eDiscovery compliance is a growing but under-appreciated challenge.

I was reading an article entitled “Social media and your eDiscovery strategies”,[1] and it re-affirmed my view that the law, eDiscovery practice and procedure, and the courts will all need to undergo a continuous paradigm-shift in order to adjust to the new wired world in which we live, work, and “try to” relax.  I wrote some time ago of the dangers of User-generated Legality Issues (UGLIs) in social media,[2] and the impending challenges of addressing them.  Suits regarding these UGLIs will require (and mandate prior diligence in and adoption of), good and sustained collection and preservation techniques.

Canada’s strong protections, coupled with weak collections, may yet prove costly.

The Supreme Court of Canada has found that there is no secondary liability from mere linking (without more) to a defamatory site with regard to online defamation through libel or slander.[3]  More recently, with regard to cyberbullying, the Court has also found that an alleged victim of same, who is a minor, need not disclose his or her identity merely in order to confront an alleged cyberbully.[4]  Anonymity of victims is protected, and the accused in some cases will, likewise, be protected against liability.  However, in cases where the facts as presented are more indicative of malice or premeditation, the accusers and the accused will (and must), first be judged on their own merits by the lower courts.[5]

Now, with a rise in the number of employers permitting their directors, officers, employees, contractors, agents, volunteers, and assigns to access proprietary work, and non-work third-party platforms with their own portable devices (BYOD)[6] and through clouds in multiple jurisdictions, the question of how best to monitor this and retain a record in case of future-arising UGLIs, becomes very pressing.  Speaking recently with a colleague who, like me, is also dually licensed in both the Canada and the United States, we agreed that it is increasingly likely that a Canadian entity will face significant eDiscovery sanctions for failing to “collect, preserve, and produce”, with regard to some litigation or regulatory matter venued in the Continental United States.  The reason for this is the vastly divergent approaches to eDiscovery currently prevailing in each of these two nations, and the high possibility that a presiding U.S. judge may conclude that a foreign business entity, including a Canadian (or other nation’s) business entity:

  1. Physically doing or attempting to do, business in the United States; or
  2. Listed on a United States Exchange and/or sourcing funds in the United States; or
  3. Hosting servers accessed by clients or employees in, or minors of the United States; or
  4. Involved in a U.S. entity change of control or character (merger, acquisition, dissolution); or
  5. Having some intellectual property registered in the United States, even if solely exploited offshore – whether or not lawfully; or having some intellectual property exploited in the United States – whether or not lawfully, even if registered offshore including in a tax-advantaged jurisdiction or a bare I.P. holding company; or
  6. Employing United States Citizens or Permanent Residents, even if based/working outside the United States; or
  7. Possessing some other qualifying, identifiable “nexus” of connections to the United States;

should have been aware of, and have appropriately addressed in advance, its actual and potential eDiscovery obligations; failing which it will be forced to face the full spectrum of onerous eDiscovery sanctions then and there available.  Indeed, caselaw and commonsense would tend to indicate prior and near blanket consent to extraterritorial application of the full panoply of U.S. eDiscovery obligations and their related sanctions in most if not all of the above circumstances.

Scenario A.

Let us consider a fictional scenario.  A major Canadian entity (incorporated provincially or federally but with its principal office in Ontario), is hailed into U.S. state court, and the Complaint includes a voluminous request for eDiscovery production.  Being well-advised by U.S. counsel on the suit’s implications for their I.T. department, their legal and compliance departments, and of the necessary and significant costs to be involved in the document review and production – as well as the scope of sanctions for non-compliance through failure to produce and insufficient disclosures, the entity immediately realizes that its information governance regime, as based in and controlled from Canada, is not configured to have collected and preserved the required materials.  This makes speedy production in response to the suit request, a major issue.  They therefore resolve to put up a vigorous defence; reserving for later the Motion to Dismiss for Failure to State a Claim upon which Relief can be Granted.

Assuming no deficiencies in process and service of process, they initiate their motion practice asserting improper venue, lack of personal jurisdiction, lack of subject matter jurisdiction and seeking to compel arbitration in accordance with the underlying contract, and seeking judicial notice of Canadian discovery procedures[7] which they argue should be applied in their case.  U.S. Judges will likely find that the venue is proper, that they have both personal and subject matter jurisdiction – ignoring the arbitration clause on appropriate grounds (first instance matter, public policy, judicial efficiency, undistinguished precedent from another state, or apparent flaw or inconsistency), and that U.S. eDiscovery rules and procedures shall apply.  Best practice would also counsel seeking Additional Time in which to Answer, and quiet but hurried efforts on the back-end, to bring the Canada-bound datasets up to a properly “eDiscoverable” standard.  The bolder entity might even also assert a Civil Rights claim in a U.S. District Court (federal), or a Bill of Rights claim (state or federal).

The Defendant may then seek removal to federal court on appropriate grounds, including any avenue available under an applicable multinational treaty or accord, or any bilateral investment protection agreement.  If removal is unsuccessful and/or a collateral attack is permissible, then a separate action may be commenced with naming of the Canadian government as a necessary party.  Additional joinder of, or intervention may be sought by, other Canadian entities in the same industry, or that foresee themselves facing a similar situation in the future, as well as the European Union, Directorate General for Justice (Privacy and Data Protection Division).

Media publicity will build, interest groups and politicians will get involved, and serious questions will be asked regarding boycotts and embargoes, corporate discrimination, and the unwelcome extraterritorial application of domestic laws as opposed to consensual application of domestic law to domestic and foreign entities as a cost and prerequisite of doing business in a given jurisdiction.

At this point, the crystal ball goes cloudy, and Scenario A will play-out to its yet unknown conclusion.  Major sticking points will revolve around the long-arm jurisdiction of U.S security laws with regard to information held on or passing through servers based in the United States (i.e. a vast majority of the Western World’s email providers – as well as possibly anything and everything physically or electronically sent to the United States in response to an eDiscovery request, which might be subject to warrantless “sniffing expeditions”), and the Canadian and European privacy protection regimes, which are significantly more developed and expansive than anything currently available in the U.S.  This stems from the standard disclosure language seeking “any and all”, and the strong likelihood that fishing expeditions will uncover many other things that are “apparently” protected under those privacy laws.

It is entirely possible that an eDiscovery business segment tailored to U.S. standards will grow and thrive in Canada in the near future; significantly raising the cost for Canadian entities to do business in the U.S. to the extent that some will withdraw.  If Canadian businesses pull back en masse, then U.S. (or European, Asian, African, or Latin American) businesses will step-in and take-up the slack, purchase their assets, and U.S. unemployment numbers will go up or down, as a result of mergers and restructuring.

It is also possible that a political compromise will be reached, with a Canadian version of U.S. eDiscovery that might be or become colloquially known in the United States as “eDiscovery Lite/North”.[8]  If U.S.-style eDiscovery is further exported to Canada, then U.S. discovery experts will find steady business across Canada through service provision, best practices seminars, and publications.  The same will be true for Canadian provides of their model is the one finally favoured for export to the U.S.

Online risks are now much better known and appreciated.

Within the past 10-15 years, judges in many jurisdictions experiencing the internet’s infancy could have been met with a case of online defamation and seen it as “not such a big deal”, no matter how hard counsel and client might attempt to prove otherwise.  I have been there, and it was in the early 2000s!  However, in this increasingly interconnected world where a social/antisocial message or web posting (blog, email, tweet, viral video, text) can inspire worldwide riots within a matter of moments that spread and escalate over many hours and time zones as others are alerted and fired-up in series,[9] and where people can lose both their lives,[10] and their jobs,[11] as a result of some public disclosure of private facts, the bench clearly no longer has that luxury.

Businesses should therefore try to stay ahead of the eDiscovery curve.

Of course, prevention is better than a cure.  Tools for this will range, of necessity, from outright bans, through strong social media usage policies, to increasingly pervasive and intrusive monitoring – both by employers and by governments.  The last option, being relatively easy to maintain and scale-up or -down once commenced, seems increasingly likely to become the new normal with some regulators – albeit in fits and starts,[12] because many medium-as-message consumers who already and quite willingly share voluminous details of their personal work, lives, and relationships online, perceive each incremental step as “not such a big deal”, no matter how hard privacy pioneers might attempt to prove otherwise.

The ball is still in the air on this one.  Although we can prepare policies in advance as doing nothing is excluded as a viable option, we still have to wait for the ball to land.  And even then, it can always roll in any of many unpredictable directions (being round), or be sent flying, once again.  This new world must be brave (and patient),[13] as it slowly (and not always hesitantly) goes where no world has gone before.[14]



Ekundayo George is a sociologist and a lawyer, with over a decade of legal experience including business law and counseling (business formation, outsourcing, commercial leasing, healthcare privacy, Cloud applications, and Cybersecurity); diverse litigation, as well as ADR; and regulatory practice (planning and zoning, environmental controls, landlord and tenant, and GRC – governance, risk, and compliance investigations, audits, and counseling in both Canada and the United States).  He is licensed to practice law in Ontario, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America (U.S.A.).  See: http://www.ogalaws.com

He is an experienced strategic and management consultant; sourcing, managing, and delivering on high stakes, strategic projects with multiple stakeholders and multidisciplinary teams.  See: http://www.simprime-ca.com

Backed by courses in management, organizational behaviour, and micro-organizational behaviour, Mr. George is also a writer, tweeter and blogger (as time permits), and a published author in Environmental Law and Policy (National Security aspects).

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”), in whole or in part for their content, or their accuracy, or their availability.

This article does not constitute legal advice or create any lawyer-client relationship.

[1] Barry Murphy.  Social media and your eDiscovery strategies.  Published on TechRepublic, November 21, 2012.  Online:  >http://www.techrepublic.com/blog/tech-manager/social-media-and-your-ediscovery-strategies/8051?tag=nl.e101&s_cid=e101<.

[2] See Ekundayo George.  Media Effectiveness.  Published on www.ogalaws.com.  At User-generated Legality Issues (UGLIs).  Online: >https://ogalaws.wordpress.com/media-effectiveness/<.

[3] See Crookes v. Newton, 2011 SCC 47, [2011] 3 S.C.R. 269 (decided October 19, 2011).  Online: >http://www.canlii.org/en/ca/scc/doc/2011/2011scc47/2011scc47.html<.

[4] See A.B. v Bragg Communications, Inc., 2012 SCC 46 (CanLII).  Decided September 27, 2012.  Online: >http://canlii.ca/en/ca/scc/doc/2012/2012scc46/2012scc46.html<.

[5] In response to a patron’s bad restaurant review, an Ottawa restaurant owner who created a fake profile and posted fake (and lewd) personal details online, and then transmitted fake email messages to the patron’s employer using that fake profile, has now paid a price.  After being found guilty of defamatory libel on September 6, 2012, “[s]he was sentenced Friday (November 16, 2012) to 90 days in jail and two years probation and ordered to take an anger management course, receive mandatory counselling and work 200 hours of community service”.  She has appealed her sentence.  See CBC News.  Cyberbullying Ottawa restaurant owner gets bail.  Posted on cbc.ca, November 22, 2012.  Online: >http://www.cbc.ca/news/canada/ottawa/story/2012/11/22/ottawa-restaurant-owner-gets-bail-after-libel-sentencing.html <. See also Tony Spears.  Cyberbullying Ottawa restaurateur gets jail time.  Published on http://www.torontosun.com, Friday, November 16, 2012.  Online: >http://m.torontosun.com/2012/11/16/cyberbullying-restauranteur-gets-jail-time<

[6] See Ekundayo George.  What about hospital BYOD?  Published October 7, 2012, on www.ogalaws.wordpress.com Online: >https://ogalaws.wordpress.com/2012/10/07/med-tech-byod-is-really-catching-on/<.

[7] In Ontario, Canada, each party in litigation prepares and serves on the other party/parties an Affidavit of Documents, stating who has what, what is available for disclosure, and what is not, including those over which any privilege is asserted.  There are generally no massive and all-pervasive requests that cut clean across the board.  See R. 30.03(2) – Contents. Then, Requests to Inspect will be served (R. 30.04), and even though the court may still order production, neither its disclosure nor production is an admission of the relevance of any document (R. 30.05).  Rules of Civil Procedure, Ontario. R.R.O. 1990, Regulation 194.  Online: >http://www.e-laws.gov.on.ca/html/regs/english/elaws_regs_900194_e.htm<.

[8] Id. Rules of Civil Procedure Ontario.  The Sedona Canada Principles for addressing eDiscovery do exist and are available for incorporation in any Discovery Plan, to which the parties must now agree within a specified time (R. 29.1 – Discovery Plan).  However, the Ontario scheme is more of a gentleman’s agreement formula, and the court is reluctant to intercede or force the issue (except in preparation for trial as under R. 20.05), as opposed to the U.S. model where judges are and remain quite active at all stages of the matter and not every litigious matter is characterized by or conducted with, a high level of civility.  See also The Sedona Conference, 2012.  E-discovery Canada – About.  Published on lexum.org.  Online: >http://www.lexum.org/e-discovery-web/about.do<.

[9] Cartoons, movies, new laws, beauty pageants, governments old and new, and new Constitutions are amongst the many items to which some people, somewhere, have taken some sort of offence, of late and to date.

[10] Kelly Heyboer/Star Ledger.  Rutgers freshman is presumed dead in suicide after roommate broadcast gay sexual encounter online.  Posted on www.nj.com, Wednesday, September 29, 2010.  Online: > http://www.nj.com/news/index.ssf/2010/09/hold_new_rutgers_post.html<.

[11] Noah Shachtman and Spencer Ackerman.  Petraeus Resigns From CIA After Feds Uncover ‘Extramarital Affair’.  Published November 9, 2012, on www.wired.com.  Online: >http://www.wired.com/dangerroom/2012/11/petraeus-down<.

[12] Matt Sledge.  ECPA Amendment Passes, As Senate Judiciary Votes To Require Warrant For Email Snooping.  Published November 29, 2012, on www.huffingtonost.com.  Online: > http://www.huffingtonpost.com/2012/11/29/ecpa-electronic-communications-privacy-act_n_2211889.html<.

[13] This is a gratuitous tribute to the futuristic 1931-1932 novel by Aldous Huxley, entitled Brave New World.  Online: >http://en.wikipedia.org/wiki/Brave_New_World<.

[14] This is a gratuitous tribute to the original Star Trek series of the science fiction entertainment franchise bearing the same name or a related name, and its motto for the original cast under Captain James Tiberius Kirk (William Shatner), which was: “to boldly go where no man has gone before” (later changed to “no one” in its subsequent spinoffs with a more politically correct, gender neutral appeal).  Online: >http://en.wikipedia.org/wiki/Star_trek<.

%d bloggers like this: