Next week is Georgetown Law Center’s sixteenth annual Advanced E-Discovery Institute. Sixteen years of a keen focus on e-discovery; what an impressive, improbable achievement! Admittedly, I’m biased by longtime membership on its advisory board and my sometime membership on its planning committees, but I regard the GTAEDI confab of practitioners and judges as the best e-discovery conference still standing. So, it troubles me how much of the e-discovery content of the Institute and other conferences is ceded to other topics, and one topic in particular, privacy, is being pushed to be the focus of the Institute in future.
This is not a post about the Georgetown Institute, but about privacy, particularly whether our privacy fears are stoked and manipulated by companies and counsel as an opportunistic means to beat back discovery. I ask you: Is privacy a stalking horse for a corporate anti-discovery agenda?
Let me began by asserting that when it comes to e-discovery, privacy doesn’t matter much. Here’s why: Even your most private data will never be private to you. No matter who you want to keep out of your business, you will expect to have–and you will have–access to your own private information. In the days of paper discovery, even the most private thoughts in your personal journal were discoverable with the right set of facts and due process of law. As night follows day, when your conduct or your claims make your private digital information relevant to a just disposition of a dispute, it will be discoverable. Phrased in personal injury terms, you can’t claim loss of consortium and expect that the other side won’t be allowed to delve into your sex life.
Consider the most sacred cow of privacy: privileged attorney-client communications. What you say to your attorney in confidence when seeking counsel is subject to discovery when to conceal it would further a crime or fraud or when disputes between you and your attorney make them relevant. There are exceptions to the spousal privilege, the doctor-patient privilege and the priest-penitent privilege. No privilege is inviolate. So long as there are exceptions–so long as there are circumstances where even the most privileged information must be disclosed–that evidence will find its way into discovery. But, privileged communications are the most extreme example.
The reality is that when private information assists us in getting something we want, we will use that information. Again, our private information is not private from us. When we pursue litigation, when we put our private matters at issue, use private data to refresh recollection or disclose it selectively, private information will be made available to opponents in litigation through discovery. Nothing is private when a litigant puts it at issue.
Moreover, we will continue to voluntarily surrender privacy in exchange for convenience or economic benefit, including that most essential of economic benefits: our jobs. Read those employment, NDA and BYOD agreements. I cannot count the number of times I’ve reflexively clicked through a Europop-up banner about collecting private information. I’m convinced GDPR stands for Gratingly Disruptive Popup Reminders. Note to first born male child: someone may be coming to collect you soon. Sorry.
If there is one thing I know from long experience working for management, it is that employers don’t give a damn about employee privacy when they suspect that an employee is working against the company. Whistleblowers, injury and discrimination claimants, IP embezzlers and other suspected turncoats get no quarter, and corporations demand free range through their data on personal devices, home systems and in the cloud.
So I question whether corporations espousing privacy as a bar to inquiry are using privacy as an opportunistic means to limit discovery of their own malfeasance.
Are we to believe that companies and counsel who wouldn’t hesitate to demand that an employee turn over a device when it suited the corporation’s interests are suddenly deeply concerned about protecting that employee’s privacy? I don’t think so. There’s an agenda at work, and when it serves to hide inculpatory evidence from discovery based on claims of privacy, it’s a wolf in sheep’s clothing.
The big giveaway is the messengers. Lawyers who’ve long worked to curtail e-discovery are lately morphed into vocal privacy mavens. To me, that says that privacy is a stalking horse for making discovery harder or, while we’re in the stables, privacy is a Trojan horse for the corporate anti discovery agenda.
I’ll add my expectation that issues of control and custody are the next e-discovery battleground. Companies will dodge discovery claiming that employee devices and data are beyond their control; however, these claims will be wholly at odds with what they will assert when the company seeks access for its own benefit.
You may disagree or think me paranoid. Fine. But let’s put these issues out there for debate. I’m an evidence guy. I seek proof. I want e-discovery to be mostly about discovering relevant and probative evidence. Instead, it’s become mostly about ways to subvert disclosure. Privacy, proportionality and cybersecurity are unquestionably important issues, but let’s recognize that they are being positioned as mechanisms to curtail discovery, not get to evidence.
Amy Sellars said:
[Insert monologue debating corporate anti-discovery agenda] That said, the greatest enemies to both eDiscovery and Privacy are lawyer ignorance and corporate disregard for information governance. We have been discussing the lack of technology competency in the profession for over a decade, and during the same period cheap storage has made corporations (and individuals) sloppy with data management. The EDRM starts at information governance; privacy regulations require the same fundamental understanding of how businesses collect, store, transform, and transmit data that is required for eDiscovery. Ignorance and dodgy behavior can be hard to distinguish. Neither are acceptable. Just like a claim of burden, a claim of privacy concerns requires more than just a vague or general objection. A word of advice to my friends at firms – ask to speak with the corporate privacy attorney and walk through the data sources you suspect are at issue in your litigation. [These views are my own and do not necessarily represent those of the corporation that pays tuition for my children.]
Thank you for the thoughtful comments, Amy. I changed “dogdy” to “dodgy.” Hope that’s okay.
Amy Sellars said:
Oh thank you. I would hate to insult dogs, who are generally less dodgy than people.