Thursday, December 6, 2012

Christmas Tree 2012

Thanksgiving 2012

10 Things To Consider When Bringing #eDiscovery In-House

10 things to consider when bringing e-discovery in-house

An estimated three-year cost model that includes some less-than-obvious expenses

This is the second in a series of three articles intended to assist with cost factors and return on investment (ROI) for e-discovery. Read the first installment here. The third article will deal with the metrics and cost of review.
E-discovery can be daunting and costly. We look to reduce review costs with predictive coding and advanced analytics and we look to reduce technology costs for processing, hosting and storage. Bringing e-discovery in-house is the right move for some but may not be for others. Sometimes, a hybrid solution works best. Since some acquisition costs are not very obvious, here is a model to help you make your decisions:
 1. What’s the current cost?
What do you currently spend on e-discovery technology and what are you looking to save? Look at historical spending from past vendor and law firm invoices. For the latter you may need to tease the technology costs from the legal costs. Compare these with your projected caseload going forward to determine your average annual spend.
 2. What are the priorities? 
Do you want to cover the whole Electric Discovery Reference Model (EDRM) or just litigation hold, preservation and collection? Most organizations start “left” in the EDRM and move right as budget, experience and caseload increase. Do you plan to implement review capability in-house, say, for HR cases and to outsource the rest? Before you start putting out requests for proposals (RFP) and looking at vendors and software, make strategic decisions on what you want to build, how the pieces fit together and how you want to grow e-discovery in-house.
3. Is there a strategic plan for IT?
Forget for a minute that you need support from the procurement or finance departments. Is there an IT plan with components you can use? Is there movement toward single-instance email archiving, document management or enterprise search? You might find savings by combining effort.
4. Who are your users? 
If your large department has, say, divisions for commercial, IP and HR litigation, are you planning for each, or are they operating independently? Do you expect to have outside counsel log into your systems? Whose buy-in do you need, and if you don’t get it, will it affect your ROI? If you are in a smaller enterprise, do you have the will to embrace an in-house system? Answering these questions help to determine the size of the e-discovery enterprise you will build.
5. Who creates and defends the process? 
Too often, businesses answer this question too late. E-discovery is as much about lawyering as it is technology. If you are going to preserve, collect, store, process, cull, review or produce, counsel must explain and document how the organization will meet e-discovery legal obligations. Someone must be trained and available to testify. Paralegals, vendor and support staff can help design and optimize a workflow, but counsel must be accountable for the discovery response, both institutionally and for each case.

Risk Management And Quality Control Of #eDiscovery Vendors

Risk Management And Quality Control Of E-Discovery Vendors

Wednesday, November 28, 2012 - 10:03
To avoid the risk of adverse rulings in litigation, compromising a client’s position or even unnecessary costs, attorneys should be fully engaged with their e-discovery vendors and learn what questions to ask and pitfalls to avoid. This begins when the vendor is initially retained. Inquire about how the vendor handles conflicts of interest. Determine whether the work or any portion of the work will be outsourced by the vendor to a third party, and if so, demand to be notified in advance to make certain that security and confidentiality remain intact. Provide detailed RFIs asking in-depth questions, including how the vendor will process data and ensure quality control. Inquire into what tools the vendor will use, and whether such tools are compatible with the attorney’s technology. In PSEG Power N.Y., Inc. v. Alberici Constructors, Inc., No. 1:05-cv-657, 2007 U.S. Dist. LEXIS 66767, at *6-7, 36 (N.D.N.Y. Sept. 7, 2007), the plaintiff’s vendor created an “email attachment fiasco” when many emails produced were no longer linked, or “married,” to their respective attachments. After “[v]arious potential solutions” were grappled with, the court ordered reproduction at plaintiff’s cost, which could reach an estimated $206,000. Id. The “technical glitch” was allegedly caused by an incompatibility between plaintiff’s and vendor’s software when documents were placed into a reviewable and searchable format. Id., at *6.
Regarding the vendor’s storage of data, if possible, physically inspect the location where data is processed and hosted to determine whether it is truly secure (e.g., security at entry points, walls preventing wireless remote entry). Particularly if you are using a new vendor, request information about the vendor’s hiring processes and whether background checks are performed. The vendor may become a witness, so it is important to run a search, check references and inquire about witness availability. Ask the vendor about employee certifications and licenses.  See whether the vendor contracts out staff; those employees may end up working for the other side’s vendor and may inadvertently disclose confidential information to your opponent. Determine also whether the vendor is an 8-5 shop, or available 24/7. Further, ask about disaster recovery plans. Identify what will happen if the vendor is sold or closes its doors (e.g., how data will be returned). 
Once the vendor is retained, be sure to enter into the necessary agreements, including confidentiality agreements. Require that the vendor notify you of any changes in the agreed-upon procedures. 
On an ongoing basis, the attorney and vendor should confirm that the product and services match or exceed what was promised in the RFI. In addition, because the vendor could be called as a witness, the attorney should ensure that the vendor is taking defensible steps in collecting, processing and producing data. To avoid adverse consequences, the attorney should also understand the effect of certain actions taken during the review and production stages of discovery. To illustrate, inThorncreek Apartments III, LLC v. Village of Park Forest, Nos. 08-c-1225, 08-c-0869, 08-c-4303, 2011 U.S. Dist. LEXIS 88281, at *22 (N.D. Ill. Aug. 9, 2011), the defendant mistakenly believed that documents marked as “privileged” during its review of documents in the vendor database would be automatically withheld from the production database made available to the opposing party, which they were not. The court held that privilege was waived. Id.
Privilege may also be waived if vendors are not reasonably supervised. In Ceglia v. Zuckerberg, No. 10–cv–00569A, 2012 U.S. Dist. LEXIS 55367, at *21-26 (W.D.N.Y. Apr. 19, 2012), aff'd, 2012 U.S. Dist. LEXIS 115185 (W.D.N.Y. Aug. 15, 2012), plaintiff’s attorney permitted the vendor to retrieve and produce documents to opposing counsel.  Plaintiff’s attorney did not, however, review the documents before production. Critical documents were produced. The court held that plaintiff waived privilege to the documents where he failed, inter alia, to take reasonable steps to oversee the vendor’s activities. Id.
After a matter is concluded, make sure data is removed from the vendor, including all existing electronic copies.
The consequences are steep for failing to be fully engaged with e-discovery vendors. In J-M Mfg. Co., Inc. v. McDermott Will & Emery, No. BC 462 832 (Cal. App. Dep’t Super. Ct. L.A. Cnty. filed June 2, 2011), the defendant faced a legal malpractice suit when it allegedly did not carefully review the work of contract attorneys at an e-discovery vendor, resulting in the production of almost 4,000 privileged documents to the federal government in a whistleblower suit.
To summarize, in order to minimize exposure and risk, the attorney should ask a significant number of questions and actively participate in the e-discovery process.
John G. Schmidt Jr. and Jennifer A. Beckage are attorneys with Phillips Lytle LLP. Mr. Schmidt is the Co-Team Leader of the firm’s Business & Commercial Litigation Practice. He can be reached at (716) 847-7095. Ms. Beckage can be reached at (716) 847-7093.

Northern District of California’s New #eDiscovery Guidelines

Northern District of California’s New eDiscovery Guidelines

The Northern District of California should be commended for its new eDiscovery Guidelines, Check List and Model Order.
It is a very good first step to raising eDiscovery competency and awareness for attorneys in Silicon Valley. The complete guidelines can be downloaded from Northern District website, which states attorneys should “consult [the Guidelines, Checklist and Model Stipulated Order] at the beginning of a case.”
I stress the Guidelines, Check List and Model Order are excellent starting points (and should be taken seriously as a standing order). However, I encourage attorneys to continue to educate themselves on eDiscovery, whether it is from blogs, podcasts, CLE’s, books or eDiscovery courses. Technology to preserve, identify and search ESI is always improving and attorneys should be familiar with the technology at their fingertips.
The past year included many Case Management Orders that stated metadata would not be produced without good cause. Given that there are different kinds of metadata, such as substantive, embedded and system, such a blanket prohibition is dangerous, because it can easily result in degrading the searchable features of otherwise searchable ESI.
I was pleased when I read the following in the Northern District’s Model Order on production formats, avoiding the “metadata good cause” quagmire:
The parties agree to produce documents in ☐ PDF, ☐TIFF, ☐native and/or ☐paper or a combination thereof (check all that apply)] file formats. If particular documents warrant a different format, the parties will cooperate to arrange for the mutually acceptable production of such documents. The parties agree not to degrade the searchability of documents as part of the document production process.
Moreover, the Check List addressed quality control issues in search and production with the following for parties to include in their project management:  The quality control method(s) the producing party will use to evaluate whether a production is missing relevant ESI or contains substantial amounts of irrelevant ESI.
The Northern District paid serious attention to proportionality in the preservation of electronically stored information. The Model Order states the following:
The parties have discussed their preservation obligations and needs and agree that preservation of potentially relevant ESI will be reasonable and proportionate. To reduce the costs and burdens of preservation and to ensure proper ESI is preserved, the parties agree that:
a)   Only ESI created or received between ________ and ________ will be preserved;
b)   The parties have exchanged a list of the types of ESI they believe should be preserved and the custodians, or general job titles or descriptions of custodians, for whom they believe ESI should be preserved, e.g., “HR head,” “scientist,” and “marketing manager.” The parties shall add or remove custodians as reasonably necessary;
c)   The parties have agreed/will agree on the number of custodians per party for whom ESI will be preserved;
d)   These data sources are not reasonably accessible because of undue burden or cost pursuant to Fed. R. Civ. P. 26(b)(2)(B) and ESI from these sources will be preserved but not searched, reviewed, or produced:  [e.g., backup media of [named] system, systems no longer in use that cannot be accessed];
e)   Among the sources of data the parties agree are not reasonably accessible, the parties agree not to preserve the following: [e.g., backup media created before ________, digital voicemail, instant messaging, automatically saved versions of documents];
f)   In addition to the agreements above, the parties agree data from these sources (a) could contain relevant information but (b) under the proportionality factors, should not be preserved: ___________________________________________________.
The Northern District focused heavily on proportionality, cooperation, the meet and confer process, and in my opinion, raise awareness and ultimately attorney competency in eDiscovery. It is a very good start.

Is #PredictiveCoding a Cure for Out-of-Control Discovery Costs?

Is Predictive Coding a Cure?

Is Predictive Coding a Cure for Out-of-Control Discovery Costs?
The prevalence of electronic documents, including emails,
has made business and personal communications less
expensive and more efficient. But where litigation is
concerned, quite the opposite is true. In an earlier era, a big
litigation case might have involved a few dozen boxes of
paper documents and a small group of associates to eyeball
each document; now, large teams of contract lawyers are
pulled together to cull through terabytes of electronic data.
Consequently, the time and costs involved in discovery have
skyrocketed, sometimes completely overwhelming the
normal cost-benefit analysis in litigation.
Is there a technological solution? Maybe a partial one, in
certain circumstances.

DOJ and SEC Issue FCPA Guidance

DOJ and SEC Issue FCPA Guidance - (Marc Rosenberg)


DOJ and SEC Issue FCPA Guidance

Posted by Marc Rosenberg, Cravath Swaine & Moore LLP, on Wednesday November 28, 2012 at 9:13 am
  • Print
  • email
  • Twitter
Editor’s Note: Marc S. Rosenberg is a partner and co‑chair of the Corporate Governance and Board Advisory practice at Cravath, Swaine & Moore LLP. This post is based on a Cravath memorandum.
Last week, the Criminal Division of the Department of Justice and the Enforcement Division of the Securities and Exchange Commission released their long-awaited guidance on the application and enforcement of the U.S. Foreign Corrupt Practices Act. The release—a 120-page “Resource Guide”—confirms that FCPA enforcement remains a central priority of the U.S. government while simultaneously and most importantly identifying the circumstances when the government may decline to pursue an enforcement action. It is available at
Compliance Program Guidance
While much of the guidance reaffirms statutory interpretations that practitioners have gathered from published government settlements and opinion releases, it also provides a useful tool for companies seeking to develop FCPA compliance programs that will minimize the risk of enforcement action or severe penalties in the event those systems fail to prevent a violation. Having such a compliance program in place is particularly important given the SEC’s announcement last week that it received more than 3,000 whistleblower complaints in the first year of the new whistleblower program implemented under the Dodd-Frank Act.
The Guide identifies the hallmarks of strong compliance programs generally and addresses the elements of effective FCPA controls, reiterating that there is no “one-size-fits-all” program; an effective FCPA compliance program addresses corruption risks specific to the organization and includes meaningful unique controls to mitigate those risks. Some possible risk-based compliance controls that the Guide suggests are:
  • devoting greater resources to review of large contracts in high-risk regions than to modest entertainment and gift giving;
  • web-based approval processes for gifts, travel and entertainment that give senior management or in-house counsel an opportunity to review requests;
  • fact-specific, flexible due diligence commensurate with the size and risk of the transaction at issue;
  • a mix of training opportunities and materials, including materials translated into local languages and customized for particular functions; and
  • publicizing disciplinary action within the company to demonstrate the consequences of misconduct, and openly rewarding contributions to the company’s compliance program.
The Guide demonstrates the government’s expectation that an FCPA compliance program be tailored to the company’s specific business and evolve as the business and markets in which it operates change—a comprehensive, risk-based and constantly evolving approach that is regularly reviewed and tested.
Relief from Enforcement or Sanctions
There are no guarantees that adopting an effective FCPA program will insulate an organization from enforcement action; however, the Guide makes clear the government’s commitment to providing favorable treatment to organizations that self-report, cooperate and remediate when FCPA issues arise. The Guide credits voluntary and timely disclosure of violations, recognition of the seriousness of misconduct and efforts to improve an existing compliance program and discipline wrongdoers. To illustrate this approach, the Guide lists six examples of recently declined enforcement actions. In all six, the targeted company voluntarily disclosed a violation, disciplined the responsible employees and undertook a review of its compliance procedures. Likewise, the Guide offers an example of a company that received reduced sanctions because it self-reported, conducted a thorough internal investigation, cooperated with the government and remediated.
In light of the specific FCPA program guidance, the potential benefits to be derived from a risk-based approach to FCPA compliance and the continued increased focus of the government on FCPA violations, companies will be well-served to evaluate their FCPA controls and testing procedures to ensure they conform to best practices.
Clarification of Statutory Elements
In addition to providing helpful guidance on implementing a risk-based compliance program as described above, the Guide offers useful commentary on how the government interprets the statute itself.
What does “anything of value” mean?
The FCPA prohibits the corrupt offer, promise or payment of “anything of value” to a foreign official. The Guide notes that there is no minimum threshold amount for corrupt payments or gifts. At the same time, the Guide acknowledges that the FCPA permits reasonable gifts, travel and entertainment when there is a bona fide business purpose, and does not prohibit small gifts or tokens of esteem or gratitude. For instance, the Guide notes that if foreign officials are traveling to inspect a company’s facilities for a legitimate business purpose, the company may, in appropriate circumstances, pay for business class airfare, moderately priced dinners and modest entertainment.
Who is a “foreign official”?
The Guide confirms the long-held government view that any employee of a foreign-government instrumentality—including state-owned or controlled entities—is a foreign official. This includes executives, middle-management and even entry-level employees. Whether any particular entity is sufficiently state-owned or controlled to qualify as a foreign “instrumentality”, however, depends on a fact-specific consideration of the entity’s ownership, control, status and function. The Guide explains that if a foreign government owns or controls only a minority stake in an entity, then the DOJ and SEC are “unlikely” to consider that entity to be a foreign-government instrumentality, absent a special mechanism of foreign-government control. The issue of whether the term “instrumentality” includes state-owned entities that do not perform typical governmental functions is currently pending in the U.S. Court of Appeals for the 11th Circuit.
What is covered by the FCPA’s accounting provisions?
The FCPA’s “books and records” provision requires issuers to maintain books and records that, in reasonable detail, accurately reflect the issuer’s transactions and asset dispositions. The “internal controls” provision requires issuers to devise and maintain a system of internal accounting controls that provide reasonable assurances regarding the reliability of the company’s financial reporting. Although the FCPA’s accounting provisions apply only to issuers (i.e., companies whose securities are registered with the SEC or who are required to file reports with the SEC), the Guide makes clear that an issuer’s books and records include those of its consolidated subsidiaries and affiliates. Accordingly, an issuer’s obligations under the FCPA extend to ensuring that its consolidated subsidiaries and affiliates comply with the FCPA’s accounting provisions.
When will a successor be liable for the acts of an acquired company?
Generally, when a company merges with or acquires another company, the successor company assumes the predecessor company’s liabilities. Companies engaging in pre-acquisition due diligence should be careful to consider possible FCPA exposure and, accordingly, apply a risk-based approach to the diligence process. The Guide signals, however, that the DOJ and SEC will take action against successor companies only in limited circumstances, citing as examples cases involving “egregious and sustained” violations or where the successor company participated in the violation or failed to stop the misconduct after the acquisition.
Vigorous enforcement of the FCPA will remain a top priority of the DOJ and SEC. Although the Guide does not represent a change in FCPA enforcement policy, it provides a comprehensive overview of the statute and offers important insights into the government’s regulatory approach. By applying the practical lessons outlined in the Guide, such as focusing on high-risk activity and maintaining an effective compliance program, companies will mitigate their exposure to FCPA liability.