Photo of George Carry

George D. Carry is a discovery attorney in Crowell & Moring’s Washington, D.C. office. George’s practice focuses on electronic discovery in complex commercial disputes, mergers and acquisitions, and government investigations. His experience includes counseling and representing clients in large discovery matters in federal court, state court, and arbitration, and focuses on all aspects of electronic discovery, including large-scale data collections, document review management, technology-assisted review methods, and litigation support systems.

Responding parties have significant discretion to design and deploy technology assisted review (“TAR”) workflows in a manner they determine is reasonable and proportional for the case.  At least that’s what the Northern District of Illinois suggested in its September 2020 ruling in Livingston v. City of Chicago (N.D. Ill. No. 16 CV 10156).

Livingston is a gender discrimination case challenging the City of Chicago’s Fire Department’s (“City”) application process.  The City collected roughly 1.5 million documents in the matter, and based on search terms agreed to following an earlier e-discovery dispute, culled this set to roughly 192,000 emails.  The City then informed Plaintiffs it intended to use TAR – and specifically Relativity’s Active Learning technology – to review this culled data set.

Plaintiffs objected to this approach and argued the City should be required to produce all documents that hit on search terms.  On this point, the Court rejected Plaintiffs’ argument, finding:  “While the City may dump all 1.3 million pages of documents on Plaintiffs with entry of a Rule 502(d) order, it also has the right to perform a review to produce only those documents that are responsive and relevant.”  (Emphasis added.)  In the alternative, Plaintiffs argued that if the City were allowed to use TAR, TAR should be run across the entire ESI collection, not the universe culled by search terms.

Magistrate Judge Young B. Kim ruled that the City was permitted to use TAR on its culled search universe.  In reaching this decision, the Court made several notable findings:Continue Reading Federal Court Supports Discretion In Party Use of Technology Assisted Review

Increasing mobile device usage for routine business – such as through text messages and mobile applications like WhatsApp – is contributing to a new developing trend in E-Discovery: broad discovery requests for businesses to collect and produce data from their employees’ mobile phones.

The proliferation of electronic communication not only makes it imperative for organizations to have mechanisms in place to capture and preserve mobile text messages, but also raises new challenges about how to protect employee privacy.  As more and more employees use their personal devices for business purposes (and vice-versa – employees using company-provided devices also for personal purposes), there is an increasing desire among employees to ensure their personal data is protected, even as the company produces other data required in discovery.

Courts have recognized this is an issue, and the law is evolving to strike a balance between the discoverability of relevant information and privacy protections from overly intrusive requests for text messages.
Continue Reading Court Rules Personal Privacy Interests May Impact Scope of Discovery for Text Messages

The European Union’s (“EU”) General Data Protection Regulation (“GDPR”) turned one year old on May 25th. European data protection regulators celebrated by continuing to work through a rising number of complaints and infractions, and by stepping up their monitoring for violations. US companies are directly in the crosshairs. Whether based in the EU or not, a company is potentially subject to the GDPR (and its stiff fines up to 4% of annual global revenue) if it offers goods or services to data subjects located in the EU, or monitors individuals’ online behavior or personal information in the EU. This means that a US company engaged in the common business practice of collecting data from its EU customers must assess and implement business practices to ensure GDPR compliance.

The US and EU engaged in approximately $1.3 trillion dollars in trade last year. With that level of economic activity, and accompanying data flows, many US companies should already have in place the basic structures for GDPR compliance. However, recent surveys suggest that a significant number of companies impacted by the GDPR are still grappling with compliance. In a recent Forrester Research study, “Security Through Simplicity,” over half of the responding IT decision-makers revealed that their companies had not yet carried out even basic GDPR compliance steps such as vetting third-party vendors, hiring data protection officers, training employees, setting up mechanisms for the “72-hour data breach notification” requirement, and collecting evidence and documenting efforts to address GDPR compliance risks. Further, only about 4,650 US companies are currently registered and self-certified with the EU-US Privacy Shield framework (compared to the over 100,000 mid- to large-sized companies in the US, according to business census data). Such certification goes a long way toward permitting a US company to receive certain EU data in a GDPR compliant manner.Continue Reading At the GDPR’s First Anniversary, the Impact on US Companies Grows