As none of us can forget, the COVID-19 pandemic forced companies to close their brick and mortar offices with little time to adequately prepare their employees for a remote work environment. All of a sudden, in-person meetings were replaced with virtual conferences via Microsoft Teams, Zoom, and Amazon Chime – each leaving a new data
E-Discovery no longer dominantly involves emails and shared drive documents. With the increasing prevalence of mobile devices in the workplace and new apps being developed daily, mobile data and other non-email communications are moving to the forefront of discovery. Times have changed, and attorneys have professional and ethical obligations to keep up. To effectively and competently represent clients, attorneys must stay apprised of how to work with these ever-changing forms of data – or get help from someone knowledgeable. To do so, we have set out some suggestions below organized around common stages of the discovery lifecycle of digital evidence.
Identification. In conducting custodian interviews, ask questions to target the data types the custodian works with. Start broadly by determining if the company has a BYOD policy and asking if they allow the use of personal devices for work purposes. Confirm which messaging tools they use for business purposes, with the understanding that people tend to play down such use. For each messaging application, ask how they are used and with whom they communicate. Discuss these same topics with your client’s IT team to better understand the company’s policies and capabilities for controlling the use of personal devices, as well as employees’ actual practices.
Increasing mobile device usage for routine business – such as through text messages and mobile applications like WhatsApp – is contributing to a new developing trend in E-Discovery: broad discovery requests for businesses to collect and produce data from their employees’ mobile phones.
The proliferation of electronic communication not only makes it imperative for organizations to have mechanisms in place to capture and preserve mobile text messages, but also raises new challenges about how to protect employee privacy. As more and more employees use their personal devices for business purposes (and vice-versa – employees using company-provided devices also for personal purposes), there is an increasing desire among employees to ensure their personal data is protected, even as the company produces other data required in discovery.
Courts have recognized this is an issue, and the law is evolving to strike a balance between the discoverability of relevant information and privacy protections from overly intrusive requests for text messages.…
Continue Reading Court Rules Personal Privacy Interests May Impact Scope of Discovery for Text Messages
On January 13, 2020, U.S. District Court Judge Castel of the Southern District of New York in SEC v. Telegram Group Inc. et al., No. 19 Civ. 9439 (PKC) granted the motion of the U.S. Securities and Exchange Commission (“SEC”) to compel Telegram Group Inc., a technology company best known for its secure messaging app, to produce overseas bank records (Dkt. 67). The SEC had sought these records “fully unredacted” on an expedited basis in support of its claim that Telegram engaged in an unregistered securities offering (Dkt. 52). Telegram objected to any production, asserting that the records were of questionable relevance, that they contained banking and personal information protected by a host of foreign laws, and that it would be unduly burdensome to “to cull through these records and redact the personal information of non-U.S. persons and entities subject to foreign data privacy law protections.” (Dkt. 55). In a short decision, the Court ordered Telegram to produce the records on a tight timeline, holding that “[o]nly redactions necessitated by foreign privacy laws shall be permitted, and a log stating the basis for any redaction shall be produced at the same time the redacted documents are produced.”
There are a few key takeaways from this decision. First, the Court recognized foreign data privacy laws as legitimate grounds for withholding otherwise discoverable information. Defendant was not given a blank check to redact; rather, the Court required Telegram to log the basis for any privacy assertions, and one can expect the SEC will closely question Telegram on the redactions. At the same time, the Court clearly did not agree with the SEC’s characterization of data privacy laws as “blocking statutes” to be ignored, and was not swayed by its complaints that Telegram had not shown that such laws require deference. This is consistent with an observed general heightened sensitivity to data privacy and data security interests in the U.S. and abroad.
Judge Castel’s approach represents a change from U.S. courts’ prior dismissive treatment of similar disclosure objections. Courts traditionally would apply a multi-factor comity analysis that generally prioritized U.S. discovery interests over those of conflicting foreign laws and ultimately required unredacted production. See, e.g., Laydon v. Mizuho Bank, Ltd., 183 F. Supp.3d 409 (S.D.N.Y. 2016) (requiring unredacted production of data protected by the then EU privacy regulation, the 1995 EU Directive 95/46/EC, based on comity analysis set out in Société Nationale Industrielle Aerospatiale v. U.S. Dist. Court for S. Dist. of Iowa, 482 U.S. 522, 544 n.29 (1987) (hereinafter “Aerospatiale”)). Certainly, the SEC pushed for the customary approach, but Judge Castel appears implicitly to have to have resolved in short form (or skipped over) the Aerospatiale comity analysis and accepted the legitimacy of foreign restrictions on disclosure in U.S. proceedings.
– GN Netcom, Inc. v. Plantronics, Inc., 930 F.3d 76 (3d. Cir. 2019)
The Third Circuit’s decision in GN Netcom illustrates how Federal Rule of Civil Procedure 37(e) has elevated the bar to obtaining a default judgment based on spoliation, raising the question of what level of egregious conduct would justify that penalty. The decision also is notable for its exploration of the evidentiary support that aggrieved parties should be permitted to submit when the lesser penalty of a permissive adverse inference instruction is ordered. In a split decision, the appellate court granted a new trial because plaintiff’s expert was precluded from testifying as to the degree of spoliation, which might have impacted the outcome of the case.
Defendant’s Spoliation of Evidence
In conjunction with the 2015 American Bar Association annual State of Criminal Justice publication, Louisa Marion and I have published a new chapter on “Digital Privacy and E-Discovery in Government Investigations and Criminal Litigation.” The article provides an in-depth look at many of the current and cutting edge issues raised by digital privacy…