Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

How to Avoid eDiscovery Production Disasters

430 visualizaciones

Publicado el

Avoid eDiscovery production disasters. In this presentation, you'll learn recent case law related to waiver and sanctions arising from production failures, techniques for avoiding inadvertent disclosure of privileged files, and best practices for securely producing discovery files to opposing parties.

Publicado en: Derecho
  • Sé el primero en comentar

How to Avoid eDiscovery Production Disasters

  1. 1. How to Avoid eDiscovery Production Disasters October 4, 2017
  2. 2. Agenda Data Breaches Meets eDiscovery Do Hackers Follow Protective Orders? Data Breaches And Hacks Throughout the Ages The Real Problem is Not With The Technology, But With Ourselves 2
  3. 3. Presenters Michael Simon | Attorney and Consultant | Seventh Samurai 3 Scott Borrowman | Senior Attorney | Redgrave
  4. 4. >>> Data Breaches And Hacks Throughout the Ages (defining “ages” as “just this year”)
  5. 5. September: disclosed breach of 143 million records = 75% of US adult population Credit card numbers for 209,000 U.S. consumers PII (SSN#) for about 182,000 U.S. consumers Waited 6 weeks Insult to injury: right to sue waiver to check impact, get monitoring CSO, CIO and then CEO all “retired” Image courtesy of ArsTechnica
  6. 6. September: Public admission that 5mm emails stolen Legal investigation began in April Email system admin account hacked last fall Confidential client data stolen – 6 clients informed so far
  7. 7. June: Petya ransomware attack From Ukraine local office tax software Without email AND phones for 3 days Tweeted all over the world
  8. 8. Not the first BigLaw victim WSJ last year: Cravath and Weil Gotshal (plus more?) Intruders seeking insider info for publicly traded companies DoJ charges 3 Chinese men for $4 mm from trading insider info from BigLaw AmLaw200 Chicago law firm sued for lax security policies “Panama Papers” also involved law firm Key = tons of client info
  9. 9. >>> “It’s Data Breaches Meets eDiscovery”
  10. 10. ’This case of cyber meets securities fraud should serve as a wake-up call for law firms around the world,’ (then) U.S. Attorney Preet Bharara said . . .. ‘You are and will be targets of cyberhacking because you have information valuable to would-be criminals.’”
  11. 11. “The reality is this has already been happening – we just haven't necessarily identified the hacks.” - Lael D. Andara, patent litigation partner at Ropers Majeski and Chair of eDiscovery Electronics Services Protocol
  12. 12. Quiz: What Part of the EDRM = most dangerous for data security? A. Preservation B. Collection C. Processing D. Review E. None of the Above
  13. 13. Answer: The Part of the EDRM = most dangerous for data security A. Preservation B. Collection C. Processing D. Review E. None of the Above
  14. 14. Long-running, multi-billion dollar patent dispute Associate at one of Samsung's outside firms failed to properly redact a sensitive and confidential Apple contract with Nokia
  15. 15. Per the court order on the sanctions hearing: “The information was then sent, over several different occasions, to over fifty Samsung employees, including high-ranking licensing executives” “on at least four occasions . . . Samsung's outside counsel emailed a copy of some version of the report to Samsung employees . . . ” Also posted to a Samsung company intranet
  16. 16. During a meeting between Samsung and Nokia execs, a Samsung exec bragged – again per the court order: “that the terms of the Apple-Nokia license were known to him“ “to prove to Nokia that he knew the confidential terms of the Apple-Nokia license, [he] recited the terms of the license, and even went so far as to tell Nokia that ‘all information leaks.’” Result = $2 million in sanctions
  17. 17. Harleysville Ins. Co. v. Holding Funeral Home, Inc., Case No. 1:15cv00057 (W.D. Va. Feb. 9, 2017)
  18. 18. Insurance company needs to get big video file to investigator
  19. 19. Step 1: Insurance company puts video in unsecured Box folder
  20. 20. Step 2: Company re-uses Box to get confidential case file to attorneys
  21. 21. Step 3: Attorneys download copy of case file
  22. 22. Step 4: Plaintiff’s attorneys get the email from NICB with the Box link in subpoena response
  23. 23. Step 5: Plaintiff’s attorneys use that link to download the confidential case file
  24. 24. Step 6: All Hell breaks loose
  25. 25. Insurer claims privilege, seeks return of file Attorney-client privilege = state law ≠ sufficient precautions to protect privilege Work product doctrine = FRE 502(b) ≠ “inadvertent” so not applicable Strongly implies that even the FRE 502(d) “Get of Jail Free Card” wouldn’t work!
  26. 26. Battle between 2 brothers Former adviser brother for bank sued current advisor brother over deal gone bad Third-party subpoena to bank Attorney for bank reviewed and redacted documents . . . SOME documents . . .
  27. 27. Turned over “copious spreadsheets with customers’ names and SSN# Plus details like the size of their investment portfolios and fees For 50k of the bank's wealthiest clients Without a confidentiality agreement or protective order What's worse, the receiving party then took that information and showed it to the New York Times – which then wrote about seeing it misunderstood the discovery software, reviewing only the 1,000 documents the discovery technology showed, rather than the entire body of electronically-stored information. Documents were overlooked; files flagged for redaction were never redacted.
  28. 28. Receiving party showed it all to the New York Times Which of course then had to write all about it . . .
  29. 29. Attorney had to file affidavit with NY and NJ courts Claimed she misunderstood the discovery software Reviewed only the 1,000 documents the discovery technology showed Files flagged for redaction, but weren’t redacted
  30. 30. Soon got docs back . . . This was unfortunate timing
  31. 31. >>> Do Hackers Follow Protective Orders?
  32. 32. “Structuring a protective order that includes encryption and other safeguards to maintain proprietary business data will be the norm in the next few years, . . .” “Encryption should be directly addressed in the protective order along with the logging of who had access to the data.” - Lael D. Andara
  33. 33. Under FRCP 26(c), “a party or any person from whom discovery is sought may move for a protective order in the court where the action is pending.” U.S. courts have discretion, upon a showing of “good cause”, to condition production “to protect a party or person from production annoyance, embarrassment, oppression, or undue burden or expense.” Good cause may be established when the party seeking protection demonstrates that the information implicates privacy interests worthy of protection and that disclosing such information would create a clearly defined and serious harm.
  34. 34. No FRCP support to protect EVERYTHING Many judges don’t get eDiscovery Most judges don’t get Cybersecurity
  35. 35. >>> The Real Problem is Not With The Technology, But With Ourselves
  36. 36. We try to protect it in the “real world” – like paper When we should be protecting where it lives We still treat data like paper
  37. 37. Request native files when best for the case Maintain integrity through the process Don’t revert 10 years back: “. . . an attorney at Pillsbury Winthrop Shaw Pittman, told Legaltech News that for the most sensitive data, ‘we are advising clients to consider hosting it themselves’”
  38. 38. Don’t be a jerk just to be a jerk To prevent it from being “too easy” for the other side
  39. 39. Run up costs for your client Make eDiscovery battles the focus of the case Forget that judges hate discovery . . . . . . and eDiscovery even more Ruin your credibility with the judge
  40. 40. How to Avoid eDiscovery Production Disasters Thank you for attending! Scott Borrowman Redgrave LLP 415.471.2040 Michael Simon Seventh Samurai, LLC 508-429-0923 October 4, 2017