E-Discovery Law Insights

E-Discovery Law Insights

Legal Insights Regarding E-discovery and Information Governance Developments

DOJ and FTC State that Antitrust is Not a Roadblock to Cybersecurity Information Sharing

Posted in Cybersecurity / Data Security, Government Agencies
Evan D. WolffDavid LaingElizabeth Blumenfeld

The Department of Justice and the Federal Trade Commission on April 10 issued Antitrust Policy Statement on Sharing of Cybersecurity Information, a joint policy statement that provides critical infrastructure industries the clarity they need to share cybersecurity information among themselves to combat cyber threats without violating the antitrust laws those agencies enforce. The agencies note that “properly designed cyber threat information sharing is not likely to raise antitrust concerns and can help secure the nation’s networks of information and resources.” The benefits of sharing this highly technical information are significant: sharing increases the security, availability, integrity, and efficiency of information systems, which in turn, leads to a more secure and productive nation. The agencies make clear that they “do not believe that antitrust is—or should be—a roadblock to legitimate cybersecurity information sharing.” This policy statement is meant to provide more certainty to the concerns private companies have raised as the threats to our nation’s infrastructure and information systems increase in number and sophistication. Continue Reading

FTC Data Security Authority Remains Murky Despite Wyndham

Posted in Cybersecurity / Data Security, Government Agencies, Privacy, Rules
Elliot Golding

In the latest and most important federal court decision on data security enforcement, District of New Jersey Judge Esther Salas broadly upheld the Federal Trade Commission’s authority to police data security under the “unfairness” prong of Federal Trade Commission Act Section 5.  The decision, which rejected Wyndham Worldwide’s claims that the FTC lacked such authority, comes at a time when the FTC has received increasing criticism that  its continued reliance on case-by-case adjudication (rather than rulemaking) to apprise companies of their data security responsibilities provides insufficient guidance regarding which data security standards apply.  Indeed, the FTC’s increased enforcement trend coincides with efforts by the National Institute for Standards and Technology to establish more consistent voluntary standards regarding data security through its release of the cybersecurity framework as well as requests from the FTC to Congress for even more authority to police data breaches. Continue Reading

Cyber Spies Stealing Corporate Secrets & Technology

Posted in Cybersecurity / Data Security, Government Agencies
David BodenheimerGordon Griffin

With cyber heists plundering $1 trillion in global intellectual property (per President Obama) and driving “the greatest transfer of wealth in human history” (per NSA Director Alexander), corporations face bet-the-company threats when cyber attacks and data breaches empty their intellectual property vaults, torpedo their mergers and business deals, and crush their stock prices. In our recent article, “Pillaging the Digital Treasure Troves: The Technology, Economics, and Law of Cyber Espionage,” published in the ABA’s The SciTech Lawyer (Winter 2014), we explore the methods employed by cyber spies to steal corporate IP and trade secrets, discuss the economic impact of cyber theft at the individual corporate level (i.e., the business case for cybersecurity), and the looming litigation, regulatory, and enforcement risks to corporations suffering technology and IP losses as a result of cyber thefts.

Simplifying Privilege Logs: New York’s Commercial Division Proposes Categorical Privilege Logs

Posted in Cooperation/Meet & Confer, Privilege/Rule 502, Rules
Jared Levine

The New York Supreme Court’s Commercial Division has proposed sweeping changes to privilege logs that could bring simplicity and efficiency to what has long been viewed as a tedious, frustrating, and needlessly costly practice. The proposal, published for comment on April 3, 2014, would require litigants in the Commercial Division to “agree, where possible, to employ a categorical approach to privilege designations” rather than a “document-by-document log.” Under the current requirements, New York’s Civil Practice Law and Rules mandates that a party withholding documents on the basis of privilege produce a privilege log which: “(i) contains a separate entry for each document being withheld; (ii) provides ‘pedigree’ information for each such document; and (iii) sets forth the specific privileges or immunities that insulate the document from production.” As anyone involved in electronic discovery in complex litigation matters knows, this can translate to a large team of attorneys devoting hundreds of hours to recording detailed information about tens of thousands of documents, one document at a time. As recognized in the Commercial Division proposal, “the segregation, review, redaction, and document by-document logging of privileged communications is both time-consuming and costly,” and this cost is rarely justified by the “potential benefits a privilege challenge may have on the outcome of the litigation.” Continue Reading

Wyndham Decision Upholds FTC Authority to Regulate Data Security

Posted in Cybersecurity / Data Security, Government Agencies
Jeffrey L. PostonEvan D. WolffRobin B. CampbellGordon Griffin

In a much-anticipated decision, the U.S. District Court for the District of New Jersey upheld the FTC’s authority to regulate data security practices by denying Wyndham Worldwide Corporation’s motion to dismiss challenging the FTC’s authority to pursue unfair and deceptive trade practices claims arising from a cyber breach. The complaint against Wyndham asserts that Wyndham’s data security policies constituted unfair and/or deceptive trade practices, prohibited by Section 5(a) of the FTC Act, codified here. This is only the second challenge to the FTC’s data security regulatory authority under Section 5 in federal court. In the first, FTC v. Accusearch, the 10th Circuit supported the FTC’s authority under Section 5 of the FTC Act. Continue Reading

California State Bar Offers Guidance on Attorney’s Ethical Duties in Handling E-Discovery

Posted in Accessibility, Cloud Computing, Cooperation/Meet & Confer, Ethics, Preservation, Privilege/Rule 502, Proportionality, Rules, Sanctions, Social Media, Spoliation, Technology Assisted Review
Emily T. KuwaharaDavid D. Cross

The State Bar of California may soon deem an otherwise highly skilled attorney to be “incompetent” in the practice of law if he or she does not know the basic steps to take with respect to electronic discovery and does nothing to fill that gap in knowledge. On February 28, 2014, California’s State Bar Standing Committee on Professional Responsibility and Conduct tentatively approved a Proposed Formal Interim Opinion for a 90-day public comment distribution, which analyzes a hypothetical fact pattern of an attorney who makes egregious mistakes in e-discovery. Continue Reading

EU Court of Justice Issues New Ruling on Website-Blocking Orders

Posted in Transnational Discovery
Thomas De MeeseJan Janssen

On March 27, 2014, the EU Court of Justice (CJEU) ruled in the UPC Telekabel Wien-case that national courts may impose website blocking orders to internet access providers (IAPs) requiring them to prevent their subscribers from accessing a website containing copyright infringing material, without specifying the concrete blocking measures to be taken. The Court also emphasized that the measures taken by the IAPs must strike a fair balance between all fundamental rights involved. The IAPs may find themselves in the unenviable position of having to determine the adequacy and proportionality of the blocking measures to be taken. This risks leading to additional litigation regarding the measures taken to implement website blocking orders. Continue Reading

Bloomberg Terminal: How Financial Services Firms Need to Adapt to Regulators’ Favorite New Source of Electronic Evidence

Posted in Criminal Law, Government Agencies, Information Management, Social Media
Crowell & Moring

Emails often provide key evidence in conspiracy-related investigations and subsequent litigation. More recently, social media and text messages have provided additional evidence for such matters. In response, most companies have enacted policies to educate their employees about using these communication mediums. However, recent antitrust investigations and federal lawsuits in the financial services industry are utilizing electronic communications made via Bloomberg Terminal as key evidence. The reported Bloomberg chat evidence in these cases makes clear that companies should reassess whether their internal compliance policies and training need to be updated to mitigate the risk that Bloomberg Terminal evidence – and not just emails and social media content – could create legal liability for the company. Continue Reading

Controlling Litigation Expense and Exposure Through Appropriate Self-Help

Posted in Cloud Computing, Cooperation/Meet & Confer, Information Management, Social Media, Technology Assisted Review
David D. Cross

I recently published an article for InsideCounsel addressing ways companies can reduce risk and costs in litigation. I advocate appropriate self-help.

Unfortunately, the courts, regulators, and legislators have not fully kept up with the extraordinary pace of technological developments, the proliferation of ESI, and the growing use of social media, cloud computing, and other ESI-related measures that can drive up costs and increase risk in litigation. As I note in the article, companies primarily used to fear the single “smoking gun” document that might turn up in discovery. Now, the sheer volume of documents collected, reviewed, and produced in discovery can impose crippling costs and burden on even the largest companies, even in meritless cases – and of course, the more documents created and produced, the greater the risk that a “smoking gun” document turns up in discovery.

There are a variety of steps companies can take to reduce litigation expense and exposure. This includes dramatically reducing the volume of ESI maintained by the company, adopting litigation readiness plans that identify sources of ESI within the company and that assign responsibility for specific discovery-related tasks, and using available technological tools, such as technology-assisted review (or predictive coding). You can read the brief article here.

Protecting Confidential Information: Taking Appropriate Steps to Avoid Sanctions

Posted in Cooperation/Meet & Confer, Ethics, Information Management, Sanctions
David D. CrossJared Levine

A colleague and I recently published an article in BNA’s Digital Discovery & e-Evidence® discussing the recent sanctions against Quinn Emanuel Urquhart & Sullivan LLP, in Apple, Inc. v. Samsung Electronics Co. Ltd, et. al., 5:11-cv-01846 (N.D. Cal. Jan. 29, 2014). Our article, “Protecting Confidential Information: Lessons from the Apple v. Samsung Firestorm,” tells a cautionary tale, in which a court found that one law firm’s failure to implement certain quality control measures transformed a single associate’s omitted redaction into grounds for costly motion practice and sanctions against both the law firm and its client.

As Quinn Emanuel and Samsung learned the hard way, serious consequences await those who are found to have mishandled confidential information received from other parties in the course of litigation. Avoiding these consequences begins with implementing appropriate quality control measures, including multi-tiered reviews of highly sensitive documents. But it also requires vigilance by in-house counsel, who circulate potentially confidential information internally at their own peril. Continue reading here.