ESI protocols are key to discovery – even if they’re informal

It’s important to have a road map for searching and retaining documents before you implement a legal hold, but that doesn’t mean you need an enforceable ESI protocol in place, legal specialists say.

The problem with having a formal agreement is you can waste time and money fighting with the other party over technical matters before you even know if there’s a production problem with the electronically stored information you collect for the litigation, Xavier Rodriguez, U.S. district judge for the Western District of Texas, said in a Today’s General Counsel webcast.

“I would do an ESI protocol as an informal agreement between the parties,” said Rodrigiez, sharing a personal opinion and not speaking in an official capacity.

If the protocol is a legal agreement that later needs to be modified because discovery issues are raised, the parties would have to seek an order and that’s not necessarily the best way to work out differences over what and how electronically stored information is gathered, said the judge.

“If the protocol is later seen as unfeasible, you have to petition the court to modify it,” he said.

It’s better for the parties to work out these issues upfront in a cooperative way because it can take months if the differences are handled in court, he said.

A formal agreement can also lead to responsive material getting left out on technical grounds. Some “companies won’t produce relevant documents they discover if they’re not within the protocol,” Rodriguez said. “I think that’s a complete misreading of the rules.”

In a case last year involving customers seeking a refund from Stubhub, the plaintiffs complained the defendant didn’t follow the ESI protocol when it produced emails without including, as attachments, Google Drive documents that were hyperlinked in the emails. Instead, the defendant provided the Google documents as separate files because they had trouble tracing the documents through the hyperlinks, possibly because the documents had been moved or for other technical reasons.

The court ended up granting the plaintiffs’ motion to compel production, but an expert said it may have been better to handle the matter informally. “They should figure out what they are able to do before they agree to do something,” said Patricia Antezana, a partner at Reed Smith.

Linda Luperchio, who oversees discovery in some 200 cases a year as part of her legal operations leadership role at the Hanover Insurance Group, said she won’t start collecting material until she has an ESI protocol in place. Otherwise, she said, there’s a risk of collecting data only to learn it’s not what the other side was expecting, forcing her to start the process over.

“Outside counsel often say, ‘We’ll worry about the ESI protocol later.’” she said. “My deal is, I won’t start e-discovery until I have the ESI protocol in my hand, because I don’t want to get it ready in a certain way and find out I need to do something different. I get a lot of pushback because the importance of the ESI protocol doesn’t seem to be as recognized as it should be.”

Issues over electronically stored information came up in a number of cases last year, including the big antitrust case over the Google Play Store when the plaintiff sought to have the tech giant sanctioned for deliberate spoliation of evidence by allowing employees to use an internal chat platform without turning off the auto-delete function.

The judge held an evidentiary hearing on the matter and Google ended up facing legal costs and deferred sanctions for just that part of the proceedings, a diversion from the main issue being litigated.

“I wonder if Google understood what its employees were doing,” said Rodriguez.

At this point, companies should realize that employees use messaging platforms for business communications, whether they want them to or not, so policies should be in place governing what needs to be preserved, the specialists said.

“I can’t imagine an organization like Google not having [a non-delete policy] in place,” said Luperchio. “To me that’s unfathomable.”

Especially if employees are permitted to use their phones or laptops for work, it’s crucial for companies to have a policy that personal devices can be searched for discoverable material.

“Companies that don’t do that are really leaving themselves open, because employees are going to say no [to having their devices searched], especially if things are not OK,” Luperchio said.

In one case last year, an Elastos Foundation employee based outside the United States was caught up in a back-and-forth over what he was compelled to produce from his personal email. The employee produced thousands of communications from his work email and his personal phone and laptop, and from his use of a messaging platform, but the requesting party wanted his personal email searched as well.

In denying the motion for production from that source, the court cited the requester's inability to show he used his personal email for work but it also focused on the absence of a company policy on personal devices.

“Elastos didn't have a policy to control data on personal devices,” said Antezana.

Given the spread of data privacy laws throughout the United States and in Europe, how legal teams manage the collection and retention of electronically stored information has become especially tricky. If they don’t collect and retain the data properly for legal holds, the teams can run into these discovery conflicts and risk sanctions. But if they collect and hold too much information for too long, they risk getting their organization in trouble on privacy grounds.

“New rules are coming out that touch on the same data in e-discovery,” said Lindsey Tsai, product marketing manager at Exterro, a data risk management software company.