Every week, the Array team reviews the latest news and analysis about the evolving field of eDiscovery to bring you the topics and trends you need to know. This week’s post covers the period of August 19-25. Here’s what’s happening.
Who Should Pay for Securing Sensitive Data Produced During Discovery?
Confidential information must be protected after it’s been produced, but what happens if the producing party wants tougher security than what the receiving party thinks is reasonable? The Sidley Blog covers that question in a post about United States v. Anthem, Inc.
According to the government, the insurance company knowingly disregarded its responsibility to verify that risk adjustment diagnosis data submitted to the Department of Health & Human Services was accurate.
The two sides disagreed over the security measures that would be used to store Anthem members’ medical records and information produced during discovery. The government said it would keep and encrypt the files on a “bespoke platform, not connected to the internet, accessible by only ten individuals.” That level of security would cost around $5,000 per month.
The insurance company asked for more protection, including tracking and logging all activity on the platform and monitoring internal activity logs, among other safeguards. Those additional controls would raise the monthly cost by $4,300.
The magistrate judge looked at four factors to reach a decision:
- The nature of the data and what could happen if it were disclosed without authorization
- How reasonable the proposed security measures are
- How the cost of security compares to the overall cost of discovery and the amount in controversy
- The relative ability for the parties to pay for the requested security
Ultimately, the judge sided with Anthem and ordered the government to implement Anthem’s proposed measures and pay for them.
The costs of compromised medical data are high, and this type of data is often a target for cybercriminals, the judge wrote. She also decided the tougher security measures were reasonable. Anthem helped itself by submitting a technical opinion on the proposed security measures, which the government didn’t do. The total costs of Anthem’s preferred solution – roughly $60,000 per year — were a “rounding error” compared to total discovery costs and the amount at stake in the case.
Both sides had sufficient resources to pay for the higher level of security, but the judge said there could be an argument for making Anthem pay. The government relies on taxpayer money while the insurance company produces billions in revenue. But that wasn’t a big enough distinction to shift costs.
Discovery’s Gone Wrong? Get the Court Involved
When it comes to eDiscovery, early missteps can snowball into much bigger problems, and seeking intervention from the court shouldn’t be a last resort. That’s one of the big takeaways from Kelly Twigger’s latest Case of the Week at the eDiscovery Assistant blog.
It’s about a case from Pennsylvania, Domus BWW Funding, LLC v. Arch Ins. Co., involving multiple discovery issues on the defense side.
- The defense’s in-house counsel delegated the ESI search to a paralegal, which “fell through the cracks” for months. There were also months-long delays in notifying outside counsel and the other party. The plaintiff eventually asked about document production after an employee deposition, and the defense acknowledged that ESI materials hadn’t been produced.
- A former employee’s emails were deleted, and the backup tapes that might have contained copies of them were overwritten
- Another employee said she had saved hard-copy notes related to the case. When she started working remotely, she had put the notes in a filing cabinet near her old cubicle. The company looked for the notes and, when it couldn’t locate them, told the court they never existed. As the judge wrote: “After I pressed the issue at a sanctions hearing, Arch managed within a few days to find the documents it told me didn't exist. (Oops!)”
The judge decided to sanction the defense. But he had some criticism for the plaintiff, too. When the plaintiff first identified the discovery issues, it tried to resolve them on its own and didn’t involve the court until a summary judgment briefing. The judge would have been willing to intervene earlier.
Twigger also points out the outside counsel’s role. They were responsible for making sure that their client was living up to the standards of discovery.
This case reveals many missteps throughout the discovery process. Understandably, in-house counsel often tries to handle the work with internal resources because it is much more cost-effective, however, this case is a good example of where a lack of internal processes or standard operating procedures specifically tailored to eDiscovery likely led to the sanctions imposed on the defendant. Often, involving an eDiscovery partner early on in the process can help avoid these pitfalls, but at the minimum, in-house teams should have a well-defined plan, procedure for litigation hold, data identification and production and capable resources available to execute on that plan if the workflows are conducted internally.
Other recent eDiscovery news and headlines:
