Ride the Lightning

Roundup of Thoughts on the Enron Data Set PII

May 6, 2013

There was a lot of discussion, private and public, after I covered last week's announcement by BeyondRecognition's CEO John Martin that he had discovered a lot of personally identifiable information in the Enron dataset.

Monica Bay penned a nice roundup of thoughts in Law Technology News.

EDRM's George Socha was among many, including our friend Craig Ball, to note that the fact that the Enron material had personally identifiable information was well known to many. Most of those who knew it worked with the data – which I (and so many others) have not – so to us it was a revelation.

FERC determined that releasing the data was in the public interest outweighing the PII exposure risk. But both Socha and Ken Withers, director of judicial education at The Sedona Conference, noted that the privacy lens of 2013 might be different than that of 2003. Withers said that "Americans are increasing concerned with personal privacy . . . . While the legal standards for approving a discovery protective order or a sealing order for court documents remain the same, the context has dramatically changed in the past few years, such that the calculus of 'good cause' in the former situation or 'compelling interest' in the latter may be different in 2013 than in 2003. It may be time to update the Sedona Guidelines on Confidentiality and Public Access."

Clearly, people do believe that having the PII available is problematic, because Socha stated that EDRM  has already been working with Nuix to remove the PII. Nuix's CEO Eddie Sheehy stated that EDRM removed the dataset from its site last year due to the presence of PII and a cleansed version of the sandbox is expected to be released later this month. Deborah Baron, Chief Marketing Officer of Nuix, said that more than 10,000 high risk documents have been removed (not simply redacted) from the dataset. She also said that Nuix will also support the hosting of the data and will share with the community the methodology developed by the Nuix team.

In the end, it became apparent that a good number of people knew about the PII. However, Martin's "discovery" was unknown to many – including me. Others in the EDD field wrote to concur that they too had not known about the PII. The story generated a lot of discussion – and that's a good thing. As valuable as the Enron dataset is, I agree with Withers that the legal outcome might differ today.

I want to thank all who wrote and called. I received an outpouring of education which was sorely needed and quickly became apparent.

My brief distillation of the dataset's history is this:

FERC determined that the publicinterest in publishing the data outweighed the PII exposure risk.

Enron petitioned the FifthCircuit for a Writ of Mandamus to suppress publication.

The Fifth Circuit denied theWrit.

It granted a stay which provedmoot when the parties apparently reached agreement and Enron dismissed itsappeal.

FERC re-released the datasetafter removing several thousand of the PII documents identified by Enron.

While the court may not havespecifically blessed the release of the dataset, it was aware of the PII whenit denied Enron’s effort to block it.

There's a lot more to it, but that's the digestible version.

And there you have it. Let the discussion continue – we are all better informed for having these conversations.