Every week, the Array team reviews the latest news and analysis about the evolving field of eDiscovery to bring you the topics and trends you need to know. This week’s post covers the period of February 16-22. Here’s what’s happening.
Third-Party Requests and the Stored Communications Act
As more data is moved into the cloud, the likelihood of encountering the Stored Communications Act when requesting data from third-party sources increases. On her eDiscovery Assistant blog, Kelly Twigger covers a decision in Sihler v. Microsoft that outlines some important reminders and tips when requesting documents that fall under this law.
The matter involves a third-party subpoena served on Microsoft to compel the production of documents related to an underlying action regarding an alleged scheme to defraud customers though the sale of sham weight loss pills. The plaintiffs allege that defendants orchestrated the scheme through conversations on Skype, an IP-based voice communications and messaging app owned by Microsoft. While those conversations would be relevant to the matter, the Stored Communications Act prohibits disclosure of communications without “the lawful consent of the originator or an addressee or intended recipient of such communication, or the subscriber in the case of a remote computing service.”
Plaintiffs made an initial motion to compel, which was granted, however Microsoft questioned whether the “lawful consent” exception to the SCA had been met, raising questions regarding the lack of verification of the Skype account owner, one of the defendants in the alleged fraud matter. Plaintiffs submitted a declaration from that defendant in which he identified his Skype screen name and provided screenshots of Skype chats and names and screen IDs of individuals he communicated with. In addition, the defendant declares: “This consent to production applies without regard to whether I have been removed from the chat or conversation or have cleared the chat or conversation history or otherwise no longer have access to the chats or conversations in question.” and “I hereby declare the above statements are true and correct under the penalty of perjury under Federal law.” Microsoft wanted additional information to verify the defendant’s account and provide consent and the petitioners resubmitted Microsoft’s verification form, however Microsoft said, “unbeknownst to the court,” that the second consent form failed its verification process.
Plaintiffs argued the SCA does not require consent to be verified on the data host’s preferred form, and the court found that Microsoft failed to raise the consent form issue in a timely manner. The court notes that the SCA doesn’t provide guidance on what “lawful consent” means and that caselaw provides little guidance. While not purporting to create a rule or standard, the court found the petitioner had made a sufficient showing: “[The] declaration identifies himself and his Skype account, explicitly consents to Respondent’s disclosure of his communications … and is authored under penalty of perjury. … This case is thus like cases where lawful consent was held to be established outside of a service provider’s own required process,” citing In re Akhmedova.
Two key points emerge from this decision: One is that while the bar on establishing “lawful consent” is not firm, the plaintiffs showed that they took reasonable steps to convince a court that disclosure of data by a third party would not be prohibited under the SCA in this case. The second is that while data providers may have their own requirements for account verification, caselaw shows that “lawful consent” can be established even if a provider’s preferred verification process isn’t followed.
eDiscovery Insights in This Year’s General Counsel Report
Nearly 9 out of 10 general counsel interviewed for the 2025 General Counsel Report by FTI Consulting, Inc. and Relativity say they are concerned about the risks of emerging data sources such as collaboration applications, linked content and cloud productivity platforms. Among the 88% who said they are concerned, 59% classified their concern as high or extreme. In addition, 57% have experienced new compliance challenges related to emerging data sources and 65% said they are minimally prepared or not prepared at all to handle issues related to emerging data sources.
The report also covers general counsel concerns about AI: 12% of GCs interviewed say data collection and discovery response regarding AI is a main concern. One general counsel said, “The issue is protecting your IP and information. It is also hard to regulate the usage of these tools and govern the information it consumes.”
To alleviate these kinds of concerns, organizations should revisit their Information Governance plan and internal policies and procedures around the usage, retention and eventual export of these kinds of data sources, bringing in their eDiscovery technology partner to aid in the planning. After all, it’s better to plan for how the organization will handle these data sources well in advance of any litigation rather than be blindsided during a stressful situation when a legal action is imminent.
Other recent eDiscovery news and headlines:
- Generative AI in Legal: The Basics of How to Keep Pace with Change (Relativity Blog)
- From automation to generative AI, how e-discovery tools are evolving (ABA Journal)
Julia Helmer; Director, Client Solutions
With 15 years of expertise, Julia excels at optimizing enterprise eDiscovery workflows from start to finish. With a deep understanding of how to seamlessly integrate workflows across various eDiscovery platforms, Julia creates tailored solutions for data identification, legal holds, ESI collections, and productions. By harnessing the power of Technology Assisted Review and Analytics, she delivers efficient, cost-effective results that align with best practices and budgetary constraints. Julia’s exceptional communication and customer service skills have fostered strong, lasting relationships with both clients and Project Management teams, enabling her to effectively problem-solve and drive success across numerous projects.
