)(B) is amended to require that objections to Rule 34 requests be stated with specificity. . . . The specificity of the objection ties to the new provision in Rule 34(b)(2)(C) directing that an objection must state whether any responsive materials are being withheld on the basis of that objection. ” Advisory Committee Note.

Regarding how this conglomeration of amendments may help us all get to the merits:

  • Optimistic View re: Efficiency/Timing/Collaboration Changes

Unicorn-rainbow-01

  • U.S. federal civil litigants and their counsel will now frolic in a land of unicorns and rainbows.
  • But seriously . . . there will be more “meat” in meet-and- confer especially because RFPs’ substance and related preservation issues will be on the table early.
  • Consequently the initial scheduling order will have more meaningful discovery provisions, especially as to the scope of preservation.
  • There will be less delay and more efficiency, in part because there will be more FRE 502 claw-back agreements and in light of the extinction of boilerplate objections. [Note: these changes seem to provide incentive for opposing parties to stipulate up front to a non-onerous privilege-log regime.]

 

  • Pessimistic View re: Efficiency/Timing/Collaboration Changes

Halfempty

  • What about zealous advocacy? It won’t just go the way of the dinosaurs.
  • The putative benefits to be derived from efficiency, speed and cooperation likely hinge on which party has: more/less data; a (dis)-incentive to move quickly; and a (dis)-incentive to be (aggressively) transparent.
  • Meet-and-confer has never really been terribly helpful and so will not magically become so. Boehning and Toal, Are Meet, Confer Efforts Doing More Harm Than Good? N.Y.L.J. (July 31, 2012)

Tolearnmore

Conclusion (and Resources)     

To learn more, see:

 

Let’s all try to remain zealous advocates but also look for spots to follow the advice of George Carlin’s character in Bill & Ted’s Excellent Adventure” – ”be excellent to each other . . . .”

Sarbanes Oxley (SOX) Criminal Prosecutions — a Library

Posted in eDiscovery Law & Process, Preservation and Spoliation

Sarbanes Oxley (SOX) Criminal Prosecutions — a Library

Check out the new SOX Obstruction of Justice Resources Page now live at <http://www.itlawtoday.com/sarbanes-oxley-sox-criminal-prosecutions-a-library/>.

Let me know of additional links to other statutes, decisions, articles, etc.

And let’s be careful out there . . . . .

 

Technology Assisted Review ( TAR ) — Another Peck Decision

Posted in Culling and T.A.R., eDiscovery Law & Process

Check out the following items issued this week by Magistrate Judge Andrew J. Peck in Rio Tinto PLC v. Vale S.A., No. 14 Civ. 3042 (RMB) (AJP) (S.D.N.Y):

Both are discussed in this hot off the presses article by @LTNSeanDoherty in Law Technology News:  Federal Court Approves Parties’ Technology-Assisted Review Protocol, LTN (3/4/15) (“New York district court approves TAR process agreed to by parties, but acknowledges the protocol used may not apply to all TAR cases.”)

Also, in general, be sure to check out my now-updated TAR and Predictive Coding Library.

Electronic Signature (eSignature) Court Decision — a rare one

Posted in eSignatures

In an odd electronic signature (eSignature) context, on December 30, 2014 a California appellate court reversed a trial court’s upholding of a settlement agreement based on a typewritten name in an email string.    See J.B.B. Investment Partners v. Fair, 2014 WL 7421609 (Cal. App. 1st Dist. 12/30/14).

The circumstances made clear to the appeals court that the parties were anticipating a wet signature on a line on the email attachment; and the gist of the string was that there had not been an expressed intent to formalize the settlement agreement.   In part, the J.B.B. court interepreted the California version of the Uniform Electronic Transactions Act

However, this recent California decision did cite with approval other states’ decisions holding that “names typed at the end of e-mails can be electronic signatures.” (emphasis added).

To learn more about eSignatures law and technology, please visit my eSignatures Bibliography (online library).

 

 

Adobe Acrobat Tech Tip — Inserting Scanned Signature Page(s) into an Agreement — a Low-Tech eSignatures Regime

Posted in Acrobat, Electronic Information Management (EIM), eSignatures, Tuesday Tech Tips

Of course, if you can implement a more high tech eSignatures regime, do so. 

For examples of available platforms, see the “Vendors” links in my eSignatures Bibliography.

In any event, here is a lower tech method  . . .

 

  • STEP ONE

If the final content of the agreement is available in Word format, convert the agreement into .PDF:

  • Open the relevant Word file.
  • Choose Create PDF from the Acrobat drop-down menu
  • Agree to save the .pdf by, in the “Save” window by navigating to the desired drive location.
  • Once conversion is complete, page through the PDF file and make sure that the content and pagination are correct.
  • Scrub the metadata in Adobe Acrobat Standard or Professional via:

 

  • STEP TWO
    • Scan the signature page(s) (and then convert) into .pdf
    • OCR the signature page(s)  by using Acrobat’s built-in Recognize Text tool
    • If there is only one signature page, once you get the Recognize Text window, press the Enter key or click on OK
    • With multiple signature pages, click to fill the radio button to the left of All Pages
    • Press the Enter key or click on OK
    • Once all the pages have been OCR’d, SAVE THE FILE

 

  • STEP THREE
    • Open the converted-from-Word file
    • Click on the Pages tab
    • Right click on the thumbnail of the unsigned version of the signature page and choose Replace Pages . . .

[If there are multiple signature pages, you can select them all via Shift+Click or Ctrl+Click]

  • Navigate to the .PDF file having the scanned signature page(s)
  • Follow the prompts until you have replaced the unsigned version of the signature page(s) with the scanned signed version(s)
  • SAVE THE NOW-MODIFIED CONVERTED-FROM-WORD FILE

 

  • STEP FOUR
    • Document > Reduce File Size in Acrobat version 9 or lower;  OR
    • “File > Save As > Optimized PDF…” in Acrobat version X (a/k/a) 10 or lower
    • Then follow the prompts to re-save the file.

 

 

Records Retention Projects: ‘Clean That ESI Garage!’

Posted in Backups, eDiscovery Law & Process, Electronic Information Management (EIM), Information Security, Records Retention/Destruction

In this colorful 6-minute Records Retention video, I provide an overview of how a well-organized Electronic Information Management (“EIM”) environment can help a company of any shape or size:

  • improve efficiency;
  • save money on storage;
  • reduce risk; and
  • prepare for litigation and eDiscovery.

Fenwick & West’s  EIM Practice Group, which I lead, is now in its second decade.   In at least 50 matters, my EIM teammates and I have provided practical and economical hybrid legal / IT / information-security advice.

Heartbleed: It’s 10 PM; Do You Know Where Your Data is?

Posted in Cloud, Data Privacy, Electronic Information Management (EIM), Encryption, Information Security

 Heartbleed — The “Data Map” Lesson — Intro

The Heartbleed vulnerability is, by now, an item about which we have all assuredly heard a lot.   To get caught up on your reading on the technology aspects of this issue, see the linked articles I have compiled in the “To Learn More” section at the end of this post.    Note, though, that one key lesson is much more of a common-sense, communication and organizational one.  Most every organization could readily beef up its information-security by creating and then maintaining an up-to-date chart or “ data map” of the who/what/when/why/where of its electronically stored information (ESI).


  Where’s Your Organization’s Data?

In the 1960’s, a local New York City TV station came up with the phrase “It’s 10 PM. Do you know where your children are?”   In the 21st century, any organization would do itself a favor by asking the same question about its electronically stored information (ESI).  No matter its shape or size, many a company diffuses its information-management and information-security among various people, systems and locations.   So, generating a chart listing every key vat inside and outside the company’s physical and virtual walls is a must.

A simple spreadsheet is better than nothing and also better than having a disparate set of protocols/lists.   There should be a row for each key repository, e.g., each:

  • Database
  • Website
  • Cloud environment

And the columns (some of which would entail YES/NO) could include:

  • System Name
  • Content Type
  • In-House or Cloud
  • Owner Name (point of contact)
  • Owner Contact Info.
  • Encrypted at Rest
  • Encrypted in Transit
  • Retention/Deletion Rule(s)
  • Back-up Schedules
  • DR/BC Status (Disaster-Recovery/Business-Continuity)

For Cloud-stored data, additional columns could be:

  • Segregation from Others’ Data
  • Notice-of-Breach Duty Shifted

Finally, to paraphrase George Orwell in “Animal Farm,” some data is more private than other data.  Several categories of information thus warrant special in-the-trenches attention once their locations have been idenitfied:

  • Personally identiable information (PII)
  • Protected health information (PHI)
  • Payment card industry information (PCI)

Now, it’s time to begin charting . . . and to start mapping . . .


  

To Learn More

 

Some resources as to ESI data-mapping:

—  Brownstone, Electronic Records Retention, Nat’l Const. Confs. Webinar Slides, at 25 (Mar. 20, 2014)

—  Stephenson, Streamline electronic discovery using a data map, Lawyers USA (Jan. 12, 2012) [quoting me :) ]

—  Brownstone, Data-Mapping & Electronic Information Management, Lorman Webinar Slides (Nov. 4, 2009)

                                        And even more as to “Heartbleed”:

—  Codenomicon, The Heartbleed Bug (last visited 5/6/14)

—  Qualys, SSL Server Test (last visited 5/6/14)

—  Valsorda, Heartbleed test (last visited 5/6/14)

—  Goodin, Confirmed: Nasty Heartbleed bug exposes OpenVPN private keys, too, ars technica (4/16/14)

—  Lee, Here’s why it took 2 years for anyone to notice the Heartbleed bug, Vox (4/12/14)

—  Geuss, Private crypto keys are accessible to Heartbleed hackers, new data shows, ars technica (4/12/14)

—  Schneier, Heartbleed is a catastrophic bug in OpenSSL, Schneier on Security (4/11/14)

—  Felten, How to protect yourself from Heartbleed, Freedom to Tinker (4/11/14)

—  Grant, The Bleeding Hearts Club: Heartbleed Recovery for System Administrators, EFF (4/10/14)

—  Cipriani, Heartbleed bug: Check which sites have been patched, CNET (4/9/14)

—  Shankland, ‘Heartbleed’ bug undoes Web encryption, reveals Yahoo passwords, CNET (4/8/14)

—  Kumparak, Massive Security Bug In OpenSSL Could Affect A Huge Chunk Of The Internet, TechCrunch (4/7/14)

—  Timson, Who is Robin Seggelmann and did his Heartbleed break the internet?  Sidney Morning Herald (4/11/14)

European (EU) Data Protection Law Handbook now live (REVISED 6/12/15)

Posted in Cross-Border (International) Privacy Issues, Data Privacy, European Union (EU), International Law and Cross-Border Data Transfers

This 214-page document, “Handbook on European data protection law,” looks incredibly comprehensive.  It ends with 13 pages of citations to European case law on various issues.

The resource was “jointly prepared by the European Union Agency for Fundamental Rights and the Council of Europe together with the Registry of the European Court of Human Rights.”

Note also that, since 2012, the Euriopean Union has been working on major proposed amendments to the “Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995″.   A revised EU Directive was “adopted” in January 2012, and ostensibly implementation in 2015 is still the goal.  See this home page for the EU Directive amendments.

For some pertinent developments last fall, including backlash from Edward Snowden’s NSA revelations,  see:

To learn about the inherent conflicts between: on the one hand, U.S. discovery rules/scope; and, ont the other hand, data-privacy laws promulgated by the EU Parliament as well as by various individual countries in the EU (e.g., France, Germany, Italy and the UK . . .  check out these resources:

And also these excellent compilations:

While You Are Gorging — FRCP 45 (Non-Party Subpoenas) Changes Take Effect 12/1/13

Posted in eDiscovery Law & Process, Electronic Information Management (EIM), Federal Rules Changes, FRCP 45, Non-Party Subpoenas, Third-Party Subpoenas

Amended Federal Rule of Civil Procedure 45 to take effect

When we all return to work from Thanksgivukkah weekend, Federal Rule of Civil Procedure (FRCP) 45, governing non-party subpoenas, will have changed, effective December 1, 2013.  To review the new content, follow one or both of these links:

A set of accompanying changes will also have been made to FRCP 37(b)(1), as reflected at these other links:

And, the all important Advisory Committee Notes can be accessed here:


 

Overview of Several of the Key Changes

 

1.  Issuance from Court Handling Underlying Case

  • Now a subpoena not only can but “must be issued from the court where the action is pending.” (emphasis added)
  • No longer must it issue from a court located in the geographical area for compliance.

2.  Nationwide-Service and Compliance-Location Clarification

  • Now “[a] subpoena  may be served at any place within the United States,” even though the compliance location must be tethered to the recipient’s place of residence, work or business.
  • No longer does one ever need to refer to state law — as to, e.g., compliance location.

3.  Forum for Subpoena-Related Motions/Disputes — a Change but With Some Flexibility

  • Now, subpoena-related disputes will typically be resolved in the district court in the compliance location; however, there is a possibility of transfer of a pertinent motion to the issuing court.
    • FRCP 45(d)(3) [formerly (c)(3)]
    • FRCP 45(f) [NEW subsection]
    • Advisory Committee Note to 45(f)
      • “In some circumstances . . . transfer may be warranted in order to avoid disrupting the issuing court’s management of the underlying litigation, as when that court has already ruled on issues presented by the motion or the same issues are likely to arise in discovery in many districts[; t]ransfer is appropriate only if such interests outweigh the interests of the nonparty served with the subpoena in obtaining local resolution of the motion.”
  •  No longer does one have to bring such a motion before the issuing court; however, “the court where compliance is required . . .  may transfer a motion . . . if the person subject to the subpoena consents or if the court finds exceptional circumstances.”

To Learn More

As to a range of eDiscovery issues related to non-party subpoenas, see:

—  eDiscovery: Subpoenas and Non-Party Production Issues (lengthy slide deck from a webinar I did for Lorman Education Services 5/20/13)

   —  Obligations When Third Parties Control Data, by Barry M. Kazan & Emily J. Mathieu of Thompson Hine, N.Y.L.J. (10/7/13)

 As to the brand new FRCP changes (including ones not touched on in this post), see these excellent resources:

—  Changes to [FRCP] 45  . . .  Promise To Simplify Federal Subpoena Practive, by Christopher Tompkins & Ethan E. Kent, Jenner & Block (11/14/13)

—  Rule 45 Changes in Motion, by Richard Marcus, Distinguished Professor of Law, UC Hastings College of the Law, Recorder (8/8/11) (LEXIS ID & Password required)

—  Rule 45 Third‐Party Subpoenas and Upcoming Amendments, by Jonathan E. Goldberg of SNR Denton and Darren A. Craig of Frost Brown Todd, Strafford Publications (7/11/13)

—  Report of the Civil Rules Advisory Committee  (6/6/11)

—  Survey of Issues Regarding [FRCP] 45, by Prof. Richard Marcus, Associate Reporter to the Advisory Committee on Civil Rules of the Judicial Conference of the U.S. (3/14/09)