Civil litigation in 2017 presents any number of problems for lawyers. Beyond the usual challenge of preparing a case for trial while wrangling with litigation adversaries, counsel must now be aware of cyber security concerns and other digital age complexities. It’s no wonder that many lawyers have deferred or altogether given up on becoming eDiscovery competent.
And yet, the need for basic competence in the age of eDiscovery is more compelling than ever. As discussed in a recent article published by Legaltech News, lawyers have been unable to execute essential discovery tasks in a surprising number of cases this year. Nowhere is this more apparent than the recent Wells Fargo data breach. Much has already been written about last month’s breach in which outside counsel for Wells Fargo mistakenly produced thousands of client files containing confidential financial information. Commentators have rightfully used this incident to spotlight the importance of breach preparedness. Nevertheless, this incident also informs lawyers of the need to take basic discovery measures to safeguard client information from inadvertent disclosure.
The breach transpired last month in connection with Wells Fargo’s response to a third party subpoena. In response to the subpoena, outside counsel for Wells Fargo worked with a third party eDiscovery service provider to search through and identify responsive client emails for production. After reviewing what she believed was the entire universe of potentially relevant information, outside counsel excluded privileged documents and non-responsive information. She next conducted a “spot check” of the production. She then had the information placed on an encrypted CD marked “confidential” and turned over the CD to opposing counsel.
Counsel was later informed by her adversary that she had mistakenly produced “a vast trove of confidential information about tens of thousands of the bank’s wealthiest clients.” While counsel first attributed the mistaken production to “vendor error,” she later explained that she mistakenly reviewed only 1,000 documents from the universe of potentially responsive information. Counsel did not realize there were still thousands of additional documents in the review queue that apparently were not displayed by the vendor’s review tool.
Beyond all of this, counsel was notified that her adversary had disclosed Wells Fargo’s information to the New York Times. Opposing counsel also refused to return the inadvertently produced information, arguing that it might be relevant in the underlying litigation. Only after resorting to motion practice and invoking court rules against such disclosures was Wells Fargo finally able to obtain court orders enjoining any further dissemination of its confidential information.
While the Wells Fargo breach was the culmination of several unlikely events, the adverse publicity and harm to the client could have been avoided had counsel followed some basic eDiscovery practices. As an initial matter, lawyers should at least have a rudimentary working knowledge of the discovery tools at their disposal. Understanding the nature of the technology interface, the coding mechanism, and other features can enhance the quality of counsel’s review while lessening the possibility of oversights.
Quality control measures are another essential aspect of productions of electronically stored information. Those measures generally go beyond a “spot check” and instead use some method of sampling to obtain a representative cross-section of the production. By manually reviewing the sampled documents, counsel can determine whether the production reflects the information sought in discovery.
Another simple but significant step is for counsel to secure a protective order to prevent the dissemination of confidential information. This is an essential step for a responding party regardless of whether a production is made in response to a Rule 34 request for production or Rule 45 subpoena. Indeed, productions of confidential information should not be made until a protective order is in place. Producing documents with a “confidential” stamp – without a protective order in place – does not provide the client with sufficient legal protection against unauthorized disclosures.
Adopting any of these steps – and certainly a combination of them – would almost certainly have prevented the ill-fated Wells Fargo production from going forward or at least mitigated the subsequent harm. While some of these measures may seem obvious, they are not always apparent to the uninitiated in eDiscovery. The discovery landscape is replete with pitfalls.
Lawyers who wish to obtain more understanding on these issues would be well served to follow the guidelines delineated by the recent California State Bar ethics opinion on eDiscovery competence. They may also consider engaging discovery counsel or other experts who can help guide them through the discovery process. By following these and other best practices, counsel can help their clients avoid many of the fundamental problems affecting discovery in 2017.