[Producing Party members] seek a writ of mandamus compelling Respondent, the Honorable Greg Wilhelm, Judge of the County Court at Law No. 1 of Ellis County, to set aside a discovery order requiring the Honzas to permit a forensic expert to create a mirror image of each of the computer hard drives in the Honzas’ office in an effort to locate two particular documents or iterations of those documents…

The Honzas contend that Respondent abused his discretion because: (2) the order authorizes the disclosure of information protected by the attorney-client privilege; and (3) the order authorizes the disclosure of confidential information pertaining to the Honzas’ other clients who have no connection to the underlying lawsuit.

The present discovery dispute originated with [Requesting Party's] motion to gain access to the Honzas’ computers, which was filed about one month before trial. By this motion, [Requesting Party] sought “[i]nformation (the ‘Metadata’) contained on the actual computers of the Defendants, such as any time stamps on the Relevant Documents, versions of the Relevant Documents, if any, as well as the deletion of various versions, if any.” [Requesting Party] explained that, although the Honzas responded to a prior request for production of relevant documents in their electronic version, “the Metadata was neither produced nor made available.”

[Ed. Testimony indicated the existence of relevant documents with respect to a another transaction apparently not addressed by earlier discovery requests]

[] [Requesting Party] sought discovery of relevant documents pertaining to the [newly revealed] transaction, and the [Producing Party] complied by providing pertinent written discovery.

[Requesting Party] seeks the metadata from the [Producing Party's] hard drives because it wants to identify the points in time when the partial assignment draft was modified in relation to the diary entry. This goes to the issue of whether [the Producing Party] altered the partial assignment after the parties concluded their agreement but before the document was presented for execution.

[Ed. The opinion then went on to list various Federal and State sources for persuasive authority in discovery law, especially with respect to ESI]

Privileged or Confidential Information

The [Producing Party] also contend[s] that the discovery order improperly authorizes the disclosure of (1) information protected by the attorney-client privilege and (2) confidential information pertaining to the Honzas’ other clients who have no connection to the underlying lawsuit.

Notwithstanding the “unlimited” access necessarily granted the forensic expert, Respondent’s order preserves any privileged or confidential information in several ways. First, the expert is limited in his search to two specific documents or iterations of those documents. [Members of the Producing Party] are then accorded the right to review the documents and information which the expert believes responsive and produce to [Requesting Party] only those documents and information which [members of the Producing Party] themselves believe are responsive. These provisions effectively preclude [Requesting Party] from having any access to documents or information pertaining to other clients of the Honzas not involved in this litigation.

Second, the order allows the [Producing Party executives] to withhold from discovery any documents or information which they claim to be privileged or confidential and provide instead a privilege log, subject to in camera review by Respondent.

Finally, the order provides that: (1) the observation of information by [Requesting Party] representatives during the imaging process shall not constitute a waiver of privilege or confidentiality; (2) all participants in the imaging process are subject to a protective order prohibiting the unauthorized disclosure of information; and (3) [Requesting Party's] expert must provide proof of being bonded and of having commercial liability insurance by which the [Producing Party] may be “fully indemnified against any monetary loss.”

For these reasons, we hold that Respondent appropriately tailored the discovery order to prohibit the unauthorized disclosure of privileged or confidential information and no abuse of discretion is shown.

[Ed. Note that a dissenting opinion is also entered by one of the Judges hearing the case. See the order itself for the full text of that dissent, or of the opinion itself.]

In re Honza, 2007 WL 4591917 (Tex. App. Dec. 28, 2007)

[Producing Party members] seek a writ of mandamus compelling Respondent, the Honorable Greg Wilhelm, Judge of the County Court at Law No. 1 of Ellis County, to set aside a discovery order requiring the Honzas to permit a forensic expert to create a mirror image of each of the computer hard drives in the Honzas’ office in an effort to locate two particular documents or iterations of those documents…

The Honzas contend that Respondent abused his discretion because: (1) the discovery order is overbroad and authorizes an improper “fishing expedition”; (2) the order authorizes the disclosure of information protected by the attorney-client privilege; and (3) the order authorizes the disclosure of confidential information pertaining to the Honzas’ other clients who have no connection to the underlying lawsuit.

The present discovery dispute originated with [Requesting Party's] motion to gain access to the Honzas’ computers, which was filed about one month before trial. By this motion, [Requesting Party] sought “[i]nformation (the ‘Metadata’) contained on the actual computers of the Defendants, such as any time stamps on the Relevant Documents, versions of the Relevant Documents, if any, as well as the deletion of various versions, if any.” [Requesting Party] explained that, although the Honzas responded to a prior request for production of relevant documents in their electronic version, “the Metadata was neither produced nor made available.”

[Ed. Testimony indicated the existence of relevant documents with respect to a another transaction apparently not addressed by earlier discovery requests]

[] [Requesting Party] sought discovery of relevant documents pertaining to the [newly revealed] transaction, and the [Producing Party] complied by providing pertinent written discovery.

[Requesting Party] seeks the metadata from the [Producing Party's] hard drives because it wants to identify the points in time when the partial assignment draft was modified in relation to the diary entry. This goes to the issue of whether [the Producing Party] altered the partial assignment after the parties concluded their agreement but before the document was presented for execution.

[Ed. The opinion then went on to list various Federal and State sources for persuasive authority in discovery law, especially with respect to ESI]

Under these decisions, the following protocol is generally followed. First, the party seeking discovery selects a forensic expert to make a mirror image of the computer hard drives at issue. This expert is required to perform the analysis subject to the terms of a protective order, generally prohibiting the expert from disclosing confidential or otherwise privileged information other than under the terms of the discovery order.

After creating the mirror images and analyzing them for relevant documents or partial documents, courts typically require the expert to compile the documents or partial documents obtained and provide copies to the party opposing discovery. That party is then to review the documents, produce those responsive to the discovery request, and create a privilege log for those withheld. Finally, the trial court will conduct an in-camera review should any disputes arise regarding the entries in the privilege log.

Because our research has disclosed no Texas decisions regarding this type of electronic discovery, we will apply these fairly uniform procedures to the issues presented in this proceeding.

[Ed. Note that a dissenting opinion is also entered by one of the Judges hearing the case. See the order itself for the full text of that dissent, or of the opinion itself.]

In re Honza, 2007 WL 4591917 (Tex. App. Dec. 28, 2007)

The 2006 amendments to Rule 34 of the Federal Rules of Civil Procedure simply clarify “that discovery of electronically stored information stands on equal footing with discovery of paper documents.” Fed.R.Civ.P. 34 Advisory Committee’s Note on 2006 Amendments. Consequently, without a qualifying reason, plaintiff is no more entitled to access to defendant’s electronic information storage systems than to defendant’s warehouses storing paper documents.

The discovery process is designed to be extrajudicial, and relies upon the responding party to search his records to produce the requested data. In the absence of a strong showing that the responding party has somehow defaulted in this obligation, the court should not resort to extreme, expensive, or extraordinary means to guarantee compliance. Imaging of computer hard drives is an expensive process, and adds to the burden of litigation for both parties, as an examination of a hard drive by an expert automatically triggers the retention of an expert by the responding party for the same purpose. Furthermore, as noted above, imaging a hard drive results in the production of massive amounts of irrelevant, and perhaps privileged, information. Courts faced with this inevitable prospect often erect complicated protocols to screen out material that should not be part of discovery. See, e.g., Playboy Enters., 60 F.Supp.2d [1050, 1054 (S.D.Cal.1999) (appointing court’s expert to conduct examination). Again, this adds to the expense and complexity of the case.
This court is therefore loathe to sanction intrusive examination of an opponent’s computer as a matter of course, or on the mere suspicion that the opponent may be withholding discoverable information. Such conduct is always a possibility in any case, but the courts have not allowed the requesting party to intrude upon the premises of the responding party just to address the bare possibility of discovery misconduct.

The Scotts Co. v. Liberty Mutual Ins. Co., 2007 WL 1723509 (S.D. Ohio June 12, 2007) (quoting with approval Diepenhorst v. City of Battle Creek, 2006 U.S. Dist. LEXIS 48551, *10-11 (W.D. Mich. June 30, 2006).)

This is another installment in our series on Effectively Managing E-Discovery.

In virtually every discovery project, those in charge of managing the process are asked to make initial assumptions with respect to creating criteria with which to “catch” relevant documents from the universe of those collected, and indeed, to create the initial universe to begin with. First, probable data sources and custodians are identified in order to preserve data that might be relevant. Those initial assumptions are often based on knowledge of a company’s hierarchy, of the personnel who might have worked (or at least, generated documents), associated with projects central to the dispute, of the places in the IT enterprise where certain files are stored and to where back-ups are saved. Ocassionally, an enterprise-wide search may be done by a search engine specifically installed for the purpose, and the initial assumptions to building the universe of collected documents entails crafting search terms and concepts, and other criterial used by the search engine.

Search terms are usually associated with a second stage of document filtering, often accomplished within an EDD processing platform. Not only are terms, concepts, and perhaps advanced methods of grouping or categorization present here, but often dates are used to disqualify documents whose creation date appears to fall outside of the relevant date range associated with the dispute. You might wonder why I am telling you all this. Well, here’s the point; this criteria that is formulated is essential to the success of the discovery project, because it determines what documents the reviewers see when determining relevance. Any mistake at this point detrimentally affects the accuracy of the pre-review filtering process. It might leave some documents out, and while that may cheer the cost-conscious corporate counsel, it may be harmful to the case if it removes helpful information from the data set, and it is detrimental to the discovery process’s goal of providing evidence sufficient for a finding based on the true merits of the matter. Furthermore, while mistakes might not only erroneously exclude documents, it might also erroneously introduce irrelevant documents into review, which will actually increase costs.

Justifying the method by which the criteria was created can present a problem. Most projects don’t have a process for verifying these assumptions, and as we move forward, we may find it difficult to gain the court’s indulgence against a sceptical opponent. So what can be done about it?

First, explain how and why certain custodians were identified as relevant. List other sources that were considered but ultimately excluded, and document the reasons why these were not included in the initial collection. Courts love documentation. If it’s a close call with a data source, either include the data in the collection universe, or back-up (or forensically copy) the data source in case the court disagrees with your assessment. As reviewers begin to classify documents as responsive, non-responsive, privileged, etc., you should generate a list of document authors from electronic documents and names from the “to,” “from,” “cc,” and “bcc” fields from e-mail. Review the list to see if parties appear that should have been included in the collection to begin with.

With respect to search terms, document reasons why terms were selected, and why those terms considered but didn’t make the cut were excluded. As reviewers begin to classify documents as responsive, non-responsive, privileged, etc., you should consider generating a list or report of terms contained within those documents categorized as responsive. Many search engines have the capability to create such a report, and reviewing it might turn up not only terms or concepts that should have been included in the criteria, but also point out terms which may be removed. Any adjustments made to the filter must be made in two steps. Any terms added to the list must be run against the data already searched, in order to turn up any additional “hits.” Any new data must be searched by using the full, newly modified list. This ensures that all data is at least searched with any valid search term.

Some search engines allow for a customized dictionary which can tie concepts together that a more general version would not do. This is especially true of scientific, engineering, or other disciplines that uses a specialized vocabulary.

Finally, with respect to dates and other metadata fields used to help filter, it is important to insure that this data is accurate. Metadata fields can change, or be changed quite easily. The migration of data from one server to another can change much of the metadata (including basically all of the system metadata that might be used for data filtering), and could end up excluding files that should be included. Craig Ball, in his article Make Friends with Metadata, [reg'n required] discusses metadata and the its accuracy.

When you plumb a Word document for the last printed date, Word plucks a chunk of hexadecimal data (e.g., 0×200E20ED27FDC501) from the file equaling the number of 100-nanosecond intervals between January 1, 1601 (a Monday, in case you were wondering) and the precise instant of printing. Then, no matter where in the world printing occurred, Word interprets all those nanoseconds as the date and time in Greenwich, England time. Unless you’re in earshot of Big Ben, you probably don’t care a crumpet for the time in GMT; so the time is adjusted to reflect the time zone setting of the computer used to examine the metadata and, if that computer is configured to correct the clock for daylight savings, the date and time are tweaked for that as well.

[...]

If the clock on the computer used to print the document was accurate and set for the same time zone as the computer used to view the metadata, what you see as the time of printing is reliable. But if the system printing the document was set to a different zone or its clock was off, the printed time is wrong.

Mr. Ball’s reason for pointing out this fact is central to our discussion of date searches on enterprises systems. Utilizing metadata to filter return files and e-mail that fall within a specific time period is a quick and relatively accurate way to quickly eliminate data definitely not from the appropriate time period. There are, of course, some dangers associated with utilizing metadata in this matter. The best measures for helping to eliminate these potential errors is to implement a log of large data transfers for IT personnel to complete at the appropriate time, and for data collectors to note the working condition of any computer from which they acquire data, including the system time of the machine at the time of collection. If that setting is significantly wrong, a note must be made of the discrepancy, and whatever corrective actions (such as broadening the date range) was taken with respect to adjusting for it. Depending on the subject matter of the case, metadata may or may not be relevant. But, anytime you use metadata in the very filter that determines what documents reviewers will see, you bring the accuracy of the metadata into the equation.

That metadata dates and times can be wrong should cause the discovery team to be careful in merely accepting these values at face value. Any computer source that might be configured incorrectly in this respect should be analyzed, and any time period search adjusted accordingly. Such a situation might explain e-mail messages that were seem to have been received at an earlier time than they were sent. However, a computer system that was inaccurately configured in the past, but has since been adjusted, may create errors that are difficult, if not impossible to find. In building a defensible process, a party should let reasonability guide its efforts. It is probably safe to assume that most computer systems are only off, at the most, an hour or so. Nevertheless, any source storing data that might not have accurate information should be identified, because any scrutiny brought on by a discrepancy casting doubt on the process used to collect and process data will be unwanted. Such an examination generally brings only negative consequences for the producing party. FN1

FN1: See, e.g., Peskoff v. Faber, 240 F.R.D. 26 (D.D.C. 2007), where a magistrate judge had, in an earlier decision felt compelled to direct counsel to search five different areas of their data enterprise. According to the magistrate, the producing party had fulfilled its obligations in but two of the areas, and therefore the judge forced to the producing party to conduct further searches at its own expense. It should also be noted that wallowing in the minutiae of electronic discovery is hardly the type of thing that makes judges happy, and your author has personally watched parties kill any friendly feelings the judge may have had for them by forcing his honor to consider well-founded complaints by the party opposite over technologies he may not completely understand, and of which he had no burning desire to gain knowledge.

The bottom line is that one needs to be aware of what initial assumptions the discovery team used while collecting and filtering data throughout the project, so that weaknesses or flaws in the process can be corrected or mitigated.

The third installment in our “Effectively Managing E-Discovery” series.

The process of determining those documents needing to be produced may only begin once it has been found and identified. What are the obligations with respect to conducting an investigation of the responding party’s data enterprise of the party and counsel?

To begin with, counsel does not relieve his obligation by a mere request to his client, but must actually engage in a search for information. Phoenix Four, Inc., 2006 WL 1409413, at *5 (“Counsel’s obligation is not confined to a request for documents; the duty is to search for sources of information.”). “Counsel has the duty to properly communicate with its client to ensure that ‘all sources of relevant information [are] discovered.’” Id. (citing Zubulake V). The court in Phoenix Four, Inc. emphasized that under new Rule 26, the duty does not entail extracting information from sources to which access is difficult, but “rather to ascertain whether any information is stored there.” Phoenix Four, Inc., 2006 WL 1409413, at *6. In order to accomplish this, counsel “should become fully familiar with its client’s document retention policies, as well as its client’s data retention architecture.” FN1. There are strong indications that counsel should not attempt to do this on his own, unless already endowed with a particularly strong level of technical expertise. Even then, it might be advisable to retain an expert possessing easily proven credentials and who might be seen as being somewhat objective.

FN1:Id. at *5 (citing Zubulake V). See also, Guidelines for State Trial Courts Regarding Discovery of Electronically-Stored Information, Conference of Chief Judges (Rev. Draft, Sept. 2005) (stating “[i]n any case in which an issue regarding the discovery of electronically-stored information is raised or is likely to be raised, the court should encourage counsel to become knowledgeable about their client’s information management systems and their operation, including how information is stored and retrieved.” The report continued: “[w]hile the manner in which this encouragement should be given will, of necessity, depend on the procedures and practices of a particular jurisdiction, the court should establish the expectation early that counsel must be well informed about their clients’ electronic records.”); U.S. District Courts (Kan.) Guidelines for Discovery of Electronically Stored Information (“Prior to the Fed. R. Civ. P. 26(f) conference, counsel should become knowledgeable about their clients’ information systems and their operation, including how information is stored and retrieved. In addition, counsel should make a reasonable attempt to review their clients’ electronically stored information to ascertain the contents, including archival, backup, and legacy data (outdated formats or media”).

The court in Peskoff v. Faber, 240 F.R.D. 26 (D.D.C. 2007) illustrated the point, when it ordered:

The [responding party] must therefore conduct a search of all depositories of electronic information in which one may reasonably expect to find all emails to Peskoff, from Peskoff, or in which the word “Peskoff” appears. Once the search is completed, [responding party] must make the results available to [requesting party] in the same format as the electronically stored information was previously The [responding party] must therefore conduct a search of all depositories of electronic information in which one may reasonably expect to find all emails to Peskoff, from Peskoff, or in which the word “Peskoff” appears. Once the search is completed, [responding party] must make the results available to [requesting party] in the same format as the electronically stored information was previously made available. [The responding party] must also file a statement under oath by the person who conducts the search, explaining how the search was conducted, of which electronic depositories, and how it was designed to produce and did in fact produce all of the emails I have just described. I must insist that the person performing the search have the competence and skill to do so comprehensively. An evidentiary hearing will then be held, at which I expect the person who made the attestation to testify and explain how he or she conducted the search, his or her qualifications to conduct the search, and why I should find the search was adequate.

Peskoff v. Faber, 240 F.R.D. 26, 31 (D.D.C. 2007).

More and more, courts expect counsel and their technical team to engage in a process that can be defended if challenged. FN2. The court’s scrutiny will likely focus on two factors: counsel’s selection of technical vendors; and the process used by counsel and its technical team to identify, harvest and process data. Id. One industry expert sees Phoenix Four, Inc., and similar cases, not only as “a mandate to engage experts,” but also an “obligation to select capable ones.” Worst Case, supra FN2 (quoting Michael Arkfeld). An attorney does not relieve himself of responsibility once he has turned engaged an expert, because “[i]t is ultimately counsel’s duty to preserve and gather discoverable ESI.” Worst Case, supra FN2 (quoting J. William Speros, referring to attorney liability with regard to vendor actions and discussing Residential Funding Corp. v. DeGeorge Fin. Corp., 306 F.3d 99, 108 (2d Cir. 2002) and In re Worldcom, 2004 WL 768573 (S.D.N.Y. 2004)).

FN2: See, e.g., Craig Ball, EDD Showcase: Worst Case Scenario, LAW TECHNOLOGY NEWS (Oct. 31, 2006) at http://www.law.com/jsp/legaltechnology/pubArticleLT.jsp?id=1162215324083, [hereinafter Worst Case] (quoting Michael Arkfeld, “[t]he bottom line is that when you handle electronic or paper evidence, you need to include quality control standards that assure disclosure of all responsive evidence to the opposing side. These efforts must be reasonable and documented…[i]n my experience, the one thing judges insist on is that you take reasonable steps to diligently search, process, and disclose responsive discovery.”).

Once the selection of a technical vendor has been accomplished, the process utilized to find and process the data should be closely monitored. Recall that the court in Peskoff warned that it intended to examine the process used by the responding party. In another case of an investigative process coming under scrutiny, a court clarified that it had required the producing party to reveal search terms it had used to identify relevant documents in order to give the requesting party “an avenue to test or assess the scope of the search terms.” In re CV Therapeutics, Inc. Securities Litigation, 2006 WL 2458720, at *2 (N.D. Cal ).

Before you go wild and crazy on your personal page on Facebook, or whatever your preferred social networking site is, you might remind yourself that whatever you publish may come back to haunt you. According to an article from the National Law Journal at Law.com, attorneys are, more than ever, trolling through social networking sites to see what nuggets of gold can be gleaned from adversaries’ pages:

In one case, [attorney Joan] Malbrough said she helped secure shared custody for the father after finding his wife had posted sexually explicit comments on her boyfriend’s MySpace page. In another case, a husband’s credibility was questioned because, on his MySpace page, he said he was single and looking.

Lawyers in civil and criminal cases are increasingly finding that social networking sites can contain treasure chests of information for their cases. Armed with printouts from sites such as Facebook and MySpace, attorneys have used pictures, comments and connections from these sites as powerful evidence in the courtroom.

Content on such sites have been taken into account during sentencing as well. In an age when technology is ever more embedded (or intrusive?) into our daily lives, and when criminal acts are often filmed by the very perpetrators committing them, digital evidence will become the rule rather than the exception. For many, it already has.

Two current ABA Journals have devoted significant space to electronic discovery. First, the Sept./Oct. edition of Business Law Today (a journal of the Business Law Section of the ABA–no links to stories, only available in print) has made the subject its “mini-theme,” with several articles looking at different aspects of e-discovery. Next, SciTech Lawyer (section membership required), a publication of the Section of Science and Technology Law of the ABA, has devoted most of its Fall issue to the topic.

One article I’d highly recommend is Sarah Michaels Montgomery’s “E-Discovery: Aligning Practice with Principles.” It discusses some of the areas where modern practice diverges from some basic principles of discovery, and the first item on the list concerns collection. I’d like to quote one paragraph that serves to illustrate her pessimism about always needing to collect data by capturing forensic images of custodians’ drives:

Responding to the suggestion that the E-Discovery Rules require a bit-by-bit image of all witnesses’ hard drives each time litigation is reasonably anticipated,” a colleague recently quipped:

We’ve been doing paper discovery for years, and no one has ever asked a witness to polyurethane his office. Witnesses have always opened file cabinets, gone through drawers, and reviewed paper documents to see what is relevant. Requiring a bit-by-bit image of every hard drive every time litigation is reasonably anticipated is like requiring all witness office spaces to be forensically preserved. Imposing sanctions because an electronic file was moved is ridiculous. No one would ever say in the paper context, “My witness moved a sheet of paper from his desktop to a folder. I guess you win.”

There are different collection procedures, and some are right in some situations, but wrong for others. Although a consultant can hardly be faulted for being conservative in his or her suggestions, the answer cannot simply be to always collect a mirror image. To be blunt, if that is the case, then there is no need for a consultant, only for a data collector with the right tools and experience. A true consultant looks at the framework that will determine spoliation (court’s and opposing counsel’s expectations), tie that framework to the available technical solutions, and make a reasonable recommendation. Ultimately, it is the call of the attorney managing the discovery project (or the client) as to what direction to take.

Computer Technology Review posts an article by Fios’ Brad Harris on data collection. Actually, it discusses both custodian identification and collection:

The first consideration in improving an organization’s litigation readiness is to identify where and how personal data is being created and stored. What applications are used to create messages and/or documents throughout the organization? Are application programs centrally managed to limit the types or versions being used?
[...]
Once an employee’s personal data repositories has been identified as potentially relevant to a particular matter, there are a variety of methods used to preserve or copy source files for electronic discovery. Typical collection methodologies range from user discretion, where the employee chooses which files are appropriate, to full forensics imaging that use investigative software to preserve an entire hard drive. Different methodologies have differing cost and risk impacts and, therefore, vary in their applicability.

The article is nicely done, and Brad created a neat matrix comparing the various methods of collection.

[HT: EDD Blog Online]