Imagine that the hustle of New Year activities has gone, and you’re settling into your desk with excitement for the promise that 2023 will most assuredly bring. Then you open a letter to find your company or your client’s company is being sued.
From here, you face two paths: preparedness or panic.
If you’ve taken Level Legal’s advice and shored up your eDiscovery policies by creating an eDiscovery Dream Team, you take a deep breath and relax, confident you know what data is being used, where it’s located, and how to get to it.
But if you haven’t taken these steps, you may need to do some damage control before more serious problems occur. With communications spread over so many platforms, companies without sound policies in place to identify, preserve, collect, review, and produce data will struggle to conduct thorough internal investigations. Or worse, they’ll fail to comply with their production obligations during litigation, leading to fines and other sanctions.
If you’re on the “panic” path, take these steps to preparedness ASAP.
Identifying Data: Failure to Communicate?
Gone are the days when company executives and employees communicated with a few applications. Back then, a company’s tech stack might be comprised of email and a few programs within the Microsoft Office Suite. Cellphone text messages complicated the situation.
Now, however, collaboration tools like Slack and Skype are the norm, even for high-level executives (subscription required). Data shows that the use of these tools has increased from just over 50 percent in 2019 to nearly 80 percent in 2021.
Of course, the COVID-19 pandemic and ensuing reliance on remote work was a major catalyst for the adoption and utilization of these tools. For example, Microsoft Teams noticed an 894 percent growth from March 2020 to June 2020 and now reports it reached 270 million users in 2022. Similarly, Slack earned more than $900 million in revenue between March 2020 and April 2021, a 43 percent increase year-on-year.
But despite much of the world returning to the “new normal,” many businesses are choosing to incorporate remote (or hybrid) work into their future strategies, leading to a continued increase in the tools available for inter-office communication. Informational governance is foundational to ensuring companies have policies and processes regarding the proper use of communication tools. Companies that don’t enforce sound policies on what tools may be used will find themselves struggling to understand what data they have and where it’s located.
Not to mention dealing with Bring Your Own Device (BYOD) policies. If your company follows such a policy, do you have clear procedures outlining such usage?
Preserving Data: The Nightmare of Auto-Delete
Under the common law and the Federal Rules of Procedure, a duty to preserve evidence attaches when a party reasonably anticipates litigation. And while the terms “reasonably anticipates” are the subject of much legal debate, best practices commend a better-safe-than-sorry approach. For sure, legal battles surrounding data retention and various communication platforms (or the lack thereof) are prevalent, as many platforms automatically delete data after a certain period of time. (For example, Slack may delete messages and data after 90 days, depending on your settings. WhatsApp allows users to enable “disappearing messages” that auto-delete after 24 hours, seven days, or 90 days.)
Making matters worse, figuring out how to change these settings isn’t always intuitive, and sometimes, easy access to do so is only available at top-tier pricing levels.
If you’re unsure how your company would fare with an accusation of spoilation, here are some questions to get on the right track:
- Does your company have clearly outlined policies regarding document retention for the various programs it uses?
- Do you know what the default auto-delete settings are on each of your platforms?
- If data is deleted, do you know how to recover it, or if it can be recovered? For example, deleting a Slack channel permanently deletes Slack messages, regardless of your retention settings. In Teams, if a policy is set to retain chats or messages, data is secured even though users will not see their deleted messages.
Arguing that your team or vendor doesn’t know how to access data or change settings won’t be sufficient to prevent reprimands or sanctions for failure to produce or find relevant information. See, WeRide Corp. v. Huang, No. 5:18-CV-07233-EJD (N.D. Cal. Apr. 24, 2020).
Collecting Data: Tougher Than Ever
Data out there is exploding with volume and a variety of new data types. Modern technology, such as mobile devices, file links and modern attachments, and social media has created these common pitfalls with collecting data. According to writer Cassandre Coyer, a Washington D.C.-based legal technology reporter from Legaltech News, here are those three technology pain points:
- Mobile Devices: Forensic Implications. For example, in-person and remote imaging can be time-consuming, while it can be difficult to decide whether a collection from cloud platforms is complete as users can customize their backups. What’s more, remote target collections are limited and could lead to needing more collections later, which can be inefficient. Meanwhile, new software updates, such as the iOS 16 iMessage features that would allow users to edit sent messages or unsend messages, are also creating their own forensic implications.
- File Links and Modern Attachments: Collecting modern attachments can be tricky among eDiscovery practitioners because the link that is collected may not be the same version of the file that the custodian originally viewed. By choosing to collect all versions of the file, the risk is being flooded with attachments and collection sizes.
- Social Media: New privacy compliance requirements have made it harder to collect users’ data, leaving forensic and eDiscovery professionals relying on screen capture and screen scraping tools that are not as efficient.
Reviewing Data: Technology to the Rescue
If you have been diligent enough to set up processes and procedures that allow you to readily identify communication platforms or tools within our organization, as well as pulling the relevant data, you may be staring at thousands (or hundreds of thousands!) of pieces of data from text messages, emails, or even Slack comments. How can you determine what it all means?
Here are some tips for improving your review:
- Utilizing data analytics If your document review platform or vendor doesn’t help determine patterns and trends within your data, it’s time to switch.
- Data visualization straight review. Various review platforms help organize data into clusters, groups, charts, and subsets. Without these tools, you may have 250 emails relevant to your search but no real clear pattern or grouping to help interpret the data. However, with the use of a data visualization tool, you might see a chart reflecting that three people within that grouping generally communicate on certain days or times about particular phrases or ideas.
- Third-party specific review tools. Many of the original document review platforms were initially created to recognize and synthesize emails, not Slack messages or even texts. Utilizing review platforms in connection with these third-party tools may be critical for comprehensive review, particularly when dealing with mobile data and communication tools like SMS text messaging.
- Busting discovery budgets due to failure to leverage tech.
Producing Data: Three Cautionary Tales
As stated, ad nauseum, failure to adequately produce or identify relevant information can lead to sanctions or worse, even in situations where data was not knowingly withheld.
In case you’re not persuaded, the following cases might influence your thinking:
- Monetary and case terminating sanctions due to deleting/failing to preserve information after hold in place. See Columbia Pictures Indus., Inc. v. Galindo, No. 2:20-cv-03129, 2022 WL 3009463 (C.D. Cal. Jun. 14, 2022), report and recommendation adopted, 2022 WL 3369629 (C.D. Cal. Aug. 15, 2022); Schnatter v. 247 Group, LLC, No. 3:20-cv-00003, 2022 WL 2402658 (W.D. Ky. Mar. 14, 2022).
- Granting of mandatory adverse inference jury instruction because the defendant modified Slack retention settings from indefinite to seven days after duty to preserve attached. See, In Drips Holdings, LLC v. Teledrip LLC, 5:19-CV-02789, 2022 WL 3282676 (N.D. Ohio Apr. 5, 2022), report and recommendation adopted in part, rejected in part, 2022 WL 4545233 (N.D. Ohio Sept. 29, 2022).
- Sanctions for failure to produce relevant information due to alleged lack of competency. See Red Wolf Energy Trading, LLC v. Bia Capital Mgmt., LLC, _ F. Supp. 3d _ , No. 19-10119, 2022 WL 4112081 (D. Mass. Sept. 8, 2022). The Court noted: “At a minimum, [defendants’] decision to utilize an unpaid novice in Kazakhstan to conduct its search for Slack messages, rather than an experienced vendor in the United States at a modest cost, … was in reckless disregard of [their] duties under Rule 26 and to obey court orders.”) at 60; see also, DR Distributors, LLC v. 21 Century Smoking, Inc., No. 12 CV 50324, 2022 WL 5245340 (N.D. Ill. Oct. 6, 2022) (half of $2.5 million sanction to sanctioned defendant’s counsel for failing to produce responsive information. Counsels’ missteps, failure to check auto-delete policies, and failure to supervise eDiscovery vendor).
Moving Toward Preparedness
Even if you have a well-oiled data machine in your organization, the beginning of the year is a great time to ensure that your policies and procedures don’t need a tune-up. In fact, in addition to the somewhat obvious benefits of avoiding the dire situations described above, knowing where your data is housed and how to get it and produce it will actually save you time and money in the long run.
Need help managing your data? Contact Level Legal for help.
Greg Moreman leaves nothing to chance. This includes weather forecasts, culinary adventures, and the best time of year to buy a holiday turkey. In fact, if our director of legal compliance services were a proverb, he would be, “Measure twice, cut once.” If he were a rapper, he’d be “Lil Inbox Zero.” Greg’s a generalist, a role Level Legal leans on when growth pains bring new problems or when a new strategy means new processes. Greg handles it. Never complaining. Always willing. His work and his example benefit everyone.