Laws Governing E-Data and Seizure Presented by Ronald L. Hicks, Jr.
Discussion Topics 1. Zubulake v. USB Warburg, LLC 2. US v. Arthur Andersen 3. Sarbanes-Oxley Act 4. HIPAA 5. ECPA 6. Amended FRCP
General Information “ The Electronic Evidence and Discovery Handbook: Forms, Checklists and Guidelines” published by the ABA LPM Sect. (http://www.abanet.org/abastore) LexisNexis ® Applied Discovery ® (http://www.lexisnexis.com/applieddiscovery/)
Discussion Topics 1. Zubulake Decisions No U.S. or Third Circuit decision exists re: preservation of electronic evidence or sanctions for failure. Zubulake decisions are recognized as setting the benchmark standards. Zubulake decisions have not been adopted by any PA federal or state court.
Zubulake Decisions Spoliation is “the destruction or significant alteration of evidence, or the failure to preserve property for another’s use as evidence in pending or reasonably foreseeable litigation.” Sanction determined on a “case-by-case” basis Authority to sanction arises under the FRCP and inherent powers.
Zubulake Decisions Duty to preserve arises when a party has notice or should have known that evidence may be relevant to litigation. Sanctions exist only if a party has a duty to preserve the destroyed evidence.
Zubulake Decisions Duty to preserve commonly arises when a demand letter or complaint is served. Duty to preserve may arise earlier if a party has sufficient notice or information re: a credible threat of future litigation. Duty to preserve requires more than a mere possibility of litigation. Existence of duty to preserve determined by the facts of each case.
Zubulake Decisions Duty to preserve extends only to “key players” in the litigation. Not every piece of evidence must be preserved; only that which is relevant.
Zubulake Decisions Zubulake holds that once litigation is reasonably anticipated, a party must suspend routine document destruction and put in place a “litigation hold” to ensure the preservation of relevant evidence. Inaccessible back-up tapes do not need to be subject to the “litigation hold.” Accessible back-up tapes should be placed in the “litigation hold.”
Zubulake Decisions Zubulake creates a duty upon both the party and its counsel to ensure that all sources of potentially relevant information are identified and placed “on hold.” Zubulake creates a duty upon counsel to oversee and monitor a party’s compliance with “litigation hold.” Proper communication is the key.
Zubulake Decisions Zubulake establishes guidelines that counsel should follow to avoid sanctions for electronic evidence spoliation. The Zubulake guidelines are not meant to be onerous. Zubulake holds that counsel’s actions in avoiding evidence spoliation are judged by a reasonableness standard.
Zubulake Decisions Use the form documents cautiously; avoid creating duties that you may not have as counsel under PA law. Forms documents should be tailored to your particular case.
Discussion Topics The act that led to Arthur Andersen’s conviction was not fraudulent accounting practices, but document destruction. On appeal, the US Supreme Court addressed whether the jury’s conviction was in error under 18 USC § 1512 which dealt with “corruptly persuades” the withholding or altering of documents. 2. US v. Arthur Andersen
US v. Arthur Andersen Compliance with a valid document retention policy is not a criminal act or violation of 18 USC §1512 . Document retention policies are common and are intended to keep information for others, including the government.
US v. Arthur Andersen 18 USC §1512 requires “knowingly ... corruptly persuading” another to destroy documents to impede an “official proceeding.” Merely complying with a document retention policy does not give rise to a violation of 18 USC § 1512 which dealt with “corruptly persuades” the withholding or altering of documents.
Discussion Topics Created an independent Public Accounting Oversight Board to oversee conduct of auditors and accountants. One of its most important effects is its impact on document and data retention. 3. Sarbanes-Oxley Act
Sarbanes-Oxley Act US v. Trauger, No. 3-03-30371 (N.D.Cal. Sept. 24, 2003) Failure to comply may result in fines up to $25 Million and 20 years imprisonment.
Discussion Topics Goal of HIPAA is to improve privacy and security of patients’ medical information. HIPAA Security Final Rule emphasizes security management principles and broad management controls to protect patient health information. 4. HIPAA HIPAA Privacy Rule addresses the use and disclosure of patient health information.
HIPAA Penalties not as severe as Sarbanes-Oxley Act, but include civil penalties of $100/violation. No notice required to be given to government if privacy or security breach discovered.
Discussion Topics ECPA consists of three parts: The Wiretap Act, the Pen Register Act and the Stored Wired and Electronic Communications Act. Under the Wire Tap Act, liability requires proof of specific intent, presence of a “wire, oral or electronic communication” and an “interception.” 5. ECPA
ECPA Fraser v. Nationwide Mut. Ins. , 352 F.3d 107 (3d Cir. 2003) & US v. Councilman , 418 F.3d 67 (1 st Cir. 2005)(en banc) Cookies or other web server data do not constitute an “interception.”
ECPA Pen Register Act initially intended to address telephone communications. Pen registers record all numbers dialed from a particular telephone line (outgoing calls), whereas trap and trace devices record what numbers called a particular telephone (incoming calls). US v. Forrester , 2007 U.S. App. LEXIS 16147 (9 th Cir. 2007)
ECPA Snow v. DirecTV, Inc. , 450 F.3d 1314 (11 th Cir. 2006) Stored Communications Act addresses the privacy of electronic communications while “in storage”
Discussion Topics Rationale behind “meet and confer” requirement is early discussion and counsel involvement helps to avoid evidence spoliation. F.R.C.P. 26(f)(3) & 16(b)(5) set forth the “meet and confer” requirement. 6. FRCP
FRCP – “Meet and Confer” The “meet and confer” conference requires you to think about what the relevant sources of evidence will be in your case. Every case has different issues that should be addressed at the “meet and confer” conference.
FRCP – Discovery Requests Three most common methods are interrogatories, document requests and depositions. Using more than one of these three methods is common when performing e-discovery.
FRCP - Discovery Strategies Interrogatories should be used to identify systems, information and people with knowledge Absent agreement or court order, F.R.C.P. 33(a) limits the # of interrogatories to 25, including subparts.
FRCP - Discovery Strategies Unlike interrogatories, document requests are not subject to an express numerical limitation; they are subject to Rule 26 admonition re: abusive discovery. Document requests directed to a party can be done independently or as part of a deposition notice. Document requests can be directed to non-parties by way of a subpoena.
FRCP - Discovery Strategies Consult with an e-discovery vendor or computer forensics expert. Electronically stored data should be produced in its native format with metadata.
FRCP - Discovery Strategies Depositions ordinarily are used to verify that you have gathered all the relevant evidence through interrogatories and document requests. Depositions also enable a party to prepare any necessary e-discovery-related motions, including motions in limine and sanctions for spoliation of evidence. Using an e-discovery expert may be prudent.
FRCP - Protocols To prepare a well-structured e-discovery protocol, you must understand in advance what the quantity and variety of data that your client has so that you can talk to the correct “key players.” Understanding what your client’s business operations are will enable you to advocate for an e-discovery protocol that is not overly burdensome.
Structuring Protocols <ul><li>Key Issues to Address in an E-Discovery Protocol: </li></ul><ul><li>Confidentiality Protection </li></ul><ul><li>Screening for Privilege </li></ul><ul><li>Data Acquisition/Preservation Procedure </li></ul><ul><li>Costs – Who Pays What? </li></ul><ul><li>Data Return/Destruction </li></ul>