Category Archives: Zubulake

My Analysis of Calbar Formal Opinion 2015-193: eDiscovery & ESI? “Don’t Be Stupid”

The last three words from this short Beverly Hills Cop video clip sum up my analysis of the opinion:

I wrote public comments to COPRAC (The State Bar of California Committee on Professional Responsibility and Conduct) re their interim versions of the opinion and, in a rare step, I’m posting a verbatim excerpt because my assessment of this opinion remains unchanged.  One modification – I bolded a quote, because the Committee adopted my definition verbatim in their opinion (page three, footnote six):

“I’m seeing a very common thread in COPRAC’s reasoning that afflicts those who understand technology at a more surface-level; the tendency to think of it in physical, rather than ethereal terms.  In other words, the Committee has focused on the word evidence, instead of the word electronic.  Take water, for example.  Whether it exists in a lake, a bathtub, or a glass, it’s still water.  It’s the same with evidence.  Whether it exists as writing on a tombstone, a paper document, or in electronic form (e.g. sitting on a flash drive), it’s still evidence.  It’s the medium that should distinguish it for your purposes.  That’s the contrast missing here.

Whereas the Committee has done a better job of defining parameters such as clawbacks and laying out accurate mistakes by our hapless attorney, once again, it descends into conduct that isn’t eDiscovery-based; but competence-based.  This opinion relies too much on unrelated reasoning, such as “assumes”, “relying on that assumption” and “under the impression”.  That’s not an eDiscovery problem; that’s a general competence problem.  It’s also not what the audience needs.  If they’re attorneys licensed in California, they’ve presumably passed both a Professional Responsibility course and the MPRE exam and know – or should know – their duty of competence.  It’s not as if an attorney retains a med-mal case, then immediately “assumes” or is “under the impression” that s/he’s a doctor and can read an x-ray.  But I could intertwine those facts with this opinion and make it about medical experts.  What attorneys specifically need to know is how their actions, or lack thereof, in the procurement, assessment and handling of electronic evidence morph into a violation.  This is a highly specialized area unto itself.  See my previous example.  The x-ray is electronic evidence.  Proper acquisition is one matter; analysis, forensic or otherwise, is quite another.  That doesn’t just include the adversary’s evidence.  It also includes the Client’s evidence.  In this scenario, one is seeking to exculpate the Client through all available means – not just via the adversary.

Contradictions also exist in Footnote Six on page three that states, “This opinion does not directly address ethical obligations relating to litigation holds.”.  I respectfully submit that the opinion goes on to do exactly that.  Perhaps this is due to the criteria set forth in Footnote Six being inaccurate as defined.  In a legal setting, Attorney is charged to know what the Client does not, and this may involve issuing litigation hold instructions to their own Client; not just third parties or adversaries.  If attorney was interacting with the CIO or CTO (The “Information”/”Technology” chiefs, perhaps s/he could reasonably reply on their assessments.  But here, attorney is interacting with the CEO who likely has no intimate knowledge of what goes on in the IT department.  It should read, “A litigation hold is a directive issued to, by or on behalf of a Client.”  Otherwise, how does the competent Attorney protect a Client who, in good-faith, endeavors to do the right thing or protect themselves when a Client, in bad-faith, engages in intentional spoliation?  One of those scenarios exists on page two, when the eDiscovery expert, “tells Attorney potentially responsive ESI has been routinely deleted from the Client’s computers as part of Client’s normal document retention policy”.

Understanding these nuances and acting on them is the very definition of competence as applied to an eDiscovery attorney – or an attorney who engages the services of a third-party eDiscovery vendor.  In this arena, eDiscovery is like a game of falling dominos; once competence tips over, the rest (acts/omissions, failing to supervise, and confidentiality) will logically follow.  As they say, timing is everything.”

Conclusion:  The opinion does a good job of explaining fundamentals of the eDiscovery process, but in my opinion, doesn’t go nearly far enough.

v-Discovery Insights: Robert Brownstone of Fenwick & West LLP Discusses his Top 3 Concerns in Data Security

Robert Brownstone has been my friend and colleague for many years.  In fact, he was Chairman of @CalBarLPMT two years prior to me.  We recently appeared on a panel together called, "Under Fire: Defending and Challenging a Motion against Technology-Assisted Review – A mock Meet and Confer (26f) hearing".  He played the role of the Plaintiff's attorney and I the Defendant's.  Robert was a late addition to my panel and I was delighted to present with him again!


Japan Redux: You can lead a Board to Water, but you can’t make them Drink

MP900400964 It's been roughly two weeks since the devastating events in Japan.  As I mentioned in my initial post regarding their disaster-recovery efforts, we weren't going to know all of the elements we needed to know at that time in order to make an assessment – and we don't know them now.  On the other hand, we know enough to put them under a magnifying glass.  If you're part of a disaster-preparedness team, a cursory examination of their nuclear mess is a true 'teachable moment'.

Why do I keep harping on this?  Because litigation may take on all of the elements of a disaster-recovery operation in that out of nowhere, you're tasked with finding, restoring and producing massive quantities of information – possibly from several sources and/or geographic locations.  And, somebody has to pay for it (Zubulake, Toshiba, et al).  Oh, and tic-toc – the clock is ticking…

Let me preface this by saying that armchair quarterbacking is easy – and this is not a 'bash Japan' post.  You don't kick someone when they're down (but you do try to learn from their mistakes).  Nor is it an "I told you so" post – at least, not by me.  Let's be honest, for a moment.  Sometimes, when a person says "I told you so", they really did tell you so.  So what?  The issue isn't what they told you, the issues are:

  1. Did they tell you something of substance?
  2. Did they provide facts & figures to support it?
  3. Were they qualified to make the assessment? (i.e. on what basis should you rely on their opinion?)
  4. Was it relevant to the concerns at hand?
  5. If you answered 'yes' to one through four, did you give their information careful, deliberative and proper consideration?
  6. Did you solicit, collect and examine supporting and/or dissenting viewpoints to confirm/contradict the opinion?
  7. Was a 'Cost vs. Benefit' analysis performed?
  8. Did you adopt all (or some) of their recommendations?
  9. Why?
  10. Did you dismiss all (or some) of their recommendations?
  11. Why?
  12. Have you properly assessed every possible risk?
  13. Are you qualified to answer question #12, and if not, what other sources should you consult? ("Know what you don't know")
  14. What is the timetable to re-convene in order to re-assess the situation and modify the plan, if necessary?

[Add your own questions here]

What are questions nine and eleven about?  You should always be prepared to justify and/or defend your position.  After all, you may have to persuade your bosses today, but you never know who you might have to persuade tomorrow (I'm thinking…a judge?  A jury?)

Last night I read this article from the Washington Post (and others over the past few days) regarding how the Japanese authorities considered risk when assessing how to protect their nuclear plants.  In my opinion, if you commit to the short amount of time necessary to read the entire story, you'll learn more about disaster-preparedness than you ever could in a classroom; unless, of course, they're studying this disaster.

In an island nation, surrounded by volcanic activity, "experts" didn't even consider a major tsunami as part of the plan for the Fukushima Daiichi power plant because it was considered "unlikely".  But, here's an even better question, raised at the conclusion of the story:

"To what degree must regulators design expensive safeguards against once-a-millennium disasters, particularly as researchers learn more about the world’s rarest ancient catastrophes?"

Which leads me to the obvious follow-up:

  1. If a catastrophe occurs superior to our level of protection, what will be the likely result?
  2. Was this factored into our 'Cost vs. Benefit' analysis?

Two weeks ago, the experts may have thought that the risks were worth it.  But now that radiation is showing up in drinking water as far away as Tokyo?  My guess is, they wish they'd have built the retaining walls a few feet higher.

"Nobody anticipated…"

Don’t be Afraid of the Dark – SUNY

MP900414068 I know you hate it when I do this, but I don't have a lot of spare time and Ralph Losey just did another excellent treatise on the "SUNY" case, which sheds some light on when to issue a litigation hold.

I know you want to know about this because my stats tell me that over a year after I first posted it, my sample of a litigation hold letter – which you see over on the left sidebar – is still the most popular item on this blog.

So, I highly recommend you take a look; and pay close attention to the contrast in privileges.  We need all the guidance we can get.

Case Got Your Tongue? Caffeine, Voicemail & 8 is Enough

J0321217 Mistakes…carelessness…sanctions.  Month after month, I review a plethora of new decisions, looking for something unusual and interesting.  Do I find usually find it?  No.  Look at this summary of nine recent cases that Kroll Ontrack has compiled and what do you see?  Sleight of hand, ignorance of the rules & stall tactics.

Starbucks Corp. v. ADT Sec. Servs., Inc., 2009 WL 4730798 (W.D. Wash. Apr. 30, 2009):  In a case that harkens back to the "Jerry Maguire" case I wrote about over a year ago, the court ruled that just because your emails were backed-up on a "cumbersome old system" doesn't automatically make them "not reasonably accessible".  If that isn't enough, they also said, "…even if the information was ruled not reasonably accessible, good cause existed to order production." [italics added]

There are still people out there who seem to think that the federal rules themselves somehow determine what is – and isn't – reasonably accessible.  In fact, someone wrote a letter claiming this very fact in response to one of the articles I wrote in California Lawyer magazine.

Dead wrong.  The court decides what these parameters are, based on the facts of the instant case.

Vagenos v. LDG Fin. Servs., LLC., 2009 WL 5219021 (E.D.N.Y. Dec. 31, 2009):  The quirk in this case is, defendant was awarded an adverse inference sanction over plaintiff's failure to properly preserve a voice-mail message – even though there was no evidence of bad faith on the part of the plaintiff.  Negligence vs. intent…

Magaña v. Hyundai Motor Am., 220 P.3d 191 (Wash. Nov. 25, 2009):  On appeal, the Supreme Court of Washington applied the three-prong default judgment test (willfulness of violation, substantial prejudice to opposing party and availability of lesser sanctions) and reinstated an $8 million default against defendant.  Parties are still betting against the house; but more and more often, the house wins.

Case Got Your Tongue? Mirror, Mirror & Searching the Forest

J0440920 Another interesting collection of cases crossed my desk, recently.  I'm going to refrain from writing about the "wake-up call" case because it's being cited everywhere.  Besides, if anyone hasn't noticed yet, my entire blog is about that.  Furthermore, we already know about my issues with waking up

By coincidence, two of the cases involve mirror-images of disks; however, the issues in each are completely unrelated.  Also, we have another illustration of how, when rules aren't followed to the letter, one can destroy a criminal case.

Am. Family Mut. Ins. Co. v. Gustafson, 2009 WL
641297 (D.Colo. Mar. 10, 2009)

YOU GOT IT, I TAKE IT – Plaintiff requested that the court set the protocol for the inspection of the mirror-image of Defendant's hard drive.  The court obliged, and in doing so, provided what I think is an excellent guide for anyone undertaking this process.

Forest Laboratories, Inc. v. Caraco Pharm. Laboratories, Ltd., 2009 U.S. Dist. LEXIS 31555 (E.D. Mich. Apr. 14, 2009)

ZUBULAKE – There's only one way to describe this case; Zubulake Duty applies, except when it doesn't

I can't count how many times on this blog I've referred to how
exceptions to a rule may be more dangerous than the rule itself. 
Forest illustrates that point.  This falls under the "knew, or should
have known" category.  The court is saying that if Plaintiff knew, or
should have known that ESI might be relevant to a dispute in the
future, they should have sought to preserve it – for key employee documents only – contrary to existing
company policy.  A tall order.  Talk about hindsight!

State v. Dingman, 2009 Wash. App. LEXIS 550 (Wash. Ct. App. Mar. 10, 2009)

This case also involves mirror-images of hard drives.  It should serve as a cautionary tale to anyone on the prosecutorial side of the equasion.

The State seized Defendant's computers.  Defendant wanted mirror-images of his computers' hard drives in a certain format and the State refused to provide them in that format.  The court found this to be prejudicial to Defendant and a violation of his Constitutional rights.  Defendant's conviction was overturned.

Still think the 4th, 5th & 6th Amendments don't apply to e-Discovery?

I’m Good Enough, I’m Smart Enough & Doggonit, People Like Me…

Cute Sheep…and eventually, I’ll write an in-depth analysis of California AB 5 and contrast it with the Federal Rules.  But, take a look at this fine analysis from regarding how California will deal with Zubulake ‘accessible vs. inaccessible’ ESI and how it contrasts with the Federal rules.

Finished reading?  Great.  Now let me tell you why nothing in the analysis rattles me.  You should have been treating your ESI as accessible all along.  Here’s why:

The law is all about exceptions.  Everyone knows the general rule, but ultimately the facts dictate whether an exception is in order.  At Sony Pictures in 1997, we successfully fought off a request for ESI in a California court because we made the case that it was accessible, but at punitive cost because we’d long since retired that particular backup system and complying would have required a $250,000 outlay (there was no product like Index Engines around in 1997).

I had a very smart professor in law school.  His advice was to always assume the worst-case scenario, then work backwards.  It’s actually a very logical approach.  Yes, the flood may be that bad, yes, the stock market may fall that much and yes, your adversary may make a persuasive argument to the judge.

Be an actuary.  They look at everything as ‘cost vs. risk’.  Which will likely cost more, paying to protect or paying after the fact?  A young PC user asked me the other day, “Why do I need a firewall?  What are the chances that I will be the one that will be hacked?”  My answer was, “If you want to gamble, that’s your call, but here’s a short list of things that could happen if you’re the unlucky one.”

Gamble if you like; but be prepared to face the consequences.

The ‘Missile Command Act’? No, the ‘Internet Safety Act’!

A5200_Missile_CommandI think my career is about to resemble Missile Command.  It was all the rage in the 1980s.  Atari still exists and I was surprised to see that they’re still selling it.

The name of the game is to intercept falling missiles (which have an annoying tendency to split off in multiple directions) with silos on the ground (hint; we’re the silos).

John Cornyn (R) has introduced the “Internet Stopping Adults Facilitating the Exploitation of Today’s Youth Act”, or ‘Internet Safety Act’ (for those of us who can’t fit all that in a catchy blog title).  This bill is actually a regurgitation of a bill introduced in 2006.  I think you get the gist from the bill’s title, but here’s the fine print:

“A provider of an electronic communication service or remote computing service shall retain for a period of at least two years all records or other information pertaining to the identity of a user of a temporarily assigned network address the service assigns to that user.”

Anybody besides me thinking about the storage/costs required to retain and/or restore these logs?5_Day

That’s Part I of the headache.  Part II is who would be covered under this bill; essentially anyone who serves wireless using DHCP.  That’s right – it includes that little Wi-Fi router you have at home.  Note to those who brought their wireless router home from the store and
just plugged it in; you might want to configure the security feature, lest someone nearby connect through it and start looking at child
pornography.  Starting to sweat, yet?  Maybe you will after I mention Part III; you might go to jail for up to 10 years.

Here’s the really bad news – there’s a Part IV…

Once again, all I think about is Zubulake.  The moment you’re required to retain a record for two years, it may be adjudged ‘accessible’ for Zubulake purposes – and not just the ones covered under this Act, which, as I previously mentioned, specifically targets child pornography.  Any purpose of litigation may be fair game to subpoena these logs!

You think maybe Senator Cornyn knows how to push a bill through Congress by piggybacking it on the hot-button terms that frighten all parents to death?

This Act really could be the legal equivalent to ‘Missile Command’ (or starfish, or octopus…).  The tentacles could reach virtually anywhere.  I’ll be monitoring this closely, as should you.  If it becomes law, it could be…Missile Command - The End

I Have some Good News & some Bad News…

*** My n/w and phones are out, so I’m coming to you live from the Redondo Beach Public Library, courtesy of their free wireless service…THANK YOU!!! ***


Why did the goose cross the road?  Let’s take a gander…

I.T. to the Attorneys and Management:  “Great news!  We can leverage our existing ESI backup and/or disaster recovery systems to solve many of our e-discovery challenges and simultaneously cut costs!”

The Attorneys to I.T. and Management:  “Terrible news!  You can leverage your existing ESI backup and/or disaster recovery
systems to solve many of your e-discovery challenges and simultaneously cut costs!”

Why both?  Sauce for the goose is good for the gander – anything that makes it easier for you to access ESI, also makes it easier for your adversary.  But is it that simple?

Key phrases to keep in mind; ‘accessible’, ‘not reasonably accessible’, ‘inaccessible’ and ‘cost-shifting’.  The Federal rule states:

A party need not provide
discovery of electronically stored
information from sources that the party
identifies as not reasonably accessible
because of undue burden or cost. On motion
to compel discovery or for a protective order,
the party from whom discovery is sought
must show that the information is not
reasonably accessible because of undue
burden or cost. If that showing is made, the
court may nonetheless order discovery from
such sources if the requesting party shows
good cause
, considering the limitations of
Rule 26(b)(2)(C).
Fed.R.Civ.P. 26(b)(2)(B), italics added.

j0178039The courts sought to define the parameters in a series of rulings, commonly referred to as ‘Zubulake I, II, III, IV & V‘!  These are not new rulings by any means (2003-2004), and I dealt with a case on this very issue in 1997, but because so many IT groups are ramping up their e-discovery bona fides at this time, this would be a good opportunity to revisit Zubulake and make sure you understand the implications.

In the normal course of business, one might implement a solution, then policy follows.  This is definitely one of those times where you should be thinking about policy – and consulting your legal resources – before you implement the solution or modify your current one.  After all, a lot of IT professionals don’t read cases nor know of their implications.

I can’t count how many times I’ve been asked, “How long do we have to keep this stuff?”  Is it possible 37 days is enough?  Gippetti v. UPS, Inc., 2008 WL 3264483 (N.D. Cal. Aug. 6, 2008)

Think about it; what does “keep” mean, exactly?  What does “stuff” mean, exactly?  Can a single data retention policy apply to “everything” or only certain types of ESI; and should you apply a different retention standard to various forms of ESI, based on their use?

Let’s say you have a policy that you delete ESI after X months.  Do you retain or destroy the backup media?  Do employees thwart you by archiving data to their office PCs – or worse – store it on the internet, a personal PC or a thumb drive?

This should be part of your thinking as you craft policy.  It matters whether you can answer those questions.  If not, be prepared for an unpleasant surprise when your adversary comes looking for this information.