Post Process

Everything to do with E-discovery & ESI

Archive for the ‘EDD Basics’ Category

EDD Basics: breaks down the EDRM to techies

Posted by rjbiii on April 14, 2009 posts an article by Alan Radding meant to inform storage techies on the EDRM. From the article:

“For an IT person faced with finding e-discovery tools, the first thing I would do is take the EDRM diagram and go talk with your legal counsel,” said Matthew Todd, CISO and vice president of risk and technical operations at Palo Alto, Calif.-based Financial Engines Inc. The legal counsel should tell you which functions the IT group should do in-house. Then you can start looking at tools.

It’s a good primer, but it contains a complaint I find puzzling: that the EDRM doesn’t list tools (solutions that do the tasks illustrated by the model). The reason for that, of course, is that the model was deliberately built to be technologically-neutral. Of course, coming from the IT side, where one might be completely unfamiliar with the tools of this trade, I can see where a product guide would be helpful. But that is beyond the EDRM’s scope and purpose (although in writing this, I allow myself to put words in the mouths of the model’s creators…without any authorization to do so).

Posted in Articles, EDD Basics, Electronic Discovery Reference Model | Tagged: | Leave a Comment »

The EDD Hot Potato…lands at Counsel’s feet

Posted by rjbiii on December 16, 2007

We have blogged about the fact that many corporate law departments try laying the responsibility for Electronic Discovery projects at the feet of the IT staff. The post was partly motivated by this article. Yet, and we have mentioned this as well, case law indicates that it is up to the attorneys, and not the IT technicians, to properly manage the process. As Reed Smith’s Janet Kwaon and Karen Wan state in a new article, counsel delegates this responsibility at his or her own peril:

[I]n the current climate, given the interplay between ethical obligations and standards for professional conduct and these e-discovery requirements, attorneys may be surprised to learn that inattention to e-discovery may not only work to the detriment of clients — it may lead to professional malpractice or the imposition of sanctions on counsel.

In other words, pointing the finger at IT may not allow counsel to shift liability. And the problem is, there really is no easy fix:

The duty of a party to locate and produce all materials responsive to discovery and counsel’s oversight obligations are nothing new to the discovery process. What is new, brought on by the staggering volume of data and the complexities associated with their management, is the broad array of possible pitfalls and the ability to reveal mistakes and outright gamesmanship through the often inerasable trail of electronic evidence.

We have noted the complexities associated with electronic discovery before:

[E]lectronic discovery requires an understanding across several disciplines. Law, IT, records management, and compliance are some of those areas of knowledge from which any discovery team should draw. It is difficult for any one individual to have sufficient knowledge across all these areas, so communication between experts from these professions becomes important.

Furthermore, we have also advised readers that the selection of an EDD vendor is a critical point in any complex discovery project:

It is my view that the process used to select a vendor (or vendors) is one of those key points of time in the litigation, with respect to discovery. A thorough vetting of a vendor’s capabilities, technology, experience and reputation is essential to defending that decision in the future should the need arise.

So what can attorneys do to avoid some of the pitfalls of EDD that we have previously spotlighted? Well,

  • Take Discovery seriously. I mean it; stop laughing.
  • Learn the case law. Use our Case Bibliography as a starting point.
  • Understand the basic technical concepts (ask experts you hire, or plan to hire, about their methodologies).
  • Negotiate the 26(f) conference in good faith; and prepare for it as thoroughly as you would for a deposition, or hearing before the judge.
  • In-house counsel should learn the basics of their company’s IT infrastructure; outside counsel should assess both their own clients’ data enterprise, and that of the opposing party.
  • Hire EDD vendors and experts by thoroughly vetting the candidates. Remember, price is not everything.

Oh. One more thing. Read my blog!

Posted in Articles, Attorney Liability, Discovery, EDD Basics, Meet and Confer | Leave a Comment »

EDD Basics: What is a hash value (or hash code)?

Posted by rjbiii on November 19, 2007

An installment of our EDD Basics Series.

It has been referred as a “digital fingerprint” and compared to DNA. But what exactly is a hash value?

Briefly, and perhaps unhelpfully, a hash code is a “value,” in the form of a text string, that is calculated by a hash function. Basically, you take a bit of data, you chop it up and mix it all around, and you come up with a unique value. As long as it’s consistent (i.e., the same data is always identified with same hash code), and as long as it’s unique (mathematically unlikely to assign different sets of data the same hash code), then the method can be used, among other things, to identify identical files on an I.S. system, regardless of the name of the file.

In electronic discovery, the hash code is used to remove duplicate files from review or production. Removing duplicates from review reduces costs by allowing a reviewer to see and make a decision on a document once (and only once); the unseen duplicates are then marked in the same manner as the reviewed file. Removing duplicates from production can reduce the size (and therefore cost) of the production. Some care must be taken with respect to cross-referencing those removed identicals to the included original file. Furthermore, removing e-mail attachments can lead to confusion, and in some cases contention. E-mail messages often indicate the presence of attachments, and if those attachments are not present in a production, the requesting party will often point out that “documents are missing.”

The two most commonly used types of hash functions are MD5 and SHA-1. The MD5 is a 128 bit hash value, while SHA-1 is 160 bits. The MD5 is expressed as a 32 character hexadecimal number, while the SHA-1 is expressed as a hexadecimal number with 40 characters.

Posted in EDD Basics, Hash Values | 2 Comments »

Dealing with Search Criteria

Posted by rjbiii on November 8, 2007

A recent post of ours cautioned readers to be careful on formulating, and to use some method of verifying, their initial assumptions. We refer to initial assumptions with respect to EDD as assumptions on keywords, effective date ranges, and data sources that must be preserved for an electronic discovery project. has posted an article discussing keyword searches, and calls attention to one danger of not carefully considering the formulation of search criteria:

The results of a recent e-discovery keyword search should have come as no surprise. Working on a case related to a specific transaction, the attorneys requested production of all documents containing the word “buy.” Despite being cautioned against this broad search, they were reluctant to heed the warnings, and many unrelated documents were incorrectly deemed responsive. Unfortunately, it takes a $750,000 mistake like this one for some people to understand the benefits of using a strategic approach to keyword selection.

If this had been my project…well, never mind. As I have said repeatedly, it is essential for the initial assumptions used in extracting data for review to be thoroughly vetted, because the filter ultimately determines what documents the reviewer sees. Searches that are too broad cost time and money. Searches that are too narrow will miss vital data, and could cost the client even more in the long term (by skipping over helpful information or by landing them in hot water with the judge). The importance of the process of building a verifying a list should not be underestimated.

That said, keywords are not the panacea. New technologies, using concept-based ontologies and techniques continue to evolve, and will move us beyond the era of the boolean keyword search.

Posted in Articles, Best Practices, Cost of Discovery, Discovery, Duty to Produce, EDD Basics, Search Protocols, Trends | Leave a Comment »

The Basics on Sanctions

Posted by rjbiii on October 22, 2007

This is the Fourth Installment of Effectively Managing E-Discovery.

Which actions or omissions may give rise to sanctions is partly dependent upon the circuit in which one practices. First, the attorney approaching a discovery project of any size should not have any misguided notion that judges are apt to forgive a lack of familiarity of his client’s system. The Conference of Chief judges stated in a report it issued 2005:

While the manner in which this encouragement should be given will, of necessity, depend on the procedures and practices of a particular jurisdiction, the court should establish the expectation early that counsel must be well informed about their clients’ electronic records. FN1

FN1: Conference of Chief Judges, Guidelines for State Trial Courts Regarding Discovery of Electronically-Stored Information (Rev. Draft, Sept. 2005). See also, Leonard Dutchman, Preserving Data in the Wake of Amended Rule 37(f), (last visited October 30, 2006) (“It is ultimately counsel’s duty to preserve and gather discoverable ESI.”); Phoenix Four, Inc. v. Strategic Resources Corp., 2006 WL 1409413 (S.D.N.Y May 23, 2006), *5 (citing Zubulake V) (“Counsel has the duty to properly communicate with its client to ensure that ‘all sources of relevant information [are] discovered.’ “); Craig Ball, EDD Showcase: Worst Case Scenario, Law Technology News (Oct. 31, 2006) at, (quoting J. William Speros, referring to attorney liability and explicitly mentioning Residential Funding Corp. v. DeGeorge Fin. Corp., 306 F.3d 99, 108 (2d Cir. 2002) and In re Worldcom, 2004 WL 768573 (S.D.N.Y. 2004)) (“We’ve seen courts hold parties responsible for failing to supervise their vendors.”)

As a matter of principle, sanctions should be used sparingly. Fed. R. Civ. P. R. 37(b)(2). The Federal Rules of Civil Procedure authorize a court to issue, as sanctions for disobeying discovery orders, the following orders (not an exclusive list):

  • An order that the matters regarding which the order was made or any other designated facts shall be taken to be established for the purposes of the action in accordance with the claim of the party obtaining the order;
  • An order refusing to allow the disobedient party to support or oppose designated claims or defenses, or prohibiting that party from introducing designated matters in evidence; and
  • An order striking out pleadings or parts thereof, or staying further proceedings until the order is obeyed, or dismissing the action or proceeding or any part thereof, or rendering a judgment by default against the disobedient party.

Federal courts also possess an inherent authority to impose sanctions for the conduct of litigants in counsel regardless of whether the behavior at issue would be covered specifically under a rule or statute. O’Brien v. Ed Donnelly Ents., Inc., 2006 WL 2583327, at *2 (S.D. Ohio Sept. 5, 2006). The court is given a great deal of latitude in deciding what, if any, sanction should be imposed for bad conduct. Id. What kind of conduct may be penalized? The spectrum of attorney or disputant behavior subject to sanction is large, but for the purposes here, non-production or late production of relevant documents is behavior subject to sanctions, as is spoliation, and the destruction of evidence. Spoliation may be defined as “the failure to preserve evidence that is relevant to pending or potential litigation. See, e.g., Jimenez-Sanchez Restaurants, LLC, Civ. No. 05-1131 (JAG), 2007 WL 1098667, at *1 (D. Puerto Rico March 5, 2007).

The purpose of sanctions is to “deter parties from engaging in [prohibited conduct], place the risk of an erroneous judgment on the party who wrongfully created the risk, and restore the prejudiced party to the position it would have been in had the misconduct not occurred.” Consolidated Aluminum Corp. v. Alcoa, Inc., 2006 WL 2583308 (M.D.La. July 19, 2006). A court has “broad discretion to fashion appropriate sanctions on a case by case basis.” Phoenix Four, Inc., 2006 WL 1409413 at *3. The form in which sanctions can appear include:

  • Exclusion of “spoiled evidence.
  • Allowance of an Adverse Inference;
  • Allowance of further discovery by the party injured by the misconduct;
  • Monetary sanctions;
  • Dismissal of a case (for misconduct by the plaintiff or cross-plaintiff).
  • Default Judgment.

Although the flexibility accorded district courts is understandable, clarity is diminished because of it. Additionally, clarity suffers further from the fact that particular sanctions may be imposed for differing standards of conduct, depending upon the circuit in which the case is taking place.

Posted in Discovery, EDD Basics, Effectively Managing E-Discovery, FRCP 37(b), Inherent Power of Fed. Courts, Sanctions | Leave a Comment »

Definitions of “Document” and “Communications” included in discovery requests

Posted by rjbiii on October 18, 2007

I’ve just read an opinion highlighted by The Electronic Discovery Blog, where a paper production was found to be insuffient, so the court ordered a production in electronic format. The opinion notes that the discovery request included a definition of the terms “document” and “communications:”

“Communications” means any transmittal of information in any form or format, whether oral, written, or electronic, including, without limitation, all correspondence, inquiries, discussions, conversations, negotiations, agreements, understandings, meetings, telephone conversations and message logs, letters, notes, memoranda, telegrams, faxes, emails, or recordings. It is understood that all categories of documents described above shall include with respect thereto all communications as defined, whether or not expressly stated. The production of electronic communications should be accompanied by a description of the software and technology used to prepare the communications and needed to read them.

The term “document” means all writings of any kind, including the originals and all nonidentical copies, whether different from the originals by reason of any notation made on such copies or otherwise (including without limitation, correspondence, e-mail, memoranda, notes, diaries, statistics,
checks, statements, receipts, returns, summaries, pleadings, affidavits, depositions, pamphlets, books, prospectuses, inter-office and intra-office communications, offer notations of any sort of conversations, telephone calls, meetings or other communications, bulletins, printed matter, computer printouts, information contained in any computer although not yet printed in hard copy, teletypes, telefax, invoices, worksheets, and all drafts, alterations, modifications, changes and amendments of any of the foregoing), graphic or oral records or representations of any kind, (including without
limitations, photographs, charts, graphs, microfiche, microfilm, videotape, recordings, motion pictures) and electronic, mechanical or electrical records or representations of any kind, (including without limitations, tapes, cassettes, discs, recordings).

John B. v. Goetz, 2007 U.S. Dist. LEXIS 75457 (M.D. Tenn. Oct. 10, 2007) (emphasis in the opinion).

We just posted about an article on CNet describing how the definition of the term “document” has been expanded. I do have an issue with defining a document (as is done above) as “information contained in any computer although not yet printed in hard copy.” That seems rather nebulous. A document, I believe, is a coherent unit of information that may consist of a single file (a simple Word or Adobe file) or may consist of multiple files (an html page that includes images and the like separately, or a Word file that links to graphs and spreadsheets).

Posted in Discovery, Discovery Requests, EDD Basics, EDD Processing | Tagged: , , | Leave a Comment »