Technology Law Source

Archives: Information Technology

Subscribe to Information Technology RSS Feed

Be careful what you say

This article was published originally at The article is the fourth in a six-part series focusing on evidence spoliation. Read more about previous posts. Technology Law Source will notify readers as publishes additional articles in this series.

In its simplest terms, a legal hold (also known as a litigation hold, preservation order, suspension order, freeze notice, hold notice or hold order) is a process that an organization uses to preserve all forms of relevant information when litigation is reasonably anticipated, according to Shira A. Scheindlin and Daniel J. Capra, who wrote The Sedona Conference, Electronic Discovery and Digital Evidence. Legal holds can take many forms and may be initiated by individuals within and/or outside an organization. For example, a hold can be oral, written or electronic and may be implemented by company executives, in-house counsel, representatives from the human resources or information technology department or outside counsel.

No matter who or how a hold is implemented — issuing a proper hold is essential. The purpose of a legal hold is to inform all relevant personnel of their obligation to locate and preserve all information that may be pertinent to actual or threatened litigation. To accomplish this task, a legal hold must provide some type of description of the actual or anticipated proceeding, identify the scope and type of information to preserve, and specify the locations of the information to be preserved. The hold must also confirm that any applicable document destruction procedures or policies of an …

Court uses “Traditional Relevance Analysis” to order production of plaintiff-employee’s social media postings on emotional distress and alternative potential stressors

In an ADA employment discrimination case, a federal court recently denied a defendant’s request to compel the plaintiff to provide authorizations for all of her social media accounts, but still ordered the production of any social media postings relevant to the plaintiff’s claimed emotional distress damages. See Giacchetto-v-Patchogue-MedfordUnion, No. CV 11-6323 (E.D.N.Y. May 6, 2013). The court followed the approach taken in Howell v. Buckeye Ranch, Inc., No. 11-CV-1014 (S.D. Ohio Oct. 2012), and applied a “traditional relevance analysis,” stating “[t]he fact that Defendant is seeking social networking information as opposed to traditional discovery materials does not change the Court’s analysis.” Giacchetto, slip op. at 3.

In reaching its result, the court rejected the approach taken by some federal courts that the private section of a Facebook account is discoverable only if the party seeking the information can make a threshold evidentiary showing that a plaintiff’s public Facebook profile contains information that undermines her claims. According to the court, this approach can be too broad because “a plaintiff should not be required to turn over the private section of his or her Facebook profile (which may or may not contain relevant information) merely because the public section undermines the plaintiff’s claims.” Id. at 3 n. 1. This approach also can be too narrow because “a plaintiff should be required to review the private section and produce any relevant information, regardless of what is reflected in the public section.” Id. “The Federal Rules of Civil Procedure do not require a …

When does a company have a duty to preserve evidence?

This article was published originally at The article is the first in a six-part series focusing on evidence spoliation. Read part 2: Events courts consider when deciding if duty to preserve evidence has been triggered; and part 3: Preservation obligations after a duty to preserve has been triggered. Technology Law Source will notify readers as publishes additional articles in this series.

There is no consensus among state or federal courts on the standards that govern preservation and spoliation issues. Yet, whether and when a company has a duty to preserve evidence is among the first questions that come to mind for inside counsel considering spoliation issues. Generally, a company has no duty to preserve evidence before litigation is filed, threatened or reasonably foreseeable unless there is a statutory or regulatory mandate, a contractual obligation, some special circumstance, or an organization has voluntarily assumed an obligation to retain some document, data or thing. That means, unless a company has notice of a probable or pending litigation or a government investigation, it generally has the right to dispose of its own property, including documents, electronically stored information or tangible things, without liability.…

Court relies on proportionality to deny inspection of defendant’s computers, cell phones and email accounts

Earlier this year, we wrote about a decision in which a federal district court rejected a proportionality argument and ordered the production of a defendant’s entire database because the information in the database was highly relevant to the plaintiff’s trademark infringement claim. Another federal district court recently came out differently in a trade secret misappropriation and restrictive covenant case on a plaintiff’s request for inspection of (a) all the defendant’s computers, hard drives, and electronic devices, and (b) the email addresses and log-in information for all the defendant’s email accounts. See Carolina Bedding Direct, LLC v. Downen, Case No. 3:12-CV-336 (M.D. Fla. May 7, 2013).

The court denied the request for inspection because “the proposed discovery [was] not outweighed by the likely benefit.” Slip op. at 4. The court’s reliance on proportionality is consistent with the emphasis placed on proportionality in the current draft amendments to the Federal Rules of Civil Procedure and the new section on e-discovery in the recent edition of the Benchbook for U.S. District Court Judges.

In its analysis, the court stated that “Rule 34 does not grant unrestricted access to a respondent’s database compilations.” Id. at 3. To gain such direct access, “the court must make a factual finding of some non-compliance with discovery rules and protect respondent with respect to preservation of his records, confidentiality of non-discoverable matters and costs.” Id.…

Fifth Circuit affirms $44.4 million jury award for trade secret misappropriation of software developed for oil and gas industry

The Fifth Circuit Court of Appeals recently affirmed a jury verdict awarding $26.2 million in compensatory damages and $18.2 million in punitive damages for trade secret misappropriation of software that enabled oil and gas companies to “plan, procure and pay for complex services” online. See Wellogix, Inc. v. Accenture, LLP, Case No. 11-20816 (5th Cir. May 15, 2013). The Fifth Circuit stated: “Had we sat in the jury box, we may have decided otherwise. ‘But juries are not bound by what seems inescapable logic to judges.’ Morissette v. United States, 342 U.S. 246, 276 (1952).”

The case highlights the importance of taking steps to protect the secrecy of confidential and proprietary business information, including securing confidentiality agreements before sharing such information with other parties such as investors, customers and marketing partners. Because the plaintiff — Wellogix, Inc. — established that it had disclosed its proprietary software and technology to the defendant subject to a confidentiality agreement, it was able to meet its burden of showing that it had taken sufficient measures to guard the secrecy of its software and that the defendant had improperly relied on Wellogix’s software to pursue another business opportunity in breach of the parties’ confidential relationship.…

Porter Wright announces four-part seminar series on trending technology, privacy and security issues

On June 19, Porter Wright launches its four-part seminar series covering technology topics at the forefront of today’s businesses. Technology Law Source will continue to cover these topics in future blog posts, including navigating through U.S. and international laws, regulations and standards.

The seminar series comprises:

Social Media in the Law: Learn It and Use It, or Get Out of the Way June 19 Social media has forever altered how we share and collect information about friends and colleagues as well as people outside our professional or personal circles. And this sea change hasn’t applied solely to our personal lives — businesses have been in the mix almost since day one. But have business leaders considered the ramifications of their companies’ social media activity? Porter Wright attorneys Sara Jodka, Colleen Marshall, and Erin Siegfried discuss workplace social media policies that conform with recent NLRB decisions, conducting legally sound social media background checks, termination based on social media activity, ownership of social media content, duty to preserve, and the potential dangers of conducting fair disclosure through social media.…

Benchbook for U.S. District Court judges adds new section on e-discovery and jury instructions for jurors’ use of social media and electronic devices

The Federal Judicial Center recently published the Sixth Edition of the Benchbook for U.S. District Court Judges. For the first time, the Benchbook includes a section on civil case management, including how to address e-discovery issues. The Benchbook also adds new jury instructions regarding the use of social media and electronic devices by jurors during trials.

The updated Benchbook reflects the impact that technology and e-discovery are having on pretrial litigation and trials. Although the current draft amendments to the Federal Rules of Civil Procedure are still a ways off from being approved, the Benchbook has included recommendations for addressing e-discovery issues which incorporate key concepts found in those draft amendments as well as in existing local federal court initiatives.…

Don’t forget about e-discovery when moving to the cloud

As businesses move more applications and data to cloud services (e.g., Google Apps for Business,, Amazon S3, etc.), they inevitably are going to find themselves in litigation with the need to retrieve electronically stored information (ESI) from the cloud to comply with their e-discovery obligations. While the risks of e-discovery likely will not keep any businesses away from public cloud services altogether, businesses at least should plan for how they are going to meet the demands of e-discovery in the cloud when litigation arises.

Following are some tips on how businesses can manage their e-discovery risks if they are considering a move to a cloud or if they have already made the move.…

Court orders production of defendant’s entire business database in contentious trademark infringement case

Though the Federal Rules of Civil Procedure are “not meant to create a routine right of direct access to a party’s electronic information system,” a federal district court recently held that the benefits of allowing the plaintiff direct access to the defendant’s entire business database outweighed the burden of producing it. [See Advanced Tactical Ordnance Systems LLC v. Real Action Paintball Inc., No. 1:12-CV-296, Doc. 222, 2013 U.S. Dist. LEXIS 25022 (N.D. Ind. Feb. 25, 2013).] The court reasoned that the information in the database was highly relevant to the plaintiff’s claims — including the plaintiff’s contention that the defendant was using hidden “metatags” referencing the plaintiff’s trademark to drive higher search engine results for the defendant’s website and thus draw the plaintiff’s potential customers to the defendant — and that the defendant failed to demonstrate how the information in its database constituted a trade secret or how its disclosure would harm the defendant’s competitive advantage.

Plaintiff’s Claims The plaintiff, Advanced Tactical Ordnance Systems LLC (“ATO”), markets and sells irritant powder filled projectiles under the mark PepperBall®. ATO acquired the mark when it acquired all of the assets of PepperBall Technologies Inc. ATO alleges that the former Chief Operating Officer of PepperBall Technologies misappropriated the trade secrets that ATO had acquired (including powder formulas, projectile shell designs and customer lists), then conspired with another defendant, Real Action Paintball Inc. (“RAP4”), to start selling counterfeit PepperBall® projectiles around the world. ATO also alleges that the defendants misrepresented to ATO’s …

Caution: case highlights importance of broad, early preservation efforts

This blog post was co-authored by Margaret M. (Peggy) Koesel and Tracey L. Turnbull

A company may discard data, documents or records in the ordinary course of its business. But routine destruction of information that may be relevant to a government investigation or a lawsuit must be suspended and information must be saved as soon as possible after a party has notice that it must preserve evidence. A recent case from the district court for the Southern District of Ohio looks at the events that triggered a bank’s duty to save particular data considered relevant by its opponent and the consequences of its failure to stop the routine purging of that data on a timely basis.

In E.E.O.C. v. JP Morgan Chase, No. 2:09-cv-00864, the Equal Employment Opportunity Commission claimed that a bank treated a class of female mortgage consultants differently than their male counterparts by, among other things, directing more lucrative calls in the call queue to male employees based on the skills it assigned to each individual mortgage consultant. In an effort to establish this theory, the commission asked the bank to produce “skill login data” for a five-year time period, claiming that a statistical analysis of that data would show discrimination.…

Ohio Appellate Court disallows forensic imaging of a non-party witness’s computers because witness’s privacy interests outweighed need for imaging

An Ohio appellate court recently overturned a trial court’s order that compelled the production and forensic examination of a non-party witness’s computers, hard drives, and cell phones because “a trial court abuses its discretion when it permits forensic imaging of electronic devices without first a showing that there has been a background of noncompliance with discovery and the need for forensic imaging outweighs the party’s privacy interests.” Scott Process Systems, Inc. v. Mitchell, 2012-Ohio-5971, ¶38 (Ohio Ct. App. Dec. 17, 2012). Because forensic imaging (or “mirror imaging”) of a hard drive replicates “bit for bit, sector for sector, all allocated and unallocated space, including slack space,” on the drive, a non-party witness’s privacy and confidentiality concerns must be carefully balanced against the requesting party’s discovery interests and need for the imaging. Id. at ¶¶28-29. Other courts also have applied a balancing test in the context of civil discovery to determine whether the forensic imaging of a party’s electronic devices is justified under the circumstances. See, e.g., Wynmoor Community Council, Inc. v. QBE Insurance Corporation, 280 F.R.D. 681, 687 (S.D. Fla. 2012) (ordering forensic examination of the plaintiffs’ computers because they were either unwilling or unable to conduct a search of their computers systems for responsive documents); Musket Corp. v. Star Fuel of Oklahoma, LLC, No. CIV-11-444 (W.D. Okla. Sep. 21, 2012) (disallowing forensic examination of hard drive after stating that “[d]irect inspection of an opponent’s hard drive is not routine and may be justified only in certain circumstances,” …

SHOCKING NEWS!! We are spending too much time surfing the web for personal reasons at work. What to do about these cyberloafers??

According to a news release issued by the university, a Kansas State University study to be published in the journal Computers in Human Behavior concludes that between 60% and 80% of the time spent by people on the internet at work has “nothing to do with work.” The study, which was profiled yesterday on The Today Show, suggests that “cyberloafers” come in all ages. According to one of the researchers, “Older people are doing things like managing their finances, while young people found it much more acceptable to spend time on social networking sites like Facebook.”

Certainly, while the estimated percentage might be unexpectedly high to some, there is no doubt that workers are spending more time on the internet for personal reasons. The study goes on to note that employer electronic monitoring policies do little to change behaviors unless the policies are enforced. According to the news release announcing the study, “Researchers discovered that the only way to change people’s attitudes is to provide them with information about other employees who were reprimanded.”

The question I have is whether enforcement of these policies really discourages employees from surfing the web or whether it merely drives the behavior underground. My bet is that many — I won’t say most — employees who fear discipline as a result of electronic monitoring at work will simply resort to using their personal electronic devices, which the employer will not be able to monitor. In my mind, the best way for an employer …

Changes to Children’s Online Privacy Protection Act (COPPA) Rule Become Effective July 1, 2013

The amendments to the rule implementing COPPA have been met with varying degrees of celebration, skepticism, disappointment and confusion. The amendments change all aspects of the rule, though some to a greater degree than others. While a full understanding of the impact of the amendments will likely have to wait until we see how they are enforced, a review of the amendments is, nonetheless, helpful in preparing for the July 1, 2013 effective date of the amended rule.

Adopted in December by the Federal Trade Commission (FTC), to keep up with changing technology, the amendments were designed to "strike the right balance between protecting innovation that will provide rich and engaging content for children, and ensuring that parents are informed and involved in their children’s online activities," according to FTC Chairman Jon Leibowitz, who has since announced his intention to resign effective mid-February. (Read the text of the Federal Register notice.)…

Federal Court Approves Use of “Computer-Assisted Review” to Find and Produce Relevant ESI in Discovery

In the first-known judicial opinion in which a court has recognized that the use of computer-assisted review is an acceptable way to search for relevant electronically stored information (ESI) in appropriate cases, Magistrate Judge Andrew J. Peck of the United States District Court for the Southern District of New York issued an opinion on Friday approving the use of “computer-assisted review” to find and produce relevant ESI in an employment discrimination case filed as a class action.…

Porter Wright Information Privacy and Data Security Workshop Series

Please join us for this informative series focused on the technical, enforcement, and practical aspects of experiencing and responding to a data security incident. For the complete invitation and details on registration please click here.


Learn How to Effectively Utilize Law Enforcement and Private Security Resources to Protect Yourself and Your Business From Computer Criminals

January 20, 2011 11:30 a.m. – 1:30 p.m. Lunch will be provided Capital Club – 41 South High Street, 7th Floor Columbus, Ohio

Focus issues: Trends in Identity Theft What Can Lead to a Data Breach Law Enforcement Identity Theft Investigations


Data Breach Incidents on the Rise

This week, the Identity Theft Resource Center released its 2010 data breach statistics report for data breaches through June 22, 2010. According to this weekly report, 2010 has already seen 325 reported data breaches exposing approximately 8.3 million records. Considering that the 2009 report shows 498 reported data breaches for all of last year, it looks like 2010 will see an increase in overall data breaches.

Companies collecting personal information should take proactive measures to avoid data breaches. Proactive measures include maintaining an up-to-date security policy, safeguarding sensitive data, encrypting data, turning on and monitoring system logs, and restricting access to only those who need it. (See our previous post for an example of why security implementations should be kept up to date.)

It is also important to have a preemptive response plan in place to deal with a data breach should one occur. A response plan should include means of investigating the data breach, notifying those whose records or information are potentially affected, addressing legal concerns, addressing public relations concerns, making other required notifications (such as those described here), and ensuring the data breach is not ongoing or recurring.…

What Border Officials Can Do with Your Laptop And Cellular Phone

Having your laptop or smartphone searched or detained by Customs on your way back from a business trip would be a nightmare for most travelers, including bankers and other finance professionals. However, this scenario is quite possible under new governmental policies.

In 2009, U.S. Customs and Border Protection (“CBP”) and U.S. Immigration and Customs Enforcement (“ICE”) both issued their respective new policies on border searches of electronic devices. This was a coordinated effort of CBP and ICE to update and harmonize their border policies to detect an array of illegal activities, including terrorism, cash smuggling, contraband, child pornography, copyright, and export control violations.

With all the technology innovations that allow business travelers to carry massive amounts of information in small electronic devices, CBP and ICE are facing an enormous challenge. On the one hand, travelers have a legitimate right to carry information on electronic devices. In that respect, there are serious concerns regarding the traveler’s expectation of privacy. On the other hand, the government has a duty to combat illegal activities and to enforce U.S. law at the border. The difficulty is finding the right balance between the government’s duty to enforce the law and the rights of travelers.

The legal basis for ICE and CBP policies is the border search exception to the Fourth Amendment requirement that officers obtain a warrant before searching someone’s property. But, assuming that they have this power, another key issue is exactly what CBP and ICE are allowed to do with one’s laptop. In …