Limitations and Pitfalls in Modern e-Discovery and Information Governance: Addressing ESI protocols in active litigation, and navigating your preservation obligations and defensible deletion across your organization

David Kessler | Norton Rose Fulbright

David Kessler is the Global Head of the firm’s E-Discovery and Information Governance practice and the Head of the US Privacy practice. He is a thought leader on discovery, data privacy, records management and cyber security.

David counsels’ clients on a range of data privacy matters focusing on compliance and cross border data transfers. David has provided advice regarding the Stored Communication Act (SCA), the Health Insurance Portability and Accountability Act (HIPAA), the Children’s Online Privacy Protection Act (COPPA) and Family Educational Rights and Privacy Act (FERPA). He also provides advice to multinational clients regarding compliance with EU data protection and privacy laws including the General Data Protection Regulation (GDPR), where he works closely with his colleagues in the EU.

David is a Certified Information Privacy Professional (CIPP/E) through the International Association of Privacy Professionals (IAPP).

David acts as global discovery counsel for technology, finance, pharmaceutical and manufacturing companies where he helps them address litigation readiness, cross border discovery complications and acts as special discovery counsel in complex litigations. David focuses not only on tactical e-discovery issues in particular cases but advises clients regarding strategic e-discovery portfolio management and data governance. For example, David has helped clients with emergency ex parte preservations orders; negotiations with opposing counsel regarding disaster recovery data; establishing that opponents had fabricated e-mails; and developed litigation readiness protocols.

David has a particular focus on cross-border discovery. David was recently the counsel of record for an amicus brief before the United States Supreme Court in United States v. Microsoft addressing the importance of comity in cross border discovery. David has helped clients preserve, collect, process and transfer data from countries all over the world including, by way of example, Australia, Brazil, Canada, China, Germany, India, Italy, Nigeria, Japan, South Africa, Spain, Switzerland, and the United Kingdom. David is a contributor to and has been a faculty member for the Sedona Conference’s (one of the world’s leading e-discovery organizations) Work Group 6 on International Electronic Information Management, Discovery and Disclosure.

David was an adjunct professor at the University of Pennsylvania Law School where he taught an advanced seminar on “E-Discovery.”

As part of his information governance practice, David has advised clients on where and how to store and manage data globally as well as how to integrate record retention, data security and e-discovery into the fabric of their IT infrastructure. Beyond helping clients stand up information governance programs with policies and record retention schedules, David counsels’ clients on mobile device management, ephemeral data, disaster recovery and business continuity systems and the cloud. He also has represented clients in defensible data disposition projects and examining the contours of their own dark data.

As part of the firm’s cybersecurity team, David has represented clients both preparing for and responding to cyber incidents. He has drafted and revised incident response plans (IRPs), run tabletop exercises and helped clients select and contract with forensic and public relations vendors. David has advised clients about the scope of data breaches and the company’s obligations to notify the appropriate authorities, and the people affected by the breach. Finally, David has represented clients in investigations by the FTC into suspected incidents and the quality of the clients’ preparations and response.

Ellen Blanchard | Norton Rose Fulbright

Ellen Blanchard is Senior Counsel in the Global Cybersecurity and Privacy group of Norton Rose Fulbright. With extensive experience across all phases of discovery, Ellen has represented clients from a variety of industries in complex commercial litigations cybersecurity incidents, and government investigations involving securities, antitrust, healthcare and IP issues. She also advises clients on information governance issues such defensible disposition, AI Acceptable Use policies and record retention. Prior to joining Norton Rose Fulbright, Ellen served as Director of Discovery and Information Governance at an international telecommunication company where she was responsible for developing the strategic vision for discovery and providing leadership in managing the company’s data. She led a team that was responsible for proactively managing electronic and document discovery for active litigation matters, including complex and high-stakes disputes such as mergers, government investigations, cyber investigations, and class actions. She successfully managed the team responding to the regulatory requests stemming from the TMobile Sprint merger approval. Prior to T-Mobile, Ellen was a litigator at Boies, Schiller & Flexner and Associate GC and Director, eDiscovery Consulting at Evolver Legal Services. As a frequent speaker at conferences and podcasts, she enjoys sharing war stories of life in the discovery trenches.

Esther Clovis | Norton Rose Fulbright

Esther Clovis is a Senior Associate in the Global Cybersecurity and Privacy group of Norton Rose Fulbright’s New York office. She has assisted clients address issues regarding the general operation of their data protection and privacy programs through both proactive and reactive measures. Esther has experience in identifying and defining data classification models, drafting corresponding memoranda for companywide use, reviewing clients’ data retention practices, and creating new corresponding policies in accordance with relevant laws and best practices. She has also assisted global clients identify risks relevant to cross-border transfers of personal information and other data. Additionally, Esther is familiar with drafting clients’ internal and external policies, standards, procedures, guidelines and website policies and terms in accordance with the with CCPA, CPRA, GDPR and other relevant state and federal laws. Prior to joining the firm, she served as lead associate for numerous matters involving data breaches and other incident responses. Additionally, she assisted with the defense of privacy class actions on a variety of claims, including breach of contract, breach of warranty, negligence, breach of state privacy laws and the TCPA, FCRA and the Wiretap Act. Esther also served as a judicial law clerk to the Honorable L. Felipe Restrepo on the Third Circuit Court of Appeals.

Andrea L. D’Ambra | Norton Rose Fulbright

Andrea L. D’Ambra is a partner in the New York office and spearheads the firm’s outreach to Technology sector clients in the United States. She is also the U.S. Head of eDiscovery and Information Governance. Andrea focuses her practice on data privacy, e-discovery, cross border discovery, and cybersecurity.

Andrea works with clients to manage information risk, whether it is related to litigation or regulatory inquiries, navigating foreign data privacy laws, assessing the impact of a cybersecurity incident, or managing the day-to-day retention of an organization’s data. Andrea works with numerous technology clients and has deep expertise in addressing the unique issues that arise for tech sector clients. She is also a recognized thought leader on the challenges posed by emerging technologies. During the past five years, she has championed the leveraging of advanced technology to quickly, efficiently, and defensibly respond to Hart-Scott-Rodino (HSR) second requests and other regulatory investigations. Recently, she represented a target corporation in the first European Commission DG Comp investigation where the parties were permitted to use Technology Assisted Review to identify documents relevant to the inquiry.

Andrea counsels’ clients on preservation and data management issues and has drafted information governance and records management policies for several multi-national companies. In addition to counselling, she has assisted clients in navigating foreign data privacy laws while complying with U.S. discovery obligations. She also counsels’ clients on breach preparedness, assessing potential cybersecurity incidents and the regulatory notifications required when an incident rises to the level where it must be reported. Andrea regularly speaks on cybersecurity, data protection and e-discovery issues, and has written on various information risk topics.

Andrea served for over seven years as an officer in the United States Navy. Her diverse Naval experience includes serving as an action officer for high-profile investigations within the Bureau of Naval Personnel and managing the administrative and legal issues of the Navy’s computer network defense command.

Andrea was an adjunct professor of law at Temple and William and Mary Law Schools where she taught classes on Electronic Discovery for over 10 years. Andrea spent three years as a member of the Steering Committee of the Sedona Conference’s Working Group 1 that focuses on Electronic Document Retention and Production. She was recently appointed to the Georgetown Advanced eDiscovery Institute’s advisory board. She is also a member of Sedona Working Group 6 which focuses on Cross Border Discovery and Working Group 11 that considers data privacy and cybersecurity.

Andrea is a Certified Information Privacy Professional for both the European Union (CIPP/E) and the United States (CIPP/US) through the International Association of Privacy Professionals (IAPP).

Susana Medeiros | Norton Rose Fulbright

Susana Medeiros is an associate and a member of the Information Governance, Privacy, and Cybersecurity team. She is a Chambers ranked attorney recognized as an Associate to Watch for her experience in eDiscovery and Information Governance.

Susana has extensive experience advising on complex eDiscovery issues including defensible collection of electronically stored information and conducting spoliation investigations. She formulates creative strategies for the defensible and efficient preservation, identification, collection, review, and production of electronically stored information in response to requests in civil investigations and litigation. She focuses not only on tactical eDiscovery issues in particular cases but advises clients regarding strategic e-discovery portfolio management, and data governance. Susana has advised clients on how to best manage electronic discovery and preservation, and helped clients develop litigation readiness protocols for use across their matters.

As part of her information governance practice, Susana helps clients mature their information governance program by developing internal information management, preservation, and data classification policies and procedures and record retention schedules. This includes providing advice on data migrations, defensible disposition, mobile device management, ephemeral data, and disaster recovery and business continuity systems.

Susana has represented clients both preparing for and responding to cyber incidents. Leveraging her traditional eDiscovery experience, Susana also assists clients with efficiently and defensibly responding to cyber incidents to quickly identify data subjects impacted and the types of personal information impacted and advise clients about the scope of the incident and the company’s obligations to notify the appropriate authorities, and the people affected by the breach. She also assists with providing advice around CCPA, CPRA, and GDPR compliance from an information governance and data minimization perspective.

Session I – Have ESI Protocols Outlived Their Usefulness? How to avoid being cudgeled by your Own protocol | 1:00pm – 2:00pm

• ESI Protocols are Not Mandatory
• Why Preservation is a Dangerous Topic and How to Address It
• The Difference between “Agreeing to Agree” and Providing Notice of Discovery Process
• TAR Protocols Undermine Their Agility and Power
• Push Back on Standard Protocols Especially in Larger Complex Matters

Break | 2:00pm – 2:10pm

Session II – The Pitfalls of Over-Preservation: Strategies for defensible deletion | 2:10pm – 3:10pm

• The Importance of Thorough Data Source Investigation
• Defensible Deletion Strategies and Automatic Deletion Policies
• Balancing Data Retention and Deletion