All posts tagged data collection

Learning to “Like” Social Media EDiscovery

There is no way around it—social media has become an integral part of our everyday communication. It is no longer just some fleeting trend among the cool and hip. The use of social media has increased exponentially in the past few years. Evidence? How about these numbers:

  • Facebook has exceeded one billion users
  • Twitter has more than 500 million users

Social media is also no longer limited to personal use. Approximately 80 percent of companies now use social media to market products and build consumer relationships. Not only is social media a staple in everyday communication, it is now smart business.

While “friending” and “tweeting” provide numerous benefits, legal professionals have been anxiously mulling over the numerous challenges of social media ediscovery. In 2012, issues related to privacy, discoverability, preservation, collection and authentication of such data permeate discussion amongst courts, litigators and commentators. Although governing standards have yet to emerge on these issues, expect best practices regarding social media to continue to evolve.

  • Discoverability –

    As demonstrated by E.E.O.C. v. Original Honeybaked Ham Co. of Georgia Inc.,[1] many courts have favored broad discovery. There, the court reasoned that social media data was the logical equivalent of an “everything about me” folder with a bevy of relevant information. However, other courts have rejected broad discovery of such data, finding that the Federal Rules do not grant a generalized right to rummage at will through information a person has limited from public view.[2]

  • Preservation and Collection –

    Due to the intricacies of social media electronically stored information (ESI), which is frequently changing and retained by the platform provider on remote servers, preservation is no easy task. Additionally, social media collection options such as taking screenshots and proxy monitoring are still rudimentary at best. Regardless of the method chosen, counsel must start early, obtain consent and request login information before collecting.  Counsel should also consider retaining an expert to avoid potential issues later on in the discovery process.

  • Authentication –

    The contents of these sites are not self-authenticating documents, so legal professionals often have to be proactive to ensure the account holder posted the relevant information. Best practices suggest that practitioners should collect as much evidence as possible—including subscriber reports from the service provider and relevant metadata—to resolve questions about ownership, access to the account and authorship of the post.

Practices and laws regarding social media ediscovery will remain in a constant state of change. Ignoring social media is no longer feasible, practical or defensible. At the end of the day, legal professionals must “follow” or “like” such change to stay ahead of the curve or at least ride the crest of the wave.

[1] 2012 WL 5430974 (D. Colo. Nov. 7, 2012)

[2] Tompkins v. Detroit Metro. Airport, 2012 WL 179320 (E.D. Mich. Jan. 18, 2012)

Ten Tips for Managing Social Media in Ediscovery

Ten Tips for Managing Social Media in Ediscovery

With increasing frequency, companies across the globe are leveraging social networking tools to effectively market products and build consumer relationships. However, for an unprepared litigant, a discovery request can quickly go sour due to the dynamic nature of information stored on these sites. Below are ten tips to help manage risks and meet discovery obligations associated with social media.

  1. Start preparing now.  The Federal Rules of Civil Procedure consider “any type of information stored electronically” discoverable—which generally includes data from social media.1 Although case law is still developing, Gartner predicts that by 2013, 50 percent of all companies will have been asked to produce material from a social media site for ediscovery.2 To avoid being blindsided by a request for such data, corporations and counsel should start managing social media now.
  2. Issue litigation holds early. Since social media data is discoverable, the duty to preserve falls on the parties named. However, several preservation challenges arise due to the unique nature of the data, which is not only constantly changing, but also password protected and stored on remote servers. Furthermore, there are few reliable technologies available to preserve this data. Based on these factors, timing is critical for proper preservation: if litigation is anticipated, all relevant data should be identified immediately and litigation holds should be issued to account holders and service providers.
  3. “Privacy” settings will not protect social media data from discovery. Although a uniform standard has yet to emerge, the judiciary generally seems to be moving toward greater permissiveness for the discoverability of social media. Based on recent decisions, there exists the strong likelihood that privacy concerns will be outweighed by a sufficient showing of relevance. Notably, courts have reasoned that the very nature of these sites requires disclosure,3 dismissing expectations of privacy as “wishful thinking.”4
  4. Obtain consent before collecting data. Social media data is usually retained solely by the service provider, and collecting it without consent of the user can violate federal or state wiretapping laws. Before attempting to access any information from a social networking site, make an effort to obtain the user’s consent or a court order.
  5. Don’t “false friend” to collect from social media. Courts and ethics committees strongly disfavor “friending” under false pretenses. Thus, anyone investigating a user cannot represent him or herself as a “friend” in order to gain access and surreptitiously collect data.5
  6. Avoid self-collection. In contrast to e-mail, servers or hard drives, collecting social media data collection is akin to existing web collection practices using page captures or web crawlers. To ease the collection process, sites like Facebook offer a “download your information” option. However, as in any data collection scenario, self-collection risks spoliation, so it is always smarter to collect with the assistance of an expert consultant.
  7. Leverage a service provider to conduct review.  Arranging collected information for review poses several challenges, such as whether “families” must be maintained or whether each user’s collection should be presented in a single review document. These questions are better addressed when discussed with a service provider to ensure the most seamless review possible.
  8. Consider pertinent laws, such as the Stored Communications Act. Courts are beginning to order production of social media data. However, the Stored Communications Act (SCA) prohibits “Electronic Communication” and “Remote Computing” providers from divulging the content of its users’ communications and data.6 Case law relating social media production to the SCA is scarce; however, the Central District of California determined that social media sites acted as both Electronic Communication Service and Remote Computing Service providers—thus prohibiting production from a provider.7
  9. Don’t ban use of social media outright. According to a 2011 study, nearly 80 percent of Fortune Global 100 companies leverage at least one form of social media to conduct business.8 Policies that effectively ban social media in the workplace would rob an organization of a valuable tool for marketing products and connecting with consumers.
  10. Craft proactive policies that encourage prudent posting. In order to leverage the benefits of social media while mitigating the risks it poses for litigation, companies and counsel should craft proactive policies that manage employee use of social media. Such a policy should be well disseminated, detailing a no-privacy stance while reserving the company’s right to monitor usage. Furthermore, policies should be flexible to properly mesh the evolving role of these sites with existing information policies, applicable regulations and corporate culture.

Social media is here to stay. Practitioners and organizations must proactively address the impact these sites have on litigation and information governance. While the items identified above are a great start to understanding the potential issues posed by social media in the workplace, there is no “one size fits all” approach to managing this data. If you are unsure how to approach these difficult issues, engage a trusted custodian to navigate the tricky waters of these virtual mediums.

1Fed. R. Civ. P. 34(a) advisory comm. notes.

2 Debra Logan, Social Media Governance: An Ounce of Prevention, Gartner Research (Dec. 17, 2010).

3 See, e.g., EEOC v. Simply Storage Mgmt, LLC., 270 F.R.D. 430 (S.D. Indiana 2010); Zimmerman v. Weis Markets, Inc., No. CV-09-1535 (C.P. Northumberland May 19, 2011).

4 Romano v. Steelcase, Inc., 907 N.Y.S.2d 650 (Sept. 21, 2010).

5 See, e.g., N.Y.C. Bar Assoc. Comm. on Prof’l Ethics, Formal Opinion 2010-2 (Sept. 2010); Phila. Bar Assoc. Prof’l Guidance Comm., Ethics Opinion No. 2009-02 (March 2009).

6 18 U.S.C. §§ 2710 et seq.

7 Crispin v. Audigier,Inc., 2010 WL 2293238 (C.D. Cal. May 26, 2010).

8 2011 Fortune Global 100 Social Media Study, The Burson-Marsteller Blog (Feb. 15, 2011),

3 De-duplication Options: How Do You Choose?

3 De-duplication Options: How Do You Choose?

When collecting raw ESI from multiple individuals, there are bound to be tremendous amounts of duplicative documents. In company-wide e-mail chains, for example, a message is sent to multiple recipients and stored within each individual’s mailbox. Depending on your organization’s data retention policies, copies of the same file might also be found on the employee’s hard drive, file server, or company backup tape.When collecting raw ESI from multiple individuals, there are bound to be tremendous amounts of duplicative documents. In company-wide e-mail chains, for example, a message is sent to multiple recipients and stored within each individual’s mailbox. Depending on your organization’s data retention policies, copies of the same file might also be found on the employee’s hard drive, file server, or company backup tape.

For the attorney tasked with identifying, collecting and reviewing ESI, an exhaustive review of a document set rife with duplicates threatens the timeliness, cost effectiveness and efficiency of a project. The risks intensify during review, where duplicate documents increase the potential for inconsistent privilege and responsiveness decisions on identical documents.

To mitigate these concerns, many practitioners turn to de-duplication technologies, where duplicate documents are identified and managed during ediscovery processing to minimize redundant review. Effectively, de-duplication can reduce the number of documents to be reviewed by as much as 90 percent, and, on average, 30 or 40 percent.

For the attorney tasked with identifying, collecting and reviewing ESI, an exhaustive review of a document set rife with duplicates threatens the timeliness, cost effectiveness and efficiency of a project. The risks intensify during review, where duplicate documents increase the potential for inconsistent privilege and responsiveness decisions on identical documents.

To mitigate these concerns, many practitioners turn to de-duplication technologies, where duplicate documents are identified and managed during e-discovery processing to minimize redundant review. Effectively, de-duplication can reduce the number of documents to be reviewed by as much as 90 percent, and, on average, 30 or 40 percent.

With de-duplication, an electronic “fingerprint” is created for each document at the bit level, by leveraging a hashing algorithm. The resultant fingerprints are measured against one another to determine which documents are exact duplicates. Fingerprints change with nearly any type of modification to the file —such as an extra space or formatting changes—and stand out when measured against the existing document universe.

However, identifying duplicates is only the first step. Simply removing all duplicate documents robs the reviewing attorney of potentially important contextual information—such as who maintained or had access to an important e-mail or document. Sophisticated e-discovery technologies have evolved to allow several options for discovery teams to examine these associated details.

With the Kroll Ontrack e-discovery processing engine, case teams have several de-duplication options. When choosing a de-duplication method, careful consideration of case needs should be measured in relation to the following options:

  • No de-duplication: All duplicate documents are provided for review and categorization, producing the largest number of documents for review. This method is strongly discouraged for cases involving voluminous amounts of data from backup tapes or collected over various occasions.
  • Global or horizontal de-duplication: As each file is uploaded, it is compared to the entire data set for the e-discovery project. Only the first instance of each unique document is provided for review and categorization, resulting in the fewest number of documents for review. However, care should be taken when employing this method of de-duplication, as only one document will remain without any consideration of its relevance to the case over other duplicates.
  • Per custodian or vertical de-duplication: Each file is uploaded and compared to a limited set of documents form the same document custodian, time period, or other data slice segment of documents. Only the first instance of each unique document per custodian or data slice will be provided for review. However, the same document may exist in other custodians or data slices and may then be provided for independent review. This type of de-duplication is particularly useful when processing multiple tapes for the same custodians over time or when discerned the context of the specific document in relation to the custodian.The deduplication options above are applied to documents as they are processed. Additionally, as documents are reviewed, they can be identified for relative similarity, called near duplicate identification, which ascertains similar documents that differ by simple formatting, document type or other semantic differences. These documents are often identified and grouped by one document—the “core” of the group. All related near-duplicate documents are compared to this core document. Near duplicate identification can help the reviewer better understand the relationship between the documents, allowing for mass actions on groups with similarities.Regardless of the method chosen, de-duplication can result in tremendous savings when properly leveraged to meet the needs of a project. However, it can also be wrought with complexity and pitfalls if improperly utilized. To avoid these risks and increase your efficiencies, contact your Kroll Ontrack Case Manager.

Case Law: Green v. Blitz U.S.A., Inc.

Case Law

Defendant Sanctioned for Unreasonable Discovery Efforts; Required to File Order in Past and Future Lawsuits

Green v. Blitz U.S.A., Inc., 2011 WL 806011 (E.D. Tex. Mar. 1, 2011). In this products liability litigation, the plaintiff sought to re-open the case and requested sanctions alleging the defendant systematically destroyed evidence, failed to produce relevant documents and committed other discovery violations in bad faith. The plaintiff’s counsel uncovered the unproduced documents nearly a year after trial while conducting discovery in a related matter. Analyzing the dispute, the court determined the e-mails not produced were extremely valuable and prejudiced the plaintiff. The court found the defendant’s discovery efforts were unreasonable, as the defendant placed a single employee who was admittedly “as computer literate—illiterate as they get” in charge. Moreover, the defendant did not conduct a search of electronic data, failed to institute a litigation hold, instructed employees numerous times to routinely delete information and rotated its backup tapes repeatedly permanently deleting data. Although the court declined to re-open the case, it ordered the defendant to pay $250,000 in civil contempt sanctions. Additionally, the court imposed a “purging” sanction of $500,000, extinguishable if the defendant furnished a copy of the order to every plaintiff in every lawsuit proceeding against it for the past two years. Finally, the court ordered the defendant to file a copy of the order with its first pleading or filing in all new lawsuits for the next five years.


Data collection is a phase of the discovery process that continues to plague practitioners and corporations alike. Although this topic is often overlooked in many industry events, web seminars and other educational activities (though it has been discussed frequently on this blog: cell phones, social media and defensible data collection processes) the importance of conducting a proper data collection is absolutely paramount to the defensibility of your process.

In Green v. Blitz U.S.A., Inc., the defendant assigned responsibility of the data collection to a manager who later described himself “about as computer…illiterate as they get.” Not exactly a vote of confidence to the court. Indeed, a process can hardly be found defensible and reasonable if an inexperienced person is placed in charge of a process as essential as collection. The court determined that “[a]ny competent electronic discovery effort would have located this email.” The e-mail referenced by the court had the words “Flame Arrester” in the subject line of the e-mail and included the person in charge of collecting documents for discovery. The flame arrester feature of the product in question was the major issue in this case, hence why the court seemed almost baffled that the collection efforts did not include a simple words search for this term in important custodians’ e-mail boxes.

Other glaring issues in this case involved the failure to issue a litigation hold (a topic frequently discussed in conjunction with sanctions based on case law over the past year and a half). Indeed, the defendant actually instructed the employees to routinely delete electronic data, as documented by at least 10 e-mails across a two-year span.

This case demonstrates how absolutely essential it is to have thorough, competent discovery processes and plans in place. In addition, data collection is an area where it is almost always advisable to utilize a third-party expert, who can then testify that the process was completed defensibly if called into question. Implementing a smart discovery strategy now will enable a sound response once a request for ESI is received, or once litigation is reasonably anticipated. These short-term investments will reap long-term gain in terms of helping to avoid sanctions such as the ones imposed in this case.

Multilingual Madness

Cross-border discovery is an increasing reality in today’s globalized world. Corporations and practitioners alike must begin the process of becoming education with regard to the intricacies involved in multilingual discovery in order to avoid common ediscovery pitfalls.


One of the first challenges will be data collection and the primary considerations include: location, people, tools and laws.

  • Location: It is important to identify as early as possible where the data you need to collect is located in order to create an efficient discovery strategy. In many cases, the data is scattered throughout several countries and is comprised of multiple languages, and you may need a separate plan of attack for gathering the data.
  • People: A thorough and defensible, yet timely collection is of vital importance to your discovery efforts. Be sure to send only qualified and experienced people to work on the collection, especially when the collection occurs abroad. If possible, look to leverage a data collection effort by utilizing local collection experts.
  • Tools: Certain collection tools commonly used for electronic English-language data collection do not support collecting data in other languages. You must ensure that your collection tools support any languages or character sets you might encounter in collection.
  • Laws: Collecting data on foreign soil may raise legal roadblocks not common in the US. It is prudent to confer with local counsel to fully identify local data transfer rules, privacy regulations and jurisdictional issues specific to that location before you deploy your collection team.

Filtering & Processing

After data collection is complete, legal teams are then faced with the challenge of filtering and processing the data. One thing the legal team should consider is character encoding, which allows a computer system to recognize and display English and other language characters. In addition, the legal team should look for an ediscovery provider who can pass along language identification information via a metadata field. Next, legal teams should evaluate what search options will be available with a data set that includes multilingual data and consult with an expert regarding search considerations and methodologies. Finally, legal teams should look for a service provider who can generate reports early in the process regarding language(s) identification, document count for each language and language breakdown by custodian.

Review & Production

Finally, multilingual data presents unique challenges in review and production. In terms of document review, a legal team has a few options: use native speaking attorneys to review documents in their native language, translate the documents into English for a review or use a hybrid of these methods. As a general rule, using a native speaker is more accurate than translation, but is also more expensive. Moreover, human translation is generally more accurate than computer translation, but likewise more costly.

When deciding on which review method to utilize, the prudent practitioner must consider the importance and the volume of the multilingual documents that need to be reviewed. Review by native speaking attorneys or human translation may not be practical to complete within discovery deadlines, financially feasible or necessary. On the other hand, in many jurisdictions the producing party has the burden of proving their privilege review was reasonable for purposes of assessing whether they waived attorney-client privilege in the event of inadvertent disclosure. Deliberately choosing the review method (native review, human translation or computer translation) for multilingual documents increases the defensibility of the review. In other words, the ability to articulate reasons why one review method was chosen over another strengthens the “reasonableness” argument.

Turning to production, several unique considerations arise in the context of multilingual ediscovery production. First, agreeing with opposing counsel early on regarding production language is crucial. A document may either be produced in its native language, in English or both. Moreover, parties should also agree on production format. Production format options for multilingual data are the same as for other electronically stored information: native format, a load file, an online repository or print. Last, parties should agree in advance on production ordering and sequencing. Multilingual documents can be organized for production solely by custodian irrespective of the document’s primary language, or can be further organized by both custodian an language. The old saying is true: an ounce of prevention is worth a pound of cure and the key to managing each of these production considerations is the same – agree in advance! The ideal time to discuss and reach an agreement on multilingual ediscovery production options is during a Rule 26(f) conference. Early party consensus on production language, format, and ordering and sequencing is crucial to developing your discovery plan, and may avoid costly disputes and potential re-dos later in litigation.

The bottom line: a legal team can avoid discovery disasters and leverage opportunities throughout the process by educating themselves about the process, planning ahead for the inevitable and partnering with an experienced e-discovery service provider that possesses the technological tools and expertise necessary to navigate the waters of multilingual ediscovery when involved in complex litigation, investigations or compliance matters.

Inherent Challenges & Risks Associated with Data Collections

First, data storage has become less expensive throughout the years, and as a result many organizations are storing larger volumes of data in disparate locations for longer periods of time. The tendency to “hold onto” data has exponentially increased the cost, effort and time required to collect electronically stored information (ESI). In addition, the advent of new data storage technologies has made locating and collecting relevant data more difficult. As such, data collection practitioners require more education and experience to properly manage some of the newer technical issues that have recently surfaced, such as collecting data from Microsoft® SharePoint® environments, and the myriad of security and accessibility issues surrounding the storage and collection of data from “the cloud” in web-accessible cloud computing environments.

Defensible Data Collection

“Data collection” is a broad term that may refer to the collecting of electronic information for any purpose, including collecting data in anticipation and preparation for a legal proceeding. Electronically stored information (ESI) can come in almost any format, such as emails, wave files, pictures, spreadsheets, databases and loose files, as well as information contained on social media sites. Electronic data can be stored on something as simple as a single hard drive in one computer, or as complicated as massive storage area networks (SANs) that comprise thousands of individual drives that are concurrently accessed by thousands of computers and users.

Before a collection occurs, a data collection plan should be created to ensure an orchestrated and comprehensive plan of attack. This tends to result in a smoother collection process than simply reacting ad-hoc to an incident. The data collection plan should identify potential data locations and key players (individuals that are likely to have or control relevant information), internal and external contact information, procedural guidelines and documented chain of custody expectations. Once a data collection plan is in place and key players are identified, custodians should be interviewed about computer use and data storage habits to help identify the location(s) of potentially relevant ESI.

One way to strengthen the defensibility of a given data collection methodology is to begin with an IT application inventory and data map, which is designed to provide a clear, easily understood reference point regarding the location of potential data sources. At a minimum, the data map should include:

• Name of the ESI, its description and aliases (if any)
• Name of the application or system used to create the record
• ESI location(s) on the organization’s systems or hosted by third parties (including any copies of the data stored for disaster recovery or redundancy)
• A record of past and present IT platforms including operating systems, applications and databases
• Backup procedures, retention and disposal policies as well as backup rotation schedules
• Contact information for a designated point-person for each ESI source including: 1) a business line expert that understands the data and its connection to the business, 2) an IT contact that supports the platform and 3) a user that understands how the application or system works

When creating the data map, it is important to remember to include data that may be stored outside the company through alternative storage means such as cloud computing, third-party application service providers and/or online/offline archive storage facilities. Once the data map is built, it must be continually updated and maintained to ensure that it remains an accurate picture of the organization’s technology environment.

Avoid Data Collection Pitfalls

As discussed above, the process of collecting data presents many challenges based on data volume, type, complexity and potential locations. It is important for those collecting data to understand and avoid common pitfalls, which can create significant legal and business continuity issues for corporate and outside counsel as well as IT. One common collection hazard may occur when a desk-side collection is performed. Risky desk-side collection practices include forwarding email to a central box for collection, or directing employees to print relevant documents. In addition, many software products are available for clients that wish to collect data themselves, but these products should not be used unsupervised or by untrained individuals. Do-it-yourself data collection practices create a high risk of omitting relevant documents, can potentially alter metadata, and therefore can increase the risk of spoliation claims.

Another damaging pitfall to avoid is failing to document and maintain proper chain of custody documentation. A proper chain of custody ensures the reliability of evidence and minimizes the risk that the evidence was changed, altered or modified from its original form. A chain of custody keeps a chronological record from the time data is gathered through the entire analysis process. The evidence is safeguarded and protected from theft, damage and other potentially deleterious change. Maintaining a proper chain of custody strengthens the defensibility of the collection process, mitigates the risk of sanctions arising from spoliation claims, and increases the likelihood that electronic evidence will be admitted at a hearing or trial sometime in the future.


The pitfalls mentioned above represent only a small sampling of the dangers that may arise when a data collection is not performed properly. As technology and storage options continue to evolve, data collection will likely grow more complicated and present a greater likelihood of error in this critical stage of the ediscovery process. Creating a solid data collection plan based upon an application inventory and data map will help ensure that the collection process is thorough, complete and defensible. One way to ensure your data collection is performed properly and defensibly is to consider enlisting the assistance of a data collection expert. Outside experts can be used for a number of purposes. Not only can they aid in the collection process, but they can also serve as Fed.R.Civ.P. 30(b)(6) deponents and/or trial witnesses. In fact, courts have frequently ordered the use of computer forensic experts in such circumstances. Establishing a relationship with a reputable expert sooner rather than later may help ensure that your data collection process proceeds more smoothly and efficiently, and also stands up to legal scrutiny if and when that occurs.

Special thanks to Jason Paroff, Esq., Senior Director of Computer Forensic Operations with the Electronic Evidence Services group at Kroll Ontrack. Mr. Paroff is a former New York prosecutor who has testified as an expert witness in both federal and state courts, and has examined numerous computers and computer systems for evidence of fraud, theft of trade secrets, harassment and other improper civil and/or criminal conduct

Social Media Data Collection Best Practices

In a vastly changing environment of social whims and woes, social media sites remain a dominating force in connecting the public, businesses and government entities to one another.

Social networking has become so common that hundreds of millions of users subscribe to and communicate using social media sites each day. Indeed, Facebook’s global audience has blossomed to more than 465 million users, with more than 125 million in the United States alone.1 The growing prevalence of social networking sites, especially in the corporate environment, presents unique challenges. Attorneys and IT experts must take steps to understand the best and worst practices in preserving, reviewing and producing electronic data from these sites in order to obtain evidence that may make the difference in an investigation.

Investigation Techniques

When capturing data from social media sites, investigators often use video cameras to record relevant information from a user’s Web page. In more advanced, technical circumstances, capturing software is the preferred method in recording a user’s Internet activities. This capturing software allows for easy navigation while recording images, conversations, posts, messages or videos. Although hard copies of the data are always acceptable, courts readily favor capturing software during the review process to save time and money.

Investigators are also at liberty to freely search and extract information from an open page. For instance, many Facebook users leave their profiles open so anyone searching for their name can access their profile content, including wall posts, comments and pictures. Twitter also makes an exorbitant amount of information available to the public, and courts often follow “tweets” back to the original conversation, allowing the introduction of such information as evidence if useful to the litigation at hand.

Even if profiles are set to “private,” investigators have access to a number of tools which can further data collection efforts. Despite privacy blocks, security settings can be rerouted to some extent through methods such as searching blog posts or other website content, or by using people search engines. One common Web-based tool that allows an investigator to access older information is the Wayback Machine. This website records data from the past and affords investigators the ability to sift through information showing them what certain websites once looked like. As a result, even though private information may be currently blocked or secure, investigators can still produce electronic evidence or other data that may have been “public” at one point in time.

In addition, sites like Twitter, BoardReader and Bing are developing more advanced search engines which will be able to quickly recall and locate information stored or communicated through social media sites. These new search engines can identify and characterize social media users, preserve older data communicated and produce electronic evidence with a few clicks of the mouse. For these reasons, investigators need to use search engines and other repositories to collect and review data in addition to using sites like Facebook and Twitter.

Avoid Investigation Hazards

It is important to note that not every piece of information on the Web is useable or defensible. Due to confidentiality, privacy and security concerns, most courts will not allow a person to falsely represent themselves as a “friend” to collect data. This is known as “friending someone under false pretenses.” If an individual accesses the private data of another under an alias, or if the person being “friended” is unaware of the individual’s true intentions, courts will not hesitate to disregard information obtained involuntarily or without a user’s actual knowledge.

Even if data from an individual’s social networking page is lawfully obtained through a judge’s order, other evidentiary issues present concerns for investigators. Although an attorney may have found the “smoking gun” evidence, information gleaned from social media sites holds profound hearsay concerns, both in respect to whether they are intended to be “used for the purposes of communication” and whether they are authentic. Attorneys who engage in simple copy-and-paste efforts or screen prints face significant hurdles when trying to get this information admitted into evidence. To combat these hurdles, experts are often used to extract, produce, review and testify on social media data. Experts can capture the evidence in a way that correctly identifies the questions of “who,” “what,” and “where” that juries or judges consider when observing electronic evidence. This identification will help address any authentication issues posed by this evidence.


Although the way we collect social media data is still evolving, one thing is certain: social media will continue to grow as an important data source to consider when conducting an investigation or engaging in litigation. Ultimately, attorneys and IT experts must ensure that steadfast preservation, review and production techniques are implemented. Because even the savviest of attorneys and IT experts may experience preservation or production issues when collecting social media information, be sure to consult with an expert to bolster the credibility and defensibility of the investigation.

Special thanks to Dave E. Canfield, E.J.D., Managing Consultant in Kroll Ontrack’s Electronically Stored Information (ESI) Consulting group. In his role, Mr. Canfield assists clients in the creation of discovery, data collection and case management strategies, and with the creation of systematic processes and documentation to support repeatable, efficient and reliable electronic discovery procedures. Mr. Canfield may be reached for questions at:

1, last accessed June 7, 2010.

Feature Article: Looking in From the Outside – Counsel’s Ediscovery Responsibilities

Over the past two years corporations have made significant changes in the way electronically stored information (ESI) is managed in the context of investigations and litigation.

Corporate litigants have strengthened litigation readiness and response protocol, exercising increased control over the beginning stages of the electronic discovery process. Those legal professionals charged with defending corporations’ actions are impacted by this shift in process and must understand what the “new era” of ediscovery operations means for their responsibilities.

ESI Readiness Strategy & Document Retention Policies
Litigation readiness requires policies, procedures and tools designed to identify and preserve potentially discoverable electronically stored information. Adequate litigation preparedness involves implementing an ESI discovery readiness strategy. According to Kroll Ontrack’s Third Annual ESI Trends survey1, only 46 percent of U.S. companies have incorporated this policy.

Despite the fact that almost half of corporations do not have an ESI readiness policy in place, 87 percent of U.S. companies reported having a document retention policy in place. The disparity between the existence of an ESI discovery readiness strategy and a document retention policy suggests a lack of knowledge between the concepts of document retention and discovery readiness, and perhaps a false sense of security that the existence of a document retention policy is comprehensive enough to protect an organization when it must respond to a legal inquiry.

As corporations continue taking control over ediscovery and information management policies, the communication gap that currently exists regarding these policies will continue to widen. Law firms and corporations are not always on the same page when it comes to understanding policies and enforcing them, which spells trouble for counsel. In order to be on the same page as their clients, outside counsel must engage in conversations regarding these policies, ensuring effective strategies are in place.

Litigation Hold Policies & Mechanisms
In addition to implementing an effective ESI readiness strategy and document retention policy, an important component of proactive corporate data management is having a successful litigation hold policy in place. More than 40 percent of U.S. companies report either not having a mechanism in place to suspend their document retention policy or not knowing if such a policy exists. Organizations have a legal obligation to preserve documents once litigation is anticipated, and if companies are not positioned to execute proper preservation protocol, the ESI discovery readiness policy cannot be effective.

Recent case law is replete with examples of courts imposing sanctions against parties and their counsel for failure to properly comply with preservation obligations. However, there is one example in which outside counsel escaped sanctions despite playing a role in the client’s shortcomings. In Pinstripe Inc v. Manpower Inc., the Northern District of Oklahoma sanctioned the defendants who failed to issue a litigation hold and preserve documents appropriately. Outside counsel drafted a litigation hold for the defendants and believed it was in effect. The court chose not to impose sanctions against outside counsel based on the record, which demonstrated that the law firm attempted to confirm that all responsive documents were produced. Despite the fact that outside counsel escaped sanctions in this case, law firms should be cognizant of their duties to monitor their clients’ compliance with proper discovery protocol. It is highly unlikely that every court would treat this situation similarly and choose to let counsel off the hook.

Defensibility arguments, including ESI readiness strategies and document retention protocols, are the responsibility of outside counsel when their corporate clients’ actions are examined under the court’s microscope. According to the survey, 49 percent of U.S. companies tend to agree that their ESI discovery policy is repeatable and defendable, while 28 percent strongly agree. These numbers suggest that the majority of company policies have not been tested and questions of defensibility remain.

Failing to adequately explain discovery shortcomings when defensibility is questioned may lead to the imposition of sanctions against outside counsel in addition to the corporate client. In a series of opinions, the Middle District of Florida, in Bray & Gillespie Management LLC v. Lexington Insurance Company, found the plaintiff corporation and its counsel jointly and severally liable for the defendants’ expenses and costs as a result of discovery failures.

The interplay between outside counsel and the corporate client was also highlighted by the Southern District of Indiana in 1100 West, LLC v. Red Spot Paint & Varnish Company. In response to the default judgment the plaintiff sought, the defendant argued it relied on its attorneys for discovery advice, and therefore, any error was the attorneys’ responsibility. The defendant’s attorneys also attempted to pass the blame by attributing discovery shortcomings to the defendant’s failure to provide accurate and complete information. Finding the case to be “replete with examples of violations of discovery rules,” the court found the attorneys and defendant responsible for the plaintiff’s attorneys’ fees and costs, in addition to granting the motion for default judgment sanctions. This case illustrates that the attorneys are responsible for knowing, understanding and monitoring their clients’ adherence to the requirements specified in the Federal Rules of Civil Procedure.

The practice of identifying, collecting, searching and reviewing electronic data is not taught in most law schools; as such, most lawyers have not received any formal education on this complex subject. Without understanding the intricacies of ediscovery and the related technology, it will be nearly impossible for attorneys to explain to their clients why investing in things such as an ESI readiness strategy and litigation holds are important, especially in tough economic times. As the relationships between corporate counsel and outside counsel continue to evolve, law firms can gain a competitive edge by understanding the ins and outs of this complicated area. This knowledge will allow law firms to take advantage of the various technological solutions in the marketplace to provide time and cost efficiencies for their clients, which will help ensure repeat business, strong reputations and defensibility in the courtroom.

1This report is based on an independent survey conducted by Research Plus on behalf of Kroll Ontrack. A total of 461 (231 U.S. and 230 U.K.) online interviews were conducted among IT and in- house counsel at commercial businesses. Survey questioning was completed between July and August 2009

Corporate Counsel and IT are Partnering to Reduce Cost, Mitigate Risk and Prepare for Litigation

The role of the corporate attorney has traditionally involved counseling principals across the organization in an effort to avoid or at least mitigate corporate risk.


Generally speaking, corporate lawyers have focused their attention on legal issues involving such areas as human resources, financial reporting, contracts, tax and regulatory compliance. However, in a rapidly evolving digital age, the corporate attorney has been forced to expand their role. Technological innovation has stretched corporate counsel’s sphere of responsibility to include creation and implementation of corporate litigation preparation strategies and policies. Those strategies and policies are imperative in order to quickly and efficiently respond to requests for electronically stored information (ESI), whether made in the context of a civil suit or regulatory investigation. Until recently, corporate attorneys have routinely—almost reflexively—deferred to Information Technology (IT) professionals on issues involving electronic data. In fact up until a few years ago, legal’s interaction with IT was mostly limited to requests for help-desk assistance. This is no longer the case.

Corporate attorneys are now teaming with IT to tackle such topics as data archiving, accessibility and collection. The disastrous economic conditions of the past two years have forced corporations to slash discretionary spending including expenses relative to information management and responding to litigation. In this new environment, corporations are creating and implementing policies to routinely purge needless data and safeguard information that is necessary for business continuity and legal purposes. They are also investing in infrastructure and new technology to optimize management of ESI, including that which is potentially responsive to litigation. Such actions are a necessary response to forces beyond the boardroom, where, for example, judges are becoming decreasingly tolerant of corporations that fail to preserve electronic evidence when a claim should have been anticipated or even after receiving a notice of preservation.

With heightening economic pressures and judicial expectations as a backdrop, corporate attorneys and IT professionals have risen to meet the challenge, locked arms and forged ahead in an effort to reduce expenses while still effectively minimizing risk. Working together, legal and IT have created internal policies to reduce and organize volumes of stored corporate data as well as prepare for and respond to litigation and investigatory inquires. There is no question that the partnership between IT and legal is yielding beneficial results. However, there continues to be numerous instances where the courts have concluded that corporate planning and response efforts have fallen short.

Recent Case Law: Failure to Preserve

The case law is peppered with examples of legal and IT departments that did not effectively work together and consequently incurred sanctions for failing to properly safeguard potentially responsive ESI. In the July 2009 case of KCH Services., Inc. v. Vanaire, Inc., Judge Jennifer Coffman, of the United States District Court in the Western District of Kentucky, granted the plaintiff manufacturer’s motion for adverse inference sanctions, holding that the defendant’s failure to preserve ESI after the receipt of a preservation letter evinced a “continued unwillingness to place a meaningful litigation hold” on potentially responsive data. In the same month and about 800 miles to the west, Magistrate Judge Paul Cleary of the Northern District of Oklahoma ordered that the defendant staffing company in the case of Pinstripe v. Manpower fund a program on litigation holds for the Tulsa County Bar Association after it failed to implement a litigation hold that had been drafted by outside counsel retained for that very purpose.

In a recent Delaware patent-infringement suit, Micron Technology, Inc. v. Rambus, Inc., a defendant microchip technology manufacturer authorized “shred days” where relevant documents were destroyed after litigation was deemed “inevitable” and “reasonably foreseeable.” The court found the defendant’s destruction of documents to have been in bad faith and imposed the sanction of declaring the patents unenforceable against the plaintiff. In another recent patent-infringement case in Utah, Phillip M. Adams & Assocs., LLC v. Dell, Inc., a software manufacturer argued that email servers were not designed for archival purposes and encouraged employees to locally preserve emails of long-term value (as determined by each individual employee). The court held that the defendant’s “irresponsible data retention practices [were] responsible for the loss of significant data,” but delayed the decision of whether sanctions were warranted until after discovery closed.


The corporate union of legal and IT is still novel and rather immature. Calamitous economic conditions, advancements in technology and heightened judicial expectations have forced legal and IT to create and implement solutions that economize and minimize the risks associated with data management and litigation. Together, legal and IT have risen to the challenge and are creating and implementing processes that increase the efficiency of corporate ESI management protocol, litigation preparedness and responses to legal requests. Recent case law reveals that there are still instances when corporations fall miserably short in preparing for or responding to requests for ESI. However, the merging of these formerly-disparate professions is promoting economy, efficiency and better outcomes for corporations that must respond to legal and regulatory requests for ESI.