Category Archives: Corporations

Case Law: eDiscovery Isn’t About DIY but Collaboration

eDiscovery Collaboration

Case Law: eDiscovery Isn’t About DIY but Collaboration

JD Supra Readers Choice Top Author 2020Written by Jim Gill
Content Chief, Ipro

Do-It-Yourself eDiscovery?

Often we think the goal of technology is to allow us to do things ourselves which before required training or expertise. Digital photography is a great example. The photos and video most of us can take with our phones today require much less skill and a much lower cost to produce than when film was the only option. Not to say there isn’t a high level of expertise involved in creating the best digital photography, but technology does so much when it comes to leveling the playing field for the amateur.

This mindset, however, does not apply to eDiscovery, particularly when it comes to the self-collection of electronically stored information (ESI). It’s not that custodians can’t self-collect, because, like digital photography, technology allows pretty much anyone the ability to do so. It’s more a question of should you self-collect.

Florida Magistrate Judge William Matthewman’s ruling on E.E.O.C. v. M1 5100 Corp. earlier this year was a clear reminder that collection without the supervision of counsel is not acceptable. According to the summary of this age discrimination case by Doug Austin, editor-in-chief of eDiscovery today, “defense counsel allowed two employees of the client to identify and collect ESI” in response to requests for production “with no oversight from counsel at all,” even though they signed off on the RFP, which violated FRCP Rule 26(g).

“The Court is not impressed”

Citing previous case law [In re Abilify (N.D. Fla. Dec. 7, 2017)] which states “self-collection by a layperson of information on an electronic device is highly problematic and raises a real risk that data could be destroyed or corrupted,” Judge Matthewman wrote in his ruling:

“In the case at hand, it is very clear that Defendant’s employees self-collected ESI in order to respond to Plaintiff’s document requests without sufficient attorney knowledge, participation, and counsel…. And, the Court is not impressed by the repeated delays in production that have occurred in this case by Defendant.”

What comes next has become a long-standing trend in eDiscovery case law: the courts pushing for both parties working together in order to properly produce the requested ESI. Judge Matthewman writes, “The discovery process, particularly when ESI is involved, is intended to be collaborative,” but again warns that discovery must be supervised by counsel. He then concludes the ruling by noting the extraordinary times the COVID pandemic has put on everyone and gives the benefit of the doubt to the Defendant’s counsel that they didn’t act in bad faith, but states the “Court does not want to see these problems continue. The Court also directs Defendant’s counsel to impress upon Defendant that it must promptly respond to discovery or it will be subject to sanctions. The Court expects to see no more discovery delays.”

Technology Should Enable Collaboration

The first Federal Rule of Civil Procedure says the overall goal is a “just, speedy, and inexpensive” resolution to disputes. Too often, technology focuses on speed and cost-savings, which are important; however, in the end the most important is justice.

5 years ago now in the 2015 Year-End Report on the Federal Judiciary, US Supreme Court Chief Justice John Roberts stated:

“Lawyers—though representing adverse parties—have an affirmative duty to work together, and with the court, to achieve prompt and efficient resolutions of disputes…. They have an obligation to their clients, and to the justice system, to avoid antagonistic tactics, wasteful procedural maneuvers, and teetering brinksmanship.”

In light of these statements and the continued holding up of cooperation and collaboration by the courts, eDiscovery technology should be created with a focus on how it enables collaboration between all stakeholders. Between law firms and their clients. Between in-house counsel, outside counsel, and any 3rd party vendors that may have been employed. And, maybe most importantly, between opposing parties.

 

Check out these on-demand demonstrations for an in-depth look at how Ipro’s eDiscovery and Information Governance solutions enable collaboration!

Business Stakeholders and the Information Governance Reference Model (IGRM)

Business Stakeholders IGRM

Business Stakeholders and the Information Governance Reference Model (IGRM)
Written by Doug Austin, Editor of eDiscovery Today

Last month, I introduced a new blog series on the Ipro blog called Considering the 5 Stakeholder Groups of the Information Governance Reference Model (IGRM) and I set the stage for the series by discussing the IGRM model in general, the complexity of information to be managed by organizations today and identified the five stakeholder groups.  The past four weeks, I’ve reviewed Legal stakeholders, Records and information management (RIM) stakeholders, Information Technology (IT) stakeholders and Privacy & Security stakeholders.  This week, I conclude the series by focusing on the Business stakeholders.

Business Stakeholder Information Needs

Let’s face it – in the IGRM model (as the white paper issued by EDRM regarding the release of IGRM v3.0 illustrates), business stakeholders are primarily responsible for one thing – profit.  As a result, business stakeholders are very invested in using information that enables the organization to drive up profits overall.  If the value of that information expires, business stakeholders could lose interest in managing it, cleaning it up, or paying for it to be stored. In other words, business stakeholders are users of the information that drives the business and determines the success of the business.  It’s important for an organization to balance efficiency of governing information with the need for business stakeholders to use that information effectively to meet the profit goals of the business itself.  It’s that balancing act that comprises the challenge to maintaining information important to the business for as long as the information is needed while being prepared to discard it as soon as it’s redundant, obsolete and/or trivial (ROT) and should be disposed.

Business stakeholder units include:

  • Sales: Certainly, an organization’s sales team is managing very important information within an organization. They keep track of an organization’s sales pipeline and information about not only customers with which they do business, but also prospects with which they hope to do business.  All of these customers and prospects have (whether they are individuals or organizations) have data that needs to be protected – especially in these days of increased data privacy requirements.  Customer relationship management (CRM) solutions have become a vital part of any organization’s management of their customers and prospects and many of the most popular solutions are cloud-based, such as SalesForce.  Even though the data within a CRM platform may be stored in “the cloud”, organizations still have the same responsibility to protect that information from a compliance standpoint.
  • Marketing: The marketing team not only utilizes information within a CRM solution, one of their primary responsibilities is to build a list of prospects to be tracked by the CRM solution to supply leads to the Sales team. Marketing accomplishes this in a variety of ways, including online and in-person resources and events designed to acquire leads.  With in-person events on hold for now, online activities and content are more important than ever to acquire those leads.  With so much data being acquired about prospects, the marketing team has an important responsibility to protect that information as well.
  • Products/Services: Without products and services, there would be no customers (of course). So, the information stored by the products/services team(s) can include everything from intellectual property that make the organization’s offerings unique to data about customer requests or even support histories for those customers.  How much customer history does an organization need to store?  It depends on the type of business and how long that information provides significant value to the organization.  Regardless, the information generated by the products/services team(s) is vital to enable the organization to generate the income it needs to thrive (or at least survive).
  • Finance/Accounting/HR: The finance team keeps track of all of the information that is important to understand how the organization is doing overall. It needs to work with Sales and Products/Services to understand the full revenue picture (both actual and projected) and balance that against data associated with expenses to determine profitability.  The expense data can involve information about various providers who are (in turn) selling their products or services to this organization.  It can also include personnel expenses, which involves individual data associated with the employees and contractors who actually run the business.  Just as organizations are expected to protect data of customers who are individuals, they are also expected to protect data of employees who are individuals as well.  Again, that data may reside in cloud-based solutions like QuickBooks, but the responsibility for the organization to protect that data remains the same.

Business’s Relation to Other Stakeholder Groups

Business stakeholders tend to want to hang onto information indefinitely (on the off chance they may need it), but it’s an inherent responsibility for the other stakeholder groups (Legal, RIM, IT and Privacy/Security) to work with the business stakeholders to establish an understanding for when the return on investment (ROI) of keeping the data no longer exceeds the cost of retaining it.  ROI for retaining the data as well as regulatory requirements for doing so should drive all stakeholder groups (including business stakeholders) in terms of how long any data is maintained within the organization.  Business stakeholders need to be willing to accept guidance from the other stakeholder groups regarding the risk and efficiency considerations regarding retention of organizational data.

Business Stakeholder Recommendations for Better Information Governance

Here are some recommendations for Business stakeholders to help an organization improve its overall Information Governance program:

  • Support Organizational Data Mapping Activities: Business stakeholders must actively participate in the data mapping process and support the other stakeholder groups to implement a process that keeps the organizational data map evergreen and that critical organization data remains accessible.
  • Stay Current with Technology and Legal Trends: Technology evolves and companies are always developing software and hardware products that are designed to make information management easier and more secure. Rules and laws change regularly from a Legal standpoint. So, it’s important for Business stakeholders to stay current with both technology and legal trends to better understand their considerations and obligations regarding both areas.
  • Stay Current with Data Privacy Trends: Data privacy laws are continuing to change and so are the responsibilities of organizations to stay abreast of changing laws. This includes monitoring sites like the IAPP site for updates to data privacy laws, attending webinars to learn more about rapidly changing trends and setting aside 5-15 minutes a day to read about data privacy trends and updates (this blog and eDiscovery Today are great places where you can do that).

Conclusion

As we have discussed over the past several weeks, each stakeholder group has needs, responsibilities and areas they can address to ensure an effective information governance program within the organization.  An organization which has all five groups “plugged in” to the information governance program will manage organizational data more efficiently and effectively, saving costs and reducing overall organizational risk.

For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, follow, eDiscovery Today! And as part of the continued educational partnership between Ipro and eDiscovery Today, he’ll be here in the Ipro Newsroom next week with more educational content!

 

“I’ve Downloaded the Recording, Now What?” 3 (More) Considerations Regarding Zoom and eDiscovery

zoom eDiscovery

“I’ve Downloaded the Recording, Now What?” 3 (More) Considerations Regarding Zoom and eDiscovery

JD Supra Readers Choice Top Author 2020Written by Jim Gill
Content Chief, Ipro

There are a lot of people in the legal-tech community talking about the discoverability of Zoom data these days, particularly as the move to a remote workforce continues in the wake of the COVID-19 pandemic. As far as downloading recorded Zoom calls, it’s a pretty easy process. Really no different than exporting emails. And there haven’t really been any significant rulings (yet) regarding difficulties with Zoom data, so no need to worry right?

Maybe not in the immediate, but with the rise of video usage (not only with Zoom but with police body cam footage, as well as cell phone video) it will probably be sooner than later. The legal industry has a way of not adopting new workflows or technologies until they’re forced to, which can lead to extra costs and significant pressures on the legal team when litigation does arise, so being forward-thinking can pay off.

With this in mind, I spoke with Aaron Swenson, Ipro’s Head of Product Growth and Strategy, to discuss some more forward-leaning thoughts around video conference data and eDiscovery. Here are three considerations that continued coming up in our conversations.

Long Term Storage Costs:

It’s easy to take for granted the seemingly unlimited storage the cloud offers, particularly when using applications like Zoom. But audio files take up a fair amount of space. Video even more. And then when you throw in a transcript and chat data, it doesn’t take long to build up a significant amount of Electronically Stored Information (ESI).

For example, I looked at a recent Zoom recording I had exported to my laptop: It was just under an hour and came in around 100 GB. According to Zoom’s website, they charge $500 / month for 3 TB of storage and then about $10 for every 100 GB after that. So, if I recorded 30 hour-long calls in a month, that would be 500 dollars and an additional 10 dollars for every call after that. Now multiply that across the number of an organization’s employees using Zoom, and it’s not hard to see how it could quickly add up.

Establishing Retention Policies:

Data retention policies aren’t anything new, but the quick adoption of enterprise Zoom usage most likely means that many organizations haven’t considered how they manage and retain the data from video conferencing calls.

Different departments within a company or law firm may have different protocols when it comes to recording meetings: some may only record occasionally or for specific purposes; others may never record meetings; and others may always, regardless of the topic, record meetings. Then you add the issue of this data potentially being saved from the cloud onto individual machines (possibly multiple times for the same recording) and it’s clear why a Zoom-specific data management and retention policy is necessary.

eDiscovery Processing Capabilities:

Data is only as good as the information you can glean from it, particularly when it comes to data used as evidence for internal investigations and litigation. eDiscovery practitioners have known the importance of being able to extract metadata from documents, digital photos, and other ESI for decades now. Zoom recordings are no different. Which is why you want to make sure that your current eDiscovery solution can process those files into fully usable documents, should they need to be reviewed.

As part of an organization’s policies, they should always make sure their Zoom recordings include transcript creation, but it’s also important to have the ability to sync the video recording with the transcript within your eDiscovery workflow. There is so much information lost if attorneys are only able to review the text of a transcript. Having the video to accompany the text is vital for gaining insight from non-verbal cues (or Human Metadata, if you will) such as the speed of delivery, pauses, voice timbre and inflection, facial expressions, body language, and more.

Conclusion:

As with any new data source, considering its potential discoverability and how to defensibly preserve, collect, and review that data before litigation arises is always a good best practice.

Aaron Swenson sums this up nicely when he says, “Given the avalanche of recording, a proactive approach to Zoom data is necessary. Think about how you plan to deal with meeting recordings before a matter arises. Get a policy in place, consider storage costs, and a workflow that takes into account the time constraints of listening to hours of audio and video.”

There is no return to normal when it comes to video. Whether people continue to work remotely or go back to a brick and mortar office, video data will continue to grow in its use, which means it won’t be long before we see it become more prevalent in litigation.

 

Read more about how state jurisdictions and FRCP Rule 26
relate to Zoom and eDiscovery on the Ipro Blog!

Privacy & Security Stakeholders and the Information Governance Reference Model (IGRM)

security privacy IGRM

Privacy & Security Stakeholders and the Information Governance Reference Model (IGRM)
Written by Doug Austin, Editor of eDiscovery Today

Last month, I introduced a new blog series on the Ipro blog called Considering the 5 Stakeholder Groups of the Information Governance Reference Model (IGRM) and I set the stage for the series by discussing the IGRM model in general, the complexity of information to be managed by organizations today and identified the five stakeholder groups.  The past three weeks, I’ve reviewed Legal stakeholders, Records and information management (RIM) stakeholders and Information Technology (IT) stakeholders. This week, I continue the series by focusing on the Privacy and Security stakeholders.

Today’s Landscape for Privacy & Security Stakeholders

As I mentioned in the introduction post, EDRM announced the release of version 3.0 of the IGRM in 2012 (almost eight years ago to the day), which is the version still in use today.  In that version, EDRM – in cooperation with ARMA International and the CGOC (Compliance, Governance and Oversight Council) – included privacy and security as primary functions and stakeholders in the effective governance of information.

The importance of privacy & security in organizations has “shifted into hyper drive” in recent years.  Let’s take a look at recent developments for both.

Privacy: In recent years, several data privacy laws have been enacted to protect the data rights of individuals.  The two most recognizable data privacy laws are:

In addition, several other countries and states have also either enacted or strengthened data privacy laws.  According to the International Association of Privacy Professionals (IAPP), multiple states have proposed similar legislation to the CCPA to protect consumers in their states, with at least two more having signed new privacy laws and several others in progress on data privacy laws.

As for countries around the world, here’s a link to privacy laws in different countries and how to comply with them.

Security: While data privacy requirements are increasing significantly, cybersecurity threats are growing.  Here are a few recent cybersecurity stats to give you a sense of just how big the challenge is today to protect individual and organization data:

Do I have your attention yet?  Needless to say, while the stakes of protecting data is much higher (given increased scrutiny through data privacy laws), the challenge of protecting that data is only getting tougher, especially given all of the increased remote work during the pandemic.

Privacy & Security’s Relation to Other Stakeholder Groups

A white paper issued by EDRM regarding the release of IGRM v3.0 notes the following regarding the addition of privacy & security stakeholders:

“Privacy & Security stakeholders are responsible for identifying and managing risks associated with personal and/or confidential information. The risks may be legal/regulatory in nature, driven by brand/reputational considerations, or both. With respect to privacy and personal information, companies must be cognizant of laws and ‘best practices’ governing transparency and classification at the point of creation, must understand how the data may be collected, used/processed, and where the data may flow (i.e., cross-border data transfers). Confidential information – be it personal or business proprietary – must be appropriately protected as an asset. Implementation of standards to ensure reasonable and appropriate security protocols – technical, physical, and administrative – is critical for proper information risk management. Enhanced security protocols may be warranted or required for sensitive data (e.g., protected health information, data that could facilitate identity theft, discrimination, or harm, trade secrets, proprietary information, etc.).”

One of the common trends in organizations today to establish responsibility for protecting data within an organization is to appoint a Data Protection Officer (DPO).  GDPR established responsibilities for organizations to hire or appoint a DPO, with doing so being required if an organization meets one of these three criteria:

  • Public authority: The processing of personal data is done by a public body or public authorities, with exemptions granted to courts and other independent judicial authorities.
  • Large scale, regular monitoring: The processing of personal data is the core activity of an organization who regularly and systematically observes its “data subjects” (which, under the GDPR, means citizens or residents of the EU) on a large scale.
  • Large-scale special data categories: The processing of specific “special” data categories (as defined by the GDPR) is part of an organization’s core activity and is done on a large scale.

Even if your organization doesn’t meet one of the three criteria above, it’s still a good idea to hire or appoint a DPO to establish someone within the organization who takes the lead on the organization’s data privacy responsibilities.  That person can work with other stakeholder groups to ensure other organization goals are being met while protecting that data.

Privacy & Security Stakeholder Recommendations for Better Information Governance

Here are some recommendations for Privacy & Security stakeholders to help an organization improve its overall Information Governance program:

  • Promote Organizational Data Mapping Activities: Understanding where data is within an organization is the first step to protecting that data. Privacy & Security stakeholders must actively promote data mapping activities and support RIM stakeholders to keep the organizational data map evergreen so that the organization’s exposure is understood and can be effectively addressed.
  • Stay Current with Data Privacy Trends: Data privacy laws are continuing to change and so are the responsibilities of organizations to stay abreast of changing laws. This includes monitoring sites like the IAPP site for updates to data privacy laws, attending webinars to learn more about rapidly changing trends and setting aside 5-15 minutes a day to read about data privacy trends and updates (this blog and eDiscovery Today are great places where you can do that).

Next week, we’ll conclude the series with the goals and considerations for Business Unit stakeholders within an organization.  See you then!

For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, follow, eDiscovery Today! And as part of the continued educational partnership between Ipro and eDiscovery Today, he’ll be here in the Ipro Newsroom next week with more educational content!

The Growth of Automotive Data, the CCPA, and eDiscovery

automotive data eDiscovery CCPA

The Growth of Automotive Data, the CCPA, and eDiscovery

JD Supra Readers Choice Top Author 2020Written by Jim Gill
Content Chief, Ipro

This week I saw a sticker in my vehicle that I hadn’t noticed before. It reads: “Vehicle Data Transmission is On! Your vehicle wirelessly transmits location, driving and vehicle health data to deliver your services and for internal research and data analysis.” It then gave a website and instructions to disable.

automotive data eDiscovery CCPA

Automotive Data and the CCPA

I’m not sure what most people’s reaction to seeing this might be, but as someone who’s been in the eDiscovery industry for a while now, my first thought was, “This must be how they’re dealing with compliance in regard to laws like the California Consumer Privacy Act (CCPA) which is now being enforced as of 7/1/2020.

In fact, a recent article in Automotive News states that, “The auto industry will start to experience what the health care and finance sectors have been facing for decades — an ever-changing and more complex privacy landscape. Specifically, the CCPA creates consumer rights for Californians that enable access to, sharing or deletion of and the ability to opt out of the sale of personal information collected by a business.”

Automotive Data and eDiscovery

If you think about all the data now collected by automobiles these days, it of course raises the issue of that data being discoverable should litigation arise. In fact, back in 2017 with Barry v. Big M Transportation, sanctions for data spoliation were requested due to Big M Transportation’s failure to preserve a truck’s ECM data after an accident. While a default judgement under FRCP Rule 37(e) was denied, the court did rule as an alternative sanction that the jury would be told the “ECM data was not preserved and will allow the parties to present evidence and argument at trial regarding Big M’s failure to preserve the data.”

In more recent cases, automotive data has been used to determine the outcomes of lawsuits around self-driving cars (read my blog on 3 of those cases here), but when you consider the increase each year of everyday economy vehicles which collect data, combined with mobile devices which are connected to those vehicles, it’s easy to see how automobiles are a quickly growing source of potentially discoverable data.

Considerations for Dealing with the Growth of Automotive Data

For Automotive Companies:

Work with Legal, Privacy, and Compliance Departments to ensure policies are in place regarding the CCPA, General Data Protection Regulation (GDPR), as well as keeping aware of other privacy laws which may be enacted (at least nine other states — including New York, Maryland, Massachusetts, Oregon and New Jersey — also considering consumer privacy laws).

For Transportation Companies:

No different than more traditional electronic data sources of the past decades (e.g. disks, hard drives, laptops, and email) make sure that you have Legal Hold and Preservation policies in place regarding fleet vehicles and other automobiles used for business purposes, as well as technology which can help ensure these processes work effectively, to avoid sanctions and other penalties.

For Law Firms and Legal Service Providers (LSP):

Utilize the latest in eDiscovery technology to quickly and accurately collect and process automotive data (and metadata) into review platforms while keeping costs low.

 

Learn more about how Ipro’s Information Governance & eDiscovery Software!

Ipro for Enterprise from Ipro eDiscovery & InfoGov on Vimeo.

IT Stakeholders and the Information Governance Reference Model (IGRM)

IT Information Governance Reference

IT Stakeholders and the Information Governance Reference Model (IGRM)
Written by Doug Austin, Editor of eDiscovery Today

Three weeks ago, I introduced a new blog series on the Ipro blog called Considering the 5 Stakeholder Groups of the Information Governance Reference Model (IGRM) and I set the stage for the series by discussing the IGRM model in general, the complexity of information to be managed by organizations today and identified the five stakeholder groups.  The past two weeks, I’ve reviewed Legal stakeholders and Records and information management (RIM) stakeholders.  This week, I continue the series by focusing on the information technology (IT) stakeholders.

IT Stakeholder Information Needs

Information technology (IT) stakeholders are the keepers of an organization’s data – they’re the ones responsible for making vital organizational data accessible within the organization and defensibly deleting it when it’s obsolete.  IT stakeholders are also the people most likely to work with outside providers, ranging from the lit support person at a law firm to the technology team for a software platform being brought in house or set up for access via the cloud.  You want to stay on good terms with the IT team because they can keep you up and running and productive – they’re the “fix it” team.

What do IT stakeholders need in terms of information?  They need to understand the requirements of the other stakeholder groups to ensure that they have the data they need when they need it.  And, they need to work closely within privacy and security guidelines to protect organization and customer data.  In fact, in many organizations, the IT department is also acting as the Privacy and Security stakeholders because they may be the stakeholders responsible for privacy and security as well (many organizations, especially smaller ones, put privacy and security responsibilities under the IT “umbrella”).  Despite that, we’ll focus primarily on IT stakeholder needs this week and Privacy and Security needs next week.

IT’s Relation to Other Stakeholder Groups

To accomplish its role from an Information Governance standpoint within an organization, IT needs to collaborate with the other stakeholder groups by supporting the following:

  • Data Accessibility: Making sure the data the organization needs is accessible when required. This includes various responsibilities such as provisioning new servers and applications as needed (including associated storage for them), managing and defensibly deleting legacy data when appropriate and determining, aligning storage capacity and allocation to information business value and retention requirements and (of course) maintaining backups of critical organization data to ensure continuity.
  • Software Updates: Keeping software applications up to date as older versions of operating systems and other software applications are much more susceptible to hacking by outsiders.
  • Support Special Project Information Needs: IT is the group that stops auto-delete programs within the organization when there is a duty to preserve and they are the team most likely responsible to identify, preserve and collect data in support of litigation, investigation and compliance needs.
  • Communicate Technical Policies and Procedures to Employees: In just about all organizations, IT is responsible for maintaining and communicating IT policies and procedures to the organization to protect data within the organization (including customer data). Even if there is a separate Privacy and Security team, they are working “hand-in-hand” with IT to ensure data protection.

Like RIM stakeholders, IT stakeholders aren’t typically users of information within the organization, but they make sure that the other stakeholder groups can access the information they need – when they need it and are authorized to access it.

IT Stakeholder Recommendations for Better Information Governance

Here are some recommendations for IT stakeholders to help an organization improve its overall Information Governance program:

  • Stay Current with Technology Trends: Technology evolves and companies are always developing software and hardware products that are designed to make information management easier and more secure, so it’s important for IT stakeholders to stay current with technology trends (such as the various sources of data illustrated in the Internet Minute infographic) to take advantage of the latest tech trends.
  • Support Organizational Data Mapping Activities: IT stakeholders must actively participate in the data mapping process and support RIM stakeholders to implement a process that keeps the organizational data map evergreen and that critical organization data remains accessible.
  • Get Certified: You may sometimes think that your organization’s IT professionals are “certifiable”, but, if they’re doing their job right, they’re probably certified. Examples of certifications worth pursuing include: Certified Data Professional (CDP), Certified Information Systems Security Professional (CISSP), Project Management Professional (PMP), even Certified Ethical Hacker (CEH).  Not to mention certifications specific to hardware or networking components and software platforms.  Many organizations even compensate IT professionals for obtaining certifications in key areas that support organizational goals.
  • Find Your Inner Lawyer: Remember when we told the Legal stakeholders to “find their inner geek”? The same holds true for IT when it comes to legal concepts. To keep current on legal trends, attend webinars to learn more about both areas and consider setting aside 5-15 minutes a day to read about legal concepts (this blog and eDiscovery Today are great places where you can do that). Doing so can facilitate the effort to coordinate with Legal stakeholders to understand their needs and what they may mean to the organization’s information governance goals.

Next week, we’ll continue with the goals and considerations for Privacy and Security stakeholders within an organization.  See you then!

For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, follow, eDiscovery Today! And as part of the continued educational partnership between Ipro and eDiscovery Today, he’ll be here in the Ipro Newsroom next week with more educational content!

Law Firm Innovation: The Benefits of Adopting Smart Collections to Better Serve Clients

Law Firm Smart Collections

Law Firm Innovation: The Benefits of Adopting Smart Collections to Better Serve Clients
Written by Frederic Bourget, VP of Product, Ipro

How sticky is your firm with your clients? Among the law firms that I have spoken with, there’s a natural advantage in embracing new technologies to better serve them.

Some firms are just getting started with new technology, and that’s OK. The traditional eDiscovery model has been used in litigation for years. As a result, most law firms are still outsourcing data collection to specialized service providers.

Ten years ago, when most of the data was stored on physical servers and desktop computers, this approach made sense. It required a unique set of forensic skills to copy hard drives, move data, and ensure non-repudiation.

But things are changing.

The wheels of digital transformation have been set in motion in the last decade, and the pace of that transformation has increased exponentially during the COVID-19 pandemic. Here are a few reasons why law firms need to adopt Smart Collection tools to get ahead of the curve.

Law Firms Face the Same Pressures as their Clients

The amount of digital data is exploding, and along with that is a sharp increase in the number of digital collaboration apps. With information being spread across multiple cloud platforms, it’s harder to find responsive data.

Organizations face new compliance requirements for privacy (GDPR, CCPA, and others) so things are getting even trickier. With multiple copies of potentially sensitive and unresponsive data circulating – and new security threats all the time – the risks of exposing personal information are increasing.

This is compounded by the fact that even with these new compliance responsibilities, organizations must meet the same stringent response times. The result? You guessed it — more security breaches.

The #WFH Factor

Enters a new wild card in the age of coronavirus: digital workers worldwide working from home. Most law firms and their clients had only a few weeks to complete their digital transformations which included putting in place new collaboration tools, video conferencing and document workflows on the fly.

A few related considerations:

  • The digital records produced by these new platforms also need to be collected.
  • Some remote employees are working on networks that are less than secure.
  • Pandemic-related economic pressures will increase the need for cost reductions.

Every major disruption in the market also brings significant opportunity to reposition and get ahead of the game. Deploying Ipro + NetGovern Smart Collection capabilities is a chance for law firms to achieve this. With this tool, they wouldn’t need to outsource the collection process to external parties and would be able to better serve clients in a world that is quickly becoming entirely digital.

A Few Words on the Benefits of Innovative eDiscovery Technology

Because data is now mostly stored on remote servers – otherwise known as the cloud – being able to connect to these locations remotely to search, find, review, and collect data in a unified legal-friendly way can make a big difference. Smart Collection tools give legal teams a secure, direct, and centralized view into their clients’ data no matter where it is located.

This means that the team who understands the issues can investigate the data directly prior to collecting it.

Then, they can collect only what is needed, minimizing the amount of data involved, and taking the opportunity to filter out sensitive content. As the investigation progresses, the team can go back for more data — if needed — at a very low cost.

The results of this new approach are dramatically different from the EDRM’s.

Protecting Revenue

Not having to involve external parties for collection will lead to improved revenue and profit. The ROI is very simple: subscribe to the right tools and you can keep the collection revenue stream in-house. This also provides much better control over the process, with the additional benefit of controlling where the money flows within the overall case.

But protecting revenue isn’t even the best way law firms can benefit from using the Smart Collection methodology. Security, also being a primo concern, is another area where Smart Collection can make firms excel.

Improving Cybersecurity

As law firms’ internal teams are empowered to perform the collection phase of eDiscovery, no data circulates externally. This significantly reduces the risk of hacks or leaks for both the firms and their clients. With the scope of privacy laws looming ever larger, this protection comes as a relief.

Minimizing the Time It Takes to Perform eDiscovery

With live investigations, law firms can figure out what relevant case matter they have in a few hours instead of weeks. They can pull key documents that are central to the defense strategy of the case in question. Being quick to find the “smoking gun” puts firms at an advantage. Clients are happy because they can get feedback quickly.

As a result, they engage the law firm regularly and for smaller matters, not just when things get hairy. With this demand for regular and ongoing advice on disputes, billable hours go up, and it occurs at a pace that is manageable for the client.

So How Sticky Is Your Law Firm With Your Clients?

That brings us to our final point. Stickiness is everything. Do your clients outsource legal matters to multiple firms? They shouldn’t have to. Smart Collection allows you to start delivering services that are more closely connected to their business.

You can step in with precise inquiries related to missing documentation, version control, metadata review, and the like. You integrate into their team and their workflows. You can bill on an ongoing basis for this kind of managed service. The business advantage of a recurring revenue model is significant, and it helps you stabilize in the face of workload variation, which is amped up for most companies at this time.

Post-crisis, there will not be any less work for law firms. In the “new normal,” we will see an increase in employee employers, financial, and other contractual matters. The once complex process to collect data will give way to dynamic data interactions by legal staff that are familiar with the matter. This will enable new business models and propel certain firms ahead of others with better service and responsiveness, not to mention higher revenues and margins.

Simply put, Smart Collection equips you to handle changes that are already underway, meeting new and old demands in style, and coming up aces in terms of client trust.

 

Register for these on demand demonstrations for an in-depth look at Ipro’s eDiscovery and Information Governance solutions (including Smart Collections)!

RIM Stakeholders & the Information Governance Reference Model

Records Management IGRM

Records / Information Management Stakeholders and the Information Governance Reference Model (IGRM)
Written by Doug Austin, Editor of eDiscovery Today

A couple of weeks ago, I introduced a new blog series on the Ipro blog called Considering the 5 Stakeholder Groups of the Information Governance Reference Model (IGRM) and I set the stage for the series by discussing the IGRM model in general, the complexity of information to be managed by organizations today and identified the five stakeholder groups.  Last week, I began my look at the stakeholder groups by starting with Legal stakeholders.  This week, I continue the series by focusing on the records and information management (RIM) stakeholders.

RIM Stakeholder Information Needs

Records and information management (RIM) stakeholders not only have their own perspective on the IGRM, they even have their own professional community to which many RIM professionals belong.  Formerly known as the Association of Records Managers & Administrators, ARMA International (ARMA) is a community of almost 6,000 records management, information management, and information governance professionals who harness the benefits and reduce the risks of information.  ARMA provides resources, education, certification, networking opportunities and even a yearly conference (which, like so many conferences this year, will be virtual in 2020 and is coming up in a few weeks).

RIM professionals who are ARMA members operate according to a standard of Generally Accepted Recordkeeping Principles® (now simply known as “The Principles®”), which guide information management and governance of record creation, organization, security maintenance and other activities used to effectively support recordkeeping of an organization.  Those eight principles are as follows:

  1. Accountability
  2. Transparency
  3. Integrity
  4. Protection
  5. Compliance
  6. Availability
  7. Retention
  8. Disposition

A “tip” for you: if you take the first letter of each of the principles, it spells out “A TIP CARD”.  Details about The Principles (including a guide, a maturity model and a certificate training course) are available from the ARMA website here.

RIM’s Relation to Other Stakeholder Groups

To accomplish its role from an Information Governance standpoint within an organization, RIM needs to collaborate with the other stakeholder groups by owning the process of Retention and Disposition. While influential across all of The Principles, RIM stakeholders should set the requirements for retaining and disposing of data within an organization by which other stakeholder groups comply, working with Legal and Privacy/Security to achieve conformity on legal and regulatory requirements.

Other than the documentation and policies that they create in supporting their role as records managers within an organization, RIM stakeholders aren’t typically users of information within the organization – they help set standards by which the other stakeholder groups use it, and for how long.

RIM Stakeholder Recommendations for Better Information Governance

Here are some recommendations for RIM stakeholders to help an organization improve its overall Information Governance program:

  • Take the Lead in Information Governance Initiatives: Most of the other stakeholder groups are users of organizational information in some way, but RIM’s role is to lead the information governance program through management, education and thought leadership to accomplish organizational goals for managing information effectively.
  • Manage Organizational Data Mapping Activities: While the other stakeholder groups must actively participate in the data mapping process, RIM should lead the effort to continue to identify where data is located within an organization, working with the other stakeholder groups to implement a process that keeps the organizational data map evergreen.
  • Keep Current on Legal and Technology Trends That May Impact Organizational Requirements: RIM professionals need to coordinate with Legal and IT to keep current with legal trends (such as the changing data privacy landscape I discussed last week with new regulations like Europe’s General Data Protection Regulation (GDPR) and California’s California Consumer Privacy Act (CCPA) and technology trends (such as the various sources of data illustrated in the Internet Minute infographic). RIM stakeholders don’t have to be the definitive experts in either area, but need to understand both well enough to support legal and technology trends working with Legal and IT stakeholders.
  • Join and Participate in ARMA: The best way to learn best practices from a records management and information governance standpoint is to join a group of other like-minded professionals that are wrestling with the same challenges you are! ARMA International has numerous programs for training & certification, as well as networking, to enable you to learn lessons from others in terms of what works well and what mistakes to avoid.  If you haven’t joined ARMA already, consider doing so to stay current on records management best practices and trends.
  • Look for Other Educational Opportunities: To keep current on legal and technology trends, attend webinars to learn more about both areas and consider setting aside 5-15 minutes a day to read about legal and technical concepts (the Ipro blog and eDiscovery Today are great places where you can do that). Doing so can facilitate the effort to coordinate with Legal and IT to understand the trends and what they may mean to the organization’s information governance goals.

Next week, we’ll move along the IGRM from records management to the goals and considerations for Information Technology (IT) within an organization.  See you then!

For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, follow, eDiscovery Today! And as part of the continued educational partnership between Ipro and eDiscovery Today, he’ll be here in the Ipro Newsroom next week with more educational content!

Legal Stakeholders and the Information Governance Reference Model

Information Governance Reference Model Legal

Legal Stakeholders and the Information Governance Reference Model
Written by Doug Austin, Editor of eDiscovery Today

Last week, I introduced a new blog series on the Ipro blog called Considering the 5 Stakeholder Groups of the Information Governance Reference Model (IGRM) and I set the stage for the series by discussing the IGRM model in general, the complexity of information to be managed by organizations today and identified the five stakeholder groups.  This week, I begin my look at the stakeholder groups by starting with Legal stakeholders.

Legal Stakeholder Information Needs

As a person who writes an eDiscovery blog, it’s easy for me to look at every potential information need for Legal stakeholders as the proverbial “nail” related to the eDiscovery “hammer”, including considerations for investigations and compliance as well.  But, from an operations standpoint, Legal stakeholders have many more information needs than those that apply just to eDiscovery.  Here is a list of ten potential areas associated with legal operations:

  1. eDiscovery & Legal Hold
  2. Legal Department Strategic Planning
  3. Vendor Management
  4. Analytics Metrics & Dashboard
  5. Team Building & Communications
  6. Processes & Technology
  7. Knowledge Management
  8. Financial Planning, Analysis & Management
  9. Managed Services & Legal Process Outsourcing (LPO)
  10. Global Data Governance

While I’d like to take credit for identifying those areas myself, I got them from the Association of Corporate Counsel’s ACC Legal Operations website, which has a terrific infographic to illustrate legal operations as a “hub” function in corporate legal departments here.  I could write an entire blog series just on those different operational needs – it’s obvious from the infographic and the list above that Legal stakeholders within an organization have a lot of potential information needs to support these various operational initiatives.

Legal’s Relation to Other Stakeholder Groups

To accomplish its role from an Information Governance standpoint within an organization, Legal needs to collaborate with the other stakeholder groups to achieve the following objectives:

  • Identify and Protect Data Sources Necessary to Support the Above Operational Initiatives: Legal must not only effectively understand where information is located to support those initiatives and access that information quickly, they must also establish requirements from a legal and regulatory perspective regarding maintenance, preservation and destruction of that information, including notifying the other stakeholder groups when changes to laws and regulations impact those requirements.
  • Generate and Manage Information to Support Legal Objectives: Legal will likely be responsible for at least generating (if not maintaining) agreements and other documents designed to protect the organization from a legal standpoint. Everything from non-disclosure agreements (NDAs) to contracts for services performed could be generated and possibly maintained by Legal.

In other words, Legal stakeholders are big users of information within an organization, but they also establish many of the requirements for when, how and how long that information is created and maintained within it.  To do their job effectively, Legal stakeholders not only need to understand their information needs and organizational requirements, they also need to understand technology and how to maximize it to accomplish those goals.

Legal Stakeholder Recommendations for Better Information Governance

Here are some recommendations for Legal stakeholders to help an organization improve its overall Information Governance program:

  • Identify and Periodically Revisit Legal Use Cases: As you saw above, there are a lot of potential use cases Legal stakeholders may have regarding organizational information. So, they need to flush out those various use cases to identify their data requirements to support their various ops needs and revisit periodically to adjust use cases or even create new use cases as requirements dictate (e.g., new use cases being identified due to strengthened data privacy laws).  Also consider conducting a SWOT analysis for various legal use cases to determine what strengths and weaknesses you have when addressing the opportunities and threats your organization is encountering regarding supporting those use cases.
  • Actively Participate in Organizational Data Mapping Activities: To ensure that they understand where the data is located within the organization to support its use cases, Legal must be an active participant in the data mapping process to not only identify where data is located within an organization, but also to ensure the data to support their legal ops objectives will be there when needed (i.e., the “Why” for the data that’s needed).
  • Keep Current on Legal Trends That May Impact Organizational Requirements: A great example of that is the changing data privacy landscape with new regulations like Europe’s General Data Protection Regulation (GDPR) and California’s California Consumer Privacy Act (CCPA). Those are just two of the many data privacy regulations that have been passed in the last couple of years – numerous other states and countries have updated their requirements as well and there can be differences from GDPR and CCPA.  Legal needs to stay current on changes to legal trends, especially in areas that are changing quickly.
  • Find Your Inner Geek: To better communicate with other stakeholder groups, it’s best to understand how to “speak geek”. Attend webinars to learn more technical concepts and consider setting aside 5-15 minutes a day to read about technical concepts (this blog and eDiscovery Today are great places where you can do that).  Legal may understand “what” is required, but the other groups can indicate “how” to make it happen, so it’s important to understand how to effectively communicate with them to get there.
  • Embrace the Use of Technology: As you find your inner geek, emphasize the use of technology to support Legal use cases. With the volume of data and variety of data sources, index-in-place and artificial intelligence (AI) technologies are becoming more essential to addressing any organization’s information governance needs today.  So, learn about and be open to those emerging technologies as well.

Next week, we’ll continue with the goals and considerations for Records Management (RIM) within an organization.  See you then!

For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, follow, eDiscovery Today! And as part of the continued educational partnership between Ipro and eDiscovery Today, he’ll be here in the Ipro Newsroom next week with more educational content!

Why Do Attorneys Feel Mired in “Low-Value Work?”

attorneys low value work

Why Do Attorneys Feel Mired in “Low-Value Work?

JD Supra Readers Choice Top Author 2020Written by Jim Gill
Content Chief, Ipro

In a recent Artificial Lawyer article, they featured a survey which found that 67% of in-house attorneys at fast-growth companies felt buried in low-value work. Meanwhile, in another survey of 1,058 senior legal practitioners worldwide (conducted by EY) a third of firms with more than 1,000 employees spend nearly one out of every three hours on ‘low‑value’ tasks.

So what is at the root of being stuck in low-value work?

The surveys point to the familiar bane of legal departments everywhere: manual processes. One might think in this age of being able to manage most of one’s life from a mobile phone, the legal world would have the same things in place, but this just isn’t the case for many law firms and legal departments. eDiscovery managers might be able to see their Amazon packages arrive on their doorstep and literally say, “Thank you,” via a smart doorbell, but at their jobs still face processes and even technology from the previous decade.

A second cause noted is having to use multiple systems. Many legal teams may feel they have their challenges under control, but it may also involve a cobbled-together Frankenstein’s monster of software, services, and manual processes. This isn’t inherently bad if integrations and communications are functioning at peak efficiency. I remember one veteran eDiscovery practitioner comparing this idea to the way audiophiles might compile a stereo system: you want the best of all the components regardless of brand; all-in-one systems are for people who want convenience over quality.

But this can lead to another dilemma when it comes to “low value tasks,” which we highlighted in this week’s eDiscovery Blues: technology training. Sure, your system might work, but it requires an expert to make sure everything stays functioning (just hope that person never wants to take a vacation). That’s why ease-of-use continues to rise to the top on attorneys’ lists.

In the same survey, it noted that when it comes to legal tech, here’s what GCs want:

  • Easy adoption – 80%
  • Integrations – 57%
  • Data Insight – 43%

They want to leverage technology in order to help them do their jobs, but they don’t want the bulk of their time spent learning the technology. It’s easy to fall into the trap of spending more time trying to work less. If technology is too much of a hassle, then the tried-and-true manual processes become more attractive.

For insights into how technologists are working to solve some of these problems, I went to Aaron Swenson, Product Director at Ipro. He raised a few things legal teams should consider in order to avoid being mired down by menial tasks.

  • “They should be asking how to supercharge their teams with technology in ways that are integral to the legal process, while moving them away from having to manage operations (i.e. the ROI spent working toward business objectives vs. on business operations).
  • “They’ll also want to look for technology which makes both internal and external stakeholders/customers happier.”
  • “A goal of ours at Ipro is working toward the idea of zero training time (or at least minimal training time). The technology should be intuitive enough that an experienced practitioner can log in and within a few minutes be doing their work instead of spending it learning software.”
  • “Finally, I think it’s important that legal teams consider how data sizes are growing faster than processing technologies, which means your traditional culling workflow will eventually have to change out of necessity.”

To that last point, the need for technology in the legal world is beyond necessary. It’s time to take the next step toward solutions that work as a single source of the truth when it comes to data, connect all stakeholders both inside and outside the organization, while taking the focus off of time spent learning technology.

All of which allows attorneys to get back to the primary objective of their jobs: practicing law.

 

Register for this two-day virtual event for a chance to take a look at Ipro’s eDiscovery and Information Governance solutions with live Q&A sessions!

virtual road show