Asia Disputes Academy
Electronic document discovery – how it is
relevant to you
Tim Mak, Jonathan Wong (Freshfields) and Donald Chan (Control Risks) 18 September 2014
Introduction
• Buzzwords – “Big Data”, “e-discovery”, “analytics” etc. • What does it all mean though?
2
Why Analytics Matter
6
Why does e-discovery matter to you?
• The world is becoming more regulated, and arbitration / litigation is become more complex and document-intensive
• The nature of “evidence” is changing:
- Increasingly, almost all documents are in soft copy. - Potentially millions of documents to produce / disclose
• Typical recent cases we have worked on:
- Targeted review of emails of an entire Company in China as part of a wide-reaching ABC investigation
- Assisting financial institutions with internal and regulator-driven investigations involving millions of pages of emails / chat logs
Why does e-discovery matter to you?
• How about litigation / arbitration?
- Identifying what evidence you have
- Agreeing discovery / disclosure with the other parties - Reviewing documents disclosed by the other parties
• Hong Kong Judiciary e-discovery pilot scheme - Came into effect 1 September 2014
- Requires parties to engage / consult on e-discovery and try to reach agreement on scope of discovery
- Applies to cases in the Commercial List
8
Practical challenges
• Huge volumes:
- How to manage / organise - Needle in a haystack?
• Where is the evidence? - Email and data servers - Preservation of evidence - Hard vs soft copies
• Agreeing on disclosure:
- “Tech-speak” vs “traditional” lawyers - New technologies, old rules
DOCUMENT REVIEW
PLATFORM
KEY CONCEPTS
Donald Chan, Control Risks
Control Risks is a global, independent risk consultancy specialising in political,
integrity and security risk
• Since 1975, we have worked in over 130 countries for more than 5,000 clients
• Trusted advisor to more than 75% of the Fortune 500
• 36 offices on 5 continents • Ethical and Independent
Introduction
We enable our clients to succeed in
Practice Areas
Global Risk Analysis
Political, Regulatory & Operational Risk Assessments Post-Transaction Compliance Issues • Fraud Prevention • Investigations • Anti-Counterfeiting • IT and Financial Forensics
• Whistle Blowing Services
Pre-Transaction
Due Diligence
Crisis & Security
Response & Problem Solving • Security design, audits & reviews
• Crisis management & business continuity • Embedded security services & protection • Complex problem solving
Political Risk Integrity Risk Security Risk • Due diligence • Screening • Business intelligence
12
House in order!
Map out
details! Go get it!
Look!
Fire / disclose!
Preservation and Collection
• The data will be sourced depending on what is needed, and who is asking for it.
• If it is an internal investigation, the company may have their IT staff collect it themselves. This is fine if
- IT staff are not part of the investigation
- They have the technical knowledge
• Many times, a third party like us are asked to assist with data mapping and doing the collection
Computer Forensic Investigation
• Starts with forensic image of computer• Recover deleted items
• Search for items
• Report on activities, connected devices, folder structure, targeted files or file types, suspicious programs
Key Functionalities of a Document Review Platform
• Consolidate data from various sources all in one place• Quick to get reviewers started
• Remove duplicate documents (de-duplication)
• Extract metadata
• Optical Character Recognition (OCR)
• Indexing
• Imaging
• Searching
• Hosted platform allows worldwide access, collaborative platform
• Ease of management and reporting
Assignment Reporting
Additional Capabilities
• Multiple security groups for various review entities
• Language Identification
• Work Product – Tags, Folders, Comments
• Built in on demand translation
• Redactions
• View Document Family
• Near Duplicate Analysis
• Email Thread Mapping
• Communication Frequency
Work Product –
Tags, Folders,
Comments
Security Features
Physical security to data centers
• Secured cabinets
• Onsite security
• Alarms
• Camera coverage
• Authorized personnel access
Technical security to application
• Transport • Authentication • Geography • Access • Permission 32
34
The Facts
• You are Dragon Electric Limited (DEL) - a corporation in Hong Kong
- internationally renowned producer of electronics, mobile consumer products
• 5 years ago, you established a JV with Guangdong Electronics Company (GEC), a large China-based manufacturing company with an excellent distribution network in mainland China
• The JV has been a great success in the last 5 years
• However, in the last few months, troubles began…
The JV
• DEL initially supplied all IP and technical expertise to the JV
• Most of the staff of the JVCo were recommended by GEC, including the CEO of JVCo, Mr Henry Wong
• You have recently heard rumours that Henry Wong has established his own company in Hong Kong and Guangzhou, HW Enterprises, which intends to manufacture a tablet PC which is very similar to JVCo’s top seller, the “Dragon 6”
36
The Evidence
• Where is the Evidence:
- JV Co has emails of Henry Wong and senior managers of JVCo stored on the Company’s Hong Kong server
- Desktops in the JVCo’s Hong Kong and Guangzhou offices
- Company laptops issued to Henry Wong and other staff of JVCo - Company internal chat software records
- Limited telephone recordings - Access card records
- Hard copy folders
• Freshfields contacts Control Risks to help with evidence collection and preservation
The Evidence
• 12 custodians, including the 4 senior managers who have now left, their key team members and personal assistants
• 500GB of data
• Over 500,000 emails and documents
Analysing the evidence
• Forensic recovery • Analytics - Concept clustering - Keywords - Predictive coding - Time periods • Review methodology 381 week later…
• “Hot docs” from email review to date:
- Concept clustering and forensic recovery has turned up some strange phrases, including a “Project New” which Will is not familiar with
- Most emails are inconclusive, refer to some meetings but not content of meetings
- Meeting attendees appear to be the four employees who have left the Company, and one additional employee, a senior technician named Susan Sanderson, who is still with the Company
- One email states “Better not to discuss this on Co. emails, email me at
[email protected] instead”
• Review team pick up personal emails of the four protagonists • Keyword searches run:
- Personal email addresses
- “Project New” run on chat records
• Susan Sanderson’s emails and chat records pulled from the server for review
3 weeks later…
• 3 weeks later:
- Initial review is largely complete and DEL believes it has sufficient
evidence for JVCo to commence a derivative action lawsuit in Hong Kong - JVCo serves its statement of claim on Henry Wong, HW Enterprises and
GEC, amongst others
Agreeing scope of discovery
• 3 months pass:
- Parties exchange pleadings,
- GEC counterclaims, stating that DEL did not perform its obligations under the JV agreement and that one year ago, DEL engaged in discussions with another company in Hong Kong re. setting up a separate JV,
breaching its obligations under the JV agreement
• Negotiations on discovery
- Due to large volume of documents, agreed that parties will produce documents which are responsive to an agreed list of search terms for specific time period
- In particular, GEC has requested for wide-ranging discovery in relation to its allegation that DEL engaged with discussions with another company in Hong Kong re. setting up a separate JV
Discovery / disclosure
• Review of documents for disclosure: - Legal privilege
- Relevance
• Production: - Format - Timing
- Co-ordinating with GEC’s / HW’s service provider
Settlement
• After disclosure and close of pleadings, GEC / HW realise that DEL / JVCo do indeed have strong evidence and a good chance of success, and that their evidence seems to be comparatively weak