Category Archives: Featured

Why Do Attorneys Feel Mired in “Low-Value Work?”

attorneys low value work

Why Do Attorneys Feel Mired in “Low-Value Work?

JD Supra Readers Choice Top Author 2020Written by Jim Gill
Content Chief, Ipro

In a recent Artificial Lawyer article, they featured a survey which found that 67% of in-house attorneys at fast-growth companies felt buried in low-value work. Meanwhile, in another survey of 1,058 senior legal practitioners worldwide (conducted by EY) a third of firms with more than 1,000 employees spend nearly one out of every three hours on ‘low‑value’ tasks.

So what is at the root of being stuck in low-value work?

The surveys point to the familiar bane of legal departments everywhere: manual processes. One might think in this age of being able to manage most of one’s life from a mobile phone, the legal world would have the same things in place, but this just isn’t the case for many law firms and legal departments. eDiscovery managers might be able to see their Amazon packages arrive on their doorstep and literally say, “Thank you,” via a smart doorbell, but at their jobs still face processes and even technology from the previous decade.

A second cause noted is having to use multiple systems. Many legal teams may feel they have their challenges under control, but it may also involve a cobbled-together Frankenstein’s monster of software, services, and manual processes. This isn’t inherently bad if integrations and communications are functioning at peak efficiency. I remember one veteran eDiscovery practitioner comparing this idea to the way audiophiles might compile a stereo system: you want the best of all the components regardless of brand; all-in-one systems are for people who want convenience over quality.

But this can lead to another dilemma when it comes to “low value tasks,” which we highlighted in this week’s eDiscovery Blues: technology training. Sure, your system might work, but it requires an expert to make sure everything stays functioning (just hope that person never wants to take a vacation). That’s why ease-of-use continues to rise to the top on attorneys’ lists.

In the same survey, it noted that when it comes to legal tech, here’s what GCs want:

  • Easy adoption – 80%
  • Integrations – 57%
  • Data Insight – 43%

They want to leverage technology in order to help them do their jobs, but they don’t want the bulk of their time spent learning the technology. It’s easy to fall into the trap of spending more time trying to work less. If technology is too much of a hassle, then the tried-and-true manual processes become more attractive.

For insights into how technologists are working to solve some of these problems, I went to Aaron Swenson, Product Director at Ipro. He raised a few things legal teams should consider in order to avoid being mired down by menial tasks.

  • “They should be asking how to supercharge their teams with technology in ways that are integral to the legal process, while moving them away from having to manage operations (i.e. the ROI spent working toward business objectives vs. on business operations).
  • “They’ll also want to look for technology which makes both internal and external stakeholders/customers happier.”
  • “A goal of ours at Ipro is working toward the idea of zero training time (or at least minimal training time). The technology should be intuitive enough that an experienced practitioner can log in and within a few minutes be doing their work instead of spending it learning software.”
  • “Finally, I think it’s important that legal teams consider how data sizes are growing faster than processing technologies, which means your traditional culling workflow will eventually have to change out of necessity.”

To that last point, the need for technology in the legal world is beyond necessary. It’s time to take the next step toward solutions that work as a single source of the truth when it comes to data, connect all stakeholders both inside and outside the organization, while taking the focus off of time spent learning technology.

All of which allows attorneys to get back to the primary objective of their jobs: practicing law.


Register for this two-day virtual event for a chance to take a look at Ipro’s eDiscovery and Information Governance solutions with live Q&A sessions!

virtual road show




Considering the 5 Stakeholder Groups of the Information Governance Reference Model (IGRM)

IDRM Information Governance

Considering the 5 Stakeholder Groups of the Information Governance Reference Model (IGRM)
Written by Doug Austin, Editor of eDiscovery Today

EDRM may be best known for its Electronic Discovery Reference Model by which it’s named, which reflects the stages of electronic discovery.  Even though there is a current EDRM revision project in the works, that project appears to be focused on updating the underlying documentation of the EDRM model to reflect changes in technology, process, and the law – not the EDRM model itself.  That’s good, because it’s become the framework on which so many have based their understanding of electronic discovery – it conveys more in a single diagram about electronic discovery than any other document or infographic could.

Information Governance Reference Model (IGRM)

In recent years, the EDRM model has been updated to replace a simple circle for Information Governance with the Information Governance Reference Model (IGRM).  Information Governance (which started out as an Information Management box in the original EDRM model and was subsequently updated to an Information Governance circle) has become a term that has become popular with eDiscovery professionals and non-eDiscovery professionals alike – it has become a suitable replacement for “Records Management” that conveys the extent of electronically stored information that organizations deal with today, for which a term like “records” no longer seems to adequately fit the challenge.  Information governance is unlike any other eDiscovery phase in that it is perpetual – which is why it is represented by a circle in the EDRM model – the only phase represented as such, which the IGRM upholds with its design.

From outside in, the IGRM model reflects the stakeholders involved in information governance, an inner ring that combines the concepts of policy integration with that of process transparency and the workflow or lifecycle diagram that reflects all stages of the information lifecycle – from its creation through its ultimate disposition.  For each type of information considered for IGRM, you need to understand the Duty (Legal obligation for that information, Value (Utility or Business Purpose of that information) and Asset (Specific description of that container of information).

It’s hard to believe, but the IGRM has itself been around since 2010, for ten years now!  In 2012, EDRM announced the release of version 3.0 of the IGRM, which is the version still in use today.  In that version, EDRM – in cooperation with ARMA International and the CGOC (Compliance, Governance and Oversight Council) – included privacy and security as primary functions and stakeholders in the effective governance of information.

Complexity of Information to be Managed by Organizations Today

When IGRM was first developed, information was much more highly centralized within organizations today, but the advent of mobile devices, social media and cloud-based repositories (either managed by the organization itself or managed by third party providers) has enormously increased the complexity of information governance within those organizations.  So much activity is happening through the Internet today that the amount of activity happening every minute can be mind-boggling.

To reflect that amount of activity, Lori Lewis created an Internet Minute infographic that she has updated every year for the past several years and it’s a great reflection of the activity happening within the Internet in an average minute.  Here is a link to the 2020 infographic, which reflects things like 190 million emails per minute, 59 million messages sent every minute (on Facebook Messenger and WhatsApp combined), over 19 million text messages per minute (just on iMessage), even 1.6 million Tinder swipes every minute(!) and so forth.  Much of this is data that has to be tracked and accounted for more and more by organizations today and it continues to evolve as some of these sources were minimal to non-existent just a few years ago.

Five Stakeholder Groups of the IGRM

Adding privacy and security as primary functions and stakeholders for IGRM in 2012 brought the total number of stakeholder groups in the IGRM to five.  Each group has different goals and considerations for information within the IGRM model that differ from each of the other groups.  Here are the five stakeholder groups with their primary focus/consideration for information in parentheses:

  • Legal (Risk)
  • Records Management (RIM) (Risk)
  • Information Technology (IT) (Efficiency)
  • Privacy & Security (Risk)
  • Business (Profit)

Over the next five weeks, I’ll discuss each of them in turn: how they relate to the other stakeholder groups in terms of their goals for information within an organization, how complimentary (or not so complimentary) those goals are in relation to other stakeholder groups, their requirements for business information, considerations for addressing challenges in today’s world and so forth.  So, this is more than another Ipro cliffhanger, it’s a whole series!  Next week, we’ll begin with the goals and considerations for Legal within an organization.  See you then!


For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, follow, eDiscovery Today! And as part of the continued educational partnership between Ipro and eDiscovery Today, he’ll be here in the Ipro Newsroom next week with more educational content!

Five Considerations for Custodian Readiness Interviews in 2020, Part Two

eDiscovery Custodian Interview

Five Considerations for eDiscovery Custodian Readiness Interviews in 2020, Part Two
Written by Doug Austin, Editor of eDiscovery Today

A few weeks ago, I discussed Three Components to Assessing Your Organization’s eDiscovery Readiness from the Ground Up.  One of those components was conducting interviews of key personnel, which included interviews with at least one or two key representatives of the legal department, IT and records management departments.  Last week, I discussed the first three considerations for effective eDiscovery custodian interviews in 2020; today, I’ll discuss the remaining two.

Consider the Source(s)

I’m sure I don’t have to tell you that, in 2020, there are more sources of ESI than ever.  Mobile devices of custodians are routinely responsive in litigation, as are communications from collaboration apps like Slack and Teams (which are being used even more heavily since the pandemic began as colleagues can’t simply walk down the hall to discuss tasks and issues when working remotely).  Not to mention that data is being stored in more locations than ever to enable remote workers to get their jobs done effectively.  Here are five areas to specifically address to identify potential locations of data that might not be readily apparent:

  • Personal email: Do the custodians ever use personal email accounts to transfer company data? It could be for a completely innocent reason, but it happens all of the time, regardless of company policies regarding use of personal email accounts.
  • Mobile Devices: These days, you expect custodians to be using cellphones for company use, with many of those being Bring Your Own Device (BYOD) devices. Hopefully, the organization has a policy that governs the use of BYOD devices.  But, BYOD devices can extend beyond just the cellphone – I’ve seen many people extend email clients to their iPads or Android tablets, which must also be accounted for as well.
  • Cloud Storage and Portable Media: Do the custodians ever use Dropbox or Google Drive for sharing company ESI? Do they use flash drives or external hard drives they use for moving data or backups?  It’s likely they do, especially during the pandemic and remote work.  You need to ask specific questions about these sources, where they are and how they’re used.  Again, company policies may govern the use of these data storage mechanisms, but there is no guarantee the policies are being completely followed, so it’s important to ask about these specifically.
  • Collaboration Applications: Your organization may have selected approved apps for collaboration within the company – Slack and Microsoft Teams are the most common. However, there are a slew of other apps out there, so you want to make sure to address any potential communications through other apps or channels within approved apps outside the standard company channels.
  • Social Media: It’s not too common for custodians to share company ESI on social media, but it’s not unprecedented either, so you have to ask about that too.

Trust, but Verify

That phrase used by President Reagan repeatedly in discussions with Soviet Prime Minister Mikhail Gorbachev (actually borrowed from the Russian proverb Doveryay, no proveryay) may be “so 80’s”, but it is very appropriate today as well.  Regardless what the key employee tells you regarding their handling of ESI, you’ll want to verify that information to the extent possible.  Verification can occur in two ways:

  • Other Interviews: To the extent you’re interviewing other key employees who work in similar areas, you should tailor your questions, in part, to confirm what you’ve learned from previous interviews.
  • Employee Surveys: As discussed, this third component to assessing your organization’s discovery readiness from the ground up can flush out potential issues about which the key personnel may not even be aware. Just because the IT director has set a policy in place for the department (or the entire organization, for that matter) doesn’t mean that policy is fully being followed.  Surveys can help flush out the differences between policy and practice.

These five considerations for eDiscovery custodian interviews in 2020 will help you better assess your organization’s discovery readiness assessment when conducting interviews with the key employees in your organization.  Now, all you have to do is implement them!

For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, follow, eDiscovery Today! And as part of the continued educational partnership between Ipro and eDiscovery Today, he’ll be here in the Ipro Newsroom next week with more educational content!

Tune in to hear Doug Austin, Tom O’Connor, and Jim Gill discuss:
How to Conduct a Legal SWOT Analysis on 9/9!

Law Firm Brinks, Gilson & Lione Highlights Ipro Enterprise eDiscovery for “Ease-Of-Use”

Ipro Ease-Of-Use

Law Firm Brinks, Gilson & Lione Highlights Ipro Enterprise eDiscovery for Ease-Of-Use

Earlier this year, Suzanne O’Mahoney, Director of Paralegal Services and Litigation Support, Brinks, Gilson & Lione, shared some thoughts on why BGL chose Ipro as their eDiscovery solution.

Ease of Use. First Class Support.

We are a boutique law firm focused mainly on patent, trademark, and copyright law. Five years ago, we wanted to update our eDiscovery software from Concordance and after looking at all of our options, the litigation support group at the firm all agreed that Ipro for enterprise was the best solution, especially for its ease-of-use and Ipro’s first class customer support.

Strong Relationships

I love the people at Ipro. I am someone who appreciates good relationships, and if I have a problem, I simply pick up the phone, and Ipro responds immediately. Last year, one of our key players at the firm who handled most of litigation support needed to take family leave. Ipro stepped in and said, “Sue, we’re here for you. Here’s a number. Call us if you need anything, and we will assist and guide you while you’re shorthanded.” I appreciate that. Instead of having to outsource everything, I felt good keeping it in-house, because I had Ipro as a safety net.

A True eDiscovery Partner

Not only do I manage a department, but I’m also a user, and Ipro really listens. If I have a problem and want something changed, they say, “We’ll see what we can do.” As a client, I like that. Ipro is a true professional service partner. They make you feel like you are part of a family.


To Hear Clients Talk About the Difference Ipro for Enterprise Can Make, Watch this Video!

Ipro for Enterprise from Ipro eDiscovery & InfoGov on Vimeo.



Five Considerations for Custodian Readiness Interviews in 2020, Part 1

custodian readiness interviews

Five Considerations for Custodian Readiness Interviews in 2020, Part One
Written by Doug Austin, Editor of eDiscovery Today

A few weeks ago, I discussed Three Components to Assessing Your Organization’s eDiscovery Readiness from the Ground Up.  One of those components was conducting interviews of key personnel, which included interviews with at least one or two key representatives of the legal department, IT and records management departments.  Today, I’ll drill into that component to discuss some considerations for effective interviews in 2020.  I’ll discuss the first three this week and the last two next week.

Take Advantage of Useful Resources, Then Customize

One of the biggest challenges to custodian readiness interviews is identifying the questions to use during those interviews.  Fortunately, you don’t have to start from scratch – there are several resources out there with great example questions to start with.  Here are two of them:

  • EDRM Identification Standards: This page on the EDRM site is a terrific resource for sample questions for records management, custodial interviews and IT. Even though the questions are geared toward the Identification phase once a case has been filed, many of them are also applicable to discovery readiness assessments as well.  The list was last updated in 2011, so you’ll need to supplement these questions with others to address newer potential sources of ESI and other more recent considerations.
  • University of Florida Law Custodian Interview Form: This simple two page form is another good basic resource for custodial interviews. And, it illustrates another best practice of custodial interviews in general – record the answers in a standardized form (to the extent possible), it makes analysis of the information much easier downstream.

There are other resources out there as well.  The key is to use those resources for ideas and some of the questions you may use, but then customize where appropriate for your organization.  Certain questions in resources like these may not be applicable within your company, while the resources may not adequately address other areas unique to it.  They are great places to start to develop your own questions.  It’s also important to supplement with additional questions as needed during the interview process, as the interviews you conduct will almost always lead to follow-up questions for those interview subjects or others.  Interviewing is typically an iterative process.

History of the Position, and the Custodian

Have you ever filled out an application for something financial (e.g., loan, credit card, etc.) and they asked for additional residences if you haven’t lived in your current residence for at least two years to get a more complete picture of your residential history?  You need to take the same approach when it comes to interviewing key personnel.  It’s important to find out how long the interviewee has been in that current role, who held the position before him/her and what other positions has the interviewee held.

If the person who held the position before the interviewee is still with the company, you may want to add that person to the list of people to be interviewed and you may even need to interview prior position holders before that to get a complete picture of how data has been managed within the organization over a period of time.  And, if the interviewee has held one or more other positions that might be relevant to the information gathering exercise, you may need to expand the list of questions you ask him/her to those other areas.

Remember the Departed

No, I don’t mean the 2006 Oscar winning movie of the same name, directed by Martin Scorcese, with Leonardo DiCaprio, Matt Damon, Jack Nicholson and Mark Wahlberg – even though that was a great movie.  I’m talking about personnel that have left the organization that may have had relevant information – often, they are identified as you capture the history of the position of the key employees you interview.  While you may not be able to interview those personnel, the organization may have a policy in place to preserve their data for a period of time to ensure that any data in their possession that might be critical to company operations is still available if needed.  If so, you need to find out if the organization keeps that data, where they keep it, in what format, and for how long.  Just because the employees are “departed” doesn’t mean they’re not important to your readiness assessment activities.

Next week, I’ll discuss the remaining two considerations.  Another Ipro cliffhanger!


Be sure to tune in to hear Doug Austin, Tom O’Connor, and Jim Gill discuss:
How to Conduct a Legal SWOT Analysis on 9/9!

Why the Connection Between Biometric Data and eDiscovery Will Continue to Grow

biometric data eDiscovery

Why the Connection Between Biometric Data and eDiscovery Will Continue to Grow

JD Supra Readers Choice Top Author 2020Written by Jim Gill
Content Chief, Ipro

Everyone has been talking about the California Consumer Privacy Act (CCPA) lately, namely because the 2018 law became enforceable as of July 1, 2020. This law provides California consumers with a number of privacy-related rights, and applies to any organization that has California consumers, even if they’re not located in California.

So why isn’t there more talk about BIPA? The Illinois Biometric Information Privacy Act has been around since 2008 and “has been a steady source of litigation ever since,” according to a 2020 article in the National Law Review.

Illinois Biometric Information Privacy Act (BIPA)

BIPA regulates how “private entities” collect, use, and share “biometric information” and “biometric identifiers”, and imposes certain security requirements, noting that:

“Biometrics are unlike other unique identifiers that are used to access finances or other sensitive information. For example, social security numbers, when compromised, can be changed. Biometrics, however, are biologically unique to the individual; therefore, once compromised, the individual has no recourse, is at heightened risk for identity theft, and is likely to withdraw from biometric-facilitated transactions.”

The key obligations of BIPA require a written informed consent before collecting the data, a written retention and destruction policy of that information, prohibit profit from biometric information, and specify requirements around security.

Even more interesting is the Right to Action clause, which states: “Any person aggrieved by a violation of this Act shall have a right of action” with a potential monetary recovery for each violation.

This week’s eDiscovery Blues cartoon makes a play on a recent Illinois Supreme Court Ruling which clarified “aggrieved person” under BIPA. It also reminds the eDiscovery industry just how commonplace the collection of biometric data has become in a world of facial recognition, thumbprint ID verification, and home DNA kits.

Rosenbach v. Six Flags Entertainment Corp

In 2014, 14-year-old Alexander Rosenbach went on a school trip to Six Flags Great America, who had begun using a fingerprint scan for all season pass holders. The pass had been purchased online, and when his mother asked Alexander for the paperwork related to the pass after he returned home, he said, “it’s all done by fingerprint now.”

The original complaint states, “Neither Alexander, who was a minor, nor Rosenbach, his mother, were informed in writing or in any other way of the specific purpose and length of term for which his fingerprint had been collected. Neither of them signed any written release regarding taking of the fingerprint, and neither of them consented in writing ‘to the collection, storage, use, sale, lease, dissemination, disclosure, redisclosure, or trade of, or for [defendants] to otherwise profit from, Alexander’s thumbprint or associated biometric identifiers or information.”

However, two years later, the Appellate Court overturned the lower court’s ruling in favor of the plaintiff, noting “a plaintiff is not ‘aggrieved’ within the meaning of the Act and may not pursue either damages or injunctive relief under the Act based solely on a defendant’s violation of the statute. Additional injury or adverse effect must be alleged.”

So, the issue at hand becomes injury or adverse effect as a result of the collection of biometric data, and not simply a “technical violation” of BIPA.

This was settled by the Illinois Supreme Court in 2019 when they overturned the Appellate Court’s ruling, noting that having one’s rights violated as defined by BIPA was sufficient to be considered aggrieved.

They also pointed out that the protection of individual biometric data was the purpose of the law, and that “to require individuals to wait until they have sustained some compensable injury beyond violation of their statutory rights before they may seek recourse…would be completely antithetical to the Act’s preventative and deterrent purposes.”

Biometric Data and eDiscovery

An important thing to consider is data knows no borders. With the growth of new technology which collects biometric data, it’s easy to see where it becomes potentially discoverable under litigation. As more states consider individual privacy laws, along with those which exist in Europe and other jurisdictions, compliance becomes more of a challenge, especially for global organizations.

Manual processes aren’t defensible, so having proper tools in place to ensure compliance with notifications, as well as retention and destruction policies, are vital. As this ruling under BIPA shows, saying “no harm, no foul” isn’t enough.


To learn more, listen to this discussion of Biometric Information and other new data sources with Judge Ron Hedges!

The 5 W’s of Organization Data Maps

Organization Data Maps

The 5 W’s of Organization Data Maps
Written by Doug Austin, Editor of eDiscovery Today

Last week, I discussed what a Data Map is, why it’s important, four best practices for better Data Mapping and drivers for updating your Data Map in 2020.  This week, I’ll talk about what information needs to be in your Data Map.

What, Where, When, Who, Why

As I noted last week, the Data Map doesn’t have to be complicated.  It can be as simple as a spreadsheet (or series of spreadsheets, one for each department or custodian, depending on what level of information is likely to be requested). Even the data elements you need to track can vary, depending on the requirements of your organization.  But, regardless of where it’s kept or what data elements, your Data Map needs to answer the “5 ‘W’s” associated with your organization’s data – What, Where, When, Who and Why – as follows:

  • What data is being stored?: Examples include data types like email, work product documents, audio/video files, databases, texts, collaboration data, social media content, cloud based platforms, hard copy documents – and potentially much more.  It’s important to identify a standard list of as many of the data types you can up front while remaining flexible to adding data types when interviewing specific custodians who may be tracking certain types of data not being tracked elsewhere.
  • Where is it being kept?: In other words, what physical location or device location does the data reside.  Examples could include everything from accounting file room/file server/software application to workstations checked out to individuals to even Bring Your Own Device (BYOD) devices like iPhones.  Again, it’s a good idea to start with specific standard classifications that you can supplement as you gather more information.
  • When do we need to keep/destroy it?: Of course, that includes retention/destruction schedules and when the information was created in the first place, so you know what data is ready for destruction.  Your Data Map should be able to point you to those ten year old accounting reports that need to be deleted or shredded because you’re only required to retain them for seven years; in fact, if you’re maintaining and tracking your Data Map regularly, those reports should be long gone before then.
  • Who is responsible for the data?: The specific custodian or department responsible for it; for example, Payroll keeping pay stubs, the HR coordinator keeping health insurance forms, etc.  Those are the obvious ones, especially within your organization’s facility or servers.  What about responsibility for maintaining/archiving collaboration conversations on Slack?  Or responsibility for customer data on Salesforce when you may receive Data Subject Access Requests (DSARs) from individual customers for whom you’re tracking data that may be subject to General Data Protection Regulation (GDPR) privacy laws?  Those data sources have to be addressed as well, among many others.  In fact, for GDPR purposes, you may need to identify both the controller and the processor of the data in question – if you don’t know the difference, click on the GDPR link in this paragraph for more information.
  • Why are we keeping/tracking it?: If you can’t come up with a good answer for this, then maybe the data should already be deleted.  After all, according to the Compliance, Governance and Oversight Counsel (CGOC), 69 percent of organization data has no business, legal or regulatory value.  In other words, as I discussed in Part One of my post about “Eight is Enough! Eight Considerations for Defensible Deletion”, that data is Redundant, Obsolete and/or Trivial (R.O.T.). The best reason to create a Data Map in the first place is to identify as much of that data as possible and get rid of it.

Resource for Data Mapping Templates

As I said, the specific data elements you track in your Data Map may vary considerably, depending on your organization.  But, is there a resource for some ideas, even templates to get started with your Data Mapping?  There is.

In advance of enforcement of the GDPR, the site Demplates published an article with “10+ Print-Ready Templates” for GDPR Data Mapping here.  It’s a great resource that not only provides several downloadable templates for Data Mapping to support GDPR obligations; it also provides some additional best practices and considerations as well.  Consider reviewing several of those examples to get ideas on what to track within your own organizational Data Map.  The rest is up to you!

For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, follow, eDiscovery Today! And as part of the continued educational partnership between Ipro and eDiscovery Today, he’ll be here in the Ipro Newsroom next week with more educational content!

Why Legal Departments Need a Tech Translator for Privacy, Compliance & eDiscovery

Legal Privacy Tech

Why Legal Departments Need a Tech Translator for Privacy, Compliance & eDiscovery

JD Supra Readers Choice Top Author 2020Written by Jim Gill
Content Chief, Ipro

There is no denying that communication (or the lack thereof) can be an obstacle when it comes to reaching objectives. For a global organization this can mean the literal languages between stakeholders in different countries, but it can also mean the way different groups communicate through various terminologies (this week’s eDiscovery Blues™ highlights the often-cited problem of misunderstandings between legal and IT).

In a recent webinar, I discussed this topic with Hugo Teufel, Chief Privacy Officer at CenturyLink and Ryan Joyce, VP of Strategy at Ipro. Here are a few highlights from this conversation.

Translating Global and Departmental Cultures

“With respect to privacy, it is important to understand the differences in culture,” says Hugo Teufel. “You can count on the Germans and the French to be very focused on data protection, and on fundamental rights and freedoms, while the Brits and the Dutch come to mind as having a more pragmatic approach. And even within the United States, there could be actual cultural differences between, say, the South and the Northeast, or the Midwest, the Southwest, West, and the Pacific Northwest.”

There are also the different cultures between departments – legal, IT, compliance, privacy, business – who often speak different “languages,” and it’s helpful to have a tech translator who understands the needs of everyone involved.

Teufel adds, “It’s important to appreciate that when the IT folks say policy, they may be referring to automated processes, and when the lawyers talk about policies, they may well mean command media or writing a document that lays out how you’re supposed to do things.”

How Technology Can Help

By using technology with strong reporting capabilities, the legal team will be able to gain deep insight into data and begin evaluating ways to operate more efficiently. You’ll also want to find a solution that can easily move data from its source into analytics and review, while being able to handle the different data types (both cutting edge and legacy) your organization works with. It’s also important to find a technology partner who can create transparency between departments (both internal and external), as well as members within the legal team, which can lead to repeatable, measurable results.

“Having insights across all your enterprise data is needed,” says Ryan Joyce, “because it’s hard to report on what you don’t know. Whether it’s mail file servers, laptops, cloud storage like OneDrive or SharePoint or Box, or collaboration tools like Slack or Teams, or even cell phones.”

Joyce continues, “You need really good reporting to break all this down and translate it for the various departments like legal, risk, compliance, IT, and even the executive team. And you need the reports to be understandable by the various stakeholders within each of those groups. Hopefully your technology can do it for you. If not, then you have a lot of manual work to do.”

Considerations for Data Insights

Here are a few of the things you’ll want to report about your data to stakeholders, both within and without of legal:

  • What Data Exists
  • How Much Data Exists
  • Where is it Stored
  • Who Has Access
  • How is it Managed
  • What are Retention and Deletion Policies
  • What Source Systems Contain Unstructured Data
  • Is There Legacy Data Which Could Pose Challenges

Updating and Re-Establishing Communication

Once good communication and collaboration is established, regular meetings or check-ins may be needed to clarify any issues between those stakeholders which may arise as a result of implementing new processes.

Which is why it’s helpful for your tech translator to act as a liaison who can bridge the gap between Legal, IT, and other business units to help identify obstacles to communication that may be getting in the way of efficiency, as well as building the trust, alignment, and transparency needed for an agile global response regarding compliance, risk mitigation, privacy, and litigation.


Listen to the Full Webinar with Hugo Teufel and Ryan Joyce Here!

#2 Bridging the Gap: How In-House Legal Depts Can Effectively Communicate with IT, the C-Suite & Outside Stakeholders from Ipro eDiscovery & InfoGov on Vimeo.



It’s Time to Update Your Organization’s Data Map

data map

It’s Time to Update Your Organization’s Data Map
Written by Doug Austin, Editor of eDiscovery Today

Déjà vu all over again!  A few weeks ago, I wrote about updating your “SWOT” analysis (Strengths, Weaknesses, Opportunities, and Threats) matrix to understand how your organization is addressing opportunities and threats associated with a specific business objective and how those opportunities and threats have changed significantly with the onset of the COVID-19 pandemic.  And, we have a webinar coming up about it too!  But, that’s not the only organizational document you need to consider updating.  It’s time to update your organization Data Map too!  If you even have one, that is.

What is a Data Map and Why is it Important?

As the name implies, a Data Map is simply a guide to the location of data throughout the organization and important information about that data, such as the business units, processes and technology responsible for maintaining the data, as well as retention/deletion periods for that data.  It goes hand in hand with your organization’s retention schedule and other policies for handling sources of information and devices that contain them, such as your organization’s Bring Your Own Device (BYOD) policy.

BTW, the term “map” is a misnomer, at least in today’s world.  While an organization’s data locations could have once mostly reflected an IT network map of data stores, there are too many remote data stores and sources being used – mobile device data and cloud-based providers, for example – to really “map” the data these days.  Your organization’s data “map” could be as simple as an Excel spreadsheet of data sources to a complex database of sources, custodians and locations.  It could also be supplemented by knowledge management platforms, like SharePoint.

If your organization is involved in a lot of litigation, having an up-to-date organization Data Map has always been vital to being able to get a jump on identifying, preserving and collecting potentially responsive ESI.  Data maps enable you to: 1) avoid missing potentially important ESI in your preservation and collection efforts, and 2) more accurately estimate timelines and budget for those efforts.

However, because of Europe’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and data privacy laws from many other states and countries, Data Maps have become much more important for any organization, regardless whether they have a lot of litigation or not.  Rights for individuals that include the right to be informed, the right to be forgotten and the right to restrict processing have made it important for every organization to identify any Personally Identifiable Information (PII) and subsets of PII such as Protected Health Information (PHI) wherever it may be maintained.  If you’re an organization that has a customer base of any size, there is simply no reason not to have a Data Map these days.

Four Best Practices for Better Data Mapping

Whether you already have an organizational Data Map or are looking to create one for the first time, here are some best practices for better Data Mapping:

  • Get Commitment from Departments Early: This includes any department with potentially important ESI to litigation, investigation and compliance activities, including legal, IT, records management, InfoSec (if separate from overall IT management), finance and relevant business units. Your Data Mapping effort can only succeed if the right departments are represented and they are committed to the process.
  • Document and Train: Your Data Map and instructions for maintaining it need to be clear and they need to integrate with other policies and procedures, such as retention schedules and BYOD policies. Anybody who possesses data within your organization (i.e., everybody) should be trained on those Data Map instructions and policies.
  • Communicate Frequently: There’s nothing worse than beginning the custodian interview process and finding out there are entire systems and data stores that haven’t been documented, so each department needs to identify any new initiatives that may affect existing data stores or create new ones.
  • Keep it Evergreen: No, that has nothing to do with Christmas trees, it involves a regular process of keeping the Data Map current so that it can accurate when a case begins, an investigation is launched, an audit is filed, etc.

Drivers to Data Mapping in 2020

So, why could it be time to create or update your organization Data Map?  Here are two drivers for consideration:

  • Data Privacy Laws Continue to Evolve: While California gets all the attention with CCPA, many other states have either implemented or proposed new or updated data privacy laws in the past couple of years. Some (like Hawaii, Maryland, Massachusetts, Mississippi, New Mexico and Rhode Island) have proposed laws that are virtually identical to the CCPA; while others (like Arizona, Massachusetts, Mississippi, Nevada, New Jersey, New York, Virginia, Washington) have proposed laws with key differences.  Not to mention, we are only beginning to see how the laws will be enforced.  It will take a concerted effort to stay on top of all the changes and how they will potentially impact your organization Data Map.
  • Remote Work During the Pandemic Has Reshuffled the Data Location Deck: Certainly, while some of your data custodians may have already worked at home all or part of the time, many have only been doing it since the pandemic began and they may be having to access certain data sources vital to their business functions in different locations. Even for Office 365 organizations, certain employees may be keeping more data local than they have in the past, or they may be storing more data in different cloud resources, via third party platforms such as Dropbox.

Chances are your organization Data Map needs at least some adjustments to reflect current data locations since the pandemic began, so it’s time to update it!  Next week, I’ll discuss some of the types of information you should include in your Data Map to keep track of the what, where, when, who and why associated with your organization’s ESI.  Another Ipro cliffhanger!

For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, follow, eDiscovery Today! And as part of the continued educational partnership between Ipro and eDiscovery Today, he’ll be here in the Ipro Newsroom next week with more educational content!

Robots Are Your Friends: The Need for Artificial Intelligence in eDiscovery

artificial intelligence eDiscovery

Robots Are Your Friends: The Need for Artificial Intelligence in eDiscovery

JD Supra Readers Choice Top Author 2020Written by Jim Gill
Content Chief, Ipro

I saw this headline on another legal blog a few days ago: AI may be your new Co-Worker! Which of course led to this week’s eDiscovery Blues™ cartoon. For years now, people have been talking about the Rise of the Robot Lawyers in the legal tech industry, but so far, Skynet still hasn’t happened.

In fact, a 2020 survey by Deloitte found that of 1300 CIOs who participated, 60% said Artificial Intelligence (AI) “would assist rather than replace workers.” And there’s no doubt we can use the help.

With the continued growth of data, human efforts alone won’t be enough to manage all of the information created by individuals, businesses, and government agencies. Doug Austin at eDiscoveryToday just published a great piece on Artificial Intelligence (AI) and its effect on eDiscovery.

He states that we can expect “463 exabytes (over 463 million terabytes!) of data to be created each day globally by 2025. Artificial Intelligence (AI) plays a big part of that reason for the mushrooming growth of personal data.  It’s a big mess. Now, with data privacy laws strengthening, since AI helped get us into this mess, can it help get us out?”

In eDiscovery we’re already well aware of the various types of machine learning – clustering and predictive coding are the most prevalent – which legal teams can use to cull large datasets, identify PII, and locate responsive Electronically Stored Information (ESI). But there are still many in-house legal teams and law firms out there who try to apply more manual workflows to these situations without recognizing the value AI can bring.

It’s difficult to put an exact dollar-amount on how much savings a particular technology creates for legal teams, because every matter is unique, with infinite variables involving discovery parameters, data volume, and data types. But Stephen Goldstein, Director of Practice Support at Squire Patton Boggs, speaking at the 2019 Ipro Tech Show, gives a general breakdown of how using predictive coding adds value.

“If you start with 500,000 documents—and they’ve already been de-nisted and threaded, and you’ve gotten down to the core of the data you need to work with—a very good keyword approach would reduce that by about 65%, and you’d still have 175,000 documents. If that is sent to a managed review service, they could plow through them for a charge of around $180,000 for that kind of project, give or take. And that is assuming none of that work comes internal to lawyers who bill $400 an hour but is based on a $40 an hour charge.

“The predictive coding scenario is one that I’m very familiar with, and it’s one that we use. We would probably get an 85% reduction in the data, with fewer documents to review, at a far less cost. And we would have the benefit of that technology being in place to help with QC.”

This benchmark of saving a dollar for every document not sent for outside review – or as I heard one attorney say “a buck a doc” – is important to remember for both corporate in-house legal teams and law firms alike. But to do that with such large datasets, while protecting PII and meeting compliance requirements, you must leverage technology. No need to fear the robot overlords – say hello to your new AI assistant.


Learn more about Ipro’s AI & Advanced Analytics!

Ipro for Enterprise from Ipro eDiscovery & InfoGov on Vimeo.