Category Archives: Corporations

3 Ways Corporate Legal Teams Can Control Outside Legal Spend

corporate outside legal spend

3 Ways Corporate Legal Teams Can Control Outside Legal Spend

According to a recent study by Complex Discovery, 88% of eDiscovery costs happen during the processing and review stages. Traditionally, these tasks are carried out by Alternative Legal Service Providers (ALSP) and outside law firms, giving in-house corporate teams little control over these costs.

However, forward-thinking legal teams are leveraging technology to reduce these outside costs, while gaining control over their data and workflow.

That’s why Ipro created a series of resources around the Top 3 Challenges for Corporate Legal Teams.

In this installment you’ll get a look into how Corporate Legal Teams Can Control Outside Legal Spend by: 

  • Bringing Processing In-House
  • Pre-Review Data Culling
  • Leveraging Technology for Internal Investigations

Download the overview today! And stay tuned for the third installment next week!

Top 3 Challenges for Corporate Legal Teams

 

Eight is Enough! Eight Considerations for Defensible Deletion, Part One

defensible deletion considerations

Eight is Enough!  Eight Considerations for Defensible Deletion, Part One
Written by Doug Austin, Editor of eDiscovery Today

Does anybody remember the late 70’s TV Series Eight is Enough about the Bradford family with eight children, starring Dick Van Patten? Or am I showing my age?

Regardless, “eight is enough” is a great phrase to sum up this week’s post.  As Jim Gill noted last week, a significant percentage of an organizations’ data is Redundant, Obsolete and Trivial (R.O.T.).  Defensible deletion of R.O.T. within your organization is key to minimizing exposure from a compliance perspective and reducing costs during discovery.  Over this post and the next one, I’ll discuss eight considerations for you to be prepared to minimize your organization’s R.O.T. effectively. Today, we’ll cover the first four considerations for defensible deletion.

Understand Why Its Important

To understand why getting rid of R.O.T. is so important, here are a few statistics for you to consider:

  • Every 2 days we create as much information as we did from the beginning of time until 2003. (TechCrunch);
  • If you burned all of the data created in just one day onto DVDs, you could stack them on top of each other and reach the moon – twice (SmartData Collective);
  • 90 percent of records, once filed, are never referred to again, and 95 percent of references are to records less than 3 years old (ARMA New Jersey);
  • 69 percent of organizational data has no legal or business value (Compliance, Governance and Oversight Council (CGOC) 2012 Survey);
  • Estimates show eDiscovery costs to be between $1.5 to $3 million per terabyte of stored information (InfoGov Basics).

Most of these statistics are old, by the way.  Do you think the problem has gotten better over the years?  I don’t.

Address the Changing Data Privacy Landscape

Another important reason for why getting rid of R.O.T. is so important are the increasing requirements placed upon essentially every organization due to strengthening privacy laws.  The European Economic Area (EEA), which is (by the way) larger than the European Union, implemented the General Data Protection Regulation (GDPR) in 2018 and California implemented the California Consumer Privacy Act (CCPA) this year.  Many other states and companies are implementing data privacy laws as well, which may or may not be similar to GDPR or CCPA.  And, you have regular challenges to implemented data privacy mechanisms, such as the Schrems II case that just resulted in invalidating the EU-US Privacy Shield.  With individuals having the right to access their own data and the right to be forgotten (among others), it’s more important than ever to minimize R.O.T. to minimize your organization’s exposure.

Get Stakeholder Buy-In

You can’t accomplish anything within an organization without buy-in from the stakeholders.  The best illustration of the relationship of stakeholders to the data within an organization that I know of can be found in EDRM’s Information Governance Reference Model (IGRM), which groups stakeholders into three categories, as follows:

  1. Business users who need information to operate the organization,
  2. IT departments who must implement the mechanics of information management, and
  3. Legal, risk, and regulatory departments who understand the organization’s duty to preserve information beyond its immediate business value.

Without stakeholder buy-in, any comprehensive plan to manage R.O.T. within your organization is doomed to fail.

Create an Organizational Data Map

You can’t get rid of R.O.T. if you don’t know where it is.  Data mapping is simply a mechanism for knowing where your information is stored.  Data could be located in enterprise-wide systems such as Sharepoint and Microsoft 365, or individual business systems used in departments, or in collections of custodians on their local drives.  It could even be located in cloud-based platforms or social media sites or Bring Your Own Device (BYOD) devices or employees and others.  Organizations use various tools to maintain data maps and they can range from as simple as an Excel spreadsheet to as complex as a SharePoint repository to track all changes to the data map.  Choose a solution suitable for your organization and keep your data map maintained and current.

I’ll discuss the remaining four considerations for defensible deletion next week. Another Ipro cliffhanger!

For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, feel free to follow, eDiscovery Today! And as part of the continued educational partnership between Ipro and eDiscovery Today, he’ll be here in the Ipro Newsroom next week with more educational content!

 

ROT Removal: Why Information Governance is Vital for Corporate eDiscovery

eDiscovery Information Governance

 

ROT Removal: Why Information Governance is Vital for Corporate eDiscovery

JD Supra Readers Choice Top Author 2020Written by Jim Gill
Content Chief, Ipro

Corporations create a huge amount of data each year, but there is no standard from company to company on how that data is managed. Some take a “keep-everything” approach, while others strive to retain only what’s necessary for operations and compliance.

But even with some records management policies in place, a significant percentage of an organizations’ data is ROT (Redundant, Obsolete, Trivial):

  • If your files are like those on my laptop, then you have a perfect example of redundant: there are multiple versions of the same document, along with various iterations throughout the revision of a document.
  • For obsolete, just think of announcements and reminders from previous events or webinars long past.
  • And finally, for trivial, we can turn to today’s eDiscovery Blues™ All joking aside, sports news updates and online shopping ads have become such a regular source of data, that some companies build templates and filters, which automatically remove them from searches.

Technology has definitely made it easier to move through large datasets, and cloud storage has made hanging on to all this data more affordable (at least in the short term). Add this to the traditional eDiscovery approach of putting off collecting data until well into the litigation cycle, and it’s easy to see why ROT can grow within a company.

But there is a reason why Information Governance is the first step in the eDiscovery Reference Model (EDRM). Keeping enterprise data managed and organized can make it easier when decisions must be made due to investigations, litigation, and other triggering events. It’s a middle ground between looking for a needle in a haystack and burning the haystack altogether, something like having a 3D map of only the hay that’s needed.

Before I take this metaphor beyond its breaking point, I’ll put it in more straightforward terms: instead of simply storing data, you store it in a meaningful way which anticipates future legal needs.

By doing this, along with game-changing technology like In-Place EDA — which allows legal and compliance teams to analyze data where it sits (before collection) — you can settle internal investigations quickly or use that data offensively to help win a dispositive motion or more favorable settlement before discovery demands are served. You also reduce the amount of data potentially sent to outside counsel and ALSPs for processing and review, which are the costliest stages in the eDiscovery process.

When data is tidy, it’s easier to search through when the stakes are high. Besides, you know you’re going to check the latest scores and do a little online shopping when your brain needs a distraction. No need to fill up your inbox with such rot.

Want to hear a full discussion on In-Place EDA?
Listen to this deep dive from Mike Quartararo from ACEDS, Frederic Bourget from NetGovern,
and Ryan Joyce and Jim Gill from Ipro!

Top 3 Challenges for Corporate Legal Teams

top corporate legal challenges

Top 3 Challenges for Corporate Legal Teams

A recent stat-filled infographic, General Counsel: From Lawyers to Strategic Partners (released with data from Wolters Kluwer), showed that only 14% of eDiscovery work was done internally by corporate legal teams, with the rest being outsourced to traditional or specialist law firms or to alternative legal services providers (ALSP). But more and more, as companies continue putting a focus on how legal teams can contribute more to business needs overall, pressure is falling on in-house eDiscovery teams to develop new processes along with an investment in technology.

But knowing where to begin can be a challenge all its own.

That’s why Ipro created a series of resources around the Top 3 Challenges for Corporate Legal Teams:

  • Controlling Outside Legal Spend
  • Creating Operational Efficiencies
  • Mitigating Risk

Download the overview today! And stay tuned for the second installment next week!

Top 3 Challenges for Corporate Legal Teams

Legal Hold: You’ve Gotta Know When to Hold ‘Em, Know When to… Release ‘Em

Legal Hold Release

Legal Hold: You’ve Gotta Know When to Hold ‘Em, Know When to…Release ‘Em
Written by Doug Austin, Editor of eDiscovery Today

With all due respect to the late Kenny Rogers and his famous song The Gambler, maybe he would have written a completely different song if he was an eDiscovery professional.

Regardless, in eDiscovery circles, we talk a lot about best practices associated with implementing a legal hold in your organization and what you need to do to meet your preservation obligation, which (as you hopefully know) can begin well before the case is actually filed – it begins when there is a reasonable anticipation of litigation.

For example, if a current or former employee files a claim for discrimination with the Equal Employment Opportunity Commission (EEOC) regarding alleged discrimination by your organization against that employee, that’s probably a reasonable time to anticipate that allegation may eventually lead to litigation and act accordingly to implement a legal hold.

And, implementing legal holds includes the step of sending out hold notices to custodians with potentially responsive data, with explicit instructions regarding steps to preserve ESI, including suspension of any auto-delete mechanisms for email and other messaging platforms, including texts. As I discussed last week, that includes potentially responsive ESI contained on BYOD devices of the custodians.

By the way, people use the term “litigation hold” and “legal hold” interchangeably. I prefer the term “legal hold” as they can be used for non-litigation events as well – for example, regulatory audits – where it can be just as important to preserve ESI related to the audit as it can be to do so for litigation cases.

However, not too many people out there talk about best practices for releasing legal holds.  With so much data in organizations, it’s more important than ever to enforce retention and destruction policies to manage that data effectively, so releasing legal holds can be very important to an organization to reduce costs that might otherwise be required to keep that data indefinitely.

With that in mind, let’s discuss three opportunities for releasing custodians from a legal hold and two caveats to keep in mind before you release those custodians.

Opportunities to Release Custodians from a Legal Hold

You could have reasons to release custodians from legal holds through the case.  Here are three opportunities when you can consider releasing custodians from a legal hold:

  • When the Case Ends: When a case ends through dismissal, settlement or verdict, you can release the legal hold for the custodians related to that case. Obviously, right?  However, the ending of a case doesn’t necessarily mean that the ESI can be released as you’ll see in the first caveat below.
  • When the Custodian Isn’t Deemed Relevant After Analysis: It’s very common to start with a broad group of potential custodians at the beginning of a legal hold and then pare down as you can begin to learn more about what ESI they have and whether any of it is potentially relevant to the case or not. As you determine that particular individual custodians clearly don’t have data relevant to a given case (typically after a custodian questionnaire or interview process), then you can release them after that determination.  Just make sure you keep good documentation about that process and the rationale for those decisions in case you have to justify those decisions to opposing parties – or to the court.
  • When the Custodians Can be Released Due to Agreement or Court Ruling: One of the components to agree upon during the meet and confer is the scope of custodians and, hopefully, you can agree with opposing counsel on that scope, thus enabling you to release any custodians eliminated from that scope. If the parties can’t agree and the Court has to rule on scope, that becomes the milestone for determining for which custodians in question you can release legal holds and when.

Two Caveats for Releasing Legal Holds

While the three opportunities above are times when you can consider releasing custodians from legal holds, here are two caveats to consider:

  • ESI May Be Relevant to More Than One Case: It’s not uncommon for ESI to be relevant to more than one case. For example, in a series of product liability cases, correspondence regarding a company’s product quality assurance processes may be relevant to all of those cases.  The releasing of a custodian in one case doesn’t necessarily change the status of that potentially relevant ESI for other cases.  This is why legal holds need to be issued per case and tracked per case and instructions need to be clear to custodians as to their responsibilities to continue to preserve the ESI for cases that remain active.
  • Departed Custodians May Still Be Relevant: A custodian may leave your organization, but they still may possess relevant data. In those instances, it’s important that policies and procedures establish the organization’s rights and the custodian’s responsibilities to preserve that data.  This could include an organization’s rights to preserve and collect data from BYOD devices that the custodian used for work purposes.  Clear policies and procedures may ensure proper preservation of relevant ESI, or they may be your best defense if a custodian “goes rogue” and spoliates ESI once he/she departs from the organization.

Here’s a good example of a Release of Legal Hold Notice, courtesy of the Association of Corporate Counsel.

You’ve gotta know when to hold ‘em and, just importantly, know when to release ‘em.  Don’t “gamble” with your legal hold decisions, keep good documentation so you can justify your hold releases.  And, RIP, Kenny Rogers, we miss you.

For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, feel free to follow, eDiscovery Today! And as part of the continued educational partnership between Ipro and eDiscovery Today, he’ll be here in the Ipro Newsroom next week with more educational content!

5 Considerations for Creating an Effective BYOD Policy

Creating an effective BYOD policy

5 Considerations for Creating an Effective BYOD Policy
Written by Doug Austin, Editor of eDiscovery Today

A couple of weeks ago, I discussed three cases here that illustrated the importance of having a strong Bring Your Own Device (BYOD) policy in your organization to minimize security risks.  Today, I’ll discuss best practices associated with BYOD policies and even provide a couple of links to sample BYOD policies that you can use as a starting point to develop your own organization’s BYOD policy or confirm that your existing policy “covers all of the bases” in protecting your organization.

The Stats Associated with BYOD

According to this report, 85 percent of organizations enable BYOD.  76 percent of them enable it at least for employees and those organizations and others also enable it for contractors, partners, customers and suppliers.  Organizations embrace BYOD because it increases employee mobility (74 percent of respondents), employee satisfaction (54 percent) and reduces costs (49 percent).

However, 51 percent of respondents stated that the volume of threats targeting mobile devices is increasing, following the rise of BYOD and mobile data access.  Also, 43 percent of respondents didn’t even know if devices accessing corporate data were infected with malware.  And, just a few years ago, as few as 39 percent of companies actually had a formal BYOD policy.  39 percent!  While that number has probably gone up, it illustrates just how much of a “wild west” the use of BYOD devices has been in many organizations.

5 Considerations for Creating an Effective BYOD Policy

If your organization doesn’t have a BYOD policy, because of the COVID-19 pandemic, there has never been a better time to implement one. Nonetheless, here are some of the considerations you should address to establish proper use of BYOD devices by your employees and any other parties that might have access to organization resources.

  • Require Passwords on All Devices Used for Company Work: I know you’re saying “no duh!” but there are still people out there who could be using older devices with older operating systems (especially with all of the additional remote access during the pandemic) that don’t require the device to be secured with a password. Most newer OSs require a password to be set for the device, so this may not happen that often, but you want to explicitly require passwords on all BYOD devices.  You may also want to establish a requirement for strength of passwords, when appropriate, and maximum amount of idle time for the device before it automatically locks.
  • Establish Lists of Approved and/or Banned Apps: Have you heard all of the recent concern about the app TikTok and privacy concerns? Last week, Amazon told workers to remove the app from their devices or risk losing access to company email, then apparently called that directive a “mistake.  Regardless of what you think of TikTok, there are apps out there that are known security risks.  Your IT department should stay up-to-date on which apps might be at risk, keep updated lists of banned apps within the organization and communicate those changes regularly.  Or consider even getting more restrictive by providing a list of approved apps (and a procedure for requesting apps to be evaluated for addition to the list).
  • Provide Security Software: To the extent that individuals are accessing company resources, they should be doing it through secured means. Securing access through a Virtual Private Network (VPN) or Remote Desktop Protocol (RDP) is a must for any resources not accessed through secured cloud platforms.  In addition, it’s a good idea to consider implementing a Mobile Device Management (MDM) solution to directly administer mobile devices to segment business data and use from personal data and use.
  • Establish a Policy for Use of BYOD Devices During Legal Holds: This is a “no, duh!” tip for eDiscovery professionals, but most people don’t even think about the potential for their BYOD device to contain unique data, even if instructed to preserve all data. The BYOD policy should, in general, explicitly state the rights for the organization to access the BYOD device, which should include the need to preserve and collect data during legal holds.  It also should cover things such as discontinuing auto deletion of texts and messages within messaging apps (which could even include discontinuing using ephemeral messaging apps if they don’t provide an option to keep the messages indefinitely) and coordinating with the organization before replacing your device to capture data from it first.
  • Force Acknowledgement of the Policy and Policy Updates: In other words, require employees (and anyone else with access to company resources) to sign a copy of the policy to acknowledge that they have read and understood the policy. You also may need to consider having them sign periodically to acknowledge significant updates to it as well.  Not only is it important to hopefully avoid incidents of evidence spoliation, but it also can at least illustrate that your organization has communicated and confirmed an understanding of the policy from individuals, which could be important to defend against significant sanction if spoliation does occur.

Examples of BYOD Policies

There are too many best practices to cover in one blog post, but there are several FREE examples of BYOD policies available on the web to provide ideas regarding what to cover in your organization’s BYOD policy.  They cover several additional best practices to address, including support, reimbursement of costs, handling of lost/stolen/damaged equipment and termination of employment.  Here are links to two of them, courtesy of SHRM and IT Manager Daily.  These and others can be terrific starting points for creating your own BYOD policy, but your policy should be unique to the needs and challenges of your particular organization and you should not only customize it to your needs, but evaluate it periodically and update it as necessary to ensure it continues to cover and protect your organization as much as possible.

For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, feel free to follow, eDiscovery Today And as part of the continued educational partnership between Ipro and eDiscovery Today, he’ll be here in the Ipro Newsroom next week with more educational content!

Recent Case Law Illustrates the Importance of Addressing BYOD in Your Organization

BYOD Case Law

Recent Case Law Illustrates the Importance of Addressing BYOD in Your Organization
Written by Doug Austin, Editor of eDiscovery Today

If you follow my writing, you know that I cover a lot of case law – typically between 60 to 70 cases a year. When you do that, you notice certain trends that illustrate some of the challenges that organizations face today with regard to electronic discovery. One of the more common trends these days relates to cases related to mobile device data and the failure to preserve that data. Many organizations today support a Bring Your Own Device (BYOD) approach to employees and their mobile devices; however, many of them don’t have an effective policy or plan for addressing mobile device data when litigation hits.

Let’s take a look at three recent cases where failure to preserve mobile device data led to sanctions requests by requesting parties.

In DriveTime Car Sales Company, LLC v. Pettigrew, No.: 2:17-cv-371 (S.D. Ohio Apr. 18, 2019), Ohio Judge George C. Smith granted in part and denied in part the plaintiff’s motion for spoliation sanctions against defendant Pauley Motor, denying the plaintiff’s request for an adverse inference sanction by ruling that “DriveTime has not sufficiently demonstrated that Pauley Motor acted with the requisite intent” when Bruce Pauley failed to take reasonable steps to preserve text messages when he switched to a different phone. However, he did note that “less severe sanctions are available to DriveTime under Rule 37(e)(1) upon a finding of prejudice.” Judge Smith also allowed the plaintiff to “introduce evidence at trial…of the litigation hold letter and Pauley Motor’s subsequent failure to preserve the text messages. DriveTime may argue for whatever inference it hopes the jury will draw.”

In NuVasive, Inc. v. Kormanis, No. 1:18CV282 (M.D.N.C. Mar. 13, 2019), North Carolina Magistrate Judge Patrick Auld granted the plaintiff’s motion for sanctions in part, giving the plaintiff additional time to depose and subpoena text messages from a key contact who indicated that he was unable to retrieve text messages beyond two months prior (but also refused to let the plaintiff inspect his devices). Judge Auld also recommended that, “because the record supports but does not compel a ‘finding that [Defendant Kormanis] acted with the intent to deprive [Plaintiff] of the [lost text messages’] use in the litigation, the Court submit that issue to the ‘jury, [with] the [C]ourt’s instruction[s] mak[ing] clear that the jury may infer from the loss of the [text messages] that [they were] unfavorable to [Defendant Kormanis] only if the jury first finds that [he] acted with the intent to deprive [Plaintiff] of the[ir] use in the litigation’”.

In Paisley Park Enter., Inc. v. Boxill, No. 17-cv-1212 (WMW/TNL), (D. Minn. Mar. 5, 2019), a case related to the late rock legend Prince, two defendants not only failed to disengage the auto-delete function on their phones, but they also each wiped and discarded their phone – one did it twice – since October 2017. Minnesota Magistrate Judge Tony N. Leung granted in part the plaintiffs’ Motion for Sanctions Due to Spoliation of Evidence, ordering the Rogue Music Alliance (“RMA”) Defendants to pay reasonable expenses, including attorney’s fees and costs, that Plaintiffs incurred as a result of the RMA Defendants’ “misconduct”, and also ordered the RMA Defendants to pay into the Court a fine of $10,000, but chose to defer consideration of adverse inference instruction sanctions to a later date, closer to trial.

As you can see, failing to preserve data from mobile devices led to various levels of sanctions against the spoliating parties, not to mention the effort it took to defend themselves against even more significant sanctions. Here are two considerations that you need to keep in mind to avoid the same issues that these parties encountered:

  • BYOD Policy: Many organizations support employees’ ability to use BYOD devices, but a lot of them don’t have a formal policy regarding the use and management of those devices, which includes an employee’s duty to preserve mobile device data when litigation hits. Organizations need a clear BYOD policy that emphasizes the rights of the organization and the responsibilities of the employees using BYOD devices for company use, including those associated with preservation and collection of mobile device data. (Check out this post on BYOD policies from Ipro’s eDiscovery Blues series).
  • Litigation Hold Notices: Litigation hold notices need to be extended to enforce preservation of mobile device data, including instructions to suspend any auto-deletion of text messages (as well as messages from other messaging apps) and spell out the responsibilities to preserve data from mobile devices before discarding those devices.

Just because a device is owned by an employee doesn’t mean there is any less responsibility for that employee to take appropriate steps to preserve that data during litigation. Organizations need to take control of that challenge by implementing a formal BYOD policy and ensure litigation hold notices clearly spell out the duty of custodians to extend preservation to their BYOD devices.

Next week, I’ll discuss best practices associated with BYOD policies. My first Ipro cliffhanger!

For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, feel free to follow, eDiscovery Today And as part of the continued educational partnership between Ipro and eDiscovery Today, he’ll be here in the Ipro Newsroom next week with more educational content!

3 Challenges Corporate Legal Teams Face With BYOD

corporate legal BYOD

 

3 Challenges Corporate Legal Teams Face With BYOD

JD Supra Readers Choice Top Author 2020Written by Jim Gill
Content Chief, Ipro

Today’s eDiscovery Blues comic highlights several challenges In-House legal teams might face when working with data in the face of litigation, starting with the sinking feeling that comes when you ask yourself, “Is the I.T. department being sarcastic?” That’s part of the humor here, but the answer given about simply having everyone use Snapchat as a solution for employees using their personal mobile devices for work (Bring Your Own Device or BYOD) raises several points worth discussing.

Corporate Legal Challenge #1: Mobile Devices, eDiscovery & BYOD

Mobile devices can be difficult when it comes to eDiscovery for many reasons. They contain a large variety of file-types and data intermingled with a lot of private information, which may be privileged. Extracting specific information can be difficult and imaging an entire device can be costly (read this example from recent case law for more on the pros and cons of imaging entire mobile devices).

That’s why it’s important to have policies in place to determine how mobile devices are used for business purposes, which is exactly what Rick Compliance, eDiscovery manager, was trying to do when he called I.T. above.

Corporate Legal Challenge #2: Social Media / Chat, eDiscovery & BYOD

Messaging platforms (e.g. Slack, Teams, What’s App) and social media (e.g. Facebook, Instagram, LinkedIn, Snapchat) go hand in hand with mobile devices, and we all know that business is conducted across multiple platforms and devices, sometimes simultaneously. Gaining insight into the ESI created by these can be difficult.

With social media, data can usually be requested from the source company (For example, Instagram has a data request form in its Privacy and Security settings), and chat files can be exported, but both of these can be difficult to put into a review-ready format, losing the context of the conversations held within them. And these new data sources continue to grow and be used in interesting ways, as this recent case shows: Etsy Post Leads to Arrest of Cop Car Arson Suspect in Philly.

Knowing if these platforms are a potential source of data for your organization should litigation arise is vital. Having policies in place around their use for business and alignment between Legal and I.T. should this data need to be collected is ideal.

Corporate Legal Challenge #3: Avoiding Sanctions for Mobile Data Spoliation, Including Ephemeral Data

Finally, the notion of a company telling employees to use ephemeral data messaging as part of their BYOD policy isn’t so far-fetched. And it can lead to sanctions.

In a recent case, WeRide Corp. v. Huang et al. (N.D. Cal. Apr. 24, 2020), the defendants were sanctioned under FRCP Rule 37, because they directed employees of their company AllRide to communicate using the application DingTalk internally. The CEO testified, he felt it was “more secure” than other messaging platforms; however, DingTalk allows for “ephemeral messages” that automatically delete after they have been sent and read (much the same as Snapchat, mentioned in the cartoon above).

The court’s ruling stated, “AllRide left in place the autodelete setting on its email server, began using DingTalk’s ephemeral messaging feature, and maintained a policy of deleting the email accounts and wiping the computers of former employees after the preliminary injunction issued. This practice of destroying potentially discoverable material shows both willfulness and bad faith. Based on these undisputed facts, the Court finds it appropriate to issue terminating sanctions.”

Conclusion

Mobile Data is no joke and having alignment between Legal, IT, Compliance and other stakeholders is a must before litigation arises. Without clear policies in place, there are so many ways mobile data can quickly become a problem.

For more insights into your organization’s data landscape, Download the Ipro Pre-Litigation Data Inventory Checklist now!

Ipro Pre-Litigation Data Checklist

What is In-Place Preservation and How Does It Affect Your eDiscovery Workflow

In-Place Preservation

What is In-Place Preservation and How Does It Affect Your eDiscovery Workflow

JD Supra Readers Choice Top Author 2020Written by Jim Gill
Content Chief, Ipro

There has been a lot of discussion around In-Place Preservation (IPP) over the past few years, but many in the legal industry are still unsure of its potential for eDiscovery, data privacy, and compliance.

A good first step is to define what we mean by IPP and how that changes whether you’re talking about data retention policies or legal hold.

For retention, preserving data in-place simply means you retain the data where it’s actually being used, rather than moving it to a separate archiving solution or to a separate location the way we would move paper boxes to a warehouse (which is exactly the struggle Rick Compliance is facing in this week’s eDiscovery Blues™ comic.)

For a legal hold, the goal is to ensure data is locked down automatically, without relying on the custodian to do it, so that it cannot be altered or deleted, as it’s subject to impending litigation.

As Mike Quartararo, president of ACEDS, puts it, “In-Place Preservation to me is one of those safeguards that you bake into your workflow, your eDiscovery process, and particularly the preservation process, that is really designed to make your life easier down the road. If you don’t preserve it properly upfront, the likelihood of success later down the road is reduced.”

The ability to set retention rules on enterprise email servers has been available for some time, but a challenge that organizations face today with preserving data, particularly in-place, is how to do this across the multiple data sources that are in constant use:

  • Email sources like Outlook and G-Suite
  • Messaging apps like Teams and Slack
  • Cloud repositories like Box, OneDrive, and Google Drive
  • Video conferencing apps like Zoom

These are never really frozen in time. So if data is locked or preserved in-place in response to litigation, the functionality of those tools is affected, which disrupts business.

So IPP in terms of legal hold may require creative software solutions that can preserve data in-place, while allowing regular business operations to continue. No small feat, but absolutely a reality which can push legal teams to the next level for defensibility, security, and efficiency.

Want to hear a full discussion on IPP and In-Place EDA?
Listen to this deep dive from Mike Quartararo from ACEDS, Frederic Bourget from NetGovern,
and Ryan Joyce and Jim Gill from Ipro!

eDiscovery Software Gives Distributed Legal Teams the Agility & Collaboration They Need

distributed eDiscovery teams

eDiscovery Software Gives Distributed Legal Teams the Agility & Collaboration They Need

JD Supra Readers Choice Top Author 2020Written by Jim Gill
Content Chief, Ipro

For the past several months, the legal community has had to quickly adapt to the reality of working remotely in response to the COVID-19 pandemic. Luckily, we live in a day and age where distributed eDiscovery teams can, for the most part, continue the work at hand, through the use and adoption of technology.

We’ve all become accustomed to communication through video chat platforms, and have even come to rely on these interactions, not only for teams within an organization, but for connection with the larger legal community (shout outs here to Ari Kaplan’s Virtual Lunch Series and David Cowen and his Cowen Café Series for their efforts on this front).

But more than Zoom calls keeping legal departments connected, even when they are truly “in-house” — like our eDiscovery Blues hero, Rick Compliance and his team above – it’s important to remember the eDiscovery software and both it’s security and agility which allows legal teams to not only stay in touch but continue their work.

Aaron Swenson, Product Director at Ipro, shared, “I think today, more than ever, problems that have always existed are magnified with teams becoming distributed practically overnight: the problems of agility, consistency, and collaboration. Before, co-located teams were able to walk over and talk about how to review a document or architect a review. Which seemed great, but a byproduct is that it limits consistency and review power to only the team that’s co-located. Today’s data is created by globally distributed teams, scaling up without boundaries. Approaching this problem, where review is a team sport without physical boundaries, is a perspective I think isn’t just a necessity today, but something that will give those firms embracing it competitive advantages over the long term.”

Which is why it’s so important to leverage eDiscovery technology that gives team members secure remote access for data ingestion and processing, as well as enabling collaboration with internal and external stakeholders.

That way, whether your legal team is in-house, in-office, in-kitchen, in-hotel, or in-the-backyard, the work of eDiscovery continues securely, defensibly, and seamlessly.

Read more of Ipro’s original legal comic “eDiscovery Blues” every Friday!