Embed Size (px)
Citation preview
Five eDiscovery Risks to Avoid in Board Communications
Kelly Twigger, Esq.Passageways PowWOW
May 14, 2015Indianapolis, IN
Kelly TwiggerAdvises clients on all aspects of preparing for and conducting eDiscovery and IGFluent in legal, business and IT Co-author of Electronic Discovery and Records and Information Management Guide (updated annually); creator of eDiscovery Assistant™Blogger at www.esiattorneys.com/blogKentucky basketball and Packers football fan
“The most valuable commodity I know of is information.”
— Gordon Gecko
“Information is a source of learning. But unless it is organized, processed, and
available to the right people in a format for decision making, it is a burden, not a
benefit.”
— William Pollard
“Information Technology and Business are becoming inextricably interwoven. I don’t think anyone can talk meaningfully about
one without talking about the other.”
— Bill Gates
What is Electronic Discovery?
eDiscovery is the identification, collection, review and production of
electronically stored information, or ESI.
A party has a duty to preserve information that may be responsive when it knows about or reasonably
anticipates litigation.
— Zubulake v. Warburg, 220 F.R.D. 212 (S.D.N.Y.
2003)
A long time ago, in a galaxy far, far away . . .
ESI Challenges
Volume of data (in GB)
Cost
✓ Volume is directly tied to cost
✓ 196.3 billion emails sent daily
✓ $1.4 million to handle 1 TB data
Where do eDiscovery Rules Come into Play?
Litigation Third party subpoenas Regulatory Responses Government
investigations DOJ Second requests
eDiscovery of Board Communications
✓ When decision by board is at issue in litigation
✓ Shareholder derivative actions✓ Breach of fiduciary duty ✓ Pension fund cases
Risk #1Failure to Plan for
eDiscovery
Plan for eDiscovery
Planning done with specific organizational risks and goals in
mind
CreateTeam
AnalyzeRisks
DevelopProcess
Implement and Audit
Records
Relevant
ESI ESI
Information
Goal of eDiscoveryLegal
obligations+
Legal Strategy
=eDiscovery
Goal
Create Team
InformationGovernanc
eLegal IT Business
To successfully address risks, an organization must change the way the business thinks. No more silos, regions or business units. Policies must govern and be enforced. Goals must be determined as business
objectives.
Analyze Risks
Likelihood of litigation Regulatory issues/concerns New/proposed legislation Past experience Potential exposure Impact on shareholders/members
Develop Internal Process
Records and Information Management Legal hold policy and protocol Process for managing eDiscovery Understanding sources of ESI at play Selecting tools for handling data Outside eDiscovery counsel
Consequences of Failure to Plan for eDiscovery
Exponentially higher discovery costsBad publicityPotential regulatory violationsExclusion of witnesses, default judgment, sanctions in litigation
Risk #2Allowing Board
Members to Use An Email Address
Outside the Company
Risk #2Poll Question:
What email address do your directors use to
communicate regarding company issues?
Risk #2
A. Their own company email address (i.e. where they are employed)
B. A personal email addressC. A designated email address for the
company on which the board member sits
Epic Fail
of all Boards of Directors still use email to send
documents and information to Board
Members
The evolving role of the global board
— Thomsen Reuters, 2014
43%
Risk #3Not Identifying ALL sources of ESI that
may be discoverable
Risk #3Poll Question:
What is your organization’s policy regarding the
annotations made by directors in the portal?
Risk #3
A. Annotations remain on the individual director’s portal — the company takes no action with them
B. Annotations are deleted by the administrator within a fixed time after the meeting is concluded
C. My organization has no policy or procedure for how annotations are treated on the portal
Sources of ESI
Word docs
agendaspowerpoints
photographsspreadsheets
Databases VideoAudio files
Text messages
Annotations in board portal
GPS data
social media
instant messages
Social Media
Social Media
OOPS.
Risk #4Not Understanding
How data is Captured and
Stored
Deleted, but not Gone
Images captured using MP+ from Access Data
Deleted, but not Gone
Images captured using MP+ from Access Data
Deleted, but not Gone
Images captured using MP+ from Access Data
Risk #5Failure to Educate Board Members on
the Risks of ESI
Training Do’s • Conduct in-person with board members at regular meeting as
part of agenda• Use impartial presenter from outside organization who has
met with team• Consider attorney-client privilege and using counsel to
conduct training to shield contents of training from being discoverable
• Have case studies and materials to support policies and positions regarding use of ESI by board members
• Be willing to discuss positions of board members relative to inconvenience of issues vs. risk management for the organization (think Hillary Clinton)
• Bring Your Own Device (BYOD)
Training Topics • Governing regs, statutes, FRCP etc. on the requirements to
preserve records and information• Basics of electronic discovery and the risks, including
when duty to preserve arises• Bring Your Own Device (BYOD)• Use of personal devices and computers for company
business• Email as a communication tool • Impact and use of social media• Technical/forensic components to provide context for
understanding the issues
Your Homework✓ Gather the right people to assess the risks of ESI for your
Board and organization ✓ Put together a game plan for planning for eDiscovery in
conjunction with your information governance policies and strategy
✓ Review existing methods for creating, storing and transmitting board materials and evaluate against risks
✓ Put in place protocols for handling eDiscovery, including identifying counsel, tools to assist with the process, identify sources of ESI, etc.
✓ Provide training for board members on ESI related risks, and put policies in place to govern communications in any form
eDiscovery Assistant™
Web version to be
released this
summer
www.ediscoveryassistant.com
Questions??
Thank You!
Contact Information:[email protected]
720.370.0435LinkedIn: Kelly TwiggerTwitter @kellytwigger
Blog esiattorneys.com/blog
