Finding that a lower court had underestimated the harm resulting from the government’s seizure and ongoing possession of privileged material, the Fifth Circuit ruled recently that a “taint team” process was insufficient to protect the rights of the party holding the privilege.  The appellate court’s ruling is part of a trend in which courts have expressed skepticism that the use of “taint teams” by the government is an adequate safeguard against undermining the sacrosanct attorney-client privilege.

As part of a criminal investigation spawned by civil False Claims Act qui tam actions, the government executed search warrants at the offices of Harbor Healthcare System and seized “a wealth of information protected by the attorney-client privilege” including communications between the company’s Director of Compliance and its outside counsel.  Harbor subsequently filed a motion for return of property as provided for in Federal Rule of Criminal Procedure 41(g).  The District Court ultimately granted a government motion to dismiss that proceeding, finding that a “filter team” and screening process were adequate to protect Harbor’s privileged information.

Continue Reading Fifth Circuit Bolsters Company’s Claim for Return of Privileged Documents Seized by Government

As the use of collaboration and cloud storage platforms expand, litigants and courts are facing increased challenges in keeping up with e-discovery requirements created with different technologies in mind. One example involves the discovery obligations associated with files referenced in email only by hyperlink. Should a litigant be required to find and produce that referenced document as if it were an attachment? What if that is very hard to do? What if the file has moved or changed in the interim? The Southern District of New York recently addressed these issues and held that – for a host of practical and technical reasons – such hyperlinked documents should not “necessarily” invoke obligations to collect and produce the referenced document.

Continue Reading Court Finds Hyperlinked Documents Are Not Attachments for Production Purposes

Please join us for an investigations-focused webinar series where our team of litigators, former prosecutors, and regulatory attorneys will discuss useful strategies for navigating a government probe or ensuring compliance with regulations and corporate policies. Our presenters will provide companies with critical information for navigating commercial risk and enforcement. This webinar series covers broad-reaching investigations in a variety of areas, including:

  • Nuts & Bolts of Investigations: Protecting Privilege
  • Labor, Employment, and COVID-related Investigations
  • Congressional Investigations & National Security
  • Antitrust & Competition Investigations
  • Government Contracts Investigations:  FCA and Beyond
  • Digital Assets Investigations
  • Anti-corruption & Sanctions Investigations
  • Trade Secrets Investigations
  • Health Care Investigations:  FCA and Beyond
  • Cybersecurity Investigations
  • Environmental Investigations
  • PPP Investigations

Please click here for the full agenda and click here to register.

The new year has brought one of the most comprehensive court decisions yet reminding attorneys in no uncertain terms of the rules mandating fundamental competency in the treatment of electronically stored information (“ESI”). Falling short may get both lawyers and clients sanctioned.

In January 2021, U.S. District Judge Iain Johnston issued his opinion in DR Distributors, LLC v. 21 Century Smoking, Inc. (N.D. Ill. No. 12 CV 50324) coming down hard on defense counsel for failing to possess the skills and diligence necessary to competently meet their ESI discovery obligations. In a detailed opinion that is well worth reading (if you have an hour or two), the court recounts the many e-discovery “missteps, misdeeds, and misrepresentations” both of client and counsel that culminated in the issuance of harsh evidentiary and cost-shifting sanctions on each.

Continue Reading Off the edge of the E-Discovery map, there be monsters! Federal court issues epic opinion sanctioning counsel for failure to show competence and diligence in meeting ESI discovery obligations.

Crowell & Moring’s E-Discovery and Information Management (EDIM) group is pleased to announce the introduction of “CMD,” an integrated E‐Discovery solution. CMD provides access to cutting-edge analytics, processing and hosting technology, AI-driven workflows combined with our Chambers-rated legal advocacy, consulting, review and professional services to accelerate and improve data analysis.

Please click here to read the full press release.

The Virginia Consumer Data Protection Act (CDPA) has become the next major U.S. state privacy law, after being signed into law by Virginia Governor Ralph Northam on Tuesday, March 2, 2021. The new law amends Title 59.1 of the Code of Virginia with a new chapter 52 (creating Code of Virginia sections 59.1-571 through 59.1-581).

Who is covered?

Per Section 59.1-572, the bill applies to “persons that conduct business in the Commonwealth or that produce products or services that are targeted to residents of the Commonwealth” who “control or process personal data of at least 100,000 consumers” or those who “control or process the data of at least 25,000 consumers” AND “derive at least 50% of their gross revenue from the sale of personal data.”

Please click here to read the full alert.

On 5 February 2021, the U.K. Supreme Court unanimously ruled that the Serious Fraud Office (SFO) does not have the power to compel a foreign company that has no registered office or fixed place of business in the U.K. to produce documents held outside the U.K. under section 2(3) Criminal Justice Act 1987 (CJA). This means that where the parent of a U.K. company is a foreign company which has no presence in the U.K., the SFO will not be able to require it to produce documents held outside the U.K. even if those documents are sought in connection with an investigation relating to its U.K. subsidiary. The decision may act as a brake on the SFO’s powers of investigation at a time when fraud is increasingly cross-border and the alternative routes for gathering evidence are slower and more cumbersome.

Click here to read the full alert.

More than 300,000 companies within the Defense Department’s supply chain will need to meet new Cybersecurity Maturity Model Certification (CMMC) requirements and pass a third-party assessment to ensure they are adequately protecting sensitive information on their networks. Now, Crowell & Moring has become the first AmLaw 100 firm to achieve Registered Provider Organization (RPO) status by the CMMC Accreditation Body (CMMC-AB) to help defense contractors comply with CMMC cybersecurity standards and prepare for their assessments.

The DoD will begin incorporating CMMC requirements into an increasing number of solicitations later this year, creating a unified standard for implementing cybersecurity across the defense industrial base. Previously, defense contractors were responsible for certifying the security of their own information technology systems. Now, the CMMC will require all defense contractors to obtain cybersecurity certifications based on third-party assessments, creating a new verification component to ensure that contractors meet their cybersecurity requirements and adequately protect sensitive information on their networks.

The CMMC is specific to DoD contractors but is expected to become increasingly relevant to all contractors as CMMC adoption likely expands throughout the government. Achieving certification may also provide a commercial advantage for contractors, as meeting CMMC requirements may become a differentiator for companies when they compete in the private sector.

The CMMC-AB has recognized Crowell & Moring as a law firm provider to help defense contractors comply with the CMMC cybersecurity standards and prepare for their assessments. As an RPO, Crowell & Moring is recognized by the CMMC-AB to help contractors understand what requirements they have to meet and to prepare their operations for their mandatory assessment.

The firm’s team includes lawyers, technologists, and CMMC registered practitioners who will help contractors comply with cybersecurity requirements in anticipation of their assessments, remediate challenges, and manage ongoing compliance.

Achieving RPO status is important for Crowell’s team of lawyers and technologists because of CMMC’s critical importance for DoD contractors. Crowell’s team knows how the assessment process will work, and is committed to providing practical and actionable advice so that our clients reach best-in-class cybersecurity, achieve CMMC certification, and win contracts for new business.

For more information, read the firm’s announcement or contact our CMMC registered practitioners, Evan D. Wolff, Kate M. Growley, and Michael Gruden.

Responding parties have significant discretion to design and deploy technology assisted review (“TAR”) workflows in a manner they determine is reasonable and proportional for the case.  At least that’s what the Northern District of Illinois suggested in its September 2020 ruling in Livingston v. City of Chicago (N.D. Ill. No. 16 CV 10156).

Livingston is a gender discrimination case challenging the City of Chicago’s Fire Department’s (“City”) application process.  The City collected roughly 1.5 million documents in the matter, and based on search terms agreed to following an earlier e-discovery dispute, culled this set to roughly 192,000 emails.  The City then informed Plaintiffs it intended to use TAR – and specifically Relativity’s Active Learning technology – to review this culled data set.

Plaintiffs objected to this approach and argued the City should be required to produce all documents that hit on search terms.  On this point, the Court rejected Plaintiffs’ argument, finding:  “While the City may dump all 1.3 million pages of documents on Plaintiffs with entry of a Rule 502(d) order, it also has the right to perform a review to produce only those documents that are responsive and relevant.”  (Emphasis added.)  In the alternative, Plaintiffs argued that if the City were allowed to use TAR, TAR should be run across the entire ESI collection, not the universe culled by search terms.

Magistrate Judge Young B. Kim ruled that the City was permitted to use TAR on its culled search universe.  In reaching this decision, the Court made several notable findings:

Continue Reading Federal Court Supports Discretion In Party Use of Technology Assisted Review

On August 14, 2020, California Attorney General Xavier Becerra released final implementing regulations for the California Consumer Privacy Act (CCPA). The CCPA became enforceable on July 1, 2020, and Becerra’s office submitted a final proposed draft of the regulations to the California Office of Administrative Law (OAL) on June 1, 2020. The Proposed Regulations have gone through several revisions since the publication of the initial draft in October of 2019. The OAL approved the final version along with an updated Addendum to the Final Statement of Reasons. The final implementing regulations take effect immediately. All businesses subject to the CCPA must now comply with both the statute and the regulations.

The final implementing regulations are similar to the draft proposed in June. However, the AG’s office has made several changes it characterizes as “non-substantive” and withdrawn certain proposed provisions “for additional consideration.” The “non-substantive” changes are intended to improve consistency in language (e.g., ensuring “consumer” is used throughout the regulations, or reorganizing definitions in alphabetical order) and are described in detail in the Addendum to the Final Statement of Reasons.

Some of the withdrawn provisions may affect CCPA compliance. These changes are discussed here.