Ready, Set, Litigate!

Businessman on Start Line of Running Tract --- Image by © Royalty-Free/CorbisLitigation readiness.  What does that mean?  Sure, I can state clearly that it means you’re ready to respond to a litigation hold; maybe “prepared” would be a better word.  What about everything that follows?  How ready are you?

I break it up into five possible scenarios:

  1. No lawsuit in sight, but you want to be ready for the future
  2. Plaintiff – you sue someone
  3. Defendant – someone sues you
  4. Internal – Plaintiff and Defendant are within the same organization (e.g. employee suing employer or vice versa)
  5. Third Party – you’re drawn into a complaint between other parties (e.g. impleader)

How do you get the conversation started when there are so many reasons to put it off?

  • “I don’t know what the big deal about ESI is.”
  • “We don’t have it in the budget.”
  • “We don’t have time to deal with it right now – try again next cycle.”
  • “We’ll deal with it if and when a problem arises.”

Fortunately, most of us recognize that if one waits until an issue arises, it’s already too late.  Receiving a subpoena is not an ideal time to find out that you can’t comply.  It’s also a short-sighted view.  You may need your own ESI to bolster your case, no matter what side of the action you’re sitting on.  Perhaps that’s the argument to make when attempting to motivate management to act.

If that doesn’t work, there’s always the fact that trying to do anything in a piecemeal fashion results in much higher cost.  And if that doesn’t work, management needs to understand that they have duties to uphold – and it’s very easy to violate them when you’re not aware of the rules (oh, and the court won’t necessarily absolve you for being ignorant of the rules – there is a presumed level of competence).

Litigation isn’t just segregated to a small portion of a company.  It requires activating resources from all over the enterprise; HR, IT, Legal (internal and external), Management, etc.  Ever tried getting all of these parties in a room for a meeting?  I have.  Depending on what everyone has on their plate at that particular moment in time, it can take weeks!

Do you really want to be dealing with this at the last minute?  What about e-discovery software?  What
about storage?  Who will review the ESI?  What about your adversary?  Do you have the expertise to know that they’re complying with your ESI requests in good faith?  Who will oversee all of this?

3D Rendering. Very high resolution available! Use it for Your own composings!

The problem with this discipline is that it’s hard to know what questions to ask unless everyone who has a hand in the process is in the same room.  It’s like smashing the atom.  One question generates a whole host of other questions and before you know it, you’ve opened Pandora’s Box.

Start with question #1 – who belongs in the room?

If you have policies in place, everyone knows their responsibilities.  When a litigation hold is issued, duties are already pre-defined.  This is critical, because when they say “hold”, they mean “hold“.

Will your response be more like The A-Team, or the Keystone Cops?

Businessman Crossing the Finish Line --- Image by © Royalty-Free/Corbis

I Can’t Really go to Jail over this…Can I?

As sanctions mount for those who have run afoul of the new e-discovery rules, debate is raging about criminal liability.  To some, the threat is very real.  They recommend extreme caution.  To others, it’s nothing more than a scare tactic.  They say the threat of incurring criminal liability over an e-discovery issue is slim to none.

Who is right?

I’ve neglected to link articles from both sides of the debate.  The reason; it’s not my place to criticize the writers – they make very strong arguments, for and against.  It just so happens that, in my opinion, the answer is somewhere in between.  Perhaps the reason many people think that criminal liability
is unlikely to attach flows from the possibility that they’re not thinking broadly enough.  In other words, they’re not taking into account who might be ensnared in the e-discovery net.

ca. 1990s --- Cat Staring at Goldfish --- Image by © Aaron Horowitz/CORBIS

The logic works in reverse.  The higher up in the e-discovery food chain you are, the more likely you’ll be eaten.  The small fry aren’t likely to get themselves in trouble, barring egregious conduct of some sort.  The standard of what would rise to the level of a criminal act may be high – but the liability exists.  So, who should be looking over their shoulder?

The White House (possibly violating the Federal Records Act), A former Broadcom Corporation executive (accused of obstruction of justice) and former Credit Suisse First Boston investment banker Frank Quattrone (also accused of obstruction and witness tampering) who endured a four-year ordeal for encouraging his employees to essentially ‘clean up those files’.

And the lawyers?  Six of them were referred to the State Bar of California for possible ethical violations in the Qualcomm v. Broadcom case.  A crime?  No, but facing various penalties up to and including disbarment, my guess is it feels like a crime to them.

If you reviewed the links, you’ll note that I’m not necessarily
concerned with whether the principal was convicted of – or plead guilty to –
committing a crime.  It’s scary enough just reading what actually happened – or could happen.

We’ve all heard the term, “Ignorance of the law is no excuse.”  That rule-of-thumb applies to e-discovery also.  One can commit a crime without realizing it.

j0387725If you’re a tech, and the boss tells you to delete data – and you simply follow his orders – if he instructed you in order to hide wrongdoing, he’s likely to be in trouble, but what about you?  If the facts are as stated, probably not.  But what if your company has an ESI policy, your boss’ instruction violates that policy, you know this, but you do it anyway?  Did you just become an accomplice to a crime?  Will the common explanation, “I was just following orders” get you off the hook?

Obviously, we’re not taking a crash-course on criminal law today.  There are so many hypothetical scenarios that could occur, with so many different facts that it would be impossible – and irresponsible on my part – to attempt to tackle all of them in a blawg post.

What I endeavor to do is to impress upon you that a snap decision that didn’t make you think twice in the past could burn you in the future.  ESI for it’s own sake doesn’t normally make one think of crimes.  But now, we’ve entered a new arena.  The law is involved, and if data “goes missing” in this context, your adversary – or the court – may infer that something fishy is going on.

Is it worth the time, expense, stress, loss of reputation and threat of incarceration?  The outcome is beside the point.  Even if you’re exonerated, where do you go to get your lost time, money and reputation back?

e-Mail – Death, Taxes & Send

Time FliesWhat do these three things have in common?  They’re inevitable.

The ABA Journal published an article about things you should never put in an e-mail.  As usual, the article spawned a lot of interesting comments and I was more fascinated with a couple of them than with the story itself.

First, many people couldn’t understand how a rational person – who would never write the same thing in an actual letter – would do so in an e-mail.  Second, a few lambasted the authors for providing a method to “evade the law”.  Third, and I admit I’ve used this example, it was suggested that one should never send an e-mail that they wouldn’t want their mother to see.  Based on some of the expletive-laced e-mails I’ve received in my career, I sure wish the senders had run them by their mothers…

There’s a reason we have anti-theft devices for our homes and cars.  They’re preventative measures.  Not only are they a hindrance, but in some instances, they give people time to think about what they’re doing.

If we really want to address where the process breaks down, there’s only one place to look; time.  Time to reflect.  Time to calm down.  Time to reason.  In the olden days, someone had to take care to craft a letter.  They had to address the envelope.  They had to put a stamp on it.  Then, they probably had to walk or drive somewhere to put it into a mailbox.  Now, all we have to do is type our stream of consciousness as quickly as we can – limited only by how many wpm we can produce – then press SEND.

I type 70wpm.  If only someone would invent the anti-send device…

j0405010 We’re victims of ease and efficiency.  Here’s my scientific view.  The easier something is – and by default, the more efficient it is – is directly proportional to our ability to screw it up!  We’re under so much time pressure and it’s so easy to use, do we really need to proof-read or check for content?  Nah, just send it now and worry about following-up later.

I also take issue with the attitude that giving someone essentially what amounts to an e-mail ‘Dos & Don’ts’ list is somehow equivalent to assisting in the commission of dishonest or illegal acts.  That’s quite a leap.

Whenever a discussion takes place, some may use the information gleaned from it for nefarious purposes.  Does that end the debate?  Teaching a class how to properly use a gun doesn’t automatically make them murderers (although, if you had reason to know that one of them might become one, that’s a different story).

There are many legitimate, legal and appropriate reasons to include details in e-mails and conversely, to leave them out.  For example, if you were seeking advice from your attorney, privilege would attach.  What difference should it make if it’s a face-to-face conversation or by email?

Unfortunately, it does make a difference.

It’s fine that you addressed confidential information to exactly the
right person.  The problem is that email can be intercepted and/or forwarded, with dire consequences.

Companies have e-mail policies for this very reason.  People will always put stupid, embarrassing or inappropriate things in messages; we don’t need to address that here.  The open question is, when does an e-mail cross the threshold from being simply inappropriate to becoming actionable.

A little more thought before you hit the send button may help you avoid a different threshold; the threshold of pain.

e-Discovery Ahead – Watch for Falling Rock!

“Real Men don’t ask for Directions.”
— Bumper Sticker

QuicheNo, I’m not being sexist.  Anyone who remembers this classic from the 1980s knows that it spawned several humorous sayings that appeared on bumper stickers, T-shirts, etc.  But this one has a ring of truth to it – and it doesn’t apply only to men.  I would modify it somewhat for today’s modern technology.  Unfortunately, no one is going to pay good money for a bumper sticker that says, “Real Men and Women don’t ask for Clarification.”

Peer pressure and group-think can be dangerous at the best of times, but it can be absolutely lethal when e-discovery is involved.  We’ve all been there.  Big meeting.  Lots of players.  Someone is describing a complex process and a lot of people in the room don’t understand, but nobody speaks up.  Understandable.  Who wants to appear ignorant?  Also, some people are gun-shy.  They don’t feel comfortable in these situations. Unfortunately, the result is that many leave the meeting and don’t really understand what was said.

In our likely scenario, we’re going to have highly skilled technology NorwayRockprofessionals, each with skills their counterparts may or may not understand.  We’ll have attorneys, but they’ll also be proficient at various areas of the law.  We’ll have management, who don’t want to have to deal with the issue on a granular level – if they can help it – because that’s what they’re paying you to do for them.  Oh, and everyone’s looking at the clock, hoping to get out by lunch-time.

In a perfect world, everyone will simply cross-pollinate.  We’re not in a perfect world.  How are we going to bring everyone up to speed, avoid the potholes and arrive successfully at our destination?

I won’t be considered a genius by pointing out that communication is key.  Think about this for a moment.  This is a complicated dynamic.  My complaint with a lot of the literature I see is that they give advice as if human beings are robots; suggesting that we all act predictably and in lockstep with each other.  Human beings don’t function that way.  Like it or not, you’ll be dealing with egos, hubris, politics, territoriality, agendas, ambition, laziness, strengths and/or weaknesses – and that doesn’t even take into account the differing skill-sets!

That’s reality.  So, let’s not waste our time pretending it doesn’t happen.  Let’s focus on getting it done in spite of all of those things.

My dad was a smart guy.  He grew up on a farm in Saskatchewan and eventually ended up in the retail business.  He was a plain talker.  In my early days, he would commiserate with me when we discussed these very issues and the frustration involved.  His advice to me was so simple, I’m almost embarrassed to post it; find a way to explain yourself using a comparison that everyone in the room can relate to in some way.

Dad always used a car as his example.

You know what?  It works.  And you know when it works.  It’s amazing what happens when the light bulb comes on, that ‘deer-in-headlights’ look disappears and you know you’re actually getting your point across.

j0437195Here’s an example.  Many years ago, before it became a dynamic process – email systems had to be taken down for lengthy periods of time for maintenance.  We tried to perform these actions when it would least affect the company (read: I never got much sleep).  But companies are international – any hour of the day, they’re ‘open for business’ somewhere in the world.  Someone was always going to be inconvenienced.  As such, it was inevitable that we were going to receive calls regardless of how many advance notices we issued, and as the Manager, it was my job to field them.

Trying to explain to an irate executive traveling in Poland (who, I might add, has the authority to fire me) why he can’t access his email will not be accomplished by saying, “We have to take the database off-line in order to perform maintenance to compact it.”  Remember, these are people who don’t understand technology.  The inevitable reply was, “I don’t care.  Run the maintenance on the thing without taking it down.”

Enter the car. “Sir, I completely understand your frustration, but unfortunately, this is the way the software is designed.  When you have to change the oil in your car, you can’t do it with the engine running, right?  Well, our system operates exactly the same way.  There simply isn’t a way to do it without taking the database off-line.”

You’d be surprised how well it works.  It doesn’t mean they still won’t be angry – it’s unavoidable – but at least they understand.  Knowing our audience is important.   There’s a time and place for complex language, but not here.  Our listener gets the impression that we’re being condescending or they should just leave it to us because we know what needs to be done.

I gave an example involving technology, but it doesn’t really matter what discipline is involved.  The bottom line is, somebody isn’t going to understand us, and they deserve our consideration.

A favorite memory I have is when we had a major system crash.  If there was ever a time when the term ‘grace under pressure’ applies, it’s then.  Before long, the phone started ringing.  There was realistically only one way we were going to fix the problem, but a manager was under a lot of pressure and wanted to implement a radical, untested fix – one that would ultimately make the problem worse.  Try as I might, using every technical term I could think of, I explained how this would turn a contained, fixable issue into one that would spiral out of control – but due to panic, he wasn’t hearing me.  Finally, I simply said, “Look, what you’re proposing to do is equivalent to trying to kill a flea with an elephant gun.”  He dropped the idea on the spot.

Something to think about before you walk into the next meeting with the attitude, “It doesn’t matter what I say – they won’t understand me, anyway…”

If everyone makes an effort to communicate better, we’ll avoid the pitfalls and end up here, instead…

large_falling_rock_tap_house

e-Evidence: Legoland or Humpty Dumpty?

Part II of a two-part series.  Part I appeared 12/03/08.

Forgive me – I’m in a mischievous mood today…

PART II – LEGAL RELEVANCE

j0403058“All the king’s horses and all the king’s men couldn’t put Humpty together again!”

This is a humorous nursery rhyme from my childhood.  Others, like Ring around the Rosey or London Bridge might have illustrated my point well, but those are missing the most important part; with e-discovery, once the opportunity is lost, it’s likely a permanent result.

Let’s say you’ve made it all the way through to this stage,  If that is so, then not only have you located evidence, you’ve established that it’s logically relevant (which in law-speak generally means that the evidence is material to prove or disprove a disputed fact that is of consequence to the action, and has probative value).  That takes care of that, right?

Not so fast.  Now, you have to persuade the court that it’s legally relevant to your case; and that means laying a foundation of admissibility.  Your adversary is going to use every tool at his or her disposal to knock out items that exculpate your client.  Did you take care to make sure that all technical aspects have been satisfied?  A paper trail is one thing, but an electronic trail?  Maybe a game of Twister would be easier.

In law school, we had a ‘mini-checklist’ that would help us remember all the things we had to think about when addressing this type of evidence:

  1. Is it Relevant?j0385258
  2. Is it Authentic?
  3. Does it violate the Best Evidence Rule?
  4. Is it Hearsay?
  5. Is it Privileged?
  6. Is it Parol Evidence?

Techies, take a deep breath.

For our purposes today, I’m not concerned with three through six.  Lawyers will determine the disposition of the evidence once it’s produced.  But what about one and two?  There are a lot of steps leading up to production.  The data may pass through several hands before it makes its way to the legal department.  Let’s take a look.

RELEVANCE (LEGAL)

We discussed logical relevance above.  We have, theoretically, material evidence.  Now, we must lay the foundation (also mentioned above).

AUTHENTICATION

We have to establish that the evidence is what it purports to be.  That’s not simple, even when it’s paper.  We need an electronic trail to follow – and that’s the east part.

First, we have to establish chain of custody.  That means we need to link together the source and all phases it passed through – kind of like a Barrel of Monkeys. If a cutting-edge method was used to procure the data, there could be a scientific challenge to the process. We’ll need expert testimony to walk the court through how the evidence was obtained.

The lawyers aren’t likely to be doing it.  They don’t have the technical know-how, plus, there are ethics issues with lawyers testifying in trials they’re working on.

Techies, let out that deep breath.  If they won’t be doing it, you will!  It means you’d better document everything, then be prepared to testify about it in court.

EPILOGUE

If this exercise proves one thing, it’s that attorneys and technology professionals have separate and distinct – and extremely important – jobs to do.  But in certain areas, they depend on each other.  If IT can’t get access to data, the attorneys may have to file a motion.  If IT establishes that there will be a punitive cost to comply, the attorneys may have to push back – or seek cost-shifting.  As an attorney, if I don’t explain to IT that every step of their process must be documented, am I hurting them?  No – ultimately I’m hurting myself, because I’m the one who will have to establish authenticity in court.

As you can see, the process of bringing ESI to it’s proper form is a series of building blocks, not unlike stacking Lego bricks.  In fact, in evidence law we have a saying; “A brick is not a wall“.

Take care.  Failure to stack the bricks carefully and your wall will likely end up like Jenga or Kerplunk.

Darn…I should have been able to work in Operation

What is Electronic Evidence? Answer: A lot more than you might Think!

Part I of a two-part series.  Part II will appear 12/04/08.

PART I – LOGICAL RELEVANCE

A cardinal rule, known to law students everywhere, was broken.  “When on a break from the bar exam, don’t discuss a specific part of it with anyone – and if you absolutely must, ask permission first!”  The reasoning behind this rule; to prevent students from freaking out because inevitably the other student will point out something they themselves missed, thus setting off a chain reaction of worry, panic and distraction.

There I was, on a break from the California Bar Exam, and another student really wanted to discuss the evidence question with me.  We had a pleasant conversation – as pleasant as it could be between two stressed-out bar candidates in the middle of a three-day exam.  We discussed the facts as they pertained to the question and the issue of whether each piece of evidence put before us was authentic.

Signature:2a0f6d0366f291694bd9cc422bff24b12e1d3afd88bc0ed09c9a8814df3c0837

All was going well until I pointed out the ones that were legit, but weren’t admissible in court.  The pallor of my counterpart changed noticeably.  That’s when he realized that he’d done a great job analyzing whether each piece of evidence was authentic, but forgot the next step – determining whether each was admissible.

Finding evidence is just the beginning.  If all of your dominoes don’t line up properly, it will never be admitted.  The technology gurus have a huge role to play and may not even be aware of it.

A few years ago, if you explained to the average person what electronic evidence – or e-evidence was, then asked them to give you an example, 99% of them would have given you the same answer – e-mail.  We’ve all read news stories about this individual or that one who was caught red-handed through his or her e-mail messages.

Later, another example started showing up more often – text messages.  Just ask the former Mayor of Detroit how that turned out for him…

ESTATUAS DE JARDIM

In law school and on the bar exam, the testers took pride in finding ways to slip a piece of written evidence right by a student by putting it into a form that he or she wouldn’t normally think of as “written”; engraving on a tombstone, label on a medicine bottle, a license plate.  We’re conditioned to think of written evidence as something more mainstream, like a letter, a book or a bill of receipt.

A lot of e-evidence is still written – but now it’s written to computer hard drives, DVDs and cellular phones.  Just like law school students, we have to broaden our thinking and remember that virtually any device that can save, store – or even process electronic information (e.g. RAM in printers/fax machines) may qualify. Then, we have to remember the really tough part – many of these devices are mobile.  They could be virtually anywhere in the world.

Let’s take a hypothetical look at Jane Doe.  She works for a multi-national corporation, “Multi-Corp”.  She has an office in Los Angeles and one in Tokyo, and an apartment in each city as well.  She has a desktop computer in each office, plus a laptop to use when she’s out in the field, at home or traveling.  She stores some of her work on the company file servers.  She’s taken to transferring work from her laptop to her home computers in both Tokyo and L.A. – because she likes them better (the boss doesn’t know).  It’s annoying for her to connect the machines directly, so she either hooks up wirelessly through her router or uses her thumb drive.  She has two cellular phones (one is personal) and a PDA.

Multi-Corp is sued by Uni-Corp, and the Plaintiffs subpoena Jane’s correspondences.  Am I the only one with a headache?  Probably not.

If I’m in the IT department at Multi-Corp, I have to think of every possible device – and the location of each – where relevant data may be stored (let’s hope Jane remembers to tell me about the thumb drive).  Then, once I do, I have to locate the data on the device itself.  What if I need to retrieve it from back-up media?  What happens if a device – and the data it contains – is owned/managed/outsourced to a third party (e.g. the file servers or the cellular phones)?  How do I get them to grant me access when they don’t want to be dragged into a lawsuit?  Do they have to do so?  I might have to ask the legal department.

If I’m in the Legal department at Multi-Corp – or in their outside counsel’s office – I’m depending on the expertise of my IT resources, but I’m also worried about issues that IT doesn’t normally think about; chain-of-custody being a prime example.  I’m looking for data that will exonerate the defendant and relevance is only one issue.  I’m also responsible for making sure it’s admissible and I don’t want it thrown out on a technicality.  How can I impress this and other concepts upon people who don’t work directly for me?

Meanwhile, both departments – and management – are thinking about the costs and whether the Plaintiff’s subpoena is too broad in its scope.

A lot of questions.  A lot of concerns.  I will endeavor to address all of them in tomorrow’s post.

Speaking: Lost in Translation

“Language is the source of misunderstandings.”
— Antoine de Saunt-Exupéry

j0438482Attorneys.  High-tech professionals.  High-tech professional attorneys.  Management.  Laymen.  Not only do they have to communicate between themselves, they have to communicate with all of the support staff that will handle an EDD issue.

Many cases also involve foreign participants – and, as logic will follow, their data.  Nothing like adding multiple languages to the mix to really complicate matters…

What we got here is a potential failure to communicate.  A potential failure of grandiose proportions.  What steps can be taken to avoid it?

Attorneys follow rules of discovery – electronic or otherwise – from state & federal civil procedure and criminal procedure law.  Procedure is the ‘road map’ of every case.  It’s the nuts & bolts of the legal system – the ‘plumbing‘, if you will..

Technology professionals are tasked with creating a ‘map’ of their hierarchy in order to identify, preserve and collect ESI.

Management has a vested interest in both groups being excellent cartographers.

Does this cover every contingency?  Who else might we – or our colleagues – be responsible for communicating with about this?

Young Businesswoman with Her Finger on Her Lips --- Image by © Royalty-Free/Corbis

Proportion is a major factor.  The larger the parties involved, the likelihood increases exponentially of laymen taking an interest (public or private shareholders, staff, reporters, etc.) who have no experience with either discipline.  The rumor mill starts grinding.  Like it or not, there may be public relations aspects to all of this.

The attorneys and technology professionals who ‘make it happen’ will not likely be directly exposed to this part of the equation, but there is one element they should be concerned about; making sure that the information flowing upward – and downward, for that matter – is accurate and concise for the benefit of those who will be directly exposed.

Credibility is key.  A mistake that initially appears to be harmless can turn into a nightmare for a professional who is held to a particular standard of duty.  These duties may involve split loyalties, and worse, there is a risk to the parties that their duties may diverge.  One may be forced to walk a tightrope.

Corporate executives may have duties to their companies, their counterparts, their shareholders (if they’re structured that way) and the public.  Attorneys – first and foremost – are Officers of the Court, and this duty supersedes all others.  Disseminating incorrect and/or misleading information – even when unintentional – may get these people in hot water.

We all must take care to assure that this doesn’t happen.  That’s our duty.

Listening: How a Dog became a Cat & other ‘Tails’

Today is Thanksgiving, and aside from wishing you a safe and happy holiday, I thought I’d have a little fun.  Everybody’s talking turkey, so let’s talk about dogs and cats instead…

“There’s a reason we have two ears and one mouth”.  That old proverb is admonishing us in a subtle way; listen more and speak less.

Jack Russell Terrier Snarling --- Image by © Royalty-Free/Corbis

Many years ago, someone told me a great story about a design team, tasked with making improvements to a client’s dog.  A long narrative follows about how the various team members come up with all sorts of creative ideas about what they can do to accomplish this goal.  To make a long story short, by the time they’re done, the dog’s design has been improved so much that it’s now a cat – a really fantastic cat!

The team is thrilled, and they can’t wait to present the results to the client.  But when the client sees the cat, he says, “You’ve done a great job here, but what I asked for was a better dog.”

Whether you’re an attorney, a technology professional – or somewhere in between – it’s important to always remember that somebody is your client – or customer.  Highly-skilled individuals forget this sometimes.  It can be a product of hubris, but I’m not concerned with that.  I’m referring to the more common reason; the perception that your audience won’t understand what you’re saying or doing.  Complex activities go on behind the scenes that can be very difficult
to explain to someone outside of your particular field of expertise, so why not just do it, get it done, then get back to them when you’re finished?

The Leaning Tower of Pisa, Tuscany, Italy

What other two disciplines are in danger of exhibiting this train of thought more than law and technology?  Contrary to
popular belief, a trial does not seamlessly take place like it appears on Law & Order, and techies don’t shout “I want tactical and database assimilation by 0-900!” – at least not that I’ve experienced.  Your computer won’t say to you, “I’m sorry, Dave, I’m afraid I can’t do that.” but your IT Manager might.  If you adopt an ivory tower attitude toward e-discovery under these circumstances, you may find yourself in the Tower of London instead.

EDD (electronic data discovery) may require so many human resources with such specific skill-sets (IT, Management, Inside and/or Outside Counsel, Consultants, Paralegals, Tech-Support) that the risk of mis-communication – or complete lack thereof – becomes great.  You forget to listen carefully, and worse, refrain from going back to
the source for more input and guidance when necessary.  Attorneys refer to this as ‘assuming facts not in evidence’.

The line becomes blurred.  Who is the client?  It’s easy to lose sight of the fact that – for most of the parties involved – the company itself is the client!

I solve this problem by assuming that everyone is my customer; and this may include everyone inside of my department as well.  It’s true if you think about it.  Anyone I owe a deliverable to technically is my customer – even if we work together.

Keeping this in mind helps me remember that I have four primary goals:

  1. Understand my tasks – if I don’t, keep asking questions until I do
  2. Perform them competently and efficiently
  3. Deliver exactly what my customer requires by the agreed-upon deadline (or find and present suitable alternatives if conditions outside of my control delay or prevent a deliverable from being met)
  4. Communicate clearly and concisely with my customer at all stages of the project – even if the news is unpleasant.

Following this simple formula will hopefully get you through the ‘dog’ days of litigation.

Testing 1-2-3…Are you ‘Really’ Ready for a Litigation Request?

Part II of a two-part series.  Part I appeared 11/24/08.

PART II – ESI COLLECTION

I read a lot of of excellent articles, white papers and documents (as do you)
which present reasonable, astute and prescient approaches to getting a
handle on your company’s ESI (electronically stored information).

However, in virtually all of the materials I see, one important element is missing:

TESTING.

j0433180Buildings run fire drills. Do you run data recovery drills?

Sounds counterintuitive, doesn’t it?  Common sense would tell you that if you’re backing up your data, it should be relatively easy to recover it on demand.  After all, the software “tells” you in your morning report that last night’s run went fine.  But did it?  Is that all that matters?

 Think about it for a moment.  How many spokes are in your hub?  Where are they?  How many people are responsible for protecting the data?  What software do you use?  What hardware?  What media?  Is it easily accessible?  Physically?  Remotely?  Do you handle it in-house or do you depend on outside vendors?  Do you use off-site media storage?  Do you know the time it would require for you to comply with a request to produce data?  Do you have an alternate location to restore it?  It isn’t always restored to the location where it originated, and certainly not when litigation is involved.

Let’s boil it down to one simple question.  What would you do if you received a call with a demand for data – a large quantity of data – that isn’t at your fingertips?

Woman with Headache --- Image by © Royalty-Free/Corbis

It would surprise you how many companies haven’t thought about this.  They do everything right in terms of the front-end of this process, but never anticipate the back-end.  They do a terrific job of thinking about data protection, yet don’t think about more important issues – data integrity and the ability to restore it.

What good is all of this technology if, when the big request comes down, you can’t deliver?  It’s bad enough when this has nothing to do with e-discovery (such as my location in California, where we have to worry about earthquakes), but when it does, there are sanctions on the line – and not just civil sanctions.  Some of the penalties are criminal in nature.

Admittedly, criminal liability would most likely require intentional and/or egregious conduct, but the spectre is out there (I’ll address the facts vs. fictions in a future post).

You don’t want to be the attorney who has to stand in front of the judge and say “I’m sorry, Your Honor.” because you are either experiencing delays in producing the data, produced it very late in the litigation process or are unable to produce it at all.  You might get a response like this one from a Judge in the recent McAfee case – “Heads will have to roll“.

Let’s hope it isn’t your head she’s talking about.

Disaster, Recovery and e-Discovery – What You Don’t Know CAN Hurt You

Part I of a two-part series.  Part II will appear 11/25/08.

PART I – ESI IDENTIFICATION & PRESERVATION

j0439550Perception is reality – or so the saying goes.  With e-discovery, perception cannot be reality.  The divergence of these concepts is illustrated by the following statistics:

When queried, a high percentage of law firms and in-house counsel believe the companies they represent are ready to comply with a litigation request.

Apparently, they didn’t ask the IT department.  A dismal percentage of IT managers believe they are ready to comply.

A lot of this obvious disconnect can be attributed to lack of communication between the parties.  However, another major element is what’s lost in translation.  Do the attorneys understand how IT accomplishes this task – or the difficulty of achieving it?  Does IT understand what the attorneys are asking of them?  Do both groups understand what is encompassed in the term “ESI” (electronically stored information)?

Lawyers are thinking about the litigation hold.  IT is thinking about incremental, differential and full backups.  Never the twain shall meet.

How many times has IT received a call like this?  “I created a document this morning and I accidentally overwrote it this afternoon.  Can you please restore it for me?”  That’s a problem.  Regardless of what day it may be in the rotation, most companies perform a back-up once per evening.  As such, there is no back-up of the caller’s file.  Unless the over-written file can be restored somehow from the disk it was saved to, the caller is out of luck.

Back-ups are not normally a dynamic process; they’re snapshots in time.  Even if you do full backups every night, theoretically, an infinite number of people may “touch” a file between those two periods.  This is something lawyers would easily understand; but many are not aware of it.

What the lawyers need is for the data to not only be located – and restored, if necessary.  The data must also be preserved.  Nobody must touch or modify that snapshot – a line in the sand, so to speak.  Again, this is something IT would easily understand; but many are not aware of it; nor the massive amounts of storage that may be required to accomplish it.

Also, most rotation schemes involve eventually overwriting the media (Grandfather-Father-Son?  Tower of Hanoi?).  What happens if, like in the recent McAfee case, data is requested that is from the year 2000?

Rows of Drawers at Library ca. 2001

Basic definitions also come into play.  Do all of the parties mean the same thing when they use the terminology?  What is a back-up and a restore?  What is disaster-recovery?  Do you have separate processes for each?  Are they considered the same thing at your company?  What is the intent of the process; ready access to the files or worst-case-scenario access?  Is the data stored on-site or off-site?  Both?

IT is thinking about how feasible it is to access the data.  Attorneys are thinking about Zubulake.

Be careful you’re not creating your own homonyms.  Webster’s Dictionary defines them as, “Two words…pronounced or spelled the same way but have different meanings”.

If Legal thinks it’s one thing and IT thinks it’s another, both groups are going to face some very unpleasant realities down the road.  This would be a good time to get those definitions written down.  Then make sure you’re all on the same page.

An IT Executive Turned Privacy, Cyber Security & Litigation Attorney and Consultant Shares his Personal Insights.