The Anatomy of Data Risk Management

An article by Risk and Insurance Management Society, Inc. (RIMS) recently found in The National Law Review focused on Data Risk Management:

Think of data as a living organism.

Just like a human body, data has various components and life support systems that must be maintained to ensure the whole thrives and survives. You can think of a data risk specialist as a doctor trying to keep the organism healthy through its various life stages.

Data, our hypothetical patient, (you’re welcome Star Trek fans) needs a safe and healthy environment, a supportive lifestyle and good hygiene. Just as a doctor has to consider external threats (“do you smoke?”) so does the data risk manager.

Let’s look at what this all means, and how this philosophy can be applied to your businesses policies and practices.

Data, our hypothetical patient, has three basic forms: paper, electronic and human memory.  A good data risk management plan must consider all three.

Controlling paper and electronic data is what we think of most when considering data security. This is your standard (or what should be standard) security policy, access controls procedures, system audits, and the like. It’s where security planning meets IT.

Human memory is a little more elusive. Education, security training and a reward-demotion plan can help control human errors, as can confidentiality agreements, and project-specific security contracts. These are the tools of teachers and lawyers. Generally speaking, there are four key rules to protecting data in all its forms:

  1. Be stingy with sensitive data, internally and externally;
  2. Provide access to data on a need-to-know basis;
  3. Provide access only to that specific data, rather than entire data sets;
  4. Be deliberate in how data is handled, used and shared.

Data has a life cycle. If your data doesn’t, it should. Whether it’s government secrets or an online shopper’s credit card number, data is received or created within your company’s computer systems. It is used, maintained and stored. It is archived or destroyed. That data, in all cases, has three basic states: in action, in motion or at rest. Take the credit card number example: that information can be used, the card charged, or moved to another computer system, or archived. Use, motion, rest.

There are four fundamental rules regarding the life cycle of data:

  1. If the organization doesn’t need it, don’t collect it.
  2. If data must be collected, collect only what is needed.
  3. If data is needed, control it and encrypt it.
  4. When data is no longer needed, get rid of it – SECURELY.

Now that we know what data looks like (paper, electronic, mnemonic) and how it lives (in action, in motion, at rest) we should consider those external threats, namely data breaches. A data breach is an incident (or series thereof) in which sensitive, protected or confidential information has potentially been viewed, stolen or used with unauthorized access. This can be a hacker attack, an internal company mistake that results in exposed information or, in some cases, corporate or government espionage. A data breach can be anything that jeopardizes data.

These threats range from simple user negligence, operating or systemic issues, all the way to highly complex criminal attacks launched against your organization. As anyone who follows the tech news knows, sensitive consumer and business information has become a criminal commodity.

With this hostile environment in mind, it is imperative for the business to plan and prepare not only for the protection of their information, but also for the response and recovery of their data and business in the event of a data breach. For a data manager or security professional to fail to issue such a warning would be akin to that doctor not asking about smoking.

At the end of the day, data as an organism is more than an extended metaphor. It’s a means to look at your company’s data products in an abstract way and understand how it operates. This, in turn, will allow you to develop the proper health plan. Just like with our health, there is no single wonder pill. But there are data doctors out there who can analyze your businesses’ risk posture and recommend ways to get it in shape.

Brian McGinley, senior vice president of data risk management at Identity Theft 911 offers this well-written piece on the timely topic.

Risk Management Magazine and Risk Management Monitor. Copyright 2012 Risk and Insurance Management Society, Inc.

Entrepreneur’s Guide to Litigation – Blog Series: Discovery

Recently posted in the National Law Review an article by  Joseph D. Brydges of Michael Best & Friedrich LLP regarding the Discovery is a pre-trial phase of litigation.

 

Discovery is a pre-trial phase of litigation during which a party to a lawsuit seeks to “discover” information from the opposing party. Discovery is meant to facilitate the truth-finding function of the courts and, as such, parties to a lawsuit have an automatic right to discovery. From a strategic standpoint, discovery is used to gather and preserve evidence in support or defense of the claims made in the complaint. Further, discovery often helps parties narrow the focus of the litigation in preparation for trial and, in some cases, may lead to a pre-trial settlement. Discovery is an extremely important phase of litigation because the evidence gathered during discovery will serve as the foundation of a motion for summary judgment and/or strategy at trial.

Discovery proceedings are typically governed by state statutes in state court and by the federal rules of civil procedure in federal court. Generally, the scope of discovery permitted under these rules is very broad. Discoverable information may include any material which is reasonably calculated to produce evidence that may later be admitted at trial. However, certain information, including information protected by the attorney-client privilege and the work product of an opposing party, is generally protected from discovery. During the discovery period, parties may serve discovery requests upon one another. These discovery requests are made through one of several available discovery mechanisms including interrogatories, requests for admission, document requests and depositions.

Interrogatories are written discovery requests often utilized to obtain basic information such as names and dates. Any party served with written interrogatories must answer the questions contained therein in writing and under oath. Similarly, requests for admission consist of written statements directed towards an opposing party for the purpose of having the opposing party “admit” or “deny” the statements. Often, these statements seek to establish undisputed facts, authenticate documents and pin an opposing party to a particular position. Document requests are an important component of discovery in which a party may be required to make any relevant and nonprivileged documents available for inspection by the opposing party. Document production will be covered in greater detail in the following section entitled “Document Production.”

The lynchpin of discovery proceedings is the deposition. Depositions are used to obtain the out-of-court testimony of a witness with knowledge relevant to the litigation. They allow a party to discover any relevant information known to a witness and are often the only method of discovery available with regard to obtaining information from witnesses that are not a party to the litigation. During a deposition, the witness is questioned under oath and must answer the questions asked truthfully to the extent that the answer would not lead to the disclosure of privileged information. The rules governing depositions also allow for the deposition of an organization or corporation where a party is unable to identify the particular witness within the organization that may have knowledge of the information sought. In that instance, a party may identify the information sought and the organization will be required to designate a representative to testify on its behalf.

A party served with a discovery request must respond to the request within the specified time period or object to the requested discovery and state reasons for its objection. If, for some reason, a party refuses to respond to a discovery request, the party serving the request may move the court to compel a response. It is within the court’s power to compel a response to a discovery request and impose penalties on a party refusing to comply with a discovery request.

Click Below for previous posts from the Entrepreneur’s Guide to Litigation Blog Series:

© MICHAEL BEST & FRIEDRICH LLP

Implementing Effective Litigation Holds

Posted this week at the National Law Review by Laura Broughton Russell and David L. Woodard of Poyner Spruill LLP – Important things for Employers to Consider about Litigation Holds:

Does your company have an established procedure for issuing timely litigation holds?  Recent court decisions make it clear that employers have a duty to preserve electronically stored information and paper documents they know or should know would be relevant to a current or threatened legal action.  The consequences for failing to do so can be severe.  Events which trigger an employer’s duty to preserve information/documents include, but are not limited to, the following:

  • Receiving notice that the employer is a party to a legal or an administrative proceeding, such as a charge of discrimination;
  • Receiving a letter threatening a claim on behalf of an applicant or current or former employee;
  • A verbal demand from an applicant or current or former employee relating to a legal claim;
  • Other “red flags” exist or a “totality of circumstances” indicate a claim is likely to be made by an  applicant or current or former employee.

A litigation hold notice is best made in writing,  It should instruct recipients to preserve and not destroy (or overwrite) electronically stored information and paper documents that are relevant to current or threatened litigation.

Although the litigation hold notice must be tailored to the facts of each particular situation, at a minimum, it should include the following:

  • Name of the matter or individual involved;
  • Warning of the importance of the hold and the consequences for not complying with it;
  • Direction not to alter or destroy information/documents;
  • Reason for the hold – e.g., legal action;
  • Reason the recipient (see below) is getting the hold notice;
  • Types of information included in the hold and the applicable time period.  (Information subject to the hold could include personnel files and other employment related documents, e-mail and other forms of correspondence and electronically stored information.)
  • Instructions for preserving information/documents;
  • Suspension of any routine document retention/destruction policy;

The hold notice should be issued to all employees reasonably likely to have information relevant to a claim – the “key players” in the matter.  There could also be instances in which outside vendors would also need to be issued a hold notice.

The employer’s IT department should help implement litigation holds, particularly with regard to documents housed or stored in e-mail accounts, or on computers, cell phones PDAs, or on flash drives, as well as with regard to taking control of backup tapes and stopping any automatic overwriting of electronic data.

Finally, employers should enforce litigation holds and, if a violation of the hold is discovered, take prompt action to remedy the violation if possible.  Steps also should be taken to ensure no further violations occur, such as taking disciplinary action up to termination.

Litigation hold notices must be tailored to the facts of each case and should be reviewed by counsel knowledgeable in this area.  If you have a question about litigation hold practices, Poyner Spruill attorneys are experienced in minimizing legal risks through the effective use of litigation holds and are available to assist employers with any of their needs.

© 2011 Poyner Spruill LLP. All rights reserved.

IQPC’s 11th eDiscovery Summit – April 27-29, 2011 San Francisco, CA – Save Big if Registered Before April 1st!

The National Law Review is a proud media partner for IQPC’s 11th eDiscovery Summit – April 27-29, 2011 San Francisco, CA

IQPC’s 11th eDiscovery Summit features hands on sessions and practical instruction to bring back to your eDiscovery teams. You will engage with IT and legal focus groups to candidly discuss anticipated push back issues, observe how different roles within your company approach imminent litigation and put bridging the gap strategies into practice.

It is no secret that you want to reduce the cost of eDiscovery, yet how do you know if you are paying a reasonable price for ESI processing and review? Do not miss this unique opportunity to learn about outside the box pricing structures and benchmark with your peers to gain a realistic picture of fair pricing for electronic information management.

Why attend the 11th eDiscovery Summit?

  • United States District Court Judges share their experiences with companies committing costly electronic discovery mistakes
  • Bridge the gap between IT and legal through a practical exercise with IT and legal focus groups
  • Learn practical steps to create a solid cross-functional eDiscovery team fostering communication and effective workflow between departments
  • Gain valuable metrics to assess the repeatability and defensibility of your eDiscovery procedures
  • Maximize the benefits of social networking and cloud computing without compromising security and increasing risk
  • Earn CLE Credits! Find out more

Registration, Location & Details…..

  • April 27 – 29, 2011 The Hyatt Regency San Francisco, CA

  • Save Big on Registration – if you sign up prior to April 1st
  • For More Information and to Register – Please Click Here:

New Guidelines for Preservation of Electronically Stored Information "ESI" Released; Federal Court Rules that Metadata Subject to FOIA

Recently posted at the National Law Review by Bracewell & Giuliani – some news about Delaware’s Chancery court’s recent publication of  Guidelines for Preservation of Electronically Stored Information and  Judge Shira A. Scheindlin’s  ruling  that metadata is “an integral or intrinsic part of an electronic record, and, consequently, part of the public record that must be produced by the Government in response to Freedom of Information Act (FOIA) requests:  

In an effort to advise parties to a litigation, the Delaware Court of Chancery released last month its Guidelines for Preservation of Electronically Stored Information. The publication of the Guidelines is timely in light of a decision released late last month in Victor Stanley, Inc. v. Creative Pipe, Inc., Civil No. MJG-06-2662 (D. Md. Jan. 24, 2011), where defendants were ordered to pay over $1 million in sanctions for the willful loss and destruction of electronically stored information (ESI).

As a preliminary matter, the Guidelines advise litigants to take all reasonable steps to preserve ESI that is potentially relevant to a litigation and within their possession, custody or control.  This requires the parties and counsel to “develop and oversee a preservation process.” Key to the preservation process is identifying potentially relevant sources of ESI, i.e. custodians and devices, and enacting a litigation hold. Although there is no single definition among the State and Federal Courts for a litigation hold, the Guidelines advise that, at the least, it entails developing well-written instructions for the preservation of ESI that are then distributed to all custodians of potentially relevant ESI.

Just as important is the timing of the litigation hold.  Various courts have found that the duty to preserve potentially relevant documents occurs once litigation is “reasonably anticipated,” not once litigation has commenced. As a result, theGuidelines recommend that, to the extent a litigation hold has not been disseminated before litigation has commenced, counsel should instruct their clients to do so quickly and “to take reasonable steps to act in good faith and with a sense of urgency to avoid the loss, corruption or deletion of potentially relevant ESI.” While the Guidelines note that this may not be sufficient to avoid the imposition of sanctions if potentially relevant ESI is lost or destroyed, the Chancery Court “will consider the good-faith preservation efforts of a party and its counsel.”

Counsel is well-advised to reference the Guidelines in light of the significant increase in the number of motions and awards for e-discovery sanctions. See Dan H. Willoughby, Jr. et al., Sanctions for E-Discovery Violations: By the Numbers, 60 Duke L.J. 789 (2010). In fact, in the past six years, there have been over five cases where sanctions exceeded $5 million, with one leading the pack at $8.8 million. See id. at 814-15.

As noted above, defendants in Victor Stanley were recently ordered to pay over $1 million in sanctions for the willful loss and destruction of ESI. See also Sanctionable Conduct Involving E-Discovery, Bracewell & Giuliani Legal Advisory, dated Sept. 28, 2010. Magistrate Judge Paul W. Grimm found defendants’ acts of spoliation to be so “extraordinary” as to treat them as contempt, pursuant to Federal Rules of Civil Procedure 37(b)(2)(A)(vii). As such, failure to pay the ordered amount within 30 days will subject the owner of the defendant corporation to up to two years of jail time. Not surprisingly, one of the many actions cited by the court that defendants failed to take: enforcing a litigation hold.

In other e-discovery developments, Judge Shira A. Scheindlin of the Southern District of New York, and author of the instructive Zubalake series of opinions, ruled this week that metadata is “an integral or intrinsic part of an electronic record,” and, consequently, part of the public record that must be produced by the Government in response to Freedom of Information Act (FOIA) requests. Nat’l Day Laborer Org. Network v. U.S. Immigration and Customs Enforcement Agency, 10 Civ. 3488 (S.D.N.Y. Feb. 7, 2011). Although the issue had been addressed by several state courts, this was a matter of first impression for a Federal Court. 

Noting that different types of metadata are inherent to different types of electronic records, Judge Scheindlin determined that “metadata maintained by the agency as a part of an electronic record is presumptively producible under FOIA, unless the agency demonstrates that such metadata is not ‘readily producible.'” (Emphasis in original). She further determined that the onus is on the requesting part to specifically request the metadata. However, Judge Scheindlin found that it was “no longer acceptable” for a party to produce “a significant collection of static images of ESI without accompanying load files.” Citing to Federal Rule of Civil Procedure 34 as a source that should inform FOIA productions, Judge Scheindlin’s ruling will likely carry equal weight in the context of civil discovery. 

© 2011 Bracewell & Giuliani LLP

Why We Decided to Become Certified Legal Project Managers

From this week’s Business of Law Guest Bloggers at the National Law ReviewStacy D. Ballin and Mitchell S. Thompson of Squire, Sanders & Demsey LLP insight on the need and the process of becoming a Certified Legal Project Manager: 

On January 7, 2011, in a simple conference call, the two of us struck out upon a new venture that we believe will help us serve our clients better, and might just mark the start of a new and significant trend for law firm partners.

In a kick-off telephone conversation with consultant Jim Hassett of LegalBizDev, we plunged into an innovative program of study in the rapidly growing field of legal project management.

That conversation was the beginning of a six-month distance learning course put together by LegalBizDev that we can complete at our own pace and that leads to the title of Certified Legal Project Manager. We are among the pioneers in this, the first formal program to certify lawyers as legal project managers.

Squire, Sanders & Dempsey LLP is one of the first major legal practices to take project management to a new level. As the co-chairs of Squire Sanders’ Project Management Committee, we are taking the lead in obtaining the certification ourselves and in helping to plan how to spread best practices within the firm.

What does project management have to do with lawyers? Well, pretty much everything.  The world has changed, and clients need more than ever from their law firms. They want their lawyers to partner with them to achieve their business goals and deliver value, not to merely send them a monthly bill showing how many hours have been spent.

Like every other kind of business worldwide, law firms are becoming more cost-effective and efficient in providing their services. It’s no secret that many users of legal services – including the corporations, governments, and nonprofits, big and small, that big law firms serve — have perceived some disconnect between their costs for legal services and the value of those services. This trend has been building since the DuPont Legal Model was launched in the 1990s, and it was accelerated by the recent economic downturn.  Even as the economy improves, however, we expect clients to continue to require greater value than ever from their law firms.

The Association of Corporate Counsel’s Value Challenge is perhaps the best known of several concerted efforts by corporate counsel to improve the methods and tools that law firms use in delivering legal services. Squire Sanders has formally endorsed the Value Challenge, and adopted our own principles in the form of the Squire Sanders Partnering for Worldwide Value Covenant. Our combination with Hammonds LLP, which took effect on January 1, 2011, makes us one of a very small number of global firms that clearly articulates the importance of providing cost-effective services to our clients.

Among the principles that are integral to our covenant are that we will proactively offer our clients alternative fee structures; that we will provide budgets and estimates for each engagement and advise the client immediately if there may be material changes in cost; and that we will continuously work to become more cost-effective in the delivery of our services.

Our enrollment in legal project management certification was directly related to our value covenant. If Squire Sanders is going to live by these ambitious principles, our lawyers must understand project management and put it into practice. Unless law firms understand project management principles and put them into action, there is no way that they can thrive and deliver excellence while pursuing alternative fee structures and providing firmer budgets and estimates on hourly matters.

Project management is a well accepted technique in business and industry. It can be defined as the discipline of planning, organizing, securing, and managing resources to achieve a project’s goals within the constraints of scope, time, and budget. We are convinced that the time has come for its careful application to major legal matters, including large transactions and significant pieces of litigation.

Lawyers will benefit from project management tools because they can improve communication with their clients and focus on clients’ true needs, thereby reducing client risk and delivering greater value. Client will benefit because they can work with lawyers who put client business goals first, use creative ways to provide solutions to client challenges and ensure clients receive the best value for their investment in legal services.

There are many challenges involved in bringing the well-tested tools of project management into the legal world. For example, legal project managers must take into account client-imposed deal deadlines, due diligence requirements, opposing litigation counsel and their tactics, and deadlines and court calendars that are out of a lawyer’s or law firm’s control — but we believe that these obstacles can be overcome.

In our certification program, we will do assigned readings from six leading textbooks in the field of project management and answer a series of probing essay questions. We will focus on eight key issues that lawyers must understand in order to be effective project managers: setting objectives and defining the scope of a project; identifying and scheduling activities; assigning tasks and managing a team; planning and managing a budget; assessing risks; managing quality; managing client communication and expectations; and negotiating changes of scope. All along the way we’ll interact with Jim Hassett and his staff.

At a later stage of the course, we will apply project management concepts to an actual matter on our plates at Squire Sanders. For example, we might be asked to assume that the same situation would arise again but that this time the client insists on a fixed price at a lower total cost with better communication throughout. We will have to solve the problem with our new project management tools.

In that first conversation with Jim Hassett in January, we discussed Squire Sanders’ position in the vanguard of this emerging area and how to maximize the benefits to our clients. In future conversations, we will discuss the most efficient ways to make project management information accessible to other members of our firm so that each lawyer can determine the best way to apply these principles in his or her own practice.  We hope that the program and the certification will help our firm and our clients succeed in this rapidly changing world.

©Squire, Sanders & Dempsey All Rights Reserved 2011

 

 

eDiscovery & Social Media

The National Law Review’s featured guest blogger last week was Meredith L. Williams of  Baker Donelson provides some great insight on discovery issues related to social media sites: 

Social media is not going anywhere, so we must learn to live with it and use it to our advantage and within the confines of the newly articulated and always changing rules.  If ever a doubt, one can look to the Nielson Report (“What Americans Do Online: Social Media and Games Dominate Activity,” Aug. 2, 2010) that states two-thirds of the internet population utilize social media sites.  Internet users now spend more than 10% of their online time on social media sites, and usage is constantly increasing.  With this rise in social media usage, the issues surrounding ediscovery in the realm of social media data is an important consideration of litigation.

The definition of legal discovery is locating all documents that are relevant to support the litigation.  But how does ediscovery work when the content is not owned or controlled by the business? How does a business preserve data that is outside of its firewall? Finally, how does one seek relevant information held on social media sites?

Social media sites are not like email or word processing documents when it comes to preservation. These sites are operated outside of a business’s firewall by a third party. Data is normally scattered on many sites and connected by many people or custodians.  Finally, the retention policy or schedule of a business does not affect data located on social media sites.   When a business maintains social media pages, it has a duty to preserve the data that may be relevant in anticipated or actual litigation.

Seeking information from social media sites can be difficult at best.  Many times discovery of this data must be gained through consent or authorization of a third party, which only causes an extra, and often expensive, burden.  Each third party is different in how it maintains the data, and each has the right to delete any content for violation of its terms of use policy, at any time. That deleted information could be relevant to litigation.

Unfortunately for businesses, the courts are only beginning to outline the duty of preservation and the right to discover the information from social media sites.  The best line of defense for many businesses is to develop internal policies and training programs to educate all employees of the risks of using social media.  In addition, new software now exists that can aid in preserving data.

Duty to Preserve

The 2006 Federal Rules of Civil Procedure amendments changed the discovery rules to allow a party to request “electronically stored information” within the “possession, custody, or control” of the responding party.  A duty to preserve potentially relevant evidence exists when litigation is “reasonably anticipated.”  In addition, parties who fail to preserve electronically stored information (ESI) are subject to penalties. Social media data fits the definition of ESI; thus, businesses must deal with the issue of preserving and possibly producing social media data that falls under their data retention policy.

Due to the fact that social media sites are owned and controlled by third parties, vendors are beginning to develop technology to capture dynamic web pages for preservation.  The first few companies in this market include Iterasi, Smarsh, Arkovi and LiveOffice.  Additionally, Adobe may be used to capture web images in static format.  These are but a few examples of new technologies that businesses are considering to meet their duty to preserve and produce ESI.

Recent Case Law

Additional issues remain – whether the information on social media sites is considered private, whether it is discoverable and whether it is admissible as evidence.  Recent case law has addressed these as yet unanswered issues.

In Guest v. Leis, 255 F.3d 325 (6th Cir. 2001), the court held that there is a lack of expectation of privacy regarding public postings on social media sites.  The user has the right to select privacy preferences on his social media sites.  Certain settings allow the public to see limited information and authorized, connected individuals to have greater access. In addition, many social media site privacy policies specifically state that certain postings are subject to a weakened privacy expectation.  Courts have generally held that when a user makes information available publically via their privacy settings, there is a lower expectation of privacy and, therefore, the information is discoverable.

Jumping ahead to the current year, we find EEOC v. Simply Storage Mgmt., LLC, No. 1:09-cv-1223-WTL-DML (S.D. Ind. May 11, 2010).  In this case, the court compelled production of relevant content from social media sites.  The court discussed discovery of social media site data as simply “requir[ing] the application of basic discovery principles in a novel context.”  The facts of Simply Storage Mgmt, involved the defendant seeking production of social media site profiles and communications from Facebook and MySpace.  The court ordered the plaintiff to produce the content that was relevant to the case.  The plaintiff argued that requiring such production would infringe on his privacy.  However, the court held that the expectation of privacy is not a basis for shielding discovery.  In addition, the court found that any privacy concern therein was lessened due to the fact the information had already been shared.

Earlier this year, Crispin v. Audigier (C.D. Cal.) (May 26, 2010), brought us a new ruling regarding social media and the Stored Communications Act (SCA).  In this case, the court was reluctant to allow discovery of private social media email communications.   The case involved a copyright infringement claim.  Audigier subpoenas the private social media messages of Crispin.  A magistrate judge disagreed with Crispin’s arguments that these communications fell under the SCA, preventing the provider of the messaging service from releasing private communications, because the social media sites messaging services are used solely for public display.  However, the district court reversed the ruling, holding that Facebook and MySpace allow private message or e-mail services which are separate from the general public posting.  This case held that the SCA protects Facebook and MySpace messages that aren’t publicly available.  Therefore, these messages cannot be subpoenaed in civil litigation.  In addition, the court left the door open for further clarification, noting that “Facebook wall postings and the MySpace comments are not strictly ‘public,’ but are accessible only to those users plaintiff selects.”

On the other side of the country, we find a slightly different ruling with Romano v. Steelcase Inc., 2010 WL 3703242 (N.Y. Sup. Ct. Sept. 21, 2010).  TheRomanocourt allowed discovery of an entire social media site with all current and deleted postings.  The court ordered the plaintiff to provide the defendant with access to private postings from two social media sites. The court reasoned that information contradicting the plaintiff’s claims was included on the public sections of the plaintiff’s social media site and, therefore, it was reasonable to believe that the private sections might contain additional relevant information. The court even cited Facebook and MySpace policies, which warn users they should have “no expectation of privacy.”

Even if one is able to surmount the difficult hurtle of obtaining data from a social media site, an equally daunting challenge remains – getting the data admitted.  The main issue with admissibility is authenticity; spam, viruses, hackers and the like make social media sites susceptible to manipulation or fraud.   For this reason, courts have consistently been cautious when admitting social media data. In some cases, judges have become online “friends” with a party in order to authenticate postings, photos, captions and comments. (Barnes v. CUS Nashville, LLC).  Other courts have allowed printed copies with time date stamps to corroborate facts. (Treat v. Tom Kelley Buick Pontiac GMC, Inc.). Finally, some courts have used circumstantial evidence associated with the creation of the data (i.e. metadata and hash tags) to authenticate social media content.  (Lorraine v. Markel Am. Insur. Co.).  Admissability remains  an area of concern as the use of social media data in discovery becomes the norm.

Discovery of Social Media Data

A lawyer must decide early on whether relevant information exists on social media sites.  Within that evaluation, the costs to preserve, collect, review and produce the social media information should be considered.

Start discovery of social media by conducting large sweeping web searches for public social media sites of adverse parties or adverse witnesses.  Many individuals do not lock profiles or use privacy settings; therefore,  all postings, messages, comments, etc. are open to the public.  Preserve the sites with date stamps.

If an individual’s social media sites are set to private, and, therefore, not open to the public, what can a lawyer do?  Many boards of ethics do not allow lawyers to “friend” anyone to gain access to private profiles of information (NY State Bar Association Ethics Opinion 843 (Sept. 10, 2010)). So, instead of friending an individual, use discovery requests.  Start with a document request asking for all postings and messages that are related to and relevant in the litigation.  One can also consider requesting an access wavier to social media sites that allow for complete access to the site.  LinkedIn has a standard wavier located on its site. Finally, ask for all social media identifications used by the adverse party in an interrogatory.  Regardless of what direction taken, social media should be a part of the ediscovery process.

Conclusion

In conclusion, a business should take inventory of what social media sites are being used within the organization.  Then, set policies to help educate all employees of the risks regarding social media usage.  Finally, decide if backup software is needed to help with preservation and production of the business’s own social media data.  Regardless of retention schedule taken with social media, plan to always show the court that you’ve done your best, which is all that is expected.

For lawyers, be prepared to incorporate social media into an edisovery plan.  Start early within the litigation.  Draft standard document requests, waiver forms or interogatories around social media production.  Finally, be aware of the changing legal landscape on privacy, discoverability and admissibility, as these areas will continue to change, more and more rapidly in the future.

©2010 Baker, Donelson, Bearman, Caldwell & Berkowitz, PC. All Rights Reserved.

Search and You’ll Be Found – Two Recent Lawsuits Allege that ISP's Violated Privacy by Sharing Referrer Data.

From the National Law Review’s Featured Guest Blogger(s) this week  Damon E. Dunn and Seth A. Stern of Funkhouser Vegosen Liebman & Dunn Ltd – some interesting insight on some recent lawsuits pending against Google and Facebook:  

Two recent lawsuits allege that internet service providers violated users’ privacy by sharing “referrer data” containing potentially identifying information.

A former technologist with the Federal Trade Commission filed a privacy complaint(link via WSJ) against Google with his ex-employer.   The complaint alleges that Google does not allow users to easily prevent transmission of information that allows website operators to determine the search terms used to access their sites.  It claims that this constitutes a deceptive business practice by Google because “if consumers knew that their search queries are being widely shared with third parties, they would be less likely to use Google.”

According to the complaint, Google search URLs contain the user’s search terms, and when users click on a search result the webmaster of that site can see the terms used to access it.   The complaint alleges that this conflicts with Google’sPrivacy Policy and cites to Google’s court admissions that search queries may reveal “personally identifying information” and that consumers trust Google to keep their information private.

Google has allegedly tested products that deleted search terms from the referrer data visible to webmasters but discontinued them after receiving complaints and posted reassurances that search terms would remain visible. Apparently Google now offers an SSL encrypted search engine at https://www.google.com which protects search terms from being intercepted, but the complaint notes that this is not the default setting and it is not linked from the regular Google site.  It also notes that Google provides search term protection to Gmail users searching their inboxes.

The merits of the complaint may hinge on whether search terms should be considered “personal information.”  The complaint notes that the New York Times was able to indentify supposedly anonymous AOL searchers in 2006 when AOL leaked a dataset of search queries.

The second suit alleges that, from February through May, Facebook transmitted referrer information to advertisers about users who clicked on their ads.  It alleges violations of the federal Electronic Communications Privacy Act and Stored Communications Act as well as California computer privacy and unfair competition laws and common law claims of breach of contract and unjust enrichment.

The suit claims that “Facebook has caused users’ browsers to send Referrer Header transmissions that report the user ID or username of the user who clicked an ad, as well as the page the user was viewing just prior to clicking the ad . . . For example, if one Facebook user viewed another user’s profile, the resulting Referrer Headers would report both the username or user ID of the person whose profile was viewed, and the username or user ID of the person viewing that profile.”

As in the Google complaint discussed above, the plaintiffs allege that Facebooks actions violate its privacy policy (which allegedly states “we never share your personal information with our advertisers”) and other representations to users as well as state and federal privacy laws.   The amended complaint may be stronger than the suit against Google because referring Facebook pages, unlike Google searches, are often highly personalized and contain the Facebook user’s name.  Facebook allegedly stopped embedding referrer data in May after media accounts exposed the practice.

Although some tech executives have been quick to sound the death knell for online privacy, consumers – even those who are products of the Internet generation – continue to disagree.   A recent poll shows that 85 percent of teens believe social media sites should obtain their permission before using their information for marketing purposes.

Excerpted from FVLD’s blog, http://www.postorperish.com, which regularly discusses these and other issues facing online publishers.

© Copyright 1999-2010, Funkhouser Vegosen Liebman & Dunn Ltd. All rights reserved.

 

The Ten Commandments of Drafting a Social Networking Policy

The National Law Review’s featured Guest Bloggers this week are from Steptoe & Johnson PLLC. Vanessa L. Goddard provides some concrete do’s and don’ts for drafting a company Social Media policy.  Read on:

You’ve probably heard this “fact”: if Facebook was a country, it would be the fourth largest country in the world! Web 2.0 has infiltrated every aspect of our lives, including the workplace. As a result, most lawsuits in which employers become mired are fraught with electronic data issues. To guard against a wide range of legal claims, as well as reap the benefits of a global marketplace, many employers are instituting social networking policies. But, as with any policy, a social networking policy must be carefully drafted to meet your business needs. With that, I introduce to you the 10 Commandments of drafting a social networking policy:

NUMBER ONE: Thou shalt NOT use a sample policy pulled willy-nilly from the Internet.

While your search results will pull up dozens of fine looking policies, you won’t know who wrote them, the legal jurisdiction from which they hale, or the business interests the policy seeks to promote. Many times, a bad policy is worse than no policy at all.

NUMBER TWO: Thou SHALT work in harmony to craft a policy appropriate for your business.

If you decide that a social networking policy is appropriate for your business (and it may not be), the combined cooperation of your IT department, human resources, legal, and company decision-makers is necessary to formulate an effective policy.

NUMBER THREE: Thou SHALT know the risks and guard against them.

Employee use of social networking media can have wide-ranging legal ramifications for employers. Possible claims include: harassment, discrimination, defamation, invasion of privacy, and a variety of statutory violations.

NUMBER FOUR: Thou SHALT proclaim that the eye of the employer sees all.

Notify employees that they have no expectation of privacy in their use of company technology, that their activities should be work related only, and that their communications may be accessed at any time.

NUMBER FIVE: Thou shalt NOT take the name of the employer in vain.

The policy should require disclaimers be used indicating that the opinions stated therein are those of the employee and not the employer.

NUMBER SIX: Thou SHALT respect thy co-workers, customers, competitors, and employer.

Require employees to act respectfully in their social networking/blogging activities. Provide guidance on what is and what is not appropriate behavior.

NUMBER SEVEN: Thou shalt NOT steal or do other really bad things with your employer’s computer.

The policy should prohibit disclosure of confidential information, the use of legally-protected/copyrighted information, and the dissemination of personal information of co-workers.

NUMBER EIGHT: Thou SHALT know the consequences of thy actions.

Inform your employees that their social networking activities on the job are subject to all company policies and explain the consequences of violating your social networking policy.

NUMBER NINE: Thou SHALT spread the word throughout the masses.

Distribute the policy. Have your employees sign off on their receipt and understanding of the policy. Provide training on the policy.

NUMBER TEN: Thou shalt NOT commit random acts of destruction.

You MUST ensure that your litigation hold policy incorporates procedures and methodologies to capture and preserve social networking data in the event of litigation.

© 2010 Steptoe & Johnson PLLC All Rights Reserved

About the Author:

Vanessa Goddard’s primary focus is in the area of labor and employment law. She has been involved in representing clients in various employment cases, including sexual harassment, deliberate intent, age, race, and disability discrimination, wrongful discharge, and various other employment-related torts. She is admitted to various state and federal courts as well as the Third Circuit Court of Appeals and Fourth Circuit Court of Appeals.  304-598-8158 /www.steptoe-johnson.com

Protecting Tax Documents after United States v. Deloitte

This week’s National Law Review featured blogger is Matthew D. Lerner of Steptoe & Johnson LLP who provides some great tips on how to manage tax documents to best prepare for legal action. 

A recent appeals court decision provides the latest development in the ongoing battle between taxpayers and the IRS regarding the disclosure of tax workpapers.  It also provides hope that work product protections may still be available for litigation analyses that a company’s attest auditors review in preparing financial statements.[i] Typically, taxpayers claim that certain workpapers are protected by the work product doctrine because they contain analysis of potential tax issues raised by transactions in anticipation of future litigation with the IRS over those issues.  The IRS asserts that these workpapers are used to prepare financial statements and should not be subject to protection either because they are not prepared in anticipation of litigation or because they are disclosed to third party auditors, thus waiving any protection.

On June 29, 2010, the D.C. Circuit became the latest court to address this controversy in a matter that involved documents prepared by, or in the possession of, the accounting firm Deloitte LLP (then known as Deloitte & Touche LLP) (“Deloitte”).  In this case, the United States sought to compel Deloitte to produce two categories of documents related to a civil tax refund case brought by partnerships formed by subsidiaries of the Dow Chemical Company (“Dow”) (the partnerships are referred to as the Chemtech partnerships or “Chemtech”).   The first category included three documents Deloitte withheld on the basis of privileges asserted by Dow, including (i) a June 2005 tax opinion related to Chemtech; (ii) a September 1998 legal and tax analysis provided to Deloitte by an in-house attorney at Dow; and (iii) a July 1993 internal Deloitte memorandum recording thoughts and impressions of Dow’s attorneys concerning tax issues related to Chemtech.  The second category of documents included all responsive documents maintained at Deloitte’s affiliate in Zurich, Switzerland ( “Deloitte Switzerland”).

At the trial court level, the District Court for the District of Columbia held that the three documents in the first category were protected from disclosure by the work product doctrine because they were prepared in anticipation of future litigation over the tax treatment of Chemtech.[2]  The court held that the protection was not waived by disclosure to Deloitte because Deloitte, as Dow’s independent auditor, was not a potential adversary, and no evidence suggested that it was unreasonable for Dow to expect Deloitte to maintain confidentiality.

The trial court also denied the motion to compel with respect to the second category of documents.  The court held that Deloitte did not have sufficient control over the documents maintained at Deloitte Switzerland to enable their production.  The court stated that the government failed to establish that Deloitte had the “legal right, authority or ability to obtain documents upon demand” from Deloitte Switzerland.  The court determined, “Close cooperation on a specific project does not per se, establish an ability, let alone a legal right or authority, on [Deloitte’s] part to acquire documents maintained solely by a legally distinct entity.”

The United States appealed the District Court’s decision with respect to the three documents in the first category withheld by Deloitte: (i) the June 2005 tax opinion related to Chemtech; (ii) the September 1998 legal and tax analysis provided by an in-house attorney at Dow; and (iii) the July 1993 internal Deloitte memorandum recording thoughts and impressions of Dow’s attorneys concerning tax issues related to Chemtech.[3]

The government argued that the 1993 internal Deloitte memorandum was not work product because (i) it was prepared by Deloitte, not Dow or Dow’s counsel; and (ii) it was generated as part of the audit process, not in anticipation of litigation.  The D.C. Circuit rejected the government’s categorical arguments with respect to the first document prepared by Deloitte.  The court stated that Deloitte’s preparation of the document does not exclude the possibility that it contains Dow’s work product.  The court also stated that a document can contain protected work product material even though it serves multiple purposes, so long as the protected material was prepared because of the prospect of litigation.  However, the court determined that the District Court did not have a sufficient evidentiary foundation for its holding that the Deloitte memorandum was purely work product.  The court therefore remanded so that the District Court could conduct an in camera review of the document and determine whether it was entirely work product, or whether a partial or redacted version of the document could be disclosed.

The government also argued that the other two documents were not protected from disclosure because Dow waived work product protection by disclosing the documents to Deloitte. The D.C. Circuit rejected this argument and concluded that (i) Deloitte was not a potential adversary with respect to the litigation that the documents address and (ii) Deloitte was not a conduit to potential adversaries because Dow had a reasonable expectation of privacy as a result of Deloitte’s obligation to refrain from disclosing confidential information.

The Appeals court decision makes clear that some documents that become part of the tax audit workpapers do retain work product protection, even if disclosed to financial auditors to assist in the preparation of financial statements.  However, it is also evident from this decision that such work product claims will likely continue to be challenged by the IRS and heavily scrutinized by the courts.  Accordingly, it is imperative that taxpayers take as many precautions as possible to preserve work product protection, as well as attorney-client privilege, with respect to sensitive analysis contained in tax workpapers. 

Taxpayers must understand that proving work product generally involves common sense.  One trying to prove that a document was prepared in anticipation of litigation should ask herself what steps would indicate to a court that litigation truly was expected and this document was prepared for that purpose.  What follows is a series of suggestions to help preserve such protection to the extent possible. 

1.  Get Counsel Involved.

To preserve privilege, be certain to include counsel meaningfully in communications regarding legal issues, and document counsel’s substantive role in these communications.  While an attorney’s involvement is not legally required to make something work product in most jurisdictions, as an evidentiary matter, it helps to establish an anticipation of litigation and indicates that an issue is being treated as more than just an item for audit.  Coordinate with the company’s General Counsel with respect to sensitive tax documents to avoid waiver of work product with respect to those documents through disclosure in other litigation.   At the same time, be careful to avoid asserting inappropriate claims of protection on documents.  An inappropriate claim of privilege risks waiver of privilege with respect to documents that otherwise would be privileged with respect to the same issue.  Inappropriate privilege claims can also damage your credibility and result in higher tensions and increased controversy over what should be “routine” privilege claims.

2.  Formalize a Tax Litigation Group.

Creating a formal tax litigation group within the company can help to identify tax controversy matters more clearly and separate issues that are anticipated to result in litigation.  Such a group should advise the company on the conduct of tax controversies and litigation.  In this primary role, the group should give advice to the company regarding whether and how to proceed in litigation, whether to settle, and what settlement terms to propose or accept.   Secondarily, the company may use the group’s hazards-of-litigation advice in establishing financial statement tax reserves.

It is preferable that the group’s leader be an attorney responsible for managing tax litigation and have at least a dotted line reporting relationship to the law department (to enjoy a presumption that the attorney-client privilege applies as well).  The group should exclude the persons whose responsibilities are solely the preparation of financial statements.

This does not require hiring new personnel or re-assigning people to a new tax controversy position.  The group may be composed of people with other job responsibilities.  It is really a “part-time” committee of people with related roles.  The key is that decisions about which matters litigation may be expected for come in the setting of this separate group’s meetings or consideration, that the group members separately perform this function, and that they document their conclusions and clearly identify issues for which more than a mere audit is expected.  In the group’s analyses, it must be careful not to suggest that the company believes its position is wrong and that is why litigation is expected.  Document only that the IRS, given its policies and positions, is expected to challenge the company on the issue and the company intends to fight.[4]

 3.  Control Who Creates Documents.

If the company has a tax litigation group, sensitive analysis of tax issues should be confined to documents created at the direction of, and under the control and supervision of, the group’s leader.  If not, they should be prepared by someone with a key role and responsibilities regarding tax controversy decisions.  Such documents should indicate that they are prepared by attorneys or tax practitioners and that they are prepared at the request of the group leader for litigation purposes.  Take care not to attach these labels to other documents or that label will cease to have meaning and potentially be used to argue that a waiver of privilege or work product protection has occurred with respect to other documents.  Do not combine these work product analyses with non-work product discussions.

4.  Create Only Defined Types of Documents.

Categorizing your documents and establishing guidelines for what types of analysis should be included in each category can help confine sensitive legal analysis to litigation-oriented documents that are most entitled to privilege and work product protection.  When creating documents, separate legal analysis from non-privileged information, including: (i) business advice; (ii) tax reserve numbers and calculations; and (iii) other advice not intended to remain confidential.   Create specific documents for disclosure outside the group that are limited to only hazards-of-litigation percentages and only aggregate reserve information.[5] 

5.  Control How Documents Are Labeled

Documents should be labeled, as appropriate, to state that they contain confidential legal advice, subject to privilege and protected by the work product doctrine.  While not legally required, attaching a work product label to a document intended as such provides evidence of the company’s intent with respect to that document.  Likewise, be careful not to label business advice, tax return advice, or other advice not intended to be confidential, as privileged or protected.  If one overuses labels, the labels lose credibility even when properly attached, and may be ignored by a court in its analysis.  At the same time, also take care not to label documents containing legal analysis and advice as documents that relate to tax reserve analysis or tax contingency analysis.

6.  Control Access to Documents Inside the Company

The wider the distribution of a document, the more likely it is that a court will find there has been a waiver with respect to attorney-client privilege or work product protection.  Because one of the indicia of privilege or work product is the care with which a document is handled, common sense dictates that a court will look askance at claims for protection of documents that were made widely available within the company to people whose jobs did not require their access to those materials.  Accordingly, only disclose legal documents with respect to an issue to other employees/officers on a need-to-know basis.  Also, to the extent possible, try to avoid “broadcast” emails and limit email “chains” related to documents.  Each e-mail and response to an e-mail generates a copy of the document and increases the risk of waiver.  When storing documents, separate and clearly mark legal documents.  This not only protects against waiver, but can demonstrate intent to keep the information confidential.  Keep in mind that no protections attach to business advice documents, so store business documents in a separate location from the legal documents.

 7.  Enact and Follow Policies to Identify Anticipated Litigation

It is critical to prove that litigation was anticipated with respect to an issue in order to establish work product protection for documents that contain analysis of that issue.  General litigation policies can be used effectively as “designation” tools to identify issues for which litigation is anticipated clearly.  For example, make use of document hold requests to communicate that litigation is anticipated.  Consider formal guidelines that certain counsel must be involved in issues expected to result in litigation, and then include such counsel only when litigation is expected.  When enacting such general policies, be cognizant of the fact that the presence of a general policy and the absence of its application in a specific case can create a negative inference.  Thus, if a company has a general policy that documents related to issues for which litigation is anticipated are made subject to a litigation hold, then the absence of a litigation hold with respect to documents related to another issue may be used to demonstrate that litigation was not anticipated with respect to that issue.[6]  As a result, the tax department must apply a litigation hold to those documents relating to any issue for which the company is claiming to anticipate litigation Likewise, if company policy dictates that the General Counsel must approve litigation-related decisions (e.g. budget, choice of counsel), be sure those policies are followed for potential tax litigation.

8.  Work With Your Auditors and Other Third Parties to Protect Work Product

Interactions with auditors and other third parties create significant risks that material that would otherwise be subject to privilege or work product protection will lose that protection as a result of waiver.  Accordingly, take steps to work with your auditors and other third parties to develop a good relationship and preserve protection where possible. 

For example, many times accountants are hired not as auditors but to provide specific support in connection with a tax issue.  In those instances, enter into written agreements through counsel with third-party consultants to whom you wish to disclose privileged information (e.g., so-called Kovel arrangements), so that their work is performed under the direction and control of counsel.  Such a step makes the assertion of attorney-client privilege possible for communications with the consultant, and provides strong evidence of the anticipation of litigation.  Be aware of the potential limitations of the accountant-client privilege, particularly when considering whether to disclose sensitive documents in the context of the preparation of an opinion letter.  Request that your attest auditors’ engagement letter include a specific confirmation that those accountants must and will maintain confidentiality of your documents to the fullest extent allowed by law.  It may also be helpful to have the engagement letter acknowledge that the relationship between company and auditor is non-adversarial and the two expect to work together cooperatively. Where possible, have auditors review key documents but not take copies.  While that has no direct, legal effect on whether a protection is actually waived, it can bolster a claim that you took all possible steps to avoid wider dissemination by keeping control of the actual document, which is a key element of proving work product protection should apply.  Ask that your auditors specifically note when a conclusion in their workpapers was derived from documents prepared by the company as litigation analyses.  Finally, do not prepare separate documents directly for the auditors that discuss litigation analysis.  While a decision regarding work product should be based on the purpose for which the underlying analysis was prepared, not the specific documents, the recent decisions suggest that it is easier to preserve work product protection when the document itself was prepared for the purpose of litigation.

9.  Negotiate Disclosures with the IRS

After taking some or all of the above steps above to preserve protection of documents, take steps to prevent inadvertent disclosure to the IRS of protected documents.  Require approval of the group’s leader before documents are disclosed to the Service or establish some other formal screening process to prevent disclosures that could result in a waiver of privilege.  When withholding documents subject to protection, prepare a detailed privilege log, stating the specific grounds that support the claim for privilege and protection of each document withheld.

It is inevitable that there will be disagreements about the scope of protection afforded specific documents.  Try to manage the disclosure process to minimize the scope and intensity of these disagreements.  Be candid with the IRS about your concerns, try to get overbroad demands for protected materials scaled back, work quickly to provide responsive, non-protected materials, and be reasonable about the scope of your privilege claims.  Doing this can help establish a cooperative relationship with the IRS and focus the controversy, if any, on the most protected documents. Likewise, consider disclosing the least confidential documents to the Service.  For example, disclose to the Service those documents that contain no legal analysis or advice.  Where there is protected material the IRS really wants that the company is willing to disclose, attempt to negotiate a written agreement that the disclosure of that document will not waive privilege or work product protection more broadly.  If, after all this, controversy about a protection still arises, the fact of your cooperation and efforts to comply as much as possible may influence either the IRS’s decision to seek the documents through judicial proceedings, or the judge’s view of the matter.  Force the IRS to determine whether it wishes to press the issue against a taxpayer that has cooperated, but that has taken careful steps to create and maintain confidential documents.

The confines of the work product doctrine in the tax context are still being defined.  These suggested steps will help you best position your company to obtain the maximum protection.  As you consider the creation of materials, ask yourself “does this step help show that we really did anticipate litigation and that this document was created for that purpose.”   That is what a court may be called on to determine, and you want the record to demonstrate that the answer is yes.


[1] This is important because the review of such documents by third party auditors waives attorney-client privilege, the other common protection for sensitive materials.

[2] United States v. Deloitte, Case No. 08-411 (D. D.C. June 8, 2009).

[3] United States v. Deloitte, No. 09-5171, (D.C. Cir. June 29, 2010)

[4] Although not free from doubt, it is generally believed that the expectation of having an issue be unagreed and go to IRS Appeals is sufficient to show “an expectation of litigation.”

[5] Understand that there is a tension between protecting the attorney-client privilege and the work product protection.  Providing your accountant with a privileged document prepared in anticipation of litigation may result in a broad attorney-client privilege waiver, but it is more likely the document will be viewed as work product than a document drafted especially for the auditor.  Given the broad scope of auditors’ need for information and the fact that the document prepared for an auditor likely reveals privileged communications anyway and thus waives attorney-client privilege, many companies are placing more of their eggs in the work product basket.   

[6] A litigation hold consists of formal notification of the likelihood of litigation to personnel whose files may contain relevant information, and the implementation of document preservation steps to make certain those materials are not discarded.

© 2010 STEPTOE & JOHNSON LLP, ALL RIGHTS RESERVED

About the Author:

Matthew D. Lerner is a partner in the Washington-based law firm of Steptoe & Johnson LLP, where he is a member of the Litigation and Business Solutions Departments. He represents both corporations and high net worth individuals involved in tax controversies, from pre-audit advice about transaction documentation, file organization and privilege protection, to representation during IRS audits and appeals, through litigation in the Federal Courts. His experience is broad and includes cases involving repair and rehabilitation expenses, asset classification for depreciation purposes, losses from trading in securities and derivatives, corporate restructuring, domestic production activities, international intercorporate transactions, foreign tax credits, tax accounting method questions, and valuation issues. Matt also advises clients facing legal and public relations crises, coordinating responses to congressional inquiries, criminal investigations, civil litigation, public relations scrutiny, and agency review. 

Matt received his J.D. from Harvard Law School, magna cum laude, and was editor of Harvard Law Review. He received his A.B. from Amherst College, Phi Beta Kappa. 202-429-8024 /  www.Steptoe.com