E-Discovery no longer dominantly involves emails and shared drive documents. With the increasing prevalence of mobile devices in the workplace and new apps being developed daily, mobile data and other non-email communications are moving to the forefront of discovery. Times have changed, and attorneys have professional and ethical obligations to keep up. To effectively and competently represent clients, attorneys must stay apprised of how to work with these ever-changing forms of data – or get help from someone knowledgeable. To do so, we have set out some suggestions below organized around common stages of the discovery lifecycle of digital evidence.

Identification. In conducting custodian interviews, ask questions to target the data types the custodian works with. Start broadly by determining if the company has a BYOD policy and asking if they allow the use of personal devices for work purposes. Confirm which messaging tools they use for business purposes, with the understanding that people tend to play down such use. For each messaging application, ask how they are used and with whom they communicate. Discuss these same topics with your client’s IT team to better understand  the company’s policies and capabilities for controlling the use of personal devices, as well as employees’ actual practices.Continue Reading Best Practices for Navigating Discovery of Mobile Data and Alternative Communication Tools in Today’s Digital World

GN Netcom, Inc. v. Plantronics, Inc., 930 F.3d 76 (3d. Cir. 2019)

The Third Circuit’s decision in GN Netcom illustrates how Federal Rule of Civil Procedure 37(e) has elevated the bar to obtaining a default judgment based on spoliation, raising the question of what level of egregious conduct would justify that penalty. The decision also is notable for its exploration of the evidentiary support that aggrieved parties should be permitted to submit when the lesser penalty of a permissive adverse inference instruction is ordered. In a split decision, the appellate court granted a new trial because plaintiff’s expert was precluded from testifying as to the degree of spoliation, which might have impacted the outcome of the case.

Defendant’s Spoliation of EvidenceContinue Reading Prohibition on Expert Testimony Results in New Trial

On February 8, 2016, the French Data Protection Authority (CNIL) publicly issued a formal notice to Facebook, following a joint investigation with four other EU regulators, asking the U.S. social network provider to comply with the French Data Protection Act within three months’ time. The notice (unofficial English translation available here), outlined several alleged violations of the law, including:

  1. collection of non-user data;
  2. collection of sensitive data (sexual orientation and political/religious views) without users’ “explicit consent” (i.e., a tick box);
  3. collection of “excessive” information to verify identities (e.g., requesting medical records when users replace their surname with that of a celebrity);
  4. use of cookies without notice or consent;
  5. failure to define and observe proportional data retention periods and failure to ensure data security (e.g., stronger password requirements);
  6. failure to obtain CNIL authorization for processing related to preventing fraud and banning users; and
  7. transfer of data to the U.S. under the invalidated U.S.-EU Safe Harbor (Safe Harbor) (alleged based on the company’s privacy statement).

Continue Reading Facebook Hit with French Data Protection Authority Action – Including a Safe Harbor Count

Certain European Union (EU) Member States’ data protection authorities (DPAs) have already started to announce investigations and or “prudential measures” for data transfers solely relying on the invalidated “U.S.-EU Safe Harbor Framework” (Safe Harbor).

In the aftermath of the announcement of the “EU-U.S. Privacy Shield” (Privacy Shield), the Article 29 Working Party (WP29), comprised of all EU Member State DPAs, announced an extension of the “grace period” for U.S. data transfers based on alternative transfer mechanisms (e.g., EU standard contractual clauses and Binding Corporate Rules) other than Safe Harbor, at least until the Privacy Shield has been reviewed by WP29 (likely by the end of March 2016).Continue Reading EU Member States to Investigate EU-U.S. Transfers That Rely Solely on Invalidated Safe Harbor: Starting Now

In conjunction with the 2015 American Bar Association annual State of Criminal Justice publication, Louisa Marion and I have published a new chapter on “Digital Privacy and E-Discovery in Government Investigations and Criminal Litigation.” The article provides an in-depth look at many of the current and cutting edge issues raised by digital privacy

On April 7, 2015 the Federal Trade Commission (FTC) announced two new U.S.-EU Safe Harbor cases. TES Franchising, LLC and American International Mailing, Inc. have agreed to settle FTC charges that the companies falsely claimed they were abiding by the U.S.-EU Safe Harbor Framework, a voluntary but enforceable framework that enables U.S. companies to transfer personal data from the European Union to the United States in compliance with the EU data protection directive’s adequacy requirement.

According to the TES settlement, TES allegedly deceived consumers about the nature of its dispute resolution procedures by noting on its website that Safe Harbor-related disputes would be settled by an arbitration agency, would take place in Connecticut, and costs would be split between the consumer and the company. Aside from the fact that it would be nearly impossible to argue that a dispute resolution process like that is “readily available and affordable,” as the Safe Harbor Framework requires, the TES policy also allegedly failed to align with the TES Safe Harbor certification filing, which stated that TES would resolve disputes through the European data protection authorities, a process which does not require in-person hearings and which costs the consumer nothing. Finally, the FTC complaint notes the alleged misrepresentation by TES that it was a licensee of TRUSTe’s privacy compliance products when in fact TES was not a licensee of TRUSTe.Continue Reading FTC dives deeper on U.S.-EU Safe Harbor enforcement

The Federal Trade Commission (FTC) has been at it again, settling on December 31, 2014 with Snapchat over privacy and data security concerns stemming from its text and video mobile messaging services. The settlement is instructive for gauging the FTC’s enforcement priorities and illustrates the steep costs a company can face when the FTC alleges the company has engaged in deceptive or unfair trade practices.
Continue Reading Snapchat Settlement Highlights Continued FTC Scrutiny of Privacy and Security Representations

The recent decision in Brown v. Tellermate Holdings, out of the Southern District of Ohio, provides yet another valuable illustration of the critical need for litigation counsel to take reasonable steps to educate themselves about potentially relevant ESI in the possession, custody, or control of their clients and to take appropriate measures to preserve and produce that information. The case highlights, in particular, the pitfalls associated with cloud-based ESI (specifically, a common sales app called saleforce.com) as well as the severe sanctions that can befall those who make significant missteps, as the defendant and its counsel learned in Brown.

United States Magistrate Judge Terence Kemp observed early in his decision: “Discovery did not go smoothly.” The court’s recitation of the procedural history and discovery issues in the case soon reveal this to be a significant understatement. Judge Kemp ultimately sanctioned the defendant and its counsel for failing to preserve and timely produce ESI relevant to the plaintiffs’ age discrimination suit. In addition to awarding attorney’s fees and costs incurred by the plaintiffs in filing and prosecuting various motions, the court prohibited the defendant from introducing or relying on any evidence that it terminated the plaintiffs’ employment for performance-related reasons rather than age. Judge Kemp reasoned that the defendant’s discovery failings prevented the plaintiffs from obtaining discovery relevant to that critical issue.
Continue Reading Brown v. Tellermate Holdings: Lessons in Preserving and Producing Cloud-Based Data and Effective Communication Between Counsel and Clients

As part of Crowell’s “Data Law Trends & Developments:  E-Discovery, Privacy, Cyber-Security & Information Governance,” Steve Byers and I examined the hottest topics in E-Discovery in Government Investigations and Criminal Litigation.  Our report begins on page 15, and explores recent trends in this rapidly expanding field and forecasts potential developments with Federal Rule

In conjunction with the 2014 American Bar Association annual State of Criminal Justice publication, Louisa Marion and I have published a new chapter on “E-Discovery in Government Investigations and Criminal Litigation.” The article provides an in-depth look at many of the current and cutting edge issues raised by e-discovery in this context, including