ESI and E-discovery
- Legal Counsel & curbstone Advice
- Crisis Management
- Trials & Litigation
- Technological competence: Ethical obligation
- Cyberlaw primer I. Cyber-risk
- Cyberlaw primer II. Cybersecurity
- Cyberthreats and Cybersecurity
- Are you aghast over hacks at “top” law firms?
- Due diligence and cyber risk
- Negligence liability for datasecurity breaches
- breach logs
- Email is a hacker portal
- Cyberinsurance coverage terms
- Cyberinsurance and the SAFETY Act
- Data analytics, bribery and corruption
An introduction to ESI and E discovery
You create ESI — Electronically stored information — every time you log on to your desktop computer, laptop, tablet or smart phone regardless of whether you enter information or merely read e-mail or search the web.
ESI can be found in many places and appears in many forms limited only by the ingenuity of software engineers and marketing efforts of the companies offering “solutions” to complex problems through computers.
E-discovery is all about ESI
ESI is more than just e-mail and social media. It is the content of every other form of electronic communication used today and those which have not yet become commercially available but soon will be. Attorneys must always remember that the “e” in E-discovery as in e-mail really means “evidence!”
Just a few preliminary questions
You do have the security features enabled on your mobile devices, don’t you?
A login using some kind of password or code is required, isn’t it?
Your passwords are complex and secure, aren’t they?
Cybersecurity considerations are always on your mind whenever you access the World Wide Web (www), a network, or open your device to the Internet, aren’t they?
E-discovery a critical area of cyberlaw today
The modern era in E-discovery began in 2003 when Laura Zubulake was awarded $29.3 million due to an “adverse inference” instruction. New York Courts and most of the federal courts throughout the United States follow the Zubulake rules.
Laura Zubulake, filed suit against her former employer UBS Warburg, alleging gender discrimination, failure to promote, and retaliation. The rulings by United States District Court Judge Shira Scheindlin in Zubulake v. UBS Warburg, are the most often cited in the area of electronic discovery even though they were issued prior to the 2006 amendments to the Federal Rules of Civil Procedure. They are commonly known as Zubulake I, 217 F.R.D. 309 (S.D.N.Y. 2003); Zubulake III, 216 F.R.D. 280 (S.D.N.Y. 2003); Zubulake IV, 220 F.R.D. 212 (S.D.N.Y. 2003); and Zubulake V, 2004 WL 1620866 (S.D.N.Y. July 20, 2004). Judge Scheindlin’s opinions in Zubulake, including definitions of accessible and inaccessible data, the seven factor balance test for cost shifting and definition of counsel’s obligation for preserving data, have been referenced in numerous cases since then.
E-discovery is expensive and it can quickly become very expensive
If you represent a business, an individual engaged in business, or a not-for-profit organization, any of which use computers of any kind, including smart phones and tablets, you must advise your clients that they have a duty to protect and, to a limited extent, preserve ESI.
One of the most important cyberlaw obligations of any attorney is to advise their clients to establish, maintain, and rigorously monitor a formal document retention and destruction schedule.
Without it, your clients may face almost unlimited costs for ESI production during e-discovery when they eventually become involved in any kind of litigation.
There is actually a generally accepted “Electronic Discovery Reference Model.”
Privacy and privilege
In 2006, Rule 16 and Rule 26 of the Federal Rules of Civil Procedure were amended to specifically include ESI, and the more recent amendments of December 2015 further address ESI issues and underline their importance in modern litigation.
The Courts are moving towards a position that there can be no expectation of privacy associated with unencrypted electronic data. The controversy between the FBI and Apple Computer over a password-protected iPhone indicates that from the perspective of law enforcement, no electronic communication or ESI is “private” and may have to be produced on demand. The other federal alphabet agencies to more such as SEC, EPA, and OSHA are not far behind.
Although electronic communications and ESI may not be private, they may be subject to assertion of a privilege particularly where attorneys are parties to the communication or responsible for creation of the ESI. Fortunately, Rule 502 of the Federal Rules of Evidence provides some protection of attorney client privilege in cases of inadvertent disclosure during litigation.
Attorneys are expected to be aware of the information that will eventually be extracted from the metadata associated with ESI, particularly that contained in their own electronic communications. Metadata is essentially the “DNA” of ESI and can be used exactly the way DNA evidence is used in modern forensics and crime scene investigation.
Litigation holds and litigation hold letters
There is a great deal of controversy today over “litigation holds” and “litigation hold letters.” Caution dictates, however, even in the absence of any presently recognized potential for litigation, every attorney, regardless of their area of practice, should routinely issue the equivalent of a “litigation hold letter” to their clients.
The general litigation hold letter — before any actual litigation is contemplated or has commenced — alerts your clients to their need to observe cybersecurity “best practices” and protect ESI in accordance with a written data preservation, retention, and destruction policy.
A general litigation hold letter is nothing more than a written directive for the preservation of ESI. It really has nothing to do with actual litigation; but everything to do with ESI.
You should send a general litigation hold letter to each of your clients who use the Internet in the regular course of business or who conduct electronic communications of any kind in any form on any device with clients and customers.
You should also send general litigation hold letter reminders to your clients on a regular basis every 3 to 4 months.
When is a litigation hold letter required?
Not only must an attorney issue a litigation hold letter as soon as their client receives notice of pending litigation, but also as soon as their client anticipates becoming involved in litigation whether as a plaintiff, defendant or material third party.
The litigation hold letter must explain to the client what kind of information must be preserved, how long it must be preserved and emphasize the need for the client to immediately establish a document retention policy and a document destruction schedule if such programs are not already in place, as they should be.
The attorney who prepares a litigation hold letter should make sure that the client confirms that the letter was received and understood. It is wise and prudent to post the client case file with a detailed memorandum of the circumstances surrounding delivery and discussion of the litigation hold letter with the client.
This is also the time for attorneys to advise their clients to create an inventory management and tracking program for all electronic devices used by or on behalf of their business, even copiers, printers and scanners, all of which contain discoverable ESI.
A few other routine litigation hold practices
Attorneys should regularly inquire of their clients whether they anticipate undertaking any litigation or whether they are aware of any threats of litigation to which they may become a party. In either case, a follow-up litigation hold letter specific to the potential litigation is required.
The general litigation hold letter should advise your client about dealing with ESI which may have been created or handled by employees who have left or are about to leave the client. This is particularly important if an employee is about to be terminated or has just recently been terminated.
Attorneys should advise their clients to notify them immediately if there are any changes in their IT management. This is particularly important with smaller clients who rely upon third-party IT vendors. If there is a change in IT management at the client, it is important for the attorney to address a litigation hold letter to the new IT manager and discuss the subject with them as soon as possible.
For any attorney representing a business entity or not-for-profit organization on an ongoing basis, the client file should contain a “cyberlaw” section organized according to a checklist of cyberlaw issues.
Attorneys must understand that litigation hold letters may not be privileged and may be “discovered” during the course of actual litigation.
E- discovery issues during litigation
E-discovery issues arise as soon as litigation is contemplated or filed whether your client is a plaintiff or defendant. Litigation hold notices must be served quickly and certainly prior to the first scheduled pretrial conference.
The issues of ESI production format, cost shifting, and protective orders should be raised at the initial pretrial conference and made a part of any scheduling order. ESI production format often irrevocably determines the overall cost of E-discovery you.
Under the revised Federal Rules of Civil Procedure, judges have extraordinary power and almost unlimited discretion in directing the course of discovery and under Rule 37, can impose substantial sanctions against any party who fails to obey their E-discovery orders.
A non-party has standing to seek a protective order or ask that the party demanding production of ESI pay the entire cost of ESI production.
(to be continued)
This article appeared in the May 2016 issue of “An Introduction to ESI and E-discovery”, The Suffolk Lawyer, www.scba.org, Vol 31 No. 10, June 2016, pp. 19, 26