Data-related fiascos that lead to malpractice suits, or disputes that would otherwise spawn malpractice claims if they weren't settled quietly out of court, happen all the time. You don't hear much about them for a number of reasons -- because they manifest as disgorgement of fees (i.e. the offending firm just eats its client's bills to avoid a claim), because it's hard to find a firm who will sue another firm for fouling up a process neither does well (i.e. the pot suing the kettle), and because malpractice is predicated on breaching established standards of care. It has been argued by people smarter than I that, because there are no de facto guidelines for e-discovery competence, although they're emerging, it would be hard to persuasively show that a lawyer's actions fell below some minimum standard (i.e. The "We're All Bad At This" Defense).
Still, malpractice related to discovery and information-related risk is a real threat, and has cost people their livelihoods and reputations.
You typically need, at a minimum, a few things in order for this breed of malpractice to arise:
- Legal counsel who either doesn't know what it's doing or relied on an equally fallible vendor,
- A client who knows enough about the discovery process and is following the case at issue closely enough to know something has gone horribly wrong (you laugh, but sometimes a client isn't aware of malpractice-worthy activities until well after the fact), and,
- A big ugly precipitating event -- a data breach, discovery sanction, bill dispute, etc.
Here, then, are five common triggers of discovery-related legal malpractice and similar claims, and how they can be prevented by smart litigators.
Trigger #1: Waiving privilege to secrets and smoking guns
Solution: Demand a 'clawback' order under FRE 502(d)
This one should be a no brainer because it's so easy, but apparently clawbacks are still far from fashionable. Parties involved in federal litigation should ask the court to enter a Rule 502(d) order. The get-out-of-jail-free card of complex discovery, it should state something to the effect of:
"The production of privileged or work-product protected documents, electronically stored information ("ESI") or information, whether inadvertent or otherwise, is not a waiver of the privilege or protection from discovery in this case or in any other federal or state proceeding."
Some cagey litigators also suggest the agreement should specify that the disclosure of privileged materials does not act as a waiver "without regard to the efforts that were taken to prevent the disclosure."
A well-worded Rule 502(d) order makes it nearly impossible to waive privilege to sensitive materials due to an inadvertent disclosure. Here's a template. Use it! Several federal judges -- including US magistrates David Waxse and Andrew Peck -- have called it malpractice not to.
Trigger #2: Your vendor keeps making mistakes
Solution: Use a solution that works and choose a competent provider
As far as e-discovery malpractice suits go, the most well-known, by far, is J-M Manufacturing Co., Inc. v. McDermott Will & Emery (Los Angeles Superior Court, Case No. BC462832), and while the named law firm in that case took most of the heat, its Vendors Who Shall Not Be Named deserve at least equal blame.
McDermott was accused of repeatedly wrongfully disclosing about 4,000 privileged documents to multiple adversaries in an underlying federal False Claims Act case. How do you repeatedly turn over super-secret (which they were) documents in a bet-the-company case to parties suing you for millions? Well, for one, your vendor forgets to pass 180,000 electronic records through a privilege filter. And, for another, your vendor forgets to submit an additional 10,000 to outside counsel for review. Oops.
Those faux pas led US District Judge George Wu, the stupefied referee in the underlying federal case, to utter one of the great cautionary passages in modern litigation:
“I can understand the error once. But this is an error twice, three times, four times. And after a while, you just think to yourself: Well, if it was that important, it shouldn’t have been the subject (of) so many multiple errors. [T]his must be incredibly embarrassing to somebody. I don’t know who yet; but it must be incredibly embarrassing. I’ve never seen a situation where you had privileged documents produced over and over and over again. What can one say?”
What can one say? This stuff really happens. And any litigator who's seen his or her fair share of complex litigation has their own horror story. Do your homework before you choose a solution or hire an outside vendor. Ask for references, talk to those references, and be sure that you make your RFP as detailed and minutia-ridden as possible. The company that will bend over backward to get your business is more likely to bend over backward when they have your business. There are even nifty review sites that do some of the vetting for you.
Trigger #3: Counsel is out of its league and won't admit it
Solution: Turn to an expert, or decline the representation
"Fake it until you make it" doesn't fly when there are thousands or millions of documents flying around in a case, court-ordered deadlines to meet, and serious -- as we've established -- penalties for getting discovery wrong. Those who think PST refers to a time zone shouldn't be in charge of complex document reviews or any of the discovery stages preceding it.
A much touted draft of a legal ethics opinion from the California Bar states it pretty plainly:
An attorney lacking the required competence for the e-discovery issues in the case at issue has three options: (1) acquire sufficient learning and skill before performance is required; (2) associate with or consult technical consultants or competent counsel; or (3) decline the client representation.
Ignoring that mandate can result, the opinion states, in ethical and professional violations of an attorney's duty of confidentiality, candor, supervision and other responsibilities. Attorneys who aren't competent to perform discovery -- there's no shame in admitting it -- should pull in a colleague who is, bone up on best practices through any number of educational outlets (hint: most are free!), and/ or tap a service provider.
At the very least, an attorney handling a case with e-discovery should understand:
- How metadata works and how to collect and use it in a defensible manner
- How data is created and stored, and where it resides
- How the client's data systems work and who is in possession of what
- Common "reasonably usable" forms of production
- The basics of forensic collection
And depending on the case or who you ask, even that probably isn't enough.
Trigger #4: Discovery sticker shock
Solution: Document every second and every penny -- and spend each efficiently
Most billing disputes, of course, aren't directly tied to discovery and most fights over unpaid fees don't spawn malpractice suits. But all these issues are intertwined in the same opaque black box -- which is to say, clients are quickest to challenge fees, and sue over them, when the final check sounds alarms.
Discovery is particularly ripe territory for billing fuzziness, especially when the client can't see how its money is actually being spent.
If they aren't budgeted and staffed correctly, discovery projects can be black holes that obscure costs and drive up legal fees. You've heard the Churn that bill, baby! story (Subhead: That bill shall know no limits!), but also consider the lesser known case of In Re Citigroup Inc. Securities Litigation (Southern District of New York, No. 07 Civ. 9901), where activist fee objector Ted Frank went to great lengths to shame a law firm that staffed a massive document review with contract attorneys for which it billed its client $350 to $550 per hour -- or, about 10 times what they were paid.
In that case, Manhattan federal judge Sidney Stein slashed the firm's $97 million fee request by a cool $25 million, and chided it for using discovery as a "profit center." Scouring its billing records, Stein found that the firm listed “document review as the task performed all day, every day for approximately $1.5 million for each (contract) attorney" staffed on the case.
Smart, bottom-line focused organizations are tightening their belts, and showing little patience with vendors -- whether outside service providers or law firms -- who overstaff discovery projects, unreasonably mark up work they're outsourcing, pad bills or otherwise champion inefficiency. It's important to document time and activities with as much specificity as possible. Avoid standardized work descriptions that simply say "processing" or "document review." Avoid block-billing -- the bane of every discerning judges' existence -- and don't mark up the work of outside non-lawyer personnel, period. Because most bars say it's unethical.
As a bonus, lawyers and firms whose clients prevail at trial are more likely to get them paid in whole by the loser if those costs are well documented. Seriously.
Trigger #5: Your client's files are on the intranet of its biggest competitor, or in the back of a cab
Solution: Use secure technology and write safeguards into legal orders
Attorneys owe their clients a duty to protect "information relating to (their) representation" pretty much at all costs (Editor's note: fraud and bodily harm being two notable exceptions). The California Business and Professions code goes so far as to require lawyers "to maintain inviolate the confidence, and at every peril to himself or herself to preserve the secrets, of his or her client."
Data breaches can most definitely precipitate legal malpractice claims, especially if it can be argued that the lawyer or firm didn't make reasonable efforts to prevent unauthorized access to client records. Within law firms, three common sources of data breach are: careless disposal of client records, device theft and improper use of internal security protocols, but there are many others -- including attacks from hackers.
Sloppy handling of discovery data is perhaps a less sexy, but equally effective way to invite malpractice. In addition to the aforementioned J-M-McDermott case, the Apple-Samsung global patent war provides a useful case study for how, with voluminous data at play, one small mistake can open a Pandora's Box of pain and suffering. In that federal case, in San Jose, an associate working for Samsung's outside counsel improperly redacted a sensitive and highly confidential Apple contract it acquired from that competitor during discovery in a previous matter. Then the associate uploaded that contract to Samsung's firm-wide intranet. It went viral. Executives negotiating mobile contracts against Apple actually knew the terms of Apple's agreements.
The Apple case is unique because it deals with a law firm disclosing the secrets of its client's adversary -- not its own. But it does make you wonder why organizations go to great lengths to protect their sensitive data in-house, only to Let Go and Let God when it goes out their doors (or, rather, firewalls, private cloud, etc.). This is why Coke once chose to forfeit a federal case rather than disclose files relating to its secret formula pursuant to a document request.
If you're a litigator in a case with sensitive records, consider asking the court to enter a protective order stating that confidential documents produced must be encrypted and remain in that format until returned or destroyed. Choose a technology that encrypts documents at rest, so that unauthorized users can't read them even if they gain access to the physical media. Perhaps consider not using physical media at all. Some cloud-based technologies are more secure, you can invite other parties to collaborate as needed, and revoke their access just as easily. You always know where your data is, and you can't leave "the cloud" in the back of a car.
Robert Hilson is a director for Logikcull. He can be reached at firstname.lastname@example.org.