Potential Hazards of eDiscovery

Data, data everywhere, not a page to file.

The amount of electronic information generated on a daily basis continues to grow. By one estimate, there were 60 billion worldwide emails sent every day in 2006. Other estimates state that 47% of all corporate communications never reach paper and 96% of all documents are created electronically.

As the volume of electronic information has increased, the cost to store this data has decreased. In 1990 it cost roughly $20,000 to store 1 Gigabyte of data, by 2000 the cost had dropped to about $10 and in 2009 $.10, (a 1 terabyte or 1000 Gigabytes of storage can be purchase for about $100). These two factors have help turn companies into pack rats (which can be problematic in a lawsuit). Look at the chart and take a guess at how much electronically stored information (ESI) your company is storing? 10 terabytes? 100 terabytes? Remember that ESI consists of all the email, Word documents, PowerPoint slides, Excel spreadsheets, digital photographs, digital videos, etc. In a short period of time electronically produced information has surpassed print media as the primary source of information.

In 2003 Peter Lyman and Hal Varian wrote an article “How Much Information” to analyze how much information is produced each year.

Why is too much data a bad thing?
1. Data can be used as a two edge sword, helping exonerate the company or used as a smoking gun to prove negligence or unlawful activity.
2. While storage is cheap it’s not free. At some point the data becomes cumbersome and slows down the performance of the database.
3. In the event of a lawsuit, the data could become very important in the litigation as evidence. The company will be responsible for detailing what data is available, where is it stored and eventually producing it. This data can be used as positive or negative evidence. And the more data you have the more costly it’ll be to produce.

What is Discovery?
Discovery is the pre-trial phase where the attorneys for both sides come together and request from each other all the evidence they wish to use at trial. Contrary to televisions courtroom dramas, very rarely is there surprise evidence produced in the middle of the trial. Here’s a good definition courtesy of My Cousin Vinny.

What is eDiscovery?
eDiscovery (electronic Discovery) is a term created to include all ESI.

What is considered ESI?
Pretty much everything produced by a computer or stored digitally. According to the Federal Rules of Civil Procedure (FRCP) ESI is information created, manipulated, communicated, stored, and best utilized in digital form, requiring the use of computer hardware and software

Who does this affect?
Everyone and anyone who uses email or a computer.

That seems pretty broad?
Yes. The courts are coming around and have realized the immensity of the situation and are enacting new rules and procedures to help attorneys and their clients to deal with the situation. But as is often the problem, technology moves so fast the legal world is left playing catch-up. For instance, Illinois adopted “new” rules to account for eDiscovery in 1996, a technological lifetime ago. Obviously, technology and how we use technology has undergone many changes since 1996.

According to Richard Hermann of the Richard K. Herrmann Technology Inn of Court, electronic discovery is growing into a separate, substantive area of the law. About 1,400 court opinions have been issued nationwide dealing with electronic discovery. In addition, new Federal Rules of Civil Procedure were propagated in December 2006 to cover the subject. For example, these days 47 percent of all corporate communications never appear in paper format and 96 percent of all information is electronically created. "Within three years, electronic data will replace paper as the primary source of information," Henry duPont Ridgely of the Delaware Supreme Court said.

What can I do to minimize my liability?
1. Enact and follow a data retention policy.

2. Index and determine WHAT electronic files are saved and for how long. Such as:
a. Email, Instant messages, Text messages
b. Word documents, Powerpoint slides, Spreadsheets
c. Voicemail
d. Digital photos
e. Database files
f. Social Networking, Blogs, Facebook, Twitter, etc

3. Index and determine the LOCATION all electronic files. Such as:
a. Local computer drive and Shared Drives
b. Server/databases
c. Backup tapes
d. Blackberry/iPhone/PDAs
e. DVRs
f. Sharepoint
g. CDs, USB Thumbdrives and other removable/external storage devices
h. Black box info from automobiles, cars, boats, etc
i. Internet usage logs
j. Photocopiers, fax machines
k. Legacy systems

Ok, what are my legal obligations?
If you are party to a lawsuit, your attorney will place litigation hold on the necessary ESI. Portions of your company’s document retention policy will be suspended and all the ESI related to the lawsuit should be saved from destruction. Don’t violate this or you might get hit with sanctions. In Morgan Stanley v Coleman, Morgan Stanley was hit with $1.58 billion in sanctions, the case was overturned but you get the picture.

Then the attorney will ask for all the data related to the lawsuit. You’ll need to produce a complete list of what data is stored and where it is located. Don’t leave anything out and make sure your information is accurate. If your policy is to keep 90 days of video surveillance, it means that your IT department is guaranteeing that there are 90 days but there might be more data saved. How much? 95 days, 120 days. All information that should be communicated to your attorney.

Whoa, this seems intrusive, disruptive and potentially expensive. What can we do to minimize the impact of eDiscovery?
1. Create a data retention policy and stick to it. These periodic purgings can free up storage space and could save you a legal headache down the road. Perform regular checks to make sure these policies are being followed.
2. Index and document what data is stored. The less data that is stored, will mean the less data that needs to be produced.
3. Index and document where the data is stored.
4. Understand the costs and feasibility involved with producing this data. An outside specialist or temporary consultant may need to assist.

This is just a quick snippet of the evolving world of eDiscovery. Staying on top of these potential issues will help you be prepared and minimize costs in the event of a lawsuit.

Web 2.0 Backlash

There's a saying in Hollywood that you haven't made it until you've been sued........twice.

With the recent movement to ban or restrict social networking applications. I think Web 2.0 has made it. Social networking has gained such popularity and usage that it can no longer be ignored.

The Marines have banned Facebook and Twitter due to network security concerns.

NFL teams are restricting the use of blogging and tweeting. The San Diego Chargers fined a player for tweeting. And the Miami Dolphins have banned fans and media from blogging, tweeting or texting during summer training camp.

A California lawyer had his law license suspended for blogging during a trial. And the Michigan Supreme Court has issued a rule banning jurors from texting, tweeting or Google searches while in court or during deliberations.

The Marines were afraid of what bad things might come into their network. Whereas, the NFL and the Courts are afraid of what sensitive or important information might get leaked out. As companies and individuals try to utilize and regulate this World Wide Conversation there will be more and more rules and laws governing the use of Web 2.0. We will continue to probe the boundaries of what is TMI (Too Much Information) until we can find that delicate balance of what should be public and what should be private.

10 Things to Think About When Negotiating a SaaS contract

As cloud computing emerges from its infancy, there have been questions about negotiating with service providers for service contracts, service level agreements, etc. Here are 10 issues to consider:

1. Security. Who's responsible for security and security breaches? Be sure to spell out which party will bear the burden when there is a security breach. If your data is stolen, how will the security breach be fixed and how will you be compensated. And it'll be cheaper and easier to point to the Damages Clause in your signed contract rather then try to fight it out in court.

2. Service Outages. What are your remedies if your service provider has an outage? Who will be responsible for lost data or bear the cost of recovering that lost data? What is the expected turn around time to restore service? Will there be a consequential damages clause for lost productivity?

3. Who owns the data? Situtation A: You don't pay. Your company runs into hard times and misses several payments to the service provider. At some point, the provider will cut off service. What happens to the existing data? Can the provider hold that data hostage like a mechanic's lien? What are your options? Situation B: The service provider doesn't pay. The provider runs into hard times and files for bankruptcy. The secured lender wants the server because it's an asset. You want the server because it has all your data. Can they keep you from your data? How do you get your data back?

4. Disaster Recovery. All service providers should have some sort of DR plan. How extensive it is will depend on your needs. Do the backup servers need to be far, far away? 200 miles, 2000 miles apart? Should the information be backed up daily/weekly/monthly? Or should the servers be mirrored for real time data transfer? How soon after the disaster will the DR center be up and running?

5. Capital v Expense. Consider the tax implications. Depending upon the situation it maybe more advantageous to treat the software purchase as capital expenditure rather than expense. Or vice versa.

6. Rent v Own. Consider the licensing implications, how many are needed and how they will be used. If the number of licenses needed will fluctuate, renting (SaaS) may be the way to go. Or perhaps a hybrid model is more suitable, the full time employees will used the purchased versions while the summer interns will use the version in the cloud.

7. Third Party Contracts. Will the service provider be liable if the software vendor's application goes down? Who's responsible for bringing it back online? What's the time frame? What if the service provider and the software vendor have a dispute, is the provider responsible for providing a suitable substitution?

8. Legal Intrusions. Search warrants, injunctions, etc. What happens if the FBI wants to look at a server or seize it? What if they only want to see the metadata and not the actual data. At a minimum, I would hope the service provider doesn't turn any information over without a warrant or your consent. But what if they do? What's to stop them? Maybe nothing, but the contract should have clear and definitive language that the data belongs to YOU and not the service provider and any breach of that trust will result in damages. Now, there will be times when the provider has no choice but to comply with a warrant or injunction, however, you and your attorneys should be notified immediately to formulate a legal response.

9. Regulatory Issues. Who's responsible for complying with SOX or SAS 70? Do the providers have to be certified? Will the provider comply with regulations that are passed in the future?

10. Locality Rules. Each jurisdiction may have its own rules on dealing with cloud technology. It's a good idea to know where the service provider is based and where their servers are located. A choice of venue clause may be necessary. The provider is based in Tokyo but their servers are in Brussels and you're in Chicago. You'll want a clause dictating where litigation takes place, most likely in Chicago applying Illinois or US law.

How to defame someone in 140 words or less

Cisco Fatty taught us how to get fired in 140 words or less.

Amanda Bonnen teaches us how to send a $50,000 tweet. She's being sued for defaming her property management company via Twitter.

We'll see if the suit makes it to court but I'll definitely think twice about renting an apartment from Horizon Realty.

UPDATE: I love how the company describes themselves, "We're a sue first, ask questions later kind of an organization."

Boundaries - Law in the Cloud. Who Governs Amazonia?

What is a cloud? According to m-w.com, a cloud is a visible mass of particles of condensed vapor suspended in the atmosphere. Where does it start and where does it end. Do clouds really have a "boundary"? A cloud sits over Chicago but extends into Indiana. Who owns it? Who has rights to it? What law do you apply, Illinois or Indiana or neither? Can you move it? Is it a single entity or millions of "particles"? Obviously I'm discussing clouds in the sky but all these questions are applicable to the new technology of Cloud Computing.

Law in the Clouds

People seem to have a misconception that THE LAW consists of a big black binder with each state and jurisdiction it's own chapter and all the rules laid out in black and white. Unfortunately, it's not that simple, our law is a combination of statutes, codes, common law, restatements and more. It's up to the attorneys and judges to help flesh out the facts in each case and determine which law to apply. For instance, international law doesn't exist as a separate code. In an international dispute, the attorneys will research the laws of the country involved and any applicable treaties, then decide whose law applies. Will we have a Legal Code for the Cloud?

So the fact that Cloud Computing is here, there and nowhere brings out some interesting issues.

Personal Jurisdiction is designed upon the idea of physical boundaries. Where do you reside? Where were you when the accident occurred? Where were you when you mailed the letter and where did you send it? Where were the injured parties? Where in the Cloud is a little tougher. At the moment, courts are asking: Where are the servers located? Where does the creator reside? Where did the creator access the Cloud? Depending on how the Cloud evolves, those questions will change.

How will the Cloud infrastructure be organized? Will the Cloud be one big platform and everyone has an address and a "place of residence"? Or will there be several different clouds, Google City, Amazonia, IBM Town, Cloud City, and to access another Cloud will you'll have to "leave" your current one? Do you need a passport? Will there be wars fought over Cloud space? Can one Cloud invade another? Will we have boundary disputes in the Cloud like the Gaza Strip? Questions that may never be answer but they are possibilities.

What are the boundaries when someone does something bad in your Cloud? Is that whole Cloud at risk? The FBI seems to think so. They grabbed all computing equipment, including servers, routers and storage involved with a fraudulent business practice. God help you if your information was on one of those servers. Can the police look at all the data on the server? Do they need a separate warrant for each company's information? Data in the Cloud will be shifted from server to server depending upon bandwidth needs. You have no idea who you'll be sharing server space with today, tomorrow or ever. What can you do? Put up a privacy fence?

What are the boundaries between vendors and the end user? If I buy some Cloud space and don't pay for it, can the Cloud owner "repossess" my property? Amazon didn't have a problem selling a book to customers on the kindle and then deleting that book from the kindle when a copyright issue arose. Attorney Jay Edelson draws a fair analogy, "Imagine Amazon had shipped a book to someone's house that it wasn't supposed to ship. It can't climb into the person's window, take it back, and leave $1.57." Amazon, did it because they had the power to. Write a couple of lines of code and voila, it's deleted. What's the proper legal remedy for this type of action?

As Cloud Computing gains more traction and more businesses utilize its services, we'll see an increase in disputes and law suits. How the courts and legislators react will help us define these boundaries.

Boundaries - The Impact of Web 2.0 on The Expectation of Privacy

As new technologies are introduced old paradigms are challenged and sometimes changed. The question is where are these new boundaries and how to interpret them from a legal perspective.

Boundary - Privacy at home

The current standard is the "expectation of privacy", if you are at a restaurant or some other public place, your expectation of privacy is lessened and law enforcement has a greater freedom to survey you. Whereas, in your home you have a higher expectation of privacy and for police to intrude on that they will need a warrant. What happens when you're in your car? Sure, the conversations in your car can be presumed to be private but what about where you are or where you are going? That's public knowledge, anyone can see you. I could hire a PI to follow you around. Or I could use some new technology. A recent New York decision People v Weaver held that it was ok for the police to place a GPS sensor onto the defendant's car and track his whereabouts for 65 days. What if I wanted to do that to my girlfriend, wife or neighbor? If the cops don't need a warrant......then its legal for me right? Let's take that one step further, all cellphones can be tracked by their signal or by the GPS application. Keys, wallet, watch, cellphone. Four things most people have on them at all times. Should our cellphone be a lojack?

Boundary of work and personal life

Once upon a time, it was very easy to separate your work life from your private life. Once you left the office you didn't see or hear from your coworkers unless there was an emergency. Nowadays that work/personal line has blurred, everyone has a cell phone call, email or Facebook click away. Two driving factors of this are: smart phones and Web 2.0. Everyone has a cell phone and most new cell phones have email/internet/Facebook capability. Your boss knows it and so do your coworkers. So there is an expectation that you will respond to a call/email within a reasonable time. This has led to some contentious labor issues about overtime. And a lawyer even got sanctioned for canceling a deposition via blackberry.

The more recent development is Web 2.0, let's take the example of Facebook. Which allows your high school friends, college drinking buddies, next door neighbor, family, co-workers, clients and others to exist on a single platform, to discuss their one commonality. YOU! Obviously, this is a potentially explosive situation. Do you really want your boss and client to know that you were out until 2am hitting on college girls last night and that's why you rolled into work 3 hours late? (Not to mention the lecture you're sure to get from mom, dad and aunt Lucy). What happens when your buddy posts and tags you in some photos? No where to run, no where to hide.

"Um, yeah boss, sorry I couldn't finish the proposal because I was home sick last night. *cough cough*"
"Funny, your Facebook status at 10pm says, "Drinking PBR at Cubs game. Yeah!"

People haven't changed. Technology has. Our indiscretions of years past were not captured by ireports, blogs, webcams, iphone cameras etc. So what is your employer or client suppose to do with all this new damning evidence? A video of you kissing a co worker's wife, a personal blog that violates the company mantra, misuse of Facebook, or photos of you passed out in a trash can.

Only time will tell if employers will take the tough stance and discipline their employees for these mishaps or perhaps over time we'll become desensitized to all this and no longer be shocked.

AOT: Abuse of Technology

AOT. Raise your hand if you are guilty. Come on, admit it. Have you ever sent an unreadable two page email consisting of one long paragraph with zero line breaks and run on sentences? Did you ever clog up someone's email box with a 5 gig high definition photo of your dog in a funny hat? Are you one of those habitual Facebook status updaters? Tony is thirsty. Tony is making coffee. Tony is hungry. Tony is making lunch. Etc, etc.

Well now, the old school law firms are realizing the value of technology and trying to figure out how to make it work for them. Or in this case how it doesn't work for them. TechnoLawyer Blog likened it to The Office without the humor. Seriously, I was expecting Michael Scott and Dwight Schrute to jump out at the end and yell "Gotcha!".

Levin Tannenbaum Law Firm marketing video

Friends don't let friends abuse technology.