Category Archives: Industry News

How Meta-e Discovery Uses Ipro to Lower Costs for Clients (Case Study)

meta-e discovery Ipro

How Meta-e Discovery Uses Ipro to Lower Costs for Clients (Case Study)

Paul McVoy is the CEO and co-founder of Meta-e Discovery, an award-winning firm specializing in litigation support, technology-assisted review, and consulting. He oversees a dedicated team with offices in New York, NY, Fort Meyers, FL and Milford, Connecticut.

Formerly a law firm’s in-house eDiscovery unit, the independent company today works in state and federal courts alike, with a case load evenly split between plaintiffs and defendants. McVoy’s bio best summarizes his business philosophy: “By using the best technology, coupled with the right advice, any party, no matter what size, can match up evenly against any other.”

“Nothing beats Ipro for being able to process and handle multi-page and multi-document PDFs,” McVoy says. Meta-e Discovery has a long history of utilizing Ipro tools like TrialDirector, eScanit, and eCapture, products with a proven record of success on “the plaintiff side of things.”

“We needed a powerful processing tool to handle data internally. But for our smaller clients, we also needed a more economical, compact footprint to do that. Ipro was perfect.”

Ipro Solutions for Every Stage

Meta-e Discovery routinely joins a case after it has already commenced, at which point they are inundated with previously produced PDFs. McVoy explains that his operation built its workflow around Ipro tools, because they’ve proven so integral to data-handling success.

In addition to helping clients with their discovery needs, Meta-e also assists them prepare for depositions, hearings, and trials.  Their go to tool is TrialDirector.  Its feature rich interface allows Meta-e to enable their clients’ examinations to focus on the important parts of their exhibits without slowing down

“The tool is so easy to use. We load all exhibits into TrialDirector ahead of the case to begin preparing it for the court.”

A Winning Combination

In one memorable case, a trial was slated to last four weeks. By utilizing TrialDirector’s capabilities and delivering a seamless experience, Meta-e helped expedite the trial, which ended a week early. Reduced preparatory time allowed the team to better focus on client needs, and a shorter trial saved the client $100,000 overall.

“The client was so happy, we became their go-to service provider going forward. When they have new cases, we get them all. The technology allows us to lower costs for clients while taking on more business. And the use of Ipro services allows us to ramp up during times of need.”

TrialDirector’s audio/video sync capabilities top the list of McVoy’s favorite Ipro features, enabling the legal team to prepare deposition designations and to obtain daily exhibit lists with ease. Attorneys can call out documents “on the fly” during a trial, as others are speaking, and identify pertinent information quickly.

Exhibit production and other time-sensitive demands often warrant the involvement of a trial tech. Inserting someone into a team to serve that role for three to four weeks can be challenging. McVoy finds that Ipro’s Trial Director enables collaboration and reduces preparation time, particularly when a court orders a case to move quickly and neither side is displaying boards.

Meta-e cuts all video with TrialDirector ahead of time and leverages the skills of an Ipro tech with the platform’s functionality to get the job done. “It can be ten, fifteen, twenty hours a day. And with a small team, having someone come in and help is great.”

“One recent trial was unique in that all testimony was taken from historical video deposition designations. The judge was very impressed with how seamless and precise it came out. They hadn’t been exposed to such a high level of technology used in the courtroom or the level of expertise that the Ipro tech brought.”

McVoy insists that Ipro has delivered a high level of care and attention in every interaction, inside and outside the courtroom, over many years.

“We’ve worked with a lot of vendors, and Ipro’s technology and customer service stand out.”

 

To Hear Clients Talk About the Difference Ipro for Enterprise Can Make, Watch this Video!

Ipro for Enterprise from Ipro eDiscovery & InfoGov on Vimeo.

Legal Stakeholders and the Information Governance Reference Model

Information Governance Reference Model Legal

Legal Stakeholders and the Information Governance Reference Model
Written by Doug Austin, Editor of eDiscovery Today

Last week, I introduced a new blog series on the Ipro blog called Considering the 5 Stakeholder Groups of the Information Governance Reference Model (IGRM) and I set the stage for the series by discussing the IGRM model in general, the complexity of information to be managed by organizations today and identified the five stakeholder groups.  This week, I begin my look at the stakeholder groups by starting with Legal stakeholders.

Legal Stakeholder Information Needs

As a person who writes an eDiscovery blog, it’s easy for me to look at every potential information need for Legal stakeholders as the proverbial “nail” related to the eDiscovery “hammer”, including considerations for investigations and compliance as well.  But, from an operations standpoint, Legal stakeholders have many more information needs than those that apply just to eDiscovery.  Here is a list of ten potential areas associated with legal operations:

  1. eDiscovery & Legal Hold
  2. Legal Department Strategic Planning
  3. Vendor Management
  4. Analytics Metrics & Dashboard
  5. Team Building & Communications
  6. Processes & Technology
  7. Knowledge Management
  8. Financial Planning, Analysis & Management
  9. Managed Services & Legal Process Outsourcing (LPO)
  10. Global Data Governance

While I’d like to take credit for identifying those areas myself, I got them from the Association of Corporate Counsel’s ACC Legal Operations website, which has a terrific infographic to illustrate legal operations as a “hub” function in corporate legal departments here.  I could write an entire blog series just on those different operational needs – it’s obvious from the infographic and the list above that Legal stakeholders within an organization have a lot of potential information needs to support these various operational initiatives.

Legal’s Relation to Other Stakeholder Groups

To accomplish its role from an Information Governance standpoint within an organization, Legal needs to collaborate with the other stakeholder groups to achieve the following objectives:

  • Identify and Protect Data Sources Necessary to Support the Above Operational Initiatives: Legal must not only effectively understand where information is located to support those initiatives and access that information quickly, they must also establish requirements from a legal and regulatory perspective regarding maintenance, preservation and destruction of that information, including notifying the other stakeholder groups when changes to laws and regulations impact those requirements.
  • Generate and Manage Information to Support Legal Objectives: Legal will likely be responsible for at least generating (if not maintaining) agreements and other documents designed to protect the organization from a legal standpoint. Everything from non-disclosure agreements (NDAs) to contracts for services performed could be generated and possibly maintained by Legal.

In other words, Legal stakeholders are big users of information within an organization, but they also establish many of the requirements for when, how and how long that information is created and maintained within it.  To do their job effectively, Legal stakeholders not only need to understand their information needs and organizational requirements, they also need to understand technology and how to maximize it to accomplish those goals.

Legal Stakeholder Recommendations for Better Information Governance

Here are some recommendations for Legal stakeholders to help an organization improve its overall Information Governance program:

  • Identify and Periodically Revisit Legal Use Cases: As you saw above, there are a lot of potential use cases Legal stakeholders may have regarding organizational information. So, they need to flush out those various use cases to identify their data requirements to support their various ops needs and revisit periodically to adjust use cases or even create new use cases as requirements dictate (e.g., new use cases being identified due to strengthened data privacy laws).  Also consider conducting a SWOT analysis for various legal use cases to determine what strengths and weaknesses you have when addressing the opportunities and threats your organization is encountering regarding supporting those use cases.
  • Actively Participate in Organizational Data Mapping Activities: To ensure that they understand where the data is located within the organization to support its use cases, Legal must be an active participant in the data mapping process to not only identify where data is located within an organization, but also to ensure the data to support their legal ops objectives will be there when needed (i.e., the “Why” for the data that’s needed).
  • Keep Current on Legal Trends That May Impact Organizational Requirements: A great example of that is the changing data privacy landscape with new regulations like Europe’s General Data Protection Regulation (GDPR) and California’s California Consumer Privacy Act (CCPA). Those are just two of the many data privacy regulations that have been passed in the last couple of years – numerous other states and countries have updated their requirements as well and there can be differences from GDPR and CCPA.  Legal needs to stay current on changes to legal trends, especially in areas that are changing quickly.
  • Find Your Inner Geek: To better communicate with other stakeholder groups, it’s best to understand how to “speak geek”. Attend webinars to learn more technical concepts and consider setting aside 5-15 minutes a day to read about technical concepts (this blog and eDiscovery Today are great places where you can do that).  Legal may understand “what” is required, but the other groups can indicate “how” to make it happen, so it’s important to understand how to effectively communicate with them to get there.
  • Embrace the Use of Technology: As you find your inner geek, emphasize the use of technology to support Legal use cases. With the volume of data and variety of data sources, index-in-place and artificial intelligence (AI) technologies are becoming more essential to addressing any organization’s information governance needs today.  So, learn about and be open to those emerging technologies as well.

Next week, we’ll continue with the goals and considerations for Records Management (RIM) within an organization.  See you then!

For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, follow, eDiscovery Today! And as part of the continued educational partnership between Ipro and eDiscovery Today, he’ll be here in the Ipro Newsroom next week with more educational content!

Why Do Attorneys Feel Mired in “Low-Value Work?”

attorneys low value work

Why Do Attorneys Feel Mired in “Low-Value Work?

JD Supra Readers Choice Top Author 2020Written by Jim Gill
Content Chief, Ipro

In a recent Artificial Lawyer article, they featured a survey which found that 67% of in-house attorneys at fast-growth companies felt buried in low-value work. Meanwhile, in another survey of 1,058 senior legal practitioners worldwide (conducted by EY) a third of firms with more than 1,000 employees spend nearly one out of every three hours on ‘low‑value’ tasks.

So what is at the root of being stuck in low-value work?

The surveys point to the familiar bane of legal departments everywhere: manual processes. One might think in this age of being able to manage most of one’s life from a mobile phone, the legal world would have the same things in place, but this just isn’t the case for many law firms and legal departments. eDiscovery managers might be able to see their Amazon packages arrive on their doorstep and literally say, “Thank you,” via a smart doorbell, but at their jobs still face processes and even technology from the previous decade.

A second cause noted is having to use multiple systems. Many legal teams may feel they have their challenges under control, but it may also involve a cobbled-together Frankenstein’s monster of software, services, and manual processes. This isn’t inherently bad if integrations and communications are functioning at peak efficiency. I remember one veteran eDiscovery practitioner comparing this idea to the way audiophiles might compile a stereo system: you want the best of all the components regardless of brand; all-in-one systems are for people who want convenience over quality.

But this can lead to another dilemma when it comes to “low value tasks,” which we highlighted in this week’s eDiscovery Blues: technology training. Sure, your system might work, but it requires an expert to make sure everything stays functioning (just hope that person never wants to take a vacation). That’s why ease-of-use continues to rise to the top on attorneys’ lists.

In the same survey, it noted that when it comes to legal tech, here’s what GCs want:

  • Easy adoption – 80%
  • Integrations – 57%
  • Data Insight – 43%

They want to leverage technology in order to help them do their jobs, but they don’t want the bulk of their time spent learning the technology. It’s easy to fall into the trap of spending more time trying to work less. If technology is too much of a hassle, then the tried-and-true manual processes become more attractive.

For insights into how technologists are working to solve some of these problems, I went to Aaron Swenson, Product Director at Ipro. He raised a few things legal teams should consider in order to avoid being mired down by menial tasks.

  • “They should be asking how to supercharge their teams with technology in ways that are integral to the legal process, while moving them away from having to manage operations (i.e. the ROI spent working toward business objectives vs. on business operations).
  • “They’ll also want to look for technology which makes both internal and external stakeholders/customers happier.”
  • “A goal of ours at Ipro is working toward the idea of zero training time (or at least minimal training time). The technology should be intuitive enough that an experienced practitioner can log in and within a few minutes be doing their work instead of spending it learning software.”
  • “Finally, I think it’s important that legal teams consider how data sizes are growing faster than processing technologies, which means your traditional culling workflow will eventually have to change out of necessity.”

To that last point, the need for technology in the legal world is beyond necessary. It’s time to take the next step toward solutions that work as a single source of the truth when it comes to data, connect all stakeholders both inside and outside the organization, while taking the focus off of time spent learning technology.

All of which allows attorneys to get back to the primary objective of their jobs: practicing law.

 

Register for this two-day virtual event for a chance to take a look at Ipro’s eDiscovery and Information Governance solutions with live Q&A sessions!

virtual road show

 

 

 

Considering the 5 Stakeholder Groups of the Information Governance Reference Model (IGRM)

IDRM Information Governance

Considering the 5 Stakeholder Groups of the Information Governance Reference Model (IGRM)
Written by Doug Austin, Editor of eDiscovery Today

EDRM may be best known for its Electronic Discovery Reference Model by which it’s named, which reflects the stages of electronic discovery.  Even though there is a current EDRM revision project in the works, that project appears to be focused on updating the underlying documentation of the EDRM model to reflect changes in technology, process, and the law – not the EDRM model itself.  That’s good, because it’s become the framework on which so many have based their understanding of electronic discovery – it conveys more in a single diagram about electronic discovery than any other document or infographic could.

Information Governance Reference Model (IGRM)

In recent years, the EDRM model has been updated to replace a simple circle for Information Governance with the Information Governance Reference Model (IGRM).  Information Governance (which started out as an Information Management box in the original EDRM model and was subsequently updated to an Information Governance circle) has become a term that has become popular with eDiscovery professionals and non-eDiscovery professionals alike – it has become a suitable replacement for “Records Management” that conveys the extent of electronically stored information that organizations deal with today, for which a term like “records” no longer seems to adequately fit the challenge.  Information governance is unlike any other eDiscovery phase in that it is perpetual – which is why it is represented by a circle in the EDRM model – the only phase represented as such, which the IGRM upholds with its design.

From outside in, the IGRM model reflects the stakeholders involved in information governance, an inner ring that combines the concepts of policy integration with that of process transparency and the workflow or lifecycle diagram that reflects all stages of the information lifecycle – from its creation through its ultimate disposition.  For each type of information considered for IGRM, you need to understand the Duty (Legal obligation for that information, Value (Utility or Business Purpose of that information) and Asset (Specific description of that container of information).

It’s hard to believe, but the IGRM has itself been around since 2010, for ten years now!  In 2012, EDRM announced the release of version 3.0 of the IGRM, which is the version still in use today.  In that version, EDRM – in cooperation with ARMA International and the CGOC (Compliance, Governance and Oversight Council) – included privacy and security as primary functions and stakeholders in the effective governance of information.

Complexity of Information to be Managed by Organizations Today

When IGRM was first developed, information was much more highly centralized within organizations today, but the advent of mobile devices, social media and cloud-based repositories (either managed by the organization itself or managed by third party providers) has enormously increased the complexity of information governance within those organizations.  So much activity is happening through the Internet today that the amount of activity happening every minute can be mind-boggling.

To reflect that amount of activity, Lori Lewis created an Internet Minute infographic that she has updated every year for the past several years and it’s a great reflection of the activity happening within the Internet in an average minute.  Here is a link to the 2020 infographic, which reflects things like 190 million emails per minute, 59 million messages sent every minute (on Facebook Messenger and WhatsApp combined), over 19 million text messages per minute (just on iMessage), even 1.6 million Tinder swipes every minute(!) and so forth.  Much of this is data that has to be tracked and accounted for more and more by organizations today and it continues to evolve as some of these sources were minimal to non-existent just a few years ago.

Five Stakeholder Groups of the IGRM

Adding privacy and security as primary functions and stakeholders for IGRM in 2012 brought the total number of stakeholder groups in the IGRM to five.  Each group has different goals and considerations for information within the IGRM model that differ from each of the other groups.  Here are the five stakeholder groups with their primary focus/consideration for information in parentheses:

  • Legal (Risk)
  • Records Management (RIM) (Risk)
  • Information Technology (IT) (Efficiency)
  • Privacy & Security (Risk)
  • Business (Profit)

Over the next five weeks, I’ll discuss each of them in turn: how they relate to the other stakeholder groups in terms of their goals for information within an organization, how complimentary (or not so complimentary) those goals are in relation to other stakeholder groups, their requirements for business information, considerations for addressing challenges in today’s world and so forth.  So, this is more than another Ipro cliffhanger, it’s a whole series!  Next week, we’ll begin with the goals and considerations for Legal within an organization.  See you then!

 

For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, follow, eDiscovery Today! And as part of the continued educational partnership between Ipro and eDiscovery Today, he’ll be here in the Ipro Newsroom next week with more educational content!

By partnering with Ipro, ProFile Discovery Gives Clients Peace-of-Mind (While Saving Them Time & Money)

ProFile Discovery Ipro

By partnering with Ipro, ProFile Discovery Gives Clients Peace-of-Mind (While Saving Them Time & Money)

For nearly two decades, Ohio-based ProFile Discovery has been assisting Law Firms and Legal Departments with their eDiscovery projects from collection to production, including Managed Review. As ProFile owner Andrew Keck puts it, “We’ll work pretty much start to finish on the EDRM as needed, including cybersecurity, forensic investigations, and cyber penetration testing.” And since 2006, ProFile has worked collaboratively with Ipro, further enhancing its commitment in 2017 by joining the Ipro Partner Program as a reseller.

ProFile’s objective with new clients is to evaluate their ambitions, demonstrate the best tools available, and determine right-sized solutions. The demands of particular caseloads or information management needs, for example, may not warrant the cost of implementing a full-scale environment in-house. Which is why, in Keck’s view, it’s often much cheaper for organizations to initially outsource, until a different scale of operation is required.

Director of eDiscovery Linda Wong oversees the scope of services ProFile offers and has worked in step with the evolution of Ipro’s products, with a particular focus on filling the gap for small and mid-size firms in the U.S. as well as internationally, who lack their own litigation support teams.

Most ProFile projects average 500,000 documents for processing, but the high end may reach up to 13 million. Emails dominate, though an assortment of paper documents still require scanning and manual coding into Ipro. Clients typically send collected data as a PST file or give ProFile access to their Office 365 to obtain specific custodians’ data.

“Using Ipro’s advanced analytics, our immediate focus is an Early Case Assessment to analyze the data provided,” says Hans Foster, Managing Partner of ProFile’s Cleveland office. “This allows us to confidently advise clients as to what we can do to save them time and money.”

Ipro for Enterprise’s ability to stream information directly into review during processing greatly reduces job completion time. As Linda Wong says, “We ingest data, turn to other work, then come back and start again. With streaming, we can manage each project and our time more efficiently.”

Hans Foster adds, “We are not done after data is processed into review. We also employ and contract with attorneys that specialize in linear document review and defensible Technology Assisted Review (TAR). Between a review team’s expertise, Ipro Analytics, and our workflow, Ipro’s TAR becomes ProFile’s Smart Review.”

Linda Wong also praises Ipro’s advanced analytics for email threading, near-duplicate identification, and concept clustering, which enable her team to quickly and accurately cull datasets. “In one case we cut documents by one-third by using concept searches and near-dupe to make sure we didn’t miss other versions or variations of a document,” she said. ProFile can also use these tools to QC productions from opposing counsel.

But ProFile’s workflow doesn’t stop there. As Hans Foster puts it, “we aren’t just collection to production, we are collection to court. Our team has sat in the hot seat for hundreds of trials, and a couple of us have worked inside law firms preparing for trial. This gives us unique perspective to organize clients during discovery with an eye toward trial, which allows the attorneys we serve to effectively prepare and not spend wasted time organizing and looking for documents.”

And because ProFile utilizes Ipro for Enterprise to manage and secure the data of law firms and corporations, they know cybersecurity is of the highest importance. After a careful benefits analysis, Keck embraced Ipro’s cloud environment. “I’m really forward with clients when I tell them, ‘I’m not storing your data on our personal servers or in our office. I’m storing it on Ipro’s cloud.’ And I’m doing that on my behalf and on their behalf, because I want to protect it.”

Keck’s team instills this confidence by sharing Ipro’s contact information with clients on day one. “I want our clients to recognize the things we can do for them, as well as the experience and support Ipro brings to the table. This gives legal teams the peace-of-mind to practice law, knowing ProFile and Ipro have the technology side of things covered.”

 

 

To Hear Clients Talk About the Difference Ipro for Enterprise Can Make, Watch this Video!

Ipro for Enterprise from Ipro eDiscovery & InfoGov on Vimeo.

 

 

Five Considerations for Custodian Readiness Interviews in 2020, Part Two

eDiscovery Custodian Interview

Five Considerations for eDiscovery Custodian Readiness Interviews in 2020, Part Two
Written by Doug Austin, Editor of eDiscovery Today

A few weeks ago, I discussed Three Components to Assessing Your Organization’s eDiscovery Readiness from the Ground Up.  One of those components was conducting interviews of key personnel, which included interviews with at least one or two key representatives of the legal department, IT and records management departments.  Last week, I discussed the first three considerations for effective eDiscovery custodian interviews in 2020; today, I’ll discuss the remaining two.

Consider the Source(s)

I’m sure I don’t have to tell you that, in 2020, there are more sources of ESI than ever.  Mobile devices of custodians are routinely responsive in litigation, as are communications from collaboration apps like Slack and Teams (which are being used even more heavily since the pandemic began as colleagues can’t simply walk down the hall to discuss tasks and issues when working remotely).  Not to mention that data is being stored in more locations than ever to enable remote workers to get their jobs done effectively.  Here are five areas to specifically address to identify potential locations of data that might not be readily apparent:

  • Personal email: Do the custodians ever use personal email accounts to transfer company data? It could be for a completely innocent reason, but it happens all of the time, regardless of company policies regarding use of personal email accounts.
  • Mobile Devices: These days, you expect custodians to be using cellphones for company use, with many of those being Bring Your Own Device (BYOD) devices. Hopefully, the organization has a policy that governs the use of BYOD devices.  But, BYOD devices can extend beyond just the cellphone – I’ve seen many people extend email clients to their iPads or Android tablets, which must also be accounted for as well.
  • Cloud Storage and Portable Media: Do the custodians ever use Dropbox or Google Drive for sharing company ESI? Do they use flash drives or external hard drives they use for moving data or backups?  It’s likely they do, especially during the pandemic and remote work.  You need to ask specific questions about these sources, where they are and how they’re used.  Again, company policies may govern the use of these data storage mechanisms, but there is no guarantee the policies are being completely followed, so it’s important to ask about these specifically.
  • Collaboration Applications: Your organization may have selected approved apps for collaboration within the company – Slack and Microsoft Teams are the most common. However, there are a slew of other apps out there, so you want to make sure to address any potential communications through other apps or channels within approved apps outside the standard company channels.
  • Social Media: It’s not too common for custodians to share company ESI on social media, but it’s not unprecedented either, so you have to ask about that too.

Trust, but Verify

That phrase used by President Reagan repeatedly in discussions with Soviet Prime Minister Mikhail Gorbachev (actually borrowed from the Russian proverb Doveryay, no proveryay) may be “so 80’s”, but it is very appropriate today as well.  Regardless what the key employee tells you regarding their handling of ESI, you’ll want to verify that information to the extent possible.  Verification can occur in two ways:

  • Other Interviews: To the extent you’re interviewing other key employees who work in similar areas, you should tailor your questions, in part, to confirm what you’ve learned from previous interviews.
  • Employee Surveys: As discussed, this third component to assessing your organization’s discovery readiness from the ground up can flush out potential issues about which the key personnel may not even be aware. Just because the IT director has set a policy in place for the department (or the entire organization, for that matter) doesn’t mean that policy is fully being followed.  Surveys can help flush out the differences between policy and practice.

These five considerations for eDiscovery custodian interviews in 2020 will help you better assess your organization’s discovery readiness assessment when conducting interviews with the key employees in your organization.  Now, all you have to do is implement them!

For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, follow, eDiscovery Today! And as part of the continued educational partnership between Ipro and eDiscovery Today, he’ll be here in the Ipro Newsroom next week with more educational content!

Tune in to hear Doug Austin, Tom O’Connor, and Jim Gill discuss:
How to Conduct a Legal SWOT Analysis on 9/9!

Law Firm Brinks, Gilson & Lione Highlights Ipro Enterprise eDiscovery for “Ease-Of-Use”

Ipro Ease-Of-Use

Law Firm Brinks, Gilson & Lione Highlights Ipro Enterprise eDiscovery for Ease-Of-Use

Earlier this year, Suzanne O’Mahoney, Director of Paralegal Services and Litigation Support, Brinks, Gilson & Lione, shared some thoughts on why BGL chose Ipro as their eDiscovery solution.

Ease of Use. First Class Support.

We are a boutique law firm focused mainly on patent, trademark, and copyright law. Five years ago, we wanted to update our eDiscovery software from Concordance and after looking at all of our options, the litigation support group at the firm all agreed that Ipro for enterprise was the best solution, especially for its ease-of-use and Ipro’s first class customer support.

Strong Relationships

I love the people at Ipro. I am someone who appreciates good relationships, and if I have a problem, I simply pick up the phone, and Ipro responds immediately. Last year, one of our key players at the firm who handled most of litigation support needed to take family leave. Ipro stepped in and said, “Sue, we’re here for you. Here’s a number. Call us if you need anything, and we will assist and guide you while you’re shorthanded.” I appreciate that. Instead of having to outsource everything, I felt good keeping it in-house, because I had Ipro as a safety net.

A True eDiscovery Partner

Not only do I manage a department, but I’m also a user, and Ipro really listens. If I have a problem and want something changed, they say, “We’ll see what we can do.” As a client, I like that. Ipro is a true professional service partner. They make you feel like you are part of a family.

 

To Hear Clients Talk About the Difference Ipro for Enterprise Can Make, Watch this Video!

Ipro for Enterprise from Ipro eDiscovery & InfoGov on Vimeo.

 

 

Five Considerations for Custodian Readiness Interviews in 2020, Part 1

custodian readiness interviews

Five Considerations for Custodian Readiness Interviews in 2020, Part One
Written by Doug Austin, Editor of eDiscovery Today

A few weeks ago, I discussed Three Components to Assessing Your Organization’s eDiscovery Readiness from the Ground Up.  One of those components was conducting interviews of key personnel, which included interviews with at least one or two key representatives of the legal department, IT and records management departments.  Today, I’ll drill into that component to discuss some considerations for effective interviews in 2020.  I’ll discuss the first three this week and the last two next week.

Take Advantage of Useful Resources, Then Customize

One of the biggest challenges to custodian readiness interviews is identifying the questions to use during those interviews.  Fortunately, you don’t have to start from scratch – there are several resources out there with great example questions to start with.  Here are two of them:

  • EDRM Identification Standards: This page on the EDRM site is a terrific resource for sample questions for records management, custodial interviews and IT. Even though the questions are geared toward the Identification phase once a case has been filed, many of them are also applicable to discovery readiness assessments as well.  The list was last updated in 2011, so you’ll need to supplement these questions with others to address newer potential sources of ESI and other more recent considerations.
  • University of Florida Law Custodian Interview Form: This simple two page form is another good basic resource for custodial interviews. And, it illustrates another best practice of custodial interviews in general – record the answers in a standardized form (to the extent possible), it makes analysis of the information much easier downstream.

There are other resources out there as well.  The key is to use those resources for ideas and some of the questions you may use, but then customize where appropriate for your organization.  Certain questions in resources like these may not be applicable within your company, while the resources may not adequately address other areas unique to it.  They are great places to start to develop your own questions.  It’s also important to supplement with additional questions as needed during the interview process, as the interviews you conduct will almost always lead to follow-up questions for those interview subjects or others.  Interviewing is typically an iterative process.

History of the Position, and the Custodian

Have you ever filled out an application for something financial (e.g., loan, credit card, etc.) and they asked for additional residences if you haven’t lived in your current residence for at least two years to get a more complete picture of your residential history?  You need to take the same approach when it comes to interviewing key personnel.  It’s important to find out how long the interviewee has been in that current role, who held the position before him/her and what other positions has the interviewee held.

If the person who held the position before the interviewee is still with the company, you may want to add that person to the list of people to be interviewed and you may even need to interview prior position holders before that to get a complete picture of how data has been managed within the organization over a period of time.  And, if the interviewee has held one or more other positions that might be relevant to the information gathering exercise, you may need to expand the list of questions you ask him/her to those other areas.

Remember the Departed

No, I don’t mean the 2006 Oscar winning movie of the same name, directed by Martin Scorcese, with Leonardo DiCaprio, Matt Damon, Jack Nicholson and Mark Wahlberg – even though that was a great movie.  I’m talking about personnel that have left the organization that may have had relevant information – often, they are identified as you capture the history of the position of the key employees you interview.  While you may not be able to interview those personnel, the organization may have a policy in place to preserve their data for a period of time to ensure that any data in their possession that might be critical to company operations is still available if needed.  If so, you need to find out if the organization keeps that data, where they keep it, in what format, and for how long.  Just because the employees are “departed” doesn’t mean they’re not important to your readiness assessment activities.

Next week, I’ll discuss the remaining two considerations.  Another Ipro cliffhanger!

 

Be sure to tune in to hear Doug Austin, Tom O’Connor, and Jim Gill discuss:
How to Conduct a Legal SWOT Analysis on 9/9!

Why the Connection Between Biometric Data and eDiscovery Will Continue to Grow

biometric data eDiscovery

Why the Connection Between Biometric Data and eDiscovery Will Continue to Grow

JD Supra Readers Choice Top Author 2020Written by Jim Gill
Content Chief, Ipro

Everyone has been talking about the California Consumer Privacy Act (CCPA) lately, namely because the 2018 law became enforceable as of July 1, 2020. This law provides California consumers with a number of privacy-related rights, and applies to any organization that has California consumers, even if they’re not located in California.

So why isn’t there more talk about BIPA? The Illinois Biometric Information Privacy Act has been around since 2008 and “has been a steady source of litigation ever since,” according to a 2020 article in the National Law Review.

Illinois Biometric Information Privacy Act (BIPA)

BIPA regulates how “private entities” collect, use, and share “biometric information” and “biometric identifiers”, and imposes certain security requirements, noting that:

“Biometrics are unlike other unique identifiers that are used to access finances or other sensitive information. For example, social security numbers, when compromised, can be changed. Biometrics, however, are biologically unique to the individual; therefore, once compromised, the individual has no recourse, is at heightened risk for identity theft, and is likely to withdraw from biometric-facilitated transactions.”

The key obligations of BIPA require a written informed consent before collecting the data, a written retention and destruction policy of that information, prohibit profit from biometric information, and specify requirements around security.

Even more interesting is the Right to Action clause, which states: “Any person aggrieved by a violation of this Act shall have a right of action” with a potential monetary recovery for each violation.

This week’s eDiscovery Blues cartoon makes a play on a recent Illinois Supreme Court Ruling which clarified “aggrieved person” under BIPA. It also reminds the eDiscovery industry just how commonplace the collection of biometric data has become in a world of facial recognition, thumbprint ID verification, and home DNA kits.

Rosenbach v. Six Flags Entertainment Corp

In 2014, 14-year-old Alexander Rosenbach went on a school trip to Six Flags Great America, who had begun using a fingerprint scan for all season pass holders. The pass had been purchased online, and when his mother asked Alexander for the paperwork related to the pass after he returned home, he said, “it’s all done by fingerprint now.”

The original complaint states, “Neither Alexander, who was a minor, nor Rosenbach, his mother, were informed in writing or in any other way of the specific purpose and length of term for which his fingerprint had been collected. Neither of them signed any written release regarding taking of the fingerprint, and neither of them consented in writing ‘to the collection, storage, use, sale, lease, dissemination, disclosure, redisclosure, or trade of, or for [defendants] to otherwise profit from, Alexander’s thumbprint or associated biometric identifiers or information.”

However, two years later, the Appellate Court overturned the lower court’s ruling in favor of the plaintiff, noting “a plaintiff is not ‘aggrieved’ within the meaning of the Act and may not pursue either damages or injunctive relief under the Act based solely on a defendant’s violation of the statute. Additional injury or adverse effect must be alleged.”

So, the issue at hand becomes injury or adverse effect as a result of the collection of biometric data, and not simply a “technical violation” of BIPA.

This was settled by the Illinois Supreme Court in 2019 when they overturned the Appellate Court’s ruling, noting that having one’s rights violated as defined by BIPA was sufficient to be considered aggrieved.

They also pointed out that the protection of individual biometric data was the purpose of the law, and that “to require individuals to wait until they have sustained some compensable injury beyond violation of their statutory rights before they may seek recourse…would be completely antithetical to the Act’s preventative and deterrent purposes.”

Biometric Data and eDiscovery

An important thing to consider is data knows no borders. With the growth of new technology which collects biometric data, it’s easy to see where it becomes potentially discoverable under litigation. As more states consider individual privacy laws, along with those which exist in Europe and other jurisdictions, compliance becomes more of a challenge, especially for global organizations.

Manual processes aren’t defensible, so having proper tools in place to ensure compliance with notifications, as well as retention and destruction policies, are vital. As this ruling under BIPA shows, saying “no harm, no foul” isn’t enough.

 

To learn more, listen to this discussion of Biometric Information and other new data sources with Judge Ron Hedges!

The 5 W’s of Organization Data Maps

Organization Data Maps

The 5 W’s of Organization Data Maps
Written by Doug Austin, Editor of eDiscovery Today

Last week, I discussed what a Data Map is, why it’s important, four best practices for better Data Mapping and drivers for updating your Data Map in 2020.  This week, I’ll talk about what information needs to be in your Data Map.

What, Where, When, Who, Why

As I noted last week, the Data Map doesn’t have to be complicated.  It can be as simple as a spreadsheet (or series of spreadsheets, one for each department or custodian, depending on what level of information is likely to be requested). Even the data elements you need to track can vary, depending on the requirements of your organization.  But, regardless of where it’s kept or what data elements, your Data Map needs to answer the “5 ‘W’s” associated with your organization’s data – What, Where, When, Who and Why – as follows:

  • What data is being stored?: Examples include data types like email, work product documents, audio/video files, databases, texts, collaboration data, social media content, cloud based platforms, hard copy documents – and potentially much more.  It’s important to identify a standard list of as many of the data types you can up front while remaining flexible to adding data types when interviewing specific custodians who may be tracking certain types of data not being tracked elsewhere.
  • Where is it being kept?: In other words, what physical location or device location does the data reside.  Examples could include everything from accounting file room/file server/software application to workstations checked out to individuals to even Bring Your Own Device (BYOD) devices like iPhones.  Again, it’s a good idea to start with specific standard classifications that you can supplement as you gather more information.
  • When do we need to keep/destroy it?: Of course, that includes retention/destruction schedules and when the information was created in the first place, so you know what data is ready for destruction.  Your Data Map should be able to point you to those ten year old accounting reports that need to be deleted or shredded because you’re only required to retain them for seven years; in fact, if you’re maintaining and tracking your Data Map regularly, those reports should be long gone before then.
  • Who is responsible for the data?: The specific custodian or department responsible for it; for example, Payroll keeping pay stubs, the HR coordinator keeping health insurance forms, etc.  Those are the obvious ones, especially within your organization’s facility or servers.  What about responsibility for maintaining/archiving collaboration conversations on Slack?  Or responsibility for customer data on Salesforce when you may receive Data Subject Access Requests (DSARs) from individual customers for whom you’re tracking data that may be subject to General Data Protection Regulation (GDPR) privacy laws?  Those data sources have to be addressed as well, among many others.  In fact, for GDPR purposes, you may need to identify both the controller and the processor of the data in question – if you don’t know the difference, click on the GDPR link in this paragraph for more information.
  • Why are we keeping/tracking it?: If you can’t come up with a good answer for this, then maybe the data should already be deleted.  After all, according to the Compliance, Governance and Oversight Counsel (CGOC), 69 percent of organization data has no business, legal or regulatory value.  In other words, as I discussed in Part One of my post about “Eight is Enough! Eight Considerations for Defensible Deletion”, that data is Redundant, Obsolete and/or Trivial (R.O.T.). The best reason to create a Data Map in the first place is to identify as much of that data as possible and get rid of it.

Resource for Data Mapping Templates

As I said, the specific data elements you track in your Data Map may vary considerably, depending on your organization.  But, is there a resource for some ideas, even templates to get started with your Data Mapping?  There is.

In advance of enforcement of the GDPR, the site Demplates published an article with “10+ Print-Ready Templates” for GDPR Data Mapping here.  It’s a great resource that not only provides several downloadable templates for Data Mapping to support GDPR obligations; it also provides some additional best practices and considerations as well.  Consider reviewing several of those examples to get ideas on what to track within your own organizational Data Map.  The rest is up to you!

For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, follow, eDiscovery Today! And as part of the continued educational partnership between Ipro and eDiscovery Today, he’ll be here in the Ipro Newsroom next week with more educational content!