Insight into where e-discovery, information governance cybersecurity, and digital transformation are heading – who is doing what now or in the future, what works and what doesn’t, and what people wish they could do but can’t – gleaned from recent publications
EDRM Annual Workshop – The Duke/EDRM workshop and forum is an annual gathering of highly motivated judges, practitioners, consultants, service providers, and software vendors who collaborate on exciting and challenging ediscovery and other IT projects that impact the industry and the profession. Join us in an intimate environment on Duke Law School’s campus, develop and broaden professional relations, and avail yourself of ample opportunities to talk directly to federal judicial and bar leaders.
A production primer – Tom O’Connor has put together a four-part primer on the production of ESI:
- Part 1: Introduction
- Part 2: Redaction Issues and Confidentiality Considerations
- Part 3: Load File Failures
- Part 4: Recommendations for Minimizing Production Mistakes
Rule 37(e)(2) sanctions – Casey Sullivan of Logikcull looks at how courts have treated the FRCP Rule 37(e)(2) intent requirement – increasingly by not finding the intent needed to impose sanctions under the rule.
On redacting Word files natively – In Mueller? Mueller? More E-Discovery Lessons from Bill and Bob, Craig Ball argues that native redaction of Word files is no pipe dream and demonstrates why.
Data disposition commentary – The Sedona Conference has published The Sedona Conference Commentary on Defensible Disposition. The starting point for this 54-page commentary is Principle 6 of The Sedona Commentary on Information Governance: “The effective, timely, and consistent disposal of physical and electronic information that no longer needs to be retained should be a core component of any Information Governance program.” It sets forth three principles, each with comments. The three defensible deletion principles are:
- Absent a legal retention or preservation obligation, organizations may dispose of their information.
- When designing and implementing an information disposition program, organizations should identify and manage the risks of over-retention.
- Disposition should be based on Information Governance policies that reflect and harmonize with an organization’s information, technological capabilities, and objectives.
CYBERSECURITY & DATA PRIVACY
North Carolina data breach amendments – On April 16, amendments to the North Carolina Identity Theft Protection Act were introduced. Highlights, discussed by Karin McGinnis of Moore & Van Allen PLLC, include the expansion of the scope of information covered by the law and the expansion of obligations imposed by the law of businesses and consumer reporting agencies.
CCPA guidance – BCLP has begun posting a series of FAQs examining the California Consumer Privacy Act. Posted so far:
- Post 1: Does CCPA apply to employee data?
- Post 2: What is “personal information” under the CCPA?
- Post 3: As used in the CCPA, do the terms “personal data,” and “personal information” mean the same thing?
- Post 4: What information is not “Personal Information” under the CCPA?
E-DISCOVERY CASE LAW
Recent e-discovery decisions
2/14/2019 – In a patent infringement lawsuit, U.S. Magistrate Judge Kandis Westmore granted plaintiff’s request that defendant produce emails of a United Kingdom citizen who previously had directed plaintiff’s U.K. sales. Defendant had asserted that it could not produce those messages without violating GDPR privacy requirements. In reaching the decision to order production of the email, the Court considered five factors: (1) the importance of the requested documents to the litigation; (2) the degree of specificity of the request; (3) whether the information originated in the U.S.; (4) the availability of alternative means of securing the information; and (5) the extent to which noncompliance would undermine important interests of the U.S. The Court found that each factor favored disclosure: (1) the requested documents are directly relevant; (2) the search terms were limited and targeted; (3) although the individual is located in the U.K., more importantly the defendant is an American company; (4) it i not clear that domestic custodians would have the same information; and (5) there is a strong American interest in protecting American patents, while the U.K. interest in protecting its citizen’s privacy can largely be addressed via the protective order in place. Finally, the Court find that the burden on the defendant did not weigh against disclosure. Finjan, Inc. v. Zscaler, Inc., Case No. 17-cv-06946-JST (KAW), 2019 WL 618554 (N.D. Cal. Feb. 14, 2019).
2/4/2019 – U.S. Magistrate Judge Lanny King granted defendants’ motion to compel production of social networking site content, limiting the scope to plaintiff’s Facebook and other social media accounts from a six-month period regarding physical activities and mental status, and set forth a process for the parties to follow. To arrive at this results, the Court looked to the FRCP 26(b)(1) relevance standard and in the particularity and proportionality requirements of FRCP 34(a-b). Locke v. Swift Transportation Co., 2019 WL 430930 (W.D. Ky. Feb. 4, 2019).
Conferences, webinars, and the like can provide insight into where e-discovery, information governance cybersecurity, and digital transformation are heading
|AccessData||AccessData Rolls Out New API That Supports Automation of Digital Investigations|
|4/23/2019||ED||FTI Consulting||FTI Consulting Expands Relativity Offering to India|
|Sonasoft||Sonasoft (SSFT) Wins Contracts Worth Over $100K with Major California School District|