Information Governance

It has been over seven years now since the eDiscovery amendments to the Federal Rules of Civil Procedure went into effect. Since that time, the cost and complexity of discovery have continued to increase due to numerous digital age developments that have caused information to proliferate exponentially. To help litigants better address these issues and the challenges they present to the discovery process, the Judicial Conference Advisory Committee on the Civil Rules has proposed another round of Rules amendments. If enacted, the resulting package of amendments could affect most aspects of federal discovery practice and possibly decrease eDiscovery burdens and costs for courts, clients, and counsel alike.

To ensure they are prepared for the potential Rules changes, companies should consider developing an effective information governance program. While there are many steps that can be taken to implement such a program, the three discussed in this article are essential for those companies seeking to address the anticipated Rules changes and thereby decrease the costs associated with discovery.

Information Retention

If a company is really intent on obtaining more cost-effective results in discovery under the proposed Rules, it should examine its strategy for information retention. Effective information retention requires each business unit to identify the records that it creates, why it creates them, whether to retain them and for how long, who gets access to these records, and where the records are stored.

This, in turn, should lead to the development of top-down information retention policies. These policies should be the product of collaborative effort, with in-house counsel working with IT professionals, records managers, and business units to jointly decide what data must be kept and for what length of time. By so doing, retention policies can be created that are reasonable in relation to the enterprise's business needs and its litigation profile.

To better enforce compliance with those policies, the company should consider the availability and value of technologies to assist in information governance. Today's options include machine learning technology, which can learn from initial human decisions about information retention to provide automated guidance about similar documents in the future. When properly calibrated, machine learning tools can help ensure that the company keeps information that is significant or that otherwise must be maintained for business, legal, or regulatory purposes ' and nothing else. By so doing, data that has little to no business value can be segregated and destroyed before a litigation event arises. This, in turn, will obviate the costs associated with searching for, reviewing, and analyzing that data in discovery.

Litigation Holds

If information retention policies are to be effective, they must be accompanied by an effective litigation hold process. Without a workable approach to litigation holds, the entire discovery process could very well collapse. Indeed, employees and data sources may discard or overwrite ESI if they are oblivious to a preservation duty. This would leave organizations vulnerable to data loss and court sanctions.

One of the more instructive cases on this issue is E.I. du Pont de Nemours v. Kolon Industries (DuPont), 803 F. Supp. 2d 469 (E.D. Va. 2011). In DuPont, the court stiffly rebuked defendant Kolon Industries for failing to issue a timely and proper litigation hold. The rebuke came in the form of an instruction to the jury that Kolon executives and employees deleted key evidence after the company's preservation duty was triggered. The jury responded by returning a $919 million verdict in favor of DuPont.

The destruction occurred when Kolon deleted e-mails and other records relevant to DuPont's trade secret claims. After being apprised of the lawsuit and then receiving multiple litigation hold notices, various Kolon executives and employees met together and identified ESI that should be deleted. The ensuing destruction was staggering. Nearly 18,000 files and e-mails were destroyed. Much of that information went to the heart of DuPont's claim that key aspects of its Kevlar formula were allegedly misappropriated to improve Kolon's competing product line.

The court did not identify Kolon's employees as the principal culprits for spoliation. Instead, the court criticized the company's attorneys and executives, reasoning that they could have prevented the destruction at issue with an effective litigation hold process. The court found that the three hold notices circulated to the key players and data sources were either too limited in their distribution, ineffective since they were prepared in English for Korean-speaking employees, or too late to prevent or otherwise alleviate the spoliation.

The DuPont case spotlights the need for litigants to develop an effective litigation hold process as part of their overall information governance plan. The process requires organizations to identify the key players and data sources possessing potentially relevant information. Designated officials who are responsible for preparing the hold should draft the hold instructions in an intelligible fashion. The hold should then be circulated immediately to prevent data loss.

As a final part of this process, companies should consider using automated hold technology, which enables the placement of litigation holds on various custodians across multiple cases. These tools better ensure that ESI subject to a preservation duty is actually retained and thereby help a company avoid the preservation missteps that result in costly satellite litigation.

Mobile Devices

A final aspect of information governance that can help companies prepare for the proposed Rules changes is the creation of policies governing the use of mobile devices. Mobile devices such as smartphones and tablet computers have revolutionized the way in which business is conducted. Nevertheless, they have also introduced myriad security, eDiscovery, and privacy complications for enterprises.

More specifically, mobile device use lessens the extent of corporate control over confidential business information. Whether that information consists of trade secrets, proprietary financial information, or attorney-client privileged communications, difficulties in policing mobile devices allow employees the opportunity to misappropriate data more easily. The commingling of personal and business information also leads to an environment in which employees may disclose sensitive and confidential information regardless of malicious intent. With a single touch of a smartphone screen, an employee can direct sensitive company data to personal cloud providers, social networking sites, or WikiLeaks pages. Any of these scenarios could prove disastrous for an organization.

In addition, mobile device data is often difficult to preserve and produce. Indeed, the logistical challenges of locating, retaining, and turning over that data ' all while trying to observe employee privacy ' present complications for satisfying the proposed Rules amendments.

To address the problems associated with these devices, organizations must develop mobile device use policies. Such policies should address how employees handle company data regardless of whether the ESI is stored on work-issued or employee devices. They should also delineate the nature and extent of the enterprise's right to access data on the employee device, particularly for discovery purposes. This necessarily includes the consideration of whether an employee has a reasonable expectation of privacy in data stored on a device. Regardless of who owns the device, privacy issues must be addressed. An enterprise that has the unequivocal right to obtain relevant ESI from mobile devices will be better prepared to meet the preservation, proportionality, and production requirements under the proposed Rules.

There is case authority suggesting that a company can eliminate an employee's reasonable expectation of privacy by policy or with the employee's written consent. Other cases have held otherwise, frustrating company efforts to obtain ESI for purposes of discovery. Perhaps the best way to address this issue is for the company to develop a policy that expressly delineates its right to protect and obtain information stored on the device while also outlining the extent (if any) of the employee's privacy rights. Companies could further explore the availability and feasibility of technologies to segregate and encrypt company information from personal materials on mobile devices. Such measures may serve to prevent family members or friends of the employee from accessing proprietary company information.

Conclusion

Preparing for the proposed Rules amendments does not need to be a Herculean task. Organizations can take the initiative to implement or update an information governance program by following the suggestions from this article, along with other industry best practices. Those that do so will be ready for the enactment of Rules amendments and will more likely decrease their discovery costs ' both now and in the future.

Philip Favro serves as senior discovery counsel for Recommind, Inc. He is a legal scholar on issues such as e-discovery, information governance, and data protection.

It has been over seven years now since the eDiscovery amendments to the Federal Rules of Civil Procedure went into effect. Since that time, the cost and complexity of discovery have continued to increase due to numerous digital age developments that have caused information to proliferate exponentially. To help litigants better address these issues and the challenges they present to the discovery process, the Judicial Conference Advisory Committee on the Civil Rules has proposed another round of Rules amendments. If enacted, the resulting package of amendments could affect most aspects of federal discovery practice and possibly decrease eDiscovery burdens and costs for courts, clients, and counsel alike.

To ensure they are prepared for the potential Rules changes, companies should consider developing an effective information governance program. While there are many steps that can be taken to implement such a program, the three discussed in this article are essential for those companies seeking to address the anticipated Rules changes and thereby decrease the costs associated with discovery.

Information Retention

If a company is really intent on obtaining more cost-effective results in discovery under the proposed Rules, it should examine its strategy for information retention. Effective information retention requires each business unit to identify the records that it creates, why it creates them, whether to retain them and for how long, who gets access to these records, and where the records are stored.

This, in turn, should lead to the development of top-down information retention policies. These policies should be the product of collaborative effort, with in-house counsel working with IT professionals, records managers, and business units to jointly decide what data must be kept and for what length of time. By so doing, retention policies can be created that are reasonable in relation to the enterprise's business needs and its litigation profile.

To better enforce compliance with those policies, the company should consider the availability and value of technologies to assist in information governance. Today's options include machine learning technology, which can learn from initial human decisions about information retention to provide automated guidance about similar documents in the future. When properly calibrated, machine learning tools can help ensure that the company keeps information that is significant or that otherwise must be maintained for business, legal, or regulatory purposes ' and nothing else. By so doing, data that has little to no business value can be segregated and destroyed before a litigation event arises. This, in turn, will obviate the costs associated with searching for, reviewing, and analyzing that data in discovery.

Litigation Holds

If information retention policies are to be effective, they must be accompanied by an effective litigation hold process. Without a workable approach to litigation holds, the entire discovery process could very well collapse. Indeed, employees and data sources may discard or overwrite ESI if they are oblivious to a preservation duty. This would leave organizations vulnerable to data loss and court sanctions.

One of the more instructive cases on this issue is E.I. du Pont de Nemours v. Kolon Industries ( DuPont ), 803 F. Supp. 2d 469 (E.D. Va. 2011). In DuPont, the court stiffly rebuked defendant Kolon Industries for failing to issue a timely and proper litigation hold. The rebuke came in the form of an instruction to the jury that Kolon executives and employees deleted key evidence after the company's preservation duty was triggered. The jury responded by returning a $919 million verdict in favor of DuPont.

The destruction occurred when Kolon deleted e-mails and other records relevant to DuPont's trade secret claims. After being apprised of the lawsuit and then receiving multiple litigation hold notices, various Kolon executives and employees met together and identified ESI that should be deleted. The ensuing destruction was staggering. Nearly 18,000 files and e-mails were destroyed. Much of that information went to the heart of DuPont's claim that key aspects of its Kevlar formula were allegedly misappropriated to improve Kolon's competing product line.

The court did not identify Kolon's employees as the principal culprits for spoliation. Instead, the court criticized the company's attorneys and executives, reasoning that they could have prevented the destruction at issue with an effective litigation hold process. The court found that the three hold notices circulated to the key players and data sources were either too limited in their distribution, ineffective since they were prepared in English for Korean-speaking employees, or too late to prevent or otherwise alleviate the spoliation.

The DuPont case spotlights the need for litigants to develop an effective litigation hold process as part of their overall information governance plan. The process requires organizations to identify the key players and data sources possessing potentially relevant information. Designated officials who are responsible for preparing the hold should draft the hold instructions in an intelligible fashion. The hold should then be circulated immediately to prevent data loss.

As a final part of this process, companies should consider using automated hold technology, which enables the placement of litigation holds on various custodians across multiple cases. These tools better ensure that ESI subject to a preservation duty is actually retained and thereby help a company avoid the preservation missteps that result in costly satellite litigation.

Mobile Devices

A final aspect of information governance that can help companies prepare for the proposed Rules changes is the creation of policies governing the use of mobile devices. Mobile devices such as smartphones and tablet computers have revolutionized the way in which business is conducted. Nevertheless, they have also introduced myriad security, eDiscovery, and privacy complications for enterprises.

More specifically, mobile device use lessens the extent of corporate control over confidential business information. Whether that information consists of trade secrets, proprietary financial information, or attorney-client privileged communications, difficulties in policing mobile devices allow employees the opportunity to misappropriate data more easily. The commingling of personal and business information also leads to an environment in which employees may disclose sensitive and confidential information regardless of malicious intent. With a single touch of a smartphone screen, an employee can direct sensitive company data to personal cloud providers, social networking sites, or WikiLeaks pages. Any of these scenarios could prove disastrous for an organization.

In addition, mobile device data is often difficult to preserve and produce. Indeed, the logistical challenges of locating, retaining, and turning over that data ' all while trying to observe employee privacy ' present complications for satisfying the proposed Rules amendments.

To address the problems associated with these devices, organizations must develop mobile device use policies. Such policies should address how employees handle company data regardless of whether the ESI is stored on work-issued or employee devices. They should also delineate the nature and extent of the enterprise's right to access data on the employee device, particularly for discovery purposes. This necessarily includes the consideration of whether an employee has a reasonable expectation of privacy in data stored on a device. Regardless of who owns the device, privacy issues must be addressed. An enterprise that has the unequivocal right to obtain relevant ESI from mobile devices will be better prepared to meet the preservation, proportionality, and production requirements under the proposed Rules.

There is case authority suggesting that a company can eliminate an employee's reasonable expectation of privacy by policy or with the employee's written consent. Other cases have held otherwise, frustrating company efforts to obtain ESI for purposes of discovery. Perhaps the best way to address this issue is for the company to develop a policy that expressly delineates its right to protect and obtain information stored on the device while also outlining the extent (if any) of the employee's privacy rights. Companies could further explore the availability and feasibility of technologies to segregate and encrypt company information from personal materials on mobile devices. Such measures may serve to prevent family members or friends of the employee from accessing proprietary company information.

Conclusion

Preparing for the proposed Rules amendments does not need to be a Herculean task. Organizations can take the initiative to implement or update an information governance program by following the suggestions from this article, along with other industry best practices. Those that do so will be ready for the enactment of Rules amendments and will more likely decrease their discovery costs ' both now and in the future.

Philip Favro serves as senior discovery counsel for Recommind, Inc. He is a legal scholar on issues such as e-discovery, information governance, and data protection.