Hot Off the Bench: Co-operation and Documentation – Navigating Discovery Plans

Still believe that discovery plans are optional?  Think again.

In a decision released on May 21, 2013 (Cash Store Financial Services Inc. v. National Money Mart Co. [2013 O.J. No. 2275), Master Glustein re-confirms that the courts will impose discovery plans and provides some useful guidance on when the courts will elect to do so.

The defendant brought a motion for an order granting leave to amend its pleading and an order imposing a discovery plan. The plaintiff consented to a number of the amendments, but sought an adjournment on the balance pending a proposed cross-motion to strike various parts of the Statement of Defence. The plaintiff took the position that the court should not impose a discovery plan nor a discovery timetable until its proposed motion was determined.

Master Glustein ultimately approved the amendments, and a timetable for discovery, but held that it was premature to impose a discovery plan on the parties, on the following basis:

• The court should intervene when a party fails to co-operate in discussing a discovery plan or if the parties cannot agree on one (para. 52).

• Where there is evidence the parties have been co-operating (here, evidenced by the production of a black-lined draft version of a discovery plan, the court should not impose one (paras. 50 and 52).

• The court can impose a discovery plan based on the closed pleadings regardless of any proposed or pending motions, which will not operate to “stay” all steps under a discovery plan (para. 54).

• If a party takes the position it will not comply with the discovery plan until a pending motion is determined, the court may exercise its discretion to determine required compliance in the circumstances, having examined procedural history, the nature of the discovery plan and the substance of the motion (para. 54).

This decision underscores the need for parties to co-operate, to document that co-operation, and to accept that discovery plans are not optional.

93% Say Information Management is Top Priority

According to a Legal Exchange Network (“LEN”) blog by Yodi Hailemariam published on June 5, 2013, 93% of senior Information Governance and e-Discovery executives surveyed report Records Information Management as their top priority.

LEN surveyed its network of General Counsel and Global/Regional Heads of e-Discovery, Litigation, Compliance, Legal IT and Records Management. Information management and collection were cited as the top investment areas, with 93% of those surveyed “planning to invest in information management solutions in the next 6-24 months.”

89% reported plans to invest in data preservation and/or data processing solutions in the same time frame.

Given the business and legal value of good information governance processes, we at Wortzman Nickle are in total agreement with these priorities.

For more information, the blog can be found at: http://www.linkedin.com/groups/Records-Information-Management-is-Top-60739.S.247375512?view=&gid=60739&type=member&item=247375512&trk=eml-anet_dig-b_nd-pst_ttle-cn.

Privacy Commissioner Endorses Good Record Keeping Practices

Information governance is front and centre once again as Ontario’s Privacy Commissioner, Dr. Ann Cavoukian, investigates the deletion of emails relating to the government’s cancellations of two gas-fired power plants. Her office launched an investigation in response to an MPP complaint after the legislative committee tasked with looking into the cancellations requested disclosure of government documents and was advised that the former Minister of Energy’s office had none.

As detailed in her report released today (June 5, 2013), Dr. Cavoukian not only found that the former chief of staff to two energy ministers “routinely deleted all of his e-mails, a violation of the Archives and Recordkeeping Act”, she also noted that knowledge of the existing record retention policies was lacking within both the Office of the Minister of Energy and the Office of the Premier.

Dr. Cavoukian wrote:

“I have seen many government organizations with strong policies and training materials in place to convey the policies to staff. However, all too often these same organizations have failed to adequately implement these policies.”

Information governance is more than just having policies in place – the information custodians must be adequately educated on the practices necessary to implement the policies. The routine auditing of retention practices should be carried out to ensure compliance and that best practices are met.

Dr. Cavoukian’s report can be downloaded from: http://www.ipc.on.ca/images/Findings/2013-06-05-Ministry-of-Energy.pdf

CRA on the Privacy Commissioner’s Radar for Privacy Breaches

According to CBC news, the Canada Revenue Agency (“CRA”) is apologizing, and the Privacy Commissioner of Canada is investigating, after a recent privacy breach involving the confidential records of taxpayers. Apparently, it is not the CRA’s first.

Danielle Baxter of Langley B.C., wrote to the CRA to request information she needed to complete a return for her deceased child. The information she received mistakenly included a variety of cover letters and confidential taxpayer information. After numerous attempts to return the information, including a personal visit to her local tax office, she was turned away. The only remedies she was offered were to leave the documents in a drop box (she felt that was inadequate) or to request a special CRA envelope by mail, an option which would have taken ten days.

Staff at the local tax office refused to accept the confidential information from Ms. Baxter, so she returned home and contacted Go Public at the CBC. The CBC contacted the taxpayers whose information had been included in the package and the CRA, who then sent an employee to collect the information from Ms. Baxter.

The Privacy Commissioner is now investigating this matter. According to the CBC article published on June 3, the “CRA was already on [Jennifer Stoddart’s] radar for too many privacy breaches.”

“It happens far too often,” she said. “We have had quite a few data breaches with the CRA. And we have had enough data incidents, I’d say, enough incidents of mishandling of Canadian’s personal information, that I asked the CRA be audited…we’ll be reporting on that in my next annual report.”

This is another example of how policies, process and good information governance can minimize or eliminate such privacy breaches. At a minimum, they would have set out an appropriate process to rectify the situation such that Ms. Baxter would not have had to resort to the CBC for a suitable remedy.

For more information on this story, see the June 3, 2013 CBC article by Kathy Tomlinson: (http://www.cbc.ca/thenational/indepthanalysis/gopublic/story/2013/05/31/bc-craprivacybreach.html).

To Hold or Not To Hold

It’s generally taken for granted that, when your client is involved in a litigation or regulatory matter, all relevant records need to be preserved. This is commonly termed a legal hold. Unfortunately, the way this obligation is managed varies greatly. A poor legal hold process can even lead to spoliation allegations and adverse inferences. One recent example is the DuPont v. Kolon trade secrets dispute.

The matter resulted in a $920 million judgement for DuPont. However, the court recently awarded an additional $4.5 million in costs because of the extra amount of work DuPont’s lawyers and vendors were forced to do as a result of what the court defined as the defendant’s “overall obfuscatory conduct” which resulted in “a long, and oftentimes tortuous, journey on the part of DuPont to get to the bottom of the alleged deletion of files and email items by key Kolon employees”. Clearly, Kolon’s legal hold process was not all it should have been.

Apart from ensuring that the people with the relevant records (including IT, who do things with data that end users are only vaguely aware of) are notified that they need to preserve, a properly managed legal hold process includes:

1.         Confirmation that custodians actually received the notification and understand their obligations

2.         Periodic reminder notices so that the custodians don’t forget

3.         Interviewing the custodians to make sure they understand what they need to do and what is relevant.

4.         Notifying the custodians when the legal hold is no longer required.

While small legal holds can be managed using a spreadsheet, holds involving more than a handful of custodians should take advantage of one of the new breed of dedicated legal hold software applications. These programs help to implement a standard process and take care of the bookkeeping aspects of the hold, allowing the legal team concentrate on the substance of the case.

The Business Case for Information Governance – Reduce Lost Productivity!

When discussing the benefits of good information governance (“IG”) with clients, we often hear that it doesn’t apply to an organization because it doesn’t have a lot of litigation. Fair enough, but the days of believing that implementing good IG practices is solely premised on lowering litigation costs (they do that) or minimize the risk of spoliation (they do that too) are long gone. Frankly, the business case may be even more compelling than the legal one. Consider the following benefits of good IG:

• Streamline business operations: you’ll know what you’ve got and where it is stored
• Increase employees’ productivity: reduce time spent to locate relevant business information
• Protect internal confidential and personal information through proper classification and reduced volume of records
• Support budgeting and other prospective activities
• Reduce volume of business records (especially duplicates), lowering data storage costs
• Eliminate non-business records quickly

Not yet convinced? Consider recent studies that indicate that employees spend up to nine (9) hours per week looking for information. That is almost one week per month of work time! Your organization may not have a lot of litigation, but can it afford all of that lost productivity?

All organizations benefit from good IG. There are approaches to IG that suit the small to large organization. This means that there are some simple, inexpensive approaches that may be taken that can make a meaningful difference, even in small companies. Can you really afford to lose your employees one week of four? It really comes down to that.

Variations on an Information Management Theme

Day One of the Canadian Institute’s Records Retention & Electronic Information Management Conference engaged lawyers, records managers, IT professionals and consultants in spirited discussions about retention periods, outsourcing (vendors and the Cloud), overcoming barriers to policy implementation, privacy breaches and related topics.

Despite the different backgrounds of the speakers and the attendees, there were a number of common themes re-iterated throughout the day:

• Use SMEs: developing a good information management program requires “Subject Matter Experts” (legal, records managers, privacy specialists, IT); if you don’t have them internally, outsource to suitable experts.

• “Big Buckets” are better: classification schemes should be based on a limited number of “big buckets” of categorized information to simplify things for the end user. Surveys suggest that schemes with under 50 record categories are preferred, but certainly stay under 100 if you are able.

• Educate, educate, educate: ensure your organization’s employees understand the importance of your information management program. Train all new employees, longstanding employees and everyone in between (yes, even the CEO), particularly in this era of Bring Your Own Device (“BYOD”).

• Stay off of the front page: consider appropriate privacy and security measures at all stages of your information management plan. Breaches are expensive and embarrassing.

• No perfection required: all speakers agreed that the required standard for information management is reasonableness, not perfection. The latter is too expensive, and frankly, unattainable.

Day Two’s panels will focus on risks and opportunities inherent in emerging technologies and social media.

Osgoode Certificate Program in e-Discovery, Records Management, Information Governance and Privacy – Day Five

The final day of the intense five day Osgoode Certification Program focused on forensics and its effect on the Production and Presentation stages of the Electronic Discovery Reference Model (“EDRM”). The attendee’s were treated to a key note address by George Socha the co-author of the “EDRM” and a live demonstration of forensics by Kevin Lo of Froese Forensic Partners Ltd.

Some Day Five items of note and best practices:

• If using software (i.e: Encase, FTK, Robocopy) to make digital copies of data or hard drives – ensure that you capture the data correctly so it maintains its original metadata.

• Courts will admit ESI as long as it can be assured of its: Integrity, Authenticity and Identity.

• The use of Hash Values and System Metadata can be used to authenticate ESI.

• The digital evidence work flow is almost identical to the stages of the EDRM.
  • Identify – Collect – Process – Review – Produce – Present

• Collecting forensically allows for: a defensible approach to litigation, investigative experience, documented chain of custody and confidence of using trusted forensic experts.

With the successful conclusion of the Osgoode Certification Program all of the participants left armed with an abundance of e-Discovery knowledge and best practices to assist them with tackling ESI challenges in the future.

Thank you to all of the faculty members who took the time to share their invaluable knowledge on the various ESI topics covered during the program.

Osgoode Certificate Program in e-Discovery, Records Management, Information Governance and Privacy – Day Four

The current buzz in the e-discovery industry focuses on the use of Predictive Coding and Technology Assisted Review (“TAR”) to assist with the culling, analysis and review stages of the E.D.R.M. The use of various culling techniques, predictive coding and TAR software algorithms offer their own unique challenges but if utilized properly they can greatly reduce the number of manual review hours required to complete your review as well as lower the costs for the review portion of the litigation.

Some Day Four items of note and best practices:

• Sedona Canada recommends using a combination of both manual and TAR review to achieve the most accurate results.

• Ensure that you document all decisions/expectations from your Meet and Confer session, your review procedures, culling techniques, key word searching and result sampling so your entire process is completely defensible.

• Technology Assisted Review tips:
  • Search intent should be used to determine what combination of technology and process best suits the requirements.
  • Although “Recall” (the percentage of relevant records identified out of all relevant records in the collection) and “Precision” (the accuracy of the relevant records identified) are both important, consideration should be given at the outset as to how each measure is weighted.
  • Determining the “Margin of Error” and “Confidence Level” that you are comfortable using will help determine the size of the sample that you need to use to validate your results.
  • The decision to use an initial “Seed Set” depends on the particular Predictive Coding software used. However, when a seed set is used, some effort should be made upfront to ensure that is is representative of the majority of relevant records, in order to maximize the efficiency of the process.
  • Regardless of the technology used, the results should be tested  to ensure that they are valid.

Course attendees left Day Four armed with an abundance of information on various culling strategies as well as the knowledge on how to leverage technology assisted review to reduce the overall review costs for their clients.

Outgoing Privacy Commissioner Advocates for PIPEDA Reforms

This morning, in her final address as Privacy Commissioner, Jennifer Stoddart advocated for amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA) at the International Association of Privacy Professionals’ (IAPP) Symposium.

Noting that the Privacy Commissioner’s current power is primarily the ability to bring about “public shame” for offending companies, a series of changes are recommended to ensure the Act “can evolve into a more modern personal information protection law that mirrors improvements and strengths of other data protection laws in Canada and internationally, thereby ensuring that Canadians’ personal information is protected in the digital economy.” (http://www.priv.gc.ca/parl/2013/pipeda_r_201305_e.pdf)

Proposed amendments include the following:

• Stronger enforcement powers: allow for statutory damages to be administered by the Federal Court, give the Commissioner the power to make orders or to impose administrative monetary penalties; or a combination of the above;

• Mandatory reporting: require organizations to report breaches of personal information to the Commissioner and to notify affected individuals to ensure that mitigating measures can be taken in a timely fashion;

• Increased transparency: require organizations to publicly report on the number of disclosures they make to law enforcement under paragraph 7(3)(c.1), without knowledge or consent, and without judicial warrant, in order to track the frequency and use of this extraordinary exception; and,

• Increased accountability: modify the accountability principle in Schedule 1 to include a requirement for organizations to demonstrate accountability upon request, to incorporate the concept of “enforceable agreements”; and to make certain accountability provisions subject to review by the Federal Court. (http://www.priv.gc.ca/parl/2013/pipeda_r_201305_e.pdf)

Commissioner Stoddart closed with her belief that these amendments should be welcomed by privacy professionals. We agree.