The Cat’s Out of the Bag! Don’t Look!:
Dealing with the Rules for Inadvertent Production of Electronically Stored Information
by Richard Amada
The days are long gone when preparing for discovery in corporate litigation meant carting the contents of people’s filing cabinets down to the photocopying machine and running off a copy for every party. In our increasingly paperless society, the old, metal filing cabinet is more and more beginning to look like a relic destined for the Smithsonian Institution’s “Commerce in the Days of Yore” exhibit. Today, discovery includes e-mail, word processing files, computer spreadsheets, TIFF images, GIF images, JPEG images, PDF images, video clips, sound clips, voicemails, text messages, hard drives, diskettes, optical disks, back-up tapes, and so on. All of which are completely devoid of anything to do with paper. Rather, it’s electronically stored information—or what’s now being abbreviated as ESI.
If Lon Chaney was Hollywood’s man of a thousand faces, ESI is the Lon Chaney of discoverable evidence. You never know what it’ll look like next. But the one thing you can count on is that there will be a lot of it. Freed from the need to print paper copies, a corporation can now blast a copy of a lengthy document to everyone in the company with just a click of a button.[1] Then every one of those people can add a personal touch to the document and send it off to everybody all over again. And it’s not just the ESI in one company’s possession that comes into play but the ESI files of all the other entities it did business with and with which electronic files were shared and passed around. The result is an exponential growth in the number of documents, all stored in electronic databases and all just as discoverable as were the contents of the old, metal filing cabinet. In today’s corporate litigation you can have, literally, millions of disclosed ESI documents that could total tens-of-millions of pages.
Now, when you’re dealing with those kinds of numbers, you have to ask yourself this question: Can I properly screen all of those documents for privilege before I have to turn them over to the other side?
Answer: Are you out of your mind?! Tens-of-millions of pages?! There’s no way you or any team of attorneys could get through that much ESI in a timely manner to make certain that any privileged communications are withheld. And so, like so many other best laid plans, attempts to weed out the privileged needles from the non-privileged haystack is bound to run amiss here and there. With that kind of volume, it’s not a question of whether the disclosing party is going to inadvertently produce a privileged document to the other side. It’s really more of a question of how much privileged material is inadvertently going out the door.
The Federal Rules of Civil Procedure have made clear that ESI “stands on equal footing with discovery of paper documents.”[2] And, as with any other form of discovery, ESI is subject to the rules of evidence as they regard privilege.
First, there’s that old warhorse, attorney-client privilege. That one’s straight out of law school evidence class. When a lawyer and client communicate about a legal matter—whether it’s face-to-face, on the phone, by e-mail, or speaking into two Dixie cups connected with a string—so long as that communication isn’t shared with a third party, it’s a privileged communication. That’s, by far, the easiest privilege to spot. You’ve got a lawyer’s name in the “to” or “from” line of an e-mail, a client’s name in the other line, and the topic is the law as it relates to the client—you’ve got a privileged document.
Second, there’s the attorney work product privilege. A little more challenging to call. But still not rocket science. If the lawyer’s plugging confidential notes into an Excel spreadsheet or drafting case memos he’ll share internally as e-mail attachments with firm colleagues, that’s work product, and it’ll take more than just a subpoena to pry that puppy out of the privileged pile.
Third is the deliberative process privilege.
Never heard of that one? Get into litigation with a government regulatory agency, and you will. It’s a judicially created harbor designed to keep an agency’s pre-decisional musings under wraps. As an example, here’s how the U.S. Equal Employment Opportunity Commission’s Office of General Counsel describes it in its Regional Attorney’s Manual:
The deliberative process privilege protects certain predecisional, internal agency information, such as recommendations and analysis, from disclosure during litigation.... The EEOC typically asserts the deliberative process privilege in litigation in order to protect the confidentiality of internal, deliberative material, such as documents containing the analyses, opinions, or recommendations of enforcement unit staff, and attorney memoranda containing analysis or recommendations.[3]
That cuts a pretty wide swath through the field of otherwise potentially discoverable evidence. And it has the potential to raise highly contentious battles over what qualifies as “deliberative process” for the purpose of privilege withholding. But it’s a privilege courts have upheld.[4]
And then there’s privileged metadata.
What? Metadata can be privileged?
That’s right. And, obviously, this one is specific to ESI. We’re talking about that stuff you mostly never see and almost never think about because it’s lurking somewhere in the depths of your electronic documents as hidden code. That, too, can be the source of a privilege claim. How so? Because metadata can be storing information about changes made to a document over the course of various drafts (i.e., revisions, additions, deletions, comments, etc.). It’s sort of like the deliberative process in that it’s a record of someone’s thought process as the document was molded from the initial stage to its final draft. Think about the “track changes” feature in word processing software. That’s metadata that, when you enable the feature to make the metadata visible, you can see the parts you thought no one would ever know about—like the redacted part where the corporation’s lawyer details the reasons the boss’s hair-brained scheme is likely to run afoul of SEC rules. If you’re that corporation’s lawyer, you don’t want that bit of confidential legal advice dropped into the SEC’s lap where it’s immediately labeled “Exhibit A.” Hence, depending on its content, metadata can also be the source of an ESI privilege claim.[5]
Pick Your Poison
With so much electronically stored information being passed around and so many opportunities to assert the privilege claim, there’s just no wondering why there’s almost no way to guaranty your side isn’t going to turn over something you’ll later wish you hadn’t. That being the inescapable fact, courts have come to accept the reality of inadvertent production and have devised rules to help keep the judicial wheels of litigation turning while guarding the legal profession’s sacred tradition of privilege.
The amended Federal Rules of Civil Procedure now address ESI and the likelihood of inadvertent production specifically.[6] Rule 26(f)(4) requires the parties to discuss privilege claims and protection issues at the discovery planning meeting, and it urges them to agree to certain methods that can reduce the risk of inadvertent waiver of privilege without excruciating efforts and delays. Basically, there are two ways to do it. Time to pick your preferred poison.
The first method is often referred to as the “quick peek” agreement. It allows for the responding party to provide the other side with all requested materials without waiving privilege. Then the requesting party, having had the opportunity to review all the materials, makes a request for the specific documents it wants produced. At that point, the responding party can determine which of those specifically requested documents it will hold back for privilege.[7] The benefit of the “quick peek” is that it relieves the responding party of the need to conduct a cumbersome and costly privilege review of everything it has. The down side, of course, is that, if you’re the responding party, you’re giving your adversary a look at things you might otherwise never-in-a-million-years let the opposition see. Even if they can’t use it as official evidence, why would you want to let the other side rifle through your dirty laundry?
The second method is what’s called a “clawback” agreement. The parties agree that materials mistakenly produced do not constitute waiver of privilege so long as the responding party identifies the particular documents that it inadvertently produced to the other side. Under the agreement, the responding party can demand the return or destruction—clawback, if you will—the produced documents it asserts are privileged materials.[8] If the parties come to such an agreement, Rule 16(b) provides that the court may include it as part of its case management order. It is unclear whether incorporating the agreement into the case management order binds third parties who may be subsequent recipients of materials the producing party is attempting to clawback. However, it has been said the inclusion of the agreement in the court order could have the effect of clarifying waiver and privilege protections between the parties and strengthening the argument that the inadvertent production does not constitute waiver of privilege as to third parties in other litigation.[9]
Clawback: Now You See It—Now You Don’t
Between the two ESI discovery options, the clawback agreement is probably the more palatable to most lawyers. It’s less invasive. So let’s examine that one a little more closely.
When operating under the clawback agreement, there are a few things of which both the producing party and the receiving party should be aware.
Rule 26(b)(5)(B) establishes the procedures when a responding party attempts to clawback an inadvertently produced document. The party claiming the privilege must notify the receiving party in writing that it is exercising a privilege claim over particular documents that were inadvertently produced and demand their immediate return or destruction. As with any privilege claim, under the Rule the producing party needs to specify what the document is and why it believes it is protected by privilege. Naturally, just because you say it’s privileged doesn’t automatically mean the other side is going to agree with that assessment. Disputes go to the court for an evidentiary decision.
The Rule doesn’t mention this, but, if you’re using a web-based document management vendor to make ESI simultaneously available to all parties electronically (as so many firms engaged in large-scale, corporate litigations do these days), your very first step ought to be to notify that vendor either to pull the inadvertently produced documents out of the database or to disable the viewing permissions that allow others to see those documents. The longer those documents remain available for viewing in the database, the greater the opportunity for them to be further distributed. And, of course, that’s the last thing you want. It’s bad enough you’ve spilled open your briefcase of privileged information. Don’t delay scooping up the contents and getting them tucked back inside before they get scattered to the wind.
One thing the Rule does state most specifically in a committee note is that the procedures discussed in the Rule do not address substantive questions regarding waiver of privilege. It leaves it to the courts to rely on developed legal principles to make that determination.[10] And, in the case of clawback, time may well be of the essence because an unreasonable delay in seeking the return or destruction of inadvertently produced privileged documents could weigh in favor of a ruling that the privilege has been waived.[11]
For the recipient of the inadvertently produced material, once again Rule 26(b)(5)(B) spells out the protocol when the recipient is notified that the other side is attempting to clawback what it produced. Once notified, it’s the responsibility of the receiving party to “promptly return, sequester, or destroy the specified information and any copies it has” (emphasis added).
Let’s take a few moments to discuss the last five words of that rule: “and any copies it has.”
What constitutes a copy? Well, obviously, that includes any hard copy printouts or photocopies that may have been made. Into the shredder with those.
But we’re not necessarily done yet. Remember, we’re talking about ESI—electronically stored information. Creating a copy of electronic material is always just a mouse click away. And those clicks aren’t always buttons labeled “Save.” You can be making and saving copies of electronic documents without even realizing it.
Take, for example, a situation where Connie Contract Attorney is reviewing documents in a web-based electronic database. For the last three weeks she has been laboriously clicking through some corporate accountant’s irrelevant spreadsheets and personal e-mails lamenting Junior’s decision to transfer to a different college where the people aren’t “such dweebs.” When, suddenly, Connie comes across a message that reads, “The General Counsel just told me we better stop what we’ve been doing, or we’re all gonna end up in the hoosegow.” Well, Connie knows a hot doc when she sees one. So she sends it right off as an e-mail attachment to Arnie Associate, who’s focusing on the accounting issues in the case. Arnie absolutely flips over this choice discovery but worries that it might be a privileged communication that will be subject to clawback. So he forwards Connie’s e-mail, with the attachment, to Paula Partner to request guidance.
For you math majors out there, how many copies of the document in the above hypothetical does the law firm now possess in electronic format? Well, starting with Connie who sent the original e-mail to Arnie, there’s a copy in the form of an attachment that’s sitting in her e-mail Sent Mail box. That’s one. And, to create an accessible electronic attachment, it’s likely Connie had to download the document from the document management vendor to her own computer’s hard drive as either a TIFF or PDF. So the document is probably also saved to her hard drive—perhaps under the “My Documents” folder, where many people choose to have downloaded documents go for easy access. That’s two. Then there’s a copy in Arnie’s Inbox that’s attached to the e-mail Connie sent him, as well as the copy in Arnie’s Sent Mail box that’s attached to the e-mail Arnie forwarded to Paula. And then there’s the copy in Paula’s Inbox. We’re up to five copies so far. And that’s assuming no one else was cc’ed on any of the e-mails and no one decided to save a copy to any other computer folders. If this document gets clawed back, and the recipient is bound by the clawback agreement to “destroy the specified information and any copies it has,” then every single one of those copies must be destroyed by deleting it from the firm’s electronic system. By rights, the firm isn’t allowed to possess those copies, even if it can’t use them. So Connie must delete the e-mail/attachment from her Sent Mail box; Arnie must delete it from both his Inbox and his Sent Mail box; and Paula must delete it from her Inbox.
All done? Not quite.
Connie, Arnie, and Paula haven’t really deleted the clawed back document from the firm’s system. They’ve just deleted it from their Inboxes and Sent Mail boxes. And e-mails aren’t destroyed just because you hit the delete key. They just get shuffled over to your e-mail’s “Deleted Items” or “Trash” box, where they’re as fully viewable as they were sitting in your Inbox. In other words, Connie, Arnie, and Paula are still holding copies of the document they’re not supposed to have. Unless they either go into their Deleted Items box and again delete the message from there or have their e-mail system set up to automatically empty the Deleted Items box each time they sign out, that forbidden fruit still remains ripe for the picking. So, to stay within the parameters of the rule, it’s important to keep in mind that it’s a multi-step process to “destroy” an e-mail.
Oh, and just in case you’d forgotten, there’s still another copy lurking in the firm’s electronic system. The copy Connie downloaded to her hard drive in order to create the attachment. It, too, must be destroyed. That means Connie must go to wherever in her computer she saved that file and delete it.
Okay, now we’re done. Right?... Wrong.
As we all know, old computer files never die. They just fade away to the Recycle Bin on your computer desktop, where they’re fully viewable and recoverable by anyone who happens to be using the computer. The same darned document is still there. And it will stay there, in violation of the agreement, until Connie opens up her Recycle Bin and empties it.[12]
If there’s any lesson to be learned from the above illustration it’s this: To be sure you don’t run afoul of the rules, be certain that everyone at the firm knows all the steps to take if the word goes out to “destroy all copies” of a potentially privileged electronic document.
In addition to purging its own system of the clawed back documents, the recipient firm must also “take reasonable steps to retrieve the information [from a third party] if the party disclosed it before being notified....”[13] Of course, this raises whole new challenges in that, once a document is outside your firm, it’s outside your control and ability to guaranty what becomes of it. Here it seems a best effort standard would likely be employed. Admittedly, that’s hardly a bright line rule. But, at the very least, notify in writing everyone with whom the information has been shared that the materials must be returned or destroyed and unused for any purpose. And make certain any experts you’ve retained aren’t citing to clawed back documents.
It should be noted that, while Federal Rules of Civil Procedure Rule 26(b)(5)(B) puts the onus on the sender to notify parties of material it wants to clawback, some jurisdictions go even further in placing a responsibility on the recipient to notify the sender when the recipient comes across what appears to be inadvertently produced privileged information. For example, Rule 4.4 of the D.C. Rules of Professional Conduct were amended in 2007 to include language requiring that a lawyer who receives another attorney’s privileged communication and who “knows, before examining the writing, that it has been inadvertently sent, shall not examine the writing, but shall notify the sending party and abide by the instructions of the sending party regarding the return or destruction of the writing.”[14] Under such a rule, the recipient is required to stop reading the moment it becomes apparent that the document is a privileged communication.[15] And that also includes the aforementioned metadata. If you know that metadata in your opponent’s ESI production was inadvertently produced, you’re obligated under the rules to notify the other side and not look at it.[16]
But, you’re asking, how do I know if my opposition’s metadata is privileged material that was inadvertently sent if I don’t look?
Hey, no one said this was going to be easy. However, the D.C. Rules specify that the recipient’s duty is triggered by “actual prior knowledge” that the material was inadvertently produced or where the receiving lawyer can tell immediately and clearly upon review that privileged material was unintentionally included.[17]
When in a jurisdiction that requires the recipient to take the initiative regarding inadvertently produced material, a firm needs to be exceptionally cautious how it proceeds with its document review. It’s a delicate procedure of putting the cat back in the bag before someone gets scratched. To that end, in such cases it is probably advisable that law firms adopt some formal procedures for handling inadvertently received privileged documents.
Step # 1: Stop reading immediately. As soon as it becomes apparent that the document is probably privileged, the person doing the initial review should cease reading any further. If you’re not supposed to have the document, you’re not supposed to have the knowledge it contains. So the less of it that’s read, the better. It puts you on much surer footing as regards the rules and keeps you from having to answer a judge who later asks, “If you could tell from the first sentence that it was privileged, why did you keep reading?”
Step # 2: Have an inadvertent production “go-to” person. Someone on the case who knows the key issues and key people involved should be designated the go-to person for all documents produced from the other side that are likely to be subject to a privilege claim. Those doing initial document review should be instructed to send to that go-to person a copy of any potentially privileged document they come across. (Then, of course, that reviewer should delete all copies from his own computer as described in the hypothetical above.) The go-to person can make an assessment and, if the document appears to be inadvertently produced, notify the producing party and request instructions for how to handle it.
Step # 3: Don’t “cc” anyone. If it’s a privileged document your law firm isn’t supposed to be looking at, don’t compound the problem by sending it off as an e-mail that includes a cc to everyone on the legal team. It should be shown only to those who absolutely have to see it to make the determination of what to do next. You came upon the document innocently enough. Now you want to be able to tell the court that, when you recognized its potential privilege status, you properly sequestered it until you could get further instructions.
As referenced earlier, the recipient of inadvertently produced material has the right to challenge the producing party’s belated assertion of privilege. Such challenges must be made “promptly” and by presenting the information under seal to the court. While awaiting the court’s ruling as to whether or not the privilege claim is valid, the recipient is bound not to use or disclose the challenged information, and the sender is required to preserve it.[18]
Finally, procedures don’t do a bit of good if you don’t make them generally known. Be certain everyone is aware of the procedures. From the managing partner to the contract attorneys making the first cursory sweep through the other side’s production, it’s crucial that people know what the rules are and what they must do whenever they come upon a potentially inadvertently produced document. You don’t want to find yourself in violation of the rules only because of a highly avoidable communications breakdown.
[1] Heck!—they could practically send a copy to every man, woman, and child in the industrial world.
[2] Fed. R. Civ. P. 34(a) advisory committee’s note.
[3] U.S. Equal Employment Opportunity Commission, Procedures for Asserting and Defending the Deliberative Process Privilege, available at http://eeoc.gov/litigation/manual/3-2-a _deliberative _process.html (last visited Apr. 14, 2008)
[4] See, e.g., Coastal States Gas Corp. v. Dep’t of Energy, 617 F.2d 854 (D.C. Cir. 1980); City of Colorado Springs v. White, 967 P.2d 1042 (Colo. 1998).
[5] See ABA Comm. On Ethics and Prof’l Responsibility, Formal Op. 06-442 (2006).
[6] The term “electronically stored information” was introduced into amended Rules 16, 26, 33, 34, 37, and 45.
[7] Fed. R. Civ. P. 26(f) advisory committee’s note.
[8] Id.
[9] Rothstein, Barbara J., et al., Managing Discovery of Electronic Information: A Pocket Guide for Judges 15 (Federal Judicial Center 2007).
[10] Fed. R. Civ. P. 26(b)(5) advisory committee’s note.
[11] Rothstein, supra note 9, at 16.
[12] Actually, as any computer wizard will tell you, even fully deleted computer files are still recoverable for some period of time if a person knows how to access the portions of the hard drive that have yet to overwrite the data. However, if we were to live by a rule that said an electronic document isn’t destroyed until every conceivable opportunity to recover it is fully extinguished, the only way to guaranty that would be to take a sledgehammer to the hard drive. So let’s pretend I never said anything about that.
[13] Fed. R. Civ. P. 26(b)(5)(B).
[14] D.C. Rules of Prof’l Conduct 4.4(b).
[15] American Bar Association Model Rule 4.4 requires only that the recipient lawyer notify the sender in order to allow the sender to take protective measures. But the D.C. rule is more restrictive in requiring the recipient not to examine the document. D.C. Rules of Prof’l Conduct 4.4 cmt. 2.
[16] D.C. Bar Legal Ethics Comm., Opinion 341.
[17] Id.
[18] Fed. R. Civ. P. 26(b)(5)(B).