These are the words of a Canadian Senator
, in relation to his advice to a fellow Senator, whose expenses were being audited. Is it OK to "clean up" your calendar, or your email, or your Facebook page, prior to an investigation? Does it make any difference if there is civil litigation pending or likely?
The auditors received a copy of the Senator's calendar from the Senator, which they describe as a "non-forensic" copy. They then compared it with a copy from the server, and surprise! There were approximately 500 deletions. The deletions on the produced copy were explained as having been made because of the "clean up" advice, to remove entries irrelevant to the audit, and to protect third party privacy.
My purpose here is not to comment on the political issues of this affair, but those that may be instructive for the purposes of e-discovery.
- If you are going to ask the target of an audit for a copy of anything, you should specify the precise manner in which the data is expected to be preserved, collected, prepared and presented.
- If you are the target of an audit, and not given instructions about the ESI, then ask for direction
- If you obtain legal advice that it is permissible for you to protect third party data, confidential, trade secret, cabinet confidences or other private or privileged information, do so in a transparent, auditable way, such as marked-up redaction
- If you are legally permitted to produce only a portion of a calendar, the better approach is to export only those entries that are relevant, rather than delete or edit records before the export. Individual entries containing irrelevant or third-party personal information can then be redacted.
- In civil litigation, it is even more important to preserve the integrity of a PST file, even if you don't believe it is relevant in its entirety.
- If you are a lawyer advising your client in an investigation or litigation, make sure you are very clear on the necessity to preserve ESI, and the proper ways to sever irrelevant and otherwise non-producible information.
- Last month, a lawyer in Virginia advised his Plaintiff client to "clean up" his Facebook page to thwart discovery efforts of his opponents. The client deleted 16 prejudicial photos. The lawyer was suspended for five years, and he and his client were ordered to pay the defendants $722,000 in costs.
It will be interesting to see what happens as this Canadian political audit and now police investigation unfold. In the end, lawyers advising their clients should consider at least three things:
- Advise your client that, if they are in litigation or under investigation, they must resist the urge to delete or modify personal, prejudicial or incriminating material
- Advise your client that it is possible (and commonplace) to produce only relevant data from an email or calendar file in a way that preserves the entirety of the file
- If possible come to an agreement with opposing counsel or investigating authorities about the precise manner in which ESI will be preserved, collected, protected and produced.
A senior manager is fired and sues his employer for wrongful dismissal. He believes there are e-mails in the possession of his employer that clearly show improper conduct. For him, the issue is not litigation preparedness, nor is it how to collect and review millions of e-mails. His concern is extracting out of the employer those key e-mails that will help him prove his case. In the event that he still possesses some of his own e-mails, for example on a laptop, his practical problem is how to extract and review his own e-mails in a cost-effective manner. For many years now, the global electronic discovery industry has focused on the biggest cases and the biggest law firms involving millions of dollars of costs. Little effort has been made to assess what is truly needed and proportional for the vast majority of cases where access to the electronic documents actually makes things more efficient for parties.
June 13-June 15, 2012 - the prestigious 2012 Access and Privacy Conference in Edmonton, Alberta. For more information and to register online, visit http://accessandprivacy.uaextension.ca/
From the summary of my presentation: "In this dynamic and entertaining session, I will explain how the legal concept of admissibility is used to ensure the trustworthiness of electronic business records and how Canadian and international standards are applied to test the credibility of electronic records management systems. The implications go far beyond the four walls of the courtroom."
- Handing over your data to a cloud service provider is like giving your gold bars - and your client's gold bars - to the bank - but banks are regulated, cloud service providers are not. When banks are not regulated, we know what happens. You need assurance, that can only come from due diligence, adherence to standards, contractual obligations, track record and a back-up, back-out roadmap.
- Chaos in the cloud - uploading your unstructured, decentralized, poorly catalogued and over-retained data to the cloud does not solve anything
- Cost savings are there if volume of data is kept reasonable- that's why retention and ERMS are key to a successful migration
- Cloud apps must be litigation ready and at the same time comply with legal retention and audit trail requirements
- Good contract as well as policies and procedures, regular audits must be in place if outsourced cloud re ownership (custodianship and control), privacy, security, backup and back out, as well as geography and cross border issues
- Need a good checklist for cloud contracting!! E.g., to list just a few:
- Security (access control etc. - the whole gamut e.g. standards compliance!! ISO 27002)
- Management tools
- Monitoring tools
- Service level agreement
- Disaster recovery/business continuity
- For many companies including law firms, it isn't just how to protect your own corporate info, it is how to protect and handle your client or customer info. This is where privacy concerns and privilege considerations are superadded, and possibly more onerous. (Also - is the government your client? Additional rules may apply re classification of data and data transfer.)
- The cloud also introduces security issues in respect of remote wired and wireless connections (from home, and mobile) and how end users handle access outside of the traditional VPN WAN architecture.
- With iPads and smartphone devices proliferating, and many thousands of available apps, the whole world of mobile cloud is creating security and acceptable use policy wholesale reconsideration.
Lawyers can witness evolution as electronic evidence pushes paper right out of the courtroom. But that doesn’t make the necessary transformation any easier.
The following story was posted recently in a litigation support group by an experienced litigation support specialist who was hired to do scanning of closed files at a busy litigation law firm. He was responding to a conversation thread about the importance and meaning of job titles in the litigation support industry. I found his insight and descriptive language fascinating and felt it needed to be shared as broadly as possible. For someone like me, who has consulted with law firms and run a scanning shop, it rings very true. If you are a lawyer, litigation law clerk, litigation support staff or scanner operator for a vendor, you need to read this.
The source of the enormous leak of 250,000 US diplomatic cables as described in the Guardian November 28th:
“It was childishly easy, according to the published chatlog of a conversation Manning [former US intelligence analyst, now facing court martial] had with a fellow-hacker. “I would come in with music on a CD-RW labelled with something like ‘Lady Gaga’ … erase the music … then write a compressed split file. No one suspected a thing … [I] listened and lip-synched to Lady Gaga’s Telephone while exfiltrating possibly the largest data spillage in American history.” He said that he “had unprecedented access to classified networks 14 hours a day 7 days a week for 8+ months”.”
“Your Honour, the letter I’m referring to is in volume 4, Tab 3. [Pause.] Sorry, the pages aren’t numbered. [Waiting.] It’s about ten or twelve pages in. [Pause.] Sorry, I meant Volume 3, Tab 4. About half-way in. [Waiting.] Are you with me?” [Pause.]
[Two hours later:] “Your Honour, I believe counsel are agreed that we will need at least another day for argument. Thank you.”
Observation: Justice dragged to a halt by tab hunters is not justice.
For some time I’ve been considering an issue that seems to be essential in the the litigation hold process and preservation of ESI. The issue is that when a party reasonably anticipates the possibility of litigation they are under a positive duty to preserve potentially relevant ESI. But what exactly does “preservation” mean?
Darryl has never driven a car and has never been to Halifax in his life. He finds himself at the airport and needs to get downtown. He wonders whether he should a. Rent a minivan, b. Rent a sedan or c. Rent a convertible. (Darryl is a lawyer, and the client is paying for his travel expenses.)
Darryl decides to call a consultant. He asks the consultant which type of vehicle is best to rent. Since Darryl is alone and it’s raining, the inexperienced consultant recommends the sedan.
Darry convinces the clerk to let him rent the car by claiming he left his licence at home. But once in the driver’s seat Darryl realizes he is hopelessly incapable of starring the car, let alone driving it all the way downtown.
I happened to be at the airport and saw the whole thing unfold. I offered Darryl a lift in my rental car (which he accepted gratefully) and on the way downtown I politely said, “Next time take a limo!”