Courtney Murphy |
IT has worked out the kinks, security training has taken place, and everyone seems to be getting the hang of screen-sharing and virtual backgrounds. It isn't a perfect replacement for your regular interaction, but you're past the worst of the pain points.
With the first wave of challenges overcome, it is time for legal departments and outside counsel to consider the potential legal implications of this shift. Privacy and cybersecurity are already getting a lot of attention, but discovery will not be far behind.
Many of the most common remote meeting technologies include recording features — often as default settings — and this represents a procedural shift for most businesses. Before the shift to everyone working 100% remotely, were regular team or project calls recorded? How about meetings in the conference room? Someone might have taken minutes, but were they noting how much time was spent on each slide and the cross-talk that went on among the participants? Face-to-face chats were almost never memorialized, but now those are happening via videoconference, too.
In addition to various recording options, other functionality may be built in, such as transcription and administrative reporting that tracks call activity and metadata in addition to content. Without assessment of off-the-shelf settings, videoconferencing applications may default to creating and storing multiple recordings and other data for every interaction that takes place through the system.
If an organization chooses to record and retain everything and is doing so with full knowledge of the associated risks and benefits, that is their prerogative. But introducing sweeping recording and retention of office activities that was not routinely done prior to mid-March creates challenges for future litigation and investigations that should be considered before they take on a life of their own.
Broad-scale recording activity like this raises three primary concerns from a discovery and data retention perspective:
- Data proliferation: Storing files costs money, and continually adding new videoconferencing files could become expensive — especially given the potential size of video files.[2] As the repository expands, the resources needed to locate and utilize specific files will increase in tandem.
- Records management and discovery: Because interactions are being memorialized in a new and comprehensive way, videoconferencing should be addressed in data retention plans. The records are also subject to preservation obligations when litigation is anticipated or active, and the organization may be subject to spoliation sanctions under Federal Rule of Civil Procedure 37(e), if the records are subsequently deleted. If a litigation preparedness plan is in place, it should be updated to account for videoconferencing records, and the administrator for the videoconferencing application(s) must be informed, especially if this person is different from the IT point of contact for email and other network-based storage. Further, records of this type should be specifically referenced in legal hold materials to individual custodians and any notices to suspend auto deletion.
- Discovery, part 2: When meetings were not proactively recorded, associated electronically stored information was often limited, maybe consisting of calendar entries, a circulated agenda or a short presentation, perhaps some meeting notes in OneNote or Word. Now, the entire meeting has the potential to be saved as an electronic file — possibly multiple electronic files — audio and/or video with all the meeting content, along with verbal asides and random commentary, screen shares, facial expressions, and more. There may also be text files containing a full transcript or a chat string, as well as separate files shared among participants through the videoconferencing software. Each component is considered discoverable ESI under FRCP 34(A)(1)(a) and its jurisdictional analogs, and may need to be produced as part of litigation discovery (provided the content is relevant and proportional under FRCP 26(B)(1), of course). And determining relevance may require additional resources to collect and review.
Information Governance and Litigation Readiness
Like other common file types, videoconferencing data doesn't have a recommended or required retention period — retention and preservation obligations will be based on the content of the records. As such, it is advisable to have guidelines in place, such as the following:
- Set policies governing naming conventions for meetings, custodian management guidelines, and administrative rules for auto deletion to assist in organizing data and retrieving it as needed.
- Establish appropriate enterprise-level rules for use and recording and consider creating separate security groups for different business units or supervisory levels. Does every user in the organization need the ability to record every type of meeting? Develop and implement policies for the elements that will be controlled at the individual user level.
- Control the type of records that are generated: As an example, Zoom can save multiple versions of a single meeting — host/presenter view, gallery view, either of those with screen sharing, audio transcript, etc. Will your organization need each of these options, or can the records be streamlined? Choose which of the various meeting record types will meet the organization's needs and disable unwanted recording formats.
- If regular reports will be run within the videoconferencing platform — to monitor metrics such as user numbers or for other purposes — determine how they will be generated, by whom, and what retention policies govern such reports.
Generally, videoconferencing recordings will be saved in the cloud and accessible through the application's enterprise portal. That does not mean, however, that the only stored copy of a given file is online; individual meeting organizers and participants may have the ability to save certain records related to a single videoconference to local storage, either as a setting, proactively after the meeting ends, or via download from the common storage location.
Awareness of the user options that exist for saving and deleting data is critical when planning for general records management, as well as litigation readiness. It allows the development of policies and standard operating procedures to guide employee behavior and better manage ESI.
Anticipated or Active Litigation and Discovery
When preservation obligations have been triggered (a threshold that varies by jurisdiction), records associated with videoconferencing must be assessed for preservation as part of the party's identification and inventory of potentially relevant ESI. Include references to this ESI category in litigation hold documentation and custodian interviews.
Generally speaking, this is not the time to realize that all videoconferences have been recorded and deactivate all recording functionality, especially if meetings continue to occur on relevant topics, in light of recent decisions relating to deliberate changes to recording/preservation by parties to litigation.
Maintain any procedures already in place, even if they were defaults rather than choices, and thoroughly document any needed adjustments. To the extent possible, auto delete should be suspended for potentially relevant segments of saved recordings, and manual deletion options should be deactivated. If the videoconferencing software does not allow these adjustments, collect-to-preserve methodologies should be applied.
Targeted collection of any cloud-based videoconferencing records is recommended when possible, especially for organizations that save most or all interactions occurring in the application. If videoconferencing files were saved locally by individual custodians, those can be collected in accordance with the approach for custodian-level ESI.
As for administrative reports and similar files generated through metadata exports, these may not exist in the absence of proactive identification and export. For such files, especially those that are not part of a producing party's normal record generation, it may be appropriate to delay collection until the value or necessity of certain data can be demonstrated through other channels.
Videoconferencing records will likely require special considerations for production, as well as for any preproduction review that needs to take place for relevance, privilege or other concerns. The ability to handle audio and video files is necessary and additional tools for searching or analysis will be valuable since common approaches like keyword searching will likely be unavailable at a basic level.
For situations where multiple records have been collected for a single videoconference, the ability to connect them must be considered. E-discovery software may not recognize the relationship between two video recordings and an audio transcript of the same call saved together in a folder,[3] but the three files are all records of a single event. Even if only two files are relevant, they should be evaluated as parts of a whole.
Organizations should be mindful of the various strategic use cases presented by videoconferencing records. The record categories generated by a single videoconference may be useful in different types of legal action. Some possibilities include:
- Product liability: audio recording or transcript for a meeting where a known product defect was discussed months before a defendant claims to have known about it.
- Insider trading: call report showing all participants on a call and when they joined and left. A party claims to have left the call halfway through, but is shown calling back on a cell phone and hearing the sensitive information.
- Employment claim of hostile work environment or discrimination: private chat transcripts containing suggestive comments from the accused to the plaintiff that were invisible to other participants.
Considering these elements and risks proactively, when setting up retention policies, and retrospectively, when assessing a cause of action, will enable an attorney to give comprehensive advice.
Videoconferencing tools and other remote collaboration applications have expanded their reach to professionals of all stripes in an astoundingly short amount of time. The (almost) overnight mainstreaming of these powerful tools has been a boon, allowing millions to maintain some semblance of their workday and workflow, but at the same time, is fertile ground for unintended consequences. Without advance planning and forethought, those consequences may play out in the legal discovery space, and they will not favor the unprepared.
Courtney Murphy is an attorney and e-discovery project manager at Clark Hill PLC.
The opinions expressed are those of the author(s) and do not necessarily reflect the views of the firm, its clients, or Portfolio Media Inc., or any of its or their respective affiliates. This article is for general information purposes and is not intended to be and should not be taken as legal advice.
[1] Remote meeting and/or collaboration tools considered in this article: BlueJeans, Google Hangouts/Meet, GoToMeeting, Microsoft Teams, Skype for Business, WebEx, and Zoom.
[2] Given the generous storage allotments of some platforms, this may be moot for enterprise users, but it should still be considered by the people responsible for crafting retention policies.
[3] Videoconferencing workflows and tools are forthcoming from at least one major e-discovery software platform, but until those are available, most standard processing will not group these files correctly as families or otherwise relational.
For a reprint of this article, please contact reprints@law360.com.