Insight into where e-discovery, information governance cybersecurity, and digital transformation are heading – who is doing what now or in the future, what works and what doesn’t, and what people wish they could do but can’t – gleaned from recent publications

E-DISCOVERY

Federal judges survey results assessed – Earlier this year, Exterro and EDRM published results from their 5^th Annual Federal Judges Survey. Here are two articles looking at and expanding on those results, and look for more to come:

• Tim Rollins, Exterro: 10 Practical Tips from Federal Judges for E-Discovery Attorneys
• George Socha, BDO: Exterro/EDRM Judges Survey 2019 Series: Part 1, Failure to Comply with Federal Rules

The end of sanctions – We are starting to see reactions to Logikcull’s recent “The End of Sanctions” report. Logikcull posted responses to the report from retired Federal judges John Facciola, Jay Francis, and Andy Peck. Legaltech News published an article, E-Discovery Still Putting Lawyers Under Pressure, Despite Fewer 37(e) Sanctions, with thoughts from Littler e-discovery counsel and shareholder Denise Backhouse and Jonathan Redgrave of the Redgrave firm, whose comments suggest they don’t see sanctions ending or even diminishing to the extent the report suggests.

Mobile device data – ACEDS recently published Hold My Phone: Part 1 – Preservation and Collection of Mobile Device Data, part one of a four-part series on mobile device data co-authored by Martha Louks, Director of Technology Services at McDermott Will & Emery LLP, and me.

Mobile device data, the law enforcement edition – Cellebrite recently published Industry Trend Survey 2019: Law Enforcement, the results of a survey of over 2,700 law enforcement personnel.  Key findings include: mobile phones remain the most frequently used and important digital source for investigators, the variety of digital sources investigators turn to is increasing, and locked phones and encrypted data pose significant challenges. At 37 pages, the report is full of additional details

Even IBM’s ROSS uses Boolean – As a reminder that AI is not everything, the folks at ROSS, “a legal research platform powered by artificial intelligence”, announced that they have built Boolean terms and connectors into their system – you know: AND, OR, NOT, *, and so on.

CYBERSECURITY & DATA PRIVACY

Data protection law overview – The Library of Congress’s Congressional Research Service has published “Data Protection Law: An Overview”, a 79-page document that looks at the origins of American privacy protections, Federal data protection law, state data protection law, the EU’s GDPR, the current administration’s proposed data privacy policy framework, and considerations for Congress.

Data protection goes global – As detailed in an April 1 Corporate Counsel article, Data Protection Laws Take Center Stage For Global GC, data protection is going global. Latin America is active. In 2018, Brazil passed its General Data Protection law, set to go into effect in August. Chile recently voted to create a national data protection authority, Panama’s National Assembly approved a national data protection law awaiting signature, and Argentina’s Congress is working on an updated bill. Columbia recently cracked down on data privacy violations in February. As noted below, non-EU GDPR-adequate countries range from Andorra to Uruguay. On the African continent, South Africa appears likely to implement the Protection of Personal Information Act this year. Nigeria has a privacy bill awaiting signature but already has constitutional protections. Mali, Côte d’Ivoire and other West African countries have already established data privacy and protection laws. APEC is busy as well, with Singapore implementing its Cybersecurity Act 2018, China publishing its Information Security Technology – Personal Information Security Specification, and Australia rolling out mandatory data breach reporting rules and an encryption law last year.

EU adequacy decision on Japan – On Jan. 23, the European Commission adopted its adequacy decision on Japan which according to an EC press release “allow[s] personal data to flow freely between the two economics on the basis of strong protection guarantees.” More easily digested that the full 80-page decision is the 2-page fact sheet. The EC previously recognized the following as providing adequate protection, and is in ongoing adequacy talks with South Korea:

• Andorra (Oct. 19, 2010)
• Argentina (June 30, 2003)
• Canada (commercial organizations) (Dec. 20, 2001)
• Faroe Islands (Mar. 5, 2010)
• Guernsey (Nov. 21, 2003)
• Isle of Man (Apr. 28, 2004)
• Israel (Jan. 31, 2011)
• Jersey (May 8, 2008)
• New Zealand (Dec. 19, 2012)
• Switzerland (July 26, 2000)
• United States (limited to the Privacy Shield framework) (July 12, 2016)
• Uruguay (Aug. 21, 2012)

NYDFS compliance – The New York State Department of Financial Services’ Cybersecurity Regulations for Financial Services Companies, 23 NYCRR Part 500, took effect on March 1. Michael Steinig and Alexander Sand, of Eversheds Sutherland, have put together an overview of the regulation’s requirements and some of the challenges facing those seeking to maintain compliance.

Search warrants required – With BH57, signed into law on March 27, Utah now is “the state with the strongest data privacy laws in the country when it comes to law enforcement accessing electronic information”, reports KSL News. Police in Utah now must obtain search warrants before accessing Utahn’s electronic information. Contrast with U.S. v. Therrien, No. 2:18-cr-00085 (D. Vt. Mar. 13, 2019), discussed below.

LEGAL TECHNOLOGY & DIGITAL TRANSFORMATION

Follow the money – According to investment bank Investec‘s 2019 Q1 LegalTech & NewLaw update, in 2018 approximately $1 billion went into legal technology and “new law” startups and scaleups.  For an overview and additional analysis, see the recent Artificial Lawyer article.

Law firms as legal tech users – For an example of how law firms continue to expand their use of technology, take a look at the Artificial Lawyer article about Slaughter and May’s use of AI technology for due diligence, deal analysis, practice management, and regulatory compliance.

Law firms as legal tech advisors – On March 25, Paul Hastings announced it had launched an Artificial Intelligence practice group, intended to “help our clients embrace the opportunities and innovation while mitigating the risks so they can develop and execute on their business plans with confidence.”

Law firms as legal tech developers –

• As law firms devote more resources to developing technology themselves and investing in others who do so, a debate is emerging about whether this is a good thing or a bad one, discussed in an article by Legaltech reporter Rhys Dipshan.
• One example of such firms is Allen & Overy, which recently announced that four new companies, Apiax, Define, HighQ, and Scissero, have joined the firm’s collaborative tech innovation space, Fuse.
• Another firm, Ashurst, announced it will be holding its first legal hackathon in cooperation with knowledge-automation company BRYTER; the goal is to jointly developing “innovative concepts for legal advice”.
• A third firm, Bryan Cave Leighton Paisner (BCLP), has launched an Innovation Champions program, according to Artificial Lawyer.
• Go to Andrew Messios’s Legaltech News article about the joint efforts of 18 law firms to develop and launch a legal tech platform, Reynen Court, to install, use, and manage legal tech products (think an App Store for law firms). The current law firms are Clifford Chance; Covington & Burling; Cravath, Swaine & Moore; Cleary Gottlieb Steen & Hamilton; Davis Polk & Wardwell; Debevoise & Plimpton; Freshfields Bruckhaus Deringer; Gibson, Dunn & Crutcher; Linklaters; Latham & Watkins; Orrick, Herrington & Sutcliffe; Paul, Weiss, Rifkind, Wharton & Garrison; Ropes & Gray; Skadden, Arps, Slate, Meagher & Flom; Simpson Thacher & Bartlett; Slaughter and May; Weil, Gotshal & Manges; and White & Case.

Tech leaders make more money – According to a report from Wolters Kluwer, 2019 Future Ready Lawyer Survey, law firms, corporate legal departments, and others in the legal industry that already are leveraging technology have an early-adopter advantage. For a short analysis of the report, go to this Artificial Lawyer post.

E-DISCOVERY CASE LAW

Recent e-discovery decisions

3/13/2019 – U.S. District Judge Christina Reiss denied defendant’s motion to suppress subscriber information (including service uses by the account, the data the account was created, the date of time of last login, and IP addresses associated with the account) the government had obtained from Google by subpoena and without a warrant, allegedly in violation of the 4th Amendment. The Court deemed the information obtained via subpoena to consist of business records maintained by a third party, and therefore concluded that the information was subject to the third-party doctrine and thus not protected by the 4th Amendment. U.S. v. Therrien, No. 2:18-cr-00085 (D. Vt. Mar. 13, 2019).

3/20/2019 – U.S. District Judge Helen Gillmor denied defendant’s motion for spoliation sanctions. Defendant claimed plaintiffs failed to preserve electronic dealer management system records maintained by CDK Drive and deleted emails from Google Enterprise accounts. Plaintiffs responded that any relevant records are available from third parties. As to the management system records, the Court found plaintiff had not subpoenaed records from CDK Drive and had not tried to retrieve the information from any other third parties and had not shown it did not have possession of or access to the information itself. Regarding the email, the Court found plaintiff had not sought any email or discovery directly from Google, had not demonstrated that Google Enterprise no longer had access to any of the deleted emails. Denying defendant’s motion, the Court instead wrote that defendant could have approximately two months during which it may issue subpoenas to obtain records from CDK Drive and/or Google. Envy Hawaii LLC v. Volvo Car USA LLC, No. 17-00040 HG-RT (D. Haw. Mar. 20, 2019).

3/27/2019 – The Superior Court of Pennsylvania vacated the trial court judgment and remanded the case for a new trial, finding that the trial court errored in refusing to give an adverse inference instruction based on alleged spoliation of videotape evidence. Plaintiff fell in defendant’s store. Surveillance video captured the fall. Plaintiff requested that defendant retain the video for six hours prior to and three hours after the fall. Defendant decided to preserve video only for 37 minutes before and 20 minutes after the fall. At trial plaintiff sought an adverse inference, contending that the missing video would have contained dispositive information. The trial court disagreed, but nonetheless allowed plaintiff to argue to the jury that it should infer from defendant’s decision not to keep the video that the video was damaging to defendant. The appellate court found that plaintiff had placed defendant on notice to preserve arguably relevant video surveillance; defendant chose to preserve only an arbitrary fraction of the video requested; and therefore defendant’s conduct constituted spoliation. Marshall v. Brown’s IA, LLC, 2019 PA Super 94 (Sup.Ct. of Pa. Mar. 27, 2019).