A trial court opinion involving allegations of spoliation of text messages on a mobile phone in the Southern District of New York has gotten attention because of the application of legal preservation standards.  Ronnie Van Zant, Inc. v. Pyle 2017 BL 3018, S.D.N.Y. 17 Civ. 3360 (RWS), 8/23/17) is an interesting read, not just because it involves odd characters, intrigue and drama surrounding one of the greatest Southern Rock bands of all time.  It also includes some instructive information about the application of the “practical ability” test for preservation, and the uphill battle for witnesses who lose credibility in testimony about what they did and did not do in a preservation effort.

Not long after the tragic plane crash that resulted in the deaths of Lynyrd Skynyrd lead singer Ronnie Van Zandt and his co-founding band member Steven Gaines,  Artimus Pyle, the former drummer, entered an agreement with the surviving heirs and other members of the band.  The agreement involved promises to never perform as “Lynard Skynyrd,” or to generally profit from the name of the band or the tragic deaths of Van Zant or Gaines without approval of the original parties to the agreement.  Their dramatically named “blood oath” agreement was more concretely memorialized in a Consent Order in 1988, following other litigation, which Pyle signed.

Over 20 years after the 1988 Consent Order, the drama that spawned the litigation began in a story that sounds like it came from a Netflix mini-series.  A film director named Jared Cohn, who worked under contract for an independent record label-turned movie producer, Cleopatra Records, Inc. (“Cleopatra”) reached out to Pyle about making a movie centered around the band and Pyle’s life in it.  Cohn was hired by the founder and co-owner of Cleopatra Records, Brian Perera, who is another interesting character in his own right. Pyle met and consulted with Perera on multiple occasions about ideas for a film generally depicting his life and the plane crash, which Pyle survived.  In their first conversations, Pyle did not mention the 1988 Consent Order, but the Order eventually was delivered to Cleopatra.  The copy of the Order was also eventually followed by a “cease and desist” letter and other correspondence from the Plaintiffs’ counsel.  All the while, Cleopatra’s movie production work continued. Continue Reading Spoliation and Southern Rock

Seyfarth eDiscovery Partner Richard Lutkus, along with William Lederer from Relativity and Patrick Zeller of Gilead Sciences, Inc., will host a panel discussion titled “Brave New Words: Cloud Data Collection, Processing, and Hosting” at this year’s RelativityFest on October 24, 2017.

This session will provide attendees with information about new data collection methods with tools like Heureka and Harvester, along with considerations for working with RelativityOne, data privacy, and security. Additionally, best practices surrounding the General Data Privacy Regulation (GDPR), international data transfer with EU entities, secure management of hosting (wiping cloud data) and SSD wiping technologies will be discussed.

RelativityFest is an annual conference designed to educate and connect the e-discovery community. The three-day festival in Chicago will feature panel discussions, hands-on labs, and breakout sessions to discuss best practices. For more information, or to register to attend, please visit https://relativityfest.com/.

Seyfarth eDiscovery attorneys Jason Priebe and Natalya Northrip will present “A Practical Roadmap for EU Data Protection and Cross-Border Discovery” at this year’s RelativityFest on October 24, 2017.

This presentation will provide attendees with practical tips for leveraging the new Sedona International Principles to help in your compliance with stringent GDPR requirements, and in seeking immediate help under the EU-U.S. Privacy Shield.

RelativityFest is an annual conference designed to educate and connect the eDiscovery community. The three-day festival will feature panel discussions, hands-on labs, and breakout sessions to discuss best practices for eDiscovery, Information Governance, and Data Privacy. For more information, or to register to attend, please visit https://relativityfest.com/.

When you bring to mind someone “hacking” a computer one of the images that likely comes up is a screen of complex code designed to crack through your security technology.  Whereas there is a technological element to every security incident, the issue usually starts with a simple mistake made by one person.   Hackers understand that it is far easier to trick a person into providing a password, executing malicious software, or entering information into a fake website, than cracking an encrypted network — and hackers prey on the fact that you think “nobody is targeting me.”

Below are some guidelines to help keep you and your technology safe on the network.

General Best Practices

Let’s start with some general guidelines on things you should never do with regards to your computer or your online accounts.

First, never share your personal information with any individual or website unless you are certain you know with whom you are dealing.  Hackers often will call their target (you) pretending to be a service desk technician or someone you would trust.  The hacker than asks you to provide personal information such as passwords, login ids, computer names, etc.; which all can be used to compromise your accounts.  The best thing to do in this case, unless you are expecting someone from your IT department to call you, is to politely end the conversation and call the service desk back on a number provided to you by your company.  Note, this type of attack also applies to websites. Technology exists for hackers to quickly set up “spoofed” websites, or websites designed to look and act the same as legitimate sites with which you are familiar.  In effect this is the same approach as pretending to be a legitimate IT employee; however, here the hacker entices you to enter information (username and password) into a bogus site in an attempt to steal the information.  Be wary of links to sites that are sent to you through untrusted sources or email.  If you encounter a site that doesn’t quite look right or isn’t responding the way you expect it to, don’t use the site.  Try to access the site through a familiar link.

Second, whether or not you have a Bring-Your-Own-Device (“BYOD”) program at work chances are you will at some point be using a mobile device to conduct to conduct business.  Don’t feel that your mobile phone is invulnerable to being compromised. (Every networked device — Apple, Microsoft, Android, Linux, etc. — can be compromised)  Mobile hacking is one of the fastest growing areas for exploiting individuals and companies.  This is largely because people do not typically have security programs — such as anti-virus software — on their mobile device.  Additionally, people often connect their mobile devices to public networks, like those available at coffee shops, hotels, etc. — these networks are not secure.  Your best defense against having your mobile device hacked is to install a decent security app and be sure to turn off the Wi-Fi, Bluetooth, and Hotspot settings when they are not in use.   Also, try to only install apps from companies you recognize.  Further, mobile banking and purchasing apps make life easy, but if you don’t have security software — or if you are conducting a larger transaction — you may want to do it on your computer.

Next, If your computer’s security software pops up a security warning, pay attention to it.   Often times we are in a hurry and tend to click through these types of warnings, but that is a mistake.  The warning is there for a purpose whether it is a flag indicating that a website is potentially dangerous or a notice that your computer has detected malware.  When you see a warning it is best to stop what you are doing, close down any open websites, and call your help desk.  You may also want to scan the computer with your security software.  However, be careful of “security warnings” that pop-up from websites.  If the warning does not look like the warnings you are used to, and does not indicate the name of your security software, it may be a malicious attempt to compromise your computer.

Finally, don’t plug USB drives into your computer unless you know where it comes from and where it has been.  Rouge USB drives are a method by which hackers get malicious programs onto your computer.  The drive may contain an enticing file that when clicked, loads a virus onto your computer, or in some cases the drive may load the malware simply by being plugged into your USB port.  So, if you find a USB lying around it is best to turn it into IT, or throw it away. Continue Reading Cyber Security Best Practices

Is your organization ready for the new EU General Data Protection Regulation?

On May 25, 2018, the EU General Data Protection Regulation (“GDPR”) will impose significant new obligations on all U.S. companies that handle personal data of any EU individual. U.S. companies can be fined up to €20 million or 4% of their global annual revenue for the most egregious violations. What does the future passage of GDPR mean for your business?

Our experienced eDiscovery and Information Governance (eDIG) and Global Privacy and Security (GPS) practitioners will present four 1-hour webinars in August through October of 2017. The presenters will provide a high-level discussion on risk assessment tools and remediation strategies to help prepare and reduce the cost of EU GDPR compliance.

What Are the Specific GDPR Provisions Effective May 25, 2018 and What Organizations Need to Prepare Now for Compliance
Webinar
September 20, 2017
12:00 p.m. – 1:00 p.m. Central Time
Presenters
Jason Priebe, Partner, Seyfarth Shaw LLP
Natalya Northrip, Counsel, Seyfarth Shaw LLP
Scott Carlson, Partner, Seyfarth Shaw LLP

What GDPR Requirements Will Be Associated With the Most Significant Sanctions?
Webinar
October 5, 2017
12:00 p.m. – 1:00 p.m. Central Time
Presenters
John P. Tomaszewski, Senior Counsel, Seyfarth Shaw LLP
Jason Priebe, Partner, Seyfarth Shaw LLP
M. James Daley, Senior Counsel, Seyfarth Shaw LLP

Is Your Organization Preparing for May 25, 2018 GDPR compliance?
Webinar
October 19, 2017
12:00 p.m. – 1:00 p.m. Central Time
Presenters
M. James Daley, Senior Counsel, Seyfarth Shaw LLP
Kathleen McConnell, Senior Counsel, Seyfarth Shaw LLP
John P. Tomaszewski, Senior Counsel, Seyfarth Shaw LLP

Register here.

The use of open file sharing platforms in business continues to increase in 2017; Dropbox alone has over 200,000 active business accounts. Unfortunately, the convenience of these platforms and the increase in use by businesses attracts the attention of hackers a well.  File sharing platforms and accounts have a high “hack value” — the overall value of the accounts on the dark web — due to the relative ease with which account can be obtained and the sensitivity of the information stored on these platforms. The risk associated with the use of file share platforms is twofold.  First, company supported file share is attractive to attackers because it is guaranteed to contain sensitive information.  Second, file share platforms available to employees outside of the company — e.g. the employee Google Drive account — may be used to store company information, but likely do not use the same security standards as those enforced by the company. Attacks on file share platforms are also very real.  In August of 2016 Dropbox forced users to reset their passwords based on a breach — 60 million account credentials compromised — that had been discovered but was executed four years earlier in 2012.

Thus, it is important that businesses educate their employees on the risks of sharing information on these platforms and apply strict administrative and technical safeguards mitigate the risk of attack.

Common File Share Attack Approach

The most common approach attackers use to compromise file share platforms is phishing. Phishing is a technique by which the attackers sends out a legitimate looking (albeit fake) email which entices the employee to click on a link and provide information — such as login credentials — which goes directly to the attacker. Alternatively, the phishing attack may convince the employee to download an infected file to the same ends.  Once the attacker has compromised the file share, he or she can either steal information directly, escalate privileges to access more information, obtain additional account credentials, or sell the information on the dark web.  Access to the file share can also be used to perform a Denial of Service (“DoS”) attack by downloading or uploading large volumes of data thus congesting the network and preventing legitimate use.

Despite Google’s perceived safety, two major phishing attacks have been reported on Google accounts in the last two years. In late 2016, over a million google accounts were compromised by a malware attack known as Gooligan, designed to steal credentials allowing access to the victims Google services. Gooligan infected an estimated 13,000 devices per day during its lifecycle.  Again in early 2017, Google accounts were targeted with a message requesting the user to download a file.  When the user selected the link to download the file a face service that looked like a legitimate google service would request access to the users Gmail account.

Mitigating Risk

Businesses can mitigate the risk of file share attacks by implementing strict policies and sanctions regarding their use.  For example, all non-business file share sites can be blocked on the company’s network. Strict policies and monitoring should be in place to gain access to file share sites and employee accounts with such access should be closely monitored. Businesses should also implement test “phishing campaigns” — sending out company controlled phishing emails — to educate employees on what these email look like and how to avoid them.  Phishing tests also help businesses understand their risks by monitoring the number of employees who click on the bogus links. Whereas businesses have less control over employees loading data on to personal file share accounts, strict sanctions should be in place regarding this activity and employees should be aware of these sanctions.

Court Denies Plaintiff’s Motion to Compel

In Mirmina v. Genpact LLC, 2017 BL 260425, D. Conn., Civil No. 3:16CV00614 (AWT), the Court denied Plaintiff’s motion to compel additional responsive electronic communications despite the fact that an individual directly involved in the underlying claims of the suit “self-identified” potentially responsive emails.  The Court based its decision a number of important  factors:

  • Defendant Genpact’s in-house counsel produced an affidavit outlining the process used to preserve and search potentially responsive emails;
  • Genpact’s in-house counsel supervised the preservation and search process;
  • Plaintiff Mirmina was unable to identify any authority stating that self-identification was improper;
  • Mirmina was also unable to identify any emails that Genpact had not produced and was merely speculating that Genpact’s email production was deficient.

Case Background

Scott Mirmina, a former Genpact recruitment manager, sued his previous employer, a professional services firm, alleging age, race, and gender discrimination.

In May of 2017, Plaintiff Mirmina filed a Motion to Compel additional responses to specific discovery requests.  This motion was denied in June 2017, except for materials described in Genpact’s initial disclosures that had not yet been produced.

In July of 2017, Mirmina filed another Motion to Compel asking the court to force Genpact to produce additional responsive emails.  Mirmina stated that he was “concerned” that Genpact had withheld responsive emails and that Genpact’s search for responsive emails was inadequate because an employee directly involved with the underlying issues in the litigation had self-identified potentially responsive emails.

The Court denied Mirmina’s Motion to Compel after Genpact’s counsel described the process used to identify responsive emails.  Specifically, Genpact’s in-house counsel averred that they:

  • issued a timely and detailed litigation hold to potential ESI custodians;
  • provided instructions to the custodians on how to search for potentially responsive emails;
  • provided custodians with specific search parameters to identify potentially responsive emails;
  • explained importance of thoroughly searching for potentially responsive emails; and
  • provided guidance to custodians when they had questions about the search process.

The Court also determined that Mirmina’s allegations that responsive emails had not been produced was based on mere speculation.  The court held that this speculation was insufficient to require Genpact to conduct additional searches for potentially responsive emails.

Practical Takeaways

Self-identification of potentially responsive documents by custodians is not usually recommended.  There are obvious risks involved, including custodians not wanting to produce documents that could be damaging for themselves or their employer.  Further, there are risks involved in having custodians determine what may or may not be responsive to document requests. However, the Court’s decision in this matter describes a scenario in which self -identification of emails may be defensible.

The Court indicated that the primary driver for denying Mirmina’s Motion to Compel was the affidavit provided by Genpact’s in-house counsel detailing Defendant’s document identification and preservation process.  The most important practical takeaway from the Court’s ruling was that self-identification can be defensible, so long as a rigorous process is followed and documented.  This process includes drafting a timely and detailed litigation hold notice, providing instruction to custodians on how to identify potentially relevant documents, and answering questions that custodians may have throughout the process.

Finally, the Court made clear that purely “speculating” that an opposing party’s production is deficient is not enough to compel additional searches or document productions.  In order to compel an additional search for communications, a moving party must provide evidence to support its claim of a deficient production.

On May 25, 2018, the EU General Data Protection Regulation (“GDPR”) will impose significant new obligations on all U.S. companies that handle personal data of any EU individual. U.S. companies can be fined up to €20 million or 4% of their global annual revenue for the most egregious violations. What does the future passage of GDPR mean for your business?

Our experienced eDiscovery and Information Governance (eDIG) and Global Privacy and Security (GPS) practitioners will present a series of four 1-hour webinars in August through October of 2017. The presenters will provide a high-level discussion on risk assessment tools and remediation strategies to help prepare and reduce the cost of EU GDPR compliance. Continue Reading Is your organization ready for the new EU General Data Protection Regulation?

Yesterday, organizations around the world were hit by yet another ransomware attack.  Similar to the recent WannaCry attacks, the Petya attack works to encrypt documents and files and subsequently demands a ransom to unlock them.  Unlike WannaCry, it is believed that the Petya attack spreads internally through an organization (rather than across the Internet) using a vulnerability called “EternalBlue” in Microsoft Windows.  It is not yet clear who is behind this attack.  You will know if you are a victim of this attack if your machine reboots and you see the message pictured here, which indicates that the ransomware is encrypting your data.  Immediately after seeing this, turn off your machine, disconnect it from the internet, use forensic tools to recover any files not yet encrypted, and once done, reformat your hard drive and re-install the operating system, apps, and then your data from your latest backup.  If encryption completes before you are able to power down, do not pay the ransom.  It has been reported that the email address notifying the attacker of payment has been shut down, so there is no possible way to get the decryption key for the data after paying the ransom.

PT Security recently published a tweet showing the local “kill switch” for Petya.  From an organizational standpoint, ensure that all Microsoft patches are installed, consider installing protection programs to combat against potential attack, and complete routine backups of data.

On June 13, 2017, the Department of Homeland Security published an alert regarding malicious cyber activity by the North Korean government, known as Hidden Cobra.  Per the DHS and FBI, Hidden Cobra uses cyber operations to the government and military’s advantage by exfiltrating data and causing disruptive cyber intrusions.  Potential impacts of a Hidden Cobra attach can include “temporary or permanent loss of sensitive or proprietary information, disruption to regular operations, financial losses incurred to restore systems and files, and potential harm to an organization’s reputation.”  The DHS publication outlines ways to detect and protect against the malicious activity and suggests that organizations work to upgrade and/or remove older Microsoft operating systems and older versions of Adobe Flash Player, Microsoft Siverlight, and Hangul Word Processor.  Further, organizations should review and block all IP addresses listed in the “indicators of compromise” list provided, review and enforce incident response plans, and contact the DHS and FBI to report any potential Hidden Cobra intrusions. The full DHS publication can be found here.  We suggest that IT departments carefully review the full alert and take any steps possible to mitigate risk to the organization.