Transcript: Bill Forquer, EVP, Compliance Solutions Business at OpenText

This transcript is from a PodTech.net podcast at:
http://www.podtech.net/home/technology/1378/judge-shira-scheindlin-on-zubulake-e-discovery-and-compliance

Host: Susan Thomas - ARMA International
Guest: Judge Shira Scheindlin

Anchor
Welcome to the 2006 ARMA International Conference and Expo Podcast. This podcast is powered by PodTech and sponsored by NextPage, a provider of powerful document tracking and retention software.

Susan Thomas - ARMA International
Staged and focused discovery plans should go a long way to reining in the rational discovery demands and costs. So, let's start with the moving forward question. At the beginning of the e-discovery era, we were hearing of many companies settling out of court because it was less expensive than trying to get to handle on their records. Is this still the case, or a company is getting better at records management?

Judge Shira Scheindlin
Well, the expense associated with pre-trial discovery should be no greater in the e-discovery era, than it was in the world of paper records, now that the new rules have helped to make both the courts and the parties more cost conscious. There are simple reasons for this; first, as your question itself notes, parties are getting better at records management, which means that records are better kept, are better organized, more easily reviewed and less difficult to produce. Second, two of our new rules in particular should go a long way toward reducing costs; the first is Rule 26F, which forces the parties to discuss preservation and collection at the front end of a litigation. This should help to reduce the cost of collection and review; the second is rule 26B2B, which allows a party to self-designate certain sources as inaccessible.

If the party can support that designation, the burden will shift to the requesting party to justify the costs and burdens associated with retrieving data from such sources. If that party is successful, the court would be required to consider who should bear the expense of retrieving data from inaccessible sources. I predict that course will embrace some percentage of cost sharing, which will discourage requesting parties from seeking data from inaccessible sources unless they really believe that the information is critical and there is no other way to obtain it. So, to make a long answer short, I do not believe that the threat or actual cost associated with e-discovery will be anymore of a pressure to settle than the cost of discovery have always been -- costs have always been a factor. A party considers when deciding whether to litigate or settle, so while that consideration remains, it is no more of a factor than it was, before the e-discovery era.

Susan Thomas - ARMA International
Okay, my next question is regarding email archiving best practices. The policy at our organization has been to print out email that pertains to a particular file, and keep it in paper format with the file. The electronic messages are routinely deleted within 30 days by the company's IS department; properties portion of an email is not printed or retained. This means that the burden is on the employee to print out and file the email in attachments, then they are consequently retained as long as dictated by the records series. Judge Scheindlin, could you talk for a minute about the best practices for email? Should a company retain both printed emails and those electronically stored, or should they choose exclusively one or the other?

Judge Shira Scheindlin
Well, there's been a lot of attention paid to the question of email archiving since the Zubulake decisions. Many thoughtful people have written or spoken about this issue. From what I can see from the literature, there are now two basic methods for email archiving although I think you folks know a lot more about this than I do. One is individual email management, where an employees email will be automatically deleted on a preset schedule, say 14 or 30 days, unless that employee moves and stores that email in some form; most likely to electronic folders, but possibly printed hard copy. If the employee doesn't make that effort, the email will then only be available from an inaccessible source.

In this model, when a litigation hold is instituted, the automatic deletion schedule must be suspended and employees must be instructed to refrain from deleting any information that's now stored in their electronic folders. Collection and search must then be undertaken on an employee-by-employee basis. The second model, which has certain pros and cons has been called pro-active online archiving. In this system, emails instantly archived in a single online repository, which can be maintained onsite or by a vendor. The data can be maintained for a fixed period of time, were deleted at specific intervals. The information in this type of archive can be indexed by any criteria, such as employee, location, subject matter, date, which in turn allows for efficient searching, retrieval and production. Some of these systems can also de-duplicate, which means eliminating multiple copies of the same email.

Finally, this system reduces the risk of human error, namely, employees who ignore the direction to maintain certain email, which in turn, reduces the possibility of sanctions. The only downside is that the volume of stored data is greater in this model, which means increased cost review for relevance and privilege. But this downside should be balanced out by the efficient search techniques that can be used to review data that is stored in an organized manner. So, I don't think the policy you described in your question is an adequate or appropriate policy. Printing out the text of an email, but deleting the actual electronic message, destroys the metadata, which as we know may be highly relevant in some cases. A 30-day deletion schedule with no effort at archiving of the electronic text is a ticket to disaster.

As noted just a moment ago, a company should develop some form of storage of the electronic message, either local or central. The whole question of metadata is a thorny one. Let me share with you my favorite description and I'm quoting from Craig Ball who's a wonderful vendor. “It's the electronic equivalent of DNA, Ballistics, and fingerprint evidence with a comparable power to exonerate and incriminate. Metadata sheds light on the context, authenticity, reliability and dissemination of electronic evidence, as well as providing clues to human behavior. All sorts of metadata can be found in many locations; some is crucial evidence; some is digital clutter but because every active file stored on a computer has some associated metadata, it's never a question of whether there is metadata, but what kinds of metadata exist, where it resides, and whether its potential relevance demands preservation and production.

Susan Thomas - ARMA International
Next, we have a question about scalability. Well, the obligations that in-house and outside counsel to meet with records owners' etcetera articulated in the several Zubulake discovery opinions may have made sense in the context of a relatively small number of record owners and their email. What is your opinion on the scalability of those obligations when the numbers of record owners may be in the hundreds or even thousands?

Judge Shira Scheindlin
You know, cases only address the facts before the court; and Zubulake is a case, it's not a rule. But, rules too have to address all cases, not just the mega case or the case involving companies with hundreds or thousands of employees; but that said, let me try to answer your question. When the record owners, number in the hundreds or even the thousands, a company needs to create a litigation or e-discovery response team. This team should consist of in-house counsel, IT professionals, records managers, litigation technology consultants and outside counsel. Once that team is assembled, it needs to engage in a checklist of specific tasks. Now there is no one list that fits all circumstances, but here is my stab at creating a nine point checklist.

One, create and disseminate a written litigation hold notice and determine a system for monitoring compliance; two, interview a designated IT representative and a designated record -- records manager; three, create a map of the network infrastructure; four, identify all sources of data, both accessible and inaccessible; five, identify the most knowledgeable person with respect to each data system; six, run preliminary searches of each accessible source and estimate the cost of collection and review; seven, establish a privilege review protocol; eight, determine the form of production by source; and nine, and I think most important, document your efforts so that a court reviewing those efforts in hindsight, will know that you acted reasonably.

Susan Thomas - ARMA International
Certainly the search and retrieval process or electronic discovery can get out of hand quickly. So, with regards to the revised Federal Rules of Civil Procedure, how do you envision organizations properly search and retrieve the massive amounts of electronic data during the discovery process?

Judge Shira Scheindlin
Well, I think I have already actually addressed much of that question in my last answer, but I will add a thought or two that helps to relate the answer back to the amended rules. The key is to search accessible sources first, pursuant to a search plan that has been discussed directly with the adversary. Well, it may cut against the grain, a candid discussion with the adversary at the Rule 26(f) Conference, and then continuing on a regular basis thereafter, should help to focus the search and reduce the costs. Searching without knowing what you're trying to find, is an exercise and is absurd. The more targeted the search, the more precise the result. If the adversary is unreasonable in limiting and focusing the search, a court is available to mediate that dispute, and I think the courts are up to that task. Only after the accessible sources are searched and the information is produced and reviewed by the adversary, is there any reason to even consider litigating the question of inaccessibility or a good cause showing a need to search those inaccessible sources. So, a staged and focused discovery plan should go a long way to reining in your rational discovery demands and costs.

Susan Thomas - ARMA International
What about the Legacy and Orphaned data? It seems like this is another area of discovery that has shown itself to be incredibly unwieldy. How much time and effort should an organization undertake to identify existing Legacy and Orphaned data to comply with discovery obligations?

Judge Shira Scheindlin
An organization does have an obligation to identify the sources of data that it does not intend to search. This is something new that the rules have never before required; before the 2006 amendments, a litigant was not required to identify that which it did not search. So, now a company must spend time identifying Legacy and Orphaned data, but it does not have to do anything other than identified; it does not need to restore such information in order to identify the actual data contained on the source. It obviously does not need to invest in rebuilding outdated and unsupported systems for the purpose of retrieving and reviewing data. If the source is restored, they must be maintained as they are found at the outset, which probably means no additional expenses incurred; but that is all a company must do, unless and until a court requires that these inaccessible sources be searched, because a party has shown good cause to require such a search. At that point, it is for the company to convince the court that the cost of such an effort should be shifted to the requesting party or at least shared by that party.

Susan Thomas - ARMA International
Interesting, another area that gives a lot of us concern here, is the definition of threat of litigation as a trigger for a litigation hold. What are your views on preservation duties in anticipation of litigation; and what constitutes a threat of litigation? What kind of notice must be given, does it have to be on the 7 O'clock News, the Wall Street Journal? How do we do this part?

Judge Shira Scheindlin
Well, I must give credit in answering this question to The Sedona Conference of which I am a member, which as we speak here today is working on a monograph that will be titled 'A Commentary on Legal Hold'. That document makes an effort to answer the exact question you post, and I am using the draft of that document as a source for my answer. The final version by the way, of that monograph should be available in January 2007, and can be accessed from the Sedona website. All right, to determine whether a threat of litigation is credible, a company should act in good faith by conducting a reasonable investigation and evaluating all of the relevant facts and circumstances.

Factors to consider in determining whether a company acted reasonably in assessing a threat should include the following: One, the level of knowledge within the organization concerning the claim; two, the risk to the organization caused by the nature of the claim, and three, the risk of losing information in the absence of a litigation hold. But then, how do you evaluate the credibility of the threat itself? So, here are some guidelines for that - the specificity of that threat, the identity of the person making the claim and his or her relationship to the target of the accusation, the value of the potential claim. Have there been similar claims in the past, and what's the press coverage of similar claims?

So, let me give you some examples, let's make it real; here are some examples of what I think are credible threats. The receipt of a summons or complaint, the filing of an administrative charge -- notice that a party is actually the target of an investigation -- receipt of a preservation notice letter from a respected attorney, receipt of a Sopena, a reputable news report of a government investigation, notice of an event which typically results in that occasion like an explosion or a plane crash.

Similarly, let me give you some examples that I don't think we do need to preserve -- and those will include vague rumors. The source of the threat is a known repeat litigant who has never been successful in any litigation. Past experience with similar claims -- for example, the claims have always proved to be frivolous - or for the temporal nature of the claim; that is, the claim involves a product that was discontinued ten years ago. And finally, a non-specific threat; for example, a letter accuses a company of misappropriating trade secrets and doesn't even identify the trade secret. So, I hope that's helpful.

Susan Thomas - ARMA International
I think that's going to incredibly helpful to our audience; certainly, I know I'll be able to use that with the university. Our next question comes from our attendee, and it focuses on the need for training within an organization, and how that relates to established policies and the spread -- the threat of spoliation. It says, “We have a corporate policy manual discussing our Records Management program. On our intranet, we publish the retention schedule of Records Management program manual with guidelines and information on retention and destruction of records and electronic files. Is this sufficient to create a safe haven from spoliation, provided we have followed our policy in the normal course of business.”

Judge Shira Scheindlin
Well, probably not, for two reasons. First, as you describe it, there's nothing in that policy that discusses training. It is well known that employees don't read handbooks -- and they don't read manuals, even when there's information in there that's to their benefit. It's also necessary to require training of all new employees and refresher training for all other employees; and those training should be live, not by webcast, because people can tune off the webcast and do other work, wrongly believing that they are successfully multitasking. I know this only too well because I do it myself. But, an initial training session by department of all new employees, and then a semiannual training course might be good ideas.

The other problem with the policy you just described is the lack of monitoring. A program that does not include a means of checking on employee compliance is no policy at all. Management must develop a system to ensure that employees are actually following the designated protocols. This could only be accomplished with a compliance monitoring program, which I think is an essential component of a Records Management policy.

Susan Thomas - ARMA International
I would call that, job security. Well, let's round out our discussion with the multinational perspective. Many of the professionals in the audience today -- and more and more of this as time goes on, find themselves working across borders. Give us a sense of where the courts stand on multinational issues? Specifically, we have a question here about e-mail retention across borders. Can a non-US parent impose a different e-mail retention that may or may not be consistent with US guidelines?

Judge Shira Scheindlin
Well, I am not sure I entirely understand the question I suppose, but let me tell you what I do think. A non-US company located outside the US is not only not bound by US guidelines; it may in fact have totally different rules and regulations with which it must comply. We know, for example, that England and other European Union - EU countries, have stringent privacy rules that would prevent the collection and production of e-mails in the same manner as that required here. Now, with that said, if there's a US based subsidiary of a foreign corporation, then it must abide by the rules of the country in which it is doing business. So, the US based subsidiary must follow US statutes, regulations, and rules in its record retention policies.

Susan Thomas - ARMA International
Many of our multinational company records managers are going to find that curious. Well, that's the end of our question and answer period today. I want to thank you so much Judge Scheindlin, and on behalf of the ARMA 2006 Conference and Expo, the profession in ARMA International, I want to thank you for your time today. We really appreciate your insight, and to all of you, thank you again for joining us today and the rest of this week. We have many excellent education offerings for you to choose from, so please come and enjoy them all and be sure to visit the expo floor early and often. In addition, we hope to see you at the welcome party this evening, and I want you to all come prepared for some good old fashioned Texas hospitality and fun, and here is to a great conference.

Anchor
This ARMA International Podcast was powered by PodTech and sponsored by NextPage. Visit ARMA on the web at www.arma.org. For more information about NextPage and its Desktop Document Retention solutions, go to www.nextpage.com. This Podcast was recorded and produced by Rocky Mountain Voices.