Everything You Need to Know about Risk of Loss

Failure to properly conduct electronic discovery can expose a party to a range of penalties. One penalty relates to the spoliation of evidence, which can result in an adverse inference against that party. Naturally, the goal of every party and its attorney in litigation is to avoid such punishment. But identifying the risk and managing that exposure is an undeniable component of the eDiscovery process. 

In this post, I'll share what you should know about risk of loss in eDiscovery. I'll cover how to identify risks, what happens if data is lost, and relevant case studies. 

What Is eDiscovery?

Discovery is the process in a civil dispute by which parties exchange and obtain information. It is punctuated by requests for information and documents commonly termed "paper discovery," as well as direct inquiry through mechanisms like depositions. eDiscovery is simply the term given to the discovery of electronically stored information. As a consequence of the uniqueness of the data involved, the process is composed of several components. Those component parts are commonly recognized as the preservation, collection, processing, and production of the data. 

Identifying Risks in eDiscovery

The risk inherent to eDiscovery is the risk of loss of data. This can occur at two crucial points in the eDiscovery process: preservation (client’s side) and processing (lawyer’s side). 

Risk of Loss in the Preservation Stage

The eDiscovery process starts at about the time of initial contact between client and counsel. Lawyers have an obligation to inform their client about the duty to preserve relevant data when they reasonably believe a dispute may come. Clients rarely contact attorneys regarding a possible dispute when no such dispute exists or is threatened. Therefore, when the client communicates with the attorney, the attorney must make the client aware that they should take steps to preserve data relevant to the dispute. They also must know of the consequences that can befall them if they fail to do so. 

The most common and effective method used to inform a client of their preservation obligations relating to relevant data is to place a statement in one’s retainer or engagement agreement. That provision should optimally also encourage the client to open a dialogue with the attorney regarding the location of the client’s data, custodians involved, devices used in connection with the client’s data, and IT infrastructure that can be used to preserve the data. For example, many businesses use Microsoft for their email architecture. Embedded in that software is a litigation hold protocol that allows the user to prevent emails housed in the system from being deleted for a specified period, if ever. Thus, the mechanism by which a client can preserve relevant data likely already exists in the client’s own IT infrastructure. Alerting the client to the obligation will serve the client later. 

Risk of Loss in the Processing Phase

The processing phase of eDiscovery is the third phase. It occurs after preserved data has been collected either directly by counsel or with the help of an eDiscovery software company. 

Data Storage

Counsel is required to know where data is being stored and can be liable for selecting a company that stores data in a country with a government that then seizes the data and exposes or uses the client’s proprietary and trade secret information. However, given that most eDiscovery software companies have been in operation for a good number of years or have ties to those that do, most are sensitive to the risks associated with cloud storage. They often mitigate those risks by storing data in local and secure facilities. However, it is still prudent for counsel to discuss data storage with any eDiscovery software company to comply with the obligations imposed on attorneys to ensure the security of client data placed within their charge. 

Data Recovery

Cloud storage has evolved over the past decade to significantly preserve and protect data. Most providers now include the ability to roll back deletions for a time so that deleted data is not lost. Similarly, eDiscovery software providers have protections in place to prevent the inadvertent loss of data conveyed to them, but they do not control the actions of attorneys working within that data. Thus, loss can occur in the processing phase if counsel inadvertently deletes data and does not understand how to recover it. Or if counsel fails to alert the vendor to the unintended deletion. 

Fortunately, if the attorney performing the eDiscovery competently performed the preservation stage, there are few, if any, worries. The data transmitted to the eDiscovery software company should still be preserved where it resided, either with the client or with the attorney. So in the event that someone inadvertently deletes data, uploading it a second time can replace the lost data. This highlights the importance of not only preserving relevant data in a dispute but continuing to preserve it through the conclusion of that matter. 

What Happens in the Event of Data Loss

In 2005, the federal courts took the first step in codifying eDiscovery rules into the federal rules of civil procedure and  underwent another improvement with a significant upgrade related to eDiscovery in 2015. Cases decided under the 2015 updates that started to appear in 2016 are the best early guidance of the current standards. 

Spoliation

"Spoliation" refers to the penalty for loss of data. However, it only applies to certain findings. In the landmark decision of Living Color Enterprises, Inc. v. New Era Aquaculture Ltd., a four-part test was developed under the 2015 version of Rule 37. This test addresses whether there should be eDiscovery spoliation sanctions. Those questions are: 

1. Does alleged spoliation involve electronically stored information (ESI)?
2. Was there allegedly spoliated ESI evidence that should have been preserved?
3. Was the allegedly spoliated ESI lost because a party failed to take reasonable steps to preserve it?
4. Is the allegedly spoliated ESI evidence unable to be restored or replaced through additional discovery?

If the answer to all four questions is yes, then sanction may be warranted if the judge also finds prejudice or an intent to deprive. 

Thus, spoliation applies where the loss of data was more purposeful or where the data truly is irretrievable. However, where data is exchanged, such as in emails, deleting the one sent does not delete the one received. So in many cases the loss is not impossibly irretrievable but may warrant a lesser sanction including fee shifting. 

Applicable Case Studies

By the 2015 federal procedural rule update, many law firms had begun to understand their obligations with eDiscovery. Many of the more well-known incidents related to failures to preserve data that resulted in some form of penalty occurred prior to those updates, but the actions addressed by those cases still highlight the risks associated with data losses, either unintentional or intentional. 

Painter v. Atwood

In Painter v. Atwood, a dentist’s former employee sued the practice for sexual harassment in the workplace. Plaintiff’s attorney was a well-respected and seasoned litigator. Some of the relevant electronic evidence in the dispute was the plaintiff’s own Facebook posts and texts. She talked about how much she loved working at the practice and even vacations with the dentist and his family. The plaintiff deleted that data during the dispute. But in imposing an adverse inference, the court found that it was the attorney’s obligation to educate her client on the duty to preserve that data. The counsel’s failure to do so contributed to the loss of the data. The takeaway is that an attorney can be liable if they fail to educate the client on the duty to preserve relevant data and the client subsequently loses or destroys that data. 

Lester v. Allied Concrete

A more famous case involved the intentional destruction of data at the direction of counsel in a wrongful death case. The attorney had to pay more than $500,000. He also surrendered his license to practice law to avoid facing disciplinary action. In Lester v. Allied Concrete Co., the court found that the plaintiff’s attorney—through his paralegal—told his client to “clean up” his Facebook account. The client deleted a photo of himself wearing an “I heart hot moms” T-shirt and a garter belt on his head  with a beer in his hand. The instructions from the plaintiff’s attorney came out later in the case, resulting in the sanction. Although not decided under the 2015 version of federal Rule 37, this case highlights the risks associated with the intentional destruction of relevant data in civil disputes. 

Wrapping Up Risk of Loss

Data is the heart of eDiscovery. Data can also be fragile because people can easily lose or destroy it. The risks associated with the loss of data usually come from the early preservation stage of the eDiscovery process. This is where a failure to preserve relevant data can lead to sanctions related to loss of data. 

Many protections are available to secure data and inhibit its automatic deletion. Cloud storage also usually has the ability to recover inadvertently deleted data. Therefore, the risk associated with data loss in the eDiscovery process narrows as that process continues from preservation to the final production stage. Thus, the parties and their attorneys must recognize the risk exposure in their early case assessment. They can then act to ensure the preservation of relevant data to avoid the risk of later penalties, such as an adverse inference resulting from a spoliation determination. 

If you’re looking to optimize eDiscovery, Venio Systems can help. Venio offers a purpose-built platform for managing ESI of all types, including email, from ingestion to production. To experience the power of Venio Systems, schedule a demo today.