Category Archives: Industry News

eDiscovery Day is Needed More than Ever in 2020

eDiscovery Day 2020

eDiscovery Day is Needed More than Ever in 2020

JD Supra Readers Choice Top Author 2020Written by Jim Gill
Content Chief, Ipro

This year has definitely thrown a wrench into the works when it comes to the usual industry events we’re used to attending. Everyone adjusted to virtual gatherings and made the best of it (we’re all in this together, right?) but it wasn’t quite the same. But one thing that is consistent in 2020 is eDiscovery Day!

Now in its 6th year, eDiscovery Day has always been an industry event where everyone can participate, no matter their location. The vendor-agnostic event is the brainchild of eDiscovery thought-leader and Exterro Sr. Managing Director of Marketing, Mike Hamilton. According to the eDiscovery Day website, “eDiscovery Day is one of the largest nationwide gatherings of legal professionals. It’s a day that allows us to celebrate the increasingly important role we play as attorneys, litigators, e-discovery specialists, paralegals and in-house counsel in the Legal GRC space.” This year boasts 31 supporters, 20 downloadable resources, 11 webcasts, and 7 virtual events, all in a single day, which is December 3rd this year.

And speaking of webcasts, Ipro and ACEDS are hosting a webinar at 2pm ET:  A Year of Transition for eDiscovery: What We Learned in 2020

With the ongoing COVID-19 pandemic, law firms, corporate legal teams, ALSPs, and the courts have all had to make adjustments. As we come to the end of the year, it’s important to consider how these changes will affect the industry for 2021 and beyond.

I’ll be hosting the webinar on behalf of Ipro and talking with industry leaders Brad Blickstein and Michael Quartararo discuss the past year and what may lie ahead.

In this webinar we will discuss:

  • The effect of remote work on the legal industry
  • Significant Rulings and Laws in 2020
  • Changes to eDiscovery Workflow / Technology
  • How to Prepare for 2021

.So on December 3rd, be sure to take part in all the great events going on and celebrate our industry in the process. It has definitely been a year to remember, for better or worse, and we all deserve a little celebration.

Register for Ipro’s eDiscovery Day Webinar here!

 

This Year, the Spread of COVID-19 May Only Be Matched by the Spread of Cyber Attacks

cyber attacks

This Year, the Spread of COVID-19 May Only Be Matched by the Spread of Cyber Attacks
Written by Doug Austin, Editor of eDiscovery Today

We’re all familiar with how quickly COVID-19 cases have spread across the world and it seems as though it’s only getting worse.  Here in the US, many expect a surge even from the numbers we’ve seen so far after many Americans traveled around the country during the Thanksgiving holidays.  We hear about the challenges containing the virus on the news every day.  We don’t hear about the spread of cyber attacks on the news every day, but that seems to be surging as well.  Here are a few statistics to provide some context to the current cyber-dilemma many organizations face today:

  • Cyber attacks reached 445 million incidents in the first quarter this year: According to Arkose Labs (reported here), a spike in online fraud was experienced in the first quarter of 2020 in light of the COVID-19 pandemic, with fraud and abuse attempts comprising 5% of all transactions;
  • Business Email Compromise (BEC) attacks were up 200% from April to May 2020: As reported here, these BEC attacks focused on invoice or payment fraud typically involve a much bigger financial loss than many cyber attacks as they are aimed at business to business transactions;
  • Between January and April 2020, cloud-based attacks escalated by 630%: According to McAfee (reported here), this swelling in cloud-based attacks is correlated with the rise in the usage of cloud services and collaboration tools, such as Zoom, Slack, Microsoft 365, etc.;
  • Cyber attacks against banks rose by 238% due to COVID-19: According to ATM Marketplace (again reported here), they jumped particularly between the months of February and April;
  • Global ransomware reports were over seven times higher for the first six months of 2020: According to Bitdefender’s Mid-Year Threat Landscape Report 2020 (which I covered here), the total number of global ransomware reports increased by 08 percent Year-over-Year (YoY);
  • At the World Health Organization (WHO), phishing attacks increased by 15 times during the first two weeks of March compared to the entire month of January: As reported here, medical questionnaires and passport copies of more than 2,300 patients at one facility were leaked on the dark web.

Cyber attacks are even beginning to cost lives.  According to the New York Times, the first known death from a cyber attack was reported back in September after cyber criminals hit a hospital in Düsseldorf, Germany, with a ransomware attack that caused a woman in a life-threatening condition to be sent to a hospital 20 miles away where she died because of treatment delays.

So, the stakes are not only high, in some cases, they are literally a matter of life and death.  Of course, this means any system or platform could be vulnerable, including those your organization uses for information governance and eDiscovery.  Here are five best practices to protect your own organization against cyber attacks:

  1. Use strong unique passwords and change them often: Passwords should be a complex mix of numbers, symbols, and capital and lowercase letters and they need to be changed often, so organizations should require this. As end users, don’t use the same password everywhere as once it’s guessed in one platform, that enables cyber criminals access to others.
  2. Avoid pop-ups, links and unknown emails: Phishers try to trick you into clicking on an item that may result in a security breach. When in doubt, confirm with the IT department before clicking on any item that could be suspicious.
  3. Keep your software updated: Operating systems, security software, even end-user platforms should be updated to the latest version to maximize protections as cyber criminals are always taking advantage of flaws in older software.
  4. Back up your files: The ability to recover quickly if hit with a ransomware attack starts with current backups of your data and a sound plan for disaster recovery.
  5. Train, train, train: Make sure all of your employees are current on cyber security best practices and how to address various threats. It only takes one person to make a mistake to allow a breach into your organization.

Just as social distancing and wearing masks can help minimize the spread of COVID-19, following the best practices above can minimize the spread of cyber attacks to keep your organization “healthy” and secure.

For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, follow, eDiscovery Today! And as part of the continued educational partnership between Ipro and eDiscovery Today, he’ll be here in the Ipro Newsroom next week with more educational content!

Five Reasons Why Organizations May Be (Or Should Be) Bringing More Discovery In-House

in-house eDiscovery

Five Reasons Why Organizations May Be (Or Should Be) Bringing More Discovery In-House
Written by Doug Austin, Editor of eDiscovery Today

It’s a little early to be making Christmas analogies.  Then again, the stores already have their Christmas decorations out and Black Friday sales are already here in many online retailers, so maybe not.  Regardless, one of my favorite Christmas specials (yes, I still watch the ones I grew up with as a kid) is A Charlie Brown Christmas for a variety of reasons: the music by the Vince Guaraldi trio, the “true” meaning of Christmas, how adorable Snoopy is, etc.  And, of course, there are several cute scenes throughout the show.  One scene happens when Linus is given his script during the first rehearsal for the Christmas play and he remarks towards Lucy that he “can’t memorize something like this so quickly” and asks for “one reason” as to why he should be put through such agony by memorizing the lines.  Lucy walks up to him and says “I’ll give you five good reasons” and proceeds to count from one to five as she closes her fingers, one-by-one, up into a fist.  Linus quickly responds that “those are good reasons!”.

The way 2020 has gone, perhaps Lucy was about 55 years before her time?  Just kidding…

Regardless of Lucy’s persuasion skills, I will give you five reasons why organizations today may be (or maybe should be) bringing more discovery in-house.  And I’ll do it in a kindler, gentler fashion than the way Lucy might do it.

Reason #1: Technology is Moving More to the Data

Did you see my blog post from last week?  If you missed it, I’ll give you a brief recap and a link to it here for more information.  The enormous growth of big data combined with tightening timeframes for discovery have forced organizations more and more to push discovery processes earlier in the EDRM lifecycle. In 2025, the digital universe of data will grow from 0.1 zettabytes in 2005 to around 163 zettabytes, or over 163 trillion gigabytes – over 1,630 times the amount of data that existed when the EDRM model was created.  Yet, you may have as few as 70 days to understand your data well enough to be ready for the Rule 26(f) meet and confer.  Big Data combined with shortened time frames generates a need to move technology to the data to filter and cull that data in place – moving much less of it forward.  And that need only continues to strengthen.

Reason #2: Budgets are as Constrained As They’ve Ever Been

Every quarter, Rob Robinson’s Complex Discovery blog issues an eDiscovery Business Confidence Survey, which surveys eDiscovery professionals about their confidence in the business of eDiscovery.  One of the questions Rob asks every quarter is which factor (out of six choices) they feel will most impact the business of eDiscovery over the next six months.  In the Summer survey conducted back in July (which I covered here), the top factor was Budgetary Constraints, which was selected by a majority (56%) of the respondents as being most impactful over the next six months, more than the other five factors combined.  Certainly, organizations are more constrained by budgetary concerns since the pandemic began, which means that many are bringing more discovery work in house to save costs.

Reason #3: Litigation is On the Rise

If the New York Times says it, then it must be true, right?  More litigation means more to manage, not just from collection to production, but in terms of preservation and legal holds.  Organizations have no choice but to take a more active role in managing those processes because many more of them have multiple holds to manage.  Retention and destruction policies need to be interwoven into the management of legal holds more than ever, so that organizations can keep track of when data can be defensibly deleted.  In-house legal is one of the five stakeholder groups of the Information Governance Reference Model (IGRM) and is critical to the effort of linking the two.

Reason #4: Compliance Needs Are Growing

Because of the changing data privacy landscape with new regulations like Europe’s General Data Protection Regulation (GDPR), California’s Consumer Privacy Act (CCPA) and other data privacy legislation, organizations have many more compliance requirements than ever before.  Data Subject Access Requests (DSARs) are a recent phenomenon that didn’t even exist several years ago, and organizations are having to address discovery for those using in-house resources.

Reason #5: Desire to Maintain More Control

With greater demands from a data and time frame standpoint, more litigation, more compliance requirements and tighter budgets, what would you do?  And I didn’t even mention growing cybersecurity concerns since the pandemic as the workforce remains largely remote (here is just one stat that illustrates that issue).  When times get tough, many organizations tend to retrench and try to maintain more control.  Even to the extent that organizations are outsourcing services, they’re probably scrutinizing that spend a lot more closely.  One way they’re doing that is getting more involved in managing the technology being used by outside counsel and service providers, whether that technology is cloud-based or on-premise.

Hopefully, my reasons were more compelling – and less threatening – than Lucy’s reasons to Linus for memorizing his script!

For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, follow, eDiscovery Today! And as part of the continued educational partnership between Ipro and eDiscovery Today, he’ll be here in the Ipro Newsroom next week with more educational content!

From Motions to Money: How eDiscovery Technology Gives Small to Medium Law Firms 6 Big Wins

Wilson Turner Kosmo Case Study

From Motions to Money: How eDiscovery Technology Gives Small to Medium Law Firms 6 Big Wins

“The way Ipro has listened to clients over the years and made changes accordingly has been extremely helpful and impactful to our practice.” Justin Peña, Sr. Paralegal, Wilson Turner Kosmo, LLP

As San Diego’s largest certified women-owned law firm and one of California’s largest, Wilson Turner Kosmo is an award-winning firm serving small businesses to Fortune 100 companies in labor & employment, business litigation, class action, and related matters within manufacturing, retail, restaurants and hospitality, health care, real estate, public entity, banking, transportation, oil and gas, technology, pharmaceutical, and other industries.

In order to meet their clients’ needs, Wilson Turner Kosmo’s growing team of paralegals are responsible for technology-driven tasks such as data collection, processing, setup, and review.

Historically, paralegals ran the eDiscovery workflow through Concordance, but as the firm evolved, they needed a more robust platform. New and expanding practice areas in labor & employment and business groups meant more emails and other electronically stored information (ESI) to deal with.

After a comprehensive vetting process, Wilson Turner Kosmo selected Ipro Eclipse SE + Trial Director, with plans to upgrade to the all-new Ipro for Desktop shortly. The firm has also utilized the Ipro Services Team when datasets on class actions suits grows beyond internal housing. In these instances, they were able to scale up to Ipro’s Enterprise solution in the cloud.

Six Big Wins from the Ipro eDiscovery Solution:

“PSA: The more you know…” Justin Peña, Sr. Paralegal, Wilson Turner Kosmo, LLP

Win #1: Motions

Attorneys found that reviewing deposition transcripts with issue tags enabled them to write motions for summary judgment quicker and more efficiently. Not surprisingly, this helped them win more motions.

Win #2: Simplicity

As of January 2020, all parties in California must identify documents as they relate to a party’s production requests. With Ipro, the firm increased its ability to work within its current workflow to identify those production requests. The paralegals were able to tag documents for production, create coding forms, and then create fields to include an RFP number. Once it’s done, they then create a report to comply with the statute.

“The process is not cumbersome at all, and it’s extremely helpful for attorneys who aren’t so tech-savvy.” Justin Peña, Sr. Paralegal, Wilson Turner Kosmo, LLP

Win #3: Size

Ipro allows the firm to unitize, or in other words, split documents. (For example, personnel files that come as one large PDF with up to 200 pages). By unitizing, they can separate privileged documents and other items that do not need to be produced from the review pass.

“We constantly use this feature. We have looked at other products and some don’t have it which was a deal-breaker because we use it so much. Justin Peña, Sr. Paralegal, Wilson Turner Kosmo, LLP

Win #4: Interconnectivity

One of the biggest benefits the firm found is the ability to review transcripts to create issue tags, link documents to exhibits, and to review those deposition transcripts for other deposition prep, trial, and arbitration.

“From a green standpoint, I’m always in favor of a workflow method that eliminates the need to print and prepare binders.” Justin Peña, Sr. Paralegal, Wilson Turner Kosmo, LLP

Win #5: Speed

The persistent highlighting feature, which has keywords custom-developed on the backend, enables the team to instantly create a set of words and have a consistent highlighted color, allowing for much quicker review.

Win #6: Savings

In addition to being able to serve its clients more effectively and more quickly, Wilson Turner Kosmo now saves its clients’ money.

“Our goal is to be more efficient because of how busy we are. In California, the competition is high, and people are trying to reduce legal costs and provide value added service to their clients” Justin Peña, Sr. Paralegal, Wilson Turner Kosmo, LLP

 

 

 

Data and Time Frames Are Forcing a Shift in eDiscovery Workflows

eDiscovery Workflows

Data and Time Frames Are Forcing a Shift in eDiscovery Workflows
Written by Doug Austin, Editor of eDiscovery Today

When I was growing up, there was a commercial on TV for Wolf Brand chili where the spokesman – Lee (Pop) Myres always said “Neighbor, how long has it been since you had a big, thick, steaming bowl of Wolf Brand chili? Well, that’s too long!”

Well, “neighbor”, how long has it been since you heard me talk about the challenges of “Big data” and accelerated discovery time frames?  Well, that’s too long!  Actually, I don’t think I’ve talked about it on the Ipro blog before, but it continues to be one of the biggest challenges lawyers face today.

The Enormous Growth of Big Data

You’ve undoubtedly heard the term “Big data” before, but, in case you haven’t, it’s the term used to describe the large volume and variety of data – both structured and unstructured – that overloads a business on a day to day basis.  So, how extensive is the impact of Big Data?  Here are a few fun facts for you to consider that illustrate just how much bigger “Big Data” is getting:

  • Every 2 days we create as much information as we did from the beginning of time until 2003;
  • Data is growing faster than ever before to the point that, in 2020, about 7 megabytes of new information is being created every second for every human being on the planet;
  • Our accumulated digital universe of data will grow from .1 zettabytes in 2005 to around 163 zettabytes, or over 163 trillion gigabytes in 2025;
  • And, if you burned all of the data created in just one day onto DVDs, you could stack them on top of each other and reach the moon – twice.

BTW, a couple of these stats are several years old, before the continued advancement of mobile devices and before Internet of Things, or IoT devices, were really a big part of our lives.

That third bullet point is particularly notable as 2005 was the year that the EDRM Model was born.  While the model is a framework for the phases of discovery irrespective of data volume, it certainly was created at a time when data volumes were much less than they are today or will be five years from now.

Tightening Time Frames for Discovery

While data is growing in the world at an amazing rate, litigation and discovery deadlines aren’t changing. In fact, in some cases, those time frames are even accelerating.

Since the 2006 changes to the Federal Rules of Civil Procedure (FRCP), Rule 26(f) has dictated conducting the meet and confer “at least 21 days before a scheduling conference is held or a scheduling order is due under Rule 16(b)”.  An amendment to Rule 16(b)(2) in 2015 reduced the timeframe for issuance of the scheduling order to the earlier of 90 days after any defendant has been served, or 60 days after any defendant has appeared (from 120 and 90 days, respectively).  That gives you as few as 70 days to be ready for the Rule 26(f) meet and confer, which means you have a lot of work to do in order to understand your data to be ready for that.  And, with the recent pilot programs in the District of Arizona and the Northern District of Illinois (where the deadlines were as few as 100 days to produce all discovery) as well as shortened state court time frames (at least before the pandemic), migrating an increasingly large volume of potentially responsive data to review platforms makes it even more difficult to meet those deadlines.

Technology Moving More to the Data

Historically in eDiscovery, the data has moved to the technology.  Typically, organizations have identified and preserved ESI broadly as potentially responsive (and they certainly should continue to do that), but they have also collected potentially responsive ESI broadly as well – often preserving by collecting – relying on the capabilities of discovery review platforms to help legal teams cull down that broad collection to a much smaller subset of documents to be reviewed for potential production.  With data and time frame constraints, organizations in many cases can no longer collect ESI so broadly as there is simply too much of it to collect and filter and cull downstream to meet budgets and deadlines.  Instead, technology is moving more and more to the original source data for organizations to filter and cull that data in place – moving much less of it forward.

In my thought leader interview with Ipro’s CEO Dean Brown, he spoke about that from an industry perspective, stating: “As an industry, we really don’t have much choice but to deal with the data earlier.  The sizes of the productions and the sizes of the matters that we see our customers dealing with are already at a scale that is ridiculous and untenable. So, when you talk about bringing the technology to the data, we absolutely concur.”

I would call it the “wave of the future”, but it’s already happening today.

For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, follow, eDiscovery Today! And as part of the continued educational partnership between Ipro and eDiscovery Today, he’ll be here in the Ipro Newsroom next week with more educational content!

Four Tips for Managing Multiple Matters in the Age of the Pandemic

managing multiple matters

Four Tips for Managing Multiple Matters in the Age of the Pandemic
Written by Doug Austin, Editor of eDiscovery Today

Unless you’ve been living under a rock, you’ve probably heard that we’re seeing more litigation as a result of the pandemic and the resulting economic crisis – in some cases, a lot more.  According to the law firm Fisher Phillips (reported here), of the 283 COVID-19 workplace suits filed in federal and state courts through June 30, 122 or 43% were filed in June, marking a 30% increase from the 94 cases filed in May and 103% from the 60 in April. Class action lawsuits are also rising, with 41 filed against employers since the pandemic began.  And, that’s just one area of litigation.

One notably growing web conference company has had no less than five class action suits filed against – all this year.  Even the New York Times is reporting expected growth in lawsuits.  Not to mention, growth in investments into lawsuits, but that’s a story for another day (actually that day was June 29 when I wrote about it then).  Anyway, it’s more likely than ever that your organization has multiple litigation matters to manage.  With that in mind, here are four tips for managing multiple matters during the pandemic:

Get Your IG House in Order: If you’ve been reading my Ipro column the past six weeks, I’ve discussed the needs, responsibilities and recommendations for each of the five stakeholder groups of the Information Governance Reference Model (IGRM), so whether you’re Legal, Records and information management (RIM) , Information Technology (IT), Privacy & Security or Business stakeholders, you need to do what you can to help the organization address its information governance challenges.  That includes data mapping and addressing the 5 W’s” of organization data maps to understand where you’re data is located.

Employ Technology Earlier in the EDRM Life Cycle: Litigation is growing.  Budgets are not, as evidenced by the most recent eDiscovery Business Confidence Survey published by Rob Robinson’s Complex Discovery site, where Budget Constraints were voted on by nearly half of the respondents as the most impactful factor over the next six months (almost as much as the other five factors combined).

As a result, you need to leverage technology as much as possible to support the growing litigation burden within budgets that are manageable.  Once you have an up-to-date data map that gives you a sense of the amount of potentially discoverable data you have within your organization, consider “index-in-place” technologies that enable you to quickly identify potentially responsive data and collect that data for processing, review and (eventually) production and presentation.  Traditionally, data has moved to the technology, but it’s becoming more and more necessary for technology to move to the data – where it lives – to identify potentially responsive electronically stored information (ESI) earlier and only move that ESI forward.  The days of collecting the entire corpus for potentially responsive custodians is coming to an end.

Don’t Forget Non-Traditional Sources of Data: Do your workflows still focus primarily on email and Office files?  More business communications than ever are taking place via text and also messaging and collaboration apps like Slack and Microsoft Teams (here’s a link to our upcoming webinar where we’ll discuss those and how to address them).  Not only that, because of all of the additional remote meetings being conducted now, there are so many more audio and video files that are discoverable (here’s a post from Jim Gill on that topic and a link to a webinar and podcast where I’ve discussed it as well).  Failing to focus on these non-traditional sources of data can put you behind before the matter barely gets started and even more behind if you’re managing multiple matters.

Stop the Insanity: You know the famous phrase “Insanity is doing the same thing over and over again, hoping for a different result”*?  Well, in document review, insanity is doing the same thing over and over again and getting a different result.  By that I mean, reviewing the same documents in multiple matters, but not categorizing them consistently.  I’ve seen matters were counsel failed to mark documents as privileged that had been marked as privileged in other matters; hence, losing the privilege classification in the current matter (and maybe beyond). Taking a centralized approach to managing multiple matters, where an organization makes use of previous document classifications not only ensures consistency of document classification, but also saves outside counsel firm costs and having to review those documents again and again. The multiple matters your organization is facing may be in different jurisdictions managed by different local outside counsel firms that best know the local and state rules and judges’ tendencies – as a result, you want each local outside counsel firm that is familiar with the jurisdiction to be able to take advantage of document classifications previously recorded instead of “re-inventing the wheel”.  Getting more consistent document review at a lower overall cost?  That’s not insanity, that’s smart!

*By the way, the “Insanity” quote has been widely attributed over the years to Albert Einstein, but he apparently never actually said it.  So, you learned something else from this post!  That’s crazy!

For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, follow, eDiscovery Today! And as part of the continued educational partnership between Ipro and eDiscovery Today, he’ll be here in the Ipro Newsroom next week with more educational content!

Case Law: eDiscovery Isn’t About DIY but Collaboration

eDiscovery Collaboration

Case Law: eDiscovery Isn’t About DIY but Collaboration

JD Supra Readers Choice Top Author 2020Written by Jim Gill
Content Chief, Ipro

Do-It-Yourself eDiscovery?

Often we think the goal of technology is to allow us to do things ourselves which before required training or expertise. Digital photography is a great example. The photos and video most of us can take with our phones today require much less skill and a much lower cost to produce than when film was the only option. Not to say there isn’t a high level of expertise involved in creating the best digital photography, but technology does so much when it comes to leveling the playing field for the amateur.

This mindset, however, does not apply to eDiscovery, particularly when it comes to the self-collection of electronically stored information (ESI). It’s not that custodians can’t self-collect, because, like digital photography, technology allows pretty much anyone the ability to do so. It’s more a question of should you self-collect.

Florida Magistrate Judge William Matthewman’s ruling on E.E.O.C. v. M1 5100 Corp. earlier this year was a clear reminder that collection without the supervision of counsel is not acceptable. According to the summary of this age discrimination case by Doug Austin, editor-in-chief of eDiscovery today, “defense counsel allowed two employees of the client to identify and collect ESI” in response to requests for production “with no oversight from counsel at all,” even though they signed off on the RFP, which violated FRCP Rule 26(g).

“The Court is not impressed”

Citing previous case law [In re Abilify (N.D. Fla. Dec. 7, 2017)] which states “self-collection by a layperson of information on an electronic device is highly problematic and raises a real risk that data could be destroyed or corrupted,” Judge Matthewman wrote in his ruling:

“In the case at hand, it is very clear that Defendant’s employees self-collected ESI in order to respond to Plaintiff’s document requests without sufficient attorney knowledge, participation, and counsel…. And, the Court is not impressed by the repeated delays in production that have occurred in this case by Defendant.”

What comes next has become a long-standing trend in eDiscovery case law: the courts pushing for both parties working together in order to properly produce the requested ESI. Judge Matthewman writes, “The discovery process, particularly when ESI is involved, is intended to be collaborative,” but again warns that discovery must be supervised by counsel. He then concludes the ruling by noting the extraordinary times the COVID pandemic has put on everyone and gives the benefit of the doubt to the Defendant’s counsel that they didn’t act in bad faith, but states the “Court does not want to see these problems continue. The Court also directs Defendant’s counsel to impress upon Defendant that it must promptly respond to discovery or it will be subject to sanctions. The Court expects to see no more discovery delays.”

Technology Should Enable Collaboration

The first Federal Rule of Civil Procedure says the overall goal is a “just, speedy, and inexpensive” resolution to disputes. Too often, technology focuses on speed and cost-savings, which are important; however, in the end the most important is justice.

5 years ago now in the 2015 Year-End Report on the Federal Judiciary, US Supreme Court Chief Justice John Roberts stated:

“Lawyers—though representing adverse parties—have an affirmative duty to work together, and with the court, to achieve prompt and efficient resolutions of disputes…. They have an obligation to their clients, and to the justice system, to avoid antagonistic tactics, wasteful procedural maneuvers, and teetering brinksmanship.”

In light of these statements and the continued holding up of cooperation and collaboration by the courts, eDiscovery technology should be created with a focus on how it enables collaboration between all stakeholders. Between law firms and their clients. Between in-house counsel, outside counsel, and any 3rd party vendors that may have been employed. And, maybe most importantly, between opposing parties.

 

Check out these on-demand demonstrations for an in-depth look at how Ipro’s eDiscovery and Information Governance solutions enable collaboration!

Business Stakeholders and the Information Governance Reference Model (IGRM)

Business Stakeholders IGRM

Business Stakeholders and the Information Governance Reference Model (IGRM)
Written by Doug Austin, Editor of eDiscovery Today

Last month, I introduced a new blog series on the Ipro blog called Considering the 5 Stakeholder Groups of the Information Governance Reference Model (IGRM) and I set the stage for the series by discussing the IGRM model in general, the complexity of information to be managed by organizations today and identified the five stakeholder groups.  The past four weeks, I’ve reviewed Legal stakeholders, Records and information management (RIM) stakeholders, Information Technology (IT) stakeholders and Privacy & Security stakeholders.  This week, I conclude the series by focusing on the Business stakeholders.

Business Stakeholder Information Needs

Let’s face it – in the IGRM model (as the white paper issued by EDRM regarding the release of IGRM v3.0 illustrates), business stakeholders are primarily responsible for one thing – profit.  As a result, business stakeholders are very invested in using information that enables the organization to drive up profits overall.  If the value of that information expires, business stakeholders could lose interest in managing it, cleaning it up, or paying for it to be stored. In other words, business stakeholders are users of the information that drives the business and determines the success of the business.  It’s important for an organization to balance efficiency of governing information with the need for business stakeholders to use that information effectively to meet the profit goals of the business itself.  It’s that balancing act that comprises the challenge to maintaining information important to the business for as long as the information is needed while being prepared to discard it as soon as it’s redundant, obsolete and/or trivial (ROT) and should be disposed.

Business stakeholder units include:

  • Sales: Certainly, an organization’s sales team is managing very important information within an organization. They keep track of an organization’s sales pipeline and information about not only customers with which they do business, but also prospects with which they hope to do business.  All of these customers and prospects have (whether they are individuals or organizations) have data that needs to be protected – especially in these days of increased data privacy requirements.  Customer relationship management (CRM) solutions have become a vital part of any organization’s management of their customers and prospects and many of the most popular solutions are cloud-based, such as SalesForce.  Even though the data within a CRM platform may be stored in “the cloud”, organizations still have the same responsibility to protect that information from a compliance standpoint.
  • Marketing: The marketing team not only utilizes information within a CRM solution, one of their primary responsibilities is to build a list of prospects to be tracked by the CRM solution to supply leads to the Sales team. Marketing accomplishes this in a variety of ways, including online and in-person resources and events designed to acquire leads.  With in-person events on hold for now, online activities and content are more important than ever to acquire those leads.  With so much data being acquired about prospects, the marketing team has an important responsibility to protect that information as well.
  • Products/Services: Without products and services, there would be no customers (of course). So, the information stored by the products/services team(s) can include everything from intellectual property that make the organization’s offerings unique to data about customer requests or even support histories for those customers.  How much customer history does an organization need to store?  It depends on the type of business and how long that information provides significant value to the organization.  Regardless, the information generated by the products/services team(s) is vital to enable the organization to generate the income it needs to thrive (or at least survive).
  • Finance/Accounting/HR: The finance team keeps track of all of the information that is important to understand how the organization is doing overall. It needs to work with Sales and Products/Services to understand the full revenue picture (both actual and projected) and balance that against data associated with expenses to determine profitability.  The expense data can involve information about various providers who are (in turn) selling their products or services to this organization.  It can also include personnel expenses, which involves individual data associated with the employees and contractors who actually run the business.  Just as organizations are expected to protect data of customers who are individuals, they are also expected to protect data of employees who are individuals as well.  Again, that data may reside in cloud-based solutions like QuickBooks, but the responsibility for the organization to protect that data remains the same.

Business’s Relation to Other Stakeholder Groups

Business stakeholders tend to want to hang onto information indefinitely (on the off chance they may need it), but it’s an inherent responsibility for the other stakeholder groups (Legal, RIM, IT and Privacy/Security) to work with the business stakeholders to establish an understanding for when the return on investment (ROI) of keeping the data no longer exceeds the cost of retaining it.  ROI for retaining the data as well as regulatory requirements for doing so should drive all stakeholder groups (including business stakeholders) in terms of how long any data is maintained within the organization.  Business stakeholders need to be willing to accept guidance from the other stakeholder groups regarding the risk and efficiency considerations regarding retention of organizational data.

Business Stakeholder Recommendations for Better Information Governance

Here are some recommendations for Business stakeholders to help an organization improve its overall Information Governance program:

  • Support Organizational Data Mapping Activities: Business stakeholders must actively participate in the data mapping process and support the other stakeholder groups to implement a process that keeps the organizational data map evergreen and that critical organization data remains accessible.
  • Stay Current with Technology and Legal Trends: Technology evolves and companies are always developing software and hardware products that are designed to make information management easier and more secure. Rules and laws change regularly from a Legal standpoint. So, it’s important for Business stakeholders to stay current with both technology and legal trends to better understand their considerations and obligations regarding both areas.
  • Stay Current with Data Privacy Trends: Data privacy laws are continuing to change and so are the responsibilities of organizations to stay abreast of changing laws. This includes monitoring sites like the IAPP site for updates to data privacy laws, attending webinars to learn more about rapidly changing trends and setting aside 5-15 minutes a day to read about data privacy trends and updates (this blog and eDiscovery Today are great places where you can do that).

Conclusion

As we have discussed over the past several weeks, each stakeholder group has needs, responsibilities and areas they can address to ensure an effective information governance program within the organization.  An organization which has all five groups “plugged in” to the information governance program will manage organizational data more efficiently and effectively, saving costs and reducing overall organizational risk.

For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, follow, eDiscovery Today! And as part of the continued educational partnership between Ipro and eDiscovery Today, he’ll be here in the Ipro Newsroom next week with more educational content!

 

“I’ve Downloaded the Recording, Now What?” 3 (More) Considerations Regarding Zoom and eDiscovery

zoom eDiscovery

“I’ve Downloaded the Recording, Now What?” 3 (More) Considerations Regarding Zoom and eDiscovery

JD Supra Readers Choice Top Author 2020Written by Jim Gill
Content Chief, Ipro

There are a lot of people in the legal-tech community talking about the discoverability of Zoom data these days, particularly as the move to a remote workforce continues in the wake of the COVID-19 pandemic. As far as downloading recorded Zoom calls, it’s a pretty easy process. Really no different than exporting emails. And there haven’t really been any significant rulings (yet) regarding difficulties with Zoom data, so no need to worry right?

Maybe not in the immediate, but with the rise of video usage (not only with Zoom but with police body cam footage, as well as cell phone video) it will probably be sooner than later. The legal industry has a way of not adopting new workflows or technologies until they’re forced to, which can lead to extra costs and significant pressures on the legal team when litigation does arise, so being forward-thinking can pay off.

With this in mind, I spoke with Aaron Swenson, Ipro’s Head of Product Growth and Strategy, to discuss some more forward-leaning thoughts around video conference data and eDiscovery. Here are three considerations that continued coming up in our conversations.

Long Term Storage Costs:

It’s easy to take for granted the seemingly unlimited storage the cloud offers, particularly when using applications like Zoom. But audio files take up a fair amount of space. Video even more. And then when you throw in a transcript and chat data, it doesn’t take long to build up a significant amount of Electronically Stored Information (ESI).

For example, I looked at a recent Zoom recording I had exported to my laptop: It was just under an hour and came in around 100 GB. According to Zoom’s website, they charge $500 / month for 3 TB of storage and then about $10 for every 100 GB after that. So, if I recorded 30 hour-long calls in a month, that would be 500 dollars and an additional 10 dollars for every call after that. Now multiply that across the number of an organization’s employees using Zoom, and it’s not hard to see how it could quickly add up.

Establishing Retention Policies:

Data retention policies aren’t anything new, but the quick adoption of enterprise Zoom usage most likely means that many organizations haven’t considered how they manage and retain the data from video conferencing calls.

Different departments within a company or law firm may have different protocols when it comes to recording meetings: some may only record occasionally or for specific purposes; others may never record meetings; and others may always, regardless of the topic, record meetings. Then you add the issue of this data potentially being saved from the cloud onto individual machines (possibly multiple times for the same recording) and it’s clear why a Zoom-specific data management and retention policy is necessary.

eDiscovery Processing Capabilities:

Data is only as good as the information you can glean from it, particularly when it comes to data used as evidence for internal investigations and litigation. eDiscovery practitioners have known the importance of being able to extract metadata from documents, digital photos, and other ESI for decades now. Zoom recordings are no different. Which is why you want to make sure that your current eDiscovery solution can process those files into fully usable documents, should they need to be reviewed.

As part of an organization’s policies, they should always make sure their Zoom recordings include transcript creation, but it’s also important to have the ability to sync the video recording with the transcript within your eDiscovery workflow. There is so much information lost if attorneys are only able to review the text of a transcript. Having the video to accompany the text is vital for gaining insight from non-verbal cues (or Human Metadata, if you will) such as the speed of delivery, pauses, voice timbre and inflection, facial expressions, body language, and more.

Conclusion:

As with any new data source, considering its potential discoverability and how to defensibly preserve, collect, and review that data before litigation arises is always a good best practice.

Aaron Swenson sums this up nicely when he says, “Given the avalanche of recording, a proactive approach to Zoom data is necessary. Think about how you plan to deal with meeting recordings before a matter arises. Get a policy in place, consider storage costs, and a workflow that takes into account the time constraints of listening to hours of audio and video.”

There is no return to normal when it comes to video. Whether people continue to work remotely or go back to a brick and mortar office, video data will continue to grow in its use, which means it won’t be long before we see it become more prevalent in litigation.

 

Read more about how state jurisdictions and FRCP Rule 26
relate to Zoom and eDiscovery on the Ipro Blog!

Privacy & Security Stakeholders and the Information Governance Reference Model (IGRM)

security privacy IGRM

Privacy & Security Stakeholders and the Information Governance Reference Model (IGRM)
Written by Doug Austin, Editor of eDiscovery Today

Last month, I introduced a new blog series on the Ipro blog called Considering the 5 Stakeholder Groups of the Information Governance Reference Model (IGRM) and I set the stage for the series by discussing the IGRM model in general, the complexity of information to be managed by organizations today and identified the five stakeholder groups.  The past three weeks, I’ve reviewed Legal stakeholders, Records and information management (RIM) stakeholders and Information Technology (IT) stakeholders. This week, I continue the series by focusing on the Privacy and Security stakeholders.

Today’s Landscape for Privacy & Security Stakeholders

As I mentioned in the introduction post, EDRM announced the release of version 3.0 of the IGRM in 2012 (almost eight years ago to the day), which is the version still in use today.  In that version, EDRM – in cooperation with ARMA International and the CGOC (Compliance, Governance and Oversight Council) – included privacy and security as primary functions and stakeholders in the effective governance of information.

The importance of privacy & security in organizations has “shifted into hyper drive” in recent years.  Let’s take a look at recent developments for both.

Privacy: In recent years, several data privacy laws have been enacted to protect the data rights of individuals.  The two most recognizable data privacy laws are:

In addition, several other countries and states have also either enacted or strengthened data privacy laws.  According to the International Association of Privacy Professionals (IAPP), multiple states have proposed similar legislation to the CCPA to protect consumers in their states, with at least two more having signed new privacy laws and several others in progress on data privacy laws.

As for countries around the world, here’s a link to privacy laws in different countries and how to comply with them.

Security: While data privacy requirements are increasing significantly, cybersecurity threats are growing.  Here are a few recent cybersecurity stats to give you a sense of just how big the challenge is today to protect individual and organization data:

Do I have your attention yet?  Needless to say, while the stakes of protecting data is much higher (given increased scrutiny through data privacy laws), the challenge of protecting that data is only getting tougher, especially given all of the increased remote work during the pandemic.

Privacy & Security’s Relation to Other Stakeholder Groups

A white paper issued by EDRM regarding the release of IGRM v3.0 notes the following regarding the addition of privacy & security stakeholders:

“Privacy & Security stakeholders are responsible for identifying and managing risks associated with personal and/or confidential information. The risks may be legal/regulatory in nature, driven by brand/reputational considerations, or both. With respect to privacy and personal information, companies must be cognizant of laws and ‘best practices’ governing transparency and classification at the point of creation, must understand how the data may be collected, used/processed, and where the data may flow (i.e., cross-border data transfers). Confidential information – be it personal or business proprietary – must be appropriately protected as an asset. Implementation of standards to ensure reasonable and appropriate security protocols – technical, physical, and administrative – is critical for proper information risk management. Enhanced security protocols may be warranted or required for sensitive data (e.g., protected health information, data that could facilitate identity theft, discrimination, or harm, trade secrets, proprietary information, etc.).”

One of the common trends in organizations today to establish responsibility for protecting data within an organization is to appoint a Data Protection Officer (DPO).  GDPR established responsibilities for organizations to hire or appoint a DPO, with doing so being required if an organization meets one of these three criteria:

  • Public authority: The processing of personal data is done by a public body or public authorities, with exemptions granted to courts and other independent judicial authorities.
  • Large scale, regular monitoring: The processing of personal data is the core activity of an organization who regularly and systematically observes its “data subjects” (which, under the GDPR, means citizens or residents of the EU) on a large scale.
  • Large-scale special data categories: The processing of specific “special” data categories (as defined by the GDPR) is part of an organization’s core activity and is done on a large scale.

Even if your organization doesn’t meet one of the three criteria above, it’s still a good idea to hire or appoint a DPO to establish someone within the organization who takes the lead on the organization’s data privacy responsibilities.  That person can work with other stakeholder groups to ensure other organization goals are being met while protecting that data.

Privacy & Security Stakeholder Recommendations for Better Information Governance

Here are some recommendations for Privacy & Security stakeholders to help an organization improve its overall Information Governance program:

  • Promote Organizational Data Mapping Activities: Understanding where data is within an organization is the first step to protecting that data. Privacy & Security stakeholders must actively promote data mapping activities and support RIM stakeholders to keep the organizational data map evergreen so that the organization’s exposure is understood and can be effectively addressed.
  • Stay Current with Data Privacy Trends: Data privacy laws are continuing to change and so are the responsibilities of organizations to stay abreast of changing laws. This includes monitoring sites like the IAPP site for updates to data privacy laws, attending webinars to learn more about rapidly changing trends and setting aside 5-15 minutes a day to read about data privacy trends and updates (this blog and eDiscovery Today are great places where you can do that).

Next week, we’ll conclude the series with the goals and considerations for Business Unit stakeholders within an organization.  See you then!

For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, follow, eDiscovery Today! And as part of the continued educational partnership between Ipro and eDiscovery Today, he’ll be here in the Ipro Newsroom next week with more educational content!