When to Hold ‘Em; When to Fold ‘Em

Two weeks ago, I took the Certified E-Discovery Specialist (CEDS) exam. For those of you thinking about adding this certification to your resume, I encourage you to do it! It’s a challenging exam, but not impossible with a little preparation.

Legal hold is a topic that the exam covers in depth. After a deep dive into all-things data preservation, I thought I would revisit this area for any of you who need to freshen your knowledge on the duty to preserve ESI.

Understanding your organization’s duty to preserve – when it begins, what it entails and when it ends – is a key strategy in e-discovery that can save your organization time and avoid risks in litigation or regulatory matters.

What is the duty to preserve?

As soon as an organization reasonably anticipates the threat of a dispute, that organization has an immediate obligation to preserve hard copy and electronic data relevant to the subject of the dispute. Relevant information should not be altered in any manner from its form at the time of the triggering event. The definition of “reasonably anticipates” and the timing of the “triggering event” are open to case-by-case interpretation and often a hotly debated subject in discovery disputes involving deleted data.

Specifically, courts look to what events should have triggered the hold. The receipt of a formal complaint obviously triggers preservation duties, but what if data should have been preserved prior to formal commencement of litigation? What notice did the company have of suit or threat of suit? Was there a written or oral threat of litigation? Were the circumstances obviously contentious and likely to lead to litigation? What is the company’s litigation history? When did the company consult in-house or outside counsel? Certainly, a cautious approach is advisable when initiating the preservation duty, and a hold should be issued as soon as an organization’s legal team receives reasonable notice of litigation. Once formal proceedings commence, hold parameters can be altered if initial preservation estimations were too broad. Reasonableness, not perfection, is the standard.

How should a hold be implemented?

Courts pay attention to the forum, substance, and timing surrounding the preservation efforts. A legal hold is crucial to showing defensible and good faith efforts to preserve relevant information. The most prepared organizations will have clear procedures in place ahead of time. This means implementing a detailed, formal written legal hold policy across all matters. The notice should outline the subject matter of the dispute, conveying with specificity what ESI needs to be retained and how to properly accomplish the hold. Also, the notice should explain the potential consequences to the individual and the organization for noncompliance with the hold.

A point person should be assigned in case any data custodian has questions, and there should be a method for the data custodian to acknowledge receipt and understanding of the hold instructions. Sometimes, follow-up interviews will be necessary to ensure that the hold is being fully effectuated. The plan should also take into account a process for preserving non-custodial data, such as information on a shared drive. For IT staff, the hold should instruct them to suspend any routine document destruction that might impact data subject to the hold. It is important that the legal team send periodic reminders about the nature and scope of the hold.

Just as important as issuing the hold, the preservation plan must allow for releasing ESI from a legal hold, and communicating such a release to data custodians. Oftentimes, legal holds across various matters overlap, so when releasing holds it is important to check if the data and custodians to be released still need to be held for other matters.

Ideally, there is a technology system that tracks all holds consistently and reliably. Some organizations choose to utilize a legal hold software, but many organizations have developed manual procedures that are just as effective. The most important factor is keeping adequate records of what actions were taken (and why they were taken), should the preservation efforts be called into question later in discovery.

What are the consequences for failure to preserve?

Failure to adequately issue hold notices and properly preserve may create trouble in the courtroom. Sanctions may be imposed upon parties for failing to take reasonable steps to preserve ESI. Sanctions may include: monetary awards, adverse inference instructions, limiting claims/defenses, and default judgement or dismissal. In determining sanctions, courts look to Federal Rule of Civil Procedure 37(e). This rule states that sanctions for loss of ESI are appropriate if the loss caused prejudice to the opposing data, cannot be replaced through additional discovery, and the party acted with intent to deprive.

Since Rule 37(e) was adopted, courts have been more hesitant to issue sanctions, only harshly penalizing a party for flagrant loss of relevant data. Nonetheless, parties still need vigilance with regards to holding data. Knowing what an organization needs to do and how to do it are two very different tasks. Parties need to have their legal hold processes and systems in check to avoid unknown or neglected preservation duties, ineffective legal holds, or faulty deletion strategies.

Growing Business Use of “Chat Apps” Poses Information Risk for Corporate Legal Departments

A 2017 survey of business professionals worldwide found that the average business professional uses 9.4 software apps for work purposes. Nearly half of the respondents said they use apps that are not sanctioned by their company’s IT department, ranging from cloud storage and project-tracking apps to the increasingly ubiquitous chat apps that facilitate instant communication.

Chat apps are useful tools that enable workers to communicate in real time, which increases workplace efficiency. This is especially valuable in companies with a global presence as colleagues spread across multiple time zones can connect with much greater ease and at much less expense.

However, as the use of chat apps by employees for business purposes has proliferated, we have begun to see the dangers that come along with these benefits. Within the last few years, a series of high-profile litigation disputes and government investigations has been fueled by the disclosure of key information via chat apps. In 2015, the EU was rocked by a sweeping investigation into the alleged manipulation of interest rates by banks, with key evidence uncovered from instant messaging conversations harvested off enterprise chat platforms. In November 2017, litigation between Uber and Waymo was suddenly upended when evidence emerged that top executives at Uber used an encrypted chat app to hold secret conversations, set for automatic deletion after as little as a few seconds.

In fact, the mere use of these chat apps that are known to auto-delete has raised concerns, with the unintentional implication that the company knew the information being exchanged was in question. So, whether or not the company employees have ever discussed the functionality of chat apps could create a cloud of suspicion in the event of a litigation dispute or government investigation.

Whether it’s Wickr® (the app used in the Waymo-Uber dispute), Slack®, Google Hangout™, Signal, WhatsApp®, Skype®—or any one of the dozens of new apps available— the growing business use of desktop-based chat apps poses a serious legal and information risk to corporations, as evidenced by the rising number of digital forensics investigations and e-discovery projects we’re now seeing involving data from chat apps.

Moreover, although our thoughts in this article are focused on desktop versions of chat apps, the problem is exacerbated by the use of mobile versions of those apps that are installed on employees’ phones. There is simply no way for companies to monitor employee use of chat apps on their personal devices.

If you know or have reason to believe your employees are using chat apps, here are five information risks associated with their use for business purposes, which corporate legal departments and their business colleagues ought to be monitoring:

1. Preservation

In the example of Waymo v. Uber, Judge Alsup admonished attorneys that counsel in future cases can be “found in malpractice” if they do not turn over evidence from such specialized tools, potentially setting legal precedence for the future expectation of preservation from these new communication platforms. Furthermore, Rule 37 (e) (2) (B) of the Federal Rules of Civil Procedure states that “If electronically stored information that should have been preserved in the anticipation or conduct of litigation is lost because a party failed to take reasonable steps to preserve it, a judge can instruct the jury that it may or must presume the information was unfavorable to the party.” Many chat apps offer a wide array of options for ephemeral message history, with some giving the user an option to set up auto-deletion of messages in as little as five seconds. If these settings are not enabled for compliance with data retention standards and a litigation hold has been issued on communications related to a relevant matter, your organization will be unable to produce this data and be facing a serious problem in e-discovery.

2. Access

In some companies, the data security protocols that govern chat apps are so lax that we have been startled to discover the trove of company information exposed through these apps. In other cases, the protocols are so stringent that it’s difficult to actually extract any data from the apps. It’s important to be able to access relevant data without making the organization vulnerable to easy data theft.

3. Encryption

The encryption built into certain chat apps can be very complex to decipher, requiring intensive and potentially costly digital forensics investigation to access the content. This can also create a legal problem for the company if the apps are unable to be decrypted at all, leaving a litigant out of compliance with their discovery obligations to produce potentially relevant data.

4. Vulnerability

Some chat apps have been criticized for possibly creating a back door security hole to bad actors, opening up vulnerabilities in the company’s IT systems. Hackers may see the use of chat apps for business purposes as a vehicle for trying to access the company’s networks or other devices so they can steal valuable corporate data. Or worse, they may seek to use the apps as a command & control (C&C) center to host malware on the victim’s system. In this case, according to research conducted by Trend Micro, hackers simply sign up to these apps like a normal user and start commanding the malware to perform all sorts of vicious attacks once it has infected the system. Essentially, they’re able to turn the entire app into a C&C system without being detected by any anti-malware or security.

5. BYOD

The emergence of Bring Your Own Device (BYOD) policies has ushered in a wave of IT challenges for corporations, including the risks created by employee use of chat apps on personal devices or personal email accounts. This is even more difficult for corporate legal departments to monitor as the risk lies outside of the company’s official IT infrastructure.

The good news for companies who wish to rein in these risks is that there are new software tools available to companies that can help you proactively monitor for the use of unauthorized apps for business purposes. The best of these tools will locate potential information risks—such as unauthorized apps or data residing in unauthorized locations— so organizations can take inventory of software on connected computers and data repositories across the enterprise.

Those findings can then be shared across InfoSec, legal, compliance and audit teams to determine the appropriate next steps. This may involve confronting the employee on the use of the apps or the execution of targeted, automated deletion of any non-compliant apps in use, which allows you to get ahead of any issues before they arise and address them quickly. Of course, if a mobile phone needs to be collected and data from an employee’s mobile app use brought into an investigation, you will need access to specialized forensics software tools that can locate and analyze that type of data.

Meanwhile, if you choose to allow the use of chat apps for business purposes, make sure that your information governance policies are updated frequently in response to emerging technologies and carefully outline approved communication tools. Also make sure to instruct employees on the required settings they must use and privacy protections they must have in place.

Regardless of how you choose to proceed, it’s always a good idea to consult the experts in the field before you actually have to deal with a legal or investigatory problem related to the use of chat apps for business purposes.

#          #          #

Who – or What – is Top of Mind in the Legal Industry Right Now?

This week, High Performance Counsel published a special issue, #TopOfMind. The premise was simple – to ask a collective of top thought-leaders in the legal industry what is top of mind for them – right now. Within 12 hours we had over 6,000 views on LinkedIn alone and it seems to have caught many people’s attention.

In the noise, find the signal.

On a recent trip to Chicago, I was struck by the busy-ness of the conference I was attending (that’s a good thing of course). It’s always wonderful to see an industry energized around technology and innovation especially – to see and hear the boisterous energy and earnest pitches of individuals for companies young and old.

Pulling a Crazy Ivan.

Those who watched Hunt for Red October may get this reference of running silent. It’s a technique I’ve used for many years to observe a room and others’ participation. It has served me well. So it is that in Chicago, I pulled a Crazy Ivan – stepping back to simply listen.

Speaking personally – and it’s reflected in my own #TopOfMind submission – I was again struck by the inevitability of change and the speed with which it will indeed disrupt the legal industry. Our publication is on record in our view that 2018 will be a watershed year – a year we look back on and see where the gears shifted, the pace accelerated, and competition moved into higher gear.

The signal.

So it is that we asked a willing collective of insightful individuals to share their one thought each as to what is top of mind for them. We asked them to avoid marketing spin and group think. As we do with all our interviewees, we asked them to speak candidly and with authenticity – the uniqueness of their views being the pith and essence of the exercise.

You can read what each of these individuals had to say on our site here: https://www.highperformancecounsel.com – and we’ve made it easy to download a copy of the issue – in our library here: https://www.hpclibrary.com

I did, however, want to highlight a few thoughts and themes that jumped out as I read these truly remarkable submissions:

Diversity – the legal sector is blessed with vocal champions such as Laura Maechtlen, Sonya Olds Som, Erica Mason and Fernando Garcia who so clearly exemplify and articulate both the fundamental importance and commercial benefit of moving the industry to a better place in terms of diversity, inclusion and participation. At High Performance Counsel, we share their commitment and enthusiasm. We are simply better, stronger, together.

Community – the sterling leadership of individuals like Mary Mack, Kaylee Walstad and Connie Brenton of ACEDS and CLOC respectively is a huge step toward greater understanding of the opportunity ahead for law – and achieving law’s potential – for all participants, not solely lawyers. I think much of the secret of their success lies in the friendly, accessible, informational and interactive communities they have created – helping to encourage dialog and foster innovation. As the role of technology and legal operations grows, so too does the number of professionals who align with these areas as career paths. As we get glimpses of this agile, mobile, modern legal economy of professionals – consider Caleb King’s thoughts on this – so we see the critical role of communication, community, connection. They are helpfully creating a new world of professional activity and recognition outside the historical confines of the Bar.

Privacy, Cybersecurity & GDPR – unless you were hiding in a cave the last few days, you cannot have missed the deluge of breaking headlines concerning the issues of privacy and cybersecurity – and the way in which these issues are so clearly inter-woven. Equally, it would be hard not to have heard about GDPR, which is approaching rapidly. As the deadline looms, it seems to accelerate, and the implications are so very real. Occasionally we hear talk of limited opportunities in law because this or that area is being automated or is otherwise redundant. That’s clearly not the case in these areas, which are in a process of rapid acceleration. So it is with particular delight we have #TopOfMind contributions from Jared Coseglia, Judy Selby and Josh Hass on these critical topics.

Bitcoin, Blockchain and Big Disruption – some of the brightest minds and sharpest thinkers on these subjects are included in our posse. Mark Cohen reminds us to focus less on just disruptive tech but instead on the disruptive impact or outcome of its use – a good point, sometimes overlooked in the rush to be cool. Mark Yacano anticipates smarter clients being able to focus on premium, value-added work as they increasingly hand off or automate lesser-valued day to day tasks. And our dear friend, Ken Grady, speaks to the first of many corporates who will move their contract management to blockchain – and the downstream rush there will be for law firms to support this shift in model. Kris Swanson of CRAI has some timely words and we love the “wholistic” view he proposes when looking at Crypto matters in conjunction with other related areas – and avoiding a silo view. And as the world moves toward end-to-end fluid processing of contracts and agreements, so the technology enablers of this world, such as Akbar Jaffer at ZorroSign, come into their own.

#MeToo – Nancy May provides a sobering reminder of the importance of this subject within law and also within the broader governance framework. Gone are the days when corporations or law firms can turn a blind eye to this happening in their ranks. In today’s world, thankfully, we are starting to see the power of engagement, collaboration and empowerment around issues such as this. It is perilous to ignore this specifically or directionally.

Wayne Gretzky and a call to excellence in all we do – Tom Trujillo’s #BakersDozen was one of the most rewarding to publish in ’17 – a wonderful story of humility and greatness. In #TopOfMind, he references one of my favorite quotes and, indeed, one of the inspirations in the launch of High Performance Counsel. It is a call to excellence, a call to the future – a call to us all. I leave it here in closing:

“A good hockey player plays where the puck is. A great hockey player plays where the puck is going to be.”

Yours aye,

David Kinnear

GDPR: Top 6 Things E-Discovery Professionals Need to Know

I probably don’t need to tell you that data privacy and protection are some of the thorniest topics right now in legal, IT, and records management practices.

Specifically, effective May 25, 2018, the General Data Protection Regulation (GDPR) will harmonize data protection laws in the European Union, replacing most national EU data protection regimes with one set of consistent rules. The impacts of this change will be far and wide, and it’s time e-discovery professionals become well-versed in all things GDPR.

It’s an understatement to say that this regulation will have significant impact on how data is handled across the EU. It’s even more understated to say that US companies and law firms will also need to rethink their practices should they engage in cross-border data handling.

“The closest US data protection regulation we have to the EU’s GDPR is HIPAA, which provides data privacy and security provisions for safeguarding medical information,” said Kenneth N. Rashbaum, Partner at Barton LLP and head of Barton’s GDPR Compliance Group. “Just like when HIPAA was enacted, US companies are going to need to look at how they collect data differently. It’s not the organization’s data; it’s the data subject’s data. This will be a significant shift,” explained Rashbaum.

Below are some key parameters and terminology you need to know to be minimally knowledgeable about the language contained in the 99 articles of the new regulation. Study these concepts and be prepared to spot GDPR issues when they arise in your organization or with your clients.

  1. The GDPR applies to organizations in the US (and elsewhere). If an organization collects data concerning an EU resident, the organization is subject to the jurisdiction of EU regulators, even if the organization is based outside the EU.
  2. The definition of “personal data” is broad under the GDPR. Companies are required to take reasonable measures to protect personal data against loss or exposure. Personal data is defined broadly, including the following items that could directly or indirectly identify someone: name, identification number, location data, an online identifier, or the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
  3. Data subjects have enhanced rights over their data. Data subjects have the right to determine what is done with their data and must provide consent for handling their data. Further, data subjects may ask organizations to confirm the parameters for which their data is being used (“right to access”), transfer their personal data between service providers (“right to portability”), and direct an organization to erase their personal data under certain circumstances (“right to erasure”).
  4. Organizations need to understand the roles of “controller” and “processor”. The regulation defines two types of organizations. A controller is an entity that decides the purpose and manner that personal data will be used. A processor is the person or group that processes the data on behalf of the controller; processing is obtaining, recording, adapting or holding personal data. GDPR requirements vary depending on the role of the organization in handling data, but penalties can be imposed on both controllers and processors if they are not implementing appropriate controls.
  5. There are strict data breach requirements. These include completing privacy impact assessments if breach risks are high, as well as the requirement to report certain data breaches within 72 hours.
  6. Expect to see a rise in international companies hiring Data Protection Officers (DPO). Under the GDPR, certain organizations will need to appoint a data protection officer if their core activities involve personal data. The DPO shall act independently of the controller or processor, reporting directly to the highest management level.

The GDPR is not overly prescriptive about how organizations should achieve compliance with the new obligations. Further, it remains to be seen how the supervisory authority tasked with administering the GDPR will enforce the new restrictions and allocate the hefty fines prescribed by the new rule. Much will need to be worked out throughout the year and into 2019.

“What constitutes a reportable data breach; what is a valid data transfer from the EU to the US; how does the right to be forgotten impact preservation obligations in a litigation; how will the relationships between data controllers and processors evolve? These are just a few of the genuine issues that need clarification under the new regime,” noted Sean Foley, Esq., CIPP/E, Project Manager at Los Angeles based e-discovery provider, ProSearch Strategies.

But, whatever happens in the coming months, experts are not advising organizations take a “wait and see” approach. At a minimum this means organizations – including companies, law firms, and e-discovery providers – need to ensure the personal data of EU residents is secure, accessible, and can be identified upon request.

“I have been engaged with a number of clients on GDPR compliance. Organizations need to look closely at what data they are handling, where it is being stored, how it is being protected, with whom it is being shared, and how long it is kept,” said Rashbaum.

Home addresses, photos, email addresses, bank details, social networking posts, medical information, or IP addresses are personal data – just to name a few examples. Starting this summer, all e-discovery professionals should think twice when they see individualized data in a discovery set, especially if that data originated in Europe. Above all, keep close watch over the working group clarifications and legal challenges to the regulation which are a certainty.

“This is an exciting time to be working at the intersection of e-discovery and data privacy,” remarked Foley.

 

 

Judge Peck’s Move to DLA Piper

The best-kept secret in e-discovery was revealed this week when DLA Piper announced that the Honorable Andrew Peck joined the firm.

Judge Peck has served as a federal magistrate judge for the United States District Court for the Southern District of New York since he took the bench in 1995, including a term as chief magistrate judge from 2004 to 2005. He currently serves as co-chair of the SDNY-EDNY Local Rules Committee. Prior to taking the bench, Judge Peck was a litigator at Paul, Weiss, Rifkind, Wharton & Garrison LLP, focusing on intellectual property matters.

Most e-discovery practitioners associate Judge Peck with groundbreaking TAR (Technology Assisted Review) or predictive coding opinions. Yet, it was one of his first cases that ushered in the e-discovery era. Ian Lopez of ALM reports that one of Judge Peck’s first cases ushered in the e-discovery era. “That opinion was in 1995’s Anti-Monopoly v. Hasbro, in which Peck wrote ‘it is black letter law that computerized data is discoverable if relevant.’ This opinion, said Kenneth Withers, deputy executive director at The Sedona Conference, marks Peck as ‘the first judge to actually identify e-discovery as a unique phenomenon.’”

Judge Peck received his J.D. from Duke University School of Law, where he was an editor of the Duke Law Journal, and his B.A. from Cornell University. Duke University School of Law is now the home of the Electronic Discovery Reference Model (EDRM) and the host of the conference that sparked the 2015 changes to the Federal Rules of Civil Procedure (FRCP).

ACEDS and I personally wish the Honorable Andrew Peck every success in his new venture.

Coverage of Judge Peck’s retirement celebration and move to DLA Piper:

https://www.law.com/legaltechnews/2018/02/28/retired-federal-judges-titans-of-e-discovery-debate-the-review-revolution/

https://www.law.com/newyorklawjournal/2018/03/05/judge-andrew-j-peck-1-of-e-discoverys-most-influential-figures-retires-from-the-bench/

Recent E-Discovery Case Law: Proportionality in Requesting Financial and Tax Documents

It’s been over two years since the Federal Rules of Civil Procedure (FRCP) were amended to refine e-discovery practices in litigation. Of the changes, none has spurred more transformation than Rule 26(b)(1) and its emphasis on proportionality and relevance – relevance being the old safeguard standard in determining scope of discovery, now joined by its shiny new companion, proportionality.

For those of you unfamiliar with the 2015 language, Rule 26(b)(1) provides a list of factors to determine whether a discovery request is overly broad or unduly burdensome. The factors framing if a request is proportional (in addition to merely being relevant), include:

  • the importance of the issues at stake in the action,
  • the amount in controversy,
  • the parties’ relative access to relevant information,
  • the parties’ resources,
  • the importance of the discovery in resolving the issues, and
  • whether the burden or expense of the proposed discovery outweighs its likely benefit.

Proportionality is about balance, ensuring that parties receive the information they need to plead their claims and argue their defenses, while curtailing activities that are inconsequential, expensive, and a waste of time. Though the concept of proportionality seems simple enough, applying it can be difficult.

Judges and counsel alike have wrestled to apply the new rule, leaving case law rife with complex, fact-based interpretations, as revealed in a handful of recent opinions. On March 1, 2018, courts on completely opposite sides of the country examined document requests for tax return and financial information in unrelated cases. Savvy legal teams will learn from these cases before requesting financial data, or any discoverable information, in their next e-discovery matters.

  • Don’t ask for the moon when seeking tax returns and financial documents. The defendant moved to compel the plaintiffs to produce various financial documents, including tax returns, claiming the requested documents will corroborate, contradict, or discredit the plaintiffs’ allegations regarding property ownership. Plaintiffs claimed that the discovery requests were overly broad, not relevant, and demanded the production of highly sensitive, confidential financial information. The court found that the documents requested were relevant, but overly broad in scope. The plaintiffs put their financial conditions at issue, pleading allegations about property ownership and monetary dealings between the parties, making the records relevant. However, the defendant did not tailor his discovery requests to the information related to the property or the transactions surrounding the property for the relevant time period, making the request not proportional to the needs of the case. Kathryn T. Craig v. Kropp, Case No: 2:17-cv-180-FtM-99CM (M.D. Fla. Mar. 1, 2018).
  • Ineffective record-keeping systems are not an excuse for avoiding discovery (and requests for tax returns must be narrowly tailored). Despite having met and conferred, the parties could not reach an agreement about the plaintiffs’ discovery requests. The court, begrudgingly brought into the discovery dispute, stated, “The Court strongly disfavors discovery motions and prefers that the parties resolve discovery issues on their own.” Then, the court weighed the merits of each party’s discovery claims, referencing the proportionality standard in FRCP 26(b)(1). The court granted the plaintiffs’ request for payroll information, despite the defendants’ claim that it would require a tremendous amount of time to respond because of limitations in the recordkeeping system. Further, the court granted the plaintiffs’ request for tax return information, narrowing it to only two years of the most recent tax data. Fish v. Harbor Marine Maint. & Supply, CASE NO. C17-0245-JCC (W.D. Wash. Mar. 1, 2018).

These two matters are not the only times in the first few months of 2018 where the courts have discussed proportionality. The volume of opinions discussing the Rule 26(b)(1) factors grows month over month, across every jurisdiction. Litigating parties should find no shortage of case law in their circuit to help them argue proportionality. Consider these two recent opinions, one of which again references financial document requests.

  • Limit requests for financial documents by year, or be prepared to have the court limit them for you. The plaintiff requested tax and financial information dating back to 2014, but the alleged fraudulent sale and transfer of assets did not occur until 2016. The court noted this, stating, “Although the Court finds that tax returns and other financial information are relevant to Plaintiff’s request for punitive damages, it finds that the time period within which Plaintiff makes its request is overbroad.” Ultimately, the court granted the request for financial records dating back to 2016. Bartech Sys. Int’l v. Mobile Simple Solutions, Case No. 2:15-cv-02422-MMD-NJK (D. Nev. Feb. 12, 2018).
  • In addition to limiting document requests by time, parties must think about geographical limits. The plaintiff sought discovery pertaining to the Defendant’s insurance sales practices. The requests were limited to the four years preceding the lawsuit but sought documents from locations all over the country. The court found that nationwide discovery was disproportional to the needs of the case and limited the request to geographic regions in the appellate circuit. Additionally, due to discovery misconduct, including unilaterally cancelling a deposition and failing to confer in good faith, the court invited the plaintiff to file a motion for sanctions under FRCP 37. Nicholes v. Combined Ins. Co. of Am., 5:16-CV-10203 (S.D.W. Va. Feb. 28, 2018).

No matter the type of documents sought, legal teams need to be prepared to explain why their requests are not only relevant but also proportional. Above all, avoid any bad faith conduct or failure to preserve that could lead to sanctions under FRCP 37. This area of the law also changed significantly two years ago, and like scope of discovery, courts have had plenty of opportunities to weigh in on sanctions for failure to preserve, intent to deprive, and e-discovery gamesmanship.

Look for a future blog post discussing recent case law developments on the topic of discovery sanctions.