Category Archives: Discovery

Scylla & Charibdis

Does it matter whether information is stored in the US or overseas, if the same person controls the storage?

“Google and U.S. Fight Over Data,” The Wall Street Journal, April 4, 2017 B4.  Google no longer captures information stored overseas in response to US warrants.  Google isn’t alone.  The government says Google is impeding investigations.  Google calls for an investigation of the government’s conduct, which ignores a US Court of Appeals decision that says information on foreign servers is beyond US jurisdiction.

Where are you going to store your data? In the US, subject to government warrants, or overseas, where different privacy protections apply?  You’re between a rock and a hard place.  The Federal Rules of Civil Procedure provide yet another standard, which is not necessarily limited to the US.

 

Leave a comment

Filed under Access, Controls, Corporation, Discovery, Duty, Government, Internal controls, Legal

Is a phone ESI or a tangible thing?

The discovery rules for discovery in litigation in the US Federal courts changed recently, drawing a distinction between electronically stored information and everything else.  If it’s ESI, then it is more difficult to get sanctions for destroying evidence.

“FTC Claims VW Mobile Phones Missing,” The Wall Street Journal, December 10, 2016 B3.  Twenty-three mobile phones assigned to people important to the investigation emissions scandal have been lost or wiped.

For those phones that were lost (as opposed to those that were wiped), what rules on sanctions apply?  The ones applicable to ESI, or the ones applicable to tangible things?  Or since it’s obstruction of justice, it just doesn’t matter?  See 18 USC § 1519.

Leave a comment

Filed under Access, Board, Compliance, Compliance, Controls, Corporation, Discovery, Duty, Employees, Governance, Information, Internal controls, Legal, Protect assets, Protect information assets, Value

A new area of ESI

ESI, or electronically stored information, is all the rage in ediscovery.  But there’s a new frontier.

“Cellphone Smudges Yield A Trove of Forensic Data,” The Wall Street Journal, November 15, 2016 A3.  It may be possible to recover enough from the smudges on your cellphone to tell a lot about you.  Not a fingerprint, yet.

Is a smudge “information”?  Skin flakes?  Sweat?

How do you govern this?  What can you use it for?  Can you store it?  Delete it?

Leave a comment

Filed under Accuracy, Data quality, Definition, Discovery, Information, Use

Seeing green

Should enterprises be required to disclose who their investors are?

“Hulk Hogan Case Stirs Funding-Disclosure Debate,” The Wall Street Journal, May 28, 2016 B1.  An investor loans Hulk Hogan $10 million to help fund the suit over the release of a sex tape by Gawker Media, which resulted in a huge verdict for the former wrestler.

Would knowing that the plaintiff is well-financed affect the defendant’s strategy, as some opponents of this practice claim?  Is this information relevant at all to the resolution of the dispute on the merits?  If the defendant has insurance, that is often discoverable.

What’s this information worth?  What is it worth not to have to disclose such investors?  What’s fair?

Leave a comment

Filed under Definition, Discovery, Information, Legal, Value

Prodrome?

Is there a new standard being established for the conduct of internal investigations?

“VW Seeks Whistleblowers,” The Wall Street Journal, November 13, 2015 B3.  VW offers unionized employees limited amnesty to get people to self-report information related to emissions irregularities.  Jones Day is conducting the investigation.

I assume, but have not asked, that all these reports by the employees are not subject to the attorney/client privilege.

Will other companies be encouraged to follow VW’s example and offer internal immunity in investigations? What if they don’t?   Verry interesting. (Apologies to Arte Johnson).

Leave a comment

Filed under Board, Business Case, Collect, Compliance, Compliance, Compliance, Compliance Verification, Directors, Discovery, Duty, Governance, Legal, Management, Privilege, Risk

International norms

“Microsoft, U.S. Argue Over Data Privacy,” The Wall Street Journal, September 10, 2015 B4. The DOJ said that a German court could force a German company to turn over data stored in the US, so a company sued in the US can be forced to turn over data held in Ireland.

Go figure.  It’s “an international norm,” says DOJ.  Ireland hasn’t weighed in on this particular case.  And the transfer may violate EU privacy law.

Interesting ruling from both a privacy perspective and a discovery perspective.

I guess US companies can’t safely hide information assets outside the country without letting go of all control over it.

Leave a comment

Filed under Discovery, Privacy

Lemonade

The Sony hack just keeps on giving.

After Hack, Secret-Messaging App Is Pitched to Hollywood,” Wall Street Journal, December 24, 2014 B5.  New app uses the Sony hack as a marketing opportunity for its self-destructing messaging.

The aftermath of the hack is continuing fodder for business school classes on information governance and crisis management, among others.  If you had such an app in development, do you wait for such an event to release your app?  Did Snapchat suffer from a timing gap?  How do you deal with this if you have discovery in litigation?

Leave a comment

Filed under Business Case, Controls, Discovery, Information, Internal controls, IT, Privacy, Risk, Security, Third parties, Use, Value

Catching up

I missed yesterday.  Oops.  Not for lack of material.

I was struck that documents turned over in the GM ignition defect case establish that GM ordered 500,000 new switches seven weeks before issuing the vehicle recall. “GM Ordered New Switches Seven Weeks Before Recall,” Wall Street Journal, November 10, 2014 A1.  So much for who knew what when.

Analyzing Big Data shows that last year, the Sunday before Thanksgiving was the best day (in terms of lowest price) of the Christmas shopping season.  “Snagging the Holiday Deals,” Wall Street Journal, November 10, 2014 B1.  Now, will retailers do the same this year?  Will shoppers react the same way?  That’s not information, that’s (educated?) guessing.  WSJ will track prices online.  Now there’s an information-based service.

It’s almost to the point of the stories becoming dog-bites-man routine.  Another day, another breach. “Postal Service Hit by a Vast Data Breach,” Wall Street Journal, November 11, 2014 A4.  Only 800,000 people affected.

But for me the biggest story was the push for what has been called net neutrality. “President Pushes Stricter Net Rules,” Wall Street Journal, November 11, 2014 A1. It’s really about more government control of the Internet.  Do we really want the people who designed and rolled out HealthCare.gov to control the Internet?  Who really owns the Internet?  And what will happen to the information flow (other than Netflix)?

Leave a comment

Filed under Analytics, Controls, Discovery, Governance, IT, Oversight, Ownership, Requirements, Risk, Security

Watch what you write

In a blog post on May 18, 2014, I commented upon the 69 words that GM’s lawyers told the engineers not to use. http://bit.ly/S5NQG9 Pretty bog-standard stuff on watching what you write.

“Lawyers, Judges Modify View That Adverbs are Mostly Bad,” Wall Street Journal, October 8, 2014 A1.  Lawyers and their view on adverbs in statutes and legal opinions.  Are adverbs inherently ambiguous?

I gave hundreds of “Watch What You Write” presentations to business folks during my 30+ years of legal practice.  I cautioned people to watch out for adverbs, adjectives, and absolutes, as they are inherently imprecise.  And difficult to explain five years later in litigation.  I also suggested that people consider that the medium is part of the message, and gauge the permanence of the medium to the importance of the message.  Email lasts forever. Think of content + container.

Does your information governance program address controlling the actual words people use?  Should it?

Leave a comment

Filed under Business Case, Communications, Content, Controls, Definition, Discovery, Duty of Care, Information, Internal controls, Oversight, Protect assets, Protect information assets, Risk

Inertia and legal holds

Okay.  I can understand that the government wants the court to seal the record when the gov’t asks for surveillance of a suspected drug dealer’s cellphone.  I mean, they don’t want the drug dealer to know he or she is being investigated.  But does the request need to be hidden after the drug dealer is convicted?  Do the court seals evaporate automatically over time?

“Long-Term Secrecy Surrounds Monitoring,” Wall Street Journal, October 1, 2014 A2. Request made in 2007.  Conviction is 2012.  Request unsealed after WSJ motion in 2014.

This reminds me of an frequent issue with legal holds.  They get established, and monitored for a while.  But do they ever get lifted or released?  Who’s going to ask for their removal?  The lawyers who requested them have moved on to other matters.

Should the request to seal (or the legal hold) automatically expire unless renewed?  Otherwise, does inertia take over? Or do we wait for WSJ makes a motion?

Leave a comment

Filed under Controls, Discovery, Internal controls, Protect, Third parties