Skip to navigation.

Author Archives: Scott Dinner

  1. Protecting Your Data from Departing Employees

    Leave a Comment

    Trade secrets and confidential information often form the lifeblood of a company. Despite considerable efforts a company might take to protect this vital information, it can be difficult to prevent a departing employee from taking this information with them—potentially to a competitor.

    Twenty years ago, an employee trying to steal confidential information would have raised eyebrows as they packed and removed boxes of documents.  Today, however, the same information can be exfiltrated on a memory card or flash drive that easily fits into a pocket, or by sending it out using email or a cloud storage service.

    Unfortunately, companies frequently do not realize that confidential information was taken until weeks or even  months after the employee departed.  And by then, the evidence necessary to obtain a preliminary injunction to protect the information is often gone.

    Below are some recommended steps that your company can take, as well as pitfalls to avoid, to prevent employees from walking out with your company’s trade secrets and confidential information, as well as to preserve evidence of any theft or misappropriation.

    • Conduct an Exit Interview.
      Use an exit interview as an opportunity to remind the departing employee of the employee’s continuing obligations to the company, including to keep certain company information confidential. Also remind the departing employee to return all confidential information (including copies), such as information residing on the employee’s personal computer, cell phone, email account, or digital storage device. You can request and attempt to watch the employee delete any company email account from the employee’s personal devices.
    • Disable Employee Access.
      You should disable employee access to company computer equipment and confidential information as soon as practicable after an employee informs the company that they are planning to depart. Do not forget to have your IT administrator disable remote server and email access. If you terminate an employee, you may want to be extra vigilant in disabling the employee’s access.
    • Collect and Preserve the Employee’s Computer and Other Electronic Devices.
      A former employee’s computer and electronic devices may contain evidence in the event of litigation. For example, if there becomes reason to believe that the employee may have taken trade secrets or confidential information, logs of file access, USB activity, email activity, and cloud storage access—which forensic examiners can frequently recover—can be invaluable to proving that the files were taken. However, this evidence can be destroyed or compromised when your company wipes the computer or reissues it to another employee.
      To preserve this evidence, you can adopt as a standard practice unplugging and setting aside an employee’s computer and other electronic devices for a reasonable period of time following their departure before wiping or reissuing them.
    • Collect, Preserve, and Review Server or Cloud Storage Log Files. Servers and cloud hosting services often keep logs of user activity, such as file access and download activity. For instance, users of Google’s G Suite are able to use the Drive Audit log to view a wide range of user actions. This log information, like the data on the former employee’s computer, can be vital evidence should litigation become necessary.Unfortunately, many systems only retain these log files for a short period of time so you can have your company’s IT administrator generate and save a copy of the server access logs whenever an employee departs. And you can review these logs to see if the departing employee had been engaging in any unusual activity—such as performing mass downloads—around the time of his or her departure.
    • Preserve and Review the Employee’s Business Email Account.
      As a precaution, it is prudent to make a backup of the departing employee’s business email account. You can also review the departing employee’s email activity from around the time of his or her departure to see whether they have emailed themselves any confidential information.
    • Do NOT access personal email or social networking accounts.
      Employers should never access an employee’s personal email, Facebook, or LinkedIn account—even if the employee’s computer is still logged in to the account, without first consulting an attorney. The Stored Communications Act, 17 U.S.C. § 2701 et seq., is aimed at preventing illegal access to hosted email, webmail, or messaging accounts (such as Facebook and LinkedIn) without the account holder’s authorization. While the Stored Communications Act has an exemption for authorized access, companies should first consult with an attorney before accessing any personal accounts. This is because the Stored Communications Act imposes civil and criminal liability on individuals and entities for exceeding the scope of an authorization.
    • Consult with an attorney if you have reason to believe that the employee has retained any confidential information.
  2. Discovery in the Information Age—Virginia’s Progressive New E-Discovery Rule

    Leave a Comment

    On October 31, 2018, the Virginia Supreme Court amended Rule 4:1(b)(7)—Virginia’s procedural rule governing discovery of electronically stored information (“ESI”) in civil litigation. The amendment, which became effective on January 1, 2019, alters the procedural requirements for e-discovery in Virginia courts and marks a potentially significant departure from federal law—a departure that is designed to be more favorable to discovery into relevant ESI.

    The amendment to Rule 4:1(b)(7) provides as follows, with deleted text struck through, and new text underlined:

    (7) Electronically Stored Information. A party need not provide discovery of electronically stored information (“ESI”) from sources that the party identifies as not reasonably accessible because of undue burden or cost.[1] On motion to compel discovery or for a protective order, the party from whom discovery is sought must show has the burden of showing that the information is not reasonably accessible because of undue burden or cost. If that showing is made, the court may nonetheless order discovery from such sources if the requesting party shows good cause, considering the limitations of Rule 4: 1 (b)( 1). The court may specify conditions for the discovery, including allocation of the reasonable costs thereof.

    If the party receiving a discovery request anticipates that it will require the production of ESI and that an ESI protocol is needed, then within 21 days of being served with the request, or within 28 days of service of requests served with the Complaint, the receiving party shall propose an ESI protocol which should address: (A) an initial list of custodians or the person(s) with knowledge of the party’s custodians and the location of ESI, (B) a date range, (C) production specifications, (D) search terms, and (E) the identification and return of inadvertently revealed privileged materials. If the proposed protocol is not acceptable, the parties shall in good faith attempt to meet within 15 days from service of the protocol on the party requesting the ESI. If, after 15 days from service of the protocol, the parties are unable to agree to limits on the discovery of the ESI, on motion to compel discovery or for a protective order, the court shall, in its discretion, determine appropriate limitations or conditions on the ESI request, if any, including allocation of the reasonable costs thereof.

    Notably absent from the amended Rule is the “proportionality” requirement found under Rule 26(b)(1) of the Federal Rules of Civil Procedure.[2] The proportionality requirement, which was added to Federal Rule 26(b)(1) in 2015, defines the scope of discovery to be limited in the first instance to those matters that are relevant, non-privileged, and “proportional to the needs of the case.” Of course, the federal rules previously allowed courts to limit overly burdensome and disproportionate discovery.[3] However, by adding the proportionality requirement to Rule 26(b)(1), the Rule requires courts to be “more aggressive in identifying and discouraging discovery overuse,” and, as certain courts have found, narrowed the substantive scope of discovery.[4]

    While the Virginia Committee on Discovery of Electronically Stored Information considered whether to emphasize the role of proportionality as it relates to ESI,[5] it ultimately recommended that the Supreme Court not adopt the federal approach.[6] This recommendation was based on concerns that “an amendment mirroring the federal rule changes would inhibit the open exchange of discoverable information.”[7] Of course, courts can still limit discovery that is unduly burdensome or expensive. See Rule 4:1(b)(1). However, the rejection of the federal proportionality approach means that Virginia courts should be more hesitant to curtail discovery into relevant ESI than their federal counterparts.

    Rather than following the federal approach, the amendment to Rule 4:1(b)(7) requires the parties to be proactive and seek to resolve any potential issues at the outset of discovery by reaching an agreement on protocols for governing ESI discovery in the case.[8] Such protocols, which have become common place in federal district courts, can be invaluable.[9] They not only preempt many disputes, but also have the potential to curb discovery costs by establishing agreeable and efficient limits and procedures for collection and production of ESI.[10]

    Ultimately, the Rule places the burden on the producing party to propose an ESI protocol within 21 days of being served with discovery requests whenever the producing party anticipates that (i) the discovery requests will require the production of ESI, and (ii) an ESI protocol is needed. However, the Rule does not specify when a party should anticipate that an ESI protocol is needed. Thus, Virginia Courts will likely need to provide additional guidance on when parties are required to propose an ESI protocol.

    While only time will tell how effective the amendment is in preventing disputes, what is clear is that the amendment is intended to promote and foster e-discovery, and that parties are expected to produce ESI. Indeed, by refusing to emphasize the proportionality requirement, the Rule invites broad discovery into relevant ESI.


    [1] Active, online data, such as data on computers and servers, as well as off-line storage, such as flash drives, SD cards, and external hard drives, are almost always considered to be accessible. U.S. ex rel. Carter v. Bridgepoint Educ., Inc., 305 F.R.D. 225, 238-39 (S.D. Cal. 2015); Juster Acquisition Co., LLC v. N. Hudson Sewerage Auth., No. CIV.A. 12-3427 JLL, 2013 WL 541972, at *3 (D.N.J. Feb. 11, 2013). Conversely, backup tapes and erased, fragmented or damaged data are frequently defined to be “inaccessible. Carter, 305 F.R.D. at 239.

    [2] In determining whether discovery is proportional to the needs of the case, the rule provides for courts to consider “the importance of the issues at stake in the action, the amount in controversy, the parties’ relative access to relevant information, the parties’ resources, the importance of the discovery in resolving the issues, and whether the burden or expense of the proposed discovery outweighs its likely benefit.” Fed. R. Civ. P. 26(b)(1).

    [3] See Fed. R. Civ. P. 26(b)(2)(C)(iii)(pre–2015 version).

    [4] XTO Energy, Inc. v. ATD, LLC, No. CIV 14-1021 JB/SCY, 2016 WL 1730171, at *16-18 (D.N.M. Apr. 1, 2016); but see Vigil v. Waste Connections of Nebraska, Inc., No. 8:15CV112, 2016 WL 1698285, at *2 (D. Neb. Apr. 27, 2016) (discoverability is still governed by relevancy).

    [5] Rule 4:1(b)(1), like the old Fed. R. Civ. P. 26(b)(2)(C)(iii), authorizes courts to limit discovery, including into ESI, if the discovery is unduly burdensome or expensive.

    [6] Boyd-Graves Conference, Report of the Committee on Discovery of Electronically Stored Information (September 2, 2016) available at https://cdn.ymaws.com/www.vba.org/resource/resmgr/2016_meetings/BoydGraves/Part_1.pdf.

    [7] Id.

    [8] Id.

    [9] Nathan D. Dupes & Joseph T. Muzingo, Attacking the Massive ESI Project on Two Fronts, 14 No. 4 DRIIDQ 45 (Winter 2019).

    [10] Steven C. Bennet, E-Discovery: Reasonable Search, Proportionality, Cooperation, and Advancing Technology, 30 J. Marshall J. Info. Tech. & Privacy L. 433, 440-41 (2014).