Judge Rader stated last September (at the joint conference of the Federal Circuit and Eastern District of Texas) that the Model Order will serve as an aid to district courts to enforce “responsible, targeted use of eDiscovery.”  According to Chief Judge Rader, the Model Order was drafted by special committee of the Advisory Council for the Federal Circuit and was designed to achieve the efficiencies achieved via Federal Rule of Civil Procedure (“FRCP”) Rule 30 (which limits the number of depositions that may be taken by each party).

The Model Order contains discrete provisions orchestrated to minimize expensive, overbroad, and time-consuming eDiscovery requests by establishing a process by which parties should exchange information, including electronically stored information (“ESI”).  Under the Model Order, parties are required to exchange “core documentation” prior to any request or production of electronic mail.  This core documentation includes related to the underlying patent and it prior art as well as the allegedly infringing product.

One of the most impactful provisions of the Model Order is its distinct — and very detailed — treatment of electronic mail.  The Model Order actually presumes that general production requests shall not include email.  This addresses one of the most significant aspects of discovery in patent litigation, as a good deal of what is typically reviewed in such matters begins (and often ends) with a review of email.

Should this presumption be surmounted in a given matter, the Model Order also seeks to limit the number of custodians from whom email shall be produced.  “Each requesting party shall limit its email production requests to a total of five custodians per producing party for all such requests.”  This too can have a tremendous impact on the scope, expense, and timeliness of document reviews within patent litigation.

These changes alone are substantial, but the Model Order goes on to limit the nature and scope of eDiscovery in several other notable ways:

• Email production requests should be limited to a total of five search terms, per custodian, per party;
• Absent a showing of good cause, parties should be exempted from producing metadata;
• Costs will be shifted for disproportionate production requests (consistent with FRCP Rule 26); and
• Inadvertent productions are deemed a non-waiver within the pending case or any other state/federal proceeding (consistent with Federal Rule of Evidence 502).

These changes codify a material shift in thinking that speaks directly to the root causes of overblown eDiscovery efforts in patent cases.  Moreover, these changes should begin to bear fruit immediately in the form of reduced “digital haystacks” that parties are required to sift through in search of the proverbial needle(s) they seek.

Indeed, in a recent patent case in the Northern District of California, a U.S. Magistrate Judge granted a defense motion to govern discovery using an order quite similar to the Model Order (q.v., DCG v. Checkpoint Technologies).  Interestingly, in that case, the plaintiff asserted that the Model Order should not be applied, as it was designed to limit discovery abuses by so-called “patent trolls” (as opposed to disputes between actual competitors in the marketplace).  The Magistrate Judge disagreed with this assertion, stating that the Model Order neither deals exclusively with patent trolls nor exempts parties from discovery scope-limitations simply because they are market competitors.

Each event will be supported by a customized Toolbox — documents and other resources offering guidance on the topics covered by the webcast.  The next Toolworks Forum will focus upon the state of the e-discovery marketplace; the importance of intelligent, proactive information and litigation management; and practical steps companies can take to reduce expenses and risks associated with civil litigation and government investigations.

This webinar event will be held on Thursday, January 19, 2012, and it will begin at 1:00pm Eastern time and continue for 90 minutes.  CLE credit has been applied for, and full details can be found here.  Johnny Lee, Director in Grant Thornton’s Forensic & Litigation practice, and Dante Stella, eDiscovery practice leader at Dykema Gossett, will present.

A fascinating case from Connecticut may shake up the eDiscovery world.  About a month ago, Judge Kenneth Schluger ordered that soon-to-be-divorced couple Stephen and Courtney Gallion exchange the login information for their Facebook and dating websites.

Like many recent examples from the case law, the reasoning adopted by the court was that the content found within these accounts speaks directly to a matter before the bar.  Namely, Stephen Gallion is alleging that such content raises questions of parental fitness, something that speaks directly to the issue of custody in this divorce case, according to his divorce attorney Gary Traystman.

The reason this was elevated to the judge is that a prior agreement between the parties to share these account credentials broke down after evidence arose (according to Traystman) that Courtney Gallion had texted a friend, requesting that the recipient log into her accounts, delete some messages, and change some passwords.  The judge issued an injunction against such misbehavior, and he then ordered the parties’ attorneys to exchange passwords for such accounts held by both spouses as a furtherance to the discovery process.

Interestingly, this judicial order violates Facebook’s terms of service.  This raises questions of conflicting guidance, among others, though the parties are undoubtedly going to err on the side of listening to a judge.  As traditional notions of privacy continue to morph within the legal landscape, we will undoubtedly see more of these cases…so be careful what you put into your digital archive—no matter how private you believe it to be, it is both permanent and potentially discoverable.

I am pleased to announce that I will join luminaries from Vedder Price, a prominent U.S. law firm, in a discussion on “Managing your Data Avalanche” on November 16, 2011.  This webinar will delve into strategies for satisfying an organization’s legal obligations associated with Records Retention, eDiscovery, Litigation Holds, and Data Privacy.

“All too often, companies approach their data management obligations reactively and in a piecemeal fashion. This need not be the case; in fact, companies can satisfy their legal obligations with greater certainty — and more economically — through comprehensive data management strategies.”

This Webinar will be of interest to General Counsel, Chief Compliance and Information Officers, and those with a key role in managing eDiscovery or litigation within an organization.  This Webinar will provide an overview of legal trends in data management, with a specific focus on social media, cloud computing, eDiscovery, litigation holds, and data breach preparedness and response.  We will discuss ways in which companies can better manage their data through proactive data-management strategies.

To register for this webinar, please click here.  (Login information and presentation materials will be sent to registrants prior to the webinar.)

Click to learn more about Grant Thornton’s Forensics, Investigations and Litigation practice.   Click to learn more about Vedder Price’s Records Management, eDiscovery and Data Privacy practice.

I presented on the subject of Data Governance and Electronic Discovery, and how these concepts represent “flip sides of the same coin.” What was particularly rewarding for me was the level of interest and participation during our interactive case study. Thanks to all who attended and participated last week…I enjoyed myself immensely, and I hope that you found it a rewarding discussion.

ForensicUpdate editor, Johnny Lee, will lead tonight’s discussion with the University of Georgia’s Executive MBA class, a program of the University’s Terry College of Business.  The topic of tonight’s discussion is Information Security and Data Breaches: Real World Risks and How to Properly Prepare.

Lee was invited to lead this discussion by graduate studies Professor Dave Chatterjee.  The talk will cover some of the basic things that businesses can do to bolster their information security postures and to respond appropriately upon any indication (or allegation) of a data breach.

Joining me on the dais will Ed Shubert, 25-year veteran of the F.B.I. and current Director of Corporation Security at McKesson; Marty Smith, former Chief Information Officer at ChoicePoint; and Michael de Janes, former General Counsel and Chief Data Officer at ChoicePoint.  I’m excited about diving into some complex issues with these gentlemen, and I hope to see some familiar faces in the crowd.  Details on the event can be found here.

Listen as Philip Ratliff and Johnny Lee of Grant Thornton LLP’s Atlanta Forensics & Litigation practice comment on a broad variety of fraud issues facing organizations—especially in a down economy.  Segment one of the program can be found here; segment two can be found here.

In a matter before an Illinois District Court, a precedent has been set which sends a shot across the figurative bow of eDiscovery counsel.  The case before the Court dealt with alleged building and zoning code violations, and the Court found that defendant unintentionally shared privileged documents with opposing counsel—as well as failed to correct this error in a timely manner.  The Court went on to decree that defendants had effectively waived their privilege protections, which ought to get the attention of counsel everywhere.

This decision marks another milestone in the evolution of case law affecting eDiscovery.  Simply put, Courts continue to meld traditional notions of fair play into matters governed heavily via electronic data exchange.  Better said, Courts continue to heighten their expectations of parties when dealing with eDiscovery, cutting plaintiffs and defendants less slack for the complexities that often accompany large data volumes and/or complex data issues.

The plaintiff in the case (Thorncreek Apartments III, LLC v. Vill. of Park Forest – N.D. Ill. Aug. 9, 2011) sought an appeal to have the Court declare the documents in question, which defendants had inadvertently disclosed, not subject to privilege protections.  Just as with traditional litigation concepts involving the failure to act timely in the presence of identified issues, the Court found little sympathy for the defendants who simply took too long to “cure” their own discovery problems.  Ultimately, the Court held that the plaintiff’s request to waive privilege was reasonable, as the documents in question were submitted by the defendants some nine months earlier and defendant’s steps to prevent disclosure were “completely ineffective.”

The net effect of this ruling is that a very important protection that could have been afforded to the defendant was waived because that party did not understand (and act timely upon): the fact that it had disclosed privileged information; the need to act timely to keep these data protected (i.e., to “claw” these documents back from opposing counsel); and the need to seek assistance from the Court early and often throughout this process.  We can now add privilege waivers to the official list of what keeps eDiscovery counsel up at night…to the extent this item did not already figure prominently in such a list.

“Social media follows you around. Unlike Vegas, what happens online stays online forever with participants, leaving behind a wake of electronic information. As millions of smart-phone, Twitter, and Facebook users take to the Internet to send messages and post updates, they may place themselves and their businesses at risk.”

ForensicUpdate editor recently hit the airwaves with colleague Philip Ratliff on San Diego’s popular legal talk radio show with Jeff Isaac, host of “The Lawyer in Blue Jeans” program, to illuminate the concerns and issues related to the risks of social media use by individuals and businesses alike.

Listen as Philip Ratliff and Johnny Lee of Grant Thornton LLP’s Atlanta Forensic & Litigation practice discuss social media risks that can become serious issues if not dealt with carefully.

From Grant Thornton: “Companies involved in either reductions or expansions in force should be prepared for scrutiny over whether the composition of affected employees or job applicants is driven by business-related factors and whether there is evidence of an adverse impact on protected class members. In The role of economists in reduction (or expansion) in force discrimination cases we discuss how economists can assist a company’s legal counsel in validating or invalidating a plaintiff’s claim that the selection process has had an adverse impact on employees in a protected class.

Read more in Decision time:  The UK Bribery Act and what it means for U.S. companies.  This timely thought leadership comes from Grant Thornton’s Focus on Forensics series, a newsletter providing valuable forensic insights into some of the most complex and critical challenges facing businesses and legal counsel today.

Click here for prior online editions of this newsletter or to subscribe to upcoming editions, and click here for more information about a Grant Thornton Forensic & Litigation Services professional near you.

An interesting case from late 2010 highlights just how closely some courts are scrutinizing counsel’s obligations to both initiate evidence-preservation efforts and to monitor that preservation throughout the litigation lifecycle of a given matter.  In Am. Gen. Life Ins. Co. v. Billard, 2010 U.S. Dist. LEXIS 138570 (N.D. Iowa Dec. 29, 2010), a defendant insurance company sought to obtain details related to both the nature and extent of the Plaintiff’s litigation hold protocols.

Plaintiff’s response was both curious and bold.  Conceding that there was no litigation hold issued and that counsel had, in fact, received but not reviewed the company’s record retention policies and procedures, counsel proceeded to tell the court that neither of these may be important because the Plaintiff employed a “comprehensive method” for preserving electronically stored information (“ESI”).

Unfortunately (at least for followers of this particular arena of case law), the court punted on the question of whether “comprehensive method” of ESI preservation could obviate the need for a litigation hold letter (and accompanying monitoring by counsel).  That said, the court did require Plaintiff to either produce any litigation hold letters issued or to state that none in fact were issued, effectively forcing an admission that counsel may have dropped the ball in failing to put individual custodians on notice of their preservation obligations.

Leaving aside the novel argument that a sophisticated data-preservation system could allow organizations to avoid spoliation dangers, the court in this case seems to rebut another motif in the eDiscovery universe that is receiving a lot of attention.  The theme in question is what commentator Ralph Losey has aptly dubbed the “Luddite fallacy” (albeit in a slightly different context).  Simply put, the fallacy is that technology will eventually displace the independent judgment of both counsel and those data custodians with direct knowledge of potentially relevant evidence.  We see this in the well chronicled fears that document review technologies will displace high-dollar reviewing attorneys.  It now seems that we must apply equal skepticism to the perceived “threat” that technology can displace the experts’ roles in evidence preservation and production.

Until courts bless, without qualification, the notion that you can hit the “Easy Button” and dispense with your litigation risks, this commentator thinks it best to stick with the tried-and-true method of opening lines of communication early and often among counsel, relevant data custodians, information technology professionals, and any other experts that may be deployed in a given litigation or investigation.  Technology can support these key steps in very effective and efficient ways, but the failure leverage the appropriate individuals and processes could result in new and memorable case law…though not necessarily in a way that your organization would find beneficial.

Let’s face it, the thought of enterprise email management simply is not topping the list of sexy, self-evident corporate priorities these days.  Of course, there’s nothing like the negative treatment of genuinely embarrassing news coverage or court sanctions (or worse) to get organizations to revisit the necessity of this vital portion of data governance.

Simply put, it’s hard to fund (much less carry to fruition) an enterprise program that focuses on data management.  While litigation and prosecutions may make headlines, email management is not merely about avoiding culpability and other pitfalls in those arenas.  Properly done, enterprise email management can reduce IT spend, make business processes more efficient, and save hundreds of thousands (if not millions) of dollars annually for companies facing any sort of regulatory scrutiny or civil litigation.

Indeed, companies in every industry and geography are seeing an increase in the rate of litigation and regulatory scrutiny.  This increase is changing not just the way organizations handle such matters but the way in which they do business generally.

According to the latest installment of the annual Corporate Litigation Trends from international law firm Fulbright & Jaworski, many organizations are anticipating not only an increase in litigation and regulatory activity, but half believe that the “legal industry” will permanently change the way their business is conducted.  The survey also highlights the belief that legal and regulatory changes related to corruption and bribery investigations, data privacy, and social media will force organizations to think more proactively about their data governance initiatives.

Of course, there is no shortage of literature detailing why data governance is a good idea.  Despite this, few organizations get this right.  The profound disconnect between stakeholders within IT, Legal, HR, and Finance seems to be the principal explanation for why more organizations are not successful in these programs.  Historically, most companies launch an earnest (though myopic and frequently doomed) effort from the IT group.  When this effort failed for lack of consensus or effectiveness, organizations would effectively shelve effort for another year, chalking it up to insurmountable obstacles.  For a long time, this “charmed life” syndrome was permitted because companies so rarely faced a bet-the-company proposition that hinged on something as mundane as records management.  Today’s legal and regulatory arena makes this attitude a substantial gamble, and fewer executives, boards of directors, and audit committees are willing to tolerate it any longer.

More and more organizations are taking a proactive stance, and they seem to start with what is typically the most substantial data repository: electronic mail.  This is probably a wise gambit, though it should be tackled circumspectly.  While true that corporate users exchanged over 60 billion e-mails daily in 2009, it is sheer folly to consider this issue as strictly a technological headache.

The failure to integrate policy, training, monitoring, and PROCESS is the chief reason cited by courts and regulators for sanctions—not the breakdown of a given technology.  Accordingly, if you are in an organization that is finally seeing the light and embracing data governance, learn from the missteps of your colleagues: treat the enterprise initiative of data governance like…well, an enterprise initiative.  Lead with the notion of a “program” (not a project) and manage change from the top down (i.e., establish policy stances that extend to everyone; design process that aligns with policy; then select technology that aligns with these processes).  Finally, don’t forget about training, custodian acknowledgements, and monitoring controls.

Employers would be wise to review the fact pattern from a Columbus manufacturing company which was involved in a federal investigation related to the theft of trade secrets from a departing employee.  The former employee, Kevin Crow, admitted to stealing highly confidential information from Turbine Engines Components Technologies Corporation (“TECT”) in violation of the Economic Espionage Act.

Crow’s plea deal with the government resulted in a three-year jail sentence, another three years of “supervised release,” and a $10,000 fine.  The deal details Crow’s misbehavior from 1979 until 2007 (when he was laid off), at which time Crow joined a competitor.

Crow admits to walking out the door with close to one hundred (100!) compact discs containing top secret information—including blueprints as well as cost and pricing information.  Both TECT and Crow’s newest employer are in the business of “manufacturing and selling engine blades for military aircrafts.”

According to a press release from the United State Attorney’s Office in the Middle District of Georgia, “As an employee of TECT, Crow continually provided policy statements with explicit direction on identifying trade secrets within the company and how to protect those trade secrets. During Crow’s exit interview he signed a document stating that he had returned all documents containing any trade secret information to TECT, when in fact, he had taken approximately 100 computer discs containing multiple pieces of information considered trade secrets from TECT.

Crow was later employed by Precision Components International (PCI) in Columbus, Georgia, a competitor of TECT…After being employed with PCI, Crow made numerous contacts with employees of TECT requesting forging price sheets containing vendor and customer information. He also requested copies of TECT’s 2007 and 2008 contract reviews that contained trade secret information.  Crow admitted in a conversation with a TECT employee that he took computer discs, blueprints, and cost and pricing information belonging to TECT, and admitted that providing the information could be considered industrial espionage.”

United States Attorney Michael Moore said, “This type of industrial espionage is a serious matter, especially when it involves the production of parts for our military aircraft.  The damages alone to TECT and its employees might be calculated in dollars, but the potential harm to our military equipment readiness is still unknown.”  The parties involved in the plea agreement stipulated that TECT suffered losses of up to $14 million.

So, how can companies protect themselves from employees as unscrupulous as Crow?  The above fact pattern makes it clear that this is no easy proposition, but a robust data governance program seems like the most reasonable first step.  When considering the nature and sensitivity of the information used and protected by TECT (and similar firms), it strikes this editor as quite odd that more advanced data leakage and information security protocols were not employed at TECT.

The FBI employs highly competent investigators, and I have little doubt that Crow might have evaded detection for quite some time but for this fact.  Likewise, Crow might not have been caught if he were less overt in his attempts to obtain sensitive information (not to mention his rather myopic and incriminating admissions to former co-workers).  The take-away here is that the technology exists to send up flares long before a problem surfaces, as it did here, “procedurally” (as opposed to tripping a wire via one or more monitoring controls).  But for Crow’s brazen missteps, this theft of information might have gone undetected for a long, long time.

See also: Microsoft accuses former manager of stealing 600MB of confidential docs

Dodd-Frank Act creates new record-keeping requirements for Commodities Traders…

On July 21, President Obama signed the Dodd-Frank Wall Street Reform and Consumer Protection Act.  This law creates significant financial industry changes as well as an “incentive program” that provides monetary rewards to individuals who report securities violations (so long as those reports lead to the government’s recovery of sanctions exceeding $1 million in criminal and civil proceedings).  The law also establishes record-keeping and reporting requirements for swap dealers and major swap participants, and it requires the Commodities Futures Trading Commission (“CFTC”) to adopt rules that prescribe which records must be maintained by swap dealers and major swap participants.

Obviously, there are immediate and impactful changes to companies put on notice about potential whistleblower reports.  The new “bounties” will arguably increase the number of whistleblower allegations, while the language of the new Act will make the careful steps taken by companies and their legal counsel even more important, as they embark upon independent internal investigations “as quickly and accurately as possible to determine the overall scope of the allegations and level of misconduct committed.”

Companies subject to the Act, would be required under the proposed CFTC rules to maintain full and complete transaction and position information for all swap activities.  Further, these records must be maintained in a “manner that is identifiable and searchable by transaction and by counterparty.”  Likewise, the proposed rules would require the retention of basic business records, including corporate governance minutes, organizational charts, and audit/compliance documentation.  The Act’s data retention requirements even extend to certain financial records (such as information related to cash positions or forward transactions used to hedge), records of complaints against personnel, and marketing materials.  The good news in all of this is that those entities already compliant with existing CFTC records rules would see no changes to at least the retention periods.

For an excellent write-up of the broader impacts of the Dodd-Frank Act, click here.  Check dodd-frank.com for a general overview of the Act and for updates on this Act and other important securities laws.

• Can one apply both methods to the same damages calculation?
• Can lost profits exceed business value?
• Is one method more certain, or does it provide a better estimate, than the other?
• Do certain circumstances indicate that one method must be used?

Read more in Business damages measurement: Lost profits or business valuation?

If you would like to subscribe to Focus on Forensics or another Grant Thornton LLP publication, please fill out this subscription form.

In early December, a division of Chartis Insurance (the artist formerly known as AIG), announced that it would offer a new insurance product focused upon evidence spoliation.  Interestingly, the product is designed to guard against claims arising from direct physical loss or damage to items that serve as material evidence in a legal proceeding.  Perhaps it’s the geek and the recovering attorney in me, but a couple of things are notable in this offering.

First, as with any insurance product, there must be a triggering event.  The event here is where the insured party is alleged to have breached its professional duty of care related to the preservation of property that is deemed to have evidentiary value.  The insurance would protect against liability for monetary damages and settlement, as well as defense costs for claims alleging a breach of professional duty.

Second, to be clear, this is not insurance that obviates the need for controls or proper handling of sensitive information, though the level of controls maturity will clearly affect how premia are rated.  This product, at least as initially introduced, does not appear to be aimed at entities protecting their own data.  This insurance offering appears to be geared toward organizations that are “conducting analysis on the property of others” and who, as a result of this analysis, may find themselves “exposed to spoliation as a separate tort” (i.e., sued for the harm caused by losing another party’s stuff—either by the party who owned the lost stuff or by a third party).  In legalese, this insurance protects against claims arising from the failure to preserve property of evidentiary value belonging to others that is in the care, custody, and control of the insured.  (Hint: Think engineering firm or research group conducting a form of benchmarking on data provided by a company.)

Despite the ostensible target market, it will be interesting to see how other vendors (especially so-called “cloud” vendors) react to this sort of insurance offering.  Indeed, there is the old saw—certainly trotted out with great frequency during the heyday of Sarbanes-Oxley compliance—that while you can outsource processes and services, you cannot outsource the risks related to same.  So, this leaves us with the question of whether the (potential) availability of such an insurance product to cloud vendors (and other third parties in possession of sensitive and valuable data) will decrease the diligence of these providers in the protection of these sensitive data.  An even bigger question is what companies hoping to outsource to such vendors should do about this.  It definitely will be an interesting area to monitor over the near term.