Collection

eDiscovery Tips: SaaS and eDiscovery – Top Considerations

 

There was an interesting article this week regarding Software as a Service (SaaS) and eDiscovery entitled Top 7 Legal Things to Know about Cloud, SaaS and eDiscovery on CIO Update.com, written by David Morris and James Shook from EMC.  The article, which relates to storage of ESI within cloud and SaaS providers, can be found here.

The authors note that “[p]roponents of the cloud compare it to the shift in electrical power generation at the turn of the century [1900’s], where companies had to generate their own electric power to run factories.  Leveraging expertise and economies of scale, electric companies soon emerged and began delivering on-demand electricity at an unmatched cost point and service level.”, which is what cloud components argue that the SaaS model is doing for IT services.

However, the decision to move to SaaS solutions for IT services doesn’t just affect IT – there are compliance and legal considerations to consider as well.  Because the parties to a case have a duty to identify, preserve and produce relevant electronically stored information (ESI), information for those parties stored in a cloud infrastructure or SaaS application is subject to those same requirements, even though it isn’t necessarily in their total control.  With that in mind, the article looks at key eDiscovery issues that must be addressed for organizations using public cloud and SaaS offerings for ESI, as follows (requirements in bold are quoted directly from the article):

  1. Where is ESI actually located when it is in the ethereal cloud or SaaS application?  It’s important to know where your data is actually stored.  Because SaaS providers are expected to deliver data on demand at any time, they may store your data in more than one data center for redundancy purposes.  Data centers could be located outside of the US, so different compliance and privacy requirements may come into play if there is a need to produce data from these locations.
  2. What are the legal implications of e-discovery in the cloud? Little case law exists on the subject, but it is expected that the responsibility for timely preservation, collection and production of the data remains with the organization at party in the lawsuit, even though that data may be in direct control of the cloud provider.
  3. What happens if a lawsuit is in the US but one company’s headquarters is in another country? Or what if the data is in a country where the privacy rules are different?  The article references one case – AccessData Corp. v. ALSTE Technologies GMBH , 2010 WL 318477 (D. Utah Jan. 21, 2010) – where the German company ALSTE cited German privacy laws as preventing it from collecting relevant company emails that were located in Germany (the US court compelled production anyway).  So, jurisdictional factors can come into play when cloud data is housed in a foreign jurisdiction.

This is too big a topic to cover in one post, so we’ll cover the other four eDiscovery issues to address in Monday’s post.  Let the anticipation build!

So, what do you think?  Does your company have ESI hosted in the cloud?  Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Trends: Facemail Unlikely to Replace Traditional Email

In a November post on eDiscoveryDaily, we reported that Facebook announced on November 15 that it’s rolling out a new messaging system, including chat, text messaging, status updates and email (informally dubbed “Facemail”) that would bring messaging systems together in one place, so you don’t have to remember how each of your friends prefers to be contacted.  Many have wondered whether Facemail would be a serious threat to Google’s Gmail, Yahoo Mail and Microsoft Live Hotmail, given that Facebook has a user base of 500 million plus users from which to draw.  And, there was considerable concern raised by eDiscovery analysts that Facebook plans to preserve these messages, regardless of the form in which they are generated, forever.

However, Facemail isn’t likely to replace users’ current email accounts, according to an online poll currently being conducted by the Wall Street Journal.  More than 61 percent of over 4,001 participants who have taken the poll so far said they wouldn’t use Facebook Messages as their primary email service.  18.4 percent of voters said that they would use it as their primary email, with 20.5 percent indicating that they were not sure.  You can cast your vote here.  I just voted, so these numbers reflect “up-to-the-minute” poll results (as of 5:52 AM CST, Wednesday, December 08, that is).

Facebook CEO Mark Zuckerberg envisions the Facemail model of email, instant messaging and SMS text messages as a simpler, faster messaging model than email’s traditional subject lines and carbon copies, which Zuckerberg considers to be “antiquated”.

Whether Facemail develops as a serious threat to Gmail, Hotmail or Yahoo Mail (or even Microsoft Outlook or Lotus Notes) remains to be seen.  However, at least a couple of industry analysts think that it could become a significant development.

“A powerful, unified presence manager would also enable the user to express how he’d like to communicate, and to manipulate that ‘how’ and ‘when’ availability to different types of contacts,” industry analyst David Card stated in a post on GigaOm.com.  “If Facebook establishes Messages as a user’s primary tool to manage presence across multiple communications vehicles, it would be an incredibly sticky app, with huge customer lock-in potential.”

Gartner analyst Matt Cain told eWEEK.com, “It will have little impact at first on the public portal email vendors because it is a barebones email service. But if Facebook makes it the equivalent of these other services, it will have a significant deleterious impact on competing email services”.

As stated in the earlier post, it’s important to have a social governance policy in place to not only address new mechanisms such as Facemail, but all social media mechanisms that might be in use by your employees.

So, what do you think?  Do you plan to consider using Facemail as your primary email service?  Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Trends: Facemail and eDiscovery

Email is dead.

So says Facebook founder Mark Zuckerberg.  “It’s too formal,” he declared, announcing his company’s new messaging service last week in San Francisco.

Facebook announced last week that it’s rolling out a new messaging system, including chat, text messaging, status updates and email (surprise!).  Zuckerberg touts it as a way of bringing messaging systems together in one place, so you don’t have to remember how each of your friends prefers to be contacted.  Will the integrated product (informally dubbed “Facemail”) that some have called “Gmail killer” be a serious threat to Gmail, MSN and Yahoo Mail?  Maybe.  With 500 million plus users, Facebook certainly has a head start towards a potentially large user base.

However, some caveats to consider from a business standpoint:

  1. Facemail messages will be clustered by sender instead of by subject, which they consider to be “antiquated”.  May be great from a social standpoint, but not so good when you need to follow the thread of a conversation with multiple people.
  2. Unified messaging is not an entirely new concept.  Just last year, Google introduced Google Wave, designed to “merge key features of media like e-mail, instant messaging, wikis, and social networking”.  Earlier this year, Google announced plans to scrap Google Wave after it failed to gain a significant following.  It will be interesting to see whether Facebook can succeed where Google failed.
  3. From an eDiscovery perspective, the potential concern is that Facebook plans to preserve these messages, regardless of the form in which they are generated, forever.  So, if your company has a retention policy in place, these communications will fall outside of that policy.

Is it time to panic?  It might be tempting to overreact and ban the use of Facemail and other outside email and social media sites, but that seems impractical in today’s social media climate.

A better approach is to have a policy in place to govern use of outside email, chat and social media that covers what employees should do (e.g., act responsibly and ethically when participating in online communities), what employees should not do (e.g., disclose confidential information, plagiarize copyrighted information, etc.) and the consequences for violating the policy (e.g., lost customers, firings, lawsuits, etc.).  We will talk more about a social governance policy in an upcoming post.  In the meantime, here is a reference to our September post for information on requesting information from Facebook via civil subpoena.

So, what do you think?  Does your company have a social governance policy?  Please share any comments you might have or if you’d like to know more about a particular topic.

P.S. – So, what happened to the architect behind Google Wave, Lars Rasmussen?  He just joined Facebook.  Interesting, huh?  🙂

eDiscovery Trends: Sedona Conference Commentary on Proportionality

 

Last month, The Sedona Conference® made available its Commentary on Proportionality in Electronic Discovery, which is a project of The Sedona Conference Working Group on Electronic Document Retention & Production (WG1).  The commentary is initially being published as a "public comment version", giving participants in the legal industry an opportunity to provide comments that the editors will review and incorporate edits where appropriate into the final version.  A copy of the PDF publication can be downloaded here.

The commentary discusses the origins of the doctrine of proportionality, provides examples of its application and proposes principles for guidance, providing “a framework for the application of the doctrine of proportionality to all aspects of electronic discovery”.  Among other things, the publication identifies six Principles of Proportionality intended to provide that framework, using existing (Federal) rules and case law to support each principle.  These common-sense principles are:

  1. The burdens and costs of preservation of potentially relevant information should be weighed against the potential value and uniqueness of the information when determining the appropriate scope of preservation.
  2. Discovery should generally be obtained from the most convenient, least burdensome, and least expensive sources.
  3. Undue burden, expense, or delay resulting from a party’s action or inaction should be weighed against that party.
  4. Extrinsic information and sampling may assist in the analysis of whether requested discovery is sufficiently important to warrant the potential burden or expense of its production.
  5. Nonmonetary factors should be considered when evaluating the burdens and benefits of discovery.
  6. Technologies to reduce cost and burden should be considered in the proportionality analysis.

After stating the six principles above, the commentary goes on to discuss specific rules and case law that supports issues to consider such as the availability of information from other sources, waiver and undue delay, and burden versus benefit.  It then goes on to discuss the existing rules and case law that supports each principle.

To submit a public comment, you can download a public comment form here, complete it and fax(!) it to The Sedona Conference® at 928-284-4240.  If, like me, you’re opposed to using 1990s technology to submit your comments, the publication also notes that you can also submit feedback by emailing them at rgb@sedonaconference.org.

So, what do you think?  Have you encountered any cases where proportionality of discovery requests are at issue? Please share any comments you might have or if you’d like to know more about a particular topic.

Thought Leader Q&A: Brad Jenkins of Trial Solutions

 

Tell me about your company and the products you represent. Trial Solutions is an electronic discovery software and services company in Houston, Texas that assists corporations and law firms in the collection, processing and review of electronic data. Trial Solutions developed OnDemand™, formerly known as ImageDepot™, an online e-discovery review application which is currently used by over fifty of the top 250 law firms including seven of the top ten.  Trial Solutions also offers FirstPass™, an early case assessment and first-pass review application.  Both applications are offered as a software-as-a-service (SaaS), where Trial Solutions licenses the applications to customers for use and provides access via the Internet. Trial Solutions provides litigation support services in over 90 metropolitan areas throughout the United States and Canada.

What do you see as emerging trends for eDiscovery SaaS solutions?  I believe that one emerging trend that you’ll see is simplified pricing.  Pricing for many eDiscovery SaaS solutions is too complex and difficult for clients to understand.  Many providers base pricing on a combination of collection size and number of users (among other factors) which is confusing and penalizes organizations for adding users into a case,  I believe that organizations will expect simpler pricing models from providers with the ability to add an unlimited number of users to each case.

Another trend I expect to see is provision of more self-service capabilities giving legal teams greater control over managing their own databases and cases.  Organizations need the ability to administer their own databases, add users and maintain their rights without having to rely on the hosting provider to provide these services.  A major self-service capability is the ability to load your own data on your schedule without having to pay load fees to the hosting provider.

Why do you think that more eDiscovery SaaS solutions don’t provide a free self loading capability?  I don’t know.  Many SaaS solutions outside of eDiscovery enable you to upload your own data to use and share via the Web.  Facebook and YouTube enable you to upload and share pictures and videos, Google Docs is designed for sharing and maintaining business documents, and even SalesForce.com allows you to upload contacts via a comma-separated values (CSV) file.  So, loading your own data is not a new concept for SaaS solutions.  OnDemand™ is about to roll out a new SelfLoader™ module to enable clients to load their own data, for free.  With SelfLoader, clients can load their own images, OCR text files, native files and metadata to an existing OnDemand database using an industry-standard load file (IPRO’s .lfp or Concordance’s .opt) format.

Are there any other trends that you see in the industry?  One clear trend is the rising popularity in first pass review/early case assessment (or, early data assessment, as some prefer) solutions like FirstPass as corporate data proliferates at an amazing pace.  According to International Data Corporation (IDC), the amount of digital information created, captured and replicated in the world as of 2006 was 161 exabytes or 161 billion gigabytes and that is expected to rise more than six-fold by 2010 (to 988 exabytes)!  That’s enough data for a stack of books from the sun to Pluto and back again!  With more data than ever to review, attorneys will have to turn to applications to enable them to quickly cull the data to a manageable level for review – it will simply be impossible to review the entire collection in a cost-efficient and timely manner.  It will also be important for there to be a seamless transition from first pass review for culling collections to attorney linear review for final determination of relevancy and privilege and Trial Solutions provides a fully integrated approach with FirstPass and OnDemand.

About Brad Jenkins
Brad Jenkins, President and CEO of Trial Solutions, has over 20 years of experience leading customer focused companies in the litigation support arena. Brad has authored many articles on litigation support issues, and has spoken before national audiences on document management practices and solutions.

Thought Leader Q&A: Alon Israely of BIA

 

Tell me about your company and the products you represent.  BIA is a full solution E-Discovery provider. Our core competencies are around E-Discovery Collections and Processing, but we offer the full spectrum of services around E-Discovery.   For almost a decade, BIA has been developing and implementing defensible, technology driven solutions that reduce the costs and risks related to litigation, regulatory compliance and internal audits.  BIA provides software and services to Fortune 1000, Global 2000 companies and Am Law 100 law firms. We are headquartered in New York City, and have offices in San Francisco, Seattle, Washington DC and in Southwest Michigan. We also maintain digital evidence response units throughout the United States, Europe, Asia, and the Middle East.

BIA’s products are defensible and cost effective, offering defensible remote collections with DiscoveryBOT™, fast e-discovery processing with our TD Grid system and automated and secure legal hold software with Solis™.  For more about BIA’s product, click here.

What is the best way for lawyers and litigation support professionals to take control of their eDiscovery?  The best way for litigation support professionals to take control of their e-discovery is to scope projects correctly.  It is important to understand that not one size fits all in e-discovery.  That is, there are many tools and service providers out there – it is important to focus (at the beginning) on what needs to be accomplished from a legal and IT perspective first and then to determine which technologies and methods fit that strategy best. 

What is a good way to achieve predictability in eDiscovery costs?  Most of the cost analysis that exists in e-discovery today is focused on the Review side, where the data has already been collected and perhaps culled. Yet, there are still too many documents, where most of the documents are not responsive. With a focus on the left side of the EDRM, e-discovery costs are visible early on in the process.  For example, using a good (light-touch) collection tool and method to lock data down is one of the best ways to control e-discovery costs – that is, doing the right collection early-on and getting the right metrics from those collections, allow you to analyze that data (even at a high-level without incurring processing and other costs) which can then help can help the attorneys and the institutional client determine costs early in the process, and in a more predictable manner.

Is there a way to perform self collection in a defensible manner?  Yes.  Use the right tools and methods and importantly, have those tools and methods vetted (reviewed and approved) by e-discovery collection professionals.  Defensible self-collections do NOT mean that the custodian or the IT people are left to perform the collection on their own without the right plan behind them.  There are best-practices that should be followed and there are some tools that maintain the integrity of the data.  Make sure that those best practices and tools are used (having been scoped correctly – see response above) by professionals or at least used by staff and peer-reviewed or monitored by professionals.  Also, rely on custodians for good ESI identification – that is, the custodians (users) usually know better than anyone where they maintain records – so, using custodian questionnaires early-on will help inform those systems which will be most relevant – which goes to diligence (an important factor in defensible collections).  Also then the professional can work in tandem with the custodian to gather the data in a manner which will ensure the evidentiary integrity of the data.  At BIA we have been following those methods for years and have been very successful with our clients, the Courts and Opposing parties, at defending those ways of identifying and collecting ESI.

What is the importance of the left side of the EDRM model?  The left side is where it all starts with e-discovery – that is, ESI collections are usually the most affordable parts of the overall e-discovery process and are arguably the most important – that is, “garbage in/garbage-out.”  Because the subsequent parts of the e-discovery process (i.e., the “right-side of the EDRM”) rely on the data identified and gathered in the early parts of the process, it is imperative that those tasks and activities performed for the “left side of EDRM” are done in the correct manner – that is, maintaining the evidentiary integrity of the data collected.  Also, the left side of the EDRM includes preserving data and notifying custodians of their obligations to preserve – which is a piece critical to defensible e-discovery – especially in light of Pension Committee and some other recent cases.  As for the money piece, the left side of the EDRM is an area where much of the planning can occur for the rest of the process without incurring substantial costs – that planning goes a long way to ascertaining the real costs and timing with respect to the remainder of the e-discovery process.

About Alon Israely

Alon Israely has over fifteen years of experience in a variety of advanced computing-related technologies. Alon is a Senior Advisor in BIA’s Advisory Services group and currently oversees BIA’s product development for its core technology products. Prior to BIA, Alon consulted with law firms and their clients on a variety of technology issues, including expert witness services related to computer forensics, digital evidence management and data security. Prior to that, he was a senior member of several IT teams working on projects for Fortune 500 companies related to global network architecture and data migrations projects for enterprise information systems. As a pioneer in the field of digital evidence collection and handling, Alon has worked on a wide variety of matters, including several notable financial fraud cases; large-scale multi-party international lawsuits; and corporate matters involving the SEC, FTC, and international regulatory boards.  Alon holds a B.A. from UCLA and received his J.D. from New York Law School with an emphasis in Telecommunications Law. He is a member of the New York State Bar as well as several legal and computer forensic associations.

Reporting from the EDRM Mid-Year Meeting

 

Launched in May 2005, the Electronic Discovery Reference Model (EDRM) Project was created to address the lack of standards and guidelines in the electronic discovery market.  Now, in its sixth year of operation, EDRM has become the gold standard for…well…standards in eDiscovery.  Most references to the eDiscovery industry these days refer to the EDRM model as a representation of the eDiscovery life cycle.

At the first meeting in May 2005, there were 35 attendees, according to Tom Gelbmann of Gelbmann & Associates, co-founder of EDRM along with George Socha of Socha Consulting LLC.  Check out the preliminary first draft of the EDRM diagram – it has evolved a bit!  Most participants were eDiscovery providers and, according to Gelbmann, they asked “Do you really expect us all to work together?”  The answer was “yes”, and the question hasn’t been asked again.  Today, there are over 300 members from 81 participating organizations including eDiscovery providers, law firms and corporations (as well as some individual participants).

This week, the EDRM Mid-Year meeting is taking place in St. Paul, MN.  Twice a year, in May and October, eDiscovery professionals who are EDRM members meet to continue the process of working together on various standards projects.  EDRM has eight currently active projects, as follows:

  • Data Set: provides industry-standard, reference data sets of electronically stored information (ESI) and software files that can be used to test various aspects of eDiscovery software and services,
  • Evergreen: ensures that EDRM remains current, practical and relevant and educates about how to make effective use of the Model,
  • Information Management Reference Model (IMRM): provides a common, practical, flexible framework to help organizations develop and implement effective and actionable information management programs,
  • Jobs: develops a framework for evaluating pre-discovery and discovery personnel needs or issues,
  • Metrics: provides an effective means of measuring the time, money and volumes associated with eDiscovery activities,
  • Model Code of Conduct: evaluates and defines acceptable boundaries of ethical business practices within the eDiscovery service industry,
  • Search: provides a framework for defining and managing various aspects of Search as applied to eDiscovery workflow,
  • XML: provides a standard format for e-discovery data exchange between parties and systems, reducing the time and risk involved with data exchange.

This is my fourth year participating in the EDRM Metrics project and it has been exciting to see several accomplishments made by the group, including creation of a code schema for measuring activities across the EDRM phases, glossary definitions of those codes and tools to track early data assessment, collection and review activities.  Today, we made significant progress in developing survey questions designed to gather and provide typical metrics experienced by eDiscovery legal teams in today’s environment.

So, what do you think?  Has EDRM impacted how you manage eDiscovery?  If so, how?  Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Project Management: Data Gathering Plan, Schedule Collection

We’ve already covered the first step of the data gathering plan:  preparing a list of data sources of potentially relevant materials and identifying custodians.  Now let’s fill out the plan.  Here’s a step-by-step approach:

  • Determine who will gather the data.  You need an experienced computer expert who has specialized tools that collect data in a way that preserves its integrity and who can testify – if needed – regarding the processes and tools that were used.
  • For each data source on your list, identify where the data is located.  You should interview custodians to find out what computers, storage devices, communications devices and third party service providers they use.
  • For each data source on your list, identify what type of data exists.  You should interview custodians to find out what software programs they use to generate documents and the types of files they receive.  This list will get filled out further as you start looking at data, but getting this information early will give you a good feel for what to expect and will also give you a heads up on what may be required for processing and reviewing data.
  • Next, put together a schedule for the collection effort.  Determine the order in which data will be collected and assign dates to each data source.  Work with your client to build a schedule that causes minimal disruption to business operations.
  • Notify custodians in advance of when you’ll be working with their data and what you’ll need from them.

Once your schedule is in place, you’ll be able to start planning and scheduling subsequent tasks such as processing the data.

In our next eDiscovery Project Management blog, we’ll talk about documented procedures.  We’ll cover why they are important and I’ll give you some tips for preparing effective procedures.

So, what do you think?  What do you include in your data gathering plans?  Please share any comments you might have or tell us if you’d like to know more about a particular topic.

eDiscovery Project Management: Data Gathering Plan, Identify Data Sources

 

One of the first electronic discovery tasks you’ll do for a case is to collect potentially responsive electronic documents from your client.  Before you start that collection effort, you should prepare a data-gathering plan to ensure that you are covering all the bases.  That plan should identify the locations from which data will be collected, who will collect the data, and a schedule for the collection effort.

Learn about Your Client

First, you need information from your client that is aimed at identifying all the possible locations and custodians of responsive data.  Some of this information may be available in written form, and some is best gleaned by interviewing client employees.   

Start by looking at:

  • Organization charts to identify potential custodians.
  • Organization charts for the IT and Records Management departments so you’ll know what individuals have knowledge of the technology that is used and how and where data is stored.
  • Written policies on computer use, back-ups, record-retention, disaster recovery, and so on.

To identify all locations of potentially relevant data, interview client employees to find out about:

  • The computer systems that are used, including hardware, software, operating systems and email programs.
  • Central databases and central electronic filing systems.
  • Devices and secondary computers that are used by employees.
  • Methods that employees use for communicating including cell phones, instant messaging, and social networking.
  • Legacy programs and how and where legacy data is stored.
  • What happens to the email and documents of employees that have left the organization.
  • Third party providers that store company information.

Once you’ve done your homework and learned what you can from your client, compile a list of data sources of potentially relevant materials.  To compile that list, you should get input from:

  • Attorneys who are familiar with the issues in the case and the rules of civil procedure.
  • Technical staff who understand how data is accessed and how and where data is stored
  • Records management staff who are familiar with the organization’s record retention policies
  • Client representatives who are experts in the subject matter of the litigation and familiar with the operations and business units at issue. 

Once you’ve got your list of data sources, you’re ready to put together the data-gathering plan. 

So, what do you think?  Do you routinely prepare a data-gathering plan?  Have you had problems when you didn’t?  Please share any comments you might have or tell us if you’d like to know more about a particular topic.

Announcing eDiscovery Thought Leader Q&A Series!

 

eDiscovery Daily is excited to announce a new blog series of Q&A interviews with various eDiscovery thought leaders.  Over the next three weeks, we will publish interviews conducted with six individuals with unique and informative perspectives on various eDiscovery topics.  Mark your calendars for these industry experts!

Christine Musil is Director of Marketing for Informative Graphics Corporation, a viewing, annotation and content management software company based in Arizona.  Christine will be discussing issues associated with native redaction and redaction of Adobe PDF files.  Her interview will be published this Thursday, October 14.

Jim McGann is Vice President of Information Discovery for Index Engines. Jim has extensive experience with the eDiscovery and Information Management.  Jim will be discussing issues associated with tape backup and retrieval.  His interview will be published this Friday, October 15.

Alon Israely is a Senior Advisor in BIA’s Advisory Services group and currently oversees BIA’s product development for its core technology products.  Alon will be discussing best practices associated with “left side of the EDRM model” processes such as preservation and collection.  His interview will be published next Thursday, October 21.

Chris Jurkiewicz is Co-Founder of Venio Systems, which provides Venio FPR™ allowing legal teams to analyze data, provide an early case assessment and a first pass review of any size data set.  Chris will be discussing current trends associated with early case assessment and first pass review tools.  His interview will be published next Friday, October 22.

Kirke Snyder is Owner of Legal Information Consultants, a consulting firm specializing in eDiscovery Process Audits to help organizations lower the risk and cost of e-discovery.  Kirke will be discussing best practices associated with records and information management.  His interview will be published on Monday, October 25.

Brad Jenkins is President and CEO for Trial Solutions, which is an electronic discovery software and services company that assists litigators in the collection, processing and review of electronic information.  Brad will be discussing trends associated with SaaS eDiscovery solutions.  His interview will be published on Tuesday, October 26.

We thank all of our guests for participating!

So, what do you think?  Is there someone you would like to see interviewed for the blog?  Are you an industry expert with some information to share from your “soapbox”?  If so, please share any comments or contact me at daustin@trialsolutions.net.  We’re looking to assemble our next group of interviews now!