Court Denies Plaintiff’s Motion to Compel

In Mirmina v. Genpact LLC, 2017 BL 260425, D. Conn., Civil No. 3:16CV00614 (AWT), the Court denied Plaintiff’s motion to compel additional responsive electronic communications despite the fact that an individual directly involved in the underlying claims of the suit “self-identified” potentially responsive emails.  The Court based its decision a number of important  factors:

  • Defendant Genpact’s in-house counsel produced an affidavit outlining the process used to preserve and search potentially responsive emails;
  • Genpact’s in-house counsel supervised the preservation and search process;
  • Plaintiff Mirmina was unable to identify any authority stating that self-identification was improper;
  • Mirmina was also unable to identify any emails that Genpact had not produced and was merely speculating that Genpact’s email production was deficient.

Case Background

Scott Mirmina, a former Genpact recruitment manager, sued his previous employer, a professional services firm, alleging age, race, and gender discrimination.

In May of 2017, Plaintiff Mirmina filed a Motion to Compel additional responses to specific discovery requests.  This motion was denied in June 2017, except for materials described in Genpact’s initial disclosures that had not yet been produced.

In July of 2017, Mirmina filed another Motion to Compel asking the court to force Genpact to produce additional responsive emails.  Mirmina stated that he was “concerned” that Genpact had withheld responsive emails and that Genpact’s search for responsive emails was inadequate because an employee directly involved with the underlying issues in the litigation had self-identified potentially responsive emails.

The Court denied Mirmina’s Motion to Compel after Genpact’s counsel described the process used to identify responsive emails.  Specifically, Genpact’s in-house counsel averred that they:

  • issued a timely and detailed litigation hold to potential ESI custodians;
  • provided instructions to the custodians on how to search for potentially responsive emails;
  • provided custodians with specific search parameters to identify potentially responsive emails;
  • explained importance of thoroughly searching for potentially responsive emails; and
  • provided guidance to custodians when they had questions about the search process.

The Court also determined that Mirmina’s allegations that responsive emails had not been produced was based on mere speculation.  The court held that this speculation was insufficient to require Genpact to conduct additional searches for potentially responsive emails.

Practical Takeaways

Self-identification of potentially responsive documents by custodians is not usually recommended.  There are obvious risks involved, including custodians not wanting to produce documents that could be damaging for themselves or their employer.  Further, there are risks involved in having custodians determine what may or may not be responsive to document requests. However, the Court’s decision in this matter describes a scenario in which self -identification of emails may be defensible.

The Court indicated that the primary driver for denying Mirmina’s Motion to Compel was the affidavit provided by Genpact’s in-house counsel detailing Defendant’s document identification and preservation process.  The most important practical takeaway from the Court’s ruling was that self-identification can be defensible, so long as a rigorous process is followed and documented.  This process includes drafting a timely and detailed litigation hold notice, providing instruction to custodians on how to identify potentially relevant documents, and answering questions that custodians may have throughout the process.

Finally, the Court made clear that purely “speculating” that an opposing party’s production is deficient is not enough to compel additional searches or document productions.  In order to compel an additional search for communications, a moving party must provide evidence to support its claim of a deficient production.

On May 25, 2018, the EU General Data Protection Regulation (“GDPR”) will impose significant new obligations on all U.S. companies that handle personal data of any EU individual. U.S. companies can be fined up to €20 million or 4% of their global annual revenue for the most egregious violations. What does the future passage of GDPR mean for your business?

Our experienced eDiscovery and Information Governance (eDIG) and Global Privacy and Security (GPS) practitioners will present a series of four 1-hour webinars in August through October of 2017. The presenters will provide a high-level discussion on risk assessment tools and remediation strategies to help prepare and reduce the cost of EU GDPR compliance. Continue Reading Is your organization ready for the new EU General Data Protection Regulation?

Yesterday, organizations around the world were hit by yet another ransomware attack.  Similar to the recent WannaCry attacks, the Petya attack works to encrypt documents and files and subsequently demands a ransom to unlock them.  Unlike WannaCry, it is believed that the Petya attack spreads internally through an organization (rather than across the Internet) using a vulnerability called “EternalBlue” in Microsoft Windows.  It is not yet clear who is behind this attack.  You will know if you are a victim of this attack if your machine reboots and you see the message pictured here, which indicates that the ransomware is encrypting your data.  Immediately after seeing this, turn off your machine, disconnect it from the internet, use forensic tools to recover any files not yet encrypted, and once done, reformat your hard drive and re-install the operating system, apps, and then your data from your latest backup.  If encryption completes before you are able to power down, do not pay the ransom.  It has been reported that the email address notifying the attacker of payment has been shut down, so there is no possible way to get the decryption key for the data after paying the ransom.

PT Security recently published a tweet showing the local “kill switch” for Petya.  From an organizational standpoint, ensure that all Microsoft patches are installed, consider installing protection programs to combat against potential attack, and complete routine backups of data.

On June 13, 2017, the Department of Homeland Security published an alert regarding malicious cyber activity by the North Korean government, known as Hidden Cobra.  Per the DHS and FBI, Hidden Cobra uses cyber operations to the government and military’s advantage by exfiltrating data and causing disruptive cyber intrusions.  Potential impacts of a Hidden Cobra attach can include “temporary or permanent loss of sensitive or proprietary information, disruption to regular operations, financial losses incurred to restore systems and files, and potential harm to an organization’s reputation.”  The DHS publication outlines ways to detect and protect against the malicious activity and suggests that organizations work to upgrade and/or remove older Microsoft operating systems and older versions of Adobe Flash Player, Microsoft Siverlight, and Hangul Word Processor.  Further, organizations should review and block all IP addresses listed in the “indicators of compromise” list provided, review and enforce incident response plans, and contact the DHS and FBI to report any potential Hidden Cobra intrusions. The full DHS publication can be found here.  We suggest that IT departments carefully review the full alert and take any steps possible to mitigate risk to the organization.

The 2017 edition of The Legal 500 United States recommends Seyfarth Shaw’s Global Privacy & Security Team as one of the best in the country for Cyber Law (including data protection and privacy). In addition, based on feedback from corporate counsel, the co-chairs of Seyfarth’s group, Scott A. Carlson and John P. Tomaszewski, and Seyfarth partners Karla Grossenbacher (head of Seyfarth’s National Workplace Privacy Team) and Richard D. Lutkus were recommended in the editorial. Richard Lutkus is also listed as one of 14 “Next Generation Lawyers.”

The Legal 500 United States is an independent guide providing comprehensive coverage on legal services and is widely referenced for its definitive judgment of law firm capabilities.

Tuesday June 20, 2017

1:00 p.m. to 2:30 p.m. Eastern

12:00 p.m. to 1:30 p.m. Central

11:00 a.m. to 12:30 p.m. Mountain

10:00 a.m. to 11:30 a.m. Pacific

Registration

There is no cost to attend this program, however, registration is required.

 

Discovery is often the most expensive, frustrating and burdensome aspect of litigation and many cases settle before discovery is complete in order to avoid these costs.  A new mandatory pilot program in the US District Court for the Northern District of Illinois will change all that by requiring extensive discovery early on in litigation.    Effective June 1, 2017, the Federal Court in the Northern District of Illinois will embark upon a three-year mandatory pilot program, known as the Mandatory Initial Discovery Pilot Project (MIDPP) which imposes court-ordered discovery and early production of electronically stored information (ESI) in almost all civil cases.  Please join Seyfarth attorneys to learn about the new pilot program and how it will affect litigation involving your company. In this webinar, the panel will review the MIDPP and answer the following questions:

  • Who does the MIDPP affect?
  • What does the MIDPP require?
  • When does the MIDPP take affect?
  • Where is the MIDPP taking place?
  • Why was the MIDPP implemented?
  • How do companies comply with the MIDPP?

Speakers 

Jordan Vick – Seyfarth Shaw

Lou Chronowski – Seyfarth Shaw

Jay Carle – Seyfarth Shaw

 

If you have any questions, please contact events@seyfarth.com.

*CLE Credit for this webinar has been awarded in the following states: CA, IL, NJ and NY. CLE Credit is pending for GA, TX and VA. Please note that in order to receive full credit for attending this webinar, the registrant must be present for the entire session.

On May 11, President Trump signed Executive Order (EO) on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. This is a significant development for U.S. cybersecurity as it represents a concrete call to action for the government to modernize its information technology, beef up its cybersecurity capabilities, protect our country’s critical infrastructure from cyberattacks, and ensure the overall cybersecurity and privacy of the internet for generations to come. The EO also stresses the importance of the growth and sustainment of a workforce that is skilled in cybersecurity as the foundation for achieving U.S. objectives in cyberspace.

This EO was much anticipated. In fact, earlier this year, we, along with many other internet sources, reported that President Trump was expected to sign soon EO on Strengthening U.S. Cyber Security and Capabilities. The “leaked” draft of the expected EO we examined at that time was never signed, and the actual, signed EO on cybersecurity bears little resemblance to the version that circulated on the internet in February.

The signed EO requires various agencies to prepare a number of reports on the current status of cybersecurity and risk management and to present plans for improvement and further development. Because there are tight deadlines associated with these reports, the agencies are already at work on conducting the necessary analysis and developing path forward. With all its robustness, the EO, however, represents a natural progression in strengthening our national cybersecurity and builds upon previous federal efforts. Indeed, the EO expressly ties several of its mandates to the various cybersecurity orders signed by President Obama.

Scott Carlson, the founder and Chair of Seyfarth Shaw’s eDiscovery and Information Governance practice, will examine this EO along with other current cybersecurity issues facing U.S. organizations in further detail during the First 100 & Beyond: Seyfarth’s Strategy & Planning Summit For Businesses, an event that will be held at Seyfarth Shaw’s Chicago office on May 25, 2017. There is no cost to attend this event, but registration is required. Please consider joining us for this important discussion.

Recently, a widespread global ransomware attack has struck hospitals, communication, and other types of companies and government offices around the world, seizing control of affected computers until the victims pay a ransom.  This widespread ransomware campaign has affected various organizations with reports of tens of thousands of infections in as many as 99 countries, including the United States, United Kingdom, Spain, Russia, Taiwan, France, and Japan.  The software can run in as many as 27 different languages.  The latest version of this ransomware variant, known as WannaCryWCry, or Wanna Decryptor, was discovered the morning of May 12, 2017, by an independent security researcher and has spread rapidly.

Continue Reading WannaCry Ransomware Attack: What Happened and How to Address

In Realpage Inc. v. Enter. Risk Control, LLC, 2017 BL 102339 (E.D. Tex. 2017), the court ordered Enterprise Risk Control, LLC (“Enterprise”) to produce forensic images of devices used by a former Realpage employee to a forensic neutral in order to determine whether any source code was recoverable pertaining to Realpage’s allegations of misappropriation.

Background

After leaving employment with Realpage in 2012, Tom Bean (“Bean”) started his own software development company named IDC. Bean and IDC were hired by former Realpage employee, and active Enterprise employee, Lonnie Derden (“Derden”) to design a vendor compliance application that was “completely different” than the one in place at Realpage. In July 2013, Enterprise hired Bean as a full-time employee and it was at that time that Bean transferred all of his source code for the vendor compliance application from IDC’s computers to Enterprise’s computers. According to Bean’s affidavit, he deleted all versions of his source code from IDC’s computers after the transfer.

Pursuant to this lawsuit, Enterprise made the vendor compliance application source code from July 2013 to the present available to Realpage for their analysis. During their review, Realpage found comments in the source code referencing dates from 2012 and early 2013, which Realpage argued indicated that versions of the source code from that point in time must exist. While the court rejected this argument, they recognized that Realpage’s complaints surround code that existed on or before the date that Bean transferred the source code to Enterprise. The court concluded that “a tailored [forensic] examination is appropriate at this time to determine whether the missing code is recoverable or to enable effective cross-examination as to its destruction.” Id. at *2. Continue Reading Court Orders Enterprise to Engage in Forensic Imaging and Analysis

shutterstock_506771554Another week, another well-concocted phishing scam.  The most recent fraudulent activity targeted businesses that use Workday, though this is not a breach or vulnerability in Workday itself.  Specifically, the attack involves a well-crafted spam email that is sent to employees purporting to be from the CFO, CEO, or Head of HR or similar.   Sometimes the emails include the name, title, and other personal information of the “sender” that we believe might be harvested from LinkedIn or other business databases.  The email asks employees to use a link in the phishing email or attached PDF to log into a fake Workday website that looks legitimate.  The threat actors who run the fake Workday website then use the user name and password to log into the Workday account as the employee and change their direct deposit bank/ACH information to another bank, relatable Green Dot, or similar credit card.

The fraud is typically only discovered when the employees contact HR inquiring as to why they did not receive their direct deposit funds.  Unfortunately it appears that spam filters and other controls are failing to prevent this email from infiltrating the organization’s network.

In order to prevent this from happening to your organization, Workday has posted several “best practice” tips on their customer portal.  The most impactful mitigation techniques include enabling and enforcing two factor authentication on your organization’s Workday instance, and changing your Workday settings to force administrative approval upon employee requests for direct deposit account change.  Both of these will help secure your Workday environment and avoid employee loss of paychecks.   Finally, always remember to train employees on fraudulent email identification through training and security drills/tests.