Police Body Camera on Tactical Vest for Officers

Court’s Police Body Camera Opinion Highlights E-Discovery Issues

The California Supreme Court recently issued an opinion that analyzes the public disclosure of police body camera footage and demonstrates the overlap between e-Discovery processes and other records production schemes.

The opinion, National Lawyers Guild v. City of Hayward [https://www.courts.ca.gov/opinions/documents/S252445.PDF], interprets a California law regulating government transparency, but the Court’s technological discussion may also interest ACEDS professionals and like-minded e-Discovery practitioners.

The Court analyzes a California Public Records Act (PRA) provision that permits governments to charge a fee for “data compilation, extraction, or programming” when producing electronic records in response to a records request.

In National Lawyers Guild, the City of Hayward redacted police body camera footage taken during a protest over grand jury decisions to not indict the police officers involved in the deaths of Eric Garner and Michael Brown, both unarmed African American men. The City claimed that redaction qualified as data “extraction” because the police needed to take out sensitive medical and police tactic information. The National Lawyers Guild, which requested the footage, disagreed, and argued that “extraction” only applied when the government agency was creating new content from existing records. The Court sides with the Guild.

The Court held that data “extraction,” as used in the PRA at California Government Code section 6253.9, does not apply to records redaction, but, instead, relates to record identification. Applying the Court’s holding to the Electronic Discovery Reference Model (EDRM), data “extraction” takes place during records Collection, instead of records Review.

The PRA and the e-Discovery processes are parallel practices. According to the Court in National Lawyers Guild, “[b]efore providing access to requested records [under the PRA], public agencies need to locate and collect records, determine which records are responsive, determine whether any portions of responsive records are exempt from disclosure, convert the records into a reviewable format, and, if requested, create a copy of the record.” Translating this into EDRM terminology, public agencies must perform Identification, Collection, Processing, Review, Analysis, and Production, and most of this process must be performed as a cost of doing business.

The Court states that their opinion was promoted by the unique issues associated with producing electronic records. California Government Code section 6253.9 recognizes that the production of electronic records should be easier than paper records, but acknowledges the “difficulties associated with retrieving responsive data from massive, potentially intractable databases,” according to the Court. E-Discovery professionals face similar hurdles.

Practitioners in both areas of the law are tasked with complex productions, prompting technological solutions. Justice Cuellar devotes his concurrence to these automated antidotes.

He writes, “Imagine a not-so-distant future when government entities deploy more thoroughly automated, artificially intelligent systems for responding to [public records] records.” He predicts that, “[s]uch technology could readily help agencies be more accurate, efficient, and thorough.”

Some local agencies are turning to technology to assist with records collection and production. Companies like GovQA and JustFOIA help with this type of processing. But what Justice Cuellar may be hinting at is records review on a whole other level, such as Technology Assisted Review or TAR.

Justice Cuellar optimistically suggests that these types of advanced tools may qualify for the fee provision in California Government Code section 6253.9, permitting governments to recoup some of the costs, although this issue was not before the Court in National Lawyers Guild. If so, local agencies could be incentivized to invest in some of the same platforms that E-Discovery professionals are using, such as TAR. This would be a welcome development.

Government agencies increasingly use technology to provide services and expand communications to their constituents, creating electronic records that are publicly disclosable, such as body cameras, databases, and social media, to name a few. At the same time, records requests have become ubiquitous and incredibly complex. As shown in National Lawyers Guild, e-discovery practices could help government agencies to response more efficiently to PRA requests.

Businesswoman using smart phone,Social media concept

Ethics Rules for Using Social Media in Legal Matters

Social media is increasingly important in eDiscovery, employment investigations and jury research. Using social media in legal and HR matters raises significant ethical issues. Lawyers and other legal professionals should keep these five ethics rules in mind.

1. Familiarity with relevant social media is part of legal competence.

Competence is ethics rule number one – literally. ABA Model Rules of Professional Conduct Rule 1.1 reads:

A lawyer shall provide competent representation to a client. Competent representation requires the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation.

All lawyers should be familiar with potential sources of relevant information in their area of practice. The areas of the law where social media evidence is most likely to be relevant are (in no particular order):

  • Employment
  • Personal injury
  • Intellectual property
  • Product liability
  • Defamation
  • Family law

In addition, technology competence for litigators requires a basic familiarity of the main types of electronically stored information. That includes social media content like messaging, posts and pictures.

2. Whatever the medium, the statement must be truthful.

Honesty is another fundamental rule. Rule 7.1 prohibits false and misleading statements about the lawyer or the lawyer’s professional services. We must be accurate, truthful and aboveboard when mining social media for information just as at all other times.

Lawyers should not make anonymous or pseudonymous social media posts when acting in a professional capacity. Partial truths also break the rule. For example, it’s misleading to leave a comment or send a connection request without disclosing the lawyer’s interest in the matter.

3. Don’t “friend” the opposing party on Facebook, and other rules about represented persons.

Rule 4.2 prohibits direct communication about a legal matter with interested persons who have their own lawyers. That includes witnesses and other third parties who are represented by counsel in addition to the opposing party.

Connection requests, private messages, follows, comments, likes and shares all qualify as communications under this rule. As a practical matter, most ethics opinions based on the represented parties rule stem from improper connection requests. The proper means of obtaining non-public social media content is through discovery, not by “friending” the opposing party. Using a company account or fake profile to send a connection request additionally runs afoul of Rule 7.1.

4. Know your state’s rules on jury research.

Lawyers also have ethical obligations towards people who aren’t represented by counsel, like potential and serving jurors.

Rule 4.3 reads, “In dealing on behalf of a client with a person who is not represented by counsel, a lawyer shall not state or imply that the lawyer is disinterested.” Unsurprisingly, judges and ethics boards alike frown on lawyers and parties interacting with jurors on social media. Friending to gain access to non-public content is definitely not allowed.

Some states are more restrictive than others on pre-trial research into potential jurors’ public social media content. My home state of Indiana permits juror research as long as the content is publicly available. By contrast, New York prohibits activity that will or might alert potential jurors that someone is looking at their information. Knowing how the different social media platforms operate is essential to comply with specific prohibitions; for example, that viewing a profile on LinkedIn can generate an auto-alert to the account owner.

5. Ethics starts at the top – but doesn’t end there.

Finally, lawyers must appropriately supervise staff and consultants. Rule 5.3 provides detailed guidance for supervision of non-lawyers employed or retained by a lawyer or law firm. The gist is that the entire legal team needs to follow the ethics rules for social media activity and communications.

On a general note, while state rules tend to follow the Model Rules cited in this post pretty closely, there are some variations in language and interpretation. Be sure and consult your own state’s rules of professional conduct and ethics opinions for further guidance.

Social media is characterized by communication and personal information. The attributes that make it a trove of useful information also create ethical pitfalls. Legal professionals should always approach social media with an ethics mindset.

An ounce of prevention is worth a pound in cure

Here’s How You Want to Be Governing Enterprise Information: An Ounce of Prevention Is Worth a Pound in Cure

In the eDiscovery world, we talk a lot about understanding the rules as it pertains to putting a Legal Hold on data, collecting that data, and proportionality. One of the reasons costs have been continuously increasing is because data volumes are increasing. Words like petabyte, yottabyte, and zettabyte are no longer sci-fi words, but very real ways in which we define data. Consequently, controlling, maintaining, securing, searching and governing data is so critical that I would opine the ability to have more control over governing enterprise information is paramount to getting through a matter involving eDiscovery.

As a direct result of how fast technology is evolving, we create more places for our data (and therefore our personally identifiable information (PII) such as our names, e-mail addresses, phone numbers, and potentially credit cards) to reside. We love to use apps that allows us to work and collaborate across all of our devices. For instance, we can draft a Motion for Summar Judgment in O365, Google Drive, or Dropbox. We can then store our attorney work product, case law, and memoranda in Evernote or Quip. Then we can project plan the motion and the matter in Todoist, Wunderlist, Asana, Trello, or Airtable. Finally, we can talk about the motion, opposing counsel, the client and the nudge in Teams, Slack, Hangouts, WhatsApp or SMS. Our data is literally everywhere.

What we type in these apps on our laptops, tablet, and phones becomes “an information governance firestorm”. Why? Because suddenly, our documents, the thinking about that document, our planning about a document, and chatting about our document is all subject to potential investigations and litigation. What’s worse, many IT professionals don’t often know what apps employees are putting on their devices in which they are storing corporate data.

Yet, with all the dreary warnings of corporate data getting leaked out into the universe, corporation are not doing what should be done to protect their castle. However, here are two ways in which law firms and corporations can govern its information better, which will ultimately reduce costs in a very real and impactful way.

1. Create policies and tools to enforce compliance

As Benjamin Franklin said, “an ounce of prevention is worth a pound of cure”. Having the right policies in place to govern your corporation’s most precious resource will reduce costs and the risk of being breached. Put simply, policies need to be created, maintained, updated, and of course enforced to ensure compliance.

While there is a great deal of heavy lifting and work that must go into creating, maintaining, and enforcing these policies, the work allows the organization to make the appropriate responses when something does go wrong (notice I said when and not if). Nearly every security incident has been a direct result of human error. Either an employee clicks on a link or opens an attachment in a phishing e-mail that leads to a hacker being able to breach the corporate firewall and demand a ransom in Bitcoin to get the data back (I worked with clients where this has happened); or an employee walks away from her desk and her computer isn’t locked and has her  passwords on sticky notes (it has happened); or an employee keeps a secure badged door open with a door jam (I’ve seen it myself).

I recommend that at a minimum, the following polices be created:

  • BYOD policies
  • Change control
  • Change management
  • Clean desk
  • Data retention and destruction
  • Employee exit policies
  • Incident Response Plan
  • Password creation and change
  • Privacy policies
  • Social media

Typically, at either a corporation or a law firms, the creation of the same would come from a Chief Information Officer, Chief Data Officer, or a Chief Information Security Officer. The task will likely be done in conjunction with the General Counsel or another senior lawyer. At a smaller company or law firm, the role be be delegated to an IT Director and senior lawyers. The policies have to be socialized to everyone within the organization and then enforced.

Once the policies are setup, it is equally important to ensure that they are reviewed to ensure compliance with changes to State and/or Federal regulations. Additionally, deploying internal training to continuously remind employees of the above policies and executing random phishing tests, tabletop exercises, as well as penetration testing are all critical activities that should be in place within every organization. Leveraging outside IT service providers are generally a good idea for organizations that may not be able to create, implement, and execute on their own.

A corporate breach can be disastrous both monetarily because of lawsuits and later with remediation efforts, and loss of corporate reputation. In fact, companies have been shut down as a result of a cyber breach. Creating and enforcing the policies noted above will allow for reduced costs and headaches in the future. Cyber breaches hit every since vertical and every single sized organization.

2. Map your corporate data!

Chances are very good if you wanted to take a road trip from Portland, Maine to Portland, Oregon, you would not do it without using your GPS. Why? Because you want to know where you’re going, how you’re going to get there, and what signs to look for on your journey. The same should apply as well to your corporate data. I can’t emphasize this point enough. You cannot govern what you don’t know exists. The definition of a data map is the “process of creating a comprehensive and accurate inventory of a company’s information assets”. In order to defend the castle, you need to know:

  • Who has the data; i.e., every employee (custodian of data) across every business unit;
  • What type of files are they creating; i.e., Office files, e-mail, PDFs, AutoCAD, chat messages, text messages, etc.;
  • Where are the files being stored; i.e., their hard drives, corporate servers, thumb drives, external drives, home computers; company sanctioned cloud storage such as O365, non-sanctioned cloud storage such as Dropbox, Google Drive, Evernote; messaging apps such as Slack, Skype, Teams, Jive; text messaging apps such as iMessage, SMS, or WhatsApp; what types of devices the data is stored on such as phones, tablets, laptops, or desktops (as well as whether the devices are company issued or not); and even whether it is on a Mac or a PC;
  • Why is data being stored on devices not permitted per company policy (see above!); and
  • How is data being transferred from the company’s four walls to a non-sanctioned device.

It happens to big box retail stores, real estate companies, financial firms, health insurance companies, mega-entertainment companies, online dating services, and … yes … even law firms! As Jim Lewis Center for Strategic and International Studies, Senior Fellow once said that “The dark secret is there is no such thing as a secure unclassified network … if there’s something of interest, you should assume you’ve been penetrated.” I have always recommended to clients that whatever they budget for cyber security, add another 1% just to stay ahead of the curve. Not only will your data be protected, but it will most likely protect your organization from a negligence claim.

The more organizations work upstream to know about the locations in which corporate data is stored, how it is stored, where it is stored, and of course who is storing it, the less cost and risk organization will see downstream. If the corporation doesn’t know that Evernote was downloaded to serve as a centralized repository for an employee’s corporate data, then the company is deprived of the opportunity to either approve or deny Evernote’s privacy policy and its stance on how and where they are storing the data or who controls that employee’s data under Evernote’s privacy policies. The same goes for Dropbox, and every other app in which you can store corporate data. If your organization does not have the personnel to deploy this data map correctly, I highly encourage you to work with an IT service provider that specializes in security.

Wrapping Up

It goes without saying that governing corporate data is beyond critical. Creating guidelines and parameters around an organization’s most prized possession – data – is paramount. Having an enterprise mindset to manage data appropriately unlocks the potential to have real control over the data. Creating, maintaining, and ensuring compliance with organizational policies as it pertains to data; creating and updating organization data maps give companies a real fighting chance at stopping cyber-attacks. Should litigation ensue, the hard work done upstream will allow for a reduction in costs in finding the right custodians to send out a Legal Hold, where those custodians are storing their data when it comes time to collect and preserve that data, and of course the overall costs in processing and hosting data for litigation.

Statue of justice

Foundational Ethical eDiscovery for New York Lawyers

The pervasiveness of technology in our everyday lives is unmistakable.  The next time you walk down a city street, go out for coffee or spend time at a family gathering, take a moment, and reflect upon the number of people on their mobile devices – it is astonishing!  At this moment, you may be asking yourself, how is this relevant to ethical eDiscovery – so let me explain.

In litigation there may be electronically stored information (“ESI”) that needs to be preserved, collected, processed and reviewed (collectively “eDiscovery”).  ESI can take the form of emails, servers, hard drives, mobile devices, such as cell phones, among others.

So, if a lawyer finds themselves retained for a matter that involves eDiscovery, how do they meet their ethical obligations under the New York Rules of Professional Conduct (hereinafter “Rules”).1  Well let us start with the Rules.

Ethics

In evaluating the Rules, it is important to note a few things first.  Only the black letter Rules are binding upon lawyers – the Comments accompanying the Rules are not binding upon lawyers and serve as a guide to interpreting the Rules – the Preamble and Scope of the Rules are also non-binding upon lawyers and serve as a guide to interpreting the Rules.2

The most salient black letter Rule as it relates to ethical eDiscovery is Rule 1.1, “Competence.”  In relevant part it states, “(a) [a] lawyer should provide competent representation to a client. Competent representation requires the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation. (b) A lawyer shall not handle a legal matter that the lawyer knows or should know that the lawyer is not competent to handle, without associating with a lawyer who competent to handle it.3” Comment [8], which accompanies this Rule states, “[t]o maintain the requisite knowledge and skill, a lawyer should … (ii) keep abreast of the benefits and risks associated with the technology the lawyer uses to provide services to clients or to store or transit confidential information.” (emphasis added).

In 2014, the New York State Bar Association issued an ethical opinion that discussed the interplay between technology and the Rules – specifically, ESI in the cloud under Rule 1.6 Confidentiality of Information and Rule 1.1 Competence.4  And in 2013, another ethical opinion discussed Rule 1.1 Competency as it relates to social media and preservation of evidence.5 Both opinions providing support for the importance of competency as it relates to eDiscovery.

Accordingly, lawyers should to familiarize themselves with technology and maintain a level of technological competence to adequately advise clients on eDiscovery.  Moreover and as a helpful tip, knowing the right questions to ask of your client, vendors and opposing counsel, may be the best way to maintain competence.6

Where a lawyer lacks the requisite competency to handle eDiscovery there are three options to ethically handle the matter – (1) adequately informing themselves about eDiscovery to meet the standards of an competent lawyer7; (2) associate with a lawyer who possess the requisite eDiscovery competence8 or (3) associate with a nonlawyer9 who possesses the requisite eDiscovery competence.10 Alternatively, the lawyer should decline the representation.

Where a lawyer does associate with a nonlawyer to meet the standards of a competent lawyer, the lawyer must adequately supervise the nonlawyer to ensure the actions of nonlawyers comport with the Rules.11 Failure to adequately supervise can lead to disciplinary action.12

State and Federal Rules

In addition to the Rules, lawyers should be cognizant of the New York State and Federal Rules, which establish competency in the eDiscovery context.

The Uniform Civil Rules for the New York Supreme Court and the Commercial Division of the New York Supreme Court, with respect to the preliminary conference, require lawyers to be sufficiently versed in matters relating to their clients’ technological systems to discuss competently all issues relating to electronic discovery.13 Consequently, lack of discovery competency can result in sanctions.14

The Federal Rules of Civil Procedure, Rule 26(f)(c)(3), with respect to the discovery plan, requires lawyers to state the views and proposals on issues about disclosure, discovery or preservation of ESI, including production format.  And under Rule 26(g)(1), the lawyer of record must sign to certify that the disclosure and discovery comports with the Rule itself; failure to do so can result in sanctions under Rule 26(g)(3).

Accordingly, for a lawyer to comply with the Court Rules, they must be sufficiently well-versed in eDiscovery.

Legal Malpractice and Disciplinary Action

When looking at the Rules it is important to delineate between legal malpractice and a disciplinary action.

To state of cause of action for legal malpractice requires that the (1) lawyer failed to exercise the ordinary reasonable skill and knowledge commonly possessed by a member of the legal profession, and (2) lawyer’s breach of the duty proximately caused the plaintiff actual and ascertainable damages.15  Consequently, a violation of a disciplinary rule without more, is insufficient to support a legal malpractice cause of action.16  And a violation of the Rules does not form the basis for a legal malpractice cause of action, but some of the conduct constituting a violation of the Rules, may also constitute evidence of malpractice.17

The Rules provide a framework for the ethical practice of law.18  Moreover, the Rules state the minimum level of conduct below which no lawyer can fall without being subject to disciplinary action.19   And the failure to comply with an obligation or prohibition imposed by a Rule is a basis for invoking the disciplinary process.20

Practical TIP

In closing, I wanted to provide helpful tips to assist lawyers in meeting their ethical obligations under the Rules.

A lawyer and litigation support professional should start communicating upon commencement of the matter. They should discuss the merits of the matter and come up with an eDiscovery strategy to meet case goals.21

Transparent and clear communications are the keys to a successful eDiscovery engagement – communications should include:

  • Discovery deadlines
  • ESI protocols
    1. How and what format should the ESI be collected
    2. What format should the ESI be produced
    3. What metadata fields should we agree to produce
    4. What metadata fields should we avoid committing to produce
  • Is a forensic consultant needed
  • Document Review
    1. What is the best method to review documents given the nature of the matter, budget and time constraints
      1. linear review or technology assisted review (TAR)
      2. use of analytics – email threading and near deduplication

 

1. The Rules, also known as, disciplinary rules.

2. See New York Rules of Professional Conduct (N.Y. Rule) Preamble; Scope [13]; Roy Simon & Nicole Hyland, Simon’s New York Rules of Professional Conduct Annotated, 2017 ed. 2 (2017).

3. Unlike ABA Model Rule 1.1, its progeny the N.Y. Rule 1.1(a) uses the word “should” instead of “shall”. Accordingly, the language does not mandate competent representation, but rather, competence is merely aspirational. The rationale for the “should” language is twofold – (1) every lawyer makes mistakes and a lawyer should not be subject to professional discipline for an isolated instance of incompetence; and (2) incompetence is largely policed by legal malpractice suits. Simon & Hyland, supra, at 62 – 63.  However, N.Y. Rule 1.1 (b) “puts teeth in the duty of competence by essentially prohibiting incompetent representation.” Simon, Roy, Artificial Intelligence, Real Ethics, New York State Bar Association Journal, April 2018, par. 5.

4. New York State Bar Association, Ethics Opinion 1020; see Simon, Artificial Intelligence, supra, pars. 11-13 (discussing technology as it relates to N.Y. Rule 1.6, confidential information).

5. New York County Lawyers’ Association, Ethics Opinion 745.

6. See Kristen Weil & Ronald Hedges, Ethical E-Discovery and New Technologies, New York Law Journal, March 2017.

7. See Y. Rule Comment 1.1 [4] – [5], [8].

8. See N.Y. Rule 1.1 (b); N.Y. Rule Comment 1.1 [6].

9. Examples of nonlawyer eDiscovery professionals include, project managers, litigation support, eDiscovery vendors, forensic engineers, among others.

10. See Y. Rule 5.3.

11. See Y. Rule Comment 5.3 [1] – [2].

12. See Matter of Jeffrey M. Jayson, 3 A.D.3d 80, 81-2, 772 N.Y.S.2d 769, 770-71 (N.Y. App. Div. 2003)

13. See 22 NYCRR 202.12(b); 22 NYCRR 202.70(g)(1)(b).

14. See Ocwen Loan Servicing v. Ohio Pub. Emps. Ret. Sys., 2015 NY Slip Op. 51775(U) (N.Y. Sup. Ct. Dec. 7, 2015) (Plaintiff sought spoliation sanctions pursuant to CPLR 3216, claiming that Defendant failed to preserve relevant electronically stored information. The Court granted Plaintiff’s motion insofar as Plaintiff requests an adverse inference instruction and further ordered Defendant pay the lawyers’ fees and costs incurred by Plaintiff in preparing the sanctions motion).

15. See Felix v. Klee & Woolf, LLP, 138 A.D.3d 920, 921, 30 N.Y.S.3d 220, 223 (N.Y. App. Div. 2016).

16. See Fletcher v. Boies, Schiller & Flexner LLP, 140 A.D.3d 587, 588, 35 N.Y.S.3d 28 (N.Y. App. Div. 2016).

17. See Swift v. Choe, 242 A.D.2d 188, 194, 674 N.Y.S.2d 17, 21 (N.Y. App. Div. 1998); N.Y. Rule Preamble; Scope [12].

18. Y. Rule Preamble; Scope [8].

19. Y. Rule Preamble; Scope [6].

20. Y. Rule Preamble; Scope [11].

21. A good starting point is the EDRM Project Management Framework. See edrm.net/frameworks-and-standards/edrm-model/project-management/

Image of Judge Writing with Gavel on Table

Exterro and Duke/EDRM Judges Survey 2019 Series: Part 2, Taking Affirmative Action to Address E-Discovery Problems

This is the second in a series of posts evaluating the results of Exterro and Duke/EDRM’s 2019 survey of Federal district court and magistrate judges. With information from over 250 judges, the survey data offers a rich trove to mine.

Part 1 looked at responses to the first survey question, which was about failure to comply with Federal e-discovery rules.

This article, Part 2, focuses on responses to the second substantive set of questions in the survey, which go to how often and why judges had to take affirmative action in cases to address e-discovery problems.

The question

Judges were asked, “In the past 12 months, how often have you had to take affirmative action (e.g., require additional conferences either in camera or unsupervised or issue a warning or sanction) in a case to address an e-discovery problem?” They were direct to choose one of five options: “one”, “two”, “three”, “four”, or “more than five”.

The judges also were asked to comment, “on what basis” did they have to take affirmative action.

Three key takeaways

  1. Most responding judges acted affirmatively at least once in the past 12 months. Only 15% said they had not needed to take any action. Of district judges, 78% said they acted affirmatively at least once. Magistrate judges were notably higher at 95%.
  2. Although responding judges acted affirmatively, they did not do so often. Seventy-nine percent of responding judges took affirmative action just 4 times or less in past 12 months. For district judges, the number was 88%; for magistrate judges, 67%.
  3. Judges also took affirmative action only in a tiny percentage of the cases they handled. (Here I need to add the important caveat that the following percentages are artificially high; more about that below.) For district court judges, the numbers range between 0.3% and 1.5%. For magistrate judges, the numbers range between 0.2% and 0.8%.

Placed in context, these numbers suggest that during the past 12 months responding judges (and Federal trial court judges generally) rarely felt the need to intervene to address e-discovery problems.

The responses

Adjustments

If judges had been given the option to answer “zero” or, in the case of district judges, “magistrates handle that”, the judges’ comments clearly indicate that a significant percentage of the judges would have selected one of those options. For the analyses in this article, I have adjusted the responses accordingly and am using “magistrate only”, “zero”, “one”, “two”, “three”, “four”, or “more than five”.

A closer look at responding judges

Just over 250 judges responded to this survey – 139 district court judges, 110 magistrate judges, and two judges who did not indicate their roles. The Administrative Office of the U.S. Courts reports that for calendar year 2018 there were 663 authorized district court judgeships. According to a 2016 paper prepared for the Federal Bar Association, at that time there were 531 full-time magistrate judges. Assuming the AO and FBA numbers to be accurate today, we got responses from approximately 21% of the bench.

Role Number Responding % Responding Total Reported % Reported Responding as % of Reported
District Judge 139 56% 663 56% 21%
Magistrate Judge 110 44% 531 44% 21%
Total 249 100% 1,194 100% 21%

Most judges acted affirmatively

Ninety two percent of responding judges answered this set of questions. Of those judges, 15% said that in the past year they had not had to take any affirmative action to address e-discovery problems.

Compare answers from magistrate and district court judges, and you see the expected difference between the two groups. Ninety-five percent of responding magistrate judges said they had taken affirmative action at least once in the past 12 months. For district court judges the number was lower, at 78%. Two district court judges specially noted that they passed these issues along to magistrate judges.

Took Affirmative Action District Judge Magistrate Judge All
Never 29 5 34
At least once 100 97 198
Total 129 102 232

Overall, judges did not have to act affirmatively often. As the chart and tables below show, 79% of the judges took affirmative action less than five times in the past 12 months. For district court judges the number was 88%; for magistrate judges, it was 67%. Only 21% of responding judges took affirmative action five times or more. District judges were less at 12% and magistrate judges notably higher at 33%.

Took Action – All Percentage Cumulative Percentage
Magistrates handle 1% 1%
0 times 14% 15%
1 times 21% 35%
2 times 24% 59%
3 times 13% 73%
4 times 6% 79%
5+ times 21% 100%
Total 100%
Took Action – District Court Percentage Cumulative Percentage
Magistrates handle 2% 2%
0 times 21% 22%
1 times 22% 44%
2 times 22% 67%
3 times 16% 82%
4 times 6% 88%
5+ times 12% 100%
Total 100%
Took Action – Magistrate Percentage Cumulative Percentage
Magistrates handle N/A N/A
0 times 5% 5%
1 times 20% 25%
2 times 25% 50%
3 times 11% 61%
4 times 6% 67%
5+ times 33% 100%
Total 100%

But most judges acted affirmatively only rarely

Judges took affirmative action only in a tiny percentage of the cases they handled, at most just over 1.5% and most likely almost always far less than that.

The first step toward arriving at this conclusion is to calculate the average number of cases handled each year by district court and magistrate court judges. As explained below, it appears those numbers are somewhere in the range of 336 matters per year for district court judges and 656 for magistrate judges.

According to Federal Judicial Caseload Statistics 2018 from the Administrative Office, in the 12-month period ending March 31, 2018 there were 358,563 civil and criminal matters filed in U.S. district courts. Of those, 277,010 were civil matters. Subtracting prisoner petitions, there remain 233,045 matters. The Administrative Office also reports that for calendar year 2018 there are 663 authorized district court judgeships. Combined those numbers, and it appears that on average district court judges handle approximately 336 matters a year.

The Administrative Office tells us that in 2018 magistrate judges handled 348,421 civil matters. According to a 2016 paper prepared for the Federal Bar Association, at the time there were 531 full-time magistrate judges. Assuming the number of magistrate judges has held steady, then on average magistrate judges handled approximately 656 matters last year.

District Judges Magistrate Judges
Number of matters handled 223,045 348,421
Number of judges 663 531
Average number of matters per judge 336 656

The second step is to calculate frequency of affirmative actions, where that frequency is defined as the number of times in the year a judge took affirmative action divided by the number of matters a judge handled.

Here is where the above-mentioned caveat comes into play. Because of the specific wording of our question (“how often have you had to take affirmative action … in a case”), we do not know from the response whether judges taking affirmative action more than once did so in the same case or in two separate cases. For this exercise, however, I need to assume that each time a judge took an affirmative action, the judge did so in a different matter. I know this assumption is wrong, as the judges’ indicate otherwise, but I have no better data to work with. This means that the numbers below overstate, most likely substantially, the percentage of cases on judges’ dockets where the judges had to take affirmative action.

Nonetheless, here are the calculations.

Number of Matters with Affirmative Action Taken as % of Docket
No. of Matters with Affirm Action District Judge Magistrate Judge
1 matter 0.3% 0.2%
2 matters 0.6% 0.3%
3 matters 0.9% 0.5%
4 matters 1.2% 0.6%
5+ matters 1.5% 0.8%

The implication is clear. Matters in which judges find themselves having to take affirmative action only account for a tiny part of the judges’ overall dockets. For district court judges, the numbers range between 0.3% and 1.5% according the above calculations and should be noticeably lower. For magistrate judges, the numbers range between 0.2% and 0.8% with the same cautionary comment.

Comments

In addition to being asked how often they took affirmative action in cases to address e-discovery problems, judges were asked to comment as to the bases for which they took that action.

DUKE/EDRM organized the comments into seven groups:

  • On the basis of misconduct, neglect, or rule violation
  • On the basis of a dispute
  • On the basis of communication issues
  • To provide guidance
  • Regular practice
  • On the basis of privilege issues
  • Basis unspecified (a catch-all group we won’t go into here)

As in Part 1, I won’t fill out this post with the full set of comments; those are available on the DUKE/EDRM site. Following, instead, is my distillation of the comments.

On the basis of misconduct, neglect, or rule violation

Most of this group of comments focused on attorneys’ failure to do something. These included failures to: confer with opponents meaningfully or even at all; be specific in responses and objections; understand their client’s data and e-discovery practices; search for data appropriately or diligently; search the data itself appropriately or diligently; deliver complete productions; act timely or act at all; comply with court orders; and understand e-discovery itself or turn to someone who does for assistance.

Many of the comments centered on attorneys’ abuse of the e-discovery process, such as: making overbroad requests; using boilerplate or improper objections or responses; engineering inappropriate delay; or refusing to engage in genuine efforts to confer or to resolve disputes before turning to the court.

On the basis of a dispute

Perhaps the most fundamental dispute leading to judges taking affirmative action to address e-discovery problems arose when each side thought it was reasonable and the other side was wrong and neither side seemed willing to re-assess those positions.

Many disputes leading to judges taking affirmative action stemmed from counsels’ inability to agree. Areas where they could not (or preferred not to) come to agreement included: scope and limits of discovery to be engaged in; initial e-discovery actions to be taken; search terms; deadlines; and scope of ESI to be produced.

Other disputes came from lawyers taking unilateral action. One-sided actions include requesting parties asking for too much before trying to determine what actually might be reasonable, as well as responding parties producing only what they wanted to without conveying how they had limited their processes.

Some disputes appeared to be born of ignorance, such as where attorneys over-promised because they did not understand what they are committing themselves or their clients to do.

Finally, some disputes seemed to be the result of an apparent desire to have issues remain unresolved: parties refuse to engage in meaningful communications; stonewall on productions without offering reasonable alternatives; and demand data for data’s sake rather than to advance the theory of the case.

On the basis of communication issues

 “What we’ve got here is a failure to communicate.” Too often attorneys didn’t meet, didn’t talk, didn’t write, didn’t plan. And when they did, too regularly they seemed to be the proverbial ships passing in the night.

To provide guidance

Some judges felt they had to act affirmatively to so as to give guidance, especially to inexperienced counsel, for example directing parties to refine and identify their e-discovery.

Regular practice

Some judges see themselves as pursuing a regular practice of acting affirmatively, where in their local rules they call for conferences, in more complex cases require counsel to meet and confer with IT people participating, and sometimes just bring counsel into the courthouse so the attorneys can hammer things out on a face-to-face basis.

On the basis of privilege issues

Privilege issues can lead to judges needing to take affirmative action. Part of this appears to be inherent in the difficulties and complexities posed by privilege concerns. Part arises from overly aggressive assertion of privilege.

About the survey

In late 2018, Duke/EDRM and Exterro conducted a survey of Federal judges, the fifth year for Exterro and the second for Duke/EDRM. The survey contained over 20 groups of questions. More than 250 Federal district court and magistrate judges responded to the survey.

Exterro and Duke/EDRM published survey results in early 2019. Exterro’s report on the results is available here. Duke/EDRM’s compilation of results, including the text of comments from judges responding to specific questions, is available here.

The astute observer will notice that tallies used in this and subsequent posts differ slightly from those appearing in the Duke/EDRM and Exterro materials. Generally those differences come from efforts on my part to reconcile answers to choose-an-option questions with narrative comments provided by the judges.

Survey demographics

Roles

Respondents are pretty evenly divided between district court and magistrate judges. Of the 251 Federal judges responding to the survey, 55% identified themselves as district court judges and 44% said they are magistrate judges. Of the district judges, 4% reported that they are chief judges, 6% are retired, and less than 1% are on senior status. Just over 1% of the magistrate judges noted that they are chief magistrate judges and less than 1% said they are retired.

Years on the bench

The responding judges are a seasoned group. Overall, 63% of the judges have been on the bench for at least 11 years; 83% for six years or more. District court judges have more experience – their largest cohort, at 46%, has been on the job for 21 years or more – while responding magistrate judges have not served as long – their biggest group, at 33%, clocks in at between 6 and 10 years. These differences are not surprising as district court judges have lifetime tenures while magistrate judges are appointed for renewable eight-year terms.

Image of Judge Writing with Gavel on Table

Exterro and Duke/EDRM Judges Survey 2019 Series: Part 1, Failure to Comply with Federal Rules

This is the first in a series of posts evaluating the results of Exterro and Duke/EDRM’s 2019 survey of Federal district court and magistrate judges. With information from over 250 judges, the survey data offers a rich trove to mine. And mine it we will.

This post focuses on responses to the first substantive question in the survey, “In your opinion, which e-discovery rules do attorneys neglect to comply with most often?”

Before we get there, however, it is worth spending a few paragraphs on the survey and demographics of its respondents.

About the survey

In late 2018, Duke/EDRM and Exterro conducted a survey of Federal judges, the fifth year for Exterro and the second for Duke/EDRM. The survey contained over 20 groups of questions. More than 250 Federal district court and magistrate judges responded to the survey.

Exterro and Duke/EDRM published survey results in early 2019. Exterro’s report on the results is available here. Duke/EDRM’s compilation of results, including the text of comments from judges responding to specific questions, is available here.

The astute observer will notice that tallies used in this and subsequent posts differ slightly from those appearing in the Duke/EDRM and Exterro materials. Generally those differences come from efforts on my part to reconcile answers to choose-an-option questions with narrative comments provided by the judges.

Demographics

Roles

Respondents are pretty evenly divided between district court and magistrate judges. Of the 251 Federal judges responding to the survey, 55% identified themselves as district court judges and 44% said they are magistrate judges. Of the district judges, 4% reported that they are chief judges, 6% are retired, and less than 1% are on senior status. Just over 1% of the magistrate judges noted that they are chief magistrate judges and less than 1% said they are retired.

Years on the bench

The responding judges are a seasoned group. Overall, 63% of the judges have been on the bench for at least 11 years; 83% for six years or more. District court judges have more experience – their largest cohort, at 46%, has been on the job for 21 years or more – while responding magistrate judges have not served as long – their biggest group, at 33%, clocks in at between 6 and 10 years. These differences are not surprising as district court judges have lifetime tenures while magistrate judges are appointed for renewable eight-year terms.

Failure to comply with Federal rules

Judges were asked, “In your opinion, which e-discovery rules do attorneys neglect to comply with most often?” They were offered seven choices and were asked to select the top two. The choices were:

  • FRCP 16(f) – Obey Scheduling Order and/or be prepared for Pre-Trial Conferences
  • FRCP 26(g)(3) – Ensure that Discovery Request/Response is “Complete and Correct”
  • FRCP 37(b)(2) – Follow a Court Order
  • FRCP 37(c) – Duty to Disclose, to Supplement an Earlier Response, or to Admit
  • FRCP 37(e) – Preserve Electronically Stored Information
  • FRCP 37(f) – Participate in Framing a Discovery Plan
  • 28 U.S.C. 1927 – Do not submit unreasonable filings

Responses

A clear plurality of judges selected Rule 26(g)(3), at 54%, and Rule 37(c), at 43%, as their top two choices. District court judges were evenly divided between the two, with 47% opting for 26(g)(3) and 46% for 37(c). Magistrate judges showed a clear preference for 26(g)(3) at 61% compared to 37(c) at 39%.

Next came Rules 16(f), 37(f), and 28 U.S.C. 1927, all in a group. After that there was drop to 37(e), and, in last place, 37(b)(2).

By Percentage of Respondents
Rule Description All District Magistrate
26(g)(3) Ensure that Discovery Request/Response is “Complete and Correct” 54% 47% 61%
37(c) Duty to Disclose, to Supplement an Earlier Response, or to Admit 43% 46% 39%
16(f) Obey Scheduling Order and/or be prepared for Pre-Trial Conferences 26% 30% 22%
37(f) Participate in Framing a Discovery Plan 20% 16% 25%
28 U.S.C. 1927 Do not submit unreasonable filings 18% 24% 10%
37(e) Preserve Electronically Stored Information 11% 13% 9%
37(b)(2) Follow a Court Order 6% 6% 5%

What do these judges seem to feel attorneys are failing to do?

Rule 26(g)(3)

First and foremost, responding judges feel attorneys are failing to meet their Rule 26(g)(3) obligations to ensure their discovery disclosures and requests and responses are complete and correct.

Rule 26 sets forth parties’ duties to disclose various categories of information. Section (a) of the rule requires that parties disclose certain categories of information. Section (b) addresses the scope and limits of information parties may obtain through discovery. Section (e) makes clear that parties have a duty to supplement their disclosures and responses.

Section (g)(1) states that attorneys for parties must sign every initial and pretrial disclosure and every discovery request, response, or objection. By signing, the attorneys certify two things.

Attorneys are required to certify that each disclosure is complete and correct to the best of their “knowledge, information, and belief formed after a reasonable inquiry”.

Attorneys also are required to certify that each discovery request, response, or objection meets three requirements. It must be consistent with the Federal Rules of Civil Procedure and warranted by existing law or a non-frivolous argument for changing an existing law or establishing a new one. It cannot be made for in improper purpose. And it cannot be unreasonable or entail undue burden or expensive.

Rule 37(e)

Next, attorneys are failing to meet their Rule 37(e) obligations to disclose information, supplement earlier disclosures, and make proper admission.

Rule 37 is the sanctions rule. Section (c) states that parties failing to provide information or identify witnesses as required by Rule 26(a) or (e), as well as parties that fail to admit pursuant to Rule 36, can be sanctioned.

Comments

Judges were given the opportunity to comment about which e-discovery rules attorneys most frequently neglect to comply with – and comment they did.

Duke/EDRM organized the comments into six groups – three negative, one positive, and two neutral:

  • Neglect/Abuse (-)
  • Common Mistakes (-)
  • Judges’ Frustrations (-)
  • Attorney Compliance (+)
  • Clarifications
  • Suggestions

I won’t fill out this post with the full set of comments; those are available on the Duke/EDRM site. Following, instead, is my distillation of the comments.

Neglect/abuse

Many litigators “read the rules of Civil Procure in law school, and haven’t read or followed them since.”

Often attorneys don’t even do the basics: “I am amazed at how many times order deadlines are not followed, and no request for extension is ever submitted to the Court”; “many lawyers continue to ‘rubber stamp’ case management reports”; and “attorneys in small cases do not meaningfully confer”.

Lawyers “spend too much time pursuing unnecessary discovery to generate bills” and deliver “too many slick answers designed to mislead”.

Common mistakes

Lawyers fail to realize until too late that there is an “e” preceding “discovery”. Discussions about discovery seem to be an after-thought, not well thought out and jointly discussed by the parties early in the case. Attorneys act first and confer later, for example collecting ESI – often the wrong ESI – before discussing scope with the other side.

Attorneys fail to file targeted and reasonably limited discovery requests, file reasonable objections, and produce the parts of ESI and other information not objected to. Rather, they assert a variety of general and boilerplate objections with no specific explanation or support.

Judges’ frustration

Attorneys continue to ask for the kitchen sink; assert boilerplate or other inappropriate objections and deliver sloppy responses; and treat Rule 16 conferences as “drive-by” chores rather than serious hearings. They need to understand what they are asking for any why – but they don’t.

Attorney compliance

Not all the comments about attorneys are negative. Some judges wrote that in their experience attorneys generally handle e-discovery well, offering comments such as: “Lawyers comply with all of the above”; “I’ve had no problems of any sort”; “The great majority of cases in this district do not raise discovery issues”; “I have surprisingly few e-discovery disputes”.

Clarifications

The two most interesting clarification comments were:

“Ironically (maybe) the more complicated the e-discovery is likely to be, the more likely the attorneys are to do what they are supposed to do vis-a-vis formulating a plan.”

“I do not think most lawyers violate these rules on purpose. I think most lawyers fail to understand how electronic systems work….”

Suggestions

There are two suggestions that caught my attention. The first is aimed more at judges than attorneys: “active case management by the court minimizes these short-comings”.

The second is a reminder to attorneys to take full advantage of the Rule 37(f) planning conference, where format and scope issues can be discussed before parties embark on gathering and reviewing ESI, search techniques can be ironed out, and a written discovery can be put in place as part of the court’s scheduling order.

What should attorneys do?

It is clear the responding judges feel too many attorneys pay too little heed to both the spirit and the letter of procedural rules addressing e-discovery. The judges’ responses and comments suggest attorneys would fare better before these judges if they were to:

  • Read and thoroughly understand the 2015 FRCP amendments.
  • Confer with opposing counsel about ESI issues as early as practical.
  • Find common ground with opposing counsel where appropriate, come to an agreement about what they can’t agree on, and be prepared to explain to the judge in layman’s terms what they agree on, what they don’t, and why.
  • Seek to discover only that information likely to move the case forward and be useful for proving or defeating claims and defenses.
  • State discovery demands, responses, and objections in clear, concise, specific, and straight-forward language, eschewing boilerplate.
  • Assert only pertinent discovery objections, and for each objection be clear about what is being withheld and what is being produced.

The Mindful Data Transfer – Bringing Balance to Cross-Border Discovery and EU Data Protection Obligations

The implementation of the European Union (EU)’s General Data Protection Regulation (GDPR) has raised a number of questions as to how best to approach cross-border discovery. Friction between legal holds and the “right of erasure,” anxiety about the scope of collections amid data minimization requirements, and considerable financial and operational penalties for failure to comply with the GDPR have created an environment of trepidation about how, and where, to best process, host, and review EU data in connection with US-based eDiscovery. In particular, risk associated with data transfers and access to data have prompted a data location-centric and localized view toward the management of EU data that is subject to discovery.

But let’s stop for a moment and take a deep breath here.

The timorous approach of limited data transfer and localized-only management of EU personal data actually stands in contrast to what the GDPR is designed to do, which is ensure a high level of protection of personal data while ALSO facilitating the free flow of personal data both within the European Union AND to third countries (i.e. those countries outside of the European Economic Area).

Even with limited case law on the GDPR, and an enforcement picture that’s still developing, we have regulatory guidance which reflects an understanding of the need for data transfer in cross-border investigations and pre-trial discovery procedures provided by the Article 29 Working Party (WP29, the group of regulatory representatives now referred to as the Europe Data Protection Board under the GDPR).

By implementing appropriate data management across the EDRM that is adequate, relevant and limited to what is necessary in each discovery exercise, it is possible to strike a balance between discovery needs and EU data protection requirements.

More specifically, cross-border discovery success can be ensured by following a mindful approach to data transfer and access, steeped in awareness of not only the impacts and risks for data subjects and custodians, but also including the best practice methods and technical measures needed to ensure the security and confidentiality of data.

Such a mindful approach to cross-border transfer and discovery brings greater assurance and clarity, but is not without responsibility. It requires balancing data collection, processing, and data transfer requirements with an understanding of how best to approach the data protection rights of EU individuals. The key for gaining certainty in understanding resides in the following recommended practices:

Assessing the impact for data subjects

Though it predates the GDPR, WP29 guidance on pre-trial discovery for cross-border litigation strongly promotes balancing the obligations of the discovery process with the potential impacts to the rights and freedoms of data subjects. Considerations should include the necessity and proportionality of data collected for discovery and ensuring that adequate safeguards and protections are in place.

There is little to suggest that these considerations have changed all that much under the GDPR. In fact, the need for organizations to document their decisions and analyses related to cross-border discovery “balancing” is underscored by the accountability obligations of the GDPR, and particularly via the data protection impact assessment (DPIA) requirement. It is possible to demonstrate the necessary awareness of, and commitment to, the protection of EU personal data by carrying out a DPIA with analysis of impacts to data subjects and ensuring the documented measures are in place for remediation.

In the event discovery is subjected to a regulatory oversight inquiry, the DPIA provides the appropriate documentation of GDPR compliance considerations and balancing of EU data protection requirements with discovery, as well as solid evidence of good faith data protection efforts.

Applying technical and organizational measures for security

Article 32 of the GDPR lays out the framework for implementing the technical and organizational measures required to ensure a level of security appropriate to the risks presented for data subjects. For discovery processes, this will mean ensuring ongoing confidentiality, integrity, and resilience of data processing and hosting systems, and could even mean instituting an approved certification mechanism to demonstrate advanced security implementation, such as ISO 27001.

While risk adverse organizations may have taken to limiting/eliminating data transfers and following a localized, in-country approach to data processing, hosting, and review to avoid the specter of GDPR enforcement, it can be argued that the real risk is in failing to approach the technical and organizational measures required for security in a holistic and well thought-out manner. Think about it: data that exists in an insufficiently secure environment within the borders of a single jurisdiction is likely more at-risk than data that is securely protected in its place of origin, while in transit, and in a cross-border location that is also securely protected.

The crux of these requirements is protection for the data subject, not limitations around data movements.

Accordingly, a mindful approach to cross-border discovery will look to the interests of the client by focusing on robust security, and not choking off the flow of data, as the real means to ensuring success and cost mitigation under the GDPR.

Ensuring lawful and secure transfer and remote access to personal data

Given the spirit, purpose, and intention of the GDPR as a means of protecting an individual’s personal information while also fostering the free flow of data, a position to keep data localized in the EU simply because of the GDPR’s limitations on transfers to third countries outside the EEA would seem misguided. Reality is more nuanced.

A mindful approach to data transfer is focused on ensuring that the data protection guarantees enjoyed by individuals in the EU are not lost when the data is transferred overseas. Carrying out discovery requirements solely in-country misses the point, and potentially at considerable financial and logistical/operational expense.

The transfer requirements of GDPR Chapter V are not intended to prohibit data transfers entirely, but rather to ensure that the appropriate safeguards exist when transfers take place to countries (such as the US) where substantially equivalent protections have not been defined for individuals.

Accordingly, a mindful approach to data transfers, as with other elements of cross-border discovery, entails considering how data subjects can be protected throughout the process.

Despite some continued concerns about its efficacy, the Privacy Shield self-certification mechanism allows for the transfer of data to the United States, and does so by extending GDPR protections to EU individuals. It has now passed annual review twice. Intra-company transfers are allowable under the Privacy Shield, as well as transfers to other Privacy Shield signatory companies.

Those organizations that do not have a Privacy Shield certification in place, or fall outside the jurisdiction of the Federal Trade Commission or Department of Transportation (the US Agencies which oversee the framework), can select standard corporate contracts (sometimes called model contracts), or Binding Corporate Rules (which are subject to direct DPA approval) as a means of transfer.

What all these transfer mechanisms have in common is that they ensure the appropriate safeguards are in place for data protection, including the appropriate security measures, in addition to providing for enforceable data subject rights and effective legal remedies for individuals. As with the entirety of the GDPR, the focus is on the individual and protection of their rights, not curtailing global business operations for the sake of keeping data in the EU.

If there was any doubt about the legislative intent and enforcement prerogatives, we also have guidance from the European Data Protection Board (EPDB) on the derogations for data transfer under GDPR Article 49 in specific reference to circumstances for cross-border discovery and the necessity for transfer. The derogations are exemptions for limited, non-repetitive data transfers in specific situations where no other transfer mechanism applies, and Article 49(1)(e) provides an exemption for transfers “necessary for the establishment, exercise, or defense of legal claims.”

The EPDB guidance on this provision states that this derogation is intended to cover a range of activities, including for the purposes of formal pre-trial discovery procedures, civil litigation, and administrative investigations, such as in the anti-trust context. Accordingly, we have evidence here that not only are regulatory authorities aware of the fact that data transfers are an inevitable result of cross-border discovery, but they are in fact providing a clear means with which to carry out those transfers in a lawful manner, given the appropriate conditions and safeguards for data subjects.

It should also be noted that remote access to data located in the EU is considered a transfer under the best understanding we have at the moment through limited European Court of Justice case law and WP29 opinions that pre-date the GDPR. That said, given what we know about DPA awareness of cross-border discovery transfer requirements and the free flow of data under the GDPR, there is a strong argument to be made that limited access to EU data by US-based processing and/or IT service teams is permissible transfer, provided that access is adequate, relevant, and limited to what is necessary for the cross-border discovery process.

Clear implementation of protections for data subjects, documented considerations of risk remediation, and strictly limited access and oversight protocols will be substantial indicators of thoughtful consideration of the compliance requirements at play when determining an appropriate approach to remote access.

Serenity Now – Fostering Cross-Border Discovery through Careful Consideration of Data Protections

GDPR requirements are neither prescriptive nor proscriptive, and in a wave of uncertainty regarding what compliance frameworks should look like, how data transfers should be appropriately handled, and potential sanctions for non-compliant discovery operations, organizations have been quick to consider in-county processing, hosting, and review as the only answer to meeting GDPR compliance.

However, a compliant approach to GDPR really requires a carefully documented analysis and consideration of the impacts for data subjects, and implementation of the best-suited security protections and appropriate safeguards given an organization’s litigation profile and cross-border operational structure. A degree of assurance and certainty can then be achieved with these measures in place. While some in-country data processing may still be necessary to ensure that personal data subject to cross-border discovery is indeed adequate, relevant and limited, there is nothing to suggest a prohibition on transfer is necessary or required. Further, limiting cross-border litigation expense and operational impacts is possible through a mindful approach to discovery. Namaste.

EDRM Publishes TAR Guidelines

On February 7, EDRM released its Technology Assisted Review (TAR) Guidelines. The Guidelines are the first major work product from EDRM, begun not long after Tom Gelbmann and I handed the reins over to John Rabiej and his colleagues at the Bolch Judicial Institute of Duke Law School.

The goal for the Guidelines was simple: Provide a wide audience with an authoritative and clear understanding of the reasons to use technology-assisted review, known as TAR, in litigation, and the processes by which TAR works.

Getting there was a major undertaking. More than 50 volunteer judges, practitioners, and e-discovery experts worked for over two years to prepare the Guidelines. To make the project more manageable, EDRM set up three drafting teams. Leading the teams were Matt Poplawski of Winston & Strawn; Mike Quartararo of eDPM Advisory Services; and Adam Strayer of Paul, Weiss, Rifkind, Wharton & Garrison. Tim Opsitnick of TCDI and U.S. Magistrate Judge James Francis IV (Southern District of New York, Ret.) took on the challenge of editing the Guidelines as well as incorporating public comments. I assisted John Rabiej, deputy director of the Bolch Judicial Institute, and Jim Waldron, director of EDRM, as they directed the overall process.

Any document prepared by this many people – bringing as they do a wide range of experience, perspectives, and opinions – will be a compromise document. The Guidelines are no exception. We had some drama along the way; I doubt we could have avoided that entirely. In the end, however, the team assembled a set of guidelines that should have something for everyone – something to learn, something to like, and, of course, something to take issue with.

It is important to keep in mind that these Guidelines are just that, guidelines. They are not meant to set a floor. They do not represent a threshold anyone attempting to use TAR should be able to cross. At the same time they are not a ceiling either. I encourage everyone deploying TAR capabilities to push themselves farther than the uses discussed in the Guidelines. Go past the workflows discussed in Chapter Two. Push beyond the alternative tasks described in Chapter Three. These are starting points. They are not end points.

The Guidelines are 50 pages long. Don’t be put off by the length. The bulk of the contents is organized into four chapters:

  1. Defining Technology Assisted Review
  2. TAR Workflow
  3. Alternative Tasks for Applying TAR
  4. Factors to Consider When Deciding Whether to Use TAR

You can jump directly to a specific chapter if you like; each stands on its own. I suggest you instead take the time to start at the beginning and work through the document systematically. That, I think, will help you get the greatest value from the Guidelines.

Please send questions and comments to John Rabiej, Jim Waldron and me at edrm@law.duke.edu.

Here is the detailed structure of the Guidelines:

Page Section
i Foreword
ii Acknowledgements
iv Preface
1 Chapter One: Defining Technology Assisted Review
A. Introduction
2 B. The TAR Process
1. Assembling the TAR Team
2 2. Collection and Analysis
3. “Training” the Computer Using Software to Predict Relevancy
4. Quality Control and Testing
5. Training Completion and Validation
7 Chapter Two: TAR Workflow
8 A. Introduction
9 B. Foundational Concepts & Understandings
1. Key TAR Terms
2. TAR Software: Algorithms
a) Feature Extraction Algorithms
10 b) Supervised Machine Learning Algorithms (Supervised Learning Methods)
c) Varying Industry Terminology Related to Various Supervised Machine Learning Methods
11 C. The TAR Workflow
1. Identify the Team to Engage in the TAR Workflow
12 2. Select the Service Provider and Software
13 3. Identify, Analyze, and Prepare the TAR Set
14 a) Timing and the TAR Workflow
15 4. The Human Reviewer Prepares for Engaging in TAR
16 5. Human Reviewer Trains the Computer to Detect Relevancy, and the Computer Classifies the TAR Set Documents
19 6. Implement Review Quality Control Measures During Training
a) Decision Log
20 b) Sampling
c) Reports
7. Determine When Computer Training Is Complete and Validate
21 a) Training Completion
(i) Tracking of Sample-Based Effectiveness Estimates
(ii) Observing Sparseness of Relevant Documents Returned by the Computer During Active Learning
22 (iii) Comparison of Predictive Model Behaviors
(iv) Comparing Typical TAR 1.0 and TAR 2.0 Training Completion Processes
24 b) Validation
26 8. Final Identification, Review, and Production of the Predicted Relevant Set
27 9. Workflow Issue Spotting
a) Extremely Low or High Richness of the TAR Set
28 b) Supplemental Collections
c) Changing Scope of Relevancy
29 d) Unreasonable Training Results
30 Chapter Three: Alternative Tasks for Applying TAR
A. Introduction
B. Early Case Assessment/Investigation
31 C. Prioritization for Review
D. Categorization (By Issues, for Confidentiality or Privacy)
32 E. Privilege Review
33 F. Quality Control and Quality Assurance
G. Review of Incoming Productions
34 H. Deposition/Trial Preparation
35 I. Information Governance and Data Disposition
36 1. Records Management Baseline
2. Assessing Legacy Data – Data Disposition Reviews
3. Isolating Sensitive Content – PII/PHI/Medical/Privacy/Confidential/Privileged/Proprietary Data
37 Chapter Four: Factors to Consider When Deciding Whether to Use TAR
A. Introduction
B. Should the Legal Team Use TAR?
1. Are the Documents Appropriate for TAR?
38 2. Are the Costs and Use Reasonable?
39 3. Is the Timing of the Task/Matter Schedule Feasible?
4. Is the Opposing Party Reasonable and Cooperative?
5. Are There Jurisdictional Considerations That Influence the Decision?
40 C. The Cost of TAR vs. Traditional Linear Review
D. The Cost of TAR and Proportionality
41 Appendix: Key Terms
44 Thank You to Our Sponsors!

 

EDRM at Duke Law School Releases TAR Guidelines for Legal Industry

For about two years, a group of legal professionals from the EDRM at Duke Law School –judges, lawyers, e-discovery and litigation support professionals—from across the country have been working on guidelines designed to educate and inform the legal industry about technology assisted review.

The Technology Assisted Review (TAR) Guidelines have now been released and are available on the EDRM website here. The objective of the TAR Guidelines is to define and explain the TAR process, outline its utility in the discovery process, and not only demystify the technology, but also promote its increased use.

The TAR Guidelines have four chapters. The first chapter defines technology assisted review and the TAR process. The second chapter lays out a standard workflow for the TAR process. The third chapter examines alternative tasks and use cases for TAR. Chapter four discusses factors to consider when deciding whether to use TAR.

I am privileged to have been a part of the drafting team and the team of editors who completed the final paper. It was a long and arduous process, to be sure, but I believe we achieved as much consensus as could possibly be achieved given the scope and breadth of thought leadership in this space. In addition to the TAR Guidelines, EDRM will release later this year a TAR protocol that is designed to recommend best practices to accompany the TAR Guidelines.

The TAR process is revolutionizing the way we review documents in discovery. No longer is it necessary to have junior lawyers pour through the ever-increasing volumes of documents to be reviewed in discovery. Today, we use proven machine learning technologies to enhance the review process, make document review more efficient and cost-effective. For anyone in the legal profession who is not currently using TAR, the TAR Guidelines are a must-read.

Statue of justice

Ethics and eDiscovery: Fundamentals and Practice Pointers

The four root causes of eDiscovery misconduct are: 1) a general lack of technical sophistication; 2) over-zealous advocacy; 3) neglecting client communication and other professional duties in the case; and 4) legal incompetence. The most egregious offenses usually fall under causes two through four. Sadly the more typical eDiscovery failures that make up most misconduct stem from lawyers’ technological incompetence.

That was the starting point of the ethics and eDiscovery presentation at the Indianapolis Bar Association eDiscovery Day 2018. The all-day program also included a complementary presentation on sanctions law.

Competence is the fundamental ethical duty for lawyers. Both presentations cited the now famous 2015 California ethics opinion as an invaluable resource for understanding competence in the context of eDiscovery. The opinion was both controversial and influential in calling out ESI management as a core ethical responsibility for all litigators.

Helpfully, the opinion lists specific requirements for competence at each stage of the EDRM lifecycle. At the outset of the case are initial matter assessment, implementing a preservation plan and custodian identification. Some of the explicitly technology-focused requirements are analyzing the client’s systems and storage, using defensible collection methodology and producing ESI in an appropriate format. Advising the client on eDiscovery legal obligations and technology options is an overarching requirement at all stages.

Guna Rogers of Beckman Coulter shared the in-house perspective on eDiscovery competence in her presentation on sanctions law. Corporate clients want outside counsel to follow the rules. The corporate client’s desired outcome is a satisfactory business resolution at the lowest reasonable cost. Ethical conduct helps achieve this objective.

Jon Mattingly of Mattingly Burke Cohen & Biederman LLP presented the ethics session. He devoted considerable time to preservation, an acute and chronic problem area. He stressed that the duty to preserve is an active, not passive obligation. Effective preservation is based on thorough identification and a good discovery plan.

Unfortunately the courts have not provided consistent guidance in interpreting amended Rule 37(e). Basically the case law is all over the map in analyzing the requirements for sanctions. However, there are guideposts.

First, intentional spoliation is always a bad fact in front of the judge. The second guidepost is a practice pointer arising from the duty to take reasonable steps to preserve relevant information. Good documentation is needed to respond to allegations of spoliation or other preservation challenges. It’s critical to contemporaneously document the preservation effort in detail. Finally, other discovery misconduct like misrepresentations to the court sharply increases the likelihood of sanctions.

The sanctions presentation reinforced and expanded on that last point. While sanctions have sometimes been imposed for a single event, there’s usually a pattern of abuse or failure. Judges’ warnings must be taken seriously.   In the big picture of the case, judicial displeasure is clear direction that the discovery strategy is not working and a course change is in order.

This leads to another key point emphasized by both presenters: Judges don’t enjoy discovery. They want to see a good faith effort to resolve discovery disputes, or at least to clarify and narrow the issues, before coming to court. Cooperation among parties will win points with the judge.

A competent and meaningful meet and confer with opposing counsel on the discovery plan is one of the requirements specified by the CA ethics opinion. The principle clearly extends to discovery disputes. Moreover corporate clients expect reasonable cooperation because it keeps costs down.

The ethics presentation ended with a cautionary word about shifting responsibility to law firm staff and service providers. Seeking assistance from knowledgeable technology and eDiscovery consultants is strongly encouraged. But it’s not a substitute for staying involved and giving appropriate and timely instructions.

Ultimate responsibility for the conduct of the eDiscovery matter rests with counsel, not legal support staff. The duty to supervise extends to non-lawyers outside the firm, such as eDiscovery providers and the client’s employees tasked with litigation support. Lawyers must be familiar with eDiscovery basics to provide adequate supervision and competent decision-making.

Lawyers have an ethical duty to provide competent representation to their clients. For litigators, that includes competence in the always-evolving area of eDiscovery law and technology. Continuing legal education by bar associations and eDiscovery professional organizations like ACEDS isn’t a nice extra. It’s a necessary resource for lawyers and the eDiscovery professionals who support them.