Protecting Privilege — New Rule 502 mitigates the risk of inadvertent e-discovery disclosures

By Michael Kozubek

Published in the 2/1/2009 Issue of Inside Counsel.

Privilege review has been a major culprit in the skyrocketing cost of e-discovery. With hundreds of thousands of documents subject to discovery in numerous cases, attorney-client communications and work-product information frequently end up in the hands of the opposing party. Because the production of privileged documents during discovery waives the privilege, discovery teams scour through documents trying to ensure nothing slips through that could damage their case. Still, with the volume of electronically stored information, inadvertent disclosure is almost inevitable, with potentially devastating results.

“Cases have been lost in part because of inadvertent disclosures,” says Bobby Balachandran, CEO of Exterro, a legal hold and workflow software provider.

But that risk diminished when Rule 502 of the Federal Rules of Evidence (FRE 502), originally drafted by the Judicial Conference Committee on Rules of Practice and Procedure, recently became law. The new rule is designed to mitigate the expense of privilege review while protecting companies from potentially large liabilities arising from inadvertent disclosures of privileged communication.

The rule provides that privilege is not waived when privileged communications are inadvertently disclosed, provided the holder of the privilege took “reasonable steps” to prevent disclosure and to rectify the error.

Litigators celebrated the enactment of FRE 502 while warning that it is not a panacea and does not remove the need for sound e-discovery management practices.

“The new rule is welcome news for litigants,” says David Lender, a partner at Weil, Gotshal and Manges. “An inadvertent production will not result in the waiver of the privilege as long as reasonable steps are taken to preserve the privilege before production.”

Continue reading

Advertisements

CVS Pays $2.25 Million and Toughens Practices to Settle HIPAA Privacy Case

The U.S. Department of Health and Human Services and the Federal Trade Commission today announced that CVS, the nation’s largest retail pharmacy chain, will pay the U.S. government a $2.25 million settlement and take corrective action to ensure it does not violate the privacy of its millions of patients when disposing of patient information such as identifying information on pill bottle labels.  The settlement, which applies to all of CVS’s more than 6,000 retail pharmacies, follows an extensive investigation by the HHS Office for Civil Rights (OCR) for potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule.

In a coordinated action, CVS Caremark Corp., the parent company of the pharmacy chain, also signed a consent order with the FTC to settle potential violations of the FTC Act. OCR, which enforces the Privacy Rule, opened its investigation of CVS pharmacy compliance with the Privacy Rule after media reports alleged that patient information maintained by the pharmacy chain was being disposed of in industrial trash containers outside selected stores that were not secure and could be accessed by the public.

At the same time, the FTC opened an investigation of CVS. OCR and the FTC conducted their investigations jointly. This is the first instance in which OCR has coordinated investigation and resolution of a case with the FTC. “OCR is committed to strong enforcement of the HIPAA Privacy Rule to protect patients’ rights to privacy of their health information. We hope that this agreement will spur other health organizations to examine and improve their privacy protections for patient information during the disposal process,” said Robinsue Frohboese, acting director of OCR. “Such safeguards will benefit consumers everywhere.”

The Privacy Rule requires health plans, health care clearinghouses and most health care providers (covered entities), including most pharmacies, to safeguard the privacy of patient information, including such information during its disposal. Among other issues, the reviews by OCR and the FTC indicated that: * CVS failed to implement adequate policies and procedures to appropriately safeguard patient information during the disposal process; and * CVS failed to adequately train employees on how to dispose of such information properly. Under the HHS resolution agreement, CVS agreed to pay a $2.25 million resolution amount and implement a robust corrective action plan that requires Privacy Rule compliant policies and procedures for safeguarding patient information during disposal, employee training and employee sanctions for noncompliance.

HHS and FTC also will require CVS to actively monitor its compliance with the resolution agreement and FTC consent order. The monitoring requirement specifies that CVS must engage a qualified independent third party to conduct assessments of CVS compliance and render reports to the federal agencies. The HHS corrective action plan will be in place for three years; the FTC requires monitoring for 20 years.

The HHS Resolution Agreement and Corrective Action Plan can be found on the OCR Web site at http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/cvsresagrcap.pdf. OCR has posted new FAQs that address the HIPAA Privacy Rule requirements for disposal of protected health information.

They can be found on the OCR Web site at http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/disposalfaqs.pdf.

Information about the FTC Consent Order agreement is available at http://www.ftc.gov .

E-Discovery Trends in 2009 — New developments in e-discovery will affect enterprise general counsel and compliance officers, law firms serving corporate clients, and IT departments

By Christine Taylor, January 9, 2008, 12:10 PM

A few years ago, the Taneja Group coined the term “Information Classification and Management” (ICM) to describe the technology of locating and classifying data throughout the enterprise. ICM covered sub-technology sectors such as e-discovery, compliance, data security control, and data management. However, we saw the term “e-discovery” trump the more comprehensive name as rabid attention turned from ICM to the specifics of civil litigation software tools. We are now seeing the e-discovery term itself take on a fuller usage, more akin to ICM. People do use the term when talking about civil litigation, but are also expanding it to encompass compliance, corporate governance, data classification, and even knowledge management.

In this broad sense we have looked at the trends of the e-discovery market as they impact its largest stakeholders: the enterprise general counsel and compliance officers, law firms serving corporate clients, and IT.

The crux of the matter is that e-discovery and its related areas will be extremely hot for litigation and compliance, especially those related to the financial meltdown. The market increasingly understands the necessity of e-discovery software tools and systems, and will move toward proactive e-discovery adoption. A more reactive approach will remain alive and well as many companies will still avoid implementation until driven to it by a lawsuit or federal investigation. But companies will increasingly understand that the e-discovery solution phenomenon is much more than a litigation aid. It also has major effects on federal compliance and internal governance, and potentially on data management throughout the enterprise.

For more see byteandswitch.com.

25 Percent of Reported E-Discovery Opinions in 2008 Involved Sanctions Issues

Sheri Qualters
The National Law Journal
December 17, 2008

One-quarter of the reported electronic discovery opinions issued in the first 10 months of the year involved sanctions issues, according to a new Kroll Ontrack Inc. study.

The Kroll Ontrack software division of risk consultant Kroll Inc. analyzed 138 reported cases from January through October 2008 for the study. Also, according to the analysis, 13 percent of cases addressed preservation and spoliation issues; 12 percent involved computer forensics protocols and experts; 11 percent addressed admissibility; and 7 percent of cases involved privilege considerations and waivers.

The cases illustrate that judges frequently issue sanctions for mishandling of electronic discovery and lack of document retention policies, said Michele Lange, Kroll Ontrack’s director of legal technologies, in a statement. “It is clear that courts are no longer allowing parties to plead ignorance when it comes to [electronic discovery] best practices.”

Kroll Ontrack’s study detailed several decisions, including a federal court decision in the Northern District of California that required defendants to pay more than $250,000 in fees and costs for discovery conduct “among the most egregious this court has seen,” according to an Aug. 12 opinion by U.S. Magistrate Judge Elizabeth D. Laporte. Keithley v. The Home Store.Com Inc., No. 3:03-cv-04447 (N.D. Calif.).

Judge Looks Past Inadvertent Disclosure Protection Rule

Shannon P. Duffy
The Legal Intelligencer
December 8, 2008

In one of the first decisions to interpret a new rule of evidence that governs “inadvertent disclosure” of privileged documents, a federal judge has held that if the “reasonableness” of the accidental disclosure remains in dispute, courts should continue to apply the traditional five-factor test to determine whether the privilege has been waived.

In his 21-page opinion in Rhoads Industries Inc. v. Building Materials Corp. of America, U.S. District Judge Michael M. Baylson was forced to resolve a dispute that arose when plaintiffs lawyers accidentally turned over more than 800 privileged e-mails when they provided the defense lawyers with copies of 78,000 e-mails.

The decision is one of the first to apply the newly enacted Rule 502 of the Federal Rules of Evidence, which protects against waiver of privilege if the disclosure is inadvertent and if the holder of the privilege took “reasonable steps” to prevent disclosure and to rectify the error.

But for lawyers, the ruling also serves as a reminder of another rule, Rule 26(b)(5)(B) of the Federal Rules of Civil Procedure, which mandates that lawyers create a privilege log for all documents withheld.

Although Baylson ultimately concluded that the privilege wasn’t waived for all 800 documents, he nonetheless found that the plaintiff’s failure to comply fully and timely with the mandatory requirements of Rule 26 meant that the privilege was waived for 120 documents.

“The obligation to log privileged documents is mandatory under the specific terms of Rule 26(b)(5). Despite Rhoads’s attempts to justify, explain and minimize its failure to log all of its inadvertently privileged documents by June 30, 2008, the court finds that the delay in doing so until Nov. 12, 2008 is too long and inexcusable,” Baylson wrote.

Defense lawyers urged Baylson to rule that the plaintiff had waived the privilege for all of the inadvertently disclosed documents because its process of screening the documents was “grossly insufficient.”

For more see law.com.

U.S. Federal Rule of Evidence 502

Ronald J. HedgesDecember 2nd, 2008

The Federal Rules of Evidence have now been amended to include a new Rule 502 [PDF], which should represent a sea change in the law of waiver in the United States. Rule 502 is intended to introduce uniformity in the law of waiver of attorney-client privilege and work production protection throughout the United States courts and, through operation of the Commerce Clause of the United States Constitution, among State courts.

Continue reading

Rule 502 May Not Deliver Promised Cost Relief

Federal Rule of Evidence 502, enacted on Sept. 19, 2008, has been heralded as a significant development which “will effectively limit the skyrocketing costs of discovery.”[FOOTNOTE 1] The Rule and its promotion as a cost-saving panacea have no doubt raised expectations among clients and courts alike.

Continue reading