IT Law Today

IT Law Today

News & Updates on the Lifecycle of Electronic
Information Management

About IT Law Today

From insight into hot button issues like BYOD and PII to EIM industry news, IT Law Today is specifically geared toward the in-house counsel or professional seeking to keep abreast of the latest legal, IT and practical developments....More...

Exterro eDiscovery Guide — Brownstone Featured in Snippet

Posted in Culling and T.A.R., eDiscovery Law & Process, eDocument Reviews, Predictive Coding

Hi all.    Exterro has recently published what looks like a fine overview of the eDiscovery process, “The Basics of E-Discovery Guide.”  It describes a wide range of topics in easily digestible chunks.

Sprinkled throughout are quotes from various folks in the eDiscovery field.  Yours truly is one of those people.  My snippet is at the very bottom of Chapter 1, “Process“.

The Guide is also downloadable in .pdf form.

Happy reading . . . .

ESI & eDiscovery FRCP Changes @ 12/1/15 — While You Were Leftover-Eating

Posted in eDiscovery Law & Process, Federal Rules Changes, Meet and Confer, Preservation and Spoliation, Privilege Clawbacks


Introduction Now that you’ve likely had your fill of turkey sandwiches, turkey salad, turkey soup and the like, there is a new development on which to focus.  On midnight December 1, 2015 the eDiscovery-related Federal Rules of Civil Procedure changed for the first time since their adoption exactly nine years ago. The changes fall into three categories:

  • I.     FRCP 26(b)(1)’s very definition of the scope of discovery now seems narrower than under the old version in that it includes a “proportional to the needs of the case” requirement.
  • II.     FRCP 37(e) now consists of an entirely rewritten rule as to spoliation (non-preservation) sanctions when electronically stored information (ESI) is at issue.
  • III.   A whole series of changes to various FRCP provisions have been enacted with the goals of increasing efficiency and cooperation and decreasing costs and delays.

This blog post covers some of the highlights as well as the potential impacts on each front – from both the optimistic and pessimistic points of view.      To learn more, I suggest you attend one of the following:


I.  FRCP 26(b)(1) – Discovery’s Scope Defined to Include Proportionality

For decades, the old version of 26(b)(1) had been a mash-up of two vague and disparate definitions, namely “ . . . reasonably calculated to lead to the discovery of admissible evidence . . .” and “ . . . relevant to any party’s claim or defense . . .”  Proportionality factors existed implicitly but were merely cross-referenced vaguely in 26(b)(1) and buried way down in 26(b)(2)(C) and in the corresponding Advisory Committee Note. Now, 26(b)(1)’s definition of the scope of discovery simply begins with “Parties may obtain discovery regarding any nonprivileged matter that is relevant to any party’s claim or defense and proportional to the needs of the case,  . . . ” and then proceeds right into a modified list of the old 26(b)(2)(C)’s proportionality factors.  Those factors include the “amount in controversy” and “the parties’ resources”. As to possible impacts of this change:

  • Optimistic View re: Amended 26(b)(1)


  • Fishing expeditions can now be reined in more readily.
  • A responding party that is facile with its ESI environment will be more readily able to convince the other side (and, if need be, the judge) to reduce the scope of discovery.
  • Even before its effective date this new version of 26(b)(1) was already being effectively employed in some decisions.  See Samantha V. Ettari, Proportionality: The (Not So) New Kid on the Block, NYLJ (Oct. 5, 2015), citing various decisions, including:
  • This rule, when combined with amended FRCP 37(e) [see Section II below], implicitly adopts the logical holding of Pippins v. KPMG, 279 F.R.D. 245, 255 (S.D.N.Y. 2/3/12) (“proportionality   is necessarily a factor in determining a party’s preservation obligations”).
  • This rule, when combined with amended FRCP 1 – that now makes clear that not only the court but also the parties have a duty “to secure the just, speedy, and inexpensive determination of every action” – will foster collaboration and cooperation by prodding the parties to try to work together to refine scope
  • Pessimistic View re: Amended 26(b)(1)


  • The newly amended rule will lead to:
    • more disputes and to costly motions entailing “discovery about discovery”; and
    • thereby a producing party having to spend on discovery motion practice to make an argument that it should be spending on discovery.
  • Results at home may vary, i.e., the contours of discovery will still be highly dependent on the proclivities and tech-savvy-ness (or relative lack thereof) of the particular judge or magistrate judge.


II.  FRCP 37(e) – New Version May Make it Easier to Fend off Spoliation Sanctions

From December 1, 2006 to November 30, 2015, FRCP 37(e) [re-lettered from 37(f) during that time] consisted of a potential “good faith” defense as to sanctions requests based only on the federal rules.  In other words, other sources of sanctions – such as the court’s “inherent power” – still loomed over a party accused of spoliation. In addition to that big loophole, that old version was skimpy and deficient in that it did not touch on any of the elements of spoliation, such as the requisite mental state to demonstrate a lack of “good faith,” i.e. to show bad faith.  Thus, different Circuits established different standards for “culpable state of mind”. Nor did the old rule distinguish among different types of spoliation sanctions, such that the severity of such sanctions varied nationwide and was always completely discretionary. As in the past, this rule applies only to ESI spoliation determinations. But the post-12/1/15 version of FRCP 37(e) takes a much different approach by actually defining a set of elements and also laying out – in a flowchart-type approach – the hurdles an accusing/requesting party must leap before getting any spoliation sanctions, let alone severe ones. As depicted wonderfully in this flowchart created by Eric Mandel, the new approach goes something like this:

  • If no ESI has been lost, the inquiry ends 
  • If there has been a loss of ESI as to which there was a duty to preserve, then if the producing party took “reasonable steps to preserve,” the inquiry ends.
  • If “reasonable steps” were not taken and there were resulting prejudice to the requesting party but the lost ESI can be replaced, . . . then there will not be sanctions.
  • But if the lost ESI cannot be replaced, then:
    • if the producing (non-preserving) party had no “intent to deprive,” then at most only curative measures/sanctions can ensue
    • but if there were an  “intent to deprive,” only then can the judge issue one of an enumerated list of severe sanctions, such as an adverse inference jury instruction or a terminating sanction (dismissal or “default judgment”).

The Advisory Committee Note provides a great deal of helpful color commentary, including that:

  • There is now a uniform mental state standard across the circuits. 
  • Second Circuit cases that espoused a mere negligence standard such as Residential Funding Corp. v. DeGeorge Financial Corp., 306 F.3d 99 (2d Cir. 2002)
  • The new regime is intended to move away from “excessive effort and money on preservation” and “avoid the risk of severe sanctions”
  • The new version of FRCP 37(e) “forecloses reliance on inherent authority or state law” as a basis for ESI spoliation sanctions.

As to possible impacts of this extensive re-draft:

  • Optimistic View re: 37(e) Halffull
    •  A lot more hoops for the accuser to jump through, less discovery about discovery and forum-shopping dis-incentivized.
    • Taking – and proving one took – reasonable steps can provide an effective defense to a motion for sanctions. Counsel who asks key questions up front and throughout and memorializes decisions (as to steps taken and steps not taken) serves his/her client well in this regard
  • Pessimistic View re: 37(e)



  • In spite of the existence of the flow-chart/hurdles type approach, there will be a lot of motions/hearings entailing discovery about discovery,
  • Standards such as “reasonable steps” and “intent to deprive:” are welcome but are nonetheless quite vague and subject to multiple fact-based interpretations via 20-20 judicial hindsight and scrutiny.
  • Some judges have reportedly stated that the new version of FRCP 37(e) has not completely taken away the inherent power to sanction for spoliation.



III.   FRCP 4(m), 16(b)-(c), 26(d), 26(f), 26(c) & 34(b) – Timing, Efficiency, Cooperation & Collaboration

An amalgam of amendments (not necessarily ESI-centric) is intended to accomplish various goals, including putting some “meat” in the meet-and-confer process.  To many, the current meet-and-confer approach:

  • takes a while to occur;
  • can entail asynchronous participation in the initial scheduling conference;
  • often involves preservation negotiations in a vacuum; and
  • rarely includes much collaboration/ cooperation between the two sides.

Hence, now FRCP 4(m), FRCP 16(b)(2), FRCP 26(d)(2)(A)-(B) and FRCP 34(b)(2)(a) combine to speed things up as a lever to instigate more focused, meaningful meet-and-confer:

  • Under amended FRCP 4(m) the case must be dismissed if service of the summons/complaint fails to occur within 90 days (as opposed to 120 days under the old rule). Similarly, a 30 day speed-up is found in amended FRCP 16(b)(2), which provides that the 16(b) scheduling order must be issued “the earlier of 90 days after any defendant has been served with the complaint or 60 days after any defendant has appeared.” [The new 90-or-60 rule used to be 120-or-90.] The Advisory Committee Note to each of 4(m) and 16(b)(2) states flat out that this double-change “will reduce delay at the beginning of litigation.”
  • A similar “double play” is wrought by the combination of FRCP 26(d)(2)(A)-(B) and FRCP 34(b)(2)(a), which: enable the service of a request for production (RFP) to be served as early as 21 days after service of the summons/complaint; and “consider[ the RFP] to have been served at the first Rule 26(f) conference.”

In addition, as to the substantive aspects of early meet-and-confer:

  • The judge’s case management conference (CMC) consultation with the parties may not occur by snail mail or email under amended FRCP 16(b)(1)(B). It can no longer be asynchronous. As the Advisory Committee Note states: “A scheduling conference is more effective if the court and parties engage in direct simultaneous communication. The conference may be held in person, by telephone, or by more sophisticated electronic means.”
  • The amended versions of both FRCP 16(b)(3)(iii)-(iv) and FRCP 26(f)(3)(C)-(D) now encourage the parties to address preservation as well as a possible (court-endorsed) claw-back stipulation under Federal Rule of Evidence 502 (as to attorney-client privilege and attorney work-product).

Moreover, as to efficiency as the lawsuit moves forward, two additional amendments in the mix provide as follows:

  • FRCP 26(c)(1)(B) adds “the allocation of expenses” to the items the judge might include in a protective order. Significantly, this amended rule has no requirement that the underlying information needing to be ESI that is “not reasonably accessible” [compare 26(b)(2)(B) and 45(d)(1)(D)].
  • FRCP 34(b)(2)(A)-(B) now contains “[s]everal amendments . . . . aimed at reducing the potential to impose unreasonable burdens by objections to requests to produce. . . .   Rule 34(b)(2)(B) is amended to require that objections to Rule 34 requests be stated with specificity. . . . The specificity of the objection ties to the new provision in Rule 34(b)(2)(C) directing that an objection must state whether any responsive materials are being withheld on the basis of that objection. ” Advisory Committee Note.

Regarding how this conglomeration of amendments may help us all get to the merits:

  • Optimistic View re: Efficiency/Timing/Collaboration Changes


  • U.S. federal civil litigants and their counsel will now frolic in a land of unicorns and rainbows.
  • But seriously . . . there will be more “meat” in meet-and- confer especially because RFPs’ substance and related preservation issues will be on the table early.
  • Consequently the initial scheduling order will have more meaningful discovery provisions, especially as to the scope of preservation.
  • There will be less delay and more efficiency, in part because there will be more FRE 502 claw-back agreements and in light of the extinction of boilerplate objections. [Note: these changes seem to provide incentive for opposing parties to stipulate up front to a non-onerous privilege-log regime.]


  • Pessimistic View re: Efficiency/Timing/Collaboration Changes


  • What about zealous advocacy? It won’t just go the way of the dinosaurs.
  • The putative benefits to be derived from efficiency, speed and cooperation likely hinge on which party has: more/less data; a (dis)-incentive to move quickly; and a (dis)-incentive to be (aggressively) transparent.
  • Meet-and-confer has never really been terribly helpful and so will not magically become so. Boehning and Toal, Are Meet, Confer Efforts Doing More Harm Than Good? N.Y.L.J. (July 31, 2012)


Conclusion (and Resources)     

To learn more, see:


Let’s all try to remain zealous advocates but also look for spots to follow the advice of George Carlin’s character in Bill & Ted’s Excellent Adventure” – ”be excellent to each other . . . .”

Sarbanes Oxley (SOX) Criminal Prosecutions — a Library

Posted in eDiscovery Law & Process, Preservation and Spoliation

Sarbanes Oxley (SOX) Criminal Prosecutions — a Library

Check out the new SOX Obstruction of Justice Resources Page now live at <>.

Let me know of additional links to other statutes, decisions, articles, etc.

And let’s be careful out there . . . . .


Technology Assisted Review ( TAR ) — Another Peck Decision

Posted in Culling and T.A.R., eDiscovery Law & Process

Check out the following items issued this week by Magistrate Judge Andrew J. Peck in Rio Tinto PLC v. Vale S.A., No. 14 Civ. 3042 (RMB) (AJP) (S.D.N.Y):

Both are discussed in this hot off the presses article by @LTNSeanDoherty in Law Technology News:  Federal Court Approves Parties’ Technology-Assisted Review Protocol, LTN (3/4/15) (“New York district court approves TAR process agreed to by parties, but acknowledges the protocol used may not apply to all TAR cases.”)

Also, in general, be sure to check out my now-updated TAR and Predictive Coding Library.

Electronic Signature (eSignature) Court Decision — a rare one

Posted in eSignatures

In an odd electronic signature (eSignature) context, on December 30, 2014 a California appellate court reversed a trial court’s upholding of a settlement agreement based on a typewritten name in an email string.    See J.B.B. Investment Partners v. Fair, 2014 WL 7421609 (Cal. App. 1st Dist. 12/30/14).

The circumstances made clear to the appeals court that the parties were anticipating a wet signature on a line on the email attachment; and the gist of the string was that there had not been an expressed intent to formalize the settlement agreement.   In part, the J.B.B. court interepreted the California version of the Uniform Electronic Transactions Act

However, this recent California decision did cite with approval other states’ decisions holding that “names typed at the end of e-mails can be electronic signatures.” (emphasis added).

To learn more about eSignatures law and technology, please visit my eSignatures Bibliography (online library).



Adobe Acrobat Tech Tip — Inserting Scanned Signature Page(s) into an Agreement — a Low-Tech eSignatures Regime

Posted in Acrobat, Electronic Information Management (EIM), eSignatures, Tuesday Tech Tips

Of course, if you can implement a more high tech eSignatures regime, do so. 

For examples of available platforms, see the “Vendors” links in my eSignatures Bibliography.

In any event, here is a lower tech method  . . .



If the final content of the agreement is available in Word format, convert the agreement into .PDF:

  • Open the relevant Word file.
  • Choose Create PDF from the Acrobat drop-down menu
  • Agree to save the .pdf by, in the “Save” window by navigating to the desired drive location.
  • Once conversion is complete, page through the PDF file and make sure that the content and pagination are correct.
  • Scrub the metadata in Adobe Acrobat Standard or Professional via:


    • Scan the signature page(s) (and then convert) into .pdf
    • OCR the signature page(s)  by using Acrobat’s built-in Recognize Text tool
    • If there is only one signature page, once you get the Recognize Text window, press the Enter key or click on OK
    • With multiple signature pages, click to fill the radio button to the left of All Pages
    • Press the Enter key or click on OK
    • Once all the pages have been OCR’d, SAVE THE FILE


    • Open the converted-from-Word file
    • Click on the Pages tab
    • Right click on the thumbnail of the unsigned version of the signature page and choose Replace Pages . . .

[If there are multiple signature pages, you can select them all via Shift+Click or Ctrl+Click]

  • Navigate to the .PDF file having the scanned signature page(s)
  • Follow the prompts until you have replaced the unsigned version of the signature page(s) with the scanned signed version(s)


    • Document > Reduce File Size in Acrobat version 9 or lower;  OR
    • “File > Save As > Optimized PDF…” in Acrobat version X (a/k/a) 10 or lower
    • Then follow the prompts to re-save the file.



Records Retention Projects: ‘Clean That ESI Garage!’

Posted in Backups, eDiscovery Law & Process, Electronic Information Management (EIM), Information Security, Records Retention/Destruction

In this colorful 6-minute Records Retention video, I provide an overview of how a well-organized Electronic Information Management (“EIM”) environment can help a company of any shape or size:

  • improve efficiency;
  • save money on storage;
  • reduce risk; and
  • prepare for litigation and eDiscovery.

Fenwick & West’s  EIM Practice Group, which I lead, is now in its second decade.   In at least 50 matters, my EIM teammates and I have provided practical and economical hybrid legal / IT / information-security advice.

Heartbleed: It’s 10 PM; Do You Know Where Your Data is?

Posted in Cloud, Data Privacy, Electronic Information Management (EIM), Encryption, Information Security

 Heartbleed — The “Data Map” Lesson — Intro

The Heartbleed vulnerability is, by now, an item about which we have all assuredly heard a lot.   To get caught up on your reading on the technology aspects of this issue, see the linked articles I have compiled in the “To Learn More” section at the end of this post.    Note, though, that one key lesson is much more of a common-sense, communication and organizational one.  Most every organization could readily beef up its information-security by creating and then maintaining an up-to-date chart or “ data map” of the who/what/when/why/where of its electronically stored information (ESI).

  Where’s Your Organization’s Data?

In the 1960’s, a local New York City TV station came up with the phrase “It’s 10 PM. Do you know where your children are?”   In the 21st century, any organization would do itself a favor by asking the same question about its electronically stored information (ESI).  No matter its shape or size, many a company diffuses its information-management and information-security among various people, systems and locations.   So, generating a chart listing every key vat inside and outside the company’s physical and virtual walls is a must.

A simple spreadsheet is better than nothing and also better than having a disparate set of protocols/lists.   There should be a row for each key repository, e.g., each:

  • Database
  • Website
  • Cloud environment

And the columns (some of which would entail YES/NO) could include:

  • System Name
  • Content Type
  • In-House or Cloud
  • Owner Name (point of contact)
  • Owner Contact Info.
  • Encrypted at Rest
  • Encrypted in Transit
  • Retention/Deletion Rule(s)
  • Back-up Schedules
  • DR/BC Status (Disaster-Recovery/Business-Continuity)

For Cloud-stored data, additional columns could be:

  • Segregation from Others’ Data
  • Notice-of-Breach Duty Shifted

Finally, to paraphrase George Orwell in “Animal Farm,” some data is more private than other data.  Several categories of information thus warrant special in-the-trenches attention once their locations have been idenitfied:

  • Personally identiable information (PII)
  • Protected health information (PHI)
  • Payment card industry information (PCI)

Now, it’s time to begin charting . . . and to start mapping . . .


To Learn More


Some resources as to ESI data-mapping:

—  Brownstone, Electronic Records Retention, Nat’l Const. Confs. Webinar Slides, at 25 (Mar. 20, 2014)

—  Stephenson, Streamline electronic discovery using a data map, Lawyers USA (Jan. 12, 2012) [quoting me :) ]

—  Brownstone, Data-Mapping & Electronic Information Management, Lorman Webinar Slides (Nov. 4, 2009)

                                        And even more as to “Heartbleed”:

—  Codenomicon, The Heartbleed Bug (last visited 5/6/14)

—  Qualys, SSL Server Test (last visited 5/6/14)

—  Valsorda, Heartbleed test (last visited 5/6/14)

—  Goodin, Confirmed: Nasty Heartbleed bug exposes OpenVPN private keys, too, ars technica (4/16/14)

—  Lee, Here’s why it took 2 years for anyone to notice the Heartbleed bug, Vox (4/12/14)

—  Geuss, Private crypto keys are accessible to Heartbleed hackers, new data shows, ars technica (4/12/14)

—  Schneier, Heartbleed is a catastrophic bug in OpenSSL, Schneier on Security (4/11/14)

—  Felten, How to protect yourself from Heartbleed, Freedom to Tinker (4/11/14)

—  Grant, The Bleeding Hearts Club: Heartbleed Recovery for System Administrators, EFF (4/10/14)

—  Cipriani, Heartbleed bug: Check which sites have been patched, CNET (4/9/14)

—  Shankland, ‘Heartbleed’ bug undoes Web encryption, reveals Yahoo passwords, CNET (4/8/14)

—  Kumparak, Massive Security Bug In OpenSSL Could Affect A Huge Chunk Of The Internet, TechCrunch (4/7/14)

—  Timson, Who is Robin Seggelmann and did his Heartbleed break the internet?  Sidney Morning Herald (4/11/14)