Category Archives: Featured

Legal Hold: You’ve Gotta Know When to Hold ‘Em, Know When to… Release ‘Em

Legal Hold Release

Legal Hold: You’ve Gotta Know When to Hold ‘Em, Know When to…Release ‘Em
Written by Doug Austin, Editor of eDiscovery Today

With all due respect to the late Kenny Rogers and his famous song The Gambler, maybe he would have written a completely different song if he was an eDiscovery professional.

Regardless, in eDiscovery circles, we talk a lot about best practices associated with implementing a legal hold in your organization and what you need to do to meet your preservation obligation, which (as you hopefully know) can begin well before the case is actually filed – it begins when there is a reasonable anticipation of litigation.

For example, if a current or former employee files a claim for discrimination with the Equal Employment Opportunity Commission (EEOC) regarding alleged discrimination by your organization against that employee, that’s probably a reasonable time to anticipate that allegation may eventually lead to litigation and act accordingly to implement a legal hold.

And, implementing legal holds includes the step of sending out hold notices to custodians with potentially responsive data, with explicit instructions regarding steps to preserve ESI, including suspension of any auto-delete mechanisms for email and other messaging platforms, including texts. As I discussed last week, that includes potentially responsive ESI contained on BYOD devices of the custodians.

By the way, people use the term “litigation hold” and “legal hold” interchangeably. I prefer the term “legal hold” as they can be used for non-litigation events as well – for example, regulatory audits – where it can be just as important to preserve ESI related to the audit as it can be to do so for litigation cases.

However, not too many people out there talk about best practices for releasing legal holds.  With so much data in organizations, it’s more important than ever to enforce retention and destruction policies to manage that data effectively, so releasing legal holds can be very important to an organization to reduce costs that might otherwise be required to keep that data indefinitely.

With that in mind, let’s discuss three opportunities for releasing custodians from a legal hold and two caveats to keep in mind before you release those custodians.

Opportunities to Release Custodians from a Legal Hold

You could have reasons to release custodians from legal holds through the case.  Here are three opportunities when you can consider releasing custodians from a legal hold:

  • When the Case Ends: When a case ends through dismissal, settlement or verdict, you can release the legal hold for the custodians related to that case. Obviously, right?  However, the ending of a case doesn’t necessarily mean that the ESI can be released as you’ll see in the first caveat below.
  • When the Custodian Isn’t Deemed Relevant After Analysis: It’s very common to start with a broad group of potential custodians at the beginning of a legal hold and then pare down as you can begin to learn more about what ESI they have and whether any of it is potentially relevant to the case or not. As you determine that particular individual custodians clearly don’t have data relevant to a given case (typically after a custodian questionnaire or interview process), then you can release them after that determination.  Just make sure you keep good documentation about that process and the rationale for those decisions in case you have to justify those decisions to opposing parties – or to the court.
  • When the Custodians Can be Released Due to Agreement or Court Ruling: One of the components to agree upon during the meet and confer is the scope of custodians and, hopefully, you can agree with opposing counsel on that scope, thus enabling you to release any custodians eliminated from that scope. If the parties can’t agree and the Court has to rule on scope, that becomes the milestone for determining for which custodians in question you can release legal holds and when.

Two Caveats for Releasing Legal Holds

While the three opportunities above are times when you can consider releasing custodians from legal holds, here are two caveats to consider:

  • ESI May Be Relevant to More Than One Case: It’s not uncommon for ESI to be relevant to more than one case. For example, in a series of product liability cases, correspondence regarding a company’s product quality assurance processes may be relevant to all of those cases.  The releasing of a custodian in one case doesn’t necessarily change the status of that potentially relevant ESI for other cases.  This is why legal holds need to be issued per case and tracked per case and instructions need to be clear to custodians as to their responsibilities to continue to preserve the ESI for cases that remain active.
  • Departed Custodians May Still Be Relevant: A custodian may leave your organization, but they still may possess relevant data. In those instances, it’s important that policies and procedures establish the organization’s rights and the custodian’s responsibilities to preserve that data.  This could include an organization’s rights to preserve and collect data from BYOD devices that the custodian used for work purposes.  Clear policies and procedures may ensure proper preservation of relevant ESI, or they may be your best defense if a custodian “goes rogue” and spoliates ESI once he/she departs from the organization.

Here’s a good example of a Release of Legal Hold Notice, courtesy of the Association of Corporate Counsel.

You’ve gotta know when to hold ‘em and, just importantly, know when to release ‘em.  Don’t “gamble” with your legal hold decisions, keep good documentation so you can justify your hold releases.  And, RIP, Kenny Rogers, we miss you.

For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, feel free to follow, eDiscovery Today! And as part of the continued educational partnership between Ipro and eDiscovery Today, he’ll be here in the Ipro Newsroom next week with more educational content!

How to Get Flawless Productions Every Time: eDiscovery Production Checklist

eDiscovery Productions Checklist

How to Get Flawless Productions Every Time: eDiscovery Production Checklist

JD Supra Readers Choice Top Author 2020Written by Jim Gill
Content Chief, Ipro

I’ve heard stories like this from attorneys and paralegals more than once: opposing counsel sends a large production of documents in a single PDF. I’ve even heard a version where the production was sent with all of the emails in one PDF, the email attachments in a second PDF, and none of the metadata was sent at all.

Obviously, the solution for managing something like this isn’t a wild conglomeration of monitors stacked up in the attempt to give reviewers a clear view of everything in that never-ending PDF (plus, as this week’s eDiscovery Blues™ comic reminds us, it’s a fire hazard).

So what can you do?

Rule 34 of the Federal Rules of Civil Procedure (FRCP) establishes the guidelines for producing Electronically Stored Information (ESI). It states that productions must be put into “a reasonably usable form,” and that the requesting party:

  • Must describe with reasonable particularity each item or category of items to be inspected;
  • Must specify a reasonable time, place, and manner for the inspection and for performing the related acts; and
  • May specify the form or forms in which electronically stored information is to be produced.

In other words, “To get what you want, you have to ask for it.”

Use this eDiscovery Production Checklist to ensure productions are better than “reasonably usable” every time.

eDiscovery Production Format Checklist:

(Sources: Ipro Training, Vorys Legal, EDRM)

⇒ Documents should be produced as black & white TIFF images at 300 dpi named with the unique Bates number for that page.

⇒ ESI that cannot render to useable TIFF images (e.g. Spreadsheets, Presentations, Video files, Audio files, etc.) should be produced in native format, named with a unique Bates number and corresponding Bates-numbered TIFF image placeholder.

⇒ Scanned paper documents should be produced with logical unitization (i.e. distinct documents should not be merged into a single record, and single documents should not be split into multiple records).

⇒ Extracted text for all non-redacted electronic files containing searchable text should be produced, and all non-searchable or redacted files should be OCR’d. Native files should contain the text of the document and not the OCR version of the TIFF image placeholder.

⇒ Produced documents, images, and placeholders should include sequential Bates numbering, with prefixes consistent throughout all documents.

⇒ Extracted metadata should be produced, including the following fields:

  • Beginning and Ending Bates Number
  • Beginning and Ending Attachment with Bates Number
  • Page Count
  • Custodian
  • To, From, CC, BCC, Subject
  • Sent and Received Time Stamp
  • Document Folder, File Name, Title, Extension, Author
  • Date/Time Created, Last Modified
  • MD5 Hash
  • Privilege Designation

⇒ For paper documents, produce the following objective coding fields:

  • Beginning Bates number
  • Ending Bates number
  • Beginning attachment Bates number
  • Ending attachment Bates number
  • Source/custodian

⇒ Work with your eDiscovery Technology Vendor to ensure the highest quality productions

 

To learn more about how Ipro can help your organization
read this case study featuring Lightspeed Legal:

“We’ve done hundreds of productions using Ipro & the level of quality to DOJ specifications is unparalleled.”
Rith Kem, Chief Strategy Officer at LightSpeed Legal

 

5 Considerations for Creating an Effective BYOD Policy

Creating an effective BYOD policy

5 Considerations for Creating an Effective BYOD Policy
Written by Doug Austin, Editor of eDiscovery Today

A couple of weeks ago, I discussed three cases here that illustrated the importance of having a strong Bring Your Own Device (BYOD) policy in your organization to minimize security risks.  Today, I’ll discuss best practices associated with BYOD policies and even provide a couple of links to sample BYOD policies that you can use as a starting point to develop your own organization’s BYOD policy or confirm that your existing policy “covers all of the bases” in protecting your organization.

The Stats Associated with BYOD

According to this report, 85 percent of organizations enable BYOD.  76 percent of them enable it at least for employees and those organizations and others also enable it for contractors, partners, customers and suppliers.  Organizations embrace BYOD because it increases employee mobility (74 percent of respondents), employee satisfaction (54 percent) and reduces costs (49 percent).

However, 51 percent of respondents stated that the volume of threats targeting mobile devices is increasing, following the rise of BYOD and mobile data access.  Also, 43 percent of respondents didn’t even know if devices accessing corporate data were infected with malware.  And, just a few years ago, as few as 39 percent of companies actually had a formal BYOD policy.  39 percent!  While that number has probably gone up, it illustrates just how much of a “wild west” the use of BYOD devices has been in many organizations.

5 Considerations for Creating an Effective BYOD Policy

If your organization doesn’t have a BYOD policy, because of the COVID-19 pandemic, there has never been a better time to implement one. Nonetheless, here are some of the considerations you should address to establish proper use of BYOD devices by your employees and any other parties that might have access to organization resources.

  • Require Passwords on All Devices Used for Company Work: I know you’re saying “no duh!” but there are still people out there who could be using older devices with older operating systems (especially with all of the additional remote access during the pandemic) that don’t require the device to be secured with a password. Most newer OSs require a password to be set for the device, so this may not happen that often, but you want to explicitly require passwords on all BYOD devices.  You may also want to establish a requirement for strength of passwords, when appropriate, and maximum amount of idle time for the device before it automatically locks.
  • Establish Lists of Approved and/or Banned Apps: Have you heard all of the recent concern about the app TikTok and privacy concerns? Last week, Amazon told workers to remove the app from their devices or risk losing access to company email, then apparently called that directive a “mistake.  Regardless of what you think of TikTok, there are apps out there that are known security risks.  Your IT department should stay up-to-date on which apps might be at risk, keep updated lists of banned apps within the organization and communicate those changes regularly.  Or consider even getting more restrictive by providing a list of approved apps (and a procedure for requesting apps to be evaluated for addition to the list).
  • Provide Security Software: To the extent that individuals are accessing company resources, they should be doing it through secured means. Securing access through a Virtual Private Network (VPN) or Remote Desktop Protocol (RDP) is a must for any resources not accessed through secured cloud platforms.  In addition, it’s a good idea to consider implementing a Mobile Device Management (MDM) solution to directly administer mobile devices to segment business data and use from personal data and use.
  • Establish a Policy for Use of BYOD Devices During Legal Holds: This is a “no, duh!” tip for eDiscovery professionals, but most people don’t even think about the potential for their BYOD device to contain unique data, even if instructed to preserve all data. The BYOD policy should, in general, explicitly state the rights for the organization to access the BYOD device, which should include the need to preserve and collect data during legal holds.  It also should cover things such as discontinuing auto deletion of texts and messages within messaging apps (which could even include discontinuing using ephemeral messaging apps if they don’t provide an option to keep the messages indefinitely) and coordinating with the organization before replacing your device to capture data from it first.
  • Force Acknowledgement of the Policy and Policy Updates: In other words, require employees (and anyone else with access to company resources) to sign a copy of the policy to acknowledge that they have read and understood the policy. You also may need to consider having them sign periodically to acknowledge significant updates to it as well.  Not only is it important to hopefully avoid incidents of evidence spoliation, but it also can at least illustrate that your organization has communicated and confirmed an understanding of the policy from individuals, which could be important to defend against significant sanction if spoliation does occur.

Examples of BYOD Policies

There are too many best practices to cover in one blog post, but there are several FREE examples of BYOD policies available on the web to provide ideas regarding what to cover in your organization’s BYOD policy.  They cover several additional best practices to address, including support, reimbursement of costs, handling of lost/stolen/damaged equipment and termination of employment.  Here are links to two of them, courtesy of SHRM and IT Manager Daily.  These and others can be terrific starting points for creating your own BYOD policy, but your policy should be unique to the needs and challenges of your particular organization and you should not only customize it to your needs, but evaluate it periodically and update it as necessary to ensure it continues to cover and protect your organization as much as possible.

For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, feel free to follow, eDiscovery Today And as part of the continued educational partnership between Ipro and eDiscovery Today, he’ll be here in the Ipro Newsroom next week with more educational content!

More than Drawing a Black Box: How to Get Redactions Right for eDiscovery Production

How to Get eDiscovery Redactions Right

More than Drawing a Black Box: How to Get Redactions Right for eDiscovery Production

JD Supra Readers Choice Top Author 2020Written by Jim Gill
Content Chief, Ipro

For most people, redacted documents are the material of spy movies and political scandal. But here in the world of eDiscovery and FOIA requests, they’re a part of everyday life. But that doesn’t mean they’re to be taken lightly! Failure to redact documents or to make sure that redacted content is produced in its redacted format can be case ending (and job ending for the person responsible for the error).

The most common reason this happens, is because law firms and government agencies are taking the “redact by hand” route instead of using tools that properly manage productions to ensure documents meet the expected requirements, making sure the information meant to be kept private is hidden.

Even with redaction technology in place, some file types (like spreadsheet documents) can be difficult to redact, as we see in this week’s eDiscovery Blues™ comic. These challenging file types result in the litigation support or FOIA personnel using Microsoft Office and Adobe Acrobat to draw black boxes over the sensitive material, which is fine if the documents are going to be printed to hardcopy but doesn’t actually redact the digital information from the file.

In one 2019 grand jury filing, a member of the press was able to defeat these types of manually created redactions by simply copying the black-out boxes and pasting the text into a new document, which also brought over the text and metadata.

So how can you make sure redactions on digital documents are done correctly?

“That’s kind of the challenge: picking the right tool for the right job,” says Derek Miller, VP of Business Development at Ipro. “Anyone doing redactions and producing redacted documents needs to understand how these tools work and build measures into their processes to avoid this type of mistake. But mainly you want to make sure you have the right tools in your toolbox. Which means using software that’s specifically designed to redact and produce those redactions accurately.”

Here are a few things to look for in software to ensure accurately produced redactions:

  • Automatically re-OCRs documents to remove the text under the redaction
  • Runs validations to make sure the redactions are burned in and the text is correct
  • Creates layered redactions so multiple production sets can be sent to multiple parties

Along with those functions, some eDiscovery software has added protections which identify documents which may need another layer of review before they’re produced. It’s similar to when your email platform asks if you want to send without a subject line or asks if you’ve forgotten an attachment.

One example of this is Ipro’s Production Shield™, which identifies these documents during the validation phase of the export process, giving administrators the opportunity to correct conflicts and ensure only appropriate documents are produced.

The main thing to remember when dealing with Electronically Stored Information (ESI) is that what you see on the screen is only the surface of the existing data. The same goes getting redactions right for eDiscovery: Just because all you see is a black box, doesn’t mean everything that lies beneath has disappeared.

Ipro’s Production Shield™ is available on Ipro’s Enterprise™ and Desktop™ eDiscovery Solutions.

Ipro Announces the Acquisition of NetGovern, Driving Innovation Across Information Governance & eDiscovery

ipro netgovern acquisition

Ipro Announces the Acquisition of NetGovern, Driving Innovation Across Information Governance & eDiscovery  

Ipro Tech, LLC, the leader in eDiscovery, Case Management, and Trial technology, is excited to announce the acquisition of NetGovern, a leader in Information Governance, Risk, and Compliance software.

Joining these two global companies and their technologies will provide the most innovative workflow in the legal industry, extending across the entire Electronic Discovery Reference Model (EDRM) from Information Governance, to In-Place Early Data Assessment, through eDiscovery and beyond. The companies complement each other perfectly by combining Ipro’s 30-year legacy of focus on law firms, government, and legal service providers with NetGovern’s deep expertise in corporate verticals, including healthcare, public sector, financial services, manufacturing, and transportation.

Evolving market dynamics and customer needs around continued enterprise data growth were the main drivers for this combined effort. As concerns grow regarding compliance, security, and risk management, the significance of economic consequences presents the business impact of properly managed data through the eDiscovery process, and the customer benefit of an integrated solution spanning the entire EDRM becomes even more compelling.

Data is growing at an exponential rate, reaching over 175 zettabytes in the next few years. This growth drives unprecedented challenges across enterprises with concerns ranging from compliance to security to risk management, and ultimately eDiscovery. The economic impact of managing these issues, breaches, and judgements is also spiraling. As Ipro studied these factors with our customers, it became clear that an integrated solution spanning from information governance to discovery would be necessary.

The journey between Ipro and NetGovern began with the January 2020 announcement of a strategic partnership between the two companies, with a focus on the development of integrated capabilities to address rising challenges, allowing real-time access to multiple sources of unstructured enterprise data from one single interface. Those early efforts were so well received by customers that a merger of the companies became the next logical step to drive customer value.

The result of this acquisition empowers IT, HR, and Legal teams to make better informed decisions prior to collecting or duplicating Electronically Stored Information (ESI) from file shares; email servers like O365, Exchange, and Gmail; messaging and chat systems like Slack and Teams; cloud shares like Box and OneDrive; and other data sources, while combining Ipro’s best-in-class eDiscovery capabilitiesincluding data processing, enhanced visual analytics, and intuitive document review – creating the industry’s most flexible, scalable, and powerful eDiscovery experience.

With solutions extending across the entire EDRM – from Information Management and Governance, to Review and Production, and all points in between — legal teams will be able to perform investigations for litigation and internal matters, assess compliance and security risks, place and manage legal holds, defensibly preserve data, respond to subpoenas and public record requests, and ultimately work with outside counsel to prepare for settlement or trial, all while securely protecting enterprise data and intellectual property.

“We are thrilled to combine the strengths of these two companies,” shared Dean Brown, CEO at Ipro Tech, “and we are positioned to take a competitive advantage as the leader in Information Governance and eDiscovery by incorporating NetGovern’s solutions, people, and knowledge into the Ipro family. By integrating these technologies, we will empower corporations to gain control over their data and lower the costs related to data security, compliance, investigations and litigation through the use of in-place indexing and analysis, data connectors, smart collections, and advanced analytics.”

“Ipro and NetGovern have a tremendous amount of experience and synergy, capitalizing on our time in the industry, our solutions, and the customer base we serve,” said Pierre Chamberland, Founder & CEO of NetGovern. Chamberland added, “With all of the functionality, expertise, and development resources that both companies bring to the table, it’s the best time to join these two innovators.”

As of this announcement, Chamberland will transition into his new role as Chief Innovation Officer of Ipro.

Ipro is committed to working closely with their NetGovern colleagues to maintain and strengthen all the great things that NetGovern’s clients and partners love about them today.

With each release moving forward, clients of both solutions will see the benefits of integration with streamlined workflow options, ultimately resulting in the goal of providing a single, scalable solution to meet and exceed industry demands at all stages in the Information Governance and Litigation lifecycle.

 

About Ipro Tech, LLC:

Ipro is the global leader in eDiscovery technology used by legal professionals to streamline discovery of electronic data through presentation at trial. Ipro draws upon decades of innovation to deliver high-performance software, services, and support, flexibly deployed via Desktop, On-prem, Cloud, or Hybrid solutions, significantly reducing the cost and complexity of eDiscovery. For more information, visit https://www.iprotech.com/

About NetGovern:

NetGovern’s information archiving and governance software helps organizations solve data compliance, safeguard personal information, simplify eDiscovery and protect their reputation. Our all-in-one solution offers the fastest speed to value, lowest cost of ownership, and most secure visibility of sensitive information found in messages and files, independent of storage location. https://www.netgovern.com/

About ParkerGale:

ParkerGale Capital is a private equity fund based in Chicago that buys profitable, founder-owned software companies. ParkerGale also hosts the private equity industry’s only podcast, the PE FunCast on iTunes and Google Play. For more information, please visit http://www.parkergale.com/

Recent Case Law Illustrates the Importance of Addressing BYOD in Your Organization

BYOD Case Law

Recent Case Law Illustrates the Importance of Addressing BYOD in Your Organization
Written by Doug Austin, Editor of eDiscovery Today

If you follow my writing, you know that I cover a lot of case law – typically between 60 to 70 cases a year. When you do that, you notice certain trends that illustrate some of the challenges that organizations face today with regard to electronic discovery. One of the more common trends these days relates to cases related to mobile device data and the failure to preserve that data. Many organizations today support a Bring Your Own Device (BYOD) approach to employees and their mobile devices; however, many of them don’t have an effective policy or plan for addressing mobile device data when litigation hits.

Let’s take a look at three recent cases where failure to preserve mobile device data led to sanctions requests by requesting parties.

In DriveTime Car Sales Company, LLC v. Pettigrew, No.: 2:17-cv-371 (S.D. Ohio Apr. 18, 2019), Ohio Judge George C. Smith granted in part and denied in part the plaintiff’s motion for spoliation sanctions against defendant Pauley Motor, denying the plaintiff’s request for an adverse inference sanction by ruling that “DriveTime has not sufficiently demonstrated that Pauley Motor acted with the requisite intent” when Bruce Pauley failed to take reasonable steps to preserve text messages when he switched to a different phone. However, he did note that “less severe sanctions are available to DriveTime under Rule 37(e)(1) upon a finding of prejudice.” Judge Smith also allowed the plaintiff to “introduce evidence at trial…of the litigation hold letter and Pauley Motor’s subsequent failure to preserve the text messages. DriveTime may argue for whatever inference it hopes the jury will draw.”

In NuVasive, Inc. v. Kormanis, No. 1:18CV282 (M.D.N.C. Mar. 13, 2019), North Carolina Magistrate Judge Patrick Auld granted the plaintiff’s motion for sanctions in part, giving the plaintiff additional time to depose and subpoena text messages from a key contact who indicated that he was unable to retrieve text messages beyond two months prior (but also refused to let the plaintiff inspect his devices). Judge Auld also recommended that, “because the record supports but does not compel a ‘finding that [Defendant Kormanis] acted with the intent to deprive [Plaintiff] of the [lost text messages’] use in the litigation, the Court submit that issue to the ‘jury, [with] the [C]ourt’s instruction[s] mak[ing] clear that the jury may infer from the loss of the [text messages] that [they were] unfavorable to [Defendant Kormanis] only if the jury first finds that [he] acted with the intent to deprive [Plaintiff] of the[ir] use in the litigation’”.

In Paisley Park Enter., Inc. v. Boxill, No. 17-cv-1212 (WMW/TNL), (D. Minn. Mar. 5, 2019), a case related to the late rock legend Prince, two defendants not only failed to disengage the auto-delete function on their phones, but they also each wiped and discarded their phone – one did it twice – since October 2017. Minnesota Magistrate Judge Tony N. Leung granted in part the plaintiffs’ Motion for Sanctions Due to Spoliation of Evidence, ordering the Rogue Music Alliance (“RMA”) Defendants to pay reasonable expenses, including attorney’s fees and costs, that Plaintiffs incurred as a result of the RMA Defendants’ “misconduct”, and also ordered the RMA Defendants to pay into the Court a fine of $10,000, but chose to defer consideration of adverse inference instruction sanctions to a later date, closer to trial.

As you can see, failing to preserve data from mobile devices led to various levels of sanctions against the spoliating parties, not to mention the effort it took to defend themselves against even more significant sanctions. Here are two considerations that you need to keep in mind to avoid the same issues that these parties encountered:

  • BYOD Policy: Many organizations support employees’ ability to use BYOD devices, but a lot of them don’t have a formal policy regarding the use and management of those devices, which includes an employee’s duty to preserve mobile device data when litigation hits. Organizations need a clear BYOD policy that emphasizes the rights of the organization and the responsibilities of the employees using BYOD devices for company use, including those associated with preservation and collection of mobile device data. (Check out this post on BYOD policies from Ipro’s eDiscovery Blues series).
  • Litigation Hold Notices: Litigation hold notices need to be extended to enforce preservation of mobile device data, including instructions to suspend any auto-deletion of text messages (as well as messages from other messaging apps) and spell out the responsibilities to preserve data from mobile devices before discarding those devices.

Just because a device is owned by an employee doesn’t mean there is any less responsibility for that employee to take appropriate steps to preserve that data during litigation. Organizations need to take control of that challenge by implementing a formal BYOD policy and ensure litigation hold notices clearly spell out the duty of custodians to extend preservation to their BYOD devices.

Next week, I’ll discuss best practices associated with BYOD policies. My first Ipro cliffhanger!

For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, feel free to follow, eDiscovery Today And as part of the continued educational partnership between Ipro and eDiscovery Today, he’ll be here in the Ipro Newsroom next week with more educational content!

3 Challenges Corporate Legal Teams Face With BYOD

corporate legal BYOD

 

3 Challenges Corporate Legal Teams Face With BYOD

JD Supra Readers Choice Top Author 2020Written by Jim Gill
Content Chief, Ipro

Today’s eDiscovery Blues comic highlights several challenges In-House legal teams might face when working with data in the face of litigation, starting with the sinking feeling that comes when you ask yourself, “Is the I.T. department being sarcastic?” That’s part of the humor here, but the answer given about simply having everyone use Snapchat as a solution for employees using their personal mobile devices for work (Bring Your Own Device or BYOD) raises several points worth discussing.

Corporate Legal Challenge #1: Mobile Devices, eDiscovery & BYOD

Mobile devices can be difficult when it comes to eDiscovery for many reasons. They contain a large variety of file-types and data intermingled with a lot of private information, which may be privileged. Extracting specific information can be difficult and imaging an entire device can be costly (read this example from recent case law for more on the pros and cons of imaging entire mobile devices).

That’s why it’s important to have policies in place to determine how mobile devices are used for business purposes, which is exactly what Rick Compliance, eDiscovery manager, was trying to do when he called I.T. above.

Corporate Legal Challenge #2: Social Media / Chat, eDiscovery & BYOD

Messaging platforms (e.g. Slack, Teams, What’s App) and social media (e.g. Facebook, Instagram, LinkedIn, Snapchat) go hand in hand with mobile devices, and we all know that business is conducted across multiple platforms and devices, sometimes simultaneously. Gaining insight into the ESI created by these can be difficult.

With social media, data can usually be requested from the source company (For example, Instagram has a data request form in its Privacy and Security settings), and chat files can be exported, but both of these can be difficult to put into a review-ready format, losing the context of the conversations held within them. And these new data sources continue to grow and be used in interesting ways, as this recent case shows: Etsy Post Leads to Arrest of Cop Car Arson Suspect in Philly.

Knowing if these platforms are a potential source of data for your organization should litigation arise is vital. Having policies in place around their use for business and alignment between Legal and I.T. should this data need to be collected is ideal.

Corporate Legal Challenge #3: Avoiding Sanctions for Mobile Data Spoliation, Including Ephemeral Data

Finally, the notion of a company telling employees to use ephemeral data messaging as part of their BYOD policy isn’t so far-fetched. And it can lead to sanctions.

In a recent case, WeRide Corp. v. Huang et al. (N.D. Cal. Apr. 24, 2020), the defendants were sanctioned under FRCP Rule 37, because they directed employees of their company AllRide to communicate using the application DingTalk internally. The CEO testified, he felt it was “more secure” than other messaging platforms; however, DingTalk allows for “ephemeral messages” that automatically delete after they have been sent and read (much the same as Snapchat, mentioned in the cartoon above).

The court’s ruling stated, “AllRide left in place the autodelete setting on its email server, began using DingTalk’s ephemeral messaging feature, and maintained a policy of deleting the email accounts and wiping the computers of former employees after the preliminary injunction issued. This practice of destroying potentially discoverable material shows both willfulness and bad faith. Based on these undisputed facts, the Court finds it appropriate to issue terminating sanctions.”

Conclusion

Mobile Data is no joke and having alignment between Legal, IT, Compliance and other stakeholders is a must before litigation arises. Without clear policies in place, there are so many ways mobile data can quickly become a problem.

For more insights into your organization’s data landscape, Download the Ipro Pre-Litigation Data Inventory Checklist now!

Ipro Pre-Litigation Data Checklist

4 Reasons Why Summer is the Right Time to Start the Ipro Virtual Administrator Training Series

Ipro Virtual Administrator Training

4 Reasons Why Summer is the Right Time to Start the Ipro Virtual Administrator Training Series
Written by Julie Badger, Product Learning Experience Manager, Ipro

While it may be summer, the time for learning doesn’t stop, and we here at Ipro are focusing our energy on helping our customers get the most out of their Ipro products with Ipro training courses.

The Ipro training team has built a solid body of training materials and courses targeted to meet the needs of adult learners where they are. You might wonder, “What’s so different about adult learners?” Well, research shows that adult learners learn differently, have different motivations, and different educational needs which must be addressed:

  • Adult learners draw on their past experiences to inform their current learning objectives.
  • Adult learners are goal oriented, targeted learners who narrow their learning objectives to only what is most relevant and applicable.
  • Adult learners are also very self-directed and learn more by practicing and doing than by rote memorization.

With adult-learning theory in mind, we’ve adapted our former in-house training courses and made them available in in virtual web-series format. The beauty of this adapted course curriculum is that it gives the learner the ability to grasp the concepts by following along during the lecture-based training. Then, separately, learners can go work on the practice exercises and homework to deepen their understanding of the materials in the context of their own software implementation. The combination of lecture-based learning with self-guided learning can really help cement the core concepts in a learner’s brain.

At Ipro we’re committed to educational excellence and would love to help you meet your education goals in 2020.

If you book an open session for the Ipro Virtual Administrator Training Series
any time between June 1st and July 31styou can receive a 20% discount on the course fee:
Use the promo code SUMMER20 when you sign up. 

Click Here for More Information — We hope you’ll join us!

Time to Update Your eDiscovery SWOT Analysis! (If You Even Have One)

eDiscovery SWOT Analysis

Time to Update Your eDiscovery SWOT Analysis! (If You Even Have One)
Written by Doug Austin, Editor of eDiscovery Today

Periodically, it’s a good idea to reassess your SWOT analysis and update as appropriate to address changing environmental opportunities and threats.  And with the impact that the COVID-19 pandemic has had on so many businesses, there has never been a better time to consider updating your SWOT analysis – or creating one in the first place if you didn’t already have one.

What is a SWOT Analysis?

What the heck is a “SWOT” analysis? It’s a structured planning method used to evaluate the Strengths, Weaknesses, Opportunities, and Threats associated with a specific business objective. That business objective can be a specific project or all of the activities of a business unit (e.g., your discovery practice). And it involves not only identifying that specific business objective but also identifying the internal and external factors that are favorable and unfavorable to achieving that objective.

The SWOT analysis breaks down as follows:

  • Strengths: Characteristics of the business or project that give it an advantage over others, such as activities your business unit does well, skills of your internal resources, etc.
  • Weaknesses: Characteristics that place the team at a disadvantage relative to others, such as attributes that you don’t have (but your competitors do), resource limitations, etc.
  • Opportunities: Elements in the environment that the project could exploit to its advantage, such as emerging need for your products or services, lack of competition, etc.
  • Threats: Elements in the environment that could cause trouble for the business or project, such as emerging competitors, change in economic conditions, etc.

Strengths and opportunities are helpful to your business unit; weakness and threats are harmful to it. Strengths and weaknesses are internal in origin and are attributes of your business unit, while opportunities and threats are external in original and are attributes of the environment that affects your business unit – many of your strengths or weaknesses may in fact be in response to those opportunities and threats.

Defining your “competitors” depends on what your business unit is designed to do. If you’re a litigation unit (in a corporation and/or law firm), your competitors could be the other side in a specific case. If you’re an eDiscovery provider, your competitors could be other providers with which you’re competing for business.

How to Conduct a SWOT Analysis:

To conduct a SWOT analysis, create a 2 x 2 matrix with the strengths and weaknesses on one row and the opportunities and threats on the following row.  You can easily create one using Excel or Word tables. Here is an example of what an empty SWOT analysis can look like, courtesy of Wikipedia.  Once you have constructed an empty SWOT analysis, you then proceed to list your business unit’s strengths and weaknesses and the opportunities and threats affecting your business unit in the respective boxes.  The exercise can help you make decisions about areas for your business unit to address to maximize its success.

Example eDiscovery SWOT Analysis:

While there are certainly threats during this challenging time, there are also opportunities that can impact your business as well, if you’re prepared to take advantage of them. Let’s take a look at a few of both:

Opportunities:

  • While this would be considered a “threat” for non-litigation related businesses, there is expected to be a large swell of litigation cases filed related to the pandemic and associated economic challenges derived from it that could lead to additional business for litigation and eDiscovery providers.
  • Layoffs at many eDiscovery providers and law firms have led to a huge available talent pool of qualified talent in eDiscovery. There has never been a better time to add talented and experienced staff to move your company forward.
  • The move toward remote work has opened up the talent pool available to fill open positions. Geographical location/willingness to relocate has been effectively limited as a position requirement for many positions, causing the list of potential qualified candidates to expand considerably.

Threats:

  • Court closures have slowed case dockets, which have (in turn) reduced requests for eDiscovery services, at least in some cases in the short term.
  • Business uncertainty has led to fewer requests for eDiscovery services, extended payment cycles for services and software or even potential defaults on payments for companies going bankrupt.
  • Lack of in-person interaction with clients and prospects in meetings and at conferences have affected the ability for eDiscovery providers to attract new customers or retain existing ones.

Sometimes, a factor could be either an opportunity or a threat, depending on your situation. For example:

  • Closing of offices has forced eDiscovery providers to offer their services remotely.

This could be a threat if your company wasn’t prepared to offer remote services when the pandemic hit. But it could be an opportunity if you were already providing a well-defined remote alternative for those services as your organization is now ahead of those who did not have a well-defined remote offering.

Regardless, the opportunities and threats derived from the COVID-19 pandemic are unique to each business, and it’s an ideal time to update your SWOT analysis to address them to maximize the success of your business unit.

 

Be sure to tune in to hear Doug Austin, Tom O’Connor, and Jim Gill discuss:
How to Conduct a Legal SWOT Analysis on 9/9!

In Honor of Juneteenth, CEO Dean Brown Reiterates Ipro’s Commitment to Diversity

Ipro commitment diversity

In honor of Juneteenth, the day the United States officially ended slavery, CEO Dean Brown sends this message regarding Ipro’s continued commitment to diversity and the defense of equal rights for all people.

“This has been a difficult and emotional time for all of us, and Ipro felt it was important to first listen and learn from Black voices. In light of the necessary conversations that are happening across our country now, I want to share where Ipro stands regarding these issues.

“Ipro sees value in each and every person. We remain committed to providing a working environment that does not tolerate racism or discrimination in any form. We foster a culture of open dialogue where we listen and learn first, while providing increased resources and outlets for sharing and support for our employees of all races, genders, sexual orientations, abilities, and religions.

  • Treat others with respect—the way you would want to be treated.
  • Defend equal rights for all people.
  • Participate in our democracy and speak up when you see a wrong.

“Ipro’s commitment isn’t new, but we stand behind it and affirm that we will continue to seek and support diversity.”