All Relevant Employee ESI Must Be Disclosed

Posted by Gregg Mayer on Friday, April 18th, 2008   

As recently discussed on CIOLaw.org , when a litigation hold is triggered, it affects not only the email of a CEO of a company, but also all of the email and other ESI for relevant employees.

This same principle holds true for initial disclosures of ESI at the forefront of litigation, as discussed in the 2007 case of Metro Wastewater Reclamation District v. Alfa Laval, Inc.

In this case, Alfa wanted to see all of the electronic files related to the plaintiff’s employees who worked on a project related to the litigation. The plaintiff complained that the request was “irrelevant, overly broad, overly burdensome, and costly.” In other words, not every employees’ ESI was necessary.

The court disagreed and required the disclosure of all the employees’ ESI. The Federal Rules of Civil Procedure favor a broad discovery of information, the court noted.

Consequently, not only did the plaintiff have to disclose all of the employees’ ESI, it had to pay for its retrieval. This can be a costly venture for an ill-prepared company.

Law Firm Sanctioned For Email Spoliation

Posted by Gregg Mayer on Friday, April 18th, 2008   

In a recent court opinion from a sexual harassment lawsuit in Illinois, a judge recently entered sanctions against a law firm for failing to preserve email from one its partners.

The case, Wells v. Berger, Newmark & Fenchel, involved explicit email that one of the law firm’s partners allegedly sent to Wells, a paralegal at the firm. The email would have been relevant to Wells’ claims.

The firm was notified about Wells’ allegations in December 2005. However, the firm took no steps to preserve the partner’s computer – or any email sent from it – until the spring of 2007. Consequently, an unknown number of email messages were lost.

[The law firm partner] testified that he deleted all emails with sexual images on them. When [the partner’s] hard drive was finally searched, it yielded very little, and [the] computer consultant attested he could not determine how many files were permanently lost.

The law firm tried to argue it did not have a duty to preserve the email. The court flatly refuted this argument, noting the initial investigation of Wells’ allegations by the Illinois Department of Human Rights specifically made specific mention of the offensive email messages in 2005.

Consequently, the court said it will read a statement to the jury that the law firm failed to preserve the email. Moreover, the law firm will be prohibited at trial from arguing that the absence of explicit email supports its argument that there was no harassment.

Courts consider it a serious problem when parties fail to preserve ESI after a litigation hold is in place. As a result, sanctions are often forthcoming. CIOs should always discuss with legal counsel any issues that may arise about a duty to preserve in order to avoid sanctions in subsequent litigation.

Carefully Choose Search Protocol In Litigation

Posted by Gregg Mayer on Wednesday, April 16th, 2008   

A recent decision by an Illinois federal magistrate highlights the importance of carefully identifying keywords when searching through electronically stored information (“ESI”) for litigation.

In Autotech Technologies Ltd v. AutomationDirect.Com, Inc., ADC sought ESI related to customer communications from Autotech. After an initial dispute, the parties agreed ADC could use a third-party consultant to search the database. ADC crafted the keyword protocol.

After this search, the results produced approximately 10,000 pages. Autotech wanted ADC to come to its headquarters to review the documents. ADC wanted Autotech to produce everything under a clawback agreement – an agreement that provided Autotech could “clawback” any ESI it determined was not relevant after it was produced.

Unable to resolve the dispute, the parties went back to court. The magistrate ordered Autotech to disclose the 10,000 pages.

After the first review, ADC determined the 10,000 pages did not contain all of the information it wanted. For example, the information did not include the name of the Autotech representative who talked to each customer.

So the parties are back in court, with ADC asking that its consultant be allowed another crack at Autotech’s database.

Autotech countered that it followed ADC’s keyword protocol during the first search. Consequently, the results reflected what ADC asked for.

ADC wanted to sanction Autotech for failing to disclose all of the relevant ESI.

In a March 25 opinion, the magistrate determined that ADC’s consultant could redo the original search to determine if some documents were excluded; however, the consultant could not do a “free-ranging search of the database to determine whether a different protocol will yield the information that ADC now seeks.”

As a result, if ADC’s initial keyword searches were deficient, then they are stuck with the responses. During litigation, the CIO and e-Discovery team must ensure the search of another side’s ESI is comprehensive. As ADC may learn the hard way, if the first search fails, there may not be a second chance.

Court Orders Inspection Of Hard Drive After Delays In ESI Disclosures

Posted by Gregg Mayer on Monday, April 14th, 2008   

In a March 26 opinion, a Florida federal magistrate ordered a plaintiff to open up the computer hard drives of various employees so that the defendant could search for responsive email and other electronically stored information (“ESI”).

The plaintiff was also ordered to pay the attorney fees for the various motions to compel that the defendant had to file before being granted access to the hard drives.

Since this is a case where the court had to intervene and order the defendant to open up certain computer hard drives, this case will likely be one of the more important e-Discovery decisions of early 2008.

In U&I Corporation v. Advanced Medical Design, Korean-based U&I filed a breach of contract case in October 2006 against American Medical for failing to pay a balance due for medical equipment. As part of the litigation, both sides sought various ESI, including email sent by U&I employees.

After some haggling over what ESI should be disclosed, U&I belatedly acknowledged that it could not retrieve email from 2004. U&I explained that a “failure of the hard drive caused the 2004 e-mail account to be ‘unloadable’ or unretrievable.” U&I agreed to produce email from 2003, 2005, 2006 and 2007.

However, American Medical discovered that not all of the 2005 and 2006 email was produced because when American Medical subpoenaed a third-party company, that company disclosed various email messages from U&I employees that U&I never disclosed.

In short, American Medical argued that U&I delayed in telling American Medical that its 2004 email was not recoverable, and it failed to disclose all of the email from 2005 and 2006. American Medical sought sanctions.

In response, U&I argued that – despite another company’s production of some email that U&I did not disclose – there was no evidence that U&I deliberately withheld ESI. U&I also noted it disclosed approximately 14,500 documents. In addition, U&I threw out a host of other excuses for failing to disclose all of its ESI, including “language barriers of its employees” and “confusion.”

In weighing the arguments, the court sided with American Medical.

U&I’s assertion that the delay in providing documents to American Medical was caused by the international travel requirements of its employees, server and software problems, confusion, language barriers of its employees and the lack of understanding of the American legal system does not excuse U&I’s tardy and incomplete responses. After all, U&I was the party which filed this lawsuit…At the outset of the litigation, U&I and its counsel had the responsibility to take affirmative steps to ensure that all sources of discoverable information were identified, searched, and reviewed so that complete and timely responses to discovery requests could be provided.

It is not the court’s role, nor that of opposing counsel, to drag a party kicking and screaming through the discovery process. U&I has failed to show substantial justification for its failure and unwillingness to abide by discovery rules and the court’s prior orders…

Consequently, the court ordered U&I to pay American Medical’s attorney fees for bringing the motion to compel. Moreover, the court ordered that American Medical be allowed to inspect the hard drives of certain U&I employees in search for responsive ESI. A forensic examiner would conduct the search.

U&I highlights the importance of maintaining a strong archiving system. When doubts are raised about whether a company has disclosed all of the relevant ESI, then courts are likely to step in and let the opposing side take a look for themselves.

Archiving The Internet – One Snapshot At A Time

Posted by Gregg Mayer on Friday, April 11th, 2008   

CIOs undoubtedly have a difficult job – managing a companywide ESI archive in a demanding e-Discovery world.

Now imagine having to archive everything on the Internet. Of course, no one can do it. But a multiplicity of Websites around the world are trying the next best thing:

By virtue of its shear enormity and its warp-speed evolution, the task of archiving the internet in its entirety is clearly impossible, like trying to catalog every grain of sand on the world’s beaches. But as it is easy to take a photograph of a beach, it also is possible to grab snapshots of the internet, or specific portions of it, to preserve for future generations.
And that’s exactly what researchers at the Internet Archive, the Library of Congress, the National Archives and libraries worldwide are working on.

There have been some remarkable strides already, starting with the Mountain View, Calif.-based Internet Archive and its Wayback Machine, where its creator hopes to build a sort of second coming of the Library of Alexandria, the long-ago destroyed institution that housed much of the ancient world’s recorded knowledge.

The project has archived some 85 billion web pages on computers that measure data in unfathomably large quantities called petabytes.

One petabyte, by the way, is the equivalent of approximately 20,000 personal computers with 50-gigabyte hard drives. It’s a lot of stuff.

Read the rest of this fun article here in The Star Ledger.

Purposeful Email Deletion Results In Sanctions and Scolding

Posted by Gregg Mayer on Friday, April 11th, 2008   

When email is subpoenaed under the Federal Rules of Civil Procedure, the last thing an individual should do is delete the email and hope the whole mess goes away.

Nevertheless, that’s apparently what a former Texas district attorney did when he was subpoenaed for email from his office. As a result, the court on March 28 held the former DA in contempt, fining him and calling all of his excuses “implausible.”

The case, In re Rosenthal, stems from a civil rights lawsuit in Texas. As part of the case, the plaintiffs sought email communications from Harris County District Attorney Charles Rosenthal to the Harris County Sheriff, among other officials.

At first, the county officials said they “fully complied” with the email request, noting of the 12,785 email messages retrieved during a search, only 61 were relevant to the case.

After more wrangling over what should be disclosed, the plaintiffs argued that not only did the county delay in producing email, but that Rosenthal purposely deleted 2,500 email messages that could no longer be recovered. Astonishingly, Rosenthal acknowledged he did delete the email after he was on notice to preserve the messages:

The respondents admit that Rosenthal deleted e-mails that were the subject of the October 31 subpoena. However, they argue that he did not delete or attempt to delete all e-mails responsive to that subpoena. Rosenthal also asserts that he did not act in concert with the other respondents or seek help from anyone in deleting his e-mails. He contends that at the time that he deleted his e-mails, he believed them to be available for an indefinite period of time on back-up tapes maintained by Harris County Information Systems personnel. Further, Rosenthal contends that he committed error by deleting the e-mails only because he assumed that his counsel…had also printed a hard copy of each email.

The court almost seemed baffled by the blatant disregard of court rules.

At the outset, it is important to note that Rosenthal was familiar with the rules governing the discovery process…Indeed, during the relevant period, he was the District Attorney of Harris County, Texas with more than 40 years of legal experience.

Rosenthal offered a host of hollow excuses: (1) thought there were existing hard copies, (2) thought they were permanently stored in the network’s back-up tapes, (3) wanted to reduce the “large volume of email visible” on his desktop, (4) wanted to be more efficient at work, and (5) wanted to free up memory space.

The court responded:

There is no evidence that Rosenthal’s computer memory space was threatened by additional e-mails or that, in fact, it was short of space. Hence, these reasons – all implausible inconsistencies – defy the law of common sense…This conduct reveals a man confident in his status, entrenched in his brand of law. He would not or could not acknowledge an authority beyond himself. And, like the County Attorneys who appeared earlier in this case, Rosenthal reposes in the idolatry of their own perverted wisdom.

Ultimately, the court held Rosenthal in contempt and monetarily sanctioned him. The court also sanctioned Rosenthal’s attorney representing him in the lawsuit, describing the attorney’s conduct “unprincipled and dilatory, at best, constituting a deliberate indifference” to the court’s orders.

Time and again on CIOLaw.org, we’ve highlighted the dumb ways individuals try to outsmart the court system by deleting – or similarly throwing away – ESI. It never works.

CIOs should ensure they have an archiving system that reliably and effectively stores email and other ESI. Moreover, the system has to preclude rogue activity by end-users who may think it is better to delete email messages that they should preserve. It always backfires, even against former district attorneys.

Read another short post about this case and the court order itself at the terrific “ride the lightning” blog.

Finding ESI Search Efforts Unclear, Court Requires More Discovery

Posted by Gregg Mayer on Friday, April 4th, 2008   

Under the Federal Rules of Civil Procedure (“FRCP”), parties must disclose relevant electronically stored information (“ESI”) unless that ESI is not reasonably accessible. In order to take advantage of this exception, a party has to be able to document the search protocol it implemented and why some sources are not reasonably accessible.

In short, a court has to know exactly what has been searched and what has not. Moreover, the court has to agree there are good reasons that the ESI is not reasonably accessible.

If any of ESI-search information is unclear, then the court will require further discovery, as a federal magistrate in New York recently did in Baker v. Gerould.

In a March 27 opinion, the court expressed frustration with the lack of information presented by defendants on the efforts to retrieve ESI:

As noted by this Court during oral argument, insufficient information had been presented at that time to determine the adequacy of defendants’ search for the requested emails from accessible sources. Regrettably, the record is no more fully developed now than it was then. Although it is clear that some email communications have been turned over, the source or sources of those communications is not clear. For example, it is unknown whether those emails were recovered from existing hard drives, backup hard drives or traditional files used to maintain paper records. It is likewise unknown whether computer and/or paper files have been searched for all defendants, some of whom are no longer employed…but some of whom are.

Consequently, the court ordered the defendants to identify in writing all of the people who conducted the search. Following those identifications, the plaintiff would be allowed to depose those individuals to investigate the search. After all of that, then the court could determine whether the defendants properly responded to the ESI requests or whether more ESI – including restoration of backup tapes – was necessary.

Equally important to cost-effective retrieval of ESI is the ability to document exactly the steps taken during an ESI search and to sufficiently offer valid reasons why some ESI is not reasonably accessible.

New Article Explores Metadata

Posted by Gregg Mayer on Friday, April 4th, 2008   

A newly published article offers a comprehensive examination of metadata. The article offers insight into different types of metadata, and discusses case law about it used in court. The article even addresses the first important metadata case:

Perhaps the first case to appreciate the importance of metadata was [the 1993 case of] Armstrong v. Executive Office of the President. In Armstrong, the court decided that paper copies of electronic mail did not qualify as an “extra copy” for purposes of the Federal Records Act, which would allow the originals to be destroyed, “because important information present in the email system, such as who sent a document, who received it, and when that person received it, will not always appear on the computer screen and so will not be preserved on the paper print-out.” Although not explicitly referring to this type of information as “metadata,” the Armstrong court clearly recognized that its value warranted preservation.

Read the entire article in the Richmond Journal of Law and Technology here.

Suspicious Email Results In Dismissal Of Employee’s Claims

Posted by Gregg Mayer on Thursday, April 3rd, 2008   

In an employment discrimination lawsuit in New York, a printed-out copy of an alleged “smoking gun” email message took center stage when its authenticity was called into doubt.

The case, Bell v. Rochester Gas & Electric Corp., involves Bell’s claim that he was illegally fired from the company Energetix because of his race. As part of his proof, Bell provided the court with an alleged hard copy of an email message. The hard copy was allegedly found either “weeks or months” after Bell’s termination by another employee within a stack of recently printed papers.

The email, purportedly written by Bell’s supervisor to another supervisor, contained racist statements about Bell’s firing. The supervisors denied ever writing or receiving the email. Energetix investigated the alleged email, as described in the March 26 court opinion:

Energetix conducted an internal investigation to determine whether [the email] had originated there. After a search [of the supervisors’] hard drives gave no indication that the message had ever been sent, received, stored, deleted or printed from their e-mail files, Energetix retained the services [of an outside vendor] to restore backup tapes of its e-mail server and search for electronic copies of the message between April 2002 and December 2002.

Again, nothing turned up. Energetix then hired another vendor to analyze the hard drives of the supervisors.

Despite these efforts, neither Energetix nor the two outside firms were able to find any evidence that the purported e-mail was ever written, sent, received or printed…

Bell argued that the email, which was marked as sent on May 21, 2002, was completely obliterated from the company’s servers before the implementation of backup tapes on June 2, 2002.

In a Sherlock Holmes-twist of logic, the court rejected Bell’s argument:

[O]ne need not be an expert in the field of computer forensics to recognize that if the e-mail had been sent by [one supervisor] on May 21, 2002 but deleted and overwritten at some point within the next twelve days to eradicate any trace of its existence such that it would not appear on any of the named defendants’ hard drives or Energetix’s daily backup tape for June 2, 2002, it would have been impossible…to have printed it…weeks or months after May 21, 2002, when [the other employee] allegedly discovered it, commingled with papers she had just printed and removed from a copier the previous day.

Taking all of the evidence as a whole, including evidence that Bell tampered with Energetix’s computer systems over billing, the court ruled there was sufficient evidence that Energetix fired Bell for non-discriminatory reasons. It dismissed Bell’s claims.

Although the court never directly called Bell’s email a fraud, it did note the ease with which email messages can be faked:

It is undisputed that e-mail messages can be easily fabricated, and a host of websites offer software and instructions for creating and/or sending faux e-mails…As such, a practical understanding of the available technology, both with respect to the fabrication of e-mails, and their preservation through electronic data, dictates that authentication of a printout as the hardcopy of a bona fide e-mail message now requires something more than a bar conclusion that the printout ‘appears to be’ an e-mail message.

Obviously, companies that have implemented effective and objective archiving systems have little fear of forged email messages since they can easily detect which email messages were sent or received within the system.

New Opinion Illustrates How Quickly ESI Issues May Proceed in Court

Posted by Gregg Mayer on Wednesday, April 2nd, 2008   

In a court opinion from March, a federal magistrate ordered an expedited forensic imaging of computers relevant to the litigation. In fact, within two days of the March 17 order, the computer servers and other electronic storage devices, including one employee’s laptop, were to be made available to a forensic examiner to make mirror images of the devices.

In the case, XPEL Technologies Corp. v. American Filter Film Distributors, XPEL worried that electronically stored information (“ESI”) could be altered or destroyed just by the day-to-day activities of the defendants’ computer use unless an expedited order permitted an immediate imaging of the computers. XPEL believes most of the relevant ESI was in metadata and other deleted – but still retrievable – files.

The court agreed to expedite the imaging, and it named a forensic examiner to move quickly to copy the servers. In addition, the court ordered that XPEL would pay for the costs of the forensic examiner, explaining:

The forensic images shall be copied and retained by the Forensic Examiner until such time the court or both parties request the destruction of the forensic image files.

The Forensic Examiner will maintain all mirrored images and do so in the strictest confidence, and not disclose any information obtained to unauthorized persons.

With this case as persuasive precedent, parties may more frequently seek to immediately make mirror images of opponents’ servers.

« Previous Entries