Busy Month Coming Up…

 

Another busy Fall season focused on spreading the good word related to Data Privacy and eDiscovery.  My first stop on the whistle tour is a collaboration with the inimitable Suzanna Newton and her eDiscovery Intelligence Summit in Atlanta.

 

 

My next stop in October is with the good folks at UBS Financial Services.  They have asked that I speak at their annual Investors’ Conference in Charlotte on the subject of data privacy and information security.  I look forward to both events, as they are not only focused on very different audiences but on equally challenging topics.  If you’d like details on either event, please don’t hesitate to reach out…we’d love to have you.

 

 

I’ll next head to the 2014 All Star Conference for a reprise of my 2013 talk on “eDiscovery and Data Governance: Flip Sides of the Same Coin” in Las Vegas with the good folks at the IIA.

 

 

Finally, I’ll wrap up the month in Atlanta on an ICLE Georgia panel discussing eDiscovery matters with some real luminaries from the legal field.  I’m flattered to be included in each of these events, and I’m looking forward to each.

 

 

 

———-

Please see the disclaimer associated with content published on (and associated with) this site.

 

Enjoyed presenting to SCCE…

 

Another wonderful time presenting with the good folks at SCCE.  What I appreciate most about this group is their willingness to tailor an audience to the topic (and vice versa).  I’m impressed with their professionalism, and I hope that the attendees gained value from my commentary.

Looking forward to my keynote @ #AIIM14

Looking forward to some excellent networking and good feedback on my keynote presentation on #InfoGov and #eDiscovery at this year’s AIIM Conference in Orlando.

 

 

 

 

 

 

———-

Please see the disclaimer associated with content published on (and associated with) this site.

 

Information Governance & eDiscovery: Flip Sides of the Same Coin…

I’m excited to have been selected to present a keynote address at the upcoming AIIM Conference in April 2014.  As a furtherance to that invitation, I was asked a series of questions about my presentation.  As these were excellent questions, I thought I’d re-post them here, along with my answers to same.  I hope that you find these valuable.

Q: Briefly define information governance

A: I would define Information Governance as an enterprise-wide program that incorporates multiple organizational disciplines and that contemplates policies, procedures, processes, and controls designed and implemented to manage information at an enterprise level. Properly derived, Information Governance supports an organization’s immediate and long-term operational, regulatory, legal, and risk management requirements as they relate to the management of information.

Q: We keep reading about ediscovery and governance, who cares?

A: Organizations with a strategic view of these things recognize that Information Governance and eDiscovery are flip sides of the same coin. Simply put, the only way to diminish the significant risks attendant with eDiscovery is to go “upstream” of that triggering event, working to put in place the very policies, procedures, processes, and controls referenced above. The failure to “care” about this means that an organization will always venture into the eDiscovery game on a reactive (and thereby less effective) footing.

Q: Who SHOULD care? And Why?

A: Historically, the province of eDiscovery has been handled between an organization’s IT department and legal counsel. That said, as missteps in both eDiscovery and general data management practices carry increasingly severe penalties, creating proactive, long-term solutions is becoming the province of numerous groups across the enterprise — from the compliance and legal departments to the operational, financial, and executive branches as well (i.e., those with the best knowledge of the content being sought and analyzed).

Q: You mention an IT and legal disconnect in your description, how do you bridge that gap?

A: For the most part, the legal and IT camps have been separated by a common language. Many of the issues related to Infobesity (or the unnecessary storage of data that carries no operational value — and, worse, that carries significant risk) have arisen from the failure of these groups to communicate effectively about the long-term ramifications of maintaining the status quo. The only way to bridge this gap is for these two groups to meet in the middle, with each understanding the particular challenges the other is facing. This is not easy, but it is the only meaningful way that organizations can hope to reduce the digital haystacks before they are forced to sift through them in search of a few needles.

Q: What’s one key enabling tool for ediscovery and/or governance?

A: While we’re still many years away from any so-called magic bullet, there have been tremendous advances in technologies that can assist in these efforts. One of the most promising technological developments in recent years is the concept of predictive coding (or auto-classification) of large document sets. This technology holds a lot of promise for organizations looking for a cost-effective and defensible means to shrink their digital haystacks.

Q: One key best practice for ediscovery?

A: One of the most game-changing best practices in the eDiscovery space is good, old-fashioned project management. Proactive communication, scope-setting, and right-expertise-at-the-right time can make all the difference between a successful eDiscovery exercise and one that falters. This sounds simplistic, but many organizations still struggle to recognize this fundamental truth.

———-

Please see the disclaimer associated with content published on (and associated with) this site.

 

Through the Google Glass Darkly…

It’s always a challenge to summarize the year for a subject matter as volatile and complicated as Electronic Discovery.  One could spend a few hours looking through the lens of a Google search engine, and days digesting the results, or you could simply peruse the superb summary penned by Joshua Gilliland, the blogger for Bow Tie Law, one of the two attorney bloggers for The Legal Geeks, and a Litigation World columnist.

It’s this last forum where we find the year-in-review that neatly summarizes the four most prominent “lessons learned” from the 2013 eDiscovery trenches.  I commend this to all in this space, as it captures the major themes and provides the most cogent excerpts from the key court opinions that shaped this very interesting year for our industry.

Gilliland readily focuses on the four lessons that “rise above all others: (1) the duty to preserve remains a hot button issue, (2) litigators still fight over the form of production, (3) proportionality is alive and well, and (4) taxation of costs is a sleeping giant we need to confront.”  Please do take the time to review this update…you won’t regret it.

———-

Please see the disclaimer associated with content published on (and associated with) this site.

Panel Discussion on Data Preservation @ 2013 IT-LEX Conference…

“Technology is outpacing the law. IT-Lex is a technology law 501(c)(3) not-for-profit organization dedicated to narrowing this gap with entertaining educational experiences.  We are pleased to offer our first annual conference, Innovate.”  The Innovate Conference is an active learning experience with a focus on user participation, and ForensicUpdate editor Johnny Lee will participate in a panel discussion on Friday, October 18th on the topic of data preservation and evidence collection.  Please click here for more details.

———-

Please see the disclaimer associated with content published on (and associated with) this site.

The (not so) Lost Art of Dropping the Ball…

Students of eDiscovery case law (at least in the United States) are quick to identify the motifs that make for good sanctions stories. From Creative Pipe to Qualcomm to a host of others in recent years, one of the stark themes in these cases is the notion of “abuse” of the process.

In a recent case from the Northern District of Ohio, we have these motifs in spades. Indeed, this decision hearkens back to Magistrate Judge Paul Grimm’s insightful synthesis of spoliation law as it relates to electronically stored information in the Victor Stanley, Inc. v. Creative Pipe, Inc. matter.  This current case, however, involves a 2006 suit brought by the United States Equal Employment Opportunity Commission (EEOC) on behalf of Dean Okafor and Hakim Nurridim, who allege that Defendants directed racial slurs at them and that Defendants retaliated for the discrimination charges brought by the EEOC.

In January of 2013, United States District Judge John Adams declared a mistrial after finding that attorneys for one of the parties had removed critical information from trial exhibits. While “redaction” is certainly not a novel concept in American litigation, the inability to explain the reasoning behind such edits tend to be frowned upon in American jurisprudence, and this is what makes this particular sanction example so intriguing.

Judge Adams found that the underlying information that was removed “could clearly alter the entire landscape of these proceedings and the legal theories pursued during trial.” Accordingly, the removal of these data from exhibits, coupled with the inability to articulate any sound reasoning behind the practice, “clearly resulted in substantial prejudice.”

Adams goes on to write that “[in] candor, the Court has strongly considered default judgment in this matter,” citing “a lingering question over how much evidence may never be produced due to either Defendants’ negligence or malfeasance.” Indeed, the only reason for withholding this particular sanction (of default judgment) is that it would provide “a windfall for some if it were granted in total.” Instead, the Court found that an award of attorney fees will serve as a “proper sanction,” thereby making Plaintiffs “somewhat whole for all of the time that was essentially wasted in conducting discovery and trying this matter without all the facts that should have been made known to them.”

The defense offered by the Defendants for this finding of “negligence or malfeasance” for eDiscovery practices?  Electronic Discovery is a lengthy, cumbersome, and complex process involving the identification and sharing of thousands and thousands of documents. Thus, excluding a few select documents from this “herculean” effort should be excused as mere oversight.

The court disagreed, stating that despite “ongoing litigation, Defendants had apparently made no efforts to segregate the items that were properly responsive to discovery. This fact could also conceivably explain why Defendants’ in-trial production resulted in numerous documents being produced that had never been previously produced in more than six years of litigation.” The court went on to say that “simple neglect would be the kindest interpretation available for Defendants’ conduct. In reality, in less than 24 hours following the Court’s demand to produce documents, Defendants were suddenly able to locate and produce documents directly responsive to years-old discovery requests. The Court must now determine what sanction, if any, in addition to a mistrial, is appropriate in this matter.”

The sanctions additional to mistrial took the form of over $300,000 in attorneys fees.  Judge Adams also ordered further discovery (with costs to be borne by Defendants). The full opinion was filed on May 22, 2013 and can be found here.

———-
Please see the disclaimer associated with content published on (and associated with) this site.

Regulator Fines Financial Services Company $9 Million for Email Spoliation…

The Financial Industry Regulatory Authority (“FINRA”) announced last week that it had levied fines against LPL Financial LLC (“LPL”) to the tune of $7.5 million for thirty five “separate, significant email system failures, which prevented LPL from accessing hundreds of millions of emails and reviewing tens of millions of other emails.”  FINRA also determined that LPL had made “material misstatements” during FINRA’s inquiry into the email failures, resulting in the establishment of a $1.5 million fund “to compensate brokerage customer claimants potentially affected by its failure to produce email.”

While this is technically not a spoliation sanction, which can only be issued by a court, it is nonetheless what those in the eDiscovery arena recognize as punishment for the failure to preserve relevant evidence.  FINRA’s Chief of Enforcement said that LPL simply failed to “expand its compliance and technology infrastructure” as LPL grew.  This resulted in LPL failing “in its responsibility to provide complete responses to regulatory and other requests for emails.”

To be clear, FINRA felt that these failures were both systemic and severe.  To illustrate just a few of the thirty five enumerated failures, see just a few examples below.

• LPL failed to supervise 28 million “doing business as” (DBA) emails sent/received by thousands of representatives who were operating as independent contractors over a four-year period.
• LPL failed to maintain access to hundreds of millions of emails during a transition to a less expensive email archive (with 80 million of those emails becoming corrupted in the process).
• For seven years, LPL failed to preserve and review 3.5 million Bloomberg messages, as required by regulation.
• LPL failed to preserve emails sent to customers via third-party email-based advertising platforms.

The Chief of Enforcement sums this up in a rather pithy statement: “This case sends a strong message to firms to make sure your business does not outgrow your compliance systems.”  Indeed…message received.

For more on FINRA’s consent announcement, please click here. To read the actual consent agreement, please click here.

Please see the disclaimer associated with content published on (and associated with) this site.

Laptop stolen from employee vehicle = 20 years of FTC Audits for Employer…

The news of data breaches has certainly become maddeningly commonplace in recent years.  Many industries have been slow to adopt even the most rudimentary controls about securing media that is highly portable, such as thumb drives, laptops, mobile devices, and the like.

Perhaps as antidote to that tardy adoption, the Federal Trade Commission (“FTC”) recently announced a settlement with a leading cord blood bank, related to claims that it failed to protect the security of customers’ personal information.  Moreover, the settlement stipulates that this cord blood bank’s inadequate security practices contributed to a breach that exposed the Social Security and financial information of nearly 300,000 consumers.

The FTC claims arose from an incident in December 2010, in which laptops, backup tapes, and other storage media were stolen from an employee’s personal vehicle.  The catch?  None of these storage media were encrypted in any fashion.

This lack of encryption appears to be the linchpin consideration in the FTC’s analysis of culpability.  The cord blood bank must now submit to an annual certification (by an external party) for the next twenty years.  This enforcement action by the FTC will undoubtedly raise the awareness of organizations slow to adopt the perspective that there is wisdom in having policies and procedures in place to safeguard sensitive data.  While these policies and procedures might — and perhaps ought to — vary from industry to industry, certain basics will likely be adopted over time, and I suspect that encryption will rise in adoption as a safeguard even more rapidly than it has in recent years.

For more on the FTC’s settlement announcement, please click here.

Please see the disclaimer associated with content published on (and associated with) this site.

Panel of Experts @ NACDL White Collar Criminal Defense College…

Described as a practitioner’s “boot-camp” program for those “wishing to gain key advocacy skills and learn substantive white collar law. The program will cover client retention, investigation in a white collar case, handling searches and grand jury subpoenas, and dealing with parallel proceedings. Participants will have the experience of negotiating a plea, making proffers, and examining which experts to hire and how to protect the client in this process. Interactive sessions with top white collar practitioners will allow the participants to learn trial skills such as opening statements, cross-examination, jury instructions, closing arguments, and sentencing – all in the context of a white collar matter.”

ForensicUpdate editor, Johnny Lee, will participate in a panel discussion on Saturday, January 11th about engaging experts and lessons learned from the trenches.  Please click here for more details.

Please see the disclaimer associated with content published on (and associated with) this site.