IntroductionSince the last edition of eDiscovery Advantage, predictive coding has again been the focus of judicial decisions, the International Trade Commission and the Federal Trade Commission have worked on streamlining eDiscovery through amendments to their internal rules, and New Jersey has passed legislation limiting an employer’s ability to gain access to employees’ social media accounts. A number of courts have addressed the discoverability and authentication of social media evidence, the appropriate format for production, preservation obligations, and sanctions for spoliating evidence. The National Labor Relations Board has issued several opinions addressing employers’ social media policies and the fine line between permitted limitations on the use of social media and improper impingement on permitted Section 7 activity.

On the international privacy front, the Supreme Court of Canada found that an employee has a reasonable (though diminished) expectation of privacy in communications and/or materials kept on a work computer. Singapore passed a Personal Data Protection Act, which governs the collection, use, and disclosure of personal data by organizations, as well as requires organizations to safeguard personal data within their possession or control.

As always, we hope that the following summaries and information continue to aid your understanding of this important and influential practice area, and we look forward to helping you stay abreast of upcoming developments.

Predictive CodingPredictive Coding remains at the forefront of the eDiscovery industry. In In re Actos (Pioglitazone) Prods. Liab. Litig., 2012 WL 3899669 (W.D.La. July 30, 2012), Judge Rebecca F. Doherty entered a case management order governing the collection, search and production of ESI and the use of predictive coding on an initial set of four custodians, after which they would meet and confer to determine whether predictive coding should be applied to the remaining custodians. The parties agreed to the use

of Equivio Relevance as the predictive coding software, and both parties agreed to nominate three individuals to serve as “experts”, for a total of six experts, “to work collaboratively” subject to the terms of the protective order in the case. All six experts will review the relevant and irrelevant documents used to train the predictive coding software, and although privileged documents and privileged redactions will not be shown to the plaintiff’s experts, such documents will also be used to train the predictive coding software. The protocol calls for an iterative process of reviewing and tagging additional documents until the software reaches “stability”, all of which will be reviewed by both sets of experts. Once the software determines that it has reached the point of stability, the protocol calls for the parties to agree upon a relevance score, below which documents will not be reviewed, in order to establish the set of documents that will then be manually reviewed by the defendants. The Defendant reserved its right to seek relief (i.e. cost

eDiscovery Advantage September - October 2012Volume 2, Number 4

Table of Contents

Introduction...................................................................................1

Predictive Coding .......................................................................1

Federal and State Government eDiscovery Developments .............................................................................2

Preservation and Sanctions ...................................................4

Search, Retrieval & Production ............................................5

Privilege and Waiver Issues ...................................................6

Recovery of eDiscovery Costs / Cost Shifting ..............9

Stored Communications Act and Internet Service Providers ......................................................................9

Social Media ...............................................................................10

Global Privacy and Cross Border Discovery Issues .. 13

Recent Publications and Events ....................................... 15

Contact Us ................................................................................. 15

2

eDiscovery Advantage Winston & Strawn LLP

shifting), while the plaintiff agreed to bear its share of the cost of complying with the protocol.

Editor’s Note: The protocol employed in In re Actos represents a view that is at the far end of the spectrum in terms of transparency vs. non-transparency. The opposing party’s experts will see both the relevant and irrelevant documents and participate in decisions concerning responsiveness, decisions traditionally left to the producing party, and only challenged later if required. The open question is whether in the search for “transparency” parties interested in using predictive coding are going too far and in the process conferring on an opposing party greater rights than the party would be entitled to under the Federal Rules of Civil Procedure.

Building on the framework created by Da Silva Moore, Kleen and In re Actos, in EORHB, Inc. v. HOA Holdings LLC, Civ. No. 7409-VCL (Del. Ch. Oct. 15, 2012), Vice Chancellor J. Travis Laster sua sponte raised the issue of using predictive coding with the parties. Vice Chancellor Laster noted that the case before him, relating to indemnification claims for alleged breaches of contract, was “an ideal, non-expedited case in which the parties would benefit from using predictive coding.” He stated that indemnification claims “can generate a huge amount of documents,” and that rather than “burning lots of hours with people reviewing,” the parties “could all benefit from some new technology use.”

Vice Chancellor Laster left open the possibility that parties could avoid using predictive coding, but to the extent that the parties disagree with the Court’s preference for the use of predictive coding, they must “show cause why this is not a case where predictive coding is the way to go.” In moving forward, Vice Chancellor Laster held that the parties needed to pick a “single discovery provider” that “could be used to warehouse both sides’ documents” and “insure that no one can access the other side’s information.” A copy of the transcript, including Vice Chancellor

Laster’s discussion of predictive coding is available here.

Federal and State Government eDiscovery DevelopmentsFederal agencies and departments have continued to make progress in streamlining their electronic discovery practices for internal investigations. Both the International Trade Commission and the Federal Trade Commission have proposed new rules addressing eDiscovery. In addition, the State of New Jersey has joined the list of states enacting legislation to prevent employers from requiring or demanding access to employees’ social media accounts.

International Trade Commission Proposes eDiscovery Rules Amendments The United States International Trade Commission (“ITC”) has submitted proposed amendments to Section 210.27 of its Rules of Practice and Procedure, which, among other things, seek to impose certain limits on eDiscovery and to require the submission of privilege logs within a specified period of time. A copy of the proposed amendments is available here. Comments to the proposed amendments must be received by the ITC on or before December 4, 2012.

Section 210.27, which provides for discovery of non-privileged information relevant to a claim or defense of any party, does not currently place any limits on discovery of ESI. Proposed Section 210.27(c) would allow the requested party to exclude from discovery “sources that the person identifies as not reasonably accessible because of undue burden or cost.” Production of such “not reasonably accessible information, may still be required if the requesting party shows good cause.” The ITC notes that the case law interpreting FRCP 26(2)(B) will “provide guidance” to the administrative law judge.

3

eDiscovery Advantage Winston & Strawn LLP

In addition, Section 210.27(d) would establish certain limitations on discovery if the information sought is “unreasonably cumulative or duplicative,” if the responding party has waived the legal position justifying discovery or has stipulated to facts pertaining to the particular issue, and/or the “burden or expense of the proposed discovery outweighs its likely benefit[.]”

The ITC has also proposed an amendment that will require parties withholding documents and information on the grounds of privilege or the attorney work product doctrine to “produce a privilege log to the opposing counsel “within 10 days of making the [privilege] claim.” See Proposed Section 210.27(e).

Importantly, Section 210.27(e), unlike Federal Rule of Evidence 502, would not be a claw-back provision, and the ITC notes that if subsection (e) is adopted, it expects its administrative law judges “to apply federal and common law when determining the consequences of any allegedly inadvertent disclosure.”

FTC Publishes New Rules for InvestigationsOn September 27, 2012, the FTC published new revised rules for investigations which strive to incorporate “modern discovery methods” and increase efficiency and cooperation in Part 2 investigations. These revised rules took effect on November 9, 2012. The revisions included sampling of electronic media to verify the party is using “viable search and compliance methods” (Overview of revisions § 1); an early “meet and confer” with FTC staff to try to anticipate and resolve potential discovery issues (§ 2.7(k)). In addition, more streamlined privilege logs are allowed to reduce this burdensome process (§ 2.11(b)). These new revisions also respond to public comments to ensure clarity and improve efficiency in the investigation process. The comments and revised rules can be reviewed here.

New Jersey Approves Bills Restricting Access to Social Media AccountsOn October 25, 2012, New Jersey joined the states that have considered and passed legislation limiting employers’ ability to obtain access to employees’ or potential employees’ social media accounts. It passed both A. 2878 (employer access to social media accounts) and A. 2879 (access to social media accounts by institutions of higher learning). A. 2878 (full text available here) will prohibit an employer from requiring or requesting that a “current or prospective employee to disclose any user name or password,” or provide any other form of access to “a personal account” through an “electronic communications device”. In addition, the employer cannot require that an employee or prospective employee “disclose whether the employee has a personal account”, or retaliate against an employee or prospective employee for failing to disclose the existence of or provide access to such an account. Personal account is defined to include “an account, service or profile on a social media website” used “exclusively for personal communications unrelated to any business purposes of the employer.”

The bill creates a private right of action, to be brought within one year of the alleged violation, which allows the current and/or prospective employee to obtain injunctive relief, compensatory and consequential damages, and reasonable attorneys’ fees and costs. Employers will also be subject to civil penalties of $1,000 for the first violation and $2,500 for each subsequent violation.

A. 2879 (the full text is available here.)similarly limits the ability of institutions of higher learning to obtain access to a student’s or prospective student’s social media account or profile, and prohibits discrimination against any student or prospective student for refusing to disclose the user name, password or other means of accessing the student’s or prospective student’s social media account. The bill also creates a private right of action, but does not carry the civil penalties included in A. 2878.

“Proposed Section 210.27(c) would allow the requested party to exclude from discovery ‘sources that the person identifies as not reasonably accessible because of undue burden or cost.’”

4

eDiscovery Advantage Winston & Strawn LLP

Preservation and SanctionsParties and courts continue to struggle with the scope of preservation and/or other discovery obligations and how best to address situations where a party has failed to meet such obligations. In Carrillo v. Schneider Logistics, Inc., 2012 WL 4791614 (C.D. Cal. Oct. 5, 2012), Magistrate Judge David T. Bristow, imposed sanctions on the defendant stemming from its withholding of responsive documents, and its failure both to conduct a “reasonably diligent search for responsive documents” and to take adequate steps to preserve documents. The plaintiff became aware of the inadequacies in the defendant’s production when co-defendants produced documents demonstrating that the defendant had generated additional documents that had not been produced or logged in the current action. Magistrate Judge Bristow noted that the defendant had only searched the e-mail accounts of five employees and had not engaged its information technology department “to perform broader searches, such as searches of backup tapes and archives.” According to Magistrate Judge Bristow, the defendant’s efforts reflected “at best—a haphazard search for records,” and that neither the defendant nor its counsel “appear to know with any certainty what steps have been taken to search for responsive documents.”

The defendant had issued an initial oral litigation hold, a subsequent written litigation hold letter covering work, personal and home computers, a further follow-up communication, and required all employees receiving the litigation hold to certify their compliance with the directions. Despite these actions, employees deleted e-mail messages sent and received from accounts maintained by a third party, but used by those employees as their primary business email account. Magistrate Judge Bristow noted that the litigation hold “either through inadvertence, lack of investigation, incompetence or bad faith” did not cover these e-mail accounts.

Magistrate Judge Bristow imposed the following sanctions: (1) an outside vendor

would, at the defendant’s expense, collect e-mails and other ESI for eventual production to the plaintiff; (2) mandatory production of the responsive material that was improperly withheld; and (3) an award of attorneys’ fees and costs associated with the motions to compel.

In Scentsy, Inc. v. B.R. Chase LLC, 2012 WL 4523112 (D. Idaho Oct. 2, 2012), Judge B. Lynn Winmill, found the failure to issue a written litigation hold when litigation was first anticipated “very troubling.” In the case, the plaintiff argued that its general counsel had “spoke[n] to the individuals that would have information” regarding the subject matter of the litigation and “requested that those documents not be deleted.” In addressing the adequacy of the plaintiff’s attempt to preserve documents, Judge Winmill held that “[g]enerally, not deleting documents and orally requesting certain employees to preserve relevant documents concurrently with the filing of a lawsuit is completely inadequate.” She also noted that such a practice “is very risky—to such an extent that it borders on recklessness.”

Believing that the plaintiff had spoliated evidence, the defendants sought to compel the plaintiff to conduct a forensic examination of its computer systems at plaintiff’s expense to “retrieve any deleted discoverable data” and asked for “other appropriate sanctions.” In reviewing the facts of the case, Judge Winmill noted that although the hard drive of one of the plaintiff’s key designers had failed and was not recoverable, this failure happened before plaintiff reasonably anticipated litigation. With respect to files and documents from other designers, Judge Winmill noted that “there is a chance that some documents … were destroyed after [the plaintiff] anticipated [ ] litigation,” and that this “uncertainty was caused by [plaintiff’s] inadequate retention policy coupled with its late and imprecise litigation hold.”

Judge Winmill denied the defendants’ request for a forensic examination of plaintiff’s computers, but did allow defendants to depose appropriate individuals regarding destruction of

Judge Winmill held that “[g]enerally, not deleting documents and orally requesting certain employees to preserve relevant documents concurrently with the filing of a lawsuit is completely inadequate.”

5

eDiscovery Advantage Winston & Strawn LLP

relevant documents and required that the plaintiff cover the deposition costs and attorneys fees. The Court reserved the right to impose an adverse inference instruction if the depositions uncovered evidence of spoliation.

In Mahaffey v. Marriot Int’l Inc., 2012 WL 4833370 (D.D.C. Oct. 11, 2012), Judge Rudolph Contreras found that the defendant did not have a duty to preserve surveillance footage of its lobby and that the destruction of files due to a broken sprinkler head did not support the imposition of sanctions. First, with respect to the surveillance footage, Judge Contreras noted that a party’s preservation obligation extends only to “what it knows, or reasonably should know, is relevant in the action, is reasonably calculated to lead to the discovery of admissible evidence, is reasonably likely to be requested during discovery, and/or is the subject of a pending discovery request.” In the case before him, Judge Contreras found that the defendant did not reasonably know that the surveillance footage needed to be preserved, especially as the “video is not alleged to have captured the accident or its aftermath,” and the only value such video had was to “assist plaintiffs in identifying certain witnesses that they cannot now identify.”

Second, Judge Contreras held that the destruction of “loss prevention documents” caused by flooding resulting from a broken sprinkler head did not equate to the “requisite culpable state of mind” necessary to impose an adverse inference sanction. Moreover, Judge Contreras held that the plaintiffs could not show that to the extent any relevant records were destroyed in the flooding, that such records were “favorable to their case.”

In Multifeeder Tech. Inc. v. British Confectionery Co. Ltd., 2012 WL 4135848 (D. Minn. Sept. 18, 2012), Judge John Tunheim adopted in part the recommendations of Magistrate Judge Tony Leung imposing sanctions upon the defendant for intentional deletion of relevant ESI and concealing encrypted

data. Judge Tunheim upheld the award of an adverse inference instruction and finding the defendant in contempt. He increased the monetary sanctions from $500,000 to $600,000, finding that the following factors favored a stronger penalty: (i) additional sanctions were necessary to compensate the plaintiff for the significant costs associated with hiring a forensic investigator and the plaintiff’s attorneys’ fees; (ii) the spoliation of relevant ESI caused “significant prejudice” to the plaintiff; and (iii) the defendant had previously been sanctioned in the case.

Search, Retrieval & ProductionDespite the courts’ best attempts to describe how parties should search for and produce documents in response to discovery demands, a number of open questions still remain. For example, in S2 Automation LLC v. Micron Technology, Inc., 2012 WL 3656454 (D.N.M. Aug. 9, 2012), Judge James O. Browning addressed, among other things, whether the plaintiff: (1) was required to produce electronically stored information (“ESI”) in the format the defendant requested; (2) needed to make a separate production of metadata; and (3) needed to identify the search strategy used to produce documents in response to the defendant’s document requests.

With respect to the appropriate format for production, Judge Browning noted that Rule 34(b) of the Federal Rules of Civil Procedure allows the requesting party to “designate the form or forms in which it wants the electronically stored information produced.” In keeping with Rule 34, the defendant had requested that the plaintiff produce all “Excel, Access, database records, and audio files (such as voice mail) in their native formats retaining all metadata[,]” and all other responsive ESI “in single-paged Tagged Image File Format (‘TIFF’, Type 4, 300 DPI resolution), with an accompanying load file, an extracted text file of electronic documents that are not redacted, and an Optical Character Recognition (‘OCR’) ….” The plaintiff produced documents in PDF format rather

“a party’s preservation obligation extends only to ‘what it knows, or reasonably should know, is relevant in the action, is reasonably calculated to lead to the discovery of admissible evidence, is reasonably likely to be requested during discovery, and/or is the subject of a pending discovery request.’”

6

eDiscovery Advantage Winston & Strawn LLP

than as single-page TIFFs with extracted text and load files, which prevented the defendant from keeping the e-mails and attachments together.

After the defendant moved to compel production in the requested format, Judge Browning noted that the defendant had offered a compromise that allowed the plaintiff to produce the e-mails in native format, which the defendant could then convert into TIFFs for use in its document review platform. As such, he required the plaintiff to either produce the ESI in native format or as single-page TIFFs. In either event, the Court required that the production format keep the e-mails and attachments together. Although Judge Browning found that there was no need for a separate production of metadata if the plaintiff produced the documents in the required format(s). The Court did, however, leave open the possibility for the defendant to request the production of metadata in certain circumstances.

Judge Browning also noted that the defendant had raised concerns about the “adequacy of [the plaintiff’s] strategy for responding to discovery requests,” including suggesting that the plaintiff’s counsel was not “working closely with their client during the document-production process.” Recognizing that it can sometimes be necessary to evaluate whether an attorney “conducted a reasonable inquiry” under Rule 26(g) of the Federal Rules of Civil Procedure before signing discovery responses, Judge Browning required the plaintiff to disclose its “search strategy for identifying documents, including the procedures it used and how it interacted with its counsel to facilitate the production process.”

In FTC v. Boehringer Ingelheim Pharmaceuticals Inc., 2012 WL 4888473 (D.D.C. Oct. 16, 2012), Magistrate Judge John M. Facciola determined that the defendant was required to search certain backup tapes in response to an administrative subpoena from the FTC. The defendant had argued that, under Rule 26(b) of the Federal Rules of Civil Procedure, that the backup tapes were not reasonably accessible and thus it was not required to restore them.

Magistrate Judge Facciola held that, at least in the Federal Circuit, to reject compliance with an administrative subpoena the party has to demonstrate that “compliance with the subpoena ‘threatens to disrupt or seriously hinder normal operations of a business,’” and that the burden of “showing the request is unreasonable is on the subpoenaed party.”

Although the Court noted that the FTC’s initial request for backup tapes from January 2003 through October 2010 “would have consumed much of the [defendant’s] time and money,” having agreed to limit its request to backup tapes from February through August 2008, the FTC’s request was “not unduly burdensome.” As such, Magistrate Facciola ordered that the parties meet and confer “to determine the appropriate method of searching the backup tapes.”

Privilege and Waiver IssuesFederal courts continue to evaluate the inadvertent production of privileged communications using the Rule 502(b) standard, and the trend is to closely evaluate the facts to determine reasonableness of a party’s actions. Litigants should be aware of the trend toward a stricter standard, and increased focus on the handling of privileged documents.

In Chechele v. Ward, 2012 WL 4481439 (W.D. Okla. Sept. 28, 2012), Chief Judge Vicki Miles-Lagrange addressed the issue of whether the use of work e-mail accounts waives the attorney-client privilege. There, the plaintiff had served a document request on one of the defendants. In responding to the request, the defendant determined that certain responsive documents on its e-mail system included privileged e-mails exchanged between one of its employees and his attorney. The defendant honored the instructions of the employee’s counsel and withheld the e-mails as privileged. The plaintiff then moved to compel their production.

7

eDiscovery Advantage Winston & Strawn LLP

Judge Miles-Lagrange noted that courts that have faced the question of whether the use of work e-mail accounts waives the attorney client privilege between an employee and his or her attorney “have sought to determine whether the employee, as a practical matter, had a reasonable expectation that the attorney-client communications would remain confidential despite being stored on a company’s computer system.” Judge Miles-Lagrange also noted that in order to assist with this analysis courts have developed a four factor test to determine whether information stored on an employer’s computer waives the attorney client privilege: “(1) Is there a company policy banning personal use of e-mails?; (2) Does the company monitor the use of its e-mails?; (3) Does the company have access to all e-mails?; and (4) Did the company notify the employee about these policies?”

In the case before her, Judge Miles-Lagrange found that the employer’s Computer, E-mail, Telephone and Internet Usage policy informed employees that “[e]-mail is not guaranteed to be private or confidential,” and that “[i]nternal and external e-mail messages are considered business records and may be subject to discovery in the event of litigation.” Based on these express warnings and the fact that the employer reserved the right to monitor the contents of its employees’ e-mails, the court found that the employee “had no objectively reasonable expectation of privacy or confidentiality regarding his attorney-client communications and effectively waived the attorney-client privilege for those communications.”

Federal Rule of Evidence 502In Potomac Electric Power Co. & Subsidiaries v. United States, 2012 WL 4127637 (Fed. Ct. Cl. Sept. 19, 2012), Judge Thomas C. Wheeler addressed the scope of Federal Rule of Evidence (“FRE”) 502. The plaintiff sought a protective order under FRE 502 that provided, among other things, that: (i) any party could “claw back” any inadvertently-produced privileged documents so long as the

producing party sought the return of the privileged materials within ten days of the discovery of the inadvertent disclosure; and (ii) any intentional disclosure of privileged materials (i.e., pursuant to an advice-of-counsel defense) would not effectuate a subject-matter or other privilege waiver in any other federal or state proceedings. Judge Wheeler discussed the scope and purpose of Rule 502, noting that it “was enacted in response to certain specific concerns regarding the increasing costs that parties face in guarding against the consequences that can result from the inadvertent disclosure of privileged information, especially in discovery processes involving the large-scale exchange of electronically stored information (‘ESI’).” Judge Wheeler rejected the plaintiff’s requested provisions.

Ultimately Judge Wheeler concluded that the plain language of FRE 502(d) is expressly limited to disclosures that have not resulted in privilege waivers in the instant proceeding, thereby excluding voluntary waivers, such as the assertion of an advice of counsel defense. The Court rejected the “claw back” as formulated because “[n]otwithstanding the easing of the waiver doctrine brought about by the enactment of Rule 502(b), the Rule does not remove the parties’ responsibility to take reasonable precautions against [the] disclosure of privileged documents.” The Court rejected the intentional disclosure provision because “although FRE 502(d) is not expressly limited to unintentional disclosures, the context of the Rule as a whole makes clear that this provision exists to ‘close the loop’ on the protections that the Rule extends to such [inadvertent] disclosures (or at least to such disclosures as have been reasonably protected against and promptly rectified).”

In Inhalation Plastics, Inc. v. Medex Cardio-Pulmonary, Inc., 2012 WL 3731483 (S.D. Ohio, Aug. 28, 2012), Magistrate Judge Norah McCann King found that the defendant waived the attorney-client privilege with respect to 347 pages it claimed had been inadvertently produced. The defendant made rolling electronic productions and one hard copy production

8

eDiscovery Advantage Winston & Strawn LLP

of 7,500 pages, including a number of e-mails to and from in-house counsel. After the plaintiff sought to depose in-house counsel based on documents produced by the defendant, the defendant asserted that the e-mails were privileged, and ultimately sequestered such e-mails and requested that the e-mails be returned. Magistrate Judge King noted that the defendant did not provide a privilege log or identify to the Court any particular documents that it believes are privileged, other than the 347 pages of documents that it submitted for in camera review.

Magistrate Judge King applied the multi-factor analysis applied to questions of inadvertent production, including: (1) the reasonableness of precautions taken; (2) the number of inadvertent disclosures; (3) the magnitude of the disclosure; (4) the measures taken to mitigate the damage of the disclosures; and (5) the overriding interests of justice.

Ultimately Magistrate Judge King found that the defendant “failed to establish that it took reasonable precautions to prevent an inadvertent disclosure,” and that the allegedly privileged material constituted 4.6% of the production - which supported a finding that a waiver had occurred, especially as the defendant argued that it had “several layers of attorneys” working on the production. Magistrate Judge King also noted the fact that the documents in question were entire legal memoranda that were relevant to the plaintiff’s claims and that the plaintiff attempted to use them in depositions suggested that the “magnitude of the disclosure was high.” In addition, Magistrate Judge King found that the defendant’s failure to produce a privilege log or otherwise identify any documents covered by the privilege led to the “conclusion that [the defendant] failed to take adequate measures to rectify or mitigate the damage of the disclosures.” In weighing the “overriding interests of justice,” Magistrate Judge King held that the defendant’s “relatively weak response” did not counter the importance of the information disclosed.

In Securities and Exchange Commission v. Welliver, Case No. 0:11-cv-03076-RHK-SER

(D. Minn. Oct. 26, 2012), Magistrate Judge Steve E. Rau found that the defendants had waived the attorney-client privilege with respect to 200 e-mails between defendants and their counsel. Magistrate Judge Rau noted that the defendants had produced the e-mails in response to the SEC’s pre-suit investigation, again in response to discovery requests made in the current action, and used at least two of the e-mails as exhibits at the deposition of one the defendants’ employees. As the “voluntary dissemination of a privileged document to an opposing party or a third party waives the attorney-client privilege,” Magistrate Judge Rau found that the defendants’ production of the e-mails on multiple occasions and the use of certain e-mails resulted in a waiver of the privilege.

After finding that the use of the e-mails as exhibits to the deposition was intentional, Magistrate Judge Rau found that the under Federal Rule of Evidence 502(a) the waiver of the attorney-client privilege with respect to these e-mails did not extend to the general subject matter, as “it is not clear if and how the parties relied on or intend to rely on those documents.” Regarding the production of the e-mails in response to the SEC’s subpoena and discovery demands, Magistrate Judge Rau applied the Rule 502(b) analysis for inadvertent disclosures. He found that the “record was devoid of any mention of a review conducted, precautions taken, or extensions requested by the Defendants in either disclosure.” He noted that the Defendants had enough time to “take ‘reasonable steps to prevent disclosure’ including: conducting a key-word search and pulling those communications [that were subject to the privilege]; requesting a Rule 502(e) agreement regarding privileged information; or seeking protection from the court in the form of a Rule 502(d) order.” Magistrate Judge Rau also found that the defendants’ failure “to employ basic screening procedures” or to “take any measures to rectify the disclosures made in the pre-suit investigation” weighed in favor of finding a waiver. The Court further cautioned that “[p]arties must recognize there are potentially harmful consequences if they

9

eDiscovery Advantage Winston & Strawn LLP

do not take even minimal precautions to prevent against the disclosure of privileged documents—either to agencies in pre-suit investigations or opposing parties in the course of discovery.”

Recovery of eDiscovery Costs / Cost ShiftingCourts continue to navigate the rules for cost shifting and taxable discovery costs. Following the Race Tires decision, in Oracle America Inc. v. Google Inc., 2012 WL 3822129 (N.D. Cal. Sept. 4, 2012), Judge William Alsup held that only e-discovery fees associated with exemplification and copying of materials, not those associated intellectual effort, were recoverable costs under Fed. R. Civ. P. 54. Although Google sought more than three million dollars in eDiscovery fees incurred by its e-discovery vendor, Judge Alsup explained that 28 U.S.C. § 1920 and Northern District of California Civil Local Rule 54-3(d)(2), limited the recovery of eDiscovery fees to those incurred in the physical preparation and duplication of ESI, not for the intellectual effort involved in the review and production. Because the defendant’s bill of costs sought to recover for “‘intellectual effort’ such as organizing, searching, and analyzing the discovery documents,” Judge Alsup rejected the defendant’s attempt to recover for these costs.

In United States ex rel. Ifrah v. Community Health Center of Buffalo Inc., No. 1:05-cv-00237-RJA-LGF (W.D.N.Y. Aug. 1, 2012), Judge Leslie Foschio denied the plaintiff’s requests for: (i) reimbursement of costs resulting from the preliminary review of certain of the defendants’ backup tapes; and (ii) sanctions due to the defendants’ failure to detect relevant e-mails in those backup tapes. There, the defendants’ representation that there were no relevant e-mails in the backup tapes was based on information that the defendants had received from their information systems administrator, who had reviewed the tapes in an attempt to comply with the plaintiff’s document request. However, the plaintiffs’ forensic consultant conducted a preliminary review of the backup tapes

and identified a number of computer files and e-mails relevant to the plaintiff’s claims. Ultimately, Judge Foschio found that the defendants’ failure to identify relevant e-mails largely was attributable to their “failure to employ more sophisticated software capable of locating emails on the tapes despite the fact that the tapes may have been routinely overwritten[.]”

Defendants had used a software tool which focused on the storing and reading of computer files to and from backup tapes, but which did not have the ability to detect overwritten e-mails. The plaintiff’s forensic consultant used different software capable of scanning the backup tapes and locating e-mail fragments. Judge Foschino ultimately found that, given the difficulty in locating the disputed e-mails on the backup tapes, the e-mails were “not reasonably accessible because of undue burden or cost” under Federal Rule of Civil Procedure 26(b)(2)(B). Accordingly, the court denied the plaintiff’s request for reimbursement of costs relating to plaintiff’s review of the defendants’ backup tapes. The court found that although the defendants’ failure to use more sophisticated software to search its backup tapes may have “constituted technical oversight,” the plaintiff failed to demonstrate that the defendants’ “misjudgment using the Symantec tool constituted gross incompetence.”

Stored Communications Act and Internet Service Providers In Jennings v. Jennings, 2012 WL 4808545 (S.C. Oct. 10, 2012), the South Carolina Supreme Court found that the Stored Communications Act (“SCA”) did not cover e-mail messages that had already been read and which remained on Yahoo’s server. The Court noted that the SCA defined electronic storage to include: (A) “any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof; and (B) any storage of such communication by an electronic communication service for the purpose of backup protection[.]”

10

eDiscovery Advantage Winston & Strawn LLP

The defendant had argued that the opened and read messages were being maintained on the Yahoo server for backup protection. Although the Court noted that an earlier Ninth Circuit decision had held that retaining an opened message on a server could constitute storing the e-mail for backup purposes, the Court “decline[d] to hold that retaining an opened e-mail constitutes storing it for backup protection” under the SCA.

Social MediaJudicial decisions continue to grapple with the explosion of social media which permeates all aspects of the legal system, from tainting judicial impartiality, to obtaining and authenticating social media postings, and to examining employer rules that attempt to limit their employees’ use of social media.

On September 14, 2012, in response to a subpoena issued by the Manhattan District Attorney, Twitter produced under seal to a New York criminal court tweets from an “Occupy Wall Street” protester. People of the State of New York v. Harris, Cr. No. 11-80152 (N.Y.). The defendant, Malcolm Harris, was arrested on October 1, 2012, along with approximately 700 other protestors, during a mass protest on the Brooklyn Bridge in October 2011. The Manhattan District Attorney’s office requested the tweets, which are no longer available online, to try to undermine Harris’s argument that the police led protestors onto the bridge’s roadway only to arrest them for obstructing traffic. In opposing the subpoena, Twitter and Harris had argued that Harris, as the author of the tweets in question, should have legal standing to combat the subpoena. But in a closely-watched decision, Criminal Court Judge Sciarrino found that only Twitter can legally challenge a law enforcement request for tweets because the company – not the user – owns the content in question. In doing so, Judge Sciarrino compared the Government’s subpoena for the disputed tweets to a subpoena of bank records, which courts consistently have found cannot be challenged by the account holder. Accordingly, Judge Matthew A. Sciarrino Jr. ordered Twitter to

produce Harris’s tweets or face a fine and be found in contempt of court.

Judge’s Use of Social Media Results in DisqualificationIn Domville v. State of Florida, 2012 WL 3826764 (Fla. App. 4 Dist. Sept. 5, 2012), the Fourth District Court of Appeal ruled that a state trial court Judge should be disqualified from a criminal case because the judge was Facebook “friends” with the prosecutor. The Court of Appeal applied a de novo standard to review the movant’s allegations about the Facebook “friendship” and concluded that such allegations were legally sufficient because the facts, if true, would “prompt a reasonably prudent person to fear that he could not get a fair and impartial trial.” The Court looked to Opinion 2009-20 of the Judicial Ethics Advisory Committee as “instructive,” and cited with approval the three elements that must be met in order for a judge’s social media activities to violate Canon 2B of the Florida Code of Judicial Conduct: (1) the judge must establish the social networking page; (2) the social media site must give the judge the right to accept or reject “friend” requests; and (3) the identity of the judge’s “friends” or contacts must be communicated to others. The Court of Appeal found that disqualification was appropriate because the plaintiff had alleged “facts that would create in a reasonably prudent person a well-founded fear of not receiving a fair and impartial trial.”

Authentication of Social Media MessagesIn United States v. Fluker, 2012 WL 5275244 (7th Cir. Oct. 26, 2012), the Seventh Circuit was asked to determine whether certain e-mail messages had been properly admitted at trial. The defendant argued both that the e-mails had not been properly authenticated and that they were inadmissible hearsay. The Seventh Circuit disagreed and upheld their introduction and use at trial.

11

eDiscovery Advantage Winston & Strawn LLP

The Seventh Circuit noted that under Federal Rule of Evidence 901 e-mails are admissible if “authenticated by ‘evidence to support a finding that the item is what the proponent claims it is.’” Under Rule 901(b)(1) and (b)(4), authentication can be established, including by ’‘testimony of a witness with knowledge … that a matter is what it claimed to be[,]’ and by distinctive characteristics, such as ‘appearance, contents, substance [or] internal patterns … taken in conjunction with circumstances[.]’”

Although the Seventh Circuit noted that the prosecution did not present any evidence from the purported author, or anyone who saw the purported author send the e-mails in question, the Court found that the Government’s attempt to authenticate the e-mails using circumstantial evidence “was sufficient.” The Government’s circumstantial evidence included evidence showing that: (1) the purported author of the e-mails was a board member of the company run by the defendants: (2) it was reasonable to assume the board member would have an e-mail address bearing the acronym for the company; (3) the recipients’ e-mail address was the same address to which the defendant had previously sent e-mail communications; (4) the “context of the e-mail demonstrates that the e-mails’ author had significant knowledge of [a third party’s] involvement with [the defendants’ company]; (5) the contents of the message was information that the sender “would be in a position to know and discuss with the [recipients].”

The Seventh Circuit found the hearsay argument “equally unavailing” as the e-mails were not being offered to prove the truth of the matter asserted. This was especially true as the e-mails contained “a number of false assertions” and were thus not being offered for their truth. Instead, they were being offered to provide context and rebut certain claims made by the defendants.

Employee Use of Social Media Courts have focused on the discoverability of social media in both individual and class actions lawsuits. For example, in

EEOC v. Original Honeybaked Ham Co. of Georgia Inc., 2012 WL 5430974 (D.Colo. Nov. 7, 2012), Magistrate Judge Michael E. Hegarty held that the defendant was entitled to discovery of the class members’ social media content, and ordered production of such content, subject to an in camera review and the opportunity for the plaintiffs’ counsel to review the documents for privilege. According to Magistrate Judge Hegarty, the social media content could be viewed as being part of a “file folder titled ‘Everything About Me,’ which the [] [class members] voluntarily shared with others.” The Court found that the voluntary sharing of such information with others “presents an even stronger case for production, at least as it concerns any privacy objection.”

Magistrate Judge Hegarty noted that he would employ a “forensic expert” as a special master to whom the class members would provide: (1) any cell phone used to send or receive text messages from January 1, 2009 to the present; (2) all necessary information to access any social media websites used by such class members from January 1, 2009 to the present; and (3) all information necessary to access any “e-mail account or web blog or similar/related electronically accessed” location for communicating with others. The parties are required to collaborate on the instructions given to the special master regarding the scope of his review, with all documents indentified by the special master being given to the court for in camera review. The Court noted that the parties would split the cost of such a review.

Similarly, in Robinson v. Jones Lang LaSalle Americas, Inc., 2012 WL 3763545 (D.Or. Aug. 29, 2012), Magistrate Judge Paul Papak determined that there was “no principled reason to articulate different standards for the discoverability of communications through e-mail, text message, or social media platforms.” The defendant sought to compel production of discovery of “all social media content involving [the plaintiff] since July 1, 2008” regarding plaintiff’s emotion, feeling, or mental state. The court noted that EEOC v. Simply Storage Mgmt, 270 F.R.D. 430 (S.D. Ind. 2010) stood for the proposition

Under Rule 901(b)(1) and (b)(4), authentication can be established, including by “‘testimony of a witness with knowledge … that a matter is what it claimed to be[,]’ and by distinctive characteristics, such as ‘appearance, contents, substance [or] internal patterns … taken in conjunction with circumstances[.]’”

12

eDiscovery Advantage Winston & Strawn LLP

that “social media can provide information inconsistent with a plaintiff’s allegation that defendant’s conduct caused her emotional distress” and ordered broad discovery of social media used by the plaintiff.

Following the reasoning set forth in Simply Storage, the court ordered broad electronic discovery, including any:

(a) email or text messages that plaintiff sent to, received from, or exchanged with any current and former employee of defendant, as well as messages forwarding such messages; or

(b) online social media communications by plaintiff, including profiles, postings, messages, status updates, wall comments, causes joined, groups joined, activity streams, applications, blog entries, photographs, or media clips, as well third-party online social media communications that place plaintiff’s own communications in context.

In Mailhoit v. Home Depot U.S.A., Inc., 2012 WL 3939063 (C.D. Cal. Sept. 7, 2012), Judge Suzanne H. Segal granted in part the defendant’s motion to compel Plaintiff to produce third-party communications and social networking communications. Specifically, the defendant sought:

(1) Any profiles, postings or messages . . . from social networking sites from October 2005 (the approximate date Plaintiff claims she first was discriminated against by Home Depot), through the present, that reveal, refer, or relate to any emotion, feeling, or mental state of Plaintiff . . .

(2) Third-party communications to Plaintiff that place her own communications in context;

(3) All social networking communications between Plaintiff and any current or former Home Depot employees . . .

(4) Any pictures of Plaintiff taken during the relevant time period and posted on Plaintiff s profile or tagged or otherwise linked to her profile.

Judge Segal relied upon Federal Rule of Civil Procedure 34(b) in holding that discovery requests for social networking site content must be reasonably calculated to lead to the discovery of admissible evidence and describe the information to be produced with “reasonable particularity.” She found that categories 1, 2 and 4 of the communications sought by Defendant failed the reasonable particularity requirement, as the requests were vague and extremely broad and failed to put a “reasonable person of ordinary intelligence” on notice of which documents or communications would be responsive. Judge Segal further noted that the defendant made no showing that every picture taken over a seven-year period and posted to a social networking site would be considered relevant or lead to admissible evidence. In contrast, the Court required the plaintiff to produce documents responsive to category 3 (all social networking communications between the plaintiff and any current or former employees) because the plaintiff had already responded to similar requests for communications with sixteen employees, thus indicating that this search was feasible and not overly burdensome.

New NLRB Decisions on Employer Rules Restricting Social Media UseThe NLRB has been developing legal guidance concerning employer rules that attempt to restrict employee use of social media for business reasons, such as confidentiality, avoiding damage to business reputation, or exposing the company to liability. As two recent decisions illustrate, there is a delicate balance between the precise wording of the employer rules, and protected Section 7 activities by employees.

On September 7, 2012 the NLRB released its decision in Costco Wholesale Corp., 2012 WL 3903806 (Sept. 7, 2012). The NLRB panel adopted the administrative law judge’s finding that the company violated Section 8(a)(1) of the Act by maintaining certain employee rules that: (1) restricted the “unauthorized posting,

13

eDiscovery Advantage Winston & Strawn LLP

distribution, removal or alteration of material on Company property”; (2) prohibited employees from discussing certain topics including “sick calls, leaves of absence, FMLA call—outs, ADA accommodations, workers’ compensation injuries…”; (3) prohibited the sharing and/or use of sensitive information, such as “payroll, confidential financial, credit card numbers, social security numbers or employee personal health information”; and (4) prohibited the sharing of “confidential” information such as employees’ names, addresses, telephone numbers, and e-mail addresses.

The panel also found that the company’s rule prohibiting “employees from electronically posting statements that ‘damage the Company … or damage a person’s reputation’” violated Section 8(a)(1), because the panel found that the rule did not “present accompanying language that would tend to restrict its application,” and therefore allowed “employees to reasonably assume that it pertains to—among other things—certain protected activities.” In contrast, the panel held the company’s rule prohibiting employees from leaving the premises “during working shift without permission of management,” did not violate Section 8(a)(1), as the rule would “reasonably be understood as pertaining to employees leaving their posts (for reasons unrelated to concerted activity) without first seeking permission.”

Another NLRB case reached very similar results in Echostar Technologies LLC v. Leigh, 2012 WL 4321039, (Sept. 20, 2012). In Echostar, the employer’s “Employee Manual” contained an extensive policy on appropriate social media use. The policy prohibited postings that were “disparaging or defamatory” or involved confidential or proprietary business information. The administrative law judge once again applied the Lafayette Park Hotel standard and held that the “disparaging” rule went beyond “proper employer prohibition and intrudes on employees Section 7 activities,” and thus could impermissibly chill employee communications. The administrative law judge also found the rule prohibiting contact with regulatory and other government agencies was too

broad and could chill protected labor activities.

Global Privacy and Cross Border Discovery Issues

Canada Finds Reasonable (Although Diminished) Expectation of Privacy in Work ComputerIn Her Majesty the Queen v. Cole, 2012 SCC 53, the Supreme Court of Canada was asked to determine whether an individual had a reasonable expectation of privacy in the use of a laptop computer provided by his employer. In finding that a reasonable expectation of privacy existed, the Canadian Supreme Court explained that a reasonable expectation of privacy depends on the “totality of the circumstances,” and that the ownership of the laptop was a “relevant consideration” but was not determinative. Given that the employer’s policies and procedures allowed “for incidental personal use” of the employer’s computer hardware and software and that all “data and messages generated on or handled by [the employer’s] equipment are to be the property [of the employer], the Court found that the employee had a “diminished” expectation of privacy in materials stored on or accessed using the employer-issued laptop, at leas vis-à-vis his employer. As such, the employer had the right, under certain circumstances to review the contents of the laptop (e.g., when one of its students was being exploited or in danger).

The Court held that this contractual right of access did not extend to the police, who had seized the laptop without a warrant. “The fact that the [employer] had acquired lawful possession of the laptop for its own administrative purposes did not vest in the police a delegated or derivative power to appropriate and search” the computer without a warrant. Despite the acknowledged breach, the Canadian Supreme Court ultimately found that the information would eventually have been discoverable and excluding it from the trial

14

eDiscovery Advantage Winston & Strawn LLP

would “have a marked negative impact on the truth-seeking function of the criminal trial process.” A copy of the full decision is available here.

Singapore Passes Personal Data Protection ActOn October 15, 2012, the Parliament of Singapore passed the Personal Data Protection Act 2012, which is aimed at protecting individual’s personal information. The Act is designed to address concerns over the misuse of personal data in Singapore, and to “strengthen Singapore’s overall competitiveness, and enhance [its] status as a trusted hub and choice location for global data management and processing services.”

The Act covers all private sector organizations that are engaged in business in Singapore, but does not cover the public sector, which is already governed by stringent data protection laws. The Act provides the basic framework for such a system and leaves open the opportunity for regulatory agencies to implement industry-specific guidelines.

The Act governs the collection, use, and disclosure of personal data by organizations, requires organizations to safeguard personal data within their possession or control, and requires the creation of a Personal Data Protection Commission and a Do Not Call Registry. The Act also prevents organizations from collecting, using or disclosing an individual’s personal data unless the individual has consented or unless the disclosure is required or authorized under the Act.

The Personal Data Protection Commission (the “Commission”) established by the Act will be the primary authority on personal data protection issues and is charged to enforce data protection rules. The Commission is designed to perform a variety of functions, some of which include promoting awareness of data protection in Singapore, advising the Singapore Government on all matters relating to data protection, representing the Singapore Government internationally on data protection matters, and the administration and enforcement of this Act. As part of the enforcement powers bestowed on the Commission, the Commission has the authority to fine business in violation of the Act up to S$ 1 million for each data privacy offense (approximately $820,000) and penalties of up to S$ 10,000 for every violation of the Do Not Call Registry (approximately $ 8,200).

Although the Act is slated to become law in January 2013, it will be implemented in phases and is not scheduled to be enforced until the mid 2014 in order to allow businesses sufficient time to comply with its requirements. A copy of the Act is available here.

“The fact that the [employer] had acquired lawful possession of the laptop for its own administrative purposes did not vest in the police a delegated or derivative power to appropriate and search”

15

eDiscovery Advantage Winston & Strawn LLP

These materials have been prepared by Winston & Strawn LLP for informational purposes only. These materials do not constitute legal advice and cannot be relied upon by any taxpayer for the purpose of avoiding penalties imposed under the Internal Revenue Code. Receipt of this information does not create an attorney-client relationship. No reproduction or redistribution without written permission of Winston & Strawn LLP.

© 2012 Winston & Strawn LLP

Winston & Strawn LLP’s eDiscovery & Information Management Practice Group (the “eDiscovery Group”) brings years of “real world” experience and offers our clients and case teams the full continuum of services along the electronic discovery reference model behind our own firewall. Our services include preservation, collection, early case assessment, processing, hosting, and review. The eDiscovery Group also offers a wide variety of consulting services, including eDiscovery risk assessments, eDiscovery response programs, vendor selection, training of legal and technical staffs, data mapping, legacy retirement and records retention programs.

Recent Publications and Events September, 2012 John Rosenthal and Steve Bennett (Jones Day) – In-House Counsel’s Guide to e-Discovery Revisited PLI Presentation. View it here.

October 9, 2012 John Rosenthal – ESI and Data Privacy in the World of Mobile Computing, Masters Conference Presentation available here.

October 17-19, 2012 John Rosenthal – Pricing: Apples to Apples Panel Discussion at the 2012 EDI Leadership Summit.

October 24, 2012 John Rosenthal and Chris Costello—eDiscovery and Technology Assisted Review: What You Need to Know Now, Winston & Strawn LLP eLunch. See this presentation here.

November 2, 2012 Sheryl Falk—Presentation on “Data Breach – Risk Management for Data Security and Privacy Exposures” to the International Association of Privacy Professionals. View this presentation here.

Featured Contributors The Editors wish to thank Ashlea Raymond Pflug, Esq., Ben Kimberley, Esq., Joseph Siders, Esq., Renee T. Wilkerson, Esq., Matthew Saxon, Esq., and Nicole Soukup, Esq. for their invaluable contributions to the content of this issue.

Contact Us If you have questions about the items in this issue of eDiscovery Advantage, would like to learn more about these cases or other eDiscovery matters, or would like to be added to the mailing list, please contact one of the following:

New YorkChristopher C. Costello, Esq. (Editor) cccostello@winston.com +1(212) 294-3336

Martin Geagan (Editor) mgeagan@winston.com +1(212)294-4615

Scott M. Cohen (Director of eDiscovery Services) scohen@winston.com +1(212) 294-3558

Washington D.C. John J. Rosenthal, Esq. (Chair, eDiscovery Group) jrosenthal@winston.com +1(202) 282-5785

Pamela A. Rons, Esq. (Editor) prons@winston.com +1(202) 282-5746