It’s Time to Update Your Organization’s Data Map

data map

It’s Time to Update Your Organization’s Data Map
Written by Doug Austin, Editor of eDiscovery Today

Déjà vu all over again!  A few weeks ago, I wrote about updating your “SWOT” analysis (Strengths, Weaknesses, Opportunities, and Threats) matrix to understand how your organization is addressing opportunities and threats associated with a specific business objective and how those opportunities and threats have changed significantly with the onset of the COVID-19 pandemic.  And, we have a webinar coming up about it too!  But, that’s not the only organizational document you need to consider updating.  It’s time to update your organization Data Map too!  If you even have one, that is.

What is a Data Map and Why is it Important?

As the name implies, a Data Map is simply a guide to the location of data throughout the organization and important information about that data, such as the business units, processes and technology responsible for maintaining the data, as well as retention/deletion periods for that data.  It goes hand in hand with your organization’s retention schedule and other policies for handling sources of information and devices that contain them, such as your organization’s Bring Your Own Device (BYOD) policy.

BTW, the term “map” is a misnomer, at least in today’s world.  While an organization’s data locations could have once mostly reflected an IT network map of data stores, there are too many remote data stores and sources being used – mobile device data and cloud-based providers, for example – to really “map” the data these days.  Your organization’s data “map” could be as simple as an Excel spreadsheet of data sources to a complex database of sources, custodians and locations.  It could also be supplemented by knowledge management platforms, like SharePoint.

If your organization is involved in a lot of litigation, having an up-to-date organization Data Map has always been vital to being able to get a jump on identifying, preserving and collecting potentially responsive ESI.  Data maps enable you to: 1) avoid missing potentially important ESI in your preservation and collection efforts, and 2) more accurately estimate timelines and budget for those efforts.

However, because of Europe’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) and data privacy laws from many other states and countries, Data Maps have become much more important for any organization, regardless whether they have a lot of litigation or not.  Rights for individuals that include the right to be informed, the right to be forgotten and the right to restrict processing have made it important for every organization to identify any Personally Identifiable Information (PII) and subsets of PII such as Protected Health Information (PHI) wherever it may be maintained.  If you’re an organization that has a customer base of any size, there is simply no reason not to have a Data Map these days.

Four Best Practices for Better Data Mapping

Whether you already have an organizational Data Map or are looking to create one for the first time, here are some best practices for better Data Mapping:

  • Get Commitment from Departments Early: This includes any department with potentially important ESI to litigation, investigation and compliance activities, including legal, IT, records management, InfoSec (if separate from overall IT management), finance and relevant business units. Your Data Mapping effort can only succeed if the right departments are represented and they are committed to the process.
  • Document and Train: Your Data Map and instructions for maintaining it need to be clear and they need to integrate with other policies and procedures, such as retention schedules and BYOD policies. Anybody who possesses data within your organization (i.e., everybody) should be trained on those Data Map instructions and policies.
  • Communicate Frequently: There’s nothing worse than beginning the custodian interview process and finding out there are entire systems and data stores that haven’t been documented, so each department needs to identify any new initiatives that may affect existing data stores or create new ones.
  • Keep it Evergreen: No, that has nothing to do with Christmas trees, it involves a regular process of keeping the Data Map current so that it can accurate when a case begins, an investigation is launched, an audit is filed, etc.

Drivers to Data Mapping in 2020

So, why could it be time to create or update your organization Data Map?  Here are two drivers for consideration:

  • Data Privacy Laws Continue to Evolve: While California gets all the attention with CCPA, many other states have either implemented or proposed new or updated data privacy laws in the past couple of years. Some (like Hawaii, Maryland, Massachusetts, Mississippi, New Mexico and Rhode Island) have proposed laws that are virtually identical to the CCPA; while others (like Arizona, Massachusetts, Mississippi, Nevada, New Jersey, New York, Virginia, Washington) have proposed laws with key differences.  Not to mention, we are only beginning to see how the laws will be enforced.  It will take a concerted effort to stay on top of all the changes and how they will potentially impact your organization Data Map.
  • Remote Work During the Pandemic Has Reshuffled the Data Location Deck: Certainly, while some of your data custodians may have already worked at home all or part of the time, many have only been doing it since the pandemic began and they may be having to access certain data sources vital to their business functions in different locations. Even for Office 365 organizations, certain employees may be keeping more data local than they have in the past, or they may be storing more data in different cloud resources, via third party platforms such as Dropbox.

Chances are your organization Data Map needs at least some adjustments to reflect current data locations since the pandemic began, so it’s time to update it!  Next week, I’ll discuss some of the types of information you should include in your Data Map to keep track of the what, where, when, who and why associated with your organization’s ESI.  Another Ipro cliffhanger!

For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, follow, eDiscovery Today! And as part of the continued educational partnership between Ipro and eDiscovery Today, he’ll be here in the Ipro Newsroom next week with more educational content!

Robots Are Your Friends: The Need for Artificial Intelligence in eDiscovery

artificial intelligence eDiscovery

Robots Are Your Friends: The Need for Artificial Intelligence in eDiscovery

JD Supra Readers Choice Top Author 2020Written by Jim Gill
Content Chief, Ipro

I saw this headline on another legal blog a few days ago: AI may be your new Co-Worker! Which of course led to this week’s eDiscovery Blues™ cartoon. For years now, people have been talking about the Rise of the Robot Lawyers in the legal tech industry, but so far, Skynet still hasn’t happened.

In fact, a 2020 survey by Deloitte found that of 1300 CIOs who participated, 60% said Artificial Intelligence (AI) “would assist rather than replace workers.” And there’s no doubt we can use the help.

With the continued growth of data, human efforts alone won’t be enough to manage all of the information created by individuals, businesses, and government agencies. Doug Austin at eDiscoveryToday just published a great piece on Artificial Intelligence (AI) and its effect on eDiscovery.

He states that we can expect “463 exabytes (over 463 million terabytes!) of data to be created each day globally by 2025. Artificial Intelligence (AI) plays a big part of that reason for the mushrooming growth of personal data.  It’s a big mess. Now, with data privacy laws strengthening, since AI helped get us into this mess, can it help get us out?”

In eDiscovery we’re already well aware of the various types of machine learning – clustering and predictive coding are the most prevalent – which legal teams can use to cull large datasets, identify PII, and locate responsive Electronically Stored Information (ESI). But there are still many in-house legal teams and law firms out there who try to apply more manual workflows to these situations without recognizing the value AI can bring.

It’s difficult to put an exact dollar-amount on how much savings a particular technology creates for legal teams, because every matter is unique, with infinite variables involving discovery parameters, data volume, and data types. But Stephen Goldstein, Director of Practice Support at Squire Patton Boggs, speaking at the 2019 Ipro Tech Show, gives a general breakdown of how using predictive coding adds value.

“If you start with 500,000 documents—and they’ve already been de-nisted and threaded, and you’ve gotten down to the core of the data you need to work with—a very good keyword approach would reduce that by about 65%, and you’d still have 175,000 documents. If that is sent to a managed review service, they could plow through them for a charge of around $180,000 for that kind of project, give or take. And that is assuming none of that work comes internal to lawyers who bill $400 an hour but is based on a $40 an hour charge.

“The predictive coding scenario is one that I’m very familiar with, and it’s one that we use. We would probably get an 85% reduction in the data, with fewer documents to review, at a far less cost. And we would have the benefit of that technology being in place to help with QC.”

This benchmark of saving a dollar for every document not sent for outside review – or as I heard one attorney say “a buck a doc” – is important to remember for both corporate in-house legal teams and law firms alike. But to do that with such large datasets, while protecting PII and meeting compliance requirements, you must leverage technology. No need to fear the robot overlords – say hello to your new AI assistant.

 

Learn more about Ipro’s AI & Advanced Analytics!

Ipro for Enterprise from Ipro eDiscovery & InfoGov on Vimeo.

3 Ways Corporate Legal Teams Can Mitigate Risk

Corporate Legal Mitigate Risk

3 Ways Corporate Legal Teams Can Mitigate Risk

Risk can be discussed in so many different ways when it comes to corporate data. The company itself wants to avoid risk involving litigation, internal investigations (which could lead to litigation), loss of IP, and other issues of liability. IT is concerned with risk around data security, breaches and hacks, privacy, as well as information governance. And Legal is concerned with gaining insight into the data in order to build an agile and effective response to adverse events with the goal of a speedy resolution in a defensible manner.

That’s why Ipro created a series of resources around the Top 3 Challenges for Corporate Legal Teams.

In this installment you’ll gain insight into where Corporate Legal Departments Can Mitigate Risk: 

  • Records management / Information Governance
  • Minimize Number of Outside Firms
  • Leveraging Technology to Enable Inter-Departmental Alignment

Download the overview today!

Top 3 Challenges for Corporate Legal Teams

Three Components to Assessing Your Organization’s eDiscovery Readiness from the Ground Up

eDiscovery Readiness

Three Components to Assessing Your Organization’s eDiscovery Readiness from the Ground Up
Written by Doug Austin, Editor of eDiscovery Today

A few weeks ago, I wrote about updating your “SWOT” analysis (Strengths, Weaknesses, Opportunities, and Threats) matrix to understand how your organization is addressing opportunities and threats associated with a specific business objective.  Certainly, those opportunities and threats have changed significantly with the onset of the COVID-19 pandemic.  But, the SWOT analysis isn’t completed in a vacuum – chances are that you have some information to gather to complete that SWOT analysis fairly and accurately.

Over the years, I’ve conducted discovery readiness assessments for organizations where my team has gathered information and then prepared a report for the organization to not only complete a SWOT analysis for them, but also to identify several recommendations for them to consider to improve their handling of current litigation and to be better prepared for future litigation.  Those recommendations are categorized along the lines of 1) Planning, 2) Identification, Preservation and Collection, 3) Processing, 4) Review and 5) Production and they are designed to help an organization improve their approach to discovery over the life cycle of a litigation, as well as to be better prepared to plan for litigation support in the first place.

Gathering information to generate a SWOT analysis and identifying recommendations in these five categories consist of three components, as follows:

Evaluating Company Documentation: Several organizational documents are needed to learn more about the organization and how it currently manages discovery for various cases.  Review of these documents is necessary to understand the issues facing the organization and identify personnel for potential interviews.  Examples of the documents to be reviewed include:

  • Organizational chart for relevant departments (e.g., legal department, IT and records management);
  • Copies of document/data retention policies with retention/destruction schedules;
  • Copies of any other relevant policies, such as Bring Your Own Device (BYOD) policies;
  • Examples of litigation hold notices or a standard template for litigation hold notice (to demonstrate how holds are implemented);
  • General metrics on their litigation portfolio, including total number of litigation cases, overall and by practice area;
  • Any litigation budget documentation they could provide, at an annual level for each practice area;
  • Examples of questionnaires given to custodians regarding identification and/or potential collection of ESI;
  • Sample chain-of-custody logs for handling documents and data and any available procedures for using the logs;
  • Policies and procedures for backup and restore of company data;
  • Policies and procedures for managing data for employees when they depart the company.

Those documents enabled us at a high level to understand the policies, challenges and constraints associated with the organization.  Needless to say, lack of documentation in any of these critical areas could become a noted weakness on the SWOT analysis to be addressed.

Conduct Interviews of Key Personnel: Documentation can only get you so far, especially when there are certain policies and procedures missing.  Understanding what’s going on at a company requires interviews of key personnel within relevant departments to determine how processes are handled that may not be documented, or whether certain documented policies are being followed as intended.  Typically, this should entail interviews with at least one or two key representatives of the legal department, IT and records management departments, and possibly other departments as well.

The number of interviewees and the questions being asked vary from company to company and can be influenced by 1) organizational structure, 2) litigation portfolio and types of cases being litigated and 3) policies and procedures currently in place.  While there are certain topics an organization will always want to address, others will be customized depending on the organization and the three parameters noted above.  Not only that, but some questions will be identified as you go and there may be a need for follow-up with personnel already interviewed if subsequent questions are identified during the process that only they can answer.

Conduct a Survey of a Broader Group of Employees in Key Departments: This approach can flush out potential issues about which the key personnel may not even be aware and identify some of the frustrations encountered by the “rank and file”.  For example, we did a survey once for an IT department where we found out that even though there were policies in place for how to handle computer for departed employees, those policies weren’t being followed and there were one or two storage closets containing laptops and desktop computers of former employees that the IT director wasn’t aware of, but the rank and file knew about.  You can’t expect to get a complete picture by just interviewing the leadership team of various departments; you also have to gather information across those departments to paint a complete picture of what’s going on in the department.

These three mechanisms for gathering information are going to be key to not only complete your SWOT analysis, but also to identify recommendations for improving your organization’s overall discovery readiness.  Without them, your SWOT analysis might not reflect the complete picture of your organization’s strengths, weaknesses, opportunities and threats.

For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, follow, eDiscovery Today! And as part of the continued educational partnership between Ipro and eDiscovery Today, he’ll be here in the Ipro Newsroom next week with more educational content!

Courtroom Drama: Trial Presentation Best Practices for the Virtual Courtroom

Trial Presentation Virtual Courtroom

Courtroom Drama: Trial Presentation Best Practices for the Virtual Courtroom

JD Supra Readers Choice Top Author 2020Written by Jim Gill
Content Chief, Ipro

As early as May, the ABA Journal was raising the idea of Virtual Trials becoming a part of the “New Normal,” an oft-used phrase to indicate life moving forward in the aftermath of the global COVID-19 pandemic. Now, three months later, virtual hearings and trials are becoming a regular occurrence, and as they do, challenges arise with them.

This week’s eDiscovery Blues cartoon tries to capture a few of those challenges with our usual combination of levity and insight; in particular, the struggle of an attorney being able to gauge the reactions of various parties while presenting an exhibit on screen. Also, it was hard to pass up the chance to show someone taking advantage of professional attire for the camera, while still rocking shorts and fuzzy slippers off screen.

A Few Basics to Consider for Trial Presentation in the Virtual Courtroom

As most of us become accustomed to video conferencing and remote work, a few things start to become apparent as being necessary.

Second Monitor:

When you move from a real life setting to video, your brain might be expecting the outcome of a multi-camera television production, but the reality ends up something like today’s cartoon. But with Zoom calls, you actually do have multiple camera views to work with. This is where having, at minimum, a second monitor in order to optimize presenting as well as organizing participant and speaker views is crucial.

Backgrounds, Dress Codes, Lighting & Audio:

In the recent congressional hearings with the leaders of Google, Facebook, Amazon, and Apple, one thing that came out of that was an analysis of the speakers’ video presences (There was a great write up about it in the NY Times).

Keeping that in mind, here are some things to consider:

  • Attendees should keep their background simple and neat (backgrounds such as a beach landscape or a galaxy are inappropriate for the courtroom).
  • As dress codes are still required, attire needs to be professional. At least follow the “Zoom mullet” approach – business on the top, party on the bottom.
  • Also consider staying away from striped patterns in clothing. In a recent hearing, one participant was constantly closing his eyes, because another participant’s striped blouse was making him slightly nauseous as the pattern was visually vibrating.
  • Good lighting is also very important. Avoid being backlit. Also avoid dark spaces and shadows, which can add an unintentional, somber mood. Ring lights are more popular than ever and for good reason.
  • If you have to choose between good audio or good video, choose good audio. Investing in a quality mic can have a huge impact.

Opportunities & Challenges for Virtual Trials and Hearings

To get more insight into the current situation, I reached out to Alicia Aquino, who is a Trial Presentation Specialist and Litigation Consultant, for her take.

“Online trials are such a controversial topic; however, we see it CAN be done. Whether you’re in-person or online, organization and preparation are the keys to a seamless trial.”

She goes on to add a few of the challenges she’s currently seeing.

“We are finding that access to technology may be an issue for some states and counties.  In an ideal situation, jurors would use dual monitors during trial. As with an in-person trial, the cost of trial equipment is shared between parties, ensuring all jurors have an adequate set up may be the burden of the parties in the future.

“Another challenge with online trials is the internet speed varies from home to home, and jurors and parties are being dropped, causing delay.  A possible solution may be asking jurors to participate at a public setting (i.e. library or government building) which can accommodate for safe social distancing.

“There is a high level of importance for a technical or ‘IT bailiff’ during an online hearing or trial to assist with the coordination of jurors, breakout rooms, and any other tech issues. This person is trained by the court to handle the back end of the platform and logistics.  Some courts face an issue with the budget of having a full-time person assist with technology.

“Court reporters are being tasked with pulling up exhibits in a deposition; however, having an experienced trial tech will help streamline this process. Let the attorney handle the legal arguments while the tech handles the software and evidence.”

3 More Things to Consider for Trial Presentation in the Virtual Courtroom

For further insight on how to better prepare for virtual courtroom presentation, I turned to Janelle Vindiola, Senior Project Manager for the Ipro Trial Services Team.

    1. Practice, Practice, Practice

Take time for incorporating multiple practice sessions within your own legal team, so they can learn what to expect when presenting visual evidence in a remote environment. Practice sessions can help determine internet connectivity between parties (including witnesses) to allow time for upgrading equipment if needed. And, as the court is usually the web host, allow time for a practice session between court and counsel to understand the court’s expectations and requirements, as well as learning the workflows between all parties.

    1. Organization of Exhibits is Key to a Smooth Presentation

If it is not already part of the process, it is suggested for the legal team to share a daily outline of exhibits to be presented. Because the trial tech does not have the convenience of sitting next to counsel, an outline will help the tech easily follow the counsel’s direction of strategy and on queue to present.

Make sure to have an alternate file sharing application to support distribution, since Zoom has a file size limitation of 512MB. Also, courts are known to disable the chat and breakout rooms in Zoom, so the file sharing function may not even be available.

It is crucial to make sure all parties are on the same application platforms to easily follow group communications and data transfers. For trial teams (including trial techs), they will need to confirm alternate communications and have their own private cloud share as well.

    1. Security is Important

Make rooms private where possible and assign someone to vet participants as they enter the discussion. Zoom has a “waiting room” where people must go before being allowed in as means to prevent “Zoom bombing.” Someone will need to monitor that area for attendees if the proceedings are open to the public.

As web hosting may not be 100% secured, review and understand the security policies of your web application and best workflows. Zoom is constantly updating their security features; make sure everyone has the latest build.

Conclusion

As Alicia Aquino puts it, “The COVID-19 pandemic has created an opportunity for the legal industry to embrace technology and move cases through a virtual space. Although online jury trials are not ideal for long term, it is a viable option until we can all safely enter the same courtroom together. Although most courts are already familiar with Zoom for online hearings, there is an opportunity for a platform to be customized specifically to our industry and online courts.”

While there are certainly other challenges that will continue coming up, a little planning, preparation, and communication can go a long way. Things have definitely changed in the past few months, but it’s exciting to see how our industry is leveraging technology to keep the justice system moving forward.

 

See how TrialDirector 360 can help you make an impact during trial!

TrialDirector 360, by Ipro from Ipro eDiscovery & InfoGov on Vimeo.

 

3 Ways Corporate Legal Teams Can Gain Operational Efficiencies

Corporate Legal Operational Efficiencies

3 Ways Corporate Legal Teams Can Gain Operational Efficiencies

More and more, corporate legal teams are looking for efficiencies across all departments, both inside the organization and with external partners. In order to gain efficiencies, you must first benchmark performance and measure KPIs. A first step then for in-house legal teams is to set objectives for the department that align with the overall business goals of the company, then figure out if the data exists to begin the process of tracking performance.

That’s why Ipro created a series of resources around the Top 3 Challenges for Corporate Legal Teams.

In this installment you’ll gain insight into where Corporate Legal Departments Can Look for Operational Efficiencies: 

  • Relationships with Internal Stakeholders
  • Bridging the Communication Gap
  • Relationships with Outside Counsel & 3rd Party Vendors

Download the overview today! And stay tuned for the Final installment next week!

Top 3 Challenges for Corporate Legal Teams

 

Eight is Enough! Eight Considerations for Defensible Deletion, Part Two

defensible deletion

Eight is Enough! Eight Considerations for Defensible Deletion, Part Two
Written by Doug Austin, Editor of eDiscovery Today

Last week, I covered the first four considerations to minimize your organization’s Redundant, Obsolete and Trivial (R.O.T.) data effectively, while tying them to the classic 70’s TV Series Eight is Enough. This week, I’ll cover the remaining four considerations while tying into quotes from great American philosophers (if you’re a movie fan, that is).

Get An Assist From Technology

With more data being managed by organizations, it’s more difficult than ever to manage it through just through human tracking and best practices.  Historically, in discovery, we’ve seen data move to the technology and the tendency has been to collect broadly, then cull downstream to identify potentially responsive ESI for review and possible production.  But, with so much data these days, we’re starting to see the technology move more to the data to help organizations better understand what they have up front and only collect what’s potentially responsive.

Index-in place technologies are becoming more prevalent to not only enable organizations to perform In-Place Preservation, but also to help organizations identify R.O.T. outside of a preservation obligation to enable them to get rid of that R.O.T. before litigation happens, potentially saving them as much as $1.5 to $3 million per terabyte eliminated from potential discovery.

Keep Your Records Retention Policy Current

Your organization surely has a records retention policy by now, right?  If you said “yes”, good (if you said “no”, re-read the first four considerations from last week).  Regardless, having a policy and keeping it current are two different things.  Just two years ago, neither GDPR nor CCPA was in effect, so the data privacy landscape was considerably different than it is today.  The collaboration application Slack has ten times the number of users it had just a few years ago.  The data within your organization and your obligations for maintaining and protecting that data are regularly changing, so it’s important to keep your records retention policy up to date with those changes.  As the great American philosopher Ferris Bueller once said “Life moves pretty fast. If you don’t stop and look around once in a while, you could miss it.”  This is true for data considerations within an organization as well.

Extend Defensible Deletion to BYOD Devices

As I wrote a few weeks ago, it’s important to have a strong Bring Your Own Device (BYOD) policy in your organization to minimize security risks or you could be facing potential spoliation sanctions.  And, those BYOD devices have potential R.O.T. in them too.  But, does your organization establish expectations for its employees with regard to defensible deletion of R.O.T. in BYOD devices?  And, before you ask “how much ESI could there be within a mobile device?”, it’s worth noting that the default retention period for texts in iPhones is forever.  So, it’s important to tie your BYOD policy to your records retention policy, establish expectation for employees in complying with both policies and follow-up to enforce adherence to both policies.  Otherwise, you could have a lot more data to potentially review during discovery.  Setting an expectation with employees up front that their BYOD device is subject to retention policies with regard to company data is more important than ever.

Document Thoroughly

To paraphrase the great American philosopher Tyler Durden, the first rule of defensible deletion is: Document Thoroughly. The second rule of defensible deletion is: Document Thoroughly.  Whatever your practices are, document them as thoroughly as possible. The more you do so, the less likely you’ll be on the hook for potential significant sanctions due to spoliation of ESI.  There is no way to totally eliminate the potential of spoliation of ESI when a duty to preserve hits your organization, but a thorough approach to documentation and an earnest effort to know when to hold ‘em and when to release ‘em will show the courts your organization is doing its best to meet its preservation obligations, while enabling it to minimize your organization’s R.O.T. to minimize exposure from a compliance perspective and reduce costs during discovery.

For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, feel free to follow, eDiscovery Today! And as part of the continued educational partnership between Ipro and eDiscovery Today, he’ll be here in the Ipro Newsroom next week with more educational content!

Stacks on Stacks: Survey Shows Increased FOIA Requests Still a Challenge

FOIA Requests Survey

Stacks on Stacks: Survey Shows Increased FOIA Requests Still a Challenge

JD Supra Readers Choice Top Author 2020Written by Jim Gill
Content Chief, Ipro

 

Today’s eDiscovery Blues cartoon gives a nod to our colleagues working in government agencies processing FOIA requests. By law, all federal agencies are required to respond to a FOIA request within 20 business days, unless there are “unusual circumstances.”

The number of requests per year has continued to rise over the past decade, with 858,952 requests in FY 2019 alone, according to the DOJ. Along with this rise in requests, comes an increase in data to search through. So not only are more requests coming in, there is a larger data landscape to sift through in order to find relevant documents.

FOIA Requests Survey

In a recent Ipro webinar series, we discussed various challenges with FOIA officers and analysts in order to take a look at what’s going on currently in the field. In our discussion on 7/29, we surveyed the audience and each question’s leading response points back either to the volume of requests or the need to narrow the scope of the request.

Biggest FOIA Challenges Within Agency

  • Volume of Requests: 40%
  • Responsiveness from Other Depts: 33%
  • Working Remote: 18%
  • Complex Redactions: 10%

Biggest Challenges Working with Requestors

  • Getting Requestor to Reduce Scope: 51%
  • Timely Response from IT: 34%
  • Clarifying Request from IT: 12%
  • We Manage Email Requests Just Fine: 2%

Biggest Challenges with FOIA Requests for Emails

  • Getting Requestors to Narrow Score: 39%
  • Expert vs. Novice: 33%
  • Requests for Expedited Treatment 25%
  • Requestor Appeals: 3%

 

Leveraging Technology for FOIA / PRR

Many agencies are still trying to meet these challenges with manual processes and off-the-shelf software combinations (such as Outlook, Excel, and Adobe). As data volumes and request volumes continue to grow, this becomes a daunting task at best, even if there were an increase in personnel.

This is where technology specifically designed to manage large datasets and quickly find responsive documents can make life much easier for FOIA officers.

Here are a few tools to consider:

De-Dupe / Near-Dupe

These are exactly what they sound like:

De-Duplication (or De-Dupe) identifies and removes duplicate documents on ingestion, greatly cutting down on the document count which must be searched.

A tool which finds Near-Duplicates (or Near-Dupe) uses analytics to find nearly identical documents. This tool can even identify the percentage of duplicate content and conduct side-by-side comparisons of documents, highlighting differences.

Email Threading

This is a tool that identifies email relationships (threads, people involved in a conversation, attachments, and duplicate emails) and groups them together as one coherent conversation. It also gives you the ability to locate the terminal email in a thread, which contains all previous emails leading to it. By looking at the terminal thread, it cuts down searching through multiple emails containing the same content.

Concept Clustering

Concept Clustering is true to its name. It visually groups documents into keyword groups or clusters, allowing you to quickly get an understanding of the data landscape, with the ability to make connections nearly impossible with linear review.

Connecting Directly to Data Sources

By connecting directly to data sources (such as an organization’s email servers, sharepoints, and messaging apps) it allows the FOIA officer direct access to data, rather than having to contact those departments or their IT and request data.

Redaction Tools

Rather than use off-the-shelf tools like Adobe to manually create redactions, the same tools used to search and cull documents, can also create redactions that remove the text under the redaction, run validations to make sure the redactions are burned in and the text is correct, and create layered redactions, so multiple production sets can be sent to multiple parties. They can even identify documents which may need another layer of review before they’re produced, similar to an email platform asking if you want to send without a subject line or if you’ve forgotten an attachment.

Conclusion

Even with the growing number of FOIA requests and the challenges highlighted in this survey, Government Agencies can easily meet the 20-day deadline by leveraging technology and taking advantage of some of the tools listed above, giving officers an edge when it comes to working through those towering stacks (whether they are paper or digital) coming into their inboxes.

In case you missed our 3-Part FOIA Webinar Series featuring expert practitioners discussing best practices, listen on-demand here!

 

3 Ways Corporate Legal Teams Can Control Outside Legal Spend

corporate outside legal spend

3 Ways Corporate Legal Teams Can Control Outside Legal Spend

According to a recent study by Complex Discovery, 88% of eDiscovery costs happen during the processing and review stages. Traditionally, these tasks are carried out by Alternative Legal Service Providers (ALSP) and outside law firms, giving in-house corporate teams little control over these costs.

However, forward-thinking legal teams are leveraging technology to reduce these outside costs, while gaining control over their data and workflow.

That’s why Ipro created a series of resources around the Top 3 Challenges for Corporate Legal Teams.

In this installment you’ll get a look into how Corporate Legal Teams Can Control Outside Legal Spend by: 

  • Bringing Processing In-House
  • Pre-Review Data Culling
  • Leveraging Technology for Internal Investigations

Download the overview today! And stay tuned for the third installment next week!

Top 3 Challenges for Corporate Legal Teams

 

Eight is Enough! Eight Considerations for Defensible Deletion, Part One

defensible deletion considerations

Eight is Enough!  Eight Considerations for Defensible Deletion, Part One
Written by Doug Austin, Editor of eDiscovery Today

Does anybody remember the late 70’s TV Series Eight is Enough about the Bradford family with eight children, starring Dick Van Patten? Or am I showing my age?

Regardless, “eight is enough” is a great phrase to sum up this week’s post.  As Jim Gill noted last week, a significant percentage of an organizations’ data is Redundant, Obsolete and Trivial (R.O.T.).  Defensible deletion of R.O.T. within your organization is key to minimizing exposure from a compliance perspective and reducing costs during discovery.  Over this post and the next one, I’ll discuss eight considerations for you to be prepared to minimize your organization’s R.O.T. effectively. Today, we’ll cover the first four considerations for defensible deletion.

Understand Why Its Important

To understand why getting rid of R.O.T. is so important, here are a few statistics for you to consider:

  • Every 2 days we create as much information as we did from the beginning of time until 2003. (TechCrunch);
  • If you burned all of the data created in just one day onto DVDs, you could stack them on top of each other and reach the moon – twice (SmartData Collective);
  • 90 percent of records, once filed, are never referred to again, and 95 percent of references are to records less than 3 years old (ARMA New Jersey);
  • 69 percent of organizational data has no legal or business value (Compliance, Governance and Oversight Council (CGOC) 2012 Survey);
  • Estimates show eDiscovery costs to be between $1.5 to $3 million per terabyte of stored information (InfoGov Basics).

Most of these statistics are old, by the way.  Do you think the problem has gotten better over the years?  I don’t.

Address the Changing Data Privacy Landscape

Another important reason for why getting rid of R.O.T. is so important are the increasing requirements placed upon essentially every organization due to strengthening privacy laws.  The European Economic Area (EEA), which is (by the way) larger than the European Union, implemented the General Data Protection Regulation (GDPR) in 2018 and California implemented the California Consumer Privacy Act (CCPA) this year.  Many other states and companies are implementing data privacy laws as well, which may or may not be similar to GDPR or CCPA.  And, you have regular challenges to implemented data privacy mechanisms, such as the Schrems II case that just resulted in invalidating the EU-US Privacy Shield.  With individuals having the right to access their own data and the right to be forgotten (among others), it’s more important than ever to minimize R.O.T. to minimize your organization’s exposure.

Get Stakeholder Buy-In

You can’t accomplish anything within an organization without buy-in from the stakeholders.  The best illustration of the relationship of stakeholders to the data within an organization that I know of can be found in EDRM’s Information Governance Reference Model (IGRM), which groups stakeholders into three categories, as follows:

  1. Business users who need information to operate the organization,
  2. IT departments who must implement the mechanics of information management, and
  3. Legal, risk, and regulatory departments who understand the organization’s duty to preserve information beyond its immediate business value.

Without stakeholder buy-in, any comprehensive plan to manage R.O.T. within your organization is doomed to fail.

Create an Organizational Data Map

You can’t get rid of R.O.T. if you don’t know where it is.  Data mapping is simply a mechanism for knowing where your information is stored.  Data could be located in enterprise-wide systems such as Sharepoint and Microsoft 365, or individual business systems used in departments, or in collections of custodians on their local drives.  It could even be located in cloud-based platforms or social media sites or Bring Your Own Device (BYOD) devices or employees and others.  Organizations use various tools to maintain data maps and they can range from as simple as an Excel spreadsheet to as complex as a SharePoint repository to track all changes to the data map.  Choose a solution suitable for your organization and keep your data map maintained and current.

I’ll discuss the remaining four considerations for defensible deletion next week. Another Ipro cliffhanger!

For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, feel free to follow, eDiscovery Today! And as part of the continued educational partnership between Ipro and eDiscovery Today, he’ll be here in the Ipro Newsroom next week with more educational content!