5 Considerations for Creating an Effective BYOD Policy

Creating an effective BYOD policy

5 Considerations for Creating an Effective BYOD Policy
Written by Doug Austin, Editor of eDiscovery Today

A couple of weeks ago, I discussed three cases here that illustrated the importance of having a strong Bring Your Own Device (BYOD) policy in your organization to minimize security risks.  Today, I’ll discuss best practices associated with BYOD policies and even provide a couple of links to sample BYOD policies that you can use as a starting point to develop your own organization’s BYOD policy or confirm that your existing policy “covers all of the bases” in protecting your organization.

The Stats Associated with BYOD

According to this report, 85 percent of organizations enable BYOD.  76 percent of them enable it at least for employees and those organizations and others also enable it for contractors, partners, customers and suppliers.  Organizations embrace BYOD because it increases employee mobility (74 percent of respondents), employee satisfaction (54 percent) and reduces costs (49 percent).

However, 51 percent of respondents stated that the volume of threats targeting mobile devices is increasing, following the rise of BYOD and mobile data access.  Also, 43 percent of respondents didn’t even know if devices accessing corporate data were infected with malware.  And, just a few years ago, as few as 39 percent of companies actually had a formal BYOD policy.  39 percent!  While that number has probably gone up, it illustrates just how much of a “wild west” the use of BYOD devices has been in many organizations.

5 Considerations for Creating an Effective BYOD Policy

If your organization doesn’t have a BYOD policy, because of the COVID-19 pandemic, there has never been a better time to implement one. Nonetheless, here are some of the considerations you should address to establish proper use of BYOD devices by your employees and any other parties that might have access to organization resources.

  • Require Passwords on All Devices Used for Company Work: I know you’re saying “no duh!” but there are still people out there who could be using older devices with older operating systems (especially with all of the additional remote access during the pandemic) that don’t require the device to be secured with a password. Most newer OSs require a password to be set for the device, so this may not happen that often, but you want to explicitly require passwords on all BYOD devices.  You may also want to establish a requirement for strength of passwords, when appropriate, and maximum amount of idle time for the device before it automatically locks.
  • Establish Lists of Approved and/or Banned Apps: Have you heard all of the recent concern about the app TikTok and privacy concerns? Last week, Amazon told workers to remove the app from their devices or risk losing access to company email, then apparently called that directive a “mistake.  Regardless of what you think of TikTok, there are apps out there that are known security risks.  Your IT department should stay up-to-date on which apps might be at risk, keep updated lists of banned apps within the organization and communicate those changes regularly.  Or consider even getting more restrictive by providing a list of approved apps (and a procedure for requesting apps to be evaluated for addition to the list).
  • Provide Security Software: To the extent that individuals are accessing company resources, they should be doing it through secured means. Securing access through a Virtual Private Network (VPN) or Remote Desktop Protocol (RDP) is a must for any resources not accessed through secured cloud platforms.  In addition, it’s a good idea to consider implementing a Mobile Device Management (MDM) solution to directly administer mobile devices to segment business data and use from personal data and use.
  • Establish a Policy for Use of BYOD Devices During Legal Holds: This is a “no, duh!” tip for eDiscovery professionals, but most people don’t even think about the potential for their BYOD device to contain unique data, even if instructed to preserve all data. The BYOD policy should, in general, explicitly state the rights for the organization to access the BYOD device, which should include the need to preserve and collect data during legal holds.  It also should cover things such as discontinuing auto deletion of texts and messages within messaging apps (which could even include discontinuing using ephemeral messaging apps if they don’t provide an option to keep the messages indefinitely) and coordinating with the organization before replacing your device to capture data from it first.
  • Force Acknowledgement of the Policy and Policy Updates: In other words, require employees (and anyone else with access to company resources) to sign a copy of the policy to acknowledge that they have read and understood the policy. You also may need to consider having them sign periodically to acknowledge significant updates to it as well.  Not only is it important to hopefully avoid incidents of evidence spoliation, but it also can at least illustrate that your organization has communicated and confirmed an understanding of the policy from individuals, which could be important to defend against significant sanction if spoliation does occur.

Examples of BYOD Policies

There are too many best practices to cover in one blog post, but there are several FREE examples of BYOD policies available on the web to provide ideas regarding what to cover in your organization’s BYOD policy.  They cover several additional best practices to address, including support, reimbursement of costs, handling of lost/stolen/damaged equipment and termination of employment.  Here are links to two of them, courtesy of SHRM and IT Manager Daily.  These and others can be terrific starting points for creating your own BYOD policy, but your policy should be unique to the needs and challenges of your particular organization and you should not only customize it to your needs, but evaluate it periodically and update it as necessary to ensure it continues to cover and protect your organization as much as possible.

For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, feel free to follow, eDiscovery Today And as part of the continued educational partnership between Ipro and eDiscovery Today, he’ll be here in the Ipro Newsroom next week with more educational content!

More than Drawing a Black Box: How to Get Redactions Right for eDiscovery Production

How to Get eDiscovery Redactions Right

More than Drawing a Black Box: How to Get Redactions Right for eDiscovery Production

JD Supra Readers Choice Top Author 2020Written by Jim Gill
Content Chief, Ipro

For most people, redacted documents are the material of spy movies and political scandal. But here in the world of eDiscovery and FOIA requests, they’re a part of everyday life. But that doesn’t mean they’re to be taken lightly! Failure to redact documents or to make sure that redacted content is produced in its redacted format can be case ending (and job ending for the person responsible for the error).

The most common reason this happens, is because law firms and government agencies are taking the “redact by hand” route instead of using tools that properly manage productions to ensure documents meet the expected requirements, making sure the information meant to be kept private is hidden.

Even with redaction technology in place, some file types (like spreadsheet documents) can be difficult to redact, as we see in this week’s eDiscovery Blues™ comic. These challenging file types result in the litigation support or FOIA personnel using Microsoft Office and Adobe Acrobat to draw black boxes over the sensitive material, which is fine if the documents are going to be printed to hardcopy but doesn’t actually redact the digital information from the file.

In one 2019 grand jury filing, a member of the press was able to defeat these types of manually created redactions by simply copying the black-out boxes and pasting the text into a new document, which also brought over the text and metadata.

So how can you make sure redactions on digital documents are done correctly?

“That’s kind of the challenge: picking the right tool for the right job,” says Derek Miller, VP of Business Development at Ipro. “Anyone doing redactions and producing redacted documents needs to understand how these tools work and build measures into their processes to avoid this type of mistake. But mainly you want to make sure you have the right tools in your toolbox. Which means using software that’s specifically designed to redact and produce those redactions accurately.”

Here are a few things to look for in software to ensure accurately produced redactions:

  • Automatically re-OCRs documents to remove the text under the redaction
  • Runs validations to make sure the redactions are burned in and the text is correct
  • Creates layered redactions so multiple production sets can be sent to multiple parties

Along with those functions, some eDiscovery software has added protections which identify documents which may need another layer of review before they’re produced. It’s similar to when your email platform asks if you want to send without a subject line or asks if you’ve forgotten an attachment.

One example of this is Ipro’s Production Shield™, which identifies these documents during the validation phase of the export process, giving administrators the opportunity to correct conflicts and ensure only appropriate documents are produced.

The main thing to remember when dealing with Electronically Stored Information (ESI) is that what you see on the screen is only the surface of the existing data. The same goes getting redactions right for eDiscovery: Just because all you see is a black box, doesn’t mean everything that lies beneath has disappeared.

Ipro’s Production Shield™ is available on Ipro’s Enterprise™ and Desktop™ eDiscovery Solutions.

Ipro Announces the Acquisition of NetGovern, Driving Innovation Across Information Governance & eDiscovery

ipro netgovern acquisition

Ipro Announces the Acquisition of NetGovern, Driving Innovation Across Information Governance & eDiscovery  

Ipro Tech, LLC, the leader in eDiscovery, Case Management, and Trial technology, is excited to announce the acquisition of NetGovern, a leader in Information Governance, Risk, and Compliance software.

Joining these two global companies and their technologies will provide the most innovative workflow in the legal industry, extending across the entire Electronic Discovery Reference Model (EDRM) from Information Governance, to In-Place Early Data Assessment, through eDiscovery and beyond. The companies complement each other perfectly by combining Ipro’s 30-year legacy of focus on law firms, government, and legal service providers with NetGovern’s deep expertise in corporate verticals, including healthcare, public sector, financial services, manufacturing, and transportation.

Evolving market dynamics and customer needs around continued enterprise data growth were the main drivers for this combined effort. As concerns grow regarding compliance, security, and risk management, the significance of economic consequences presents the business impact of properly managed data through the eDiscovery process, and the customer benefit of an integrated solution spanning the entire EDRM becomes even more compelling.

Data is growing at an exponential rate, reaching over 175 zettabytes in the next few years. This growth drives unprecedented challenges across enterprises with concerns ranging from compliance to security to risk management, and ultimately eDiscovery. The economic impact of managing these issues, breaches, and judgements is also spiraling. As Ipro studied these factors with our customers, it became clear that an integrated solution spanning from information governance to discovery would be necessary.

The journey between Ipro and NetGovern began with the January 2020 announcement of a strategic partnership between the two companies, with a focus on the development of integrated capabilities to address rising challenges, allowing real-time access to multiple sources of unstructured enterprise data from one single interface. Those early efforts were so well received by customers that a merger of the companies became the next logical step to drive customer value.

The result of this acquisition empowers IT, HR, and Legal teams to make better informed decisions prior to collecting or duplicating Electronically Stored Information (ESI) from file shares; email servers like O365, Exchange, and Gmail; messaging and chat systems like Slack and Teams; cloud shares like Box and OneDrive; and other data sources, while combining Ipro’s best-in-class eDiscovery capabilitiesincluding data processing, enhanced visual analytics, and intuitive document review – creating the industry’s most flexible, scalable, and powerful eDiscovery experience.

With solutions extending across the entire EDRM – from Information Management and Governance, to Review and Production, and all points in between — legal teams will be able to perform investigations for litigation and internal matters, assess compliance and security risks, place and manage legal holds, defensibly preserve data, respond to subpoenas and public record requests, and ultimately work with outside counsel to prepare for settlement or trial, all while securely protecting enterprise data and intellectual property.

“We are thrilled to combine the strengths of these two companies,” shared Dean Brown, CEO at Ipro Tech, “and we are positioned to take a competitive advantage as the leader in Information Governance and eDiscovery by incorporating NetGovern’s solutions, people, and knowledge into the Ipro family. By integrating these technologies, we will empower corporations to gain control over their data and lower the costs related to data security, compliance, investigations and litigation through the use of in-place indexing and analysis, data connectors, smart collections, and advanced analytics.”

“Ipro and NetGovern have a tremendous amount of experience and synergy, capitalizing on our time in the industry, our solutions, and the customer base we serve,” said Pierre Chamberland, Founder & CEO of NetGovern. Chamberland added, “With all of the functionality, expertise, and development resources that both companies bring to the table, it’s the best time to join these two innovators.”

As of this announcement, Chamberland will transition into his new role as Chief Innovation Officer of Ipro.

Ipro is committed to working closely with their NetGovern colleagues to maintain and strengthen all the great things that NetGovern’s clients and partners love about them today.

With each release moving forward, clients of both solutions will see the benefits of integration with streamlined workflow options, ultimately resulting in the goal of providing a single, scalable solution to meet and exceed industry demands at all stages in the Information Governance and Litigation lifecycle.

 

About Ipro Tech, LLC:

Ipro is the global leader in eDiscovery technology used by legal professionals to streamline discovery of electronic data through presentation at trial. Ipro draws upon decades of innovation to deliver high-performance software, services, and support, flexibly deployed via Desktop, On-prem, Cloud, or Hybrid solutions, significantly reducing the cost and complexity of eDiscovery. For more information, visit https://www.iprotech.com/

About NetGovern:

NetGovern’s information archiving and governance software helps organizations solve data compliance, safeguard personal information, simplify eDiscovery and protect their reputation. Our all-in-one solution offers the fastest speed to value, lowest cost of ownership, and most secure visibility of sensitive information found in messages and files, independent of storage location. https://www.netgovern.com/

About ParkerGale:

ParkerGale Capital is a private equity fund based in Chicago that buys profitable, founder-owned software companies. ParkerGale also hosts the private equity industry’s only podcast, the PE FunCast on iTunes and Google Play. For more information, please visit http://www.parkergale.com/

Recent Case Law Illustrates the Importance of Addressing BYOD in Your Organization

BYOD Case Law

Recent Case Law Illustrates the Importance of Addressing BYOD in Your Organization
Written by Doug Austin, Editor of eDiscovery Today

If you follow my writing, you know that I cover a lot of case law – typically between 60 to 70 cases a year. When you do that, you notice certain trends that illustrate some of the challenges that organizations face today with regard to electronic discovery. One of the more common trends these days relates to cases related to mobile device data and the failure to preserve that data. Many organizations today support a Bring Your Own Device (BYOD) approach to employees and their mobile devices; however, many of them don’t have an effective policy or plan for addressing mobile device data when litigation hits.

Let’s take a look at three recent cases where failure to preserve mobile device data led to sanctions requests by requesting parties.

In DriveTime Car Sales Company, LLC v. Pettigrew, No.: 2:17-cv-371 (S.D. Ohio Apr. 18, 2019), Ohio Judge George C. Smith granted in part and denied in part the plaintiff’s motion for spoliation sanctions against defendant Pauley Motor, denying the plaintiff’s request for an adverse inference sanction by ruling that “DriveTime has not sufficiently demonstrated that Pauley Motor acted with the requisite intent” when Bruce Pauley failed to take reasonable steps to preserve text messages when he switched to a different phone. However, he did note that “less severe sanctions are available to DriveTime under Rule 37(e)(1) upon a finding of prejudice.” Judge Smith also allowed the plaintiff to “introduce evidence at trial…of the litigation hold letter and Pauley Motor’s subsequent failure to preserve the text messages. DriveTime may argue for whatever inference it hopes the jury will draw.”

In NuVasive, Inc. v. Kormanis, No. 1:18CV282 (M.D.N.C. Mar. 13, 2019), North Carolina Magistrate Judge Patrick Auld granted the plaintiff’s motion for sanctions in part, giving the plaintiff additional time to depose and subpoena text messages from a key contact who indicated that he was unable to retrieve text messages beyond two months prior (but also refused to let the plaintiff inspect his devices). Judge Auld also recommended that, “because the record supports but does not compel a ‘finding that [Defendant Kormanis] acted with the intent to deprive [Plaintiff] of the [lost text messages’] use in the litigation, the Court submit that issue to the ‘jury, [with] the [C]ourt’s instruction[s] mak[ing] clear that the jury may infer from the loss of the [text messages] that [they were] unfavorable to [Defendant Kormanis] only if the jury first finds that [he] acted with the intent to deprive [Plaintiff] of the[ir] use in the litigation’”.

In Paisley Park Enter., Inc. v. Boxill, No. 17-cv-1212 (WMW/TNL), (D. Minn. Mar. 5, 2019), a case related to the late rock legend Prince, two defendants not only failed to disengage the auto-delete function on their phones, but they also each wiped and discarded their phone – one did it twice – since October 2017. Minnesota Magistrate Judge Tony N. Leung granted in part the plaintiffs’ Motion for Sanctions Due to Spoliation of Evidence, ordering the Rogue Music Alliance (“RMA”) Defendants to pay reasonable expenses, including attorney’s fees and costs, that Plaintiffs incurred as a result of the RMA Defendants’ “misconduct”, and also ordered the RMA Defendants to pay into the Court a fine of $10,000, but chose to defer consideration of adverse inference instruction sanctions to a later date, closer to trial.

As you can see, failing to preserve data from mobile devices led to various levels of sanctions against the spoliating parties, not to mention the effort it took to defend themselves against even more significant sanctions. Here are two considerations that you need to keep in mind to avoid the same issues that these parties encountered:

  • BYOD Policy: Many organizations support employees’ ability to use BYOD devices, but a lot of them don’t have a formal policy regarding the use and management of those devices, which includes an employee’s duty to preserve mobile device data when litigation hits. Organizations need a clear BYOD policy that emphasizes the rights of the organization and the responsibilities of the employees using BYOD devices for company use, including those associated with preservation and collection of mobile device data. (Check out this post on BYOD policies from Ipro’s eDiscovery Blues series).
  • Litigation Hold Notices: Litigation hold notices need to be extended to enforce preservation of mobile device data, including instructions to suspend any auto-deletion of text messages (as well as messages from other messaging apps) and spell out the responsibilities to preserve data from mobile devices before discarding those devices.

Just because a device is owned by an employee doesn’t mean there is any less responsibility for that employee to take appropriate steps to preserve that data during litigation. Organizations need to take control of that challenge by implementing a formal BYOD policy and ensure litigation hold notices clearly spell out the duty of custodians to extend preservation to their BYOD devices.

Next week, I’ll discuss best practices associated with BYOD policies. My first Ipro cliffhanger!

For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, feel free to follow, eDiscovery Today And as part of the continued educational partnership between Ipro and eDiscovery Today, he’ll be here in the Ipro Newsroom next week with more educational content!

3 Challenges Corporate Legal Teams Face With BYOD

corporate legal BYOD

 

3 Challenges Corporate Legal Teams Face With BYOD

JD Supra Readers Choice Top Author 2020Written by Jim Gill
Content Chief, Ipro

Today’s eDiscovery Blues comic highlights several challenges In-House legal teams might face when working with data in the face of litigation, starting with the sinking feeling that comes when you ask yourself, “Is the I.T. department being sarcastic?” That’s part of the humor here, but the answer given about simply having everyone use Snapchat as a solution for employees using their personal mobile devices for work (Bring Your Own Device or BYOD) raises several points worth discussing.

Corporate Legal Challenge #1: Mobile Devices, eDiscovery & BYOD

Mobile devices can be difficult when it comes to eDiscovery for many reasons. They contain a large variety of file-types and data intermingled with a lot of private information, which may be privileged. Extracting specific information can be difficult and imaging an entire device can be costly (read this example from recent case law for more on the pros and cons of imaging entire mobile devices).

That’s why it’s important to have policies in place to determine how mobile devices are used for business purposes, which is exactly what Rick Compliance, eDiscovery manager, was trying to do when he called I.T. above.

Corporate Legal Challenge #2: Social Media / Chat, eDiscovery & BYOD

Messaging platforms (e.g. Slack, Teams, What’s App) and social media (e.g. Facebook, Instagram, LinkedIn, Snapchat) go hand in hand with mobile devices, and we all know that business is conducted across multiple platforms and devices, sometimes simultaneously. Gaining insight into the ESI created by these can be difficult.

With social media, data can usually be requested from the source company (For example, Instagram has a data request form in its Privacy and Security settings), and chat files can be exported, but both of these can be difficult to put into a review-ready format, losing the context of the conversations held within them. And these new data sources continue to grow and be used in interesting ways, as this recent case shows: Etsy Post Leads to Arrest of Cop Car Arson Suspect in Philly.

Knowing if these platforms are a potential source of data for your organization should litigation arise is vital. Having policies in place around their use for business and alignment between Legal and I.T. should this data need to be collected is ideal.

Corporate Legal Challenge #3: Avoiding Sanctions for Mobile Data Spoliation, Including Ephemeral Data

Finally, the notion of a company telling employees to use ephemeral data messaging as part of their BYOD policy isn’t so far-fetched. And it can lead to sanctions.

In a recent case, WeRide Corp. v. Huang et al. (N.D. Cal. Apr. 24, 2020), the defendants were sanctioned under FRCP Rule 37, because they directed employees of their company AllRide to communicate using the application DingTalk internally. The CEO testified, he felt it was “more secure” than other messaging platforms; however, DingTalk allows for “ephemeral messages” that automatically delete after they have been sent and read (much the same as Snapchat, mentioned in the cartoon above).

The court’s ruling stated, “AllRide left in place the autodelete setting on its email server, began using DingTalk’s ephemeral messaging feature, and maintained a policy of deleting the email accounts and wiping the computers of former employees after the preliminary injunction issued. This practice of destroying potentially discoverable material shows both willfulness and bad faith. Based on these undisputed facts, the Court finds it appropriate to issue terminating sanctions.”

Conclusion

Mobile Data is no joke and having alignment between Legal, IT, Compliance and other stakeholders is a must before litigation arises. Without clear policies in place, there are so many ways mobile data can quickly become a problem.

For more insights into your organization’s data landscape, Download the Ipro Pre-Litigation Data Inventory Checklist now!

Ipro Pre-Litigation Data Checklist

4 Reasons Why Summer is the Right Time to Start the Ipro Virtual Administrator Training Series

Ipro Virtual Administrator Training

4 Reasons Why Summer is the Right Time to Start the Ipro Virtual Administrator Training Series
Written by Julie Badger, Product Learning Experience Manager, Ipro

While it may be summer, the time for learning doesn’t stop, and we here at Ipro are focusing our energy on helping our customers get the most out of their Ipro products with Ipro training courses.

The Ipro training team has built a solid body of training materials and courses targeted to meet the needs of adult learners where they are. You might wonder, “What’s so different about adult learners?” Well, research shows that adult learners learn differently, have different motivations, and different educational needs which must be addressed:

  • Adult learners draw on their past experiences to inform their current learning objectives.
  • Adult learners are goal oriented, targeted learners who narrow their learning objectives to only what is most relevant and applicable.
  • Adult learners are also very self-directed and learn more by practicing and doing than by rote memorization.

With adult-learning theory in mind, we’ve adapted our former in-house training courses and made them available in in virtual web-series format. The beauty of this adapted course curriculum is that it gives the learner the ability to grasp the concepts by following along during the lecture-based training. Then, separately, learners can go work on the practice exercises and homework to deepen their understanding of the materials in the context of their own software implementation. The combination of lecture-based learning with self-guided learning can really help cement the core concepts in a learner’s brain.

At Ipro we’re committed to educational excellence and would love to help you meet your education goals in 2020.

If you book an open session for the Ipro Virtual Administrator Training Series
any time between June 1st and July 31styou can receive a 20% discount on the course fee:
Use the promo code SUMMER20 when you sign up. 

Click Here for More Information — We hope you’ll join us!

Time to Update Your eDiscovery SWOT Analysis! (If You Even Have One)

eDiscovery SWOT Analysis

Time to Update Your eDiscovery SWOT Analysis! (If You Even Have One)
Written by Doug Austin, Editor of eDiscovery Today

Periodically, it’s a good idea to reassess your SWOT analysis and update as appropriate to address changing environmental opportunities and threats.  And with the impact that the COVID-19 pandemic has had on so many businesses, there has never been a better time to consider updating your SWOT analysis – or creating one in the first place if you didn’t already have one.

What is a SWOT Analysis?

What the heck is a “SWOT” analysis? It’s a structured planning method used to evaluate the Strengths, Weaknesses, Opportunities, and Threats associated with a specific business objective. That business objective can be a specific project or all of the activities of a business unit (e.g., your discovery practice). And it involves not only identifying that specific business objective but also identifying the internal and external factors that are favorable and unfavorable to achieving that objective.

The SWOT analysis breaks down as follows:

  • Strengths: Characteristics of the business or project that give it an advantage over others, such as activities your business unit does well, skills of your internal resources, etc.
  • Weaknesses: Characteristics that place the team at a disadvantage relative to others, such as attributes that you don’t have (but your competitors do), resource limitations, etc.
  • Opportunities: Elements in the environment that the project could exploit to its advantage, such as emerging need for your products or services, lack of competition, etc.
  • Threats: Elements in the environment that could cause trouble for the business or project, such as emerging competitors, change in economic conditions, etc.

Strengths and opportunities are helpful to your business unit; weakness and threats are harmful to it. Strengths and weaknesses are internal in origin and are attributes of your business unit, while opportunities and threats are external in original and are attributes of the environment that affects your business unit – many of your strengths or weaknesses may in fact be in response to those opportunities and threats.

Defining your “competitors” depends on what your business unit is designed to do. If you’re a litigation unit (in a corporation and/or law firm), your competitors could be the other side in a specific case. If you’re an eDiscovery provider, your competitors could be other providers with which you’re competing for business.

How to Conduct a SWOT Analysis:

To conduct a SWOT analysis, create a 2 x 2 matrix with the strengths and weaknesses on one row and the opportunities and threats on the following row.  You can easily create one using Excel or Word tables. Here is an example of what an empty SWOT analysis can look like, courtesy of Wikipedia.  Once you have constructed an empty SWOT analysis, you then proceed to list your business unit’s strengths and weaknesses and the opportunities and threats affecting your business unit in the respective boxes.  The exercise can help you make decisions about areas for your business unit to address to maximize its success.

Example eDiscovery SWOT Analysis:

While there are certainly threats during this challenging time, there are also opportunities that can impact your business as well, if you’re prepared to take advantage of them. Let’s take a look at a few of both:

Opportunities:

  • While this would be considered a “threat” for non-litigation related businesses, there is expected to be a large swell of litigation cases filed related to the pandemic and associated economic challenges derived from it that could lead to additional business for litigation and eDiscovery providers.
  • Layoffs at many eDiscovery providers and law firms have led to a huge available talent pool of qualified talent in eDiscovery. There has never been a better time to add talented and experienced staff to move your company forward.
  • The move toward remote work has opened up the talent pool available to fill open positions. Geographical location/willingness to relocate has been effectively limited as a position requirement for many positions, causing the list of potential qualified candidates to expand considerably.

Threats:

  • Court closures have slowed case dockets, which have (in turn) reduced requests for eDiscovery services, at least in some cases in the short term.
  • Business uncertainty has led to fewer requests for eDiscovery services, extended payment cycles for services and software or even potential defaults on payments for companies going bankrupt.
  • Lack of in-person interaction with clients and prospects in meetings and at conferences have affected the ability for eDiscovery providers to attract new customers or retain existing ones.

Sometimes, a factor could be either an opportunity or a threat, depending on your situation. For example:

  • Closing of offices has forced eDiscovery providers to offer their services remotely.

This could be a threat if your company wasn’t prepared to offer remote services when the pandemic hit. But it could be an opportunity if you were already providing a well-defined remote alternative for those services as your organization is now ahead of those who did not have a well-defined remote offering.

Regardless, the opportunities and threats derived from the COVID-19 pandemic are unique to each business, and it’s an ideal time to update your SWOT analysis to address them to maximize the success of your business unit.

For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, feel free to follow, eDiscovery Today!  And as part of the continued educational partnership between Ipro and eDiscovery Today, he’ll be here in the Ipro Newsroom next week with more educational content!

In Honor of Juneteenth, CEO Dean Brown Reiterates Ipro’s Commitment to Diversity

Ipro commitment diversity

In honor of Juneteenth, the day the United States officially ended slavery, CEO Dean Brown sends this message regarding Ipro’s continued commitment to diversity and the defense of equal rights for all people.

“This has been a difficult and emotional time for all of us, and Ipro felt it was important to first listen and learn from Black voices. In light of the necessary conversations that are happening across our country now, I want to share where Ipro stands regarding these issues.

“Ipro sees value in each and every person. We remain committed to providing a working environment that does not tolerate racism or discrimination in any form. We foster a culture of open dialogue where we listen and learn first, while providing increased resources and outlets for sharing and support for our employees of all races, genders, sexual orientations, abilities, and religions.

  • Treat others with respect—the way you would want to be treated.
  • Defend equal rights for all people.
  • Participate in our democracy and speak up when you see a wrong.

“Ipro’s commitment isn’t new, but we stand behind it and affirm that we will continue to seek and support diversity.”

Workflow Woes: How Paralegals Can Create and Maintain Effective eDiscovery Processes

paralegals eDiscovery Workflows

Workflow Woes: How Paralegals Can Create and Maintain Effective eDiscovery Processes

JD Supra Readers Choice Top Author 2020Written by Jim Gill
Content Chief, Ipro

I have heard stories from paralegals about the challenges they face in trying to establish effective and repeatable workflows at their firms around Electronically Stored Information (ESI) and moving it through the discovery process. Today’s eDiscovery Blues was inspired by one of these stories, where the attorney had always organized documents with binder clips, and when it came to emails, the paralegal had to print those out, so they could be organized as well.

Hopefully by now, in 2020, litigation support teams understand how to leverage technology to save time, ensure accuracy, and pass on savings to their clients, even when working with a combination of ESI and hard copy documents (read this excellent Case Study with Whitney Farrell at PPS&C on how they were able to do exactly that); but it still raises the issue of workflows not being regularly reviewed or even created in the first place. On a recent Ipro webinar about creating workflows, a poll showed that a majority of the audience were working on a case-by-case basis when it came to process.

Brittany Thaler is an expert on eDiscovery workflows: she worked as a paralegal for 13 years, taught in Everest College’s paralegal training program, and is currently on the Ipro training team. “In my former life as a paralegal,” she says, “that was my task: Create a workflow, create a template, create a chart of what litigation looks like from complaint to appeal with all the tools we have available – whether that was with or without discovery tools – and when to begin trial preparation.” She continues:

“The key to making a good workflow isn’t the creation part. It’s how it actually functions in the real world. Be mindful that eDiscovery is changing the way a traditional discovery is being governed. Keep up on those changes and modify your workflows accordingly.”

Workflows shouldn’t be written and then left to gather dust. They need to evolve. That’s why it’s a good best practice to schedule a regular workflow evaluation every 6 to 12 months, to see how your teams are using the workflows and templates you’ve provided. What’s working, what isn’t working? Are they even being used?

From this you can get input from everyone involved – paralegals, litigation support, and attorneys – so that you can build repeatable processes that don’t require your team to reinvent the wheel with each case, but instead ensure accurate and efficient outcomes each time.

For more on how paralegals can create an effective eDiscovery workflow,
Listen to this webinar: Becoming the Indispensable eDiscovery Practitioner

Becoming the Indispensable eDiscovery Practitioner from Ipro Marketing on Vimeo.

 

Think You Have Extra Time to Prepare for CCPA Because of COVID-19? Not So Fast.

Prepare for CCPA

Think You Have Extra Time to Prepare for CCPA Because of COVID-19?  Not So Fast.

Written by Doug Austin, Editor of eDiscovery Today

On June 1, California Attorney General Xavier Becerra submitted proposed regulations under the California Consumer Privacy Act (CCPA) to the California Office of Administrative Law (OAL), according to a news release from the Office of the Attorney General of California (OAG).  OAL has 30 working days and an additional 60 calendar days under Executive Order N-40-20 related to the COVID-19 pandemic, to review the package for procedural compliance with the Administrative Procedure Act.  However, Becerra requested OAL to conduct an expedited review and declined to delay enforcement of CCPA from the original planned date of July 1st, but indicated he would exercise “prosecutorial discretion if warranted”.

CCPA was signed into law on June 28, 2018, and went into effect on January 1 of this year. The CCPA requires covered organizations to provide California consumers with a number of privacy-related rights, including the right to: (1) know which personal information an organization collects and how it shares that information with others, (2) request that an organization provide to the consumer the specific data elements of personal information it has collected, (3) demand that an organization delete the individual’s personal information, and (4) opt out of an organization’s “sales” of personal information to third parties. It applies to any organization that has California consumers, even if they’re not located in California.

“As our lives increasingly move online, our data privacy becomes more important than ever. The California Consumer Privacy Act, which gives consumers choice and control over personal information in the marketplace, is game-changing and historic,” said Attorney General Becerra in the news release. “Our regulations provide businesses and individuals with guidance on how to protect that choice and boost transparency, while continuing to unleash innovation. Businesses have had since January 1 to comply with the law, and we are committed to enforcing it starting July 1.”

The proposed regulations package includes the 29 page Final Text of Regulations and the 59 page Final Statement of Reasons, which also has six appendices regarding comments submitted and responses to those comments.

As noted in this blog post by Troutman Sanders, normally, for the CCPA regulations to be effective by the originally-anticipated July 1 enforcement date, AG Becerra should have submitted the proposed regulations to the OAL, and filed the approved rules with the Secretary of State no later than May 31.  But, in responding to requests to delay enforcement, Becerra said this:

“The OAG has considered and determined that delaying the implementation of these regulations is not more effective in carrying out the purpose and intent of the CCPA. The modified rules, which include regulations on employment-related information, were released on February 10, 2020 and revised on March 11, 2020. Thus, businesses have been aware that these requirements could be imposed as part of the OAG’s regulations. Indeed, many of the regulations are restatements of a business’ obligations under the CCPA, which went into effect on January 1, 2020…To the extent that the regulations require incremental compliance, the OAG may exercise prosecutorial discretion if warranted, depending on the particular facts at issue. Prosecutorial discretion permits the OAG to choose which entities to prosecute, whether to prosecute, and when to prosecute…Thus, any regulation that delays implementation of the regulations is not necessary.”

So, as far as Becerra is concerned, your organization should have already been planning to be compliant with CCPA as the Final Text of Proposed Regulations is identical in substance to the Second Modified Regulations issued back on March 27.  But, it seems a lot of organizations are still not ready, just as many weren’t ready for Europe’s General Data Protection Regulation (GDPR), when it went into effect in May 2018.  It’s more important than ever for organizations to track their data, make sure their privacy policy is up to date, develop processes for consumer requests and provide appropriate training to their employees to comply with the policy.  Discovery isn’t just for litigation anymore; it’s also about having a discovery program in place to meet your data privacy compliance needs.  And, while many companies don’t have active litigation which requires a structured approach to discovery, data privacy compliance is a universal need for every company.  I’m sure the level of preparedness within your organization will factor into the “prosecutorial discretion” that Becerra mentioned in his comments should your company violate data privacy rights of California consumers.  Time is almost up!

As part of the Educational partnership between Ipro and eDiscovery Today that was announced earlier this month, I’m excited to say that I will be writing a new weekly blog post for Ipro’s blog, to supplement the excellent educational content that Jim Gill and the Ipro team regularly provide!  Just like I do on eDiscovery Today, I will write educational posts about a variety of topics related to eDiscovery, cybersecurity and data privacy. So, look for a post from me each week here!