Information Management

As none of us can forget, the COVID-19 pandemic forced companies to close their brick and mortar offices with little time to adequately prepare their employees for a remote work environment. All of a sudden, in-person meetings were replaced with virtual conferences via Microsoft Teams, Zoom, and Amazon Chime – each leaving a new data

As employees are increasingly working from home during the COVID-19 pandemic, many communications that would typically occur face-to-face are now taking place over chat systems, such as Skype, Bloomberg Messaging, and Slack. Chats are often more informal and unfiltered than other forms of written communication such as email, and often do not provide context for the conversation. And with that comes legal risk.

This is because chats may qualify as business documents subject to discovery in litigation—especially when those chats discuss business topics. See, e.g., LBBW Luxemburg S.A. v. Wells Fargo Sec. LLC, Case No. 12-CV-7311, 2016 WL 1660498, at *8 (S.D.N.Y. Mar. 29, 2016) (ordering production of Bloomberg instant messages); JUUL Labs, Inc. v. 4X PODS, Civ. No. 18-15444, 2020 WL 747405, at *14-15 (D.N.J. Feb. 13, 2020) (ordering quarterly reporting during the pendency of a lawsuit based on internal Skype messages indicating defendants would take steps to avoid payment of any judgment that was ultimately entered); West Publ’g Corp. v. LegalEase Solutions, LLC, Case No. 18-cv-1445, 2019 WL 8014512, at *8 (D. Minn. Nov. 22, 2019) (ordering non-party’s production of Slack messages).

Companies are therefore left with the difficult question:  how can you best protect against the risks of online chats, while balancing the business need for them?  The answer may lie in the concept of proportionality.


Continue Reading How to Limit Litigation Risk from the Increased Use of Chat Programs During the COVID-19 Pandemic

Increasing mobile device usage for routine business – such as through text messages and mobile applications like WhatsApp – is contributing to a new developing trend in E-Discovery: broad discovery requests for businesses to collect and produce data from their employees’ mobile phones.

The proliferation of electronic communication not only makes it imperative for organizations to have mechanisms in place to capture and preserve mobile text messages, but also raises new challenges about how to protect employee privacy.  As more and more employees use their personal devices for business purposes (and vice-versa – employees using company-provided devices also for personal purposes), there is an increasing desire among employees to ensure their personal data is protected, even as the company produces other data required in discovery.

Courts have recognized this is an issue, and the law is evolving to strike a balance between the discoverability of relevant information and privacy protections from overly intrusive requests for text messages.
Continue Reading Court Rules Personal Privacy Interests May Impact Scope of Discovery for Text Messages

On 29 July 2019, the Court of Justice of the European Union (CJEU) issued a decision in the Fashion ID case, a case referred to it by a German court. In this blog post we will focus on what this case means with regard to joint controllership when you have social media plug-ins on your

The District of Columbia Bar Rules of Professional Conduct Review Committee (“Committee”) recently released recommended changes to D.C. Bar rules 1.1, 1.6, and 4.4 to address the increased focus and evolving landscape of E-Discovery and technology in law. All D.C. practitioners should take notice of these potential rule changes, and ensure they stay current—or engage those with appropriate expertise—on these quickly changing areas of practice.

The proposed changes are as follows:
Continue Reading Amendments Proposed To D.C. Rules of Professional Conduct to Address

EDRM and the Bolch Judicial Institute at Duke Law recently released Technology Assisted Review (TAR) Guidelines (Guidelines) with the aim “to objectively define and explain technology-assisted review for members of the judiciary and the legal profession.” Among the topics covered are the validation and reliability measures practitioners can use to defend their TAR processes. This post summarizes this validation and reliability guidance, which has the potential to be a widely-referenced authority on this topic going forward.

According to EDRM, there are no “bright-line rules” governing what constitutes a reasonable review or one standard measurement to validate the results of TAR. Instead, principles of reasonableness and proportionality as set forth in FRCP Rule 26 generally guide the inquiry.
Continue Reading EDRM’s TAR Guidelines: Validity Measures and Considerations for Practitioners

Following a draft Interagency Report published in February, the National Institute of Standards and Technology (“NIST”) has published NISTIR 8200: Interagency Report on the Status of International Cybersecurity Standardization for the Internet of Things (IoT), which seeks to assess the “current state of international cybersecurity standards development for IoT.” In this effort, the Report defines the major areas where IoT is currently being used and evaluates various IoT cybersecurity standards commonly applied in those areas. To evaluate the surveyed IoT standards, the Report relies on a framework that breaks the standards down into twelve core areas, each of which designates a distinct, common element of cybersecurity measures.

Where IoT is Being Used the Most

To help evaluate the current understanding of cybersecurity risks involved in IoT applications and the methods used to measure them, the Report overviews major IoT technologies and how they are deployed. It then breaks down the network-connected devices, systems, and services comprising IoT into five major categories of application, explaining the common components of each:


Continue Reading NIST Surveys and Assesses Broad Landscape of IoT Cybersecurity Standards in Interagency Report

Less than two weeks after the National Institute of Standards and Technology (NIST) published a draft version of NIST SP 800-171A, Assessing Security Requirements for Controlled Unclassified Information, on November 28, the National Archives and Records Administration (NARA) announced today that the comment period has been extended to January 15, 2018.  This gives interested

On July 21, 2017, Governor Chris Christie signed the Personal Information Privacy and Protection Act (S-1913) (the “Act”) into law, further enhancing the protections afforded to consumers who make retail credit card purchases in New Jersey.  As technology has evolved, many retailers rely on electronic barcode scanners to review and capture information on

On Wednesday, the U.S. Department of Health and Human Services, Office for Civil Rights announced a $400,000 settlement with Metro Community Provider Network arising from MCPN’s alleged failure to implement adequate security management processes to safeguard electronic protected health information in accordance with the Health Insurance Portability and Accountability Act Security Rule. This settlement followed