Lit-Readiness

Litigation Readiness

  • Education and Training
  • Policies for Hold Triggers 
  • Policies for Hold Implementation
  • Email Retention Policies
  • ESI Maps with 26b2B ID
  • Certified 37(e) Destruction
  • Information Governance
  • Artificial Intelligence based PreSuit protection (sort of like the Minority Report movie, but for civil wrongs, not crimes, and its not fiction, its real, albeit, cutting edge, and, oh yeah, Tom Cruise is not involved).

minority-report_Cruse_Losey

General. Litigation Readiness activities, which constitute the first pre-suit step of EDBP, are designed to facilitate the next four steps of EDBP: 2. Hold Notices, 3. Interviews, 4. Collections, and 5. Cooperation. These four steps occur in almost every case, even if discovery is stayed or the case is resolved early. Thus maximum efficiencies can be attained by  establishing set procedures to follow for Hold Notices, Interviews, Collections and communications with opposing counsel and court. Taking the time to prepare policies and procedures for e-discovery in litigation allows an organization to avoid expensive ad hoc inventions and variations. Litigation Readiness, when done correctly, should allow for substantial savings on future litigation expenses and reduce risk. Conversely, the failure to create and implement a reasonable litigation readiness plan, including ESI retention policies and lit-hold policies, can have a detrimental effect on preservation activities once litigation strikes. This is shown in Scentsy Inc. v. B.R. Chase LLC, No. 1:11-cv-00249-BLW, 2012 WL 4523112 at *8 (D. Idaho Oct. 2, 2012). Also see: Losey, R., Oral Hold Notice Invalidated as “Completely Inadequate” such that it “Borders on Recklessness” (2012).

Education and Training. There is a rapidly growing body of legal knowledge that should be learned by any attorney or paralegal that practices in this field of law, just like any other. There are also special skills that require training. Education and training are an important part of the practice of law in general, but no where are they more important than in electronic discovery. This field is so new, and advancing so fast, that it is very hard even for specialists that do nothing but e-discovery to keep up. As a consequence, everyone in this field must be both student and teacher. We must all spend time to train and be trained.

Policies for Hold Triggers. Organizational policies and procedures should be created to govern how an organization will determine when Litigation Holds should be triggered. See The Sedona Conference® Commentary on Legal Holds: The Trigger and the Process, September 2010.

Policies for Hold Implementation. Related policies and procedures should be created for the implementation of the Holds. These written policies must be tailored to the particular needs of the organization and have built-in levels of proportionality of response. Id.  The flow chart below adapted from the Sedona Commentary can be included as part of an organization’s standard policies and procedures.

Email Retention Policies. Written policies should be created or updated that are tailored to the particular needs of the organization and coordinated with the litigation hold procedures. This requires careful study before adoption and may involve different retention times for different classes of employees. See: The Sedona Conference® Commentary on Email Management, August 2007.

Maps of ESI with Rule 26(b)(2)(B. High level maps should be created that include designations of inaccessibility under Rule 26(b)(2)(B). Although detailed mapping of information systems and locations of ESI is no longer favored because of the high rate of change most organizations experience,  at least some high level mapping is helpful for any complex systems. The creation of these maps is an IT function, not legal, but the designation of certain areas within the ESI storage architecture as protected under Rule 26(b)(2)(B) is an important legal service.  See: The Sedona Conference® Commentary on Preservation, Management and Identification of Sources of Information that are Not Reasonably Accessible, August 2008. So too is the preparation of one or more IT representatives to provide depositions, affidavits, 26(f) conference input, and 16(b) hearing input to opposing counsel and the court.

Certified 37(e) destruction. Old ESI that is no longer needed by the organization should be purged from systems, but this must be done in a manner that tries to bring the process within the semi-safe-harbor protection of Rule 37(e), Federal Rules of Civil Procedure, and complies with all existing litigation holds. Great care must be taken to avoid destruction of ESI that might be subject to a litigation hold and these efforts must all be carefully documented. The destruction is guided by the Rule 37(e) requirements of good faith and routine operation of an electronic information system.

Depending on the circumstances, typically situations involving large scale data purges, an organization may want to have a third party supervise, audit, and certify good faith and compliance with mandated routines. These routines and retention policies should be completed and in place before the destruction of data. Outside counsel can serve as an independent auditor to certify that the ESI destroyed was not subject to holds and was otherwise carried out in good faith so as to entitle the organization to Rule 37(e) protection. Also see generally: The Sedona Conference® Commentary on Inactive Information Sources, July 2009.

For good suggestions on mistakes to avoid in 37(e) purges, which in turn also suggests particular procedures to follow, including creation of a log or record of what was destroyed, see the final installment to the Rambus litigation saga examining the plaintiff’s shred days before filing suit. Hynix Semiconductor Inc. v. Rambus Inc., Case No. C-00-20905 RMW, USDC ND Calif. (Sept 21, 2012).

Information Governance. This is a large catch-all type category, that includes the above policy initiatives and litigation readiness activities, and much more. It addresses a need larger than litigation readiness, one which all large organizations have, for global policies and procedures to govern all information, both paper and electronic. The policies include:

  • Policies governing the retention and destruction of ESI of every form, not just email;
  • IT and employee security issues;
  • Information privacy and security issues;
  • Employee permitted use issues.

See: The Sedona Guidelines: Best Practice Guidelines & Commentary for Managing Information & Records in the Electronic Age, November 2007; The Sedona Conference® Commentary on Information Governance (Dec. 2013) (describes eleven principles on IG practice that all organizations should strive to adhere to).

For the latest in this area see the Information Governance Initiative that was launched in 2014. Their goal is to develop best practices for information governance using an interdisciplinary approach. The IGI website contains a broad list of activities they consider to be within the scope of Information Governance:

  • Information security
  • Data science
  • Electronic discovery
  • Business management
  • Compliance
  • Business intelligence
  • Analytics
  • Records management
  • Finance
  • Audit
  • Privacy
  • Risk Management
  • IT and Infrastructure Management

As you can see IGI considers Electronic Discovery to be a subset of Information Governance. In that sense Information Governance activities, which, according to IGI’s explanation, includes such things as Business Intelligence and Management, goes well beyond the scope of the EDBP. Our mission is limited to a collection of legal best practices for electronic discovery.

Artificial Intelligence based PreSuit protectionThis is the use of predictive analytics of corporate email, and other ESI, to detect and prevent law suits before they happen. See: PreSuit: How Corporate Counsel Could Use “Smart Data” to Predict and Prevent Litigation. I call this data analytics based program PreSuit. It is based on search methods I have developed. It is not tied to any specific predictive coding software, although the software must have certain basic minimum capabilities. These are listed along with other details of the program at PreSuit.com.

I understand that a few other attorneys are also beginning to develop such software agnostic services under the general name of email analytics. A few vendors have developed software specifically designed for this task, including one called Email Auditor by UBIC. I know that several others are now under development. I am unsure of how or whether they they can be used with the methods I’ve developed.

PreSuit™, once fully developed, could become the ultimate in corporate compliance. PreSuit™ has the potential to become the ultimate in corporate compliance. It can detect burgeoning misconduct in the workforce so that corrective action can be taken to avoid litigation. It relies on the use of what I call “smart data,” which is ESI that includes a probability of connection with wrongful conduct. For full details see PreSuit.com. It may sound like Minority Report science fiction, but AI-enhanced review now makes this kind of Big Data possible. See LegalSearchScience.com.

PreSuit™ works by realtime monitoring of an organization’s email communications to identify correspondence and connections that have a high probability of association with illegal and wrongful actions of all kinds, including discriminatory conduct, other kinds of torts and statutory violations, breach of contract, fraud, trade secret theft, etc. By using artificial intelligence to audit and analyze corporate communications, and other ESI, wrongful conduct can be detected early, before it matures into litigation. General counsel can take appropriate corrective actions before the conduct becomes even more serious and expensive to correct. Once PreSuit™ is fully developed, it will be the ultimate in litigation avoidance.

Presuit

_______________

More detailed descriptions of best practices for Litigation Readiness will follow. In the meantime, if you have any suggestions and care to contribute to this project, or any questions (nothing case specific please), please leave a comment below.

 

3 thoughts on “Lit-Readiness

  1. Ralph,
    I recommend that EDBP emphasize lawyer/law firm and client security and information privacy issues in a preemptive and separate fashion in the EDBP model, as I feel it is the cornerstone of the attorney client relationship and the ability of counsel to effectively represent their client. In a lawyer-centric model it seems to me that it would be most important prelitigation to (1) ensure that the Law firm’s information managment and security systems are absolutely current and that lawyers are following them (BYOD comes to mind); (2) identify significant confidentiality and privilege issues viz-a-viz this particular client and this particular case; (3) determine potential challenges to security (i.e., will there be e-mail communication with the client; will mobile devices be in play); and (4) ensure that the lawyer’s staff and the client understand the need to safeguard confidences and privileged matter and know how that will be done. All this is done before addressing “IT and security issues” and specific “Information privacy issues”.

    Here is my view based on current lawyer (and judge) engagement in and understanding of eDiscovery: THEY DO NOT REALIZE ALL THE RAMIFICATIONS OF USE OF TECHNOLOGY BY THEMSELVES, LET ALONE THEIR CLIENTS. Even so-called sophisticated lawyers are getting into trouble with inability to safeguard client confidences (including trade secrets and irrelevant sensitive information as well as the privileged stuff). Why is it important for lawyers to understand information technology and to remain current in how people create, store and share information? The answer to this question is much more fundamental to law practice that most lawyers realize. The truth is, knowing the culture and devices that make up current information technology is involves efficiency, effectiveness, and power; but the more fundamental requirement for knowing these things is the ability to maintain your confidences and the clients’ confidences. It is all about security and proper procedures.

    For the legal community, privacy and confidentiality are not mere buzzwords. They are the cornerstone of the attorney-client relationship and necessary for the preservation of privilege as well as the trust of clients. The trust in the attorney-client relationship is not just about compliance with ethical standards; it is a measure of trust that is needed to build a relationship with an individual. For a firm, such trust may be even more important to survival than success or failure in a given case. In the current times, understanding technology and knowing the measures needed to protect privacy and confidentiality go to the very essence of the attorney-client relationship.

    Thus, it is up to the attorney to have a discussion with his or her own staff and with the client to plan on how security will be achieved. I feel this should be clear in the EDBP as a requirement at the outset of the case, whether the client is an individual in a divorce case or an organization in a big commercial case.

    The question still remains: How can the attorney properly advise the client of how to secure information if the attorney does not understand how to do it? But that is beyond the EDBP. It is the education gap about which you have eloquently blogged.

  2. From an email by a practicing attorney Manhattan:

    Litigation Readiness
    1. “Email Retention Policies” seems too limiting in light of the growth of social media and mobile applications as communication vehicles (before you know it, I think we’ll be thinking of email like we think of postal mail). Maybe use “Data Retention Policies” or “Electronic Communication Policies” or “Records Retention Policies”
    2. You may want to consider combining “Email Retention Policies” with “Information Governance”
    3. I don’t understand the “ID” reference under ESI Maps
    4. I don’t understand the “Certifies” reference under 37e Destruction
    5. Maybe add having a “Multi-disciplinary Team” lined up to address the issues (although I think that would/could be covered under “Information Governance”)
    6. Under “Notify” I would add Legal (as in in-house counsel)
    7. I suggest changing “Cross-Border Issues” to “Cross-Boarder/Privacy Issues”

  3. Ralph,

    This is a wonderful tool. Since I have focused my practice on the proactive Litigation-Readiness part, I would suggest that section be modified slightly. First, making it larger and/or more prominent in the diagram would help show how significant it is to the whole process. Those items listed in that section are fundamental and the necessary foundation to achieve good E-Discovery results. Can you imagine how different the E-Discovery process becomes when there has been no Information Governance? It becomes a reactive exercise of desperation. Secondly, I would take your list of Pre-Suit Activities and modify them slightly: Policies for Hold Triggers and Implementation; Information Retention and Privacy Policies; Information Governance; Cloud Governance; ESI Maps;Certified Destruction

    Privacy rules are evolving all the time and warrant being mentioned during this phase. Considering privacy protection issues early and often is important, especially when global and cross-border issues may be present.

    Email Retention Policies are important but I believe changing the description to “Information Retention Policies” is more accurate and helpful. Email is shrinking as a method of communication in the corporate world. Internal Wikis and Social Media style applications, as well as text and instant messaging applications are expanding. These are repositories that will certainly be the target of discovery and yet they are often missed or under-estimated as a part of ongoing corporate Information Governance practices. The earlier they are considered in the process, the better.

    The reason I added Cloud Governance, a term I have used with my clients, is because there are often special considerations and procedures necessary to secure and review data.

    If you feel there my suggestions are worthy of inclusion, I would be happy to elaborate.

Please leave a comment and help improve EDBP