Seems to me there are a lot of companies selling data & e-discovery services with the attitude of, “Place your data responsibilities with us, then sleep well at night”. Hardware and software are offered in-house, SaaS, appliance, off-site…anything you want can be provided.
My personal opinion; before you start relinquishing responsibility to others, keep one thing in mind – it won’t matter. You’ll ultimately be responsible in the eyes of the law.
I blogged about this before in my ‘Hot Potato‘ post, among others. The instinctive thing to do – especially with the added complexity of the e-discovery rules hanging over you – is to contract out and make it someone else’s problem. Heck, I get that. I’m a Contractor! Only thing is, in this case…it won’t work. Good-faith won’t be enough.
I’m not living in a fantasy world. Some companies have so much data – including ones I’ve consulted with – it would be virtually impossible to manage in-house. If I said “Don’t do it!” I would expect you to laugh me out of the room (which would be difficult, since none of you know where my ‘room’ is, exactly). All I’m suggesting is, before you consider outsourcing data management; whether it be on-site, off-site or a combination of both – or even if you’ve already done so – think about all the risks, especially in these difficult economic times. Do you have a contingency plan in place?
These are the items I’d be including in a checklist (order of preference is up to you):
Hold on a second. Let’s begin by answering a fundamental question. Who will manage this? You? The Vendor?
I know. Some of you are asking what that means? After all, regardless of how you proceed, somebody representing the company will be responsible for managing this or serving as liaison, right? Yes and no.
If you don’t know your ‘stuff’, then aside from serving as liaison, you’ve relinquished your ability to make decisions in the best interests of the company. Essentially, the Vendor will be advising you, and their interests may conflict with yours – especially if litigation arises. In the alternative scenario, if you’ve educated yourself – or have hired a knowledgeable representative in-house – you’ll be advising them.
Think this is a distinction without a difference? Take a look at my checklist and see what you think:
- Does the Vendor handle backup, restore, disaster-recovery and/or e-discovery services?
- Are all of their products integrated? (Many Vendors acquired other Vendors to stake a presence in the e-discovery field; it doesn’t mean their products integrate well).
- What if the Vendor goes bankrupt?
- How will the Vendor respond if/when they’re served with a subpoena as a 3rd-party?
- Does the Vendor have their own legal representation?
- Who will be responsible for managing the retrieval of data?
- How quickly can/will the Vendor respond to a request?
- Does the Vendor subcontract any services?
- Will an additional Vendor be needed for e-discovery if the 1st Vendor doesn’t have that capability? Do they already have a secondary Vendor in place?
- As we expand – including to other countries/continents – how will the Vendor handle it?
I realize this is a ‘macro’ view. The list above should open up several more questions, such as how are they backing up your backups?
I would think it would be very important to instruct the Vendor about what you expect, rather than rely on the Vendor to tell you what they’re going to do for you. There’s no room for ambiguity where e-discovery in concerned.
Alliteration always assists attorneys acting as authors…
It seems to me this is standard practice lately; quietly modify agreements, then wait to see if anyone notices. People noticed. But before you crack open the champagne, two important things to consider:
- Facebook left wiggle room as to what they’ll do in the future. To quote from the WSJ article above:
raised.” (Italics added)
Resolve ‘what’, exactly?
- This issue is entirely beside the point because to me, it isn’t about who owns the content, it’s about who has access to it.
Every day that your information is up on Facebook, it may be available to everybody, everywhere. Maybe you should swap that champagne for tranquilizers…
I’m starting a new ‘Tips & Tricks‘ category today.
Whenever I come across a resource that I think will be useful to my readers, I’ll post it.
First things first…many of you will recognize Mr. Peabody and His Boy Sherman, who were part of the Rocky & Bullwinkle Show.
Mr. Peabody was the purveyor of the original ‘WABAC Machine’, which made it possible for he and Sherman to go back in time and visit the past.
To put it in their own words, the Wayback Machine allows us to “browse through 85 billion web pages archived from 1996 to a few months ago”.
This has enormous value to those of us who do forensic e-discovery. Give it a try and I think you’ll agree.
To My Readers: No matter what your political leanings may be, today is an example of what’s great about the United States; the peaceful, seamless transfer of power. So, in honor of the inauguration, I felt it appropriate to jot down some observances I’ve made lately regarding the Presidency, e-evidence, privilege…and why I think they’ve got it all wrong…
e-Discovery Insights: Keep this on the down-low. I have it on good authority that Barack Obama’s going to be in the nation’s capitol on Tuesday. Let’s all plan to get him in a room and confront him on this whole ‘BlackBerry‘ problem.
Readers: What’s the big deal? He’s a thoughtful guy. He’s responsible. He can control himself. Why are all of these lawyers making such a big deal out of this?
e-Discovery Insights: Because PDAs are subject to subpoena, that’s why.
What’s the difference between your PDA and Obama’s BlackBerry? Absolutely nothing. You have the same exposure he does! At least he might be able to invoke Executive Privilege in certain circumstances; meanwhile, you’ll be hoping for ‘run-of-the-mill’ privilege.
Now comes word the White House staff has been told they may not use instant messaging (IM). Check out this quote – contained in the above link – from Reginald Brown, a former associate White House counsel for President Bush:
“These lawyers — [incoming White House Counsel] Greg Craig in
particular — come out of a law firm environment and knows how onerous
e-discovery has been for clients,” (italics/bold added).
I’m feeling sooooooooo cool with my career choices right now…
Because technology is HERE, it’s not going away, and it’s time we started accepting that fact and adapting to it rather than restricting it. This administration may prevent their aides from using IM, but someday, it’s going to be used. Wouldn’t the better way be to educate the staff, put some trust in them, implement policy and let them use the tools that exist solely to make communication easier?
Preposterous? Inconceivable? Impossible? Unattainable?
I’ll ponder that while I watch the swearing-in of the first African-American President of the United States of America.
Best wishes for a safe, healthy and prosperous 2009!
I took a few days off, but found myself pondering what a list of New Year’s resolutions for e-discovery professionals might look like. I tried to make a single list, but as I compiled it I realized that bifurcating it and creating two separate posts – one for law, one for technology – would work better. How did I decide who went first? Well, I carefully reviewed the data, factored in the importance of each item, took into account the ego issues that would arise…
…I flipped a coin…Technology won…
1. KNOW WHERE YOUR DATA IS
Yes, yes, I know; never end a sentence with a preposition. In my defense, I don’t think that’s really a sentence. If you insist, I’m just going to have to pull a “Winston Churchill” on you (See #1)…
Let’s face it, you’re running around with a ton of things to do, so nobody actually sits down and draws a map of the enterprise. And if you’re one of the lucky ones who actually has a map, is anyone keeping it up to date? (What do you mean I can’t start a sentence with ‘and‘? See #3)… I can’t tell you how many times I’ve been hired into an operation, asked for a data map and received one that’s two years old (Never use ‘I’ in business writing? See #2).
2. BROADEN YOUR THINKING
What encompasses ESI at your enterprise? Where is it? Do you have access to it? What if it’s on someone’s personal equipment? What if it’s on the ‘web’? This is a good time to think about all of the places ESI may reside. Remember, you’re not just answering subpoenas here, you’re also looking for exculpatory information. The blade cuts both ways.
3. FORMALIZE POLICY
This is no time to be fooling around. You do not want to be caught without policies in place when litigation arises. You won’t be able to put the genie back in the bottle, so get together and create sensible company policy, implement it and make sure everyone knows what their role is (don’t make me cite #1 again…).
4. TAKE BOXING LESSONS
Regarding resolution #3…hey, I didn’t say it would be easy, did I? Depending on the ‘buy-in’ at your firm, you may meet a lot of resistance. People don’t like to change their habits. This is why you have to create policies that make sense, sell them to management, then make sure management stands behind you. Otherwise, this will fail.
5. BE KIND TO THE LAWYERS
Everybody has a job to do. Yes, unless the attorneys have some experience with technology, they may think everything can be produced “yesterday”. They don’t know about your budget issues, your workload or the limitations of your existing technology. Your job is to make them understand what you can – and can’t – do, and set reasonable deliverables. Remember, their licenses are on the line.
Part I of a two-part series. Part II will appear 12/04/08.
PART I – LOGICAL RELEVANCE
A cardinal rule, known to law students everywhere, was broken. “When on a break from the bar exam, don’t discuss a specific part of it with anyone – and if you absolutely must, ask permission first!” The reasoning behind this rule; to prevent students from freaking out because inevitably the other student will point out something they themselves missed, thus setting off a chain reaction of worry, panic and distraction.
There I was, on a break from the California Bar Exam, and another student really wanted to discuss the evidence question with me. We had a pleasant conversation – as pleasant as it could be between two stressed-out bar candidates in the middle of a three-day exam. We discussed the facts as they pertained to the question and the issue of whether each piece of evidence put before us was authentic.
All was going well until I pointed out the ones that were legit, but weren’t admissible in court. The pallor of my counterpart changed noticeably. That’s when he realized that he’d done a great job analyzing whether each piece of evidence was authentic, but forgot the next step – determining whether each was admissible.
Finding evidence is just the beginning. If all of your dominoes don’t line up properly, it will never be admitted. The technology gurus have a huge role to play and may not even be aware of it.
A few years ago, if you explained to the average person what electronic evidence – or e-evidence was, then asked them to give you an example, 99% of them would have given you the same answer – e-mail. We’ve all read news stories about this individual or that one who was caught red-handed through his or her e-mail messages.
Later, another example started showing up more often – text messages. Just ask the former Mayor of Detroit how that turned out for him…
In law school and on the bar exam, the testers took pride in finding ways to slip a piece of written evidence right by a student by putting it into a form that he or she wouldn’t normally think of as “written”; engraving on a tombstone, label on a medicine bottle, a license plate. We’re conditioned to think of written evidence as something more mainstream, like a letter, a book or a bill of receipt.
A lot of e-evidence is still written – but now it’s written to computer hard drives, DVDs and cellular phones. Just like law school students, we have to broaden our thinking and remember that virtually any device that can save, store – or even process electronic information (e.g. RAM in printers/fax machines) may qualify. Then, we have to remember the really tough part – many of these devices are mobile. They could be virtually anywhere in the world.
Let’s take a hypothetical look at Jane Doe. She works for a multi-national corporation, “Multi-Corp”. She has an office in Los Angeles and one in Tokyo, and an apartment in each city as well. She has a desktop computer in each office, plus a laptop to use when she’s out in the field, at home or traveling. She stores some of her work on the company file servers. She’s taken to transferring work from her laptop to her home computers in both Tokyo and L.A. – because she likes them better (the boss doesn’t know). It’s annoying for her to connect the machines directly, so she either hooks up wirelessly through her router or uses her thumb drive. She has two cellular phones (one is personal) and a PDA.
Multi-Corp is sued by Uni-Corp, and the Plaintiffs subpoena Jane’s correspondences. Am I the only one with a headache? Probably not.
If I’m in the IT department at Multi-Corp, I have to think of every possible device – and the location of each – where relevant data may be stored (let’s hope Jane remembers to tell me about the thumb drive). Then, once I do, I have to locate the data on the device itself. What if I need to retrieve it from back-up media? What happens if a device – and the data it contains – is owned/managed/outsourced to a third party (e.g. the file servers or the cellular phones)? How do I get them to grant me access when they don’t want to be dragged into a lawsuit? Do they have to do so? I might have to ask the legal department.
If I’m in the Legal department at Multi-Corp – or in their outside counsel’s office – I’m depending on the expertise of my IT resources, but I’m also worried about issues that IT doesn’t normally think about; chain-of-custody being a prime example. I’m looking for data that will exonerate the defendant and relevance is only one issue. I’m also responsible for making sure it’s admissible and I don’t want it thrown out on a technicality. How can I impress this and other concepts upon people who don’t work directly for me?
Meanwhile, both departments – and management – are thinking about the costs and whether the Plaintiff’s subpoena is too broad in its scope.
A lot of questions. A lot of concerns. I will endeavor to address all of them in tomorrow’s post.
An interesting survey appeared in the September 2008 issue of the American Bar Association Journal. The subheading states, “Lawyers Slow to Adopt Cutting-Edge Technology“.
I took solace in the statistic that only 2% of lawyers maintain a law blog (assuming readers consider this a blawg then I’m certainly ahead of the pack) and only 8% of law firms follow suit, but as a general trend, the data is somewhat troubling. It’s a symptom of a larger illness.
The number-one complaint against attorneys is lack of communication. I’m not just speaking in terms of what their employees or clients say – it’s also the number-one complaint lodged against them with bar associations.
It’s bad enough when the subject is one in which an attorney feels comfortable discussing. But add complex technology to the mix and that’s a recipe for disaster. In the “wild west” days of e-discovery – before it even had a name – one could get away with mistakes. Now that the rules have been formalized, the path is littered with attorneys – and their clients – who have suffered greatly for their mistakes.
There’s an old saying, attributed to Confucius, which states; “He who does not know, and does not know that he does not know, is a fool”. In the e-discovery world, the new saying is, “He who does not know, and does not know that he does not know, will be sanctioned”.
Core competency in this area is no longer hoped for; it is expected and presumed, both by clients and the courts. It’s not enough for attorneys to rely on IT personnel; they must also be able to understand what their IT professionals are telling them so they can communicate this information effectively to their clients, the courts and even their adversaries. Otherwise, it’s the attorneys and their clients who will bear the consequences of mistakes.
Further hampering this process is the fact that very few IT personnel speak “English”. Many a layman has become glassy-eyed while listening to a “techie” explain a process in “techno-speak” while not understanding a word of what was said.
Like it or not, the onus is on the legal professional to be competent and understand this process. If something goes wrong, blaming the incident on a lack of technical knowledge and expertise is not going to fly.