E-Discovery Law Alert

E-Discovery Law Alert

Developments in Electronic Discovery and Corporate Information Technology

Attempting to Shoot for the Moon and Settle For the Stars During the Meet and Confer Process May Result in Obtaining Neither

Posted in Legal Decisions & Court Rules

A recent decision out of the Northern District of California provides a sobering reminder that a party’s obligation to meet and confer must be undertaken in good faith. If a party is overly aggressive – and therefore perceived not to be acting in good faith – it may wind up with nothing.

Boston Scientific Corporation v. Lee, was a fairly typical case involving a former employee’s alleged theft of trade secrets. Defendant Dongchul Lee (Lee) left Plaintiff Boston Scientific Corp. (Boston) and began working for a competitor, nonparty Nevro Corp. (Nevro). Shortly thereafter, Boston sued Lee, claiming theft of trade secrets and violation of a confidentiality agreement. Boston alleged Lee had downloaded its confidential information onto a USB thumb drive, and used these trade secrets in his subsequent employment with Nevro.

Continue Reading

Rule Amendments Update: Standing Committee Approves Proposed Changes

Posted in Legal Decisions & Court Rules

On May 29-30, 2014, the Judicial Conference’s Standing Committee on Rules of Practice and Procedure (the “Standing Committee”) met and approved the proposed amendments to the Federal Rules of Civil Procedure. (For background information on the proposed amendments, see our previous blog posts from May 27, 2014, February 10, 2014, and May 6, 2013.) The Standing Committee approved the entire slate of proposed amendments, including changes to the scope of discovery, as defined in Rule 26(b)(1), and changes to the standard to be applied by courts when imposing curative measures or sanctions for the spoliation of electronically stored information, as per Rule 37(e). Before approving the proposed amendments, the Standing Committee made several minor revisions, including changes to the proposed Committee Notes to Rules 26 and 37 (the meeting minutes setting forth the precise changes were not available as of writing). The Agenda Book from the Standing Committee’s meeting is available here.

The full Judicial Conference will take up the proposed amendments during its next meeting in September 2014. If approved by the Judicial Conference, the proposed amendments will then be submitted to the U.S. Supreme Court for consideration and approval. If adopted by the Supreme Court before May 1, 2015, the proposed amendments would take effect on December 1, 2015.

Michael C. Landis is an Associate in the Gibbons Business & Commercial Litigation Department and a member of the Gibbons E-Discovery Task Force.

ABA Says that Attorneys May Investigate Jurors’ Social Media Presence, Even if Automatic Notifications are Generated

Posted in Legal Decisions & Court Rules

The American Bar Association’s Standing Committee on Ethics and Professional Responsibility recently weighed in on the ethical parameters of attorneys’ investigation of jurors’ social media presence. In ABA Formal Opinion 466, the Committee concluded that an attorney may review a juror’s social media presence; an attorney may undertake that review even if the social media website issues a notice to the juror that the attorney viewed his social media profile; and an attorney may not request private access to a juror’s social media profile.

Attorney review of jurors’ profiles is a hot-button topic in light of ABA Model Rule 3.5, which prohibits ex parte communications with a juror “unless authorized to do so by law or court order.” And importantly, ABA Model Rule 8.4(a) prohibits a lawyer from causing another to take actions that a lawyer cannot.

With these Model Rules in mind, the Committee reasoned that “passive review” of jurors’ publicly-available social media is permissible because a lawyer or his agent may, for example, “drive[] down the street where the prospective lawyer lives to observe the environs in order to glean publicly available information that could inform the lawyer’s jury-selection decisions.” (Indeed, this blog has previously suggested the consideration of “non-cyber” situations as a good “rule of thumb” for evaluating ethical boundaries in the evolving area of social media.) The Committee concluded that such non-invasive investigation would not run afoul of Model Rule 3.5.

Continue Reading

Appellate Division Says Adverse Inference Inappropriate Where Records Were Ultimately Produced

Posted in Legal Decisions & Court Rules

In a recent decision, the New Jersey Appellate Division held that a trial court’s adverse inference instruction for e-discovery misconduct was an unreasonably harsh penalty where the electronically stored information (ESI) was eventually produced. The Appellate Division’s opinion in Liberty Mutual Insurance Co. v. Viking Industrial Security, Inc. illustrates and reaffirms the principle that discovery sanctions must be just and reasonable, and proportional to the prejudice caused to an adversary, regardless of bad faith or willfulness of the misconduct.

In Liberty Mutual, defendant Viking Industrial Security (“Viking”) allegedly understated its payroll for the purpose of reducing workers’ compensation insurance premiums. Liberty Mutual terminated Viking’s policy and litigation ensued. During discovery, Viking was evasive in responding to Liberty Mutual’s request for electronic payroll records, first claiming the records didn’t exist and then claiming a lack of proficiency with the computer program where the records were maintained. When finally ordered to turn over the records, Viking produced another disc, this time missing information. Ultimately, the court granted Liberty Mutual direct access to Viking’s computer program to download the electronic records itself.

Thereafter, Liberty Mutual moved for sanctions. The court found Viking had acted in bad faith and engaged in a “calculated method of discovery misconduct,” and awarded Liberty Mutual costs and fees associated with obtaining the ESI. The court also issued two spoliation orders, conclusively establishing certain claims and granting an adverse inference as to others.
Continue Reading

Exploration of Sophisticated Cloud Computing Abilities Unnecessary When Responding to Discovery Demands

Posted in Legal Decisions & Court Rules

A new decision out of the District of New Jersey holds that a company need not utilize its cloud-based comprehensive document search tools absent evidence that its standard custodian-based approach to data collection was deficient.

In Koninklijke Philips v. Hunt Control Systems, a multi-billion dollar trademark dispute, defendant Hunt Control Systems, Inc. (“Hunt”) served plaintiff Koninklijke Philips N.V. (“Philips”) with discovery demands that included requests for production of electronically stored information (“ESI”).  To prepare its response, Philips requested information from eight specific employees.

Hunt was dissatisfied with Philips’ response, claiming it was able to locate numerous significant documents not produced by Philips, and hence Philips’ custodian based approach was ineffective. Hunt’s expert provided a declaration stating that “due to its cloud-based IT structure, Philips has available to it some of the most sophisticated and comprehensive state-of-the-art document search and location tools” and alleged that “Philips refuses to use these tools to satisfy its obligations.” Hunt sought a Rule 30(b)(6) deposition of Philips’ IT witness to “understand why and how these sophisticated tools are somehow inappropriate in spite of their clear design to accommodate eDiscovery.” Continue Reading

Rule Amendments Update: Advisory Committee Approves Proposed Changes, But Not Before Rewriting Rule 37(e)

Posted in Legal Decisions & Court Rules

Like many, we’ve been following closely the process to amend the Federal Rules of Civil Procedure. (See our previous blog posts from May 6, 2013 and February 10, 2014.) Last month, the Advisory Committee on Rules of Civil Procedure took the next step in that process by approving the proposed amendments and submitting them to the Standing Committee on Rules of Practice and Procedure for its review and possible approval (the Agenda Book from the Advisory Committee’s April 10-11, 2014, meeting is available here). But before doing so, the Advisory Committee took the particularly noteworthy step of completely rewriting the proposed amendment to Rule 37(e).

The rewriting of the Rule 37(e) amendment was prompted by the nearly 2,500 comments that the Advisory Committee received during the public comment period that was open from August 2013 to February 2014. Among other changes, the revised version of the amendment to Rule 37(e) explicitly limits the application of the rule to electronically stored information. The revised version also removes any reference to “sanctions” or Rule 37(b)(2)(A) as a source of sanctions, and it reinstates some of the inherent judicial discretion that had been removed by the previous version.
Continue Reading

Adverse Inference Instruction Warranted For Insurer’s Breach of Retention Policy

Posted in Legal Decisions & Court Rules

It should come as no surprise that litigants continue to ignore such basic discovery obligations as the duty to preserve potentially relevant documents once litigation is reasonably anticipated. A recent case out of the Northern District of New York exemplifies the importance of patience in establishing a record of discovery abuses, including data deletion, before seeking sanctions to address such situations.

In Dataflow, Inc. v. Peerless Ins. Co., 3:11-cv-1127, NYLJ 120263980764 (N.D.N.Y., Jan. 13, 2014), Dataflow sought insurance coverage under a policy covering employee dishonesty where a Dataflow employee misappropriated over $1M and later pled guilty to felony grand larceny and forgery. Peerless denied coverage and Dataflow filed suit. In discovery, Dataflow sought Peerless’ internal communications and investigations related to its claim. Notwithstanding two requests for production, Peerless failed to produce internal communications regarding its analysis of Dataflow’s claim. During the deposition of the Peerless representative who handled the Dataflow claim, Dataflow learned that Peerless regularly used email to discuss the claim. Following the deposition, Dataflow repeated its demand for production of emails, but Peerless claimed the emails were unavailable because of a system change and that emails not actively marked for preservation were deleted, notwithstanding Peerless’ internal policy requiring preservation of all business records related to a potential claim.

The Magistrate Judge granted Dataflow’s motion for sanctions, including a request for an adverse inference and attorney’s fees and costs associated with the motion. In its objections to the Magistrate Judge’s Report-Recommendation, Peerless argued it was not grossly negligent and that Dataflow failed to demonstrate prejudice and/or that the destroyed emails were not relevant. The Court rejected Peerless’ contentions, observing that Dataflow had identified several deleted and not-produced emails regarding the insurance claims. The Court further explained that Dataflow demonstrated that the emails “may have been more generally harmful to [Peerless]” in light of the fact that Peerless admitted destroying emails in a system change after having notice of a potential claim. Furthermore, the Court noted that Peerless appeared “purposefully sluggish” in admitting that any relevant emails existed. Accordingly, the Court found an adverse inference instruction to be warranted.

Continue Reading

Gibbons Directors to Speak at Upcoming ‘Cybersecurity in Securities Markets’ Bloomberg BNA Webinar – May 14

Posted in Technology Developments & Issues

On May 14, from 1:00 – 2:30 pm, Gibbons Directors John R. Hewitt, Mark S. Sidoti, and Kevin G. Walsh, along with Timothy P. Ryan of Kroll Advisory Solutions Cyber Investigations, will speak at Bloomberg BNA’s webinar – “Cybersecurity in Securities Markets.”

This program will provide an in-depth understanding of cybersecurity requirements on a state and federal level. The webinar will follow closely the content of the new Bloomberg BNA Securities Practice Series Portfolio, Cybersecurity in the Federal Securities Markets, written by John R. Hewitt that is now available at the Bloomberg BNA Bookstore at http://www.bna.com/cybersecurity-federal-securities-p17179889693/. Topics of discussion include:

  • The evolution of cybersecurity laws and regulations in the securities markets
  • An analysis of Regulation S-P and its proposed amendments
  • The identity theft Red Flags Rule
  • State data security laws
  • An extensive review of the requirements for comprehensive information security programs and data breach notification
  • A detailed review of the National Institute of Standards and Technology’s new Cybersecurity Framework
  • The SEC’s new OCIE Cybersecurity Initiative

The speakers will also review current software vulnerabilities, mobile app malware, BYOD problems, app store security, and other current vulnerability issues. Current civil, regulatory, and criminal actions in this area will also be analyzed, as well as relevant e-discovery issues.

Continue Reading

New York Court Rules Email Evidence Stored Abroad is Subject to Criminal Warrant Issued Under Stored Communications Act

Posted in Legal Decisions & Court Rules

Southern District of New York Magistrate Judge Francis has determined that Microsoft must comply with a U.S. Government’s warrant seeking a user’s email content even though the emails are stored in Microsoft’s datacenter in Dublin, Ireland. The decision is likely to get widespread attention and be the subject of future court review, as it expands the reach of a government criminal warrant beyond the borders of the United States to allow for the collection of evidence abroad.

The obligation of an Internet Service Provider (“ISP”) like Microsoft to disclose to the U.S. Government customer information or records is governed by the Stored Communications Act (“SCA”), which was passed as part of the Electronic Communications Privacy Act of 1986 and codified at 18 U.S.C. §§ 2701-2712. The warrant in this case, obtained under SCA Section 2703(a) after a showing of probable cause as required by the Federal Rules of Criminal Procedure (see Fed. R. Crim. P. 41(d)(1)), authorized the search and seizure of information associated with a specified web-based e-mail account that is “stored at premises owned, maintained, controlled, or operated by Microsoft Corporation.” Microsoft complied with the search warrant by producing certain non-content information about the customer’s account that was stored on its servers in the United States. However, after the company determined that the target account was hosted in Dublin, it moved to quash the government warrant to the extent that it directs the production of email content and other information stored abroad. Microsoft argued that because Federal courts are without authority under the Federal Rules of Criminal Procedure to issue warrants for the search and seizure of property outside the territorial limits of the United States, the SCA warrant also must be limited to electronic information “located” in the United States, not abroad.

Finding the warrant language of the SCA “ambiguous” on the point of its extraterritorial application, Judge Francis examined the “statutory structure, relevant legislative history, [and] congressional purposes” of the SCA. First, the Court noted the “unique structure” of the SCA that allows for the court to issue something of a “hybrid” between a subpoena and a warrant. Noting that it has “long been the law that a subpoena requires the recipient to produce information in its possession, custody, or control regardless of the location of that information,” the SCA’s warrant provision should not be read to forbid the extraterritorial gathering of electronic information any more than a subpoena would forbid it. The “probable cause” requirement under the SCA is an added safeguard to a user’s privacy, not a territorial restriction on where data can be gathered. Second, the Court concluded that the legislative history of the SCA on the point was ambiguous, but noted that Congress at least had “anticipated that an ISP located in the United States would be obligated to respond to a warrant issued pursuant to section 2703(a) by producing information within its control” regardless of where that information itself was located. Finally, the Court examined the practical considerations at stake if Microsoft’s position was correct, and held that gathering evidence under a multi-national treaty is slow and cumbersome and, in some cases, cannot even be done. Moreover, recent decisions of the United States Supreme Court that frown upon the extraterritorial reach of substantive federal statutes, such as certain securities laws, do not resolve the issue because “an SCA Warrant does not criminalize conduct taking place in a foreign country” but instead places obligations only on the service provider to act within the United States.

Continue Reading

Think Before You Send: Communications to an Attorney Using Work Email May Not Be Protected Under the Attorney-Client Privilege

Posted in Legal Decisions & Court Rules

Generally, a confidential email sent to one’s personal attorney is protected under the attorney-client privilege. But what if the communication is sent using a business email account? Will a corporate policy entitling the company to access “all communications” sent on work computers undermine the privilege? Followers of this blog will recall, among other posts, our detailed recap of the extensive discussion of this issue at our Annual E-Discovery Conference in the wake of the New Jersey Supreme Court’s decision in Stengart v. Loving Care Agency, Inc., upholding the privilege where the employee used a company computer to communicate with her attorney via a personal password-protected internet based e-mail account, and sanctioning the employer’s attorneys for failing to turn over the protected communications. Readers may also recall our discussion of US v. Hamilton, where the United States Court of Appeals for the Fourth Circuit held that a husband waived the marital communications privilege when he sent messages from his work email account to his wife, but took no steps to protect their sanctity. Since those decisions, courts nationwide have continued to wrestle with these issues. Most recently, a Delaware Court held an employee waived the attorney client privilege where he used his work email account to email his lawyer with knowledge of the company’s policy establishing its right to access all communications on work computers.

In re Information Management Services, Inc. Derivative Litigation, Consol. C.A. No. 8168-VCL (Del. Ch. Sept. 5, 2013) involved a derivative action brought by two family-owned trusts (“Plaintiffs”) who alleged the company’s officers breached their fiduciary duties by mismanaging company funds. During discovery, Information Management Services, Inc. (“IMS”) advised Plaintiffs that two of the officers (the “Officers”) used their work email accounts before and after the filing of the lawsuit to communicate with their personal lawyers. Plaintiffs requested the emails be produced, but the Officers refused, citing the attorney-client privilege. Plaintiffs claimed that the Officers’ waived the privilege when they used work email accounts through the company servers. Plaintiffs also cited the company’s written policy notifying employees of its unrestricted access to communications sent through company computers and that personal use should not be considered private.

The court considered whether the emails constituted “confidential communications” under Delaware Rule of Evidence 502 (governing attorney-client privilege), which protects as confidential communications “not intended to be disclosed to third persons other than those to whom disclosure is made in furtherance of the rendition of professional legal services to the client or those reasonably necessary for the transmission of the communication.” The Court employed the following four factor test to determine whether the Officers had a reasonable expectation of privacy in work emails: 1) is there a company policy banning “personal or other objectionable use,” 2) does the company monitor employee email or computer use, 3) do third parties maintain a right of access to email or the computer, and 4) was the employee notified by the company, or was the employee otherwise aware of the use and monitoring policies?

Continue Reading