e-discovery strategies: preparing for new frcp amendments...

E-Discovery Strategies: Preparing for New FRCP Amendments on Proportionality and Managing ESI

Today’s faculty features:

1pm Eastern | 12pm Central | 11am Mountain | 10am Pacific

The audio portion of the conference may be accessed via the telephone or by using your computer's

speakers. Please refer to the instructions emailed to registrants for additional information. If you

have any questions, please contact Customer Service at 1-800-926-7926 ext. 10.

TUESDAY, APRIL 14, 2015

Presenting a live 90-minute webinar with interactive Q&A

John J. Isaza, Partner, Rimon, Laguna Beach, Calif.

Bree D. Kelly, e-DAT Lawyer, K&L Gates, Seattle

James S. Kurz, Partner, Redmon Peyton & Braswell, Alexandria, Va.

Daniel D. Mauler, Partner, Redmon Peyton & Braswell, Alexandria, Va.

E-Discovery in 2015: Will You Feel The Earth Move Under Your Feet? By Daniel R. Miller, Bree Kelly

The civil litigation landscape is constantly changing as new laws are passed, new

rules are promulgated, and new opinions are issued. As in the natural world, some areas

are more prone to change than others, and the bedrock of discovery has significantly shifted

in recent years. The rumblings began in earnest in the early part of this century, as judicial

opinions began to address the significant challenges posed by the proliferation of electronic

information in daily life. Then, in 2006, “the big one” hit, and the Federal Rules of Civil

Procedure were amended to substantially address the discovery of electronically stored

information (“ESI”). Eight years later, the aftershocks of that tremendous shake up continue

and new fault lines have begun to emerge, providing clues—and warnings—as to where the

next big shifts are likely to occur. In this article, we will identify some of those areas,

including emerging standards of competence in electronic discovery, the pending

amendments to the rules of civil procedure, and the continuing evolution of the use of

technology in electronic discovery, and beyond.

Modern Competence

Modern competence requires a heightened level of familiarity with technology.

Indeed, it is arguably impossible in this day and age to practice law in any area without some

contact with ESI. This reality was recently recognized, at least impliedly, by the American

Bar Association, and reflected in an amendment to the comments to Rule 1.1 of the Model

Rules of Professional Conduct addressing competence. Specifically, paragraph 8 now

counsels that “[t]o maintain the requisite knowledge and skill, a lawyer should keep abreast

of changes in the law and its practice, including the benefits and risks associated with

relevant technology, engage in continuing study and education and comply with all

continuing legal education requirements to which the lawyer is subject.”1 Many state

jurisdictions have come to the same conclusion and adopted similar (or the same) language

in the comments to their rules on competence, including Delaware,2 Pennsylvania,

3 Kansas,

4

Arkansas,5 and North Carolina.

6

In California, the state bar association has taken a more direct approach to the

question of competence in electronic discovery. In February 2014, the State Bar Standing

Committee on Professional Responsibility and Conduct tentatively approved Proposed

Formal Opinion Interim No. 11-0004, addressing “ESI and Discovery Requests” for public

1 Emphasis added.

2 DELAWARE LAWYERS’ RULES OF PROF’L CONDUCT R. 1.1 cmt. (2013).

3 PENNSYLVANIA RULES OF PROF’L CONDUCT R. 1.1 cmt. (2013).

4 KANSAS RULES OF PROF’L CONDUCT R. 1.1 cmt.

5 ARKANSAS RULES OF PROF’L CONDUCT R. 1.1 cmt.

6 NORTH CAROLINA RULES OF PROF’L CONDUCT R. 1.1 cmt (2014).

January 2015

E-Discovery in 2015: Will You Feel The Earth Move Under Your Feet?

2

comment.7 Specifically, the opinion addresses the question: “What are an attorney’s ethical

duties in the handling of discovery of electronically stored information?” The opinion

concludes that “[a]ttorney competence related to litigation generally requires, among other

things, and at a minimum, a basic understanding of, and facility with, issues relating to e-

discovery …” and that “[o]n a case-by-case basis, the duty of competence may require a

higher level of technical knowledge and ability, depending on the e-discovery issues involved

in a matter, and the nature of the ESI.” The opinion also counsels that an attorney lacking

the requisite understanding of e-discovery “has three options: (1) acquire sufficient learning

and skill before performance is required; (2) associate with or consult technical consultants

or competent counsel; or (3) decline the client representation.”

Although it remains to be seen how these emerging standards may affect the

landscape of discovery in the long term, it is clear that the days of excusing one’s mistakes

by claiming a lack of technical savvy are over.8 Accordingly, if you find yourself on the wrong

side of this fissure—the line between those with the requisite competence and those

without—its time to jump the expanding gap before you fall in, or to find reliable e-discovery

counsel or another expert to build a bridge for you if needed.

Records Management and Information Governance

The ethical duty to remain competent with regard to relevant technologies is

particularly important in the context of records management and information governance,

where available technologies and their applications in a business context continue to rapidly

evolve. In recent years, a number of fault lines have emerged within many organizations as

they seek to address the competing needs to (i) understand records management systems,

policies, and practices relevant to information at issue In litigation, (ii) maintain compliance

with differing (and, at times, divergent) records management requirements in various

jurisdictions, and (iii) pursue information governance as a means of leveraging knowledge for

business purposes while disposing of unnecessary records that could cause undue risks,

burdens, and costs.

One cause of fractures within the landscape of organizational records management

is the multiplicity of systems involved in such management. Organizations rarely make use

of only one records management system. In fact, many organizations rely on a combination

of centrally-managed records and information systems (such as a company e-mail system

and networked server locations); record storage media owned by the company, but managed

by individual employees (such as laptop computers and company-issued mobile devices);

and electronic record repositories that are externally managed on behalf of the company

(such as company-sponsored social media accounts and “cloud-based” storage locations).

Furthermore, an increasing number of companies are permitting employees to access, use,

and, in some cases, store business records on personally-owned mobile devices under the

auspices of “Bring Your Own Device” (“BYOD”) policies. Differences in how information is

organized and maintained within these various systems can cause fractures and

complications in how an organization applies consistent records management practices

across these systems. However, understanding the different record systems used by an

7 Following the initial public comment period, the interim opinion was revised in response to public comments and

approved for an additional 90-day public comment period, ending April 9, 2015. The revised opinion is available here: http://calbar.ca.gov/AboutUs/PublicComment/201501.aspx. 8 James v. Nat’l Fin. LLC, No. 8931-VCL, 2014 WL 6845560, at *12 (Del. Ch. Dec. 5, 2014) (“Professed technological

incompetence is not an excuse for discovery misconduct.”).

http://calbar.ca.gov/AboutUs/PublicComment/201501.aspx


3

organization, as well as the organization’s rights to access, copy, monitor, and dispose of

information held within these systems, is key to providing competent and effective legal

guidance to that client in response to both litigation and the ongoing demands of legal

compliance.

Another source of fault lines regarding organizational records management involves

the differing legal requirements related to retention of records. Within the United States,

different federal and state laws and regulations impose varying legally-mandated retention

requirements. In many cases, these differing retention requirements may cause the same

records in two different states to be subject to retention requirements of different minimum

lengths. In other cases, organizations involved in certain regulated industries may be subject

to longer retention requirements for specific records than other types of organizations in the

same jurisdiction. Furthermore, retention requirements in foreign jurisdictions often differ

significantly from U.S. requirements. Indeed, several foreign jurisdictions impose retention

requirements with maximum retention periods in order to facilitate data privacy. As a result,

record retention requirements under U.S. and foreign laws often differ and, in some cases,

directly conflict. Superimposed over all such record retention requirements applicable during

routine business operations are record preservation duties that are triggered by actual or

reasonably anticipated litigation and that must be met to avoid allegations of, and sanctions

for, spoliation. These divergent retention and preservation requirements cause tremors in

many organizations and can lead to an environment in which employees are hesitant to

dispose of any materials due to fear of falling into the chasms of non-compliance and

spoliation.

Finally, all organizations wrestle with the tension between the imperative to maintain

records with business and legal compliance value and the desire to reduce costs and

potential risks by clearing out unnecessary, duplicative, and superseded information. Often,

organizations err on the side of over-preservation in the hopes of avoiding negative

consequences related to inappropriate record disposal. However, such a decision inevitably

results in the retention of unnecessary records. “A recent survey of corporate CIOs and

general counsels conducted at a Compliance, Governance and Oversight Council (“CGOC”)

summit [in 2012] found that typically only 1 percent of corporate information is on litigation

hold, only 5 percent is in a records retention category and a mere 25 percent has any current

business value.”9 Accordingly, this survey suggests that nearly seventy percent of data

maintained within companies has no legal, regulatory, or business value. Retention of such

“data debris” can create risks, burdens, and costs associated with its storage, maintenance,

and oversight, with regard to potential cyber-risks and the costs of maintaining insurance

coverage against such risks, and with regard to future litigation and government inquiries.

While fault lines continue to develop (and, in some cases, widen) as companies and

organizations retain ever-greater volumes of information of various types and formats,

technologies are beginning to emerge that offer opportunities to bridge these divides. For

instance, a number of technology companies now offer enterprise-wide solutions that apply

records management rules and default retention periods to electronic records on the basis of

their categorization. Some of these tools go ever further by leveraging the ability of software,

such as predictive coding tools, often integrated in technology-assisted document review in

9 L. Luellig & and J. Frazier, A COBIT Approach to Regulatory Compliance and Defensible Disposal, 5 ISACA J. 31

(2013), http://www.isacajournal-digital.org/isacajournal/2013vol5#pg33.

http://www.isacajournal-digital.org/isacajournal/2013vol5#pg33


4

order to facilitate electronic record categorization for such enterprise-wide records

management solutions.

Technology Assisted Review

Over the past few years, courts have shown an increasing willingness to allow

parties to employ advanced technology-assisted review (“TAR”) technologies (and

particularly predictive coding) to facilitate document review. In 2014, opinions in several

cases have highlighted this emerging judicial acceptance of TAR tools, particularly in

disputes involving large volumes of electronic records.10

However, litigants are finding value

in TAR tools in other contexts as well, including early case assessment, quality assurance at

the end of a document review, and the examination of received document productions.

While courts have indicated that TAR technologies may be appropriate discovery

tools generally, fault lines have emerged regarding how these technologies should be

specifically applied. In the latter half of 2013, for example, much ado was made of the

court’s opinion in In re: Biomet M2a Magnum Hip Implant Products Liability Litigation,11

in

which the court addressed the parties’ disagreement regarding the identification of

discoverable documents in Biomet’s seed set, that was used to train the predictive coding

algorithm. The court ultimately declined to compel the identification, but noted Biomet’s

“unexplained lack of cooperation” and urged Biomet to “re-think its refusal.”12

In 2014, courts

continued to address disagreements between parties as to predictive coding. In Bridgestone

Americas, Inc. v. International Business Machines Corp.,13

the court approved Plaintiff’s

request to utilize predictive coding to review over two million documents identified by search

terms provided by the defendant, despite Defendant’s objection that the request constituted

an “unwarranted change in the original case management order” and that it was “unfair to

use predictive coding after an initial screening has been done with search terms.”14

The

court acknowledged that it was “to some extent, allowing Plaintiff to switch horses in

midstream” and thus reasoned that “openness and transparency in what Plaintiff is doing

[would] be of critical importance.”15

To that end, the court acknowledged and relied upon

Plaintiff’s assertion that they would provide the defendant with the seed documents “initially

used to set up predictive coding.”16

In contrast to the court’s decision in Bridgestone, the

court in Progressive Casualty Insurance Co. v. Delaney,17

declined to approve Plaintiff’s

unilateral decision to deviate from the agreed-upon e-discovery protocol and apply predictive

coding to those documents already identified by search terms.

10

See, e.g., Dynamo Holdings Ltd. P’ship v. Comm’r of Internal Revenue, 143 T.C. No. 9, 15 (T.C 2014)(approving Petitioner’s use of predictive coding to identify potentially responsive privileged data contained on two backup tapes despite Respondent’s objection that the technology was “unproven” and reflecting the court’s understanding that “the technology industry now considers predictive coding to be widely accepted for limiting e-discovery to relevant documents and effecting discovery of ESI without an undue burden”); F.D.I.C. v. Bowden, No. CV 413-245, 2014 Wl 2548137, at *13 (S.D. Ga. June 6, 2014) (addressing the parties’ disagreement over an appropriate ESI protocol and instructing the parties to “consider the use of predictive coding”). 11

No. 3:12-MD-2391, 2013 WL 6405156 (N.D. Ind. Aug. 21, 2013). 12

Id. at *2. 13

No. 3:13-1196, 2014 WL 4923014 (M.D. Tenn. July 22, 2014). 14

Id. at *1. 15

Id. 16

Id. 17

No. 2:11-cv-00678-LRH-PAL, 2014 WL 3563467 (D. Nev. July 18,, 2014) amending and superseding 2014 WL 2112927 (D. Nev. May 20, 2014).


5

2015 will likely see additional disputes regarding the use of TAR technologies in

litigation, and many such disputes are likely to involve more nuanced questions related to the

particular utility of certain TAR tools and specific functionalities, settings, and standards

incorporated within such tools. In addition, other TAR technologies beyond predictive coding

will likely be assessed by courts in the coming months. For instance, courts will likely hear

disputes in the future regarding the suitability of alternative TAR tools that rely on pattern and

glyph recognition to facilitate discovery involving non-text-based documents, such as

images, maps, and photographs. While 2014 certainly reflected the growing judicial

awareness and acceptance of TAR technologies, 2015 promises to be a year in which the

details regarding the application of these technologies are subject to more granular review in

the courts.

Proposed Amendments to the Federal Rules of Civil Procedure

Even as the aftershocks of the 2006 amendments persist and practitioners and

courts continue to struggle with the proper application of those changes,18

new fault lines are

beginning to emerge as proposed amendments to the Federal Rules of Civil Procedure once

again wend their way through the approval process.

In 2010, following the May Conference on Civil Litigation at Duke University Law

School, there emerged “near-unanimous agreement” that “the disposition of civil actions

could be improved by advancing cooperation among parties, proportionality in the use of

available procedures, and early judicial case management.”19

Accordingly, significant work

was undertaken by the Advisory Committee on the Federal Rules of Civil Procedure to

promulgate proposed amendments in accordance with the conclusions of the conference.

Currently, proposed amendments to the federal rules are making their way through the

approval process and will become effective in December 2015 if approved at all stages.

Proposals related to two rules in particular have generated significant debate and warrant

specific attention.

Rule 26 and Proportionality: Rule 26 is a foundational rule of discovery that would

be significantly affected by adoption of the proposed amendments. In particular, the

proposed amendments would serve to better highlight the importance of proportionality by

moving the factors currently present in Rule 26(b)(2)(C) (plus one new factor, “the parties

relative access to relevant information”) into Rule 26(b)(1), which governs the scope of

discovery. “The Committee’s purpose in returning the proportionality factors to Rule 26(b)(1)

is to make them an explicit component of the scope of discovery, requiring parties and courts

alike to consider them when pursuing discovery and resolving discovery disputes.”20

Notably, in response to significant public comment, the Committee took pains to make clear

that the amendment is neither intended to shift the burden of establishing proportionality to

the requesting party nor to provide a new basis for refusing discovery. Rather, the change

18

E.g., compare Anderson Living Trust v. WPX Energy Prod. LLC, 298 F.R.D. 514, 514 (D.N.M. 2014) (concluding that “the term “documents” in rule 34(b)(2)(E)(i) does not include ESI, and, thus, the rule 34(b)(2)(E)(i) requirement that documents be produced either in the usual course of business or labeled to correspond to categories in the request does not apply to ESI.”), with Venture Corp. Ltd. v. Barrett, No. 5:13-cv-03384-PSG, 2014 WL 5305575 (N.D. Cal. Oct. 16, 2014) (analyzing the proper application of Rule 34 and applying the requirements of Rule 34(b)(2)(E)(i) to Plaintiff’s document production). 19

COMMITTEE ON RULES OF PRACTICE AND PROCEDURE, REPORT OF THE JUDICIAL CONFERENCE, at Appendix B-2 (September 2014) available at http://www.uscourts.gov/uscourts/RulesAndPolicies/rules/Reports/ST09-2014.pdf [hereinafter REPORT OF THE JUDICIAL CONFERENCE]. 20

Id. at B-8.

http://www.uscourts.gov/uscourts/RulesAndPolicies/rules/Reports/ST09-2014.pdf


6

should “prompt a dialogue among the parties and, if necessary, the court, concerning the

amount of discovery reasonably needed to resolve the case.”21

Another important proposed

amendment to Rule 26(b)(1) would delete “the reference to broader subject matter discovery,

available upon a showing of good cause,”22

where, “[i]n the Committee’s experience, the

subject matter provision is virtually never used, and the proper focus of discovery is on the

claims and defenses in the litigation.”23

Other proposed amendments to Rule 26(b)(1) would

delete the laundry list of discoverable matters currently present in the rule and revise

language addressing the admissibility of information within the scope of discovery, to curtail

tendencies to rely on such language to justify expansive interpretations of scope.

Rule 37 and Preservation: Another major proposed amendment would replace

current Rule 37(e) entirely. Although the current Rule 37(e) was intended to provide some

safe harbor against sanctions for the loss of information “as a result of the routine, good-faith

operation of an electronic information system,” it has not been broadly applied. As a result,

and because parties are keen to avoid the consequences of being deemed a spoliator, costly

and often unwarranted over-preservation has become a major problem. This over-

preservation and a troublesome lack of uniformity in the way courts have approached the

loss of ESI (which contributed to the problem of over-preservation) led to the conclusion that

the “time had come for a more detailed rule.”24

Thus, although the proposed new Rule 37 —which applies only to electronically

stored information—does not provide specific direction regarding when the preservation

obligation is triggered or its proper scope, it “authorizes and specifies measures a court may

employ if information that should have been preserved is lost, and specifies the findings

necessary to justify these measures.”25

In other words, it reduces uncertainty which may, in

turn, allow parties to make better informed decisions regarding preservation. For example,

although courts would retain much of their discretion to impose measures “no greater than

necessary” to cure prejudice arising from the loss of ESI “that should have been preserved”

in anticipation of litigation, they would be precluded from imposing certain major sanctions,

including an adverse inference, absent a finding that the spoliating party “acted with the

intent to deprive another party of the information’s use in the litigation.”

Although too numerous to be discussed in detail here, it is important to note that in

addition to Rules 26 and 37, other potentially affected rules include 1, 4, 16, 30, 31, 33, 34,

55, and 84.

Where the proposed amendments, if adopted, are likely to significantly affect the

discovery landscape once again, and in light of the experience of many who are still

adjusting to the changes brought about in 2006, it is wise to consider in advance how the

proposed changes may affect day to day practice and to plan accordingly.

21

Id. 22

Id. at B-9. 23

Id. 24

Committee on Rules of Practice and Procedure, Agenda Materials, Washington, D.C., May 29-30, 2014, at 306 available at http://www.uscourts.gov/uscourts/RulesAndPolicies/rules/Agenda%20Books/Standing/ST2014-05.pdf#pagemode=bookmarks. 25

REPORT OF THE JUDICIAL CONFERENCE, Proposed Rule 37(e) Committee Note, at B-58.

http://www.uscourts.gov/uscourts/RulesAndPolicies/rules/Agenda%20Books/Standing/ST2014-05.pdf#pagemode=bookmarks

http://www.uscourts.gov/uscourts/RulesAndPolicies/rules/Agenda%20Books/Standing/ST2014-05.pdf#pagemode=bookmarks


7

Conclusion

It is clear from even this brief overview that the landscape of discovery is once again

in flux. And, although we may all have our predictions about what changes may (or may not)

result, there can be no certainty until the shaking has stopped and there is time to examine

the terrain. Nonetheless, where the fault lines are clearly identified, we are all well-advised

to be prepared to move to new ground.

Authors:

Daniel R. Miller

[email protected]

+1.412.355.6501

Bree Kelly

[email protected]

+1.206.370.6604

Anchorage Austin Beijing Berlin Boston Brisbane Brussels Charleston Charlotte Chicago Dallas Doha Dubai Fort Worth Frankfurt

Harrisburg Hong Kong Houston London Los Angeles Melbourne Miami Milan Moscow Newark New York Orange County Palo Alto Paris

Perth Pittsburgh Portland Raleigh Research Triangle Park San Francisco São Paulo Seattle Seoul Shanghai Singapore Spokane

Sydney Taipei Tokyo Warsaw Washington, D.C. Wilmington

K&L Gates comprises more than 2,000 lawyers globally who practice in fully integrated offices located on five continents. The firm represents leading multinational corporations, growth and middle-market companies, capital markets participants and entrepreneurs in every major industry group as well as public sector entities, educational institutions, philanthropic organizations and individuals. For more information about K&L Gates or its locations, practices and registrations, visit www.klgates.com.

This publication is for informational purposes and does not contain or convey legal advice. The information herein should not be used or relied upon in regard to any particular facts or circumstances without first consulting a lawyer.

© 2015 K&L Gates LLP. All Rights Reserved.

http://www.klgates.com/daniel-r-miller/

http://www.klgates.com/bree-d-kelly/

http://www.klgates.com/

THE LONG-AWAITED PROPOSED FRCP RULE 37(e) 1

THE LONG-AWAITED PROPOSED FRCP RULE 37(e), ITS WORKINGS AND ITS GUIDANCE FOR ESI PRESERVATIONJames S. Kurz, Daniel D. Mauler, and Jacquelyn A. Jones Redmon, Peyton & Braswell, LLP

T he FRCP rule-makers have sent to the U.S. Judicial Conference for consideration in Sep-tember 2014 their electronically stored information (ESI) preservation rule, proposed Rule 37(e). Judge David Campbell, the chair of the Advisory Commit-tee on Federal Rules of Civil Procedure, has said that “37(e) is the most challenging task any of us on the committee have ever undertaken.”

The proposed rule presents a uniform process and standard which will resolve the split among the circuits on the availability of the most serious ESI spoliation sanctions. Proposed Rule 37(e) will replace entirely the current subpart, and, as stated in the Committee Note, “forecloses reliance on inherent authority or state law to determine when certain [curative or sanctioning] measures should be used.” The new standard will permit the most serious sanc-tions only when there is proof of an “intent to deprive” the harmed party of the use of the ESI in its case.

The new Rule 37(e) will also be the only civil rule that speaks, albeit indirectly, to the duty to preserve ESI. The rule-makers provide for the first time a genuine safe harbor for those who take timely “rea-sonable steps” to preserve ESI. While this may appear to be only abbreviated guidance, the chosen wording taps into case law and literature that offer substantial definitions of the processes businesses should follow in ESI preservation.

Proposed Federal Rule 37(e)

FAILURE TO PRESERVE ELECTRONICALLY STORED

INFORMATION

If electronically stored information that should have been preserved in the anticipation or con-duct of litigation is lost because a party failed to take reasonable steps to preserve the infor-mation, and the information cannot be restored or replaced through additional discovery, the court may:

(1) Upon a finding of prejudice to another party from loss of the information, order measures no greater than necessary to cure the prejudice;

(2) Only upon a finding that the party acted with the intent to deprive another party of the information’s use in the litigation,

(A) presume that the lost information was unfavorable to the party;

(B) instruct the jury that it may or must pre-sume the information was unfavorable to the party; or

(C) dismiss the action or enter a default judgment.

WHITE PAPER SERIES 2014

THE LONG-AWAITED PROPOSED FRCP RULE 37(e)2

Section I of this commentary introduces proposed Rule 37(e). Section I.A maps the rule, while I.B of-fers a summary of the rule’s history and of the road ahead. Section 1.C parses Rule 37(e) drawing on the Committee Note. In Section II, the coverage turns to the practical side of the safe harbor offering. Section III summarizes.

SECTION I: THE PROPOSED ESI PRESERVATION RULE

The U.S Judicial Conference Committee on Rules of Practice and Procedure (the “Standing Committee”) approved in late May 2014 proposed Rule 37(e). The Advisory Committee’s Judge Campbell explains that the proposal sent to the Standing Committee “moved toward a more simple and modest rule….”

Given the complexity of the challenge, the rule on its surface is surprisingly simple—the following graphic maps the Decision Tree for the rule in three stages.

First, rather than generally dealing with lost evidence, the proposed rule addresses only lost ESI. The Rule

applies only when a 3-part test is met, essentially providing a safe harbor. Second, if there is a finding of prejudice because the ESI has been lost, then a court may impose remedies to cure the prejudice, but no more. And third, the most serious remedies may only be utilized after a finding of “intent to deprive” the use of the lost ESI. Parts 2 and 3 are separate— a litigant does not have to satisfy the “prejudice” finding necessary for Part 2 to get to Part 3.

A. The Road to the Proposed Rule and the Way Ahead

Understanding the challenge of addressing ESI spoli-ation begins with recognizing that the volume of ESI files expands at warp speed. Businesses must man-age their ESI or else be buried in their data. Routine deletion of ESI has become an accepted part of the ESI management process. The U.S. Supreme Court in Arthur Andersen LLP v. United States, 544 U.S. 696 (2005) recognized that these processes “which are created in part to keep certain information from getting into the hands of others, including the Gov-ernment, are common in business,” and that it is “not

DECISION TREE for PROPOSED RULE 37(e)

When Will Proposed Rule 37(e) Apply?

ESI that should have been preserved in the anticipation or conduct of

litigation lost

AND

Because a party failed to take responsible steps to preserve

the information

AND

Information cannot be restored or replaced through

additional discovery

What May a Court Order If There Is a Finding of Prejudice?

If finding of prejudice…Order measures no greater than necessary to cure the prejudice

What May a Court Do After a Finding of

“Intent to Deprive” Use of ESI?

Presume that the last information was unfavorable to the party

OR

Instruct the jury that it may or must presume the information was unfavorable to the party

OR

Dismiss the action or enter a default judgment


wrongful for a manager to instruct his employees to comply with a valid document retention policy under ordinary circumstances.”

But one party may view the opposing party’s ESI management as the destruction, of relevant evidence. A consequence of this conflict coupled with legal uncertainties as to the resolution has produced a series of high-stakes, high-cost spoliation battles. The ESI Preservation Rule must referee these battles, and hopefully defuse them.

During the consideration of the 2006 rules amend-ments, the fight over how to handle ESI preservation and spoliation was the greater part of the debate. As the debate raged on, the rule-makers appreciated that while they could defer for several years, eventually they would have to address head-on the ESI preserva-tion and spoliation issue. Following the 2010 Duke Conference, which was convened primarily to start the process towards promulgation of a revised Pres-ervation Rule, and a 2012 Dallas mini-conference, a package of proposals, including a proposed Rule 37(e), was published in August 2013. Since publica-tion, these proposals have attracted more than 2,300 written comments.

The Advisory Committee met in April 2014 in Portland, Oregon to consider the revised rules pack-age. An earlier version of proposed Rule 37(e) in the Agenda Book was by-passed on Day 1 of the meet-ings. This soon-to-be discarded version employed the terms “bad faith” and “willful,” which had become the hot-button words in the debate, and offered a list of factors a court might consider. A substantially rewritten and shortened proposal appeared the next morning. It is the rewritten proposed rule with a later-added Committee Note that emerged.

The revised proposed Rule 37(e) went before the Standing Committee in late May 2014. The Stand-ing Committee approved the proposed rule with just a few changes to the Committee Note. The proposal will soon be before the Judicial Confer-ence. If approved, as expected, then the package will move to the Supreme Court and then to Congress. If the Court adopts the changes before May 1, 2015, and Congress leaves the proposed amendments untouched, the amendments will become effective December 1, 2015.

B. Proposed Rule 37(e) Parsed

The rule-makers see proposed Rule 37(e) as the single rule for dealing with lost ESI. As confirmed in the Committee Note, the proposed rule is intended to replace entirely current Rule 37(e) and eliminate analysis of ESI spoliation issues grounded on a court’s inherent authority.

The rule will resolve the current split among the circuits, explicitly rejecting the Second Circuit’s position.

Committee Note: It rejects cases such as Residen-tial Funding Corp. v. DeGeorge Financial Corp., 306 F.3d 99 (2d Cir. 2002), that authorize the giving of adverse-inference instructions on a finding of negligence or gross negligence.

The Second Circuit’s negligence analysis represents one end of the spectrum on the requisite showing to support an adverse inference instruction. In con-trast, the Tenth Circuit rejects this approach, and requires proof of bad faith loss of the information. See, e.g., Aramburu v. Boeing Co., 112 F.3d 1398, 1407 (10th Cir. 1997) (“The adverse inference must be predicated on the bad faith of the party destroying the records. Mere negligence in losing or destroying records is not enough because it does not support an inference of consciousness of a weak case.”)

Regarding reliance on a court’s “inherent authority” as an alternative basis for imposing sanctions, the Committee Note reads:

Committee Note: It therefore forecloses reliance on inherent authority or state law to determine when certain measures should be used. The rule does not affect the validity of an independent tort claim for spoliation if state law applies in a case and authorizes the claim.

A court’s inherent authority has become for some courts the source of the authority to deal with ESI spoliation, including the authority for imposing even the most serious spoliation sanctions.

For example, in The Pension Committee of the Univer-sity of Montreal Pension Plan. v. Banc of America Secu-rities, LLC, 685 F. Supp. 2d 456, 464 (SDNY 2010), Judge Scheindlin writes that the “right to impose


sanctions for spoliation arises from a court’s inherent power to control the judicial process and litigation.” According to Judge Scheindlin, the court’s inherent authority to punish spoliation arises from “the need to preserve the integrity of the judicial process in order to retain confidence that the process works to uncover the truth.”

The rule-makers would eliminate entirely this “inher-ent authority” basis for spoliation sanctions.

The proposed rule has three parts: (1) The 3-step test for when the rule will apply, (2) “prejudice” and the middle ground remedies, and (3) proof of “intent to deprive” as the only route to the most serious sanctions.

1. When Does the Rule Apply? Is this the Safe Harbor Missing from the Current Rule?

The proposed rule addresses only lost ESI. Earlier versions of a replacement rule attempted much broader coverage. But on Day 2 of the Portland meetings, the proposal narrowed to just ESI, and further narrowed to only ESI lost because a party “failed to take reasonable steps to preserve.” The rule begins with the 3-step test shown in the following graphic.

a. ESI Preservation Duty and Trigger.

The inquiry begins with the preservation trigger event —the proposed rule applies only to ESI “that should have been preserved in the anticipation or conduct of litigation….” The Committee Note confirms that this does not create a new duty to preserve, but draws on the existing common law duty:

Committee Note: Many Court decisions hold that potential litigants have a duty to preserve relevant information when litigation is reasonably foreseeable. Rule 37(e) is based on this common-law duty; it does not attempt to create a new duty to preserve. The rule does not apply when infor-mation is lost before a duty to preserve arises.

b. Reasonable Steps to Preserve.

The proposed rule next limits its application to ESI that was lost “because a party failed to take reason-able steps to preserve the information….” The Com-mittee Note explicitly identifies that only “reasonable steps” should be required.

Committee Note: This rule recognizes that “reasonable steps” to preserve suffice; it does not call for perfection.

“Reasonable steps” stands as the safe harbor from spoliation sanctions that was heralded in the 2006 eDiscovery amendments, but which turned out to be an illusion. The pursuing party will show that ESI has been lost, and that the other party was on notice to preserve. The defense then likely centers, as least ini-tially, on the preservation steps taken. If the defend-ing party demonstrates that it took reasonable steps to preserve ESI, then the spoliation claim should fail.

The Committee Notes then adds proportionality as a factor:

Committee Note: Another factor in evaluating the reasonableness of preservation efforts is proportionality.

By softening preservation requirements to what may be proportional to what is at stake, the rule-makers ratcheted downward the practical preservation requirements for routine litigation, including most employment cases. In the rule as drafted heading into the Portland meetings, proportionality was one of

When Will Proposed Rule 37(e) Apply?

ESI that should have been preserved in the anticipation or conduct of litigation is lost

AND

Because a party failed to take reasonable steps to preserve the information

AND

Information cannot be restored or replaced through additional discovery


five factors in assessing a party’s conduct. The pro-posed rule makes no mention of proportionality; cov-erage is relegated to the Committee Note. The Note also recognizes that the party’s sophistication should be considered when a court analyzes whether a party realized what should have been preserved.

c. Will Curative Measures Remedy the ESI Loss?

A court should not go any further in the analysis if the ESI loss can be “restored or replaced through additional discovery.” The Committee Note repeats this point:

Committee Note: Rule 37(e) directs that the ini-tial focus should be on whether the lost informa-tion can be restored or replaced through additional discovery…. If the information is restored or replaced, no further measures should be taken.

In many ESI cases this third part will end the inquiry. What may appear to be lost often can be located else-where. For instance, a custodian’s emails deleted from an Exchange database might be found on backup tapes, or possibly in another custodian’s files. Before a court explores prejudice and searches for appropriate remedies, it must consider the possibility that seem-ingly lost ESI can be restored or replaced.

2. If There Is a Finding of Prejudice, What May a Court Order?

Only if the 3-step test described above is met does a court continue with its analysis. The question in subpart (e)(1) of proposed Rule 37(e) is whether there is a “finding of prejudice.” If so, then a court may reach into its bag of remedies, but may “order mea-sures no greater than necessary to cure the pre-judice.” The remedies available at this stage do not include the most serious sanctions—the adverse inference instruc-tion and dismissal. These sanctions may be imposed only under subpart (e)(2).

The Committee Note emphasizes that the proposed rule is purposefully vague on which party has the burden of proving or disproving prejudice.

Committee Note: The rule does not place a burden of proving or disproving prejudice on one party or the other.

As to the available remedies, Judge Campbell explains that “one of our intentions is to preserve broad re-medial powers for judges in (e)(1).” The Committee Note provides:

Committee Note: The rule leaves judges with dis-cretion to determine how best to assess prejudice in particular cases.

The available remedies are not listed, but case law identifies financial penalties, payment of attorneys’ fees, evidentiary limitations, and maybe that certain facts are deemed proved. A close reading of the pro-posed rule and the Committee Note identifies these actions as remedies, not “sanctions.”

3. A Court May Give an Adverse Inference Instruction or May Dismiss Claims or Enter Default Judgment Only After a Finding of an “Intent to Deprive” the Use of the ESI.

The center of the ongoing debate has been the required showing before a court may give an adverse inference jury instruction, dismiss claims, or enter a default judgment. As noted above, some courts have required proof of black-hearted destruction of ESI, while the Second Circuit has authorized giving an adverse inference instruction based on a finding of negligence or gross negligence. The rule-makers intend a uniform standard, and they reject the Second Circuit’s approach. And, as explained above, the “inherent authority” avenue would be blocked.

The Committee Note could not be clearer on this:

Committee Note: It is designed to provide a uniform standard in federal court for the use of these serious measures when addressing failure to preserve electronically stored information. It rejects cases such as Residential Funding Corp.

What May a Court Order If There Is a Finding of Prejudice?

If finding of prejudice…

Order measures no greater than necessary to cure the prejudice.


v. DeGeorge Financial Corp., 306 F.3d 99 (2d Cir. 2002), that authorize the giving of adverse-inference instructions on a finding of negligence or gross negligence.

The rule-makers chose to provide only general directions for ESI preservation, not detailed rules. The Committee’s Comments from the 2010 Duke Conference reveal that the Committee considered three approaches to answering the preservation issue. One was an explicit preservation rule that detailed when and how ESI must be preserved. A second option considered a general preservation rule, but still a “front-end” solution, that is, fairly explicit directions or guidelines for the ESI preservation process. The third option, a “back end” approach, focuses on the availability of a genuine safe harbor and the consequences for failure to preserve. The rule-makers pursued this last option, stating that a party should not be sanctioned if it has taken “reasonable steps to preserve the information.”

The critical question then becomes what are the rea-sonable steps contemplated in the rule? The Sedona Commentary includes Guidelines for defensible pres-ervation processes. From these Guidelines it is a fairly small step to specifying processes that provide an ESI preservation solution that should meet the proposed Rule 37(e) “reasonable steps” standard.iii

The Sedona Commentary distills the requirements to “reasonableness and good faith” with recognition of proportionality.

The keys to addressing these issues, as with all discov-ery issues, are reasonableness and good faith. Where ESI is involved, there are also practical limitations due to the inaccessibility of sources as well as the volume, complexity and nature of electronic infor-mation, which necessarily implicates the proportion-ality principles, found in Rule 26(b)(2)(C)(iii).

If the Commentary stopped after this recitation, then the assistance would be far too general. The Com-mentary goes on to offer its Guidelines for a sufficient Legal Hold, documentation of the preservation processes, and regular review.iii

The Commentary, and in particular Guidelines 8, 9 and 10, are seen as identifying the “reasonable steps” in proposed Rule 37(e). In other words, implement-ing and following the Guidelines will show that a party has taken the reasonable steps to navigate to the safe harbor described in the rule.

The chosen test centers on proof of “an intent to deprive.” The proposed rule language reads: “Only upon a finding that the party acted with the intent to deprive another party of the use of the informa-tion in the litigation.” If there is any confusion in this language, the Committee Note emphasizes the restriction:

Committee Note: Subdivision (e)(2) limits the ability of courts to draw adverse inferences based on the loss of information in these circumstances, permitting them only when a court finds that the information was lost with the intent to prevent its use in litigation.

Only if this hurdle is cleared does the door open to the serious sanctions.

SECTION II: THE PRACTICAL SIDE — THE “REASONABLE STEPS” SAFE HARBOR

If approved, then proposed Rule 37(e) will be the only federal civil rule that speaks to the scope of a party’s duty to preserve. While the rule might appear threadbare, the debate history and literature provide guidance on “reasonable steps.” Key in this history is the Sedona Conference’s 2010 Commentary on Legal Holds: The Trigger and the Process.i

What May a Court Do After a Finding of “Intent to Deprive” Use of ESI?

Presume that the lost information was unfavorable to the party

OR

Instruct the jury that it may or must presume the information was unfavorable to the party

OR

Dismiss the action or enter a default judgment


SECTION III: SUMMARY

The process leading to proposed Rule 37(e) began with the 2010 Duke Conference. If the amendment process stays on course, the replacement rule will become effective on December 1, 2015.

Proposed Rule 37(e) has an appearance of simplicity. This design is so the proposed rule will be the sole authority for federal courts to impose ESI spoliation remedies or sanctions; the court’s “inherent author-ity” as a basis for spoliation sanctions is pushed aside. In practice, the proposed rule may well be relatively simple to apply. But appreciation of the rule comes only with an understanding of the issues, the history, and the ongoing debate.

Unlike most procedural rules, this proposed rule has substantial business implications. As demands to manage ESI increase, businesses are seeking guid-ance on what must be preserved to avoid spoliation claims and sanctions. The circuit split and vague directions have led to costly over-preservation. Proposed Rule 37(e) will be the single rule to pro-vide ESI preservation guidance, including at least the identification of the “reasonable steps” that define a safe harbor.

i The Sedona Conference published a 2007 version of the Commentary which was revised in 2010. ii As an example of a real-world solution designed based on the Commentary Guidelines, the article turns to J. Kurz, A Trial Lawyer’s Wish List: A Legal Hold and Data Preservation Management Solution (accessed from the eDiscovery page on Redmon, Peyton & Braswell website (www.RPB-law.com).iii Guidelines 8, 9 and 10 from the 2010 Sedona Commentary read:

Guideline 8:In circumstances where issuing a legal hold notice is appropriate, such a notice is most effective when the orga-nization identifies the custodians and data stewards most likely to have relevant information, and when the notice:(a) Communicates in a manner that assists persons in

taking actions that are, in good faith, intended to be effective

(b) Is in an appropriate form, which may be written(c) Provides information on how preservation is to

be undertaken(d) Is periodically reviewed and, when necessary,

reissued in either its original or an amended form, and(e) Addresses features of relevant information systems

that may prevent retention of potentially discoverable information.

Guideline 9:An organization should consider documenting the legal hold policy, and, when appropriate, the process of imple-menting the hold in a specific case, considering that both the policy and the process may be subject to scrutiny by opposing parties and review by the court.

Guideline 10:Compliance with a legal hold should be regularly monitored.


ABOUT REDMON, PEYTON & BRASWELL LLP

Redmon, Peyton & Braswell LLP is, by design, a boutique law firm in Alexandria, Virginia, less than seven miles from the U.S. Capitol. Many of the Firm’s attorneys practiced previously with AmLaw 100 firms. Our goal is to provide the same quality representa-tion that clients expect from a large law firm but at substantially lower costs. We strive to solve our clients’ problems in economically sensible ways.

Our lawyers are recognized as SuperLawyers and Rising Stars, listed among the Legal Elite and the Best Lawyers in America, and rated AV® Preeminent by their peers. We include among us a former U.S. Supreme Court law clerk and law professor, and fed-eral Courts of Appeals and District Court law clerks. Attorneys from the Firm have served as presidents of the Alexandria Bar Association, the Federal Bar Association (Northern Virginia Chapter), and the Northern Virginia Bankruptcy Bar Association. Our lawyers practice across the Washington, D.C. metropolitan area, primarily in Northern Virginia.

The Firm’s Commercial Litigation practice takes us into areas of eDiscovery, ESI Preservation and Information Governance. We advise our clients, including many smaller and mid-sized businesses, on compliance with ESI preservation duties. Our web-based ESI Preservation management solution, HOLD•PRESERVE•COMPLY, provides a low-cost method to meet increasing preservation obligations in both federal and state court litigation. In the broader field of Information Governance, we counsel busi-nesses regarding email and record retention policies, legacy and cloud data management, and social media and BYOD practices.

THE AUTHORS

James S. Kurz James Kurz’s law practice builds on his experience as a litigation partner with two AmLaw 100 firms, his time as a federal prosecutor, and his work as a federal government antitrust attorney. He has extensive courtroom experience (including more than 180 trials to verdict) that include computer, software and communications technologies cases. Central to his law practice today are the challenges of eDiscovery and the complexities of Information Governance.

Daniel D. MaulerAs a trial lawyer with a background in information technology systems, Dan Mauler gravitates to tech-nology-intensive cases. Mr. Mauler graduated cum laude from the Georgetown University Law Center where he served as an Articles Editor for The George-town Law Journal and as a Section Editor for The Thirty-Fourth Annual Review of Criminal Procedure. He developed his litigation skills as a competitor and coach in Georgetown Law’s trial advocacy program, and as an intern for Judge Richard Roberts in the U.S. District Court for the District of Columbia.

Jacquelyn A. Jones Jacqui Jones joined the Firm in 2014 following her clerkship with Judge Irene Burger in the U.S. District Court for the Southern District of West Virginia. She is a magna cum laude graduate of Vanderbilt Univer-sity and earned her law degree from the University of Virginia School of Law.

Redmon, Peyton & Braswell llp510 King Street • Suite 301 • Alexandria, VA 22314

(703) 684-2000 • www.rpb-law.comVisit the EDVA Update Blog at www.rpb-law.com/EDVAUpdate

1Hold • Preserve • Comply

HOLD • PRESERVE • COMPLY

A TRIAL LAWYER’S WISH LISTLegal Hold and Data Preservation

Management Solution

An Affordable, Quickly Deployable, and Lawyer-friendlyLegal Hold and Document/Data Preservation Solution

for Mid-sized Businesses

510 King Street • Suite 301 • Alexandria, VA 22314 • www.rpb-law.com

HOLD•PRESERVE•COMPLY


2 Legal Hold/Preservation Management Solution

Redmon, Peyton & Braswell LLP510 King StreetSuite 301Alexandria, VA 22314703-684-2000 | www.rpb-law.com

CONTENTS

Introduction 3

Wish List Solution Overview 4

The HOLD • PRESERVE • COMPLY System 5

1. Software-as-a-Service 5

2. System Elements 6

a. designGRID 6

b. TaskBlocks 7

c. Matter-Specific Hold Programs 8

3. System Functionality 8

a. Hold Program Implementation 9

b. Life Cycle Management and Reporting 10

4. Audit Reports 11

Summary 12

annrogers

Cross-Out



INTRODUCTION

This white paper describes a trial lawyer’s wish list for a legal hold and preservation management solution suitable for mid-sized businesses. The central, non-negotiable requirements for this solution are that it be legally defensible1 and court-ready. But to be feasible for many busi-nesses, the Wish List Solution must be affordable, quickly deployable and lawyer-friendly. The solu-tion should additionally suit multiple situations— a long-term preservation compliance choice, an interim solution for businesses still surveying the market and an emergency answer for the business that finds itself in litigation without any preserva-tion solution.

The Wish List Solution tackles two of com-mercial litigation’s current challenges—imposing and managing court-mandated document and data preservation programs while meeting aggres-sive electronic discovery schedules. Faced with these challenges, even sophisticated litigants often stumble at the outset of litigation, and to right themselves can be both chaotic and unnecessarily expensive.

The court-imposed duty to preserve records is real, and courts will impose equally real sanctions on those who fail to preserve relevant records. Judge Shira Scheindlin, one of the nation’s lead-ing eDiscovery jurists, emphasized this preserva-tion duty in her January 2010 Pension Committee2 opinion:

…the courts have a right to expect that litigants and counsel will take the necessary steps to ensure that relevant records are preserved when litigation is reasonably anticipated, and that such records are collected, reviewed and produced…

The judge continued, By now, it should be abundantly clear that the duty to preserve means what it says and that a failure to preserve records—paper or electronic—and to search in the right places for those records, will inevitably result in the spoliation of evidence.

Courts also expect litigants to provide elec-tronic discovery early in litigation. The 2006 eDiscovery amendments to the Federal Rules of Civil Procedure—as well as many state rules—now require formal preservation programs, early dis-covery conferences and comprehensive discovery plans with periodic reporting. In many jurisdictions, parties are directed to produce documents and electronically stored information within 60 days of Complaint filing.

The blunt message from the courts is that litigants must implement legal hold solutions that include meaningful and effective preserva-tion steps, and they must position themselves for nimble production of electronic records. The courts, however, stop well short of a practical description of how businesses may comply. A fair translation of the court mandates into real-world practices

1 The system tracks the requirements for a legally sound hold program as presented in the Commentary on Legal Holds: The Trigger and the Process, a paper published in August 2007 by the Sedona Conference (available at www.thesedonaconference.org).2 The Pension Committee of the University of Montreal Pension Plan. v. Banc of America Securities, LLC. — F.R.D. — (SDNY 2010)

HOLD•PRESERVE•COMPLY Legal Hold and Data Preservation Management Solution

An Affordable, Quickly Deployable, and Lawyer-friendly Legal Hold and Document/Data Preservation Solution

for Mid-sized Businesses



minimally means that businesses should acquire or develop the processes, including the necessary software tools, to design and implement legal hold and preservation programs, and to manage those programs throughout their lifecycles.

Far too many businesses currently reply on ‘paper and prayer’ solutions, or worse yet, rudimen-tary plans and unimplemented programs. From a trial lawyer’s perspective, this situation is not only untenable, but completely unnecessary. With mod-est planning and effort supported by appropriate tools, businesses can change course.

To be clear, the described Wish List Solution is not a substitute for an Electronic Content Manage-ment or Records Management system. The solu-tion’s purpose is to provide the processes, support-ed by the necessary tools, for businesses and their eDiscovery counsel, to (1) comply with the duty to preserve relevant records when litigation is at hand,

when litigation is reasonably anticipated or when regulation or statute requires preservation, and (2) be positioned for eDiscovery when matters cross into litigation.

WISH LIST SOLUTION OVERVIEW

A workable legal hold and preservation program (referred to in the literature as a “Hold Program,” and discussed below) consists of a set of tasks for plan implementation and then lifecycle manage-ment from inception through to eventual shut-down. The Wish List Solution, shown in the diagram below, provides the process and tools for designing, implementing and managing a Hold Program.

The eDiscovery Counsel stands as an essential player in the solution. The multiple decisions in the design, implementation and lifecycle management of a Hold Program, while in part IT decisions, are

DIAGRAM NO. 1 WISH LIST SOLUTION OVERVIEW



intertwined with legal issues best handled in ongo-ing consultation with an attorney who fully appreci-ates eDiscovery issues and maintains an in-depth understanding of the Client’s data storage architec-ture and available preservation capabilities.

The overall solution has three parts: (1) a third-party Software as a Service (“SaaS”) system, HOLD•PRESERVE•COMPLY from WebApps4Law.com, Inc., (2) the Client’s Preservation Infrastruc-ture and (3) a collaborative site—most likely a SharePoint® site —for the regular communications between and among eDiscovery Counsel, the Client and various trial counsel. This paper discusses the HOLD•PRESERVE•COMPLY system.

THE HOLD•PRESERVE•COMPLY SYSTEM

HOLD•PRESERVE• COMPLY provides the process-es and tools—principally the Hold Program design tool, referred to as the designGRID, and the soft-ware components to design, implement, manage and audit the matter-specific Hold Programs that the Wish List Solution employs.

1. Software as a Service (SaaS) HOLD•PRESERVE•COMPLY is Software as a Service. That is, it is software deployed over the internet. A third-party vendor hosts the servers which support the designGRID and which run the Web application software modules. Users access the system by secure Internet access. An underly-ing SQL database, also on the hosted servers, maintains all data associated with the system.

The SaaS model (above) helps contain costs and simplifies initial setup. Clients pay a periodic subscription fee—there are no required software licenses. Basic system setup for a Client involves entry of a business profile, assignment of user-names and passwords, and development of a first set of design TaskBlocks (TaskBlocks are discussed on page 7 and shown in Diagram No. 4). This quick deployment capability makes HOLD•PRESERVE• COMPLY attractive when a business finds itself facing litigation without any preservation solution in place.

DIAGRAM NO. 2SOFTWARE-AS-A-SERVICE MODEL

INTERNET

eDiscovery Counsel

WEB APPLICATIONS

SQL DATABASES

Client

ClientThe SaaS Model delivers:

n Lower over all costs.

n Enhanced security options.

n Quick initial deployment and setup.

Third party hosting vendors, such as RackSpace and SunGuard, provide secure access via high-speed internet connections.



2. System Elements

The HOLD•PRESERVE•COMPLY system is based on three essentials:

(1) The designGRID, the primary design tool,

(2) TaskBlocks, the basic building blocks for the designGRID, and

(3) The Hold Program, the set of tasks that comprises the hold and preservation plan for a specific matter.

a. designGRID

Think of the HOLD•PRESERVE•COMPLY design-GRID as a visual data map on steroids.

The designGRID (Diagram No. 3) presents the information from a business’ processes and data

map as a series of discrete administrative, review and data preservation tasks. The designGRID includes a series of Categories, and within each Cat-egory is a set of TaskBlocks. Since the designGRID describes the processes and data storage network for a single business, it will be unique for each busi-ness. eDiscovery Counsel, working with the Client legal department and IT staff, constructs and then maintains the custom designGRID.

The sample designGRID3 above includes 63 TaskBlocks organized under twelve Categories (e.g., Custodian Interview, Email, Enterprise Data-bases, SharePoint Sites and Websites). While the system can accommodate an unlimited number of Categories, in practice a typical business will require 15–25 Categories and 70–120 TaskBlocks to present its processes and data storage systems.

DIAGRAM NO. 3HOLD•PRESERVE•COMPLY designGRID

Think of the designGRID as a visual data map on steroids.

The designGRID becomes a visual data map showing the company’s data storage systems.

n Offers 70–120 administra-tive and collection task options organized under 15–25 category headings.

n Tracks computer and data storage systems unique to each company.

n Updates to reflect changes in the underlying computer and data storage systems.



b. TaskBlocks

The building blocks for the designGRID are indi-vidual, seven-field TaskBlocks. Each identifies all aspects of a single task. For example, the Database 4.0 TaskBlock4 is the discrete task for capturing data from a business’ in-house CRM database using a SELECT statement. The TaskBlock includes the task name, description, current status, and most importantly, the complete instructions for execut-ing the task. In the example, the TaskBlock instruc-tions specify the elements of the SELECT state-ment and include directions on where the resulting *.dbf file should be stored.

A different example might cover a series of closely related TaskBlocks to cover an entire Category such as a business’ SharePoint® Sites.

The Sedona Conference’s Commentary on Legal Holds at Guideline 8(d) advises that a Hold Program is most effective when it…“[c]learly defines what information is to be preserved and how the preser-vation is to be undertaken.” The TaskBlock design include the detailed task instructions, but if clear instructions require more than a paragraph or two, eDiscovery Counsel can embed a link to an instruc-tional video in the TaskBlock details.5

eDiscovery Counsel builds the designGRID beginning with a core set of TaskBlocks. This “starter” set will specify administrative and review procedures plus the procedures for handling e-mail and desktop application documents. As the busi-ness encounters new requirements, eDiscovery Counsel and the Client add additional categories

4 The system follows a standard numbering convention for TaskBlocks—Database 4.0 is the first statement of the TaskBlock; a revision of the TaskBlock will be identified as Database 4.1. Database 5.0 is a completely separate TaskBlock. 5 Preparation of instructional videos is now a simple, inexpensive exercise with Camtasia Studio 7 software for PCs and MACs.

DIAGRAM NO. 4HOLD PROGRAM: ALL TASK REPORT

The building blocks for the designGRID are individual, seven-field TaskBlocks.



and TaskBlocks as needed. For instance, when a legal hold requires capturing data from an ERP or CRM system, the detailed procedures associated with retrieval of relevant data from those databases will be added. Or, if the business introduces an email archive, the archive capabilities will be inte-grated into the TaskBlocks. Similarly, as the busi-ness’ computer systems and applications change, the designGRID specifications will be updated and modified to stay with the systems.

c. Matter-Specific Hold Programs

In HOLD•PRESERVE•COMPLY, a Hold Program consists of the multiple tasks for the hold and pres-ervation plan for a specific matter. The tasks are selected from the designGRID.

A Hold Program is constructed and managed in stages. The initial design stage includes the tasks for implementing the program and setting the periodic monitoring and review steps. After an early review, the Hold Program may need to be amended in a second stage, and then supplemented or modi-fied six months later, and so on. Even a relatively straightforward matter may progress through 12 to 15 stages in its lifecycle, where some stages are as simple as an addition of a single Review task while others might involve a total redesign of the Hold Program.

Available tasks for different types of matters can be pre-assembled as templates, referred to as Components and Protocols. Components are collections of TaskBlocks covering specific func-tions—for instance, the TaskBlocks for all the email preservation Tasks in a specific situation. Protocols are collections of tasks and Components, and may cover an entire matter—all tasks for an EEO Termi-nation Claim, for example.

3. System Functionality

The HOLD•PRESERVE•COMPLY software modules provide implementation and life-cycle manage-ment capabilities.

DIAGRAM NO. 5 — FOUR-STEP HOLD IMPLEMENTATION PROCESS

1Step One: New Matter

Step Two: Hold v No Hold Decision

Step Three: Hold Design

Step Four: Hold Tasks Assignments



a. Hold Program Implementation

Every matter tracks a set, auditable implementa-tion path, as shown in Diagram No. 5. The system implementation segment employs a four-step process that begins with basic fact identification and registration of the matter in the system, moves to the Hold v. No Hold Decision, and then, if the decision is to implement a hold, proceeds through the processes of Hold Design and Task Assignment.

In the Hold Design process, the User selects tasks from the designGRID (using the design- GRID itself, Category Pages, Components and Protocols). In a second pass, the user assigns the selected tasks using the Task Assignments Form (see Diagram No. 6). This form applies four

Multiple dropdown menus guide the User through Task Assignments. The menus present:

n Client’s support personnel individually.

n Client’s personnel as Matter Teams and Task Teams.

n Original data locations from Data Map/design-GRID.

n Preserved Data locations from the Preservation Infrastructure.

Client-specific dropdown menus—Client Personnel, Client Task Teams, Original Storage Locations, and Preserved Data Locations.

The culmination of this four-step process is a fully-designed Hold Program where all initial tasks are identified and assigned. Since entries at each step are written to the system’s underlying Microsoft SQL 2008 database, the task assignments can be communicated by email notification with instructions to login to the system and retrieve assignment details. The system relies on email only for general notification. The assignment details of a task and the reporting on progress are handled through the SQL database, with the necessary records maintained entirely in the database.

6 See Zubulake v. UBS Warburg LLC (“Zubulake IV”), 220 F.R.D. 212 (SDNY 2003) and Zubulake v. UBS Warburg LLC (“Zubulake V”), 229 F.R.D. 422 (SDNY 2004).

DIAGRAM NO. 6TASK ASSIGNMENTS FORM



b. Life Cycle Management and Reporting

n Periodic Monitoring and Review Judge Scheindlin’s Zubulake IV and V opinions6 instruct Counsel that Hold Programs requires regular monitoring and periodic reviews. The Sedona Commentary on Legal Holds, in Guideline 8(e), similarly emphasizes that Hold Programs “should be periodically reviewed and, when neces-sary, reissued in either its original or an amended form.” Indeed, a program lifecycle spans multiple years, especially in complex matters where the program will understandably change over time.

To assist with the process, HOLD•PRESERVE• COMPLY incorporates periodic monitoring and review processes through a series of Review TaskBlocks. The specific review plans and frequency are designated by eDiscovery Counsel and the Client. Reviews are preferably accomplished in

DIAGRAM NO. 7THREE-LEVEL DASHBOARD REPORTING

tAll Matters Report

pAll Tasks Report (for specific Matter)

tTask Details Form

matter groups or a cluster where the user as-sembles a Review Queue of matters scheduled for review and then completes the review process on a matter-by-matter basis using the Review Form shown above. Alternatively, a user can conduct a Single-Matter Review at any time.

n Management Reports The Management Reports include a four-tab Hold Summary for any specific matter and three sets of tiered reports. The primary report provides the Client with a dashboard view of every matter in the system. The report can be filtered and sorted as required. The tiered structure permits the Client to examine all tasks in a selected matter and also allows viewing the Task Details for any single Task. The primary Management Reports are the three-level Reports shown in Diagram No. 7.



The HOLD•PRESERVE•COMPLY management reports are designed as court-ready reports. That is, the reports are crafted to serve as pleading attach-ments and courtroom exhibits.

The HOLD•PRESERVE•COMPLY system addi-tionally tracks the Client’s preserved data by matter and by preservation location.

Consequently, eDiscovery Counsel or the Client can at any time query the system for a Preserved Data report on a specific matter (see Diagram 8). This critical report serves as the starting point for commencing eDiscovery when a matter advances to litigation.

4. Audit Capabilities

A Sedona specification, included as Guideline 9 of the Commentary on Legal Holds, states that the legal hold policy and the process of imple-menting the legal hold in a specific case “should

DIAGRAM NO. 8PRESERVED DATA (BY MATTER) REPORT

At any time, eDiscovery Counsel or the Client can query the system for a Preserved Data report on a specific matter. This critical report serves as the starting point for commencing eDiscovery when a matter advances to litigation.

be documented considering that both the policy and the process may be subject to scrutiny by the opposing party and review by the court.” The HOLD•PRESERVE•COMPLY system satisfies this specification and more.

When faced with a situation where relevant electronic data has been lost, a litigant will defend against spoliation claims and sanctions based, in great part, on the legal hold and data preservation processes followed. The system design includes the capability to produce the documentation to prove, if necessary, the complete processes fol-lowed for a specific matter. Towards this end, all activity on the system is captured and stored in four logs in the underlying SQL database. The individuals logs capture information by Matter, Client, User and designGRID. The activity infor-mation can be retrieved in one of several formats, including as *.xls and *.dbf files, to produce the requisite audit trail.



SUMMARY

The trial lawyer’s Wish List Solution described in this paper is designed for mid-size businesses that have sufficient litigation exposure to justify a hold and preservation solution, but to date have been reluctant buyers because of solution complexities and high price tags.

The situation for many businesses may well have changed. On one side, the courts have ratch-eted upwards the requirement that litigants have in place either before litigation or in the very early stages a hold and preservation solution—indeed, Judge Scheindlin’s 2010 Pension Committee opinion suggests that the courts’ patience has expired. On the other side, the described solution answers the practical concerns—the solution offers a legally defensible, yet economically attractive and quickly deployable solution. The interfaces, principally the

designGRID and the several information forms, are designed for attorneys and paralegals, the system users.

The Wish List Solution, built in part on the HOLD•PRESERVE•COMPLY system, is the all- purpose legal hold and preservation solution for mid-sized businesses—a long-term choice, an interim solution for businesses still surveying the market and an emergency answer for the business that finds itself in litigation.

For additional information, please contact:Redmon, Peyton & Braswell LLPJames Kurz | [email protected] King Street, Suite 301Alexandria, VA 22314tel: 703-684-2000 | www.rpb-law.com

EDDE JOURNAL PAGE 3

Editor

Thomas J Shaw, Esq. Tokyo, Japan

Committee Leadership

Editor’s Message Co-Chairs:

George L. Paul, Esq. Phoenix, AZ Lucy L. Thomson, Esq. Alexandria, VA

Steven W. Teppler, Esq. Sarasota, FL Eric A. Hibbard Santa Clara, CA

Vice-Chairs: Hoyt L. Kesterson II Glendale, AZ

Bennett B. Borden Richmond, VA SciTech Homepage

EDDE Homepage

Join the EDDE Committee © 2012 American Bar Association. All rights reserved. Editorial policy: The EDDE Journal provides information about current legal and technology developments in e-Discovery, digital evidence and forensics that are of professional interest to the members of the E-Discovery and Digital Evidence Committee of the ABA Section of Science & Technology Law. Material published in the EDDE Journal reflects the views of the authors and does not necessarily reflect the position of the ABA, the Section of Science & Technology Law or the editor(s).

Information Management Best Practices and the Generally Accepted Recordkeeping Principles

By John Isaza

Information Management sits at the cusp of the well-known E-Discovery Reference Model. In fact, this has been the most neglected aspect of the EDRM.net model for the last several years. However, in the past couple of years, Information Management finally has started creeping into the radar of General Counsel and others at the C-level of most organizations. This is brought on not only by the 2006 amendments to the Federal Rules of Civil Procedure, but more recently by new recordkeeping and compliance requirements under the Dodd-Frank Act (the “DFA”) and the anticipated recordkeeping regulations to be promulgated by the 20 or so agencies (at last count) created or affected by the DFA. Read more

Third Party Discovery By Greg Dickenson

With litigation discovery bloating into a seemingly uncontrollable monster, issues that previously seemed relatively clear cut have become the subject of worry. When third parties hold evidence, Federal Rule of Civil Procedure 45 (“Rule 45”) and its state analogues, address the issue of subpoena. But while Rule 45 considers the discovery of electronically stored evidence, third parties, whether service providers in the cloud, or elsewhere, will want to consider their retention obligations; and issues that once seemed clear cut now appear (I am obligated to make this pun) cloudy. This article is intended to provide a starting point for a third party to litigation regarding issues to consider. As such, the topics of discussion are the context of Rule 45, Read more

U.S. E-Discovery and Data Privacy: Solutions for Navigating Cross-Border Conflicts

By Alexander B. Hastings and Edward H. Rippey

Foreign data privacy and blocking statutes may present significant hurdles for entities conducting discovery pursuant to federal and state rules. And, such statutes may result in United States courts and foreign jurisdictions imposing civil and criminal penalties on parties conducting discovery. Consequently, entities must be mindful of potential conflicts as they navigate a litigation or government investigation that involves discovery of materials stored abroad. The first step in remaining vigilant of conflicts lies in identifying sources of tension between foreign privacy and domestic discovery rules. Read more

The Three-Legged Stool of eDiscovery Success: People, Process, & Technology

By Sonya Sigler

eDiscovery success depends on many things, but basically boils down to three essential ingredients: people, workflow/processes, and technology. I think about each of these three areas as the leg of a stool. Just as properly functioning legs are essential to be able to sit on the stool, each of these items is an essential ingredient to eDiscovery and eDiscovery won't go well if one of these is missing or is done poorly. People. It is important to reiterate that successful eDiscovery (which I define as finding the most relevant information in a timely and cost effective manner) is a delicate balance and mix of people, workflow and technology. Read more

SPRING 2012 VOLUME 3 ISSUE 2

EDDE JOURNAL A Publication of the E-Discovery and Digital Evidence Committee

ABA Section of Science & Technology Law

EDDE JOURNAL PAGE 2

By John Isaza

Information Management sits at the cusp of the well-known E-Discovery Reference Model (www.EDRM.net). In fact, this has been the most neglected aspect of the EDRM.net model for the last several years. However, in the past couple of years, Information Management finally has started creeping into the radar of General Counsel and others at the C-level of most organizations. This is brought on not only by the 2006 amendments to the Federal Rules of Civil Procedure, but more recently by new recordkeeping and compliance requirements under the Dodd-Frank Act (the “DFA”) and the anticipated recordkeeping regulations to be promulgated by the 20 or so agencies (at last count) created or affected by the DFA.

To that end, in 2009, the professional association of records and information managers (ARMA International), released a set of Generally Accepted Recordkeeping Principles (GARP®) for records and information management (“RIM”). GARP® is the culmination and amalgamation of years of best practices and various industry standards.1 ARMA now hopes GARP® will become as universally accepted as the GAAP principles in accounting.2

GARP® covers a set of eight records and information governance principles.3 The principles essentially codify best practices in the management of records and data systems, which includes compliance with specific legal recordkeeping requirements under federal and state laws.4 The concepts behind them also codify existing understanding and practice within the RIM field. They are intended in part to help make organizations compliant with foreign, federal and state requirements regarding the recordkeeping of information used to document organizational business decisions. The principles include: Accountability, Integrity, Protection, Compliance, Availability, Retention, Disposition, and Transparency – all principles that track nicely with requirements of major legislation such as Sarbanes-Oxley and DFA, as well as guidelines promulgated by the Sedona Conference, for instance. They offer an approach to records management that

1 In part 2 of this article in the next issue of the EDDE Journal will be a partial list of some of the standards and guidelines used to derive the GARP® principles, courtesy of Helen Streck, CEO of Kaizen InfoSource, LLC. 2 Fred Pulzello, ARMA International’s Hot Topics:The Imperative for Generally Accepted Recordkeeping Principles (2009), http://www.arma.org/press/Pdf/cio-today.pdf. 3 ARMA Overview, http://www.arma.org/about/overview/index.cfm; see also, John Montana, Esq. A Lens for Clarifying Legal Requirements, 45 Information Management Journal 33 (2d ed. 2011) (“ARMA International has the credentials and recognized expertise and credibility to stand as an authority recognized by courts and the legal system to offer persuasive guidance as to what constitutes acceptable RIM practice…”) 4 John Montana, Esq., A Lens for Clarifying Legal Requirements, 45 Information Management Journal 33 (2d ed. 2011); see also part 2 of this article in next issue of the EDDE Journal for some of the specific standards.

Information Management Best Practices and the Generally Accepted Recordkeeping Principles

EDDE JOURNAL PAGE 3

“may be of assistance to any organization, private or public, in protecting itself in the use of information assets, complying with applicable legislative and regulatory mandates, and designing and implementing effective records management programs. It focuses on the internal needs of organizations, including their obligation to respond to government investigations and to engage (or be engaged) in litigation.”5

When it comes to information management, the theory, in the context of the EDRM Model, is that robust RIM management will reduce the amount of data to preserve, collect, and analyze in discovery. Using the GARP® principles to manage records and information is a logical place to begin. These principles were designed to “assist organizations in developing record systems that comply with [recordkeeping standards].”6 In fact, “a safe harbor is provided under federal and state rules of discovery for the systematic good faith destruction of records pursuant to a proper records management program.”7 (Emphasis added.) Thus, compliance with recordkeeping and the commensurate legally compliant disposition of unnecessary data and/or records should ease the volume and burden of preservation, collection and review in eDiscovery.

A brief overview of each GARP® principle is listed below. In the remainder of this article, the author will apply the eight principles to the retention of email to illustrate how GARP® could help govern one critical source of records and information at all organizations. Since email is so prevalent at most organizations, and the cause of so many headaches, the management of it via GARP® is a logical example. I. SUMMARY OF THE GARP PRINCIPLES

The GARP® principles consist of the following: A. Accountability An organization shall assign a senior executive who will oversee a recordkeeping program and delegate program responsibility to appropriate individuals, adopt policies and procedures to guide personnel, and ensure program auditability.

B. Transparency The processes and activities of an organization’s recordkeeping program shall be documented in an understandable manner and be available to all personnel and appropriate interested parties.

5 Hon. Ronald Hedges, The Information Governance Maturity Model: A Foundation for Responding to Litigation (ARMA International 2011). 6GARP Preamble, http://www.arma.org/GARP®/preamble.cfm 7 Martin Susec, Esq. Calling 9-1-1: Avoiding Disaster Using GARP 36, 45 Information Management 4th ed. (2011), http://content.arma.org/IMM/Libraries/July-Aug_PDFs/IMM_0711_GARP_series_calling_911.sflb.ashx.

EDDE JOURNAL PAGE 4

C. Integrity A recordkeeping program shall be constructed so the records and information generated or managed by or for the organization have a reasonable and suitable guarantee of authenticity and reliability.

D. Protection A recordkeeping program shall be constructed to ensure a reasonable level of protection to records and information that are private, confidential, privileged, secret, or essential to business continuity.

E. Compliance The recordkeeping program shall be constructed to comply with applicable laws and other binding authorities, as well as the organization’s policies.

F. Availability The organization shall maintain records in a manner that ensures timely, efficient, and accurate retrieval of needed information.

G. Retention An organization shall maintain its records and information for an appropriate time, taking into account legal, regulatory, fiscal, operational, and historical requirements.

H. Disposition An organization shall provide secure and appropriate disposition for records that are no longer required to be maintained by applicable laws and the organization’s policies.8

II. APPLICATION OF GARP® TO EMAIL

Since email is ubiquitous yet dangerous if not managed properly, this section begins with a comprehensive analysis of email in relation to all eight GARP® principles. Not every principle affects retention or disposition that will lighten the load on eDiscovery of information such as emails. However, the totality of compliance with the GARP® principles should result in legally defensible retention and disposition of records. After all, a safe harbor is provided under federal and state rules of discovery for the systematic good faith destruction of records pursuant to a proper records management program.9 With GARP® governance in place, all non-records can be disposed of immediately or as soon as no longer needed for business purposes, subject to exception, of course, for legal holds. Accordingly, the purpose of this article is to illustrate examples that link compliance requirements under GARP® with email management, one of the most difficult sources of information to manage.

8 Id. 9 See Footnote 7.

EDDE JOURNAL PAGE 5

A) Accountability for Emails

The Principle of Accountability calls for the assignment of a senior executive who will oversee a recordkeeping program and delegate program responsibility. This Principle could be construed to require at least one senior executive to oversee the proper management of records, including those generated via emails. The Securities and Exchange Commission (SEC), for instance, calls for brokers and dealers to retain all “broker dealer communications” including records sent within the organization for a period of three years.10 The definition of a “communication” is extremely broad, and broker dealers have interpreted it to include not only email, but also text and instant messages. Thus, email needs to be managed based on content, and not based on the medium used to create it.11 By placing the responsibility of such a program in accountable hands, individuals within the organization should come to realize the importance and repercussions of email as a record. When it comes to managing the ubiquitous emails, the employees of all organizations have become, in effect, records managers. This means that email is not being managed properly, especially because most users do not have the time, inclination or training to manage email records.12 The solution is “to have devolved responsibility from the center, but not quite to the individual… To make it work, there must be formal accountability as defined by GARP®.”13 That is to say, then, when it comes to emails the senior executive overseeing recordkeeping, including emails, must “delegate program responsibility to appropriate individuals.”14

B) Transparency of Emails

The Principle of Transparency calls for documentation of a recordkeeping program in an “understandable” and widely available manner. For purposes of agency audits or investigations under Sarbanes-Oxley, for instance,

“the CEO and CFO have powerful incentives to be able to demonstrate to regulators and courts that their process for ensuring accuracy and completeness is in place, above board, and drives the correct outcomes. That translates into highly transparent, fully repeatable, and fully documented processes that can easily be understood by outsiders.” 15 (Emphasis added.)

10 17 C.F.R. 240.17a-4(b)(4). See also 12 C.F.R. Part 707, Appendix B, which regulates electronic “texts” for banks and banking operations. 11 See, e.g., Carl Weise, CRM, Principles for Email Management, ERM Expert Blog (April 29, 2010), downloaded from www.aiim.org/community/blogs/Principles-for-email (downloaded March 15, 2012) (“Email has to be managed according to its content, not its medium…”) 12 Debra Logan, Hot Topics: Principles for Gaining Control of Electronic Information HTT7 (2009), http://www.arma.org/pdf/HotTopic/Hot_topic0909.pdf. 13 Id. 14 GARP Principle of Accountability, www.ARMA.org/Garp. 15 John Montana, Esq., A Lens for Clarifying Legal Requirements, 45 Information Management Journal 33 (2d ed. 2011) (citing 18 U.S.C. § 1350 (2011).

EDDE JOURNAL PAGE 6

Email records could contain tax opinions and interpretations of accounting rules from outside auditors, of instance. As such, those particular emails could easily fall within this transparency requirement of Sarbanes-Oxley.16 Emails exchanged between the organization and its outside auditors regarding the scope of records to consider in an audit, for instance, could constitute critical proof of transparency between the organization and its auditors. The Principle of Transparency could apply in situations not just limited to email management under Sarbanes-Oxley, but pursuant to any other Federal or state regulation that calls for executive level accountability and transparency to shareholders, employees, the public, and overseeing authorities.

C) Integrity of Emails

The Principle of Integrity seeks a program with a “suitable guarantee of authenticity and reliability” to solve the issue of determining the validity of email content and accuracy. Assuming the readers of this article are mostly attorneys, this article will not go into detail regarding the plethora of issues arising from the requirement of keeping the integrity of emails. Issues of authentication, best evidence and chain of custody come to mind. To that end, at least one court has commented on the authentication of electronic evidence as follows in Lorraine v. Markel American Insurance:

“If a computer processes data rather than merely storing it, authentication issues may arise. The need for authentication and an explanation of the computer's processing will depend on the complexity and novelty of the computer processing. There are many states in the development of computer data where error can be introduced, which can adversely affect the accuracy and reliability of the output. Inaccurate results occur most often because of bad or incomplete data inputting, but can also happen when defective software programs are used or stored-data media become corrupted or damaged.”17

This 2007 opinion in the Lorraine case by the Federal District Court of Maryland’s Judge Grimm should sound a warning shot to organizations. The integrity of electronic records may come into question despite the initial appearance of authenticity simply because the record was created by electronic means.

D) Protection of Emails

The Principle of Protection requires a program that protects the client and business by ensuring a “reasonable level of protection” for “information that [is] private, confidential, privileged, secret, or essential to business continuity.” This goal is particularly important for email management, as emails are sent easily and instantly. Simply labeling an email as confidential or privileged does not in any way guarantee protection, particularly in the context of litigation. In Crown Castle USA, Inc. v. Fred A. Nunn

16 This Sarbanes-Oxley example also touches on many of the other GARP® principles including the principle of Accountability, discussed supra, and the principle of Compliance, discussed infra. 17 Lorraine v. Markel American Ins. Co., 241 F.R.D. 534 (D. Md. 2007).

EDDE JOURNAL PAGE 7

Corp. a duty to preserve emails in anticipation of litigation was triggered when in-house counsel simply labeled the emails as attorney-client privileged or work-product in an attempt to protect all communications from discovery.18 Such ad hoc attempts to protect emails in discovery could have disastrous consequences for an organization. The court found in Crown Castle that the parties committed spoliation in destroying or failing to produce relevant and otherwise unprotected emails in anticipation of litigation.19

Similarly, if emails are hacked by outsiders, organizations could suffer great embarrassment. Such was the case of an online marketing provider who experienced a massive breach that exposed millions of emails of U.S. retailers and banks, including Best Buy, Walgreens, Citigroup, and JPMorgan Chase.20 Strict adherence to the Principle of Protection could have avoided this organization tremendous embarrassment and other natural consequences from such a massive breach.

E) Compliance with Emails

The Principle of Compliance requires a program that complies with “applicable laws and other binding authorities.” Court cases have long confirmed that when it comes to records, a legal duty of compliance with applicable authority exists.21 This authority comes from the law and from internal policy. Courts have standards against which to measure organizations, including the obligation to maintain records properly and to make them available to interested parties.22 Such compliance extends, of course, to email management. After all, any records resulting from emails must be kept to comply with laws and other binding authorities. They also serve to illustrate compliance requirements such as transparency under Sarbanes-Oxley as noted above.

Employee-specific email communications, for instance, such as commentary on an employee’s pay raise could trigger several state and Federal regulations governing personnel payroll records.23 For example, under 29 C.F.R. 516.16 “earnings records” must be retained for 2 years. Under 29 CFR 1604.14 “terms of compensation” must be retained for 1 year, while under Massachusetts’ 149 MGL 52C “pay rate compensation” must be retained for termination of the employee + 3 years. The above note email, thus, may have to be retained for as long as 3 years after the termination of the employee, if the company is hiring employees in Massachusetts. An email policy that complies with such recordkeeping laws should protect the organization against possible compliance violations.

18 2010 Westlaw 4027780 (W.D.N.Y. October 14, 2010). 19 Id. 20 Cybercrime Reports, 45 Information Management 4th ed. 19. 21 Shapiro v. United States, 335 U.S. 1 (1948); California Bankers Ass’n v. Shultz, 416 U.S. 21 (1974). 22 John Montana, Hot Topic: GARP: Mapping a Route for Compliance, HT10-11 (2009). 23 See e.g.,

EDDE JOURNAL PAGE 8

F) Email Availability

The Principle of Availability calls for organization of records that ensures the “timely, efficient, and accurate” retrieval of information. An organization should have a program to promote the ability to identify, locate and retrieve records such as those found in emails.24 As more and more email records are captured, the expense, complexity, and time involved to assure availability and accessibility increases exponentially.25 Since emails can result in records, which in turn can be lost in the myriad of non-records that traverse the organization’s data echo system every second, a robust program to assure the availability of email “records” is critical.

G) Email Retention

The Principle of Retention calls for maintenance of records in keeping with “legal, regulatory, fiscal, operational, and historical requirements.” As noted above in subsection E, an email used to document a manager’s decision to give an employee a pay raise via email, for example, could trigger several disparate retention requirements under Federal and state laws. Thus, the organization must not only declare and somehow classify the email regarding the pay raise as a record, but then it must retain it for the number of years needed to meet applicable federal and state requirements.

In addition to the above noted minimum retention requirements under the law, the organization may want to consider extending the retention period of this email beyond minimum regulatory requirements to meet other operational needs particular to the organization. Once that selected time period expires, the email may be declared and classified as having historical value, thereby trumping possible destruction of the email.

At the 2011 ARMA International Key Note Address, the 10th United States Archivist shared how the National Archives oversee 20 Million emails from the Clinton era and 210 Million from the George W. Bush era.26 This means that the National Archives are managing 230 Million emails of two U.S. Presidents as historical records to be retained for eternity. The earlier noted email example regarding an employee’s compensation may not have historical value on its face, but the circumstances around it could have the organization’s archivist or librarian somehow preserve it as an example of something that document’s the organization’s history (e.g., the email that approved the promotion of a young clerk who is now the CEO of the company).

On the whole, a Records Retention Schedule (“RRS”) should be in place at the organization to dictate how long the email records need to be retained. For private organizations, the RRS may not even be

24 Martin Susec, Calling 9-1-1: Avoiding Disaster Using GARP 36, 45 Information Management 4th ed. (2011), http://content.arma.org/IMM/Libraries/July-Aug_PDFs/IMM_0711_GARP_series_calling_911.sflb.ashx 25 Id. at 39. 26 David S. Ferriero, Keynote: Transforming Records Management, ARMA International Conference Opening Ceremonies (October 17, 2011).

EDDE JOURNAL PAGE 9

required by federal or state statutes. However, courts still expect organizations to manage and dispose of their records in a systematic manner consistent with industry best practices and, of course, GARP®.27 In fact, “a safe harbor is provided under federal and state rules of discovery for the systematic good faith destruction of records pursuant to a proper records management program.”28

H) Email Disposition

Finally, the Principle of Disposition calls for the “secure and appropriate disposition” of records such as emails. For organizations this is not simply a matter of hitting the delete button. After all, the Principle of Retention forces organizations to retain information to meet certain regulatory requirements and standards.29 On the other hand, some foreign requirements call for the organization to dispose of certain data sooner than the specified retention period.

This conflict surfaces with the United Kingdom’s Data Protection Act of 1998 (the “UK Act”). The UK Act requires that “personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.” Thus, organizations must dispose of some information once it is no longer useful to the organization under the UK Act and by extension the Principle of Disposition. At the same time some U.S. retention requirements could compel an organization to retain the same information for an extended period of time.

Several domestic regulations present similar tensions between retention and disposition under HIPAA rules for instance.30 In the example of the pay raise email, if the email somehow contained the employee’s social security number (generally considered personal data), either the HIPAA or the UK Act provisions could come into play. Thus, organizations should regularly purge their databases of stale records. Robust policies and procedures for disposition of email records are imperative.

CONCLUSION By following comprehensive compliance guidelines, including the retention and disposition requirements imposed by GARP®, organizations have a tool to manage data that could be used to defend their RIM policies in court. The above analysis of emails illustrates but one example of the complex RIM requirements imposed by law, standards and best practices on one source of prevalent records within any organization. Similar GARP® analysis needs to be applied to all sources of 27 Martin Susec, Calling 9-1-1: Avoiding Disaster Using GARP 36, 45 Information Management 4th ed. (2011), http://content.arma.org/IMM/Libraries/July-Aug_PDFs/IMM_0711_GARP_series_calling_911.sflb.ashx. 28 Id. 29 See part 2 of this article in the next issue of the EDDE Journal; see also, U.S. Department of Defense (DoD) Standard 5015.2 – Design Criteria for Electronic Records Management Software Applications (establishing a mandatory baseline for functional requirements for electronic records in records management application software. This standard is considered “a de facto industry standard,” even though it is mandatory only on DoD components). See also, ANSI/ARMA 9-2004 Standard – Requirements for Managing Electronic Messages as Records. 30 See e.g., Healthcare Insurance Portability and Accountability Act (“HIPAA”) P.L.104-191 (1996) (imposing strict data disposal requirements, including overwriting or physically destroying all magnetic media that is no longer in use or that is given away or sold).

EDDE JOURNAL PAGE 10

information within the organization to ensure good faith business practices that are defensible in court and before auditing agencies. Furthermore, since RIM essentially sits at the cusp of eDiscovery efforts, if it is managed properly and in accordance with robust and enforced policies and procedures, organizations should be able to reduce the volume of information available for preservation, collection, analysis and production in litigation. John Isaza, Esq., FAI (Fellow of ARMA International #45) heads the Information Management practice at Rimon. John is internationally recognized in the emerging legal field of information governance, as well as records and information management (RIM). He has developed information governance and RIM programs, including related regulatory opinions, for some of the most highly regulated Fortune 100 companies. Prior to joining Rimon, he was the cofounder and Partner of Howett Isaza Law Group, a boutique law firm specializing in corporate compliance matters. John also served as General Counsel to a publicly traded medical device manufacturer, now owned by Abbott Laboratories. He is co-author of 7 Steps for Legal Holds of ESI & Other Documents, and the recipient of ARMA’s prestigious Britt Literary Award.