Avoid eDiscovery production disasters. In this presentation, you'll learn recent case law related to waiver and sanctions arising from production failures, techniques for avoiding inadvertent disclosure of privileged files, and best practices for securely producing discovery files to opposing parties.
1. How to Avoid eDiscovery Production Disasters
October 4, 2017
2. Agenda
Data Breaches Meets eDiscovery
Do Hackers Follow Protective Orders?
Data Breaches And Hacks Throughout the Ages
The Real Problem is Not With The Technology, But With Ourselves
2
3. Presenters
Michael Simon | Attorney and Consultant | Seventh Samurai
3
Scott Borrowman | Senior Attorney | Redgrave
4. >>> Data Breaches And Hacks Throughout the Ages
(defining “ages” as “just this year”)
5.
6. September: disclosed breach of 143 million records = 75% of US adult population
Credit card numbers for 209,000 U.S. consumers
PII (SSN#) for about 182,000 U.S. consumers
Waited 6 weeks
Insult to injury: right to sue waiver to check impact, get monitoring
CSO, CIO and then CEO all “retired”
Image courtesy of ArsTechnica
7. September: Public admission that 5mm emails stolen
Legal investigation began in April
Email system admin account hacked last fall
Confidential client data stolen – 6 clients informed so far
8. June: Petya ransomware attack
From Ukraine local office tax software
Without email AND phones for 3 days
Tweeted all over the world
9. Not the first BigLaw victim
WSJ last year: Cravath and Weil Gotshal (plus more?)
Intruders seeking insider info for publicly traded companies
DoJ charges 3 Chinese men for $4 mm from trading insider
info from BigLaw
AmLaw200 Chicago law firm sued for lax security policies
“Panama Papers” also involved law firm
Key = tons of client info
12. ’This case of cyber meets securities fraud should serve as
a wake-up call for law firms around the world,’ (then) U.S.
Attorney Preet Bharara said . . ..
‘You are and will be targets of cyberhacking because you
have information valuable to would-be criminals.’”
13. “The reality is this has already been happening – we just haven't necessarily identified the
hacks.”
- Lael D. Andara, patent litigation partner at Ropers Majeski and Chair of eDiscovery
Electronics Services Protocol
14. Quiz: What Part of the EDRM = most dangerous for data security?
A. Preservation
B. Collection
C. Processing
D. Review
E. None of the Above
15. Answer: The Part of the EDRM = most dangerous for data security
A. Preservation
B. Collection
C. Processing
D. Review
E. None of the Above
16. Long-running, multi-billion dollar patent dispute
Associate at one of Samsung's outside firms failed to properly redact a sensitive and
confidential Apple contract with Nokia
17. Per the court order on the sanctions hearing:
“The information was then sent, over several different occasions, to over fifty Samsung
employees, including high-ranking licensing executives”
“on at least four occasions . . . Samsung's outside counsel emailed a copy of some version of
the report to Samsung employees . . . ”
Also posted to a Samsung company intranet
18. During a meeting between Samsung and Nokia execs, a Samsung exec bragged –
again per the court order:
“that the terms of the Apple-Nokia license were known to him“
“to prove to Nokia that he knew the confidential terms of the Apple-Nokia license, [he] recited
the terms of the license, and even went so far as to tell Nokia that ‘all information leaks.’”
Result = $2 million in sanctions
19. Harleysville Ins. Co. v. Holding Funeral
Home, Inc., Case No. 1:15cv00057
(W.D. Va. Feb. 9, 2017)
27. Insurer claims privilege, seeks return of file
Attorney-client privilege = state law ≠ sufficient precautions to protect privilege
Work product doctrine = FRE 502(b) ≠ “inadvertent” so not applicable
Strongly implies that even the FRE 502(d) “Get of Jail Free Card” wouldn’t work!
28. Battle between 2 brothers
Former adviser brother for bank sued current advisor brother over deal gone bad
Third-party subpoena to bank
Attorney for bank reviewed and redacted documents . . . SOME documents . . .
29. Turned over “copious spreadsheets with customers’ names and SSN#
Plus details like the size of their investment portfolios and fees
For 50k of the bank's wealthiest clients
Without a confidentiality agreement or protective order
What's worse, the receiving party then took that information and showed it to the
New York Times – which then wrote about seeing it
misunderstood the discovery software, reviewing only the 1,000 documents the
discovery technology showed, rather than the entire body of electronically-stored
information. Documents were overlooked; files flagged for redaction were never
redacted.
30. Receiving party showed it all to the New York Times
Which of course then had to write all about it . . .
31. Attorney had to file affidavit with NY and NJ courts
Claimed she misunderstood the discovery software
Reviewed only the 1,000 documents the discovery
technology showed
Files flagged for redaction, but weren’t redacted
32. Soon got docs back . . .
This was unfortunate timing
36. “Structuring a protective order that includes encryption and other safeguards to maintain
proprietary business data will be the norm in the next few years, . . .”
“Encryption should be directly addressed in the protective order along with the logging of
who had access to the data.”
- Lael D. Andara
37. Under FRCP 26(c), “a party or any person from whom
discovery is sought may move for a protective order in
the court where the action is pending.”
U.S. courts have discretion, upon a showing of “good
cause”, to condition production “to protect a party or
person from production annoyance, embarrassment,
oppression, or undue burden or expense.”
Good cause may be established when the party
seeking protection demonstrates that the information
implicates privacy interests worthy of protection and
that disclosing such information would create a clearly
defined and serious harm.
38.
39. No FRCP support to protect EVERYTHING
Many judges don’t get eDiscovery
Most judges don’t get Cybersecurity
40.
41. >>> The Real Problem is Not With The Technology,
But With Ourselves
42. We try to protect it in the “real world” – like paper
When we should be protecting where it lives
We still treat data like paper
43.
44. Request native files when best for the case
Maintain integrity through the process
Don’t revert 10 years back:
“. . . an attorney at Pillsbury Winthrop Shaw Pittman, told Legaltech News that for the most
sensitive data, ‘we are advising clients to consider hosting it themselves’”
45. Don’t be a jerk just to be a jerk
To prevent it from being “too easy” for the other side
46.
47. Run up costs for your client
Make eDiscovery battles the focus of the case
Forget that judges hate discovery . . .
. . . and eDiscovery even more
Ruin your credibility with the judge
48. How to Avoid eDiscovery Production Disasters
Thank you for attending!
Scott Borrowman
Redgrave LLP
415.471.2040
sborrowman@redgravellp.com
Michael Simon
Seventh Samurai, LLC
508-429-0923
Michael.Simon@SeventhSamurai.com
October 4, 2017
Hinweis der Redaktion
This has several click-throughs – start with “Cybersecurity is so important” people really seem to want to put it right on your computer keyboard now
(fade) – but they also seem to want to put OTHER things on there too . . .
INSERT INTERACTIVE QUIZ HERE
TIM’s slide
TIM’s slide
TIM’s slide
TIM’s slide
TIM’s slide
TIM’s slide
TIM’s slide
ROBERT to jump in the on the FRE 502 issue
NOTE: Betteridge’s law of headlines!
Key = most of the time is not bad guys/hackers/etc. -> unforced errors by attorneys