Kelly Twigger contributed to a greatly expanded and detailed discussion of Records and Information Management programs based on her work with clients, which provides an excellent framework for identifying and putting a structure around the needs of any organization in preparing for eDiscovery. The guide also recognizes that issues relating to the discovery of ESI arise in state and federal court, as well as in administrative proceedings. While specific references are made to the 2006 amendments to the Federal Rules of Civil Procedure, the discussion in this guide includes state and federal courts, and much more, including:

• A section on the role of eDiscovery counsel and the benefits of the new role in the trial team;
• How to choose eDiscovery vendors;
• A discussion of computer forensics and what counsel need to know for eDiscovery;
• The role of special masters in eDiscovery;
• How to achieve cost savings in eDiscovery; and
• New form agreements for use by outside counsel in eDiscovery

Revised and expanded from the first edition, the guide features more than fifty checklists and over one hundred electronic discovery forms. In addition the book includes the text (including Advisory Committee Notes) for the 2006 and 2007 amendments to the discovery rules of the Federal Rules of Civil Procedures. We also included the 2007 edition of the Sedona Principles Best Practices Recommended & Principles for Addressing Electronic Document Production, an examination of the proposed new Rule 502 of the Federal Rules of Evidence governing privilege waiver, and an essential glossary of electronic discovery terms. Available at the WESTLAW store.

Sessions following those include understanding the legal issues in Electronic Medical Records with Claudia Egan and John Orth, and the always popular Lunch and Learn with Magistrate Judge Aaron Goodstein and the Honorable Rick Sankovitz of Milwaukee County Circuit Court.  This will be the best opportunity yet to hear how and whether Wisconsin’s new rules are being utilized and what suggestions the judges have for using them effectively to reign in costs in e-discovery.  The afternoon session will consist of a Mock Meet and Confer to highlight issues under Wisconsin’s new e-discovery provisions adopted in January 2011.  Presenters for the Meet and Confer include Kathy Nusslock of Davis & Kuelthau, Matt O’Neill of Fox, O’Neill & Shannon, Bruce Olson with ONLAW Trial Technologies, Doug Elrick of Digital Intelligence, and the Honorable Edward E. Leineweber of Bell, Moore & Richter.

The event will close with a networking reception from 3:30 to 4:30pm.  7.5 CLE credits are available with the primer, 6.5 without the primer.

Registration is $95, which includes lunch, reception, and the materials.  To register and for more information, click here.

Happy Halloween from ESI Attorneys!

On October 13, 2011, the Securities and Exchange Commission issued guidance discussing when public companies may need to disclose cybersecurity risks and incidents. In so doing, the SEC placed cybersecurity at the same level of importance as other operational and financial risks, even though (as the SEC acknowledges) there are no existing disclosure requirements that “explicitly refer[] to cybersecurity risks and cybersecurity incidents.”

In determining whether a cybersecurity risk is material, a company must evaluate “all relevant information” about its cybersecurity risks.  This includes a consideration of “the probability of cyber incidents occurring and the quantitative and qualitative magnitude of those risks, including the potential costs and other consequences resulting from misappropriation of assets or sensitive information, corruption of data or operational disruption.”

As with other risk factors, if a company determines that it must disclose cybersecurity attacks as a potential risk, it cannot use “boilerplate” language to describe the risk. This presents a tricky drafting question, because a company need not disclose information that would expose it to further cybersecurity risks.

In advising clients as to whether cybersecurity information should be disclosed and how, counsel must take the time to understand (1) what critical electronically stored information (ESI) is being created, (2) where it is kept, (3) how it is secured (working closely with any IT security personnel), and (4) what would happen if it was stolen or accidentally disclosed. Counsel cannot presume that IT knows the answers to questions 1, 2, or 4. IT builds bookshelves – it does not necessarily know what books users are putting on the shelves, or the importance of such books.

Securities counsel should consider working with inside or outside counsel knowledgeable about IT systems and security risks to determine how to best assess these risks and, if they exist, how to disclose them. Don’t treat it this IT assessment as an afterthought – the SEC is thinking about it, and so should you.

As organizations face hefty price tags to preserve, manage, collect and review email in litigation, many have moved to try to lessen the load by signing up for email archiving.  For those of you unfamiliar with email archiving, the concept is simple — technology attached to the organization’s email system keeps a copy of every incoming and outgoing message for each user on the system.

If an organization has 10,000 employees, every single email coming and going from each of those 10,000 employees is collected every single day, regardless of whether the content is spam (and why wouldn’t we want to keep all those male enhancement offers?), personal (want to have lunch tomorrow?  Where? When?  I’m leaving now, meet you there. . .) or key to the business of the organization (We agree to accept a 2 cent increase on the cost of widgets beginning October 1st.).

Okay, so I admit I have my doubts as to whether such a technology is really worth the money (and email archives are not cheap) considering that an organization is required to save, on average, less than 1/10th of 1% of the email it actually captures in an email archive to meet its preservation obligations.  Truth be told there are not a lot of other good alternatives out there for organizations to use to preserve email under e-discovery rules, and email does typically represent around 65% of the ESI in an organization.  Journaling can be useful in limited circumstances, but for now archiving is the most useful tool for large organizations that need one central location to mine for e-discovery.

But this post is about the backend of the archive — the technology that actually stores the email.  And though it’s taken me three paragraphs to get here, here’s the point – think about what will happen when you have to take this archive down before you put it up. What does that mean?  It means think about the type of storage you are building your archive on, and how you can pull the email out to move to a new system if you want to.

Different types of storage have varying costs — IT folks sometimes refer to it as tiered storage — and that’s part of it.  Different types of storage have better functionality and therefore cost more.  One example is the difference between a standard server and an Exchange server (the server your email runs off of if you are on Microsoft Outlook).  An Exchange server is much more sophisticated and costs alot, so adding new Exchange servers just to store your email doesn’t make much sense.  But some technologies today are just big black boxes — ESI goes in, but it doesn’t come out.  At least not easily.

Cloud based archives are all the rage now too, and similar issues exist — make sure if you decide to switch to another carrier, that pulling your email out is possible in terms of compatible formats.  You’ll also want to understand the associated costs in case the tool that IT selected doesn’t end up to be what legal wants or needs.  This is another example of how legal and IT need to be collaborating when it comes to e-discovery.

So make sure when you ask IT to put up that email archive, that you know how you’ll be able to get your ESI out 1) for production in litigation, and 2) if you ever decide to shut it down.  Because chances are good you’ll have existing legal holds when you shut it down, and if you can’t get the data out, you’ll keep paying for that archive until those holds are released or you can afford another exit strategy.

The Order contains the following limits on e-discovery:

• No production of metadata absent a showing of good cause (except for the date and time and document was received and a distribution list).
• General production requests shall not include email or other electronic correspondence – email must be part of specific requests that “shall only be propounded for specific issues.”
• Email production occurs only after initial disclosure and basic documentation about the patents, prior art, accused instrumentalities, and relevant finances.
• Email requests can only be made for 5 custodians per party. A party can ask for an additional five custodians upon showing of need. But the party requesting the additional custodians must pay all reasonable costs for such additional discovery.
• Email production requests is limited to five search terms per custodian per party, although the parties may jointly modify this limit without leave of the Court.
• Inadvertent production of privileged information is not a waiver.

In recommending these limits, the Order states the committees’ concerns about discovery abuses being observed in patent cases:

“In recent years, the exponential growth of and reliance on electronic documents and communications has exacerbated such discovery abuses. Excessive e-discovery, including disproportionate, overbroad email production requests, carry staggering time and production costs that have a debilitating effect on litigation. Routine requests seeking all categories of Electronically Stored Information often result in mass productions of marginally relevant and cumulative documents. Generally, the production burden of these expansive request outweighs the minimal benefits of such broad disclosure.”

Complying with these rules will be challenging for lawyers who are not used to working with tight discovery limits.  Counsel must become more creative and strategic when it comes to discovery, and make sure to work with their clients and appropriate experts to determine how best to accomplish their litigation goals through limited discovery.

We tweet and post on the effects of social media regularly, but the latest cartoon from Case In Point really brings it home.  If you are not on Facebook, Google + or other social media sites, you need to know how they work and the lingo, because your witnesses, clients and jury members are and do.  Social media also represents a whole new group of sources of ESI that need to be considered for legal holds, so add them to your checklist and ask about the rules at organizations regarding access during your 30(b)(6) deposition.

There are some simple things that can be done to prevent data from walking out the door.

• Have your employees password protect every device they use for work, so that if it is lost, it cannot be opened easily. Having a security manual or policy telling employees how to do this can be helpful.
• Disable your employees’ ability to put things onto a thumb drive. I know this is a very unpopular position. But putting data on a thumb drive is a very easy way for someone to take your data, such as customer lists or other things you really want to keep private.
• If you can, set your computers and other devices up in a way so that they can be wiped remotely. A great example is the iPhone – it can be set up to be wiped if stolen.
• Make sure that every piece of hardware is collected when an employee leaves a company, and document what is done with it as part of the exit interview. It is amazing, in this day and age, how much hardware goes out the door.  And how often counsel has to go and retrieve it when litigation is filed.
• Ask your employees when they leave the company if they have any data on their home computer. If they do, you need to have a plan for dealing with that data so you can comply with any records retention policies you may have.
• If someone is allowed to keep hardware after they leave the company (such as a Blackberry), make sure it is wiped of all company information. But, again, be mindful of any obligations that may exist because of a legal hold or records retention policy at your company – if necessary, back the data up on your system before wiping the device.

“This is all well and good,” you say, “but how can I get this to the top of my [boss', general counsel's, CIO's, CEO's] priority list?”

• Tell them how much they want to keep their information from their competitors.
• Tell them how important it is to protect your trade secrets. It is not a good thing if your lawyer has to argue, “Well, the information is a trade secret, but we had no procedures in place to make sure it did not leave with the employee.”
• Tell them how expensive it is to pay lawyers to track data down if litigation is filed.
• Tell them how expensive it is to replace hardware.
• Tell them how important it is to respect privacy rules and laws – how can you say, for example, that you are protecting your client’s information if you let it walk out the door with a terminated employee?

Make sure your employees’ devices are secure, and keep checking on this as technologies change. You will be glad you did!

Picture an enormously broad document request:

• It touches virtually every aspect of your deal;
• It seeks detailed financial information about your sales, margins, etc.;
• It seek other information about your customers, including contracts;
• It involves dozens of custodians, including all of your executive team; and
• And it has to be responded to almost immediately.

That is what happens when the DOJ’s Antitrust Division investigates a deal and issues what is called a Second Request. Responding to the Second Request can cost the parties millions, particularly when dealing with vast quantities of ESI. But proactive steps can be taken to make the process more efficient, control costs, and keep the focus where it should be – on whether the transaction really has anti-competitive effects.

So, how do you prepare? If your antitrust counsel thinks there is any possibility of a Second Request, immediately engaging counsel with deep experience with e-discovery and the Second Request process is key. Experienced e-discovery counsel will know:

• how to determine what systems are and are not easily produced to the DOJ;
• what vendors are capable of dealing with expedited collection and production;
• the DOJ’s production requirements, which are quite specific; and
• what kinds of data the DOJ and its economists will be looking for.

Preparing will cost some money up front. But you will be well along the road if the Second Request comes in, and as a result be in a better negotiating position with the DOJ as well as with vendors. And time is money  - the longer it takes to respond to the Second Request, the longer your deal is delayed.

So, like almost everything else having to do with the production of ESI, preparation is critical. Waiting will not make it easier – it will make it harder and more expensive.