LITIGATION SUPPORT TIP OF THE NIGHT

Here's a continuation of my postings about the Electronic Discovery Institute's online e-discovery certification program, that you can subscribe to for just $1. I last blogged about this program on August 25, 2018, Go to https://www.lawinstitute.org/ to sign up for it. The course entitled, eDiscovery Challenges in Specific Practice Areas: Government Investigations is taught by Patrick Oot, an attorney with Shook, Hardy & Bacon LLP, who was special counsel for electronic discovery at the SEC; Kimbir Tate, senior litigation support manager at McKesson; and Dave Shonka, a partner specializing in data security at Redgrave LLP.

Origins of a Government Investigation

Attorneys should consider where the claim came from - a whistleblower, the media, or through an attempt to comply with regulations. Government investigations may be conducted simply in order to confirm that law is not being broken. Customers or suppliers may also be regulated. A company may not necessarily be the subject of an investigation but may become involved with one. 70% of qui tam actions are initiated by whistleblowers.

Key Players

Some actors other than those which are legally culpable may be come involved in an investigation.

The SEC , FCC, and the FTC often initiate investigations. Agencies may or may not have the authority to get information from businesses.

First Contact

A CID (civil investigative demand) may be received from the government, which will be the first indication a business has that it is under investigation. The investigators may give the opportunity to proffer evidence. The proffer is a chance to given information to the government and reduce culpability for illegal conduct.

An access request is a letter from an agency to a party asking for information to be submitted to it voluntarily. Under the FTC Act, the FTC has the authority to issue section 6(b) orders to get additional information.

Not all government agencies have subpoena power. Whistleblower acts or qui tam acts may facilitate a governmental investigation.

Some businesses may choose to reach out to government on their own. Substantial cooperation credit may be received if this is done.

Assessing the Claims

The first step in the assessment is building a team. It may be necessary to engage a PR firm or outside counsel. Someone from the corporate finance groups should definitely be involved. A huge corporation will have to identify which business unit will have to address an investigation. The investigating agency may issue broad based subpoenas and not be focused on particular information.

A crisis management plan should be implemented. Investigations many not necessarily lead to a full inquiry.

Creating an Investigative Plan

A disclosure plan should be identified at the outside. The collection and preservation of data should be addressed very carefully. Outside document reviewers and experts should be involved in the process. It is not always necessary to issue a hold notice for every investigation. However if a company is a the subject of an investigation it needs to issue hold notices immediately.

Early contact with the government with respect to technical issues may help move the investigation forward. A comprehensive request may be made, accompanied by a meet and confer invitation so the inquiry can be narrowed to collecting data from specific custodians.

Remember that everything relates to the claims in the case. If a business doesn't know what the government is looking for it may not be able to respond. It may be necessary to pin down the subject of the government's investigation.

Outside Counsel

Outside counsel may function as intermediary between the government and a business. It can ensure that the business performs its due diligence with respect to the investigation. A business that is very familiar with government investigators may be reluctant to produce information. Outside counsel should be intimately involved with the FTC or the other investigating agency.

Bad actors within a company may have not followed the rules simply because they did not understand them. A high level investigation may necessitate providing legal counsel to board members.

Companies may employ lawyers to represent individual employees which have different issues than the company itself.

Communications with the Government Agency

A company should not have an antagonizing relationship with the investigating agency even if it has an adversarial relationship with it. An agency may independently contact a business' suppliers.

Someone should be specifically responsible for having contact with the government. The end game is the presentation to the government. This presentation should identify high level themes. It may be wise to offer a mea culpa on behalf of the client, particularly in compliance investigations.

Early Reporting

Self reporting may help a company's reputation. A corporate integrity agreement may help a company fly under the radar and avoid reputational harm with the public and bad press.

Forensics

Ms. Tate stressed the importance of companies knowing what they have and where they have it. She addresses a situation at least a couple of years which concerns whether or not an American agency can monitor data that is held outside of the Untied States. It is not possible to issue a hold in some countries, such as Dubai. Retention policies should be reviewed. It may be important to get images of computers or mobile devices that hold data that cannot be obtained from other sources.

False Claims

False claims are often brought on the basis of evidence provided by whistleblowers. Government contracts which require healthcare reporting may be bring a company under risk for false claims.

Government Response

The government may decide that there was a violation and that a fine is justified, but not want to move forward with an extensive investigation. Some agencies may initiate administrative proceedings.

Conclusions The more communication one has with the government the more likely a settlement may be reached. Some businesses sued by the government no longer exist. It's important to know what part of the government is dealing with a client.

Here's a continuation of last night's tip on the FTC's Model HSR Second Request. The definitions and instructions at the end of the model help make clear how the FTC expects electronic discovery to be conducted.

The definition for 'data map' specifies that it should be a list or diagram which shows physical and electronic information in a company's possession, custody, or control, including the information systems for, "email messages, voice-mail messages, communications logs, enterprise content management, instant messaging, database applications" . It should encompass data held in back-up systems, the cloud, and by third party vendors.

The definition for 'document' makes clear that the term should include all forms of electronically stored information. However it specifically excludes:

1. Invoices and purchase orders

2. Architectural plans and engineering blueprints.

3. Tax, environmental, and human resource documents.

4. "relational and enterprise databases, except as required to comply with an individual Specification."

This kind of information of may have to be produced pursuant to certain specifications in the model.

The FTC will consider excluding searches of back-up disks unless it appears that data is missing from the computers and servers searched by the company. It may only search back-up disks for key custodians or specific date ranges.

In general, the company's production must include any documents obtained up to 45 days prior to full compliance with the second request. However any documents relating to the sale of the relevant product, including market studies, forecasts and surveys; timetables for the proposed transaction; plans for operational, policy, financial and other changes to be made as a result of the transaction; the reason for the proposed transaction; and opinions on the proposed transaction obtained 21 days prior must also be produced.

Sensitive personally identifiable information and health information must be redacted. It includes the use of a social security number by itself, or a person's name, address or phone number, used with a date of birth, ID number, account number or credit card number.

The instructions specify that Excel, Access, and PowerPoint files be produced in their native format. Emails, attachments, and other electronic files are to be produced as TIFF images and include standard metadata fields (see the excerpted chart below) which must include hash values and an 'alternative custodian' field that has a, "[l]ist of custodians where the document has been removed as a duplicate."

Hard disk drives are to be used for productions 10 GB and larger. DVDs and USB flash drives are acceptable for smaller productions. The data must be scanned for viruses and encrypted with NIST FIPS-Compliant cryptographic hardware. Email threading and data duplication software cannot be used unless until the company has contacted the FTC's technical officials.

An index should be submitted listing document custodians, the corresponding document control number range, and any applicable box numbers. A privilege log is also required listing, "each document’s authors, addressees,and date; a description of each document; and all recipients of the original and any copies".

As noted in the Tip of the Night for April 29, 2015, businesses preparing for a merger will often need to use advanced e-discovery techniques like Technology Assisted Review in order to be able to make document productions quickly in response to a Second Request under the Hart-Scott-Rodino Act. As discussed in the Tip of the Night for last night, the FTC and the DOJ post model second requests on their sites. Here's a review of the Federal Trade Commission's Model Request for Additional Information and Documentary Material, part of its Hart-Scott-Rodino Premerger Notification Program.

Parties have the right to appeal a Second Request. A conference can be scheduled within 7 days of the receipt of a petition for an appeal, and the petitioner and the investigating staff must submit briefs 3 days prior to the conference that are to be no longer than 5 double spaced pages. The FTC's general counsel issues a decision 3 days after the conference. Appeals may also be made asking that the second request be modified to be less burdensome or for certification that the company has already substantially compiled with the request.

The FTC's model second request specifies that among other things the following information be produced:

1. Organizational charts for the company as a whole and each of its subdivisions.

2. A list of and contact information for all agents and representatives of the company, as well as attorneys, investment bankers, and other agents assigned to work on the proposed transaction.

3. A data map for the company.

4. Detailed product descriptions.

5. Sales data for customers in specific areas and the estimated market shares of the company and its competitors in relevant areas.

6. Information about facilities which manufacture relevant products.

7. Advertising materials.

8. Documentation of the company's business plans, R&D programs, budgets, and presentations to executive committees.

9. Market studies and forecasts.

10. Price lists and policies.

11. Information on electronic databases with product, pricing, sales, costs, intellectual property, and customer data. The model specifically asks the company to:

(a) identify the (i) database type, i.e., flat, relational, or enterprise; (ii) fields, query forms, and reports available or maintained; (iii) software product(s) or platform(s) required to access the database;

The actual data from the databases on sales, discounts, win/loss reports, customer relationships and other subjects must also be produced. The model includes a demand for a data dictionary which provides definitions for field names and codes, and also identifies primary keys.

12. Financial statements.

13. Plans for the construction of new facilities or the closing of current facilities.

14. Documents relating to imports and exports.

15. Information about the company's notification of the transaction to non-U.S. competition authorities.

16. Documents relating to other acquisitions, joint ventures, or mergers involving relevant products other than the proposed transaction.

17. Documents relating to the benefits, risks and costs of the proposed transaction.

18. All documents provided to the Board of Directors relating to the relevant product, and minutes and recordings of board meetings regarding the relevant product.

19. Document retention and destruction policies.

20. A list of the federal judicial districts in which the company has an agent to receive service of process.

Notably the list of requested information in the model concludes with a request for information about the electronic discovery process itself. Electronic discovery software and search terms must be identified, and an expert must be named that can testify about the review:

Identify any electronic production tools or software packages utilized by the Company in responding to this Request for: keyword searching, Technology Assisted Review, email threading, de-duplication, and global de-duplication or near-de-duplication (please note that the use of all forms of de-duplication requires advance approval from Commission staff per Instruction I(4)(e)), and: (a) if the Company utilized keyword search terms to identify documents and information responsive to this Request, provide a list of the search terms used for

each custodian; (b) if the Company utilized Technology Assisted Review software:

(i) describe the collection methodology, including: (a) how the software was utilized to identify responsive documents; (b) the process the Company utilized to identify and validate the seed set documents subject to manual review; (c) the total number of documents reviewed manually; (d) the total number of documents determined nonresponsive without manual review; (e) the process the Company used to determine and validate the accuracy of the automatic determinations of responsiveness and nonresponsiveness; (f) how the Company handled exceptions (“uncategorized documents”); and (g) if the Company’s documents include foreign language documents, whether reviewed manually or by some technology-assisted method; and (ii) provide all statistical analyses utilized or generated by the Company or its agents related to the precision, recall, accuracy, validation, or quality of its document production in response to this Request; and

(c) identify the Person(s) able to testify on behalf of the Company about information known or reasonably available to the organization, relating to its response to this Specification.