Home / Expert Opinion / eDiscovery Update / eDiscovery Update: Cybersecurity, changes to Federal Rules of Evidence

eDiscovery Update: Cybersecurity, changes to Federal Rules of Evidence

Peter Coons

Peter Coons

I just returned from an exhausting nine-day trip to Las Vegas. If you are wondering, it was for business and not a gambling junket. Although the weather was great, nine days in Vegas is about seven days too long.

I attended two separate e-discovery conferences. The first one was the Access Data Users Conference. Access Data is the software provider behind Summation, Forensic Toolkit and other cybersecurity products.

The second conference was Guidance Software’s Computer and Enterprise Investigations Conference; Guidance’s flagship product is EnCase. While EnCase is known by many as a tool for digital forensic examiners, the company has greatly enhanced the product to include a behind-the-firewall solution for collecting and processing ESI for e-discovery matters. Both companies have made great strides in recent years and deserve a look if you are considering bringing resources in-house.

Both keynote speakers at the conferences were cybersecurity professionals. It should come as no surprise that cybersecurity and the protection of valuable intellectual property must be a priority for your organization. This is doubly important for law firms that possess critical and confidential client information.

I attended multiple classes on topics ranging from e-discovery review best practices to the recovery of data from solid state hard drives. The session I gained the most from was on the proposed changes to the Federal Rules of Evidence. I have previously written about these changes in this column so I won’t rehash any material.

However, I do want to share what one of the panelists, the Hon. Judge Peck (SDNY), had to say about a few of the proposed changes and other matters.


Judge Peck stated that the purpose of modifying this Rule was to narrow the scope of what is discoverable. However, the proposed changes aren’t new, “… the Rules and language shifted like a new cereal box with the same contents,” remarked Peck. Basically the language in 26(b)(2)(c) regarding proportionality was moved up a few lines, putting proportionality front and center for both the court and parties to see.

What is proportional? For example, discovery costing $100K in a $50K case is not proportional. Yet, proportionality is not always just about cost. Judge Peck mentioned societal importance and the issues at play. He recommended reading Judge Grimm’s 2008 opinion in Mancia v. Mayflower regarding proportionality and the importance of cooperation during discovery on both sides.

Adding to this, Judge Peck stated that cooperation is essential to the process, “… an uncooperative lawyer is going to be cut off.” When asked about the practical effect of the proposed changes to this rule, he quipped that lawyers have a tendency to remember the rules as they learned them in law school. “Everyone needs to learn the rules,” he said; this sentiment was shared by his fellow panelists. A question was asked of the judge on whether or not proportionality is an objection to discovery. He quickly replied that it “always has been and even more so now.”

502(d) order

Federal Rule of Evidence 502 deals with the intentional or inadvertent disclosure of privileged information and a waiver of privilege. Judge Peck appeared to be very passionate about 502(d) orders, which state: “A federal court may order that the privilege or protection is not waived by disclosure connected with the litigation pending before the court — in which even the disclosure is also not a waiver in any other federal or state proceeding.”

He lamented that it was not being used or considered in many cases before him and shockingly some lawyers are not aware of its existence. “If you take away nothing else from this presentation, then take away 502(d).” He suggested that a lawyer is committing malpractice if you they don’t get a 502(d) order in place. “It is essentially a get-out-of-jail free card,” he said. It is the nature of discovery that some privilege will slip out so why not put protections in place?

Judge Peck invited the audience to view a model 502(d) order on his website. I found it after Googling “Judge Peck model order 502d.” It is a short two paragraphs and I will be recommending to all my clients that it be considered on every matter! He also mentioned that it can be part of the overall ESI plan or a separate order, “form or function,” he remarked.


A personal favorite comment of mine was when Judge Peck encouraged getting the “geeks” involved. It was certainly not used in a derogatory sense but instead was a call to action for the lawyers in the audience. He said that the most successful conferences between parties are when both sides have a technical e-discovery resource that can wade through the techno-babble. On occasion he has suggested that parties go back and talk to an e-discovery vendor to assist with discovery.


This proposed rule change was modified at the rule committee meeting in April of this year. It was changed to add clarity and set the standard for sanctions. Although the word sanction doesn’t appear in the proposed rule, it does address the possible penalties for loss of ESI.

The court may take “measures no greater than necessary to cure the loss of information.” The proposed tule guides the court to fairly assess the facts and if necessary, apply appropriate penalties on parties who lose or destroy ESI.

Should the ESI have been preserved? Did the party take reasonable steps to preserve it? Is the ESI available in another format or additional discovery? Is the information that was lost or destroyed relevant? These are some of the questions that the court may have to consider when addressing missing ESI and determining sanctions.

In conclusion, I highly recommend that you stay abreast of the proposed rule changes. I also recommend not attending two conferences back-to-back in Las Vegas.

Peter Coons is a senior vice president at D4, providing eDiscovery and digital forensics consulting services to clients. Peter is a Certified Information Systems Security Professional (CISSP), an EnCase Certified Examiner (EnCE), an Access Data Certified Examiner (ACE), and a Certified Computer Examiner (CCE). He belongs to various digital investigation and information security based organizations. Peter holds a master’s degree in Digital Forensics Management from Champlain College and a bachelor’s degree in Economics from the State University of New York at Oneonta.

Leave a Reply

Your email address will not be published. Required fields are marked *