In response to the COVID-19 crisis, nearly all companies and organizations were abruptly forced to transition portions of, and in many cases, their entire workforce to remote work.  After a few weeks, it seems that many companies have adjusted to this “new normal” and settled in, albeit with some lingering technical and connectivity issues.  As companies raced to get their employees up and running remotely, it is likely many were primarily focused on connectivity and security, while necessarily ignoring the complex privacy, security, compliance, and document preservation challenges lurking below the surface of the “new norm.”

Companies will begin to realize that transitioning to a remote workforce can lead to unintended consequences that can and should now be addressed. Some of these unintended consequences include:

  1. Information Technology (“IT”) departments deploying software and systems such as Microsoft Teams, Slack, etc that have not yet been properly tested, including establishing retention periods, back-up procedures, and acceptable use policies.
  2. “Shadow IT” issues relating to employees using whatever services and products they think will help them do their remote job better, even when those products or services are not vetted by, supported by, or welcomed by corporate IT.
  3. Informal communications using messaging tools or social media platforms that are either not preserved subject to an active litigation hold notice, or that violate company policy, or frame the company in a negative light.
  4. Remote employee use of unauthorized external or cloud-based storage for company data.
  5. Information subject to a litigation hold notice being lost due to the inadequate back-up of laptops and other systems being used off-premises.
  6. Recycling of laptops, desktops, and mobile devices subject to a litigation hold notice in order to ensure rapid deployment of remote workforce.
  7. Employees using personal devices to store information and communications that are or could become subject to a litigation hold notice.
  8. Risking breach of confidential, sensitive, or personally identifying information (“PII”) due to lack of adequate remote security.
  9. Employees using unauthorized, unsecured, commercial collaboration tools.
  10. Employees using unsecured endpoints or endpoints with consumer-grade antivirus or antimalware.
  11. Employees operating off-network such that corporate firewalls for phishing and network intrusion are not engaged.
  12. Terminated employees subject to a litigation hold notice.

Continue Reading COVID-19 Remote Workforce Risks – Preservation, Compliance, Privacy, and Data Security Risks

This is what it sounds like, when sanctions are granted.

In March 2019, a federal judge in Minnesota sanctioned Defendants for their failure to preserve text messages in a copyright infringement suit brought in part by the estate of the late musician commonly known as “Prince”.

Representatives for Prince’s estate brought suit against Defendants George Ian Boxill, Rogue Music Alliance (“RMA”), Deliverance LLC (“Deliverance”), David Staley, Gabriel Solomon Wilson, and other parties alleging copyright infringement.  Plaintiffs filed suit for copyright infringement after learning that Defendants Boxill and RMA created Deliverance to market and release previously unreleased recordings that Prince created during recording sessions in 2006.  Defendant Boxill worked as Prince’s sound engineer during the 2006 recording sessions. Plaintiffs allege that a confidentiality agreement with Boxill placed ownership of the recordings solely on Prince.

Before releasing the music, Defendant Staley sent an email to Sensibility Music indicating that Defendant Boxill would indemnify RMA if Plaintiffs challenged the release. Shortly thereafter, Plaintiff’s estate sent a cease and desist letter, then filed suit.

The parties agreed to certain stipulations regarding discovery of ESI including taking “reasonable steps to preserve reasonably accessible sources of ESI.” The court did not enter an order concerning the stipulation but noted that it will enforce the agreement and warned that any non-compliance will be met with all available remedies, including sanctions. The Court also issued a pretrial scheduling order for both parties to preserve “all electronic documents that bear on any claims, defenses, or the subject matter of this lawsuit.” The court issued two additional pretrial scheduling orders each containing similar language to the first regarding preservation and warnings regarding consequences for violations.
Continue Reading Court Sanctions Defendant for Failure to Preserve Text Messages in Copyright Infringement Suit Brought by Prince’s Estate

By now, most litigators should know that they have an affirmative duty to advise their clients about the duty to preserve potentially relevant documents.  Despite this, the United States District Court for the Southern District of New York recently denied an attorney defendant’s motion for summary judgment in part because the record was not clear as to whether the attorney defendant fulfilled its obligations with respect to the duty to preserve.

Industrial Quick Search, Inc., Michael Meiresonne, and Meiresonne & Associates (collectively “Plaintiffs”) sued their law firm Miller, Rosado & Alogis, LLP (“Defendants”) for malpractice.  Neil Miller and Chris Rosado, named partners of the firm, were also individually named as Defendants.  Defendants represented Plaintiffs in an underlying copyright infringement lawsuit in which default judgement was entered against Plaintiffs for misappropriating confidential information, plagiarizing copyrighted material, and for deliberately destroying potentially relevant documents.
Continue Reading FAILURE TO ADEQUATELY ADVISE CLIENTS ON THEIR PRESERVATION OBLIGATIONS CAN BE CONSIDERED MALPRACTICE

Court Denies Plaintiff’s Motion to Compel

In Mirmina v. Genpact LLC, 2017 BL 260425, D. Conn., Civil No. 3:16CV00614 (AWT), the Court denied Plaintiff’s motion to compel additional responsive electronic communications despite the fact that an individual directly involved in the underlying claims of the suit “self-identified” potentially responsive emails.  The Court based its