Electronic Discovery

Two Out of Three Companies Haven’t Reviewed Their Breach Preparedness Plans: Cybersecurity Trends

The singer Meat Loaf (real name Marvin Lee Aday) had a song once called Two Out of Three Ain’t Bad. Well, in this case, it is.  According to a new study, many companies haven’t updated their data breach plans since developing them, report a lack of adequate employee training on data protection, and still haven’t figured out how to guard cloud services and mobile devices.

As reported by Legaltech® News (Two Out of Three Companies Haven’t Reviewed Their Breach Preparedness Plans, Study Says, written by Sue Reisinger), a study of global companies also found that just over half of professionals believed their C-suite executives knew the company’s plan to deal with a breach.  The “Seventh Annual Study: Is Your Company Ready for a Big Data Breach?” was sponsored by Experian Data Breach Resolution and conducted by Ponemon Institute.

“I was surprised that two out of three respondents said they haven’t reviewed or updated their data breach preparedness plans,” said Michael Bruemmer, vice president of data breach resolution and consumer protection at Experian. “Preparedness plans can’t be a binder on a shelf that are not active and fluid plans. They should be reviewed and updated at least on a yearly basis.”

Bruemmer said a main takeaway from the report for general counsel is that “their clients are not preparing enough by practicing [data breach drills] and updating their response plans. They should work with clients to ensure this piece is a well-oiled machine.”

The study showed that 55% of respondents believed their C-suite executives knew the company’s plan to deal with a breach, but Bruemmer said the number should be higher. He recommended that general counsel make sure the CEO and C-suite “are knowledgeable and prepared for a data breach response. We have witnessed many leaders ill-equipped to handle the consumer response after a data breach.”

Here are some other notable study findings:

  • About 36% of respondents reported their organization had a ransomware attack last year with only 20% feeling confident in their ability to deal with it. The average ransom was $6,128 and 68% of respondents say it was paid.
  • Spear phishing attacks are pervasive, with 69% of respondents reporting one or more attacks and 67% saying the negative consequences of these attacks were very significant. Bruemmer called these threats “rudimentary at this point, and … a strong employee training program against these attacks [is] a must.”
  • Some 68% of respondents said their company has put more resources toward security technologies to detect and respond quickly to a breach. Still data breaches are increasing, with significantly more organizations reporting data breaches than ever before. “Consequently, confidence levels among executives to thwart spear phishing and other common attacks have declined,” according to the report.
  • More organizations at 54% report they have a high ability to comply with the European Union’s General Data Protection Regulation, compared with only 36% a year ago.

You can download a copy of the study from the Experian web site here.

So, what do you think?  Are you surprised by any of these findings?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Image Copyright © Page Six

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

EDRM Announces Five New Projects: eDiscovery Best Practices

Did anybody doubt that EDRM under the leadership of Mary Mack and Kaylee Walstad was going to be doing BIG things?  If you did doubt it, here’s an announcement that signals that EDRM will be busy creating and improving frameworks, resources and standards within the eDiscovery community.

Last week, EDRM announced five new projects and is seeking new contributors for them.  They are:

Data Sets: This new project is being championed by Cash Butler, founder of Clarilegal, and is seeking project participants. “Everyone still tests and demonstrates with the very old and familiar data set that is comprised primarily of Enron email and attachment data,” claims Cash Butler. “A new modern data set needs to be created that is focused on modern data types as well as email. Slack, Snapchat, Instagram, text messaging, GPS and many other data types that are needed for testing and demonstrating how they process and present in a useful way. In addition, to creating the new data set we will also look to form a framework for community members to easily add, curate and update the data set to stay current.”

One word: Hallelujah!  We’ve needed new up-to-date data sets for years to replace the old Enron set, so I’m hopeful this team will make it happen.

Processing Specifications: John Tredennick, founder of Merlin Legal Open Source Foundation is championing this project with the help of co-trustees Craig Ball, president, Craig D. Ball P.C. (who recently created a processing primer) and Jeffrey Wolff, director of eDiscovery services and principal architect, ZyLAB. The Processing Specifications project will run in parallel with the Merlin Foundation’s programming project for processing.

Data Mapping: Eoghan Kenny, associate, senior manager data projects and Rachel McAdams (no, not her), data projects, at A & L Goodbody, Ireland are championing this project, which the need has arisen due to the new SEAR Act (senior executive accountability regime) to help provide frameworks around who is responsible for what data and where it resides. “The importance of data mapping has grown enormously in Europe – not just for GDPR and investigation purposes, but also to help organizations deal with the increasingly active regulatory environment,” says Kenny. “However, most of our clients struggle with data mapping as it is a new concept to most organizations, with no clear business owner, that often sits in limbo between the “business” and “IT”! The goals of this project are to build frameworks for data mapping exercises, and provide clear guidelines on what the process should look like, because the better an organization understands its data, the cheaper it is to comply with any discovery or investigation obligations.”

State eDiscovery Rules: Suzanne Clark, discovery counsel at eDiscovery CoCounsel and Janice Yates, senior e-discovery consultant at Prism Litigation are co-championing this project and how the State Rules relate to the eDiscovery Federal rules in place. The vision for the State eDiscovery Rules project is to provide a starting point for attorneys to quickly reference the rules in different states and compare and contrast to the federal rules with the various state rules relating to eDiscovery. For example, if an attorney is involved with a case in a state where they are not accustomed to practicing, this EDRM resource will allow them to quickly get up to speed on that state’s rules, where they differ and where they align with the federal rules. “The project work happening at the EDRM is impressive,” says Suzanne Clark. “The time and talent that the project leads and participants donate to the cause of advancing eDiscovery knowledge and good practices will surely serve to advance the industry and legal practice in the discovery realm.”  The project will start with Florida and Michigan and are looking for more contributors from other states.

I look forward to this as we need an up to date resource here – I’m not sure that the ones I’ve covered in the past are being actively updated.

Pro Bono: This project was just launched and has had an overwhelming reach out from people in every area, attorneys, paralegals (and associations), litigation support professional, service providers, platforms, corporations and those in need. We are still seeking assistance as the need for access to justice is great. Stewarded by BDO director, George Socha and HB Gordon, eDiscovery manager for the Vanguard Group, the Pro Bono project will create subgroups to accelerate providing eDiscovery services to those in need.

As the announcement notes, projects, both ongoing and newly initiated, will be advanced at the EDRM Summit/Workshop 2020 at Duke University School of Law, June 24-26. I’ll have more to say about that as we get closer to it, but it certainly sounds like it will be very busy!  I’m certainly planning to be there!

So, what do you think?  Are you interested in participating in EDRM?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Top Ten Tips for Working with eDiscovery: eDiscovery Best Practices

I stumbled across a post in our blog that Tom O’Connor did over a year ago to conclude his series titled Will Lawyers Ever Embrace Technology?  As usual, Tom did a great job and, in this post, he offered his top ten tips for working with eDiscovery.  Tom provided a top ten list terrific enough to make David Letterman proud, but I thought the list could use some additions – in the form of links to resources for the items.  Here goes!

As a reminder, here are the top ten tips from Tom’s post:

  1. Read the Rules
  2. Read the Decisions
  3. Know the Terms
  4. Know Where Your Data Is
  5. Talk to The IT Department
  6. Talk to The Records Management People
  7. Make a Records Management Policy
  8. Make A Litigation Hold Policy
  9. Enforce the Litigation Hold Policy
  10. Meet with Your Client’s Inside Counsel

Let’s take them one (or sometimes two) at a time.

Read the Rules: As Tom notes, the Federal Rules of Civil Procedure (FRCP) lay out the framework for your obligations in handling eDiscovery, but many states have rules that may differ from the FRCP.  Not only that, but the FRCP is comprised of a lot of rules which don’t necessarily have to do with eDiscovery.  So, which ones do you need to know?  There are two notable Rules updates that have significant eDiscovery impact: the 2006 and 2015 updates.  Fortunately, we covered them both in our webcast titled What Every Attorney Should Know About eDiscovery in 2017, which (as you can tell by the title) is three years old now (but still relevant for this topic).  You can click on the webcast to get access to the slides (via the attachments link) if you don’t want to sit through the hour-long webcast.  As for states rules, K&L Gates has a listing of states that have enacted eDiscovery rules (not all of them have), so you can check your state (and other states) here.

Read the Decisions: To find decisions related to eDiscovery, you can find plenty of those right here on the eDiscovery Daily blog – for free!  We’re up to 734 lifetime case law related posts, covering 566 unique cases since our inception back in 2010.  You can see them all here or wind them down year by year here.  If you want even more decisions (1,500 to 2,000 a year, not to mention other terrific resources), you can find those at our go to site for case law – eDiscovery Assistant.

Know the Terms: Tom notes in his post the importance of knowing the terms and even provides a terrific resource – The Sedona Conference – for a great terms list, which was just updated and we covered it and how to get it here!

Know Where Your Data Is: When it comes to knowing where your data is, a data map comes in really handy.  And, with GDPR and other factors emphasizing data privacy, that’s more important than ever.  Here are several templates to get started.

Talk to The IT Department: Tom says “You’re Lewis and Clark, they’re Sacajawea. You cannot…absolutely cannot…navigate without them.”  Knowing the terms and understanding data maps (see previous two paragraphs) will help bridge the communication gap and help here too.

Talk to the Records Management People and Make a Records Management Policy: Records Management is a term that has been around for a long time.  A more recent term that has become synonymous is Information Governance.  eDiscovery Daily has over 200 posts related to Information Governance, including this seven blog post series from Tom here.  Enjoy!

Make A Litigation Hold Policy and Enforce the Litigation Hold Policy: We’ve covered the topic of litigation holds several times as well during the almost 9 1/2 years of the blog, including these two posts (recently updated) where we discuss several things you need to consider when implementing your own litigation hold.  It’s also worth noting that a platform that automates tracking litigation holds, like CloudNine Review™ (shameless plug warning!), can make it easier.

Meet with Your Client’s Inside Counsel: With all of the info you learned above, you’re well equipped to (as Tom puts it) “discuss all of the above”.  One more thing that can help is understanding topics that can be covered during the meet and confer that will benefit both you and your client.  Here’s a webcast that will help – again, you can click on the webcast to get access to the slides (via the attachments link) if you don’t want to sit through the hour-long webcast.

One more thing that Tom notes in his post is that “eDiscovery is a process comprised of separate distinct stages, any one of which may have specific software available for that stage” and that’s very true.  Certainly, that’s true at CloudNine, where, in addition to our Review product mentioned above, we also have a product that collects data from O365 and One Drive (CloudNine Collection Manager™), an Early Data Assessment platform (CloudNine Explore™), a processing and production platform known as the “swiss-army knife of eDiscovery” (CloudNine LAW™) and a tried and true desktop review platform (CloudNine Concordance®).  There are as many workflows as there are organizations conducting eDiscovery and getting the most out of software products available from CloudNine or other providers to maximize your own workflow is key to succeeding at eDiscovery.  Work with your software provider (whoever they are) to enable them to help maximize your workflow.  Help us help you!  :o)

So, what do you think?  Are you familiar with all of these resources?  If not, now you can be!  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

The Sedona Conference Has an Updated Glossary (Again): eDiscovery Best Practices

Just when I need a topic for a Monday, The Sedona Conference® (TSC) delivers!  Last Friday, TSC and its Technology Resource Panel announced the publication of The Sedona Conference Glossary, eDiscovery & Digital Information Management, Fifth Edition.

This Fifth Edition, encompassing 130 pages and nearly 800 definitions, reflects the rapid expansion of privacy and data security laws and regulations. It incorporates new definitions related to Big Data, GDPR, and the science of Technology-Assisted Review; deletes outdated terms; and updates others in response to evolving technology and case law.  From “30(b)(6)” and “Ablate”, which is to burn laser-readable “pits” into the recorded layer of optical disks, DVD-ROMs and CD-ROMs (obvy!) to “Zombie Cookies” and “Zone OCR”, this Glossary covers it all.

Do you know what “Basic Input Output System (BIOS)” is?  How about a “Data Lake”?  Or the Federal Information Processing Standards (FIPS)?  What about “Harvesting”? (which can be done any time of year, by the way).  Do you know for which term “Make-Available Production” is synonymous?  Do you know what “Sentiment Analysis” is?  No, it has nothing to do with studying romantic movies. Do you know what “Thread Suppression” is?  Those, and many more, definitions are in this Glossary.

As I noted above, this is the Fifth(!) edition of the glossary.  The original was all the way back in May 2005 and there have been subsequent editions in December 2007, September 2010 and April 2014.

You can download a copy of the Glossary here (login required, which is free).

So, what do you think?  Are you up on your electronic discovery terms?  If not, now you can be!  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Whee! Here’s the First Salary Survey from Women in eDiscovery!: eDiscovery Trends

Earlier this week, Women in eDiscovery (WiE) announced the results of its first ever salary survey!  Let’s take a look.

WiE conducted the 2019 Salary Survey between September 17th and September 27th, 2019, and received 400+ responses from men and women internationally in the eDiscovery industry. Of those responses, 93% of respondents identified as women, and the graphs and information depicted in their report are specific to that 93% who identified as women. The intention was to provide insight into experience, titles, compensation, and benefits specific to women in the eDiscovery industry.

WiE’s survey report provides information on skills, certificates and experience that women may need to advance their eDiscovery careers. It also identifies current trends and compensation, specific to women, which will assist hiring managers to make more informed decisions. WiE intends on releasing the survey annually, allowing for comparative analyses over the years.

“Women in eDiscovery is pleased to provide our first compensation survey for eDiscovery and legal professionals,” says Beth Finkle, executive director, Women in eDiscovery (quoted in this article from Legal IT Professionals). “It provides a unique comparison of salaries, bonuses, job skills, job levels, geographic factors and other industry trends in the eDiscovery and legal sectors.”

“The survey was fully anonymous, with no identifiable data gathered. The questions were designed to minimize response time, while still providing meaningful insights across eDiscovery and legal professionals. We want to thank a handful of WiE members that helped the executive directors formulate the survey and to the legal community who participated in the survey,” continued Finkle.

A couple of notable stats from the eight-page report, which is available here:

  • 84% of respondents work primarily in-office vs. remotely. For the 16% of respondents who answered that they work primarily remotely, California, Arizona, and Texas were the 3 states with the most remote workers.
  • Review Platform Certifications were consistently the top certifications held across job titles with the exceptions of Law Clerks and Paralegal/Legal Assistants, for which Paralegal Certifications was the top certification (both at 19% of total respondents). 12% of respondents held the ACEDS Certification and only 5% of respondents held a Project Management Certification, even though it was the top task performed across all job titles.

The report is chock-full of infographics (have I told you lately how much I love infographics?), especially with regard to compensation, so check it out!

Here’s a Friday bonus link not related to anything eDiscovery related.  Do you ever have trouble guessing who the villain is in some movies?  Here’s a clue for you that may make it easier.  Enjoy!  :o)

So, what do you think?  Do you wonder where you stand in your profession, compensation-wise?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Plaintiff Tells Defendant “File Motion to Compel”, Defendant Does and Wins: eDiscovery Case Law

In White v. Relay Res. & Gen. Servs. Admin., NO. C19-0284-JCC (W.D. Wash. Feb. 14, 2020), Washington District Judge John C. Coughenour granted the defendant’s motion to compel, requiring the plaintiff to provide documents responsive to the defendant’s requests for production, provide the information requested in each interrogatory and provide initial disclosures and that “[f]ailing to provide this information may result in sanctions under Rule 37, including dismissal of the matter.”

Case Background

In this employment discrimination claim against the defendant where the plaintiff alleged the defendant discriminated against her because she is deaf, the defendant served 31 requests for production and 13 interrogatories on the plaintiff in November 2019.  The plaintiff responded to these requests about a month later, objecting to the requests for production on various grounds and failing to indicate whether she was withholding responsive documents.  In response to the interrogatories, the plaintiff raised broad objections and did not provide any of the requested information, indicating in each response that she would later provide the requested information if it was “relevant” to responding the interrogatory.  The defendant also claimed that the plaintiff did not produce initial disclosures.

The defendant attempted to meet and confer with the plaintiff two days after receiving her responses, expressing concern with sufficiency of her responses and offering an extension for the plaintiff to supplement her responses.  The defendant also requested an in-person meeting to attempt to resolve the discovery dispute, but the plaintiff refused to meet outside the State of Virginia and also refused a teleconference, stating that she did “not have any line of communication open except emails and written communication.”  So, the defendant proceeded to email the plaintiff specific examples of its “serious concerns regarding the insufficiency of [her] responses.” The plaintiff then supplemented her responses to the requests for production with three screenshots of email correspondence between the plaintiff and the defendant’s employees about benefits, as well as a scanned page from a yearbook.  In response, the defendant informed the plaintiff that if she did not provide responsive documents or answers to its interrogatories by the extended deadline, it had no choice but to file a motion to compel with the Court.  Instead of further supplementing her responses, the plaintiff replied, “Ok. File Motion to Compel.”

Judge’s Ruling

Judge Coughenour first noted that “although the parties did not meet in person or have a telephone conference, Defendant made a good faith effort to satisfy the meet-and-confer requirement before filing the instant motion to compel. Defendant made multiple attempts to resolve its discovery dispute before reaching a genuine impasse on December 30, 2019, when Plaintiff told Defendant to ‘File Motion to Compel.’…Consequently, Defendant has satisfied the meet-and-confer requirement.”

With regard to the requests for production, Judge Coughenour stated: “the Court has reviewed Defendant’s requests for production, and they appear to be relevant and proportional to the case… The Court acknowledges Plaintiff is not represented by counsel and that she may be responding to and cooperating with Defendant to the best of her ability…Nevertheless, Plaintiff’s perfunctory objections do not reflect a good faith effort to comply with discovery rules. Plaintiff must make reasonable efforts to provide documents responsive to Defendant’s requests for production. Failure to do comply may result in sanctions, including dismissal of the present action.”

With regard to the interrogatories, Judge Coughenour found “Defendant’s interrogatories to be facially relevant and proportional to the needs of the case.”  He also stated: “Here, Plaintiff raised vague, broad objections to each of Defendant’s 13 interrogatories and did not provide any of the requested information…Within 30 days, Plaintiff must provide Defendant with the information requested in each interrogatory. Failing to make reasonable efforts to respond to Defendant’s interrogatories may result in sanctions under Rule 37, including dismissal of the matter.”

Judge Coughenour also stated, in fully granting the motion to compel: “Plaintiff is ordered to provide Defendant with initial disclosures at this time. Failing to provide this information may result in sanctions under Rule 37, including dismissal of the matter.”

So, what do you think?  Is the plaintiff’s failure to obtain counsel representation jeopardizing her case before it even gets going?  Please let us know if any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Here’s a Terrific Listing of eDiscovery Workstream Processes and Tasks: eDiscovery Best Practices

Let’s face it – workflows and workstreams in eDiscovery are as varied as organizations that conduct eDiscovery itself.  Every organization seems to do it a little bit differently, with a different combination of tasks, methodologies and software solutions than anyone else.  But, could a lot of organizations improve their eDiscovery workstreams?  Sure.  Here’s a resource (that you probably already know well) which could help them do just that.

Rob Robinson’s post yesterday on his terrific Complex Discovery site is titled The Workstream of eDiscovery: Considering Processes and Tasks and it provides a very comprehensive list of tasks for eDiscovery processes throughout the life cycle.  As Rob notes:

“From the trigger point for audits, investigations, and litigation to the conclusion of cases and matters with the defensible disposition of data, there are countless ways data discovery and legal discovery professionals approach and administer the discipline of eDiscovery.  Based on an aggregation of research from leading eDiscovery educators, developers, and providers, the following eDiscovery Processes and Tasks listing may be helpful as a planning tool for guiding business and technology discussions and decisions related to the conduct of eDiscovery projects. The processes and tasks highlighted in this listing are not all-inclusive and represent only one of the myriads of approaches to eDiscovery.”

Duly noted.  Nonetheless, the list of processes and tasks is comprehensive.  Here are the number of tasks for each process:

  • Initiation (8 tasks)
  • Legal Hold (11 tasks)
  • Collection (8 tasks)
  • Ingestion (17 tasks)
  • Processing (6 tasks)
  • Analytics (11 tasks)
  • Predictive Coding (6 tasks)*
  • Review (17 tasks)
  • Production/Export (6 tasks)
  • Data Disposition (6 tasks)

That’s 96 total tasks!  But, that’s not all.  There are separate lists of tasks for each method of predictive coding, as well.  Some of the tasks are common to all methods, while others are unique to each method:

  • TAR 1.0 – Simple Active Learning (12 tasks)
  • TAR 1.0 – Simple Passive Learning (9 tasks)
  • TAR 2.0 – Continuous Active Learning (7 tasks)
  • TAR 3.0 – Cluster-Centric CAL (8 tasks)

The complete list of processes and tasks can be found here.  While every organization has a different approach to eDiscovery, many have room for improvement, especially when it comes to exercising due diligence during each process.  Rob provides a comprehensive list of tasks within eDiscovery processes that could help organizations identify steps they could be missing in their processes.

So, what do you think?  How many steps do you have in your eDiscovery processes?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

FBI Says Half of $3.5 Billion Cyber Losses in 2019 Were Due to Business Email Scams: Cybersecurity Trends

The FBI’s Internet Crime Complaint Center (IC3) reported that it received over 460,000 internet and cyber-crime complaints in 2019, which the agency estimates caused losses of more than $3.5 billion, the bureau wrote in its yearly internet crime report released earlier this month.  And, about half of that is due to BEC (Business Email Compromise), aka EAC (Email Account Compromise) crimes, which are sophisticated scams targeting businesses and individuals performing wire transfer payments.

This was reported by ZDNet (FBI: BEC scams accounted for half of the cyber-crime losses in 2019, written by Catalin Cimpanu – hat tip to Sharon Nelson of the excellent Ride the Lightning blog).

“At its heart, BEC relies on the oldest trick in the con artist’s handbook: deception,” the FBI said back in 2017, when it started receiving an increased number of BEC scams reports.

A typical BEC scam happens after hackers either compromise or spoof an email account for a legitimate person/company. They use this email account to send fake invoices or business contractors. These are sent to employees in the same company, or upstream/downstream business partners.

The idea is to trick counterparts into wiring money into the wrong bank accounts.

BEC scams are popular because they’re (1) dead simple to execute, and (2) don’t require advanced coding skills or complex malware.  And, they pay BIG.  There were only 23,775 BEC victims last year, but they accounted for over $1.77 billion in losses for victims, which is an average of $75,000 per complaint.  Wow.  Here’s a breakdown of the loss amounts and victim counts by crime type over last year – as you can see, BEC crimes are almost four times as large as any other by total loss amount, but only sixth in total number of victims:

I wrote (almost to the day, no less) about an email I received last year that I suspect was a BEC scam that appeared to be from CloudNine’s co-founder Brad Jenkins.  But I could tell that it wasn’t because it was identified as an external email.  At CloudNine, we mark any emails coming from an external source to identify them as an external email, which is inserted into the received email to help recipients differentiate between real and fake CloudNine emails.  It’s easy to set up and an effective way to flush out those BEC scam emails.

BTW, the map at the top shows the number of complaints by state and, as you can see, California was the only state with over 30,000 complaints (while Florida, Texas and New York had between 20,000 and 30,000).  But the map is a bit deceiving in this respect – California had 50,132 complaints last year, nearly double that of the next highest states (Florida and Texas, which tied at 27,178 complaints).  Ouch.

So, what do you think?  Do you know someone who has been victimized by a BEC scam?  Please share any comments you might have or if you’d like to know more about a particular topic.

Images Courtesy of 2019 FBI Internet Crime Report

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Is Your Ability to Stay Current with eDiscovery in “Jeopardy”? Check Out This Conference: eDiscovery Best Practices

I mentioned it a few weeks ago, but (believe it or not) we’re now only about 3 1/2 weeks away from the eighth year for the University of Florida E-Discovery Conference.  And, as usual, the panel of speakers is an absolute who’s who in eDiscovery.

The annual one-day conference will be held this year on Thursday, March 19th from 8:00am to 5:40pm ET.  This year, the focus is to show you how to work smarter, not harder to ensure the success of your project.  As you can always expect from the U-Fla conference, there are a veritable plethora of expert presenters, including Craig Ball, George Socha, Tom O’Connor, Scott Milner, Kelly Twigger, Tessa Jacobs, David Horrigan, Canaan Himmelbaum, Suzanne Clark and Julie Brown, among others.  And, a bunch of distinguished federal and state judges, including U.S. Magistrate Judges William Matthewman, Mac McCoy, Patricia Barksdale, and Gary Jones.  And, I’m honored to be participating for the third straight year as one of the presenters.  Well, sort of – I’m going to be one of the “contestants” in “E-Discovery Jeopardy” where Craig Ball is the “Alex Trebek” and Mike Quartararo and Ian Campbell are the other contestants.  Hopefully, I won’t be singing this song afterward!  ;o)

Once again, there will be an E-Discovery Career Fest the day before the conference.  And, for the first time this year, there will be a Solutions Corner at the conference allowing you to experience short demos of legal technology products that may be mentioned throughout the day.  Here is the agenda for the main sessions at the conference (all times ET):

  • 8:15am – 8:50am: THE STATE OF E-DISCOVERY, PRIVACY, AND DATA SECURITY — Our first session begins with an informal chat and dialogue among key industry leaders on the 2020 forces at play in electronic discovery, privacy, and data security.
  • 9:00am – 9:50am: GUIDE TO ADVANCED LEGAL TECHNOLOGIES FOR EVERY BUDGET — This session will guide you through a requirements checklist followed by a tour of the ever-changing e-discovery vendor environment.
  • 10:00am – 10:50am: FROM SLACK TO SNAPCHAT: TACKLING DISCOVERY BEYOND EMAIL — This session will provide a guide to the new communication world from the handheld device to the cloud and back.
  • 11:00am – 11:05am: Industry Update: ACEDS — Mike Quartararo, the Association of Certified E-Discovery Specialists (ACEDS) President will provide a brief overview of the organization and the latest updates.
  • 11:05am – 11:55am: RECENT DEVELOPMENTS IN DATA DISCOVERY CASE LAW AND LEGISLATION — Two lawyers and a judge who keep close watch on e-discovery case law will join us for an analysis of recent court decisions in e-discovery, data privacy, and data protection.
  • 1:00pm – 1:50pm: E-DISCOVERY JEOPARDY — We’ve brought in our very own game show host to engage three of this year’s UF Law E-Discovery Conference Faculty in a battle of wits and wisdom about legal services, e-Discovery, and other topics.
  • 2:00pm – 2:55pm: E-DISCOVERY NUTS & BOLTS — You requested it! Our well-received rapid format of short e-discovery presentations returns again this year.
  • 3:00pm – 3:05pm: Industry Update: EDRM — Mary Mack, Chief Legal Technologist at EDRM will share a brief overview of the organization and the latest updates.
  • 3:15pm – 4:15pm: LEVERAGING SEARCH TO FIND WHAT MATTERS MOST — Let our panel guide you through the thicket of e-discovery search with specific examples and techniques.
  • 4:30pm – 5:30pm: JUDGES & EDISCOVERY: A VIEW FROM THE BENCH — Our distinguished panel of Federal Magistrate Judges return to share with you the keys to e-discovery success in the courtroom.

You can register to attend this day long conference packed with practical advice, experts, hot topics, and Florida CLE credit here for only $99 for live streaming and $199 in person.  There are also discounts available for students, University/College Faculty and Staff and Government and Judicial employees.  Last year, the in-person slots were sold out, so that is another reason to act quickly.  It’s the best one-day educational conference of the year!

So, what do you think?  Are you going to attend the University of Florida E-Discovery Conference?  If not, why not?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Mobile Collection: It’s Not Just for iPhones Anymore, Part Four

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.  He has also been a great addition to our webinar program, participating with me on several recent webinars.  Tom has also written several terrific informational overview series for CloudNine, including his most recent one, DOS and DON’TS of a 30(b)(6) Witness Deposition.  Now, Tom has written another terrific overview regarding mobile device collection titled Mobile Collection: It’s Not Just for iPhones Anymore that we’re happy to share on the eDiscovery Daily blog.  Enjoy! – Doug

Tom’s overview is split into four parts, so we’ll cover each part separately.  The first part was last Thursday, the second part was Monday and the third part was Wednesday, here’s the fourth and final part.

Conclusions

So, when you think of smart phone collection be sure to ask what OS you going to encounter.  Android phones are market leaders both here in the US and worldwide and offer corporate archiving solutions that are second to none. Your litigation opponent might actually have the droid you are looking for.

And, why is that important?  Because we’re seeing more cases where mobile device data is relevant than ever.  As I mentioned in my Millennials series last summer, Americans send about 8.5 billion texts every day!  Texts and other mobile data are routinely relevant in just about every type of litigation case.

And, we’re certainly seeing more cases where mobile device data is figuring prominently in court rulings.  Here are some cases covered by eDiscovery Daily in just the past year regarding mobile devices and (in some cases) consideration of sanctions for failing to preserve mobile device data:

The good news is that you’ve now learned about some terrific resources to preserve that mobile device data and hopefully avoid sanctions in your own cases, regardless of whether the device is Apple or Android.

So, what do you think?  Are you having to increasingly address issues associated with mobile device discovery?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.