An extract from The e-Discovery and Information Governance Law Review - Edition 3
The law governing electronic discovery (e-discovery) is continually developing. US courts, administrative agencies and regulatory bodies often have an expansive view of discovery of electronically stored information (ESI). This view stems from the notion that broad discovery helps facilitate the quest for truth.
The Federal Rules of Civil Procedure (the Federal Rules), state procedural rules, the Federal Rules of Evidence, state evidentiary rules, regulatory agency rules, other local rules and case law created by judicial and regulatory opinions form a patchwork of law governing e-discovery. Although courts and regulatory authorities are adapting evidentiary and procedural rules to the realities of e-discovery, courts, regulatory authorities and litigants struggle to keep up with ever-changing technologies and data proliferation. The Federal Rules intentionally avoid defining the term 'electronically stored information' with precision in order to accommodate '[t]he wide variety of computer systems currently in use, and the rapidity of technological change'.2 Thus, the Federal Rules envision the discovery of 'any type of information that is stored electronically',3 including forms of ESI not yet invented.
In the United States, the producing party typically bears the costs of producing ESI. For years, litigants struggled with increasing e-discovery costs. Explosions in data volumes coupled with expansive views of discovery resulted in e-discovery costs that threatened to overwhelm litigation. Moreover, courts took varying approaches in sanctioning parties that failed to preserve ESI: some courts granted adverse inferences that, in essence, were outcome-determinative when parties were negligent or grossly negligent in failing to preserve ESI, while others only granted these sanctions when a party acted in bad faith. Litigants grew increasingly concerned that cases were being decided based upon e-discovery costs and threat of sanctions as opposed to the merits.
Recognising the need to rein in e-discovery costs and provide more uniformity and certainty for litigants, the 2015 Amendments to the Federal Rules explicitly make proportionality an element of the scope of discovery and reserve outcome-determinative sanctions for those cases where a party acts in bad faith.
Generally, Rule 26(b)(1) governs the scope of discovery. A party may discover:
[A]ny nonprivileged matter that is relevant to any party's claim or defense and proportional to the needs of the case, considering the importance of the issues at stake in the action, the amount in controversy, the parties' relative access to relevant information, the parties' resources, the importance of the discovery in resolving the issues, and whether the burden or expense of the proposed discovery outweighs its likely benefit.
Moreover, for years parties were at odds over e-discovery. Despite the contentious nature of US litigation, courts and litigants are recognising the need for parties to cooperate to bring about the 'just, speedy, and inexpensive'4 determination of a matter. Thus, the Federal Rules and local rules have been amended to improve cooperation between parties through requiring meet and confers and informal e-discovery discussions.
A party can help control its e-discovery costs as well as the entire e-discovery process through thoughtful strategic planning, knowledge of the ESI landscape and an understanding of the needs of a case. Armed with this knowledge, responding parties may lessen their e-discovery burdens, and might even seek to shift costs when the production costs exceed a reasonable and proportional amount.
Year in review
Courts continue to seek new ways to reduce e-discovery burdens and expenses. Although the Mandatory Initial Discovery Pilot Project, which required parties to respond to standard discovery requests before undertaking other discovery in the District of Arizona, the Northern District of Illinois and Judge Lee Rosenthal's court in the Southern District of Texas, ended in 2020, state courts and federal judges are taking it upon themselves to enact local rules designed to mimic the required production of information sooner.5 The requirements go beyond the initial disclosures required in Rule 26, which simply require the disclosure of information upon which a party intends to rely, and require the disclosure of documents or ESI that may be relevant to any party's claims or defences.
New rules and regulations continue to focus on cooperation. The December 2020 amendment to Rule 30(b)(6) requires that parties meet and confer regarding the subject matters for a 30(b)(6) deposition, which may be of particular importance when faced with the proverbial 'discovery about discovery' deposition seeking testimony about data preservation, collection and production. It can also come into play whenever depositions seek information regarding a party's electronic systems. In addition, more courts are instituting local rules requiring meet and confers before e-discovery issues are raised with courts.
Courts and parties must remain cognisant of the ever-changing technology landscape. Because ESI subject to discovery encompasses information in any form, recent cases have focused on newer technologies, including cloud computing, mobile devices and communication applications. Newer technologies can create unique challenges for organisations, including issues associated with information governance, privacy, collection and production, and potential waiver of privilege or confidentiality. Such ESI challenges have been further compounded by the worldwide covid-19 pandemic and the shift to a more remote workforce.
Data privacy remains a major concern for organisations facing a myriad of regulations. The California Consumer Privacy Act (CCPA) went into effect in January 2020. Virginia passed the Consumer Data Protection Act (CDPA) in 2021, and it will enter into effect on 1 January 2023. The potential enactment of additional privacy regulations elsewhere will require continued agility in e-discovery and information governance.
Foreign data privacy regulations continue to be an issue for multinational organisations. Up until July 2020, when the Court of Justice of the European Union invalidated the EU–US Privacy Shield Framework, many US organisations had relied on the Privacy Shield to comply with the EU General Data Protection Regulation (GDPR). Organisations previously relying upon the Privacy Shield have had to adapt their business practices to find new ways of complying with data privacy obligations, such as through the enactment of standard contractual clauses.
Despite the invalidation of the framework on the EU side, organisations previously relying upon the Privacy Shield may still be required to comply with their Privacy Shield obligations under US federal law.6 The US government continues to look for new avenues for cross-border data transfers, as the Department of Commerce's International Trade Administration has reiterated its commitment to working with EU authorities to formulate a new data transfer system.7
While the laws governing e-discovery and information governance continue to evolve, there are still issues that must be resolved.i State rules versus the Federal Rules
Although the 2015 Federal Rules amendments address proportionality and sanction concerns, not all states have updated their respective rules. Therefore, parties may still face uncertainty in respect of discovery in state court litigation.ii Redactions for irrelevant information
Some courts allow parties to redact non-responsive information, while others reject this practice.8 Courts denying redactions cite the lack of authority for them and the need for a party to see information in context, while courts allowing redactions often find compelling reasons for them, such as protecting unique business information, and believe that requesting parties are not entitled to irrelevant information.iii Quick peeks
Courts appear to disagree on the scope and meaning of Federal Rule of Evidence 502 and its interplay with Rule 26. When faced with burden and proportionality arguments, some courts require parties to provide a 'quick peek' under Rule 502(d), allowing the opposing party to view all documents without the producing party risking privilege waiver.9iv Extraterritorial discovery
Cross-border discovery remains a moving target. The Clarifying Lawful Overseas Use of Data Act (the CLOUD Act) has made clear that Stored Communications Act Section 2703 warrants apply to data held outside the United States. The CLOUD Act requires a company with US contacts to preserve and disclose the contents of a stored communication 'regardless of whether such communication, record or other information is located within or outside of the United States'.10
The CLOUD Act does contain comity provisions that may limit the government's ability to access data stored abroad. It allows service providers to move to quash when the subscriber 'is not a United States person and does not reside in the United States; and . . . the required disclosure would create a material risk that the provider would violate the laws of a qualifying foreign government'; however, it does not provide subscribers with a similar right.11
Lower courts remain divided on the production of documents located outside the United States. Some courts are trying to remove data subject to foreign data regulations from the discovery process as much as possible.12 Others are applying proportionality concepts in determining whether foreign data is really relevant or can be narrowed in some manner,13 and still others are ordering extraterritorial discovery under other rules, such as 28 USC Section 1782.14
Outlook and conclusions
Mobile applications, collaborative tools, file sharing and other rapidly changing technologies impact the way organisations create and store data. Organisations and practitioners must remain nimble to address the ever-changing technological landscape within organisations.
Upcoming changes in e-discovery law will be focused on bringing about the just, speedy and inexpensive determination of matters in accordance with Rule 1. Courts and litigants will continue to look for ways to speed up the e-discovery process while reducing costs. Future e-discovery technologies and AI tools will be aimed at achieving this goal.
Data privacy will continue to be a focus. The intersection between broad-based US discovery and foreign data privacy regulations, such as the GDPR, will continue to play out in the courts. Data breaches and privacy concerns could also result in the passage of more stringent regulations governing privacy in various jurisdictions. Members of Congress from both major parties have expressed concern over data privacy, and the new presidential administration may focus on consumer data protection in the future.