Category Archives: Preservation & Collection

Three Key eDiscovery Preservation Lessons from Small v. University Medical Center

Small v. University Medical Center is a recent 123-page decision focused exclusively on issues and challenges related to preservation of electronically stored information in a large enterprise. Its an important ESI preservation case with some very instructive takeaways for organizations and their counsel.  In Small, Plaintiffs brought an employment wage & hour class action against University Medical Center of Southern Nevada (UMC). Such wage & hour employment matters invariably involve intensive eDiscovery, and this case was no exception. When it became evident that UMC was struggling mightily with their ESI preservation and collection obligations, the Nevada District Court appointed a special master, who proved to be tech-savvy with a solid understanding of eDiscovery issues.Case Law

In August 2014, the special master issued a report, finding that UMC’s destruction of relevant information “shock[ed] the conscious.” Among other things, the special master recommended that the court impose a terminating sanction in favor of the class action plaintiffs. The findings of the special master included the following:

  • UMC had no policy for issuing litigation holds, and no such hold was issued for at least the first eight months of this litigation.
  • UMC executives were unaware of their preservation duties, ignoring them altogether, or at best addressing them “in a hallway in passing.”
  • Relevant ESI from laptops, desktops and local drives were not preserved until some 18 months into this litigation.
  • ESI on file servers containing policies and procedures regarding meal breaks and compensation were not preserved.
  • These issues could have been avoided using best practices and if chain-of-custody paperwork had been completed.
  • All of UMC’s multiple ESI vendors repeatedly failed to follow best practices

After several years of considering and reviewing the special master’s detailed report and recommendations, the court finally issued its final discovery order last month. The court concurred with the special master’s findings, holding that UMC and its counsel failed to take reasonable efforts to identify, preserve, collect, and produce relevant information. The court imposed monetary sanctions against UMC, including the attorney fees and costs incurred by opposing counsel. Additionally, the court ordered that should the matter proceed to trial, the jury would be instructed that “the court has found UMC failed to comply with its legal duty to preserve discoverable information… and failed to comply with a number of the court’s orders,” and that “these failures resulted in the loss or destruction of some ESI relevant to the parties’ claims and defenses and responsive to plaintiffs’ discovery requests, and that the jury may consider these findings with all other evidence in the case for whatever value it deems appropriate.” Such adverse inference instructions are invariably highly impactful if not effectively dispositive in a jury trial.

There are three key takeaways from Small:

  1. UMC’s Main Failing was Lacking an Established Process

UMC’s challenges all centered on its complete lack of an existing process to address eDiscovery preservation. UMC and their counsel could not identify the locations of potentially relevant ESI because there was no data map. ESI was not timely preserved because no litigation hold process existed. And when the collection did finally occur under the special master’s order, it was highly reactive and very haphazard because UMC had no enterprise-capable collection capability.

When an organization does not have a systematic and repeatable process in place, the risks and costs associated with eDiscovery increase exponentially. Such a failure also puts outside counsel in a very difficult situation, as reflected by this statement from the Small Court: “One of the most astonishing assertions UMC made in its objection to the special master’s R & R is that UMC did not know what to preserve. UMC and its counsel had a legal duty to figure this out. Collection and preservation of ESI is often an iterative process between the attorney and the client.”

Some commentators have focused on the need to conduct custodian questionnaires, but a good process will obviate or at least reduce your reliance on often unreliable custodians to locate potentially relevant ESI.

  1. UMC Claims of Burden Did Not Help Their Cause

UMC tried arguing that it was too burdensome and costly for them to collect ESI from hundreds of custodians, claiming that it took IT six hours to merely search the email account of a single custodian. Here at X1, I wear a couple of hats, including compliance and eDiscovery counsel. In response to a recent GDPR audit, we searched dozens of our email accounts in seconds. This capability not only dramatically reduces our costs, but also our risk by allowing us to demonstrate diligent compliance.

In the eDiscovery context, the ability to quickly pinpoint potentially responsive data enables corporate counsel to better represent their client. For instance, they are then able to intelligently negotiate keywords and overall preservation scope with opposing counsel, instead of flying blind. Also, with their eDiscovery house in order, they can focus on more strategic priorities in the case, including pressing the adversary on their discovery compliance, with the confidence that your client does not live in a glass house.

Conversely, the Small opinion documents several meet and confer meetings and discovery hearings where UMC’s counsel was clearly at a significant disadvantage, and progressively lost credibility with the court because they didn’t know what they didn’t know.

  1. Retaining Computer Forensics Consultants Late in the Game Did Not Save the Day

Eventually UMC retained forensic collection consultants several months after the duty to preserve kicked in. This reflects an old school reactive, “drag the feet” approach some organizations still take, where they try to deflect preservation obligations and then, once opposing counsel or the court force the issue, scramble and retain forensic consultants to parachute in.  In this situation it was already too late, as much the data had already been spoliated. And because of the lack of a process, including a data map, the collection efforts were disjointed and a haphazard. The opinion also reflects that this reactive fire drill resulted in significant data over-collection at significant cost to UMC.

In sum, Small v. University Medical Center is a 123 page illustration of what often happens when an organization does not have a systematic eDiscovery process in place. An effective process is established through the right people, processes and technology, such as the capabilities of the X1 Distributed Discovery platform. A complete copy of the court opinion can be accessed here: Small v. University Medical Center

1 Comment

Filed under Best Practices, Case Law, compliance, Corporations, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, GDPR, Information Governance, Information Management, Preservation & Collection

Dark Web Evidence Critical to all Cyber Investigations and Many eDiscovery matters

The dark web is a component of the World Wide Web that is only accessible through special software or configurations, allowing users and website operators to remain anonymous or untraceable. The dark web forms a small part of the deep web, which is the part of the Web not indexed by web search engines. The dark web has gained more notoriety over the past few years and several large criminal investigations have resulted in seizures of both cryptocurrencies and dark web pages and sites. Criminal enterprises involving counterfeiting, hacking, ID and IP theft, narcotics, child pornography, human trafficking, and even murder for hire seek a haven in the mist of encrypted communications and payment, such as Bitcoin, to facilitate their nefarious schemes. dark web

While mining the dark web is critical for many law enforcement investigations, we are also seeing increased focus on this important evidence in civil litigation. Fero v. Excellus Health Plan, Inc., (Jan. 19, 2018, US Dist Ct, NY), is one recent example. Fero arises out of a data breach involving healthcare provider Excellus Health Plan, Inc. According to the complaint, hackers breached Excellus’s network systems, gaining access to personal information millions of individuals, including their names, dates of birth, social security numbers, credit card numbers, and medical insurance claims information. The Plaintiffs brought a class action asserting claims under various federal and state laws.

Initially, the court dismissed the plaintiffs’ case, citing a failure to establish damages and actual misuse by the hackers who allegedly stole their information. However, after conducting a more diligent investigation, the plaintiffs submitted with their motion for reconsideration evidence that the plaintiffs’ PII was placed on the dark web.  This evidence was summarized in an expert report providing the following conclusion:  “it is my opinion to a reasonable degree of scientific certainty that PII and PHI maintained on the Excellus network was targeted, collected, exfiltrated, and put up for sale o[n] DarkNet by the attacker for the purpose of, among other things, allowing criminals to purchase the PII and PHI to commit identity theft.”  Fero, at 17.  Based on this information, the court granted the motion for reconsideration and denied the defendant’s motion to dismiss. In other words, the dark web evidence was game-changing in this high-profile class action suit.

Cases like Fero v. Excellus Health Plan illustrate that dark web evidence is essential for criminal and civil litigation matters alike. Dark Web investigations do require specialized knowledge and tools to execute. For instance, X1 Social Discovery can be easily configured to conduct such dark web investigation and collections.

Recently, Joe Church of Digital Shield led a very informative and instructive webinar on this topic. Joe is one of the most knowledgeable people that I’m aware of out there on dark web investigations, and his detailed presentation did not to disappoint. Joe’s presentation featured a concise overview of the dark web, how its used, and how to navigate it. He included a detailed lesson on tools and techniques needed to search for and investigate key sources of evidence on the dark web. This webinar is a must see for anyone who conducts or manages dark web investigations. Joe also featured a section on how to specifically utilize X1 Social Discovery to collect, search and authenticate dark web evidence. You can review this very informative 30 minute training session (no sign in required) by visiting here.

Leave a comment

Filed under Best Practices, Case Law, Case Study, Cloud Data, dark web, eDiscovery, Preservation & Collection, Social Media Investigations, Uncategorized