Close
Enter your
text here

Electronic Discovery

I Rarely Do This, But Today’s Post is Not About eDiscovery

Late last week, when several of us knew that Hurricane Harvey was bearing down on Texas and was expected to cause major flooding in the Houston area, a friend of mine made a joke on Facebook about seeing a six foot rabbit in the Gulf of Mexico.  It was a great Jimmy Stewart reference and a clever joke.

But, Hurricane Harvey has been no joke.  When the TV weather people (as early as mid-week last week) talked about major flooding and as much as 25 to 35 inches of rain expected on and near the Texas Gulf Coast, many people scoffed and figured that the TV news stations (as they often do with weather events like this) we’re overreacting and that it wasn’t going to be as bad as they predicted.

They were right.  It appears to be much worse than they predicted.  And, it may not be over for days yet.

According to The Weather Channel, over 27 inches of rain fell in southeastern Harris County (where Houston is located) from early Friday morning (as Hurricane Harvey approached and eventually made landfall that night) through early Sunday morning.  It has rained most of Sunday throughout the area as well.  The current prediction (as of 6:30pm on Sunday) is as much as 50 inches of rain total and Harvey may dump rain on some part of Texas for as many as 9 days.  It’s unprecedented.

When you get that much rain, obviously there is widespread flooding.  Here are just a few pictures, courtesy of Reuters, to give you a little sense of what’s going on here.

Flights at both Houston airports are grounded at least through tomorrow and probably longer.  Most Houston area school districts are out all week.  And, flooding even knocked our CBS affiliate (KHOU Channel 11) for most of the day so far (not back on the air as of 6:30pm after going off the air at around 10am).  But, not before a Channel 11 reporter flagged down a Harris County Sheriff to rescue a man from his flooded 18 wheeler truck (footage of both events here).

How extensive is the property damage?  Insurance experts have warned that flood damage across Texas from the bad weather may equal or exceed the trail of destruction left by Hurricane Katrina in 2005, which was the most expensive natural disaster in US history.  It’s not a record you want to set.

Thankfully, there have been few deaths, only 3 reported to date.  But, tens (if not hundreds) of thousands have experienced flood damage and had to evacuate.  And, more still may, given that we expect to continue to receive rain for the next two to three days at least.

What can you do to help?  Consider donating online to the Houston Food Bank, Galveston County Food Bank or Corpus Christi Food Bank.  Or the Coastal Bend Disaster Recovery Group.  And, if you’re in the Houston area, you can volunteer at the American Red Cross here or by calling 713-526-8300.  Several in the Houston area have already donated their time and helped with boats to evacuate those stranded by flooding.  It’s just one of the signs of what makes our city so great — Houstonians helping each other.

Stay safe, Houstonians!

Hopefully, we’ll be back to a regular eDiscovery post tomorrow.

Top Image Copyright (C) Universal International Pictures.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Lessons to Be Learned from the Wells Fargo eDiscovery Inadvertent Disclosure: eDiscovery Best Practices

When you’re a lawyer and you find out that you’ve inadvertently produced client confidential information in litigation, it’s a bad day.  When you find out that confidential information is personal information on thousands of the most wealthy investors in your client’s portfolio, it’s an even worse day.  And, when you find out that disclosure is being covered by The New York Times, it’s a lawyer’s worst nightmare.

Such is the story of Angela A. Turiano, a lawyer with Bressler, Amery & Ross, an outside law firm of Wells Fargo based in New Jersey.  In response to a New Jersey court case involving a dispute between ex-Wells Fargo employee Gary Sinderbrand and his brother who also worked there, Turiano inadvertently produced tens of thousands of client names, Social Security numbers, account balances and more.  This was on behalf of Wells Fargo as a third party to the New Jersey court case.

The documents and spreadsheets containing client information were originally provided to Aaron Miller, Sinderbrand’s lawyer in the New Jersey case on July 8 (according to the New York Times article linked below).  Miller later shared knowledge of what the documents contained to Aaron Zeisler, who is representing Sinderbrand in a New York case against Wells Fargo Advisors.  Miller notified Turiano of the disclosure of confidential information on July 20 (according to her affirmation filed with the New York Supreme Court on July 24).  The following day, the Times article was published with quotes from both Zeisler and Gary Sinderbrand, detailing the disclosure.  After Wells Fargo asked the NY and NJ courts to intervene, lawyers for Gary Sinderbrand were ordered to hand back over the data on July 26.

In Turiano’s affirmation, she described how the inadvertent disclosure evidently happened.  It’s based on this description of events that I offer up some suggestions about ways to avoid the scenario.  Here is the description provided by Turiano in paragraph 3 from the affirmation as to how the disclosure happened (I have put in bold a few key points that I reference below):

“Based upon my discussion with Mr. Miller, Wells Fargo agreed to conduct a search of four custodians’ email boxes using designated search terms.  Wells Fargo, like many large corporations, uses an outside e-discovery service to conduct e-mail searches.  The vendor conducted the search and, upon completion, I personally conducted a review of the voluminous search results to exclude from production any e-mails containing confidential or privileged information.  Specifically, using the vendor’s e-discovery software, I reviewed what I thought was the complete search results and for documents that contained confidential or privileged information, I thought I marked them as confidential or privileged.  I then coordinated with the vendor with both written instructions and by telephone and instructed the vendor to produce the emails in the database that I had marked, but that the vendor should withhold from the production anything that I tagged privileged-withhold and confidential and client-information withhold.  What I did not realize, was that there were documents that I had not reviewed.  Unbeknownst to me, the view I was using to conduct the review had a set limit of documents that it showed at one time.  Thus, I thought I was reviewing a complete set, when in fact, I only reviewed the first thousand documents.  I thus inadvertently provided documents that had not been reviewed by me for confidentiality and privilege.  In addition, it was my understanding that the vendor was going to apply redactions for documents I flagged as needing redactions.  Thus, I thought that responsive documents that contained confidential information would be redacted prior to production.  The documents, however, were not redacted prior to production.  I realize now that I misunderstood the role of the vendor.  Finally, I now understand that I may have miscoded some documents during my review.”

As a vendor, here are some of the things I would be doing to avoid the situation:

Communicate Search Results Completely and Clearly: I’m frequently asked to perform searches on behalf of clients and I always document the search results clearly in a spreadsheet with total documents retrieved for each term and a grand total of documents retrieved from all of the terms.  I also communicate that to the client clearly in an email, reiterating (in the email) the total count of documents retrieved via the searches (and usually follow up via phone as well).  I can’t say that the vendor didn’t do that here (maybe they did and the attorney glossed over – or forgot – the info), but a clear communication of search results may have helped ensure that Turiano had the correct count of documents and led her to realize that there were more documents than displayed on the first page of the eDiscovery software program.  It’s also important to realize that most (if not all) eDiscovery software applications deliver result sets in manageable batches of documents for efficiency sake – nobody wants to wait for all the data to load for 100,000 documents retrieved in a large search result – so the applications deliver the results in pages or batches.

Track Documents Reviewed and Report Anomalies: In a project where you know that the attorney is reviewing all retrieved documents for confidentiality and privilege, it’s good to track the documents actually reviewed and be able to report if there is an anomaly.  This could be done either by setting a specific field to mark a document as “Reviewed”.  Or it could be done via audit log tracking within the software.  Regardless, if either was done here, the vendor could have then informed the attorney that there were documents not reviewed and the mistake could have been discovered.

Confirm Documents Tagged for Redaction Were Actually Redacted: The workflow when dealing with native ESI is typically to flag documents that need redaction (which the attorney apparently did, at least for the documents she reviewed), then for the vendor to convert those native files to image format, then for the attorney to apply the redactions.  It doesn’t appear that the last two steps actually happened.  I’m not sure how the attorney expected the vendor to apply redactions simply based on a tag of “needs redactions” unless there was also a description field with a detailed description of where – even then, most vendors would still expect the attorney to ultimately apply them.  One check that should always be made before ESI is produced is to confirm that redactions were properly applied and if documents were tagged for redaction, there should be a step to make sure that they were actually redacted.  That’s a production QC step that should always be done before signing off on the production (by both vendor and attorney).

Perform a Pattern Search for Personally Identifiable Information (PII): With data privacy becoming more important than ever and GDPR looming, it’s becoming necessary to do more than just manual review to identify potential personal data – after all, people make mistakes.  Pattern searches are specialized searches, looking for specific types of information, such as 3 digits, then 2 digits, then 4 digits (i.e., the pattern for a social security number).  Searches for other patterns, like client account numbers or credit card numbers, could also be performed to determine whether personal data exists in the production set, which may need to be redacted or removed altogether.

Recognize When Your Client Needs More Hand Holding: Some attorneys are experienced and tech-savvy with regards to eDiscovery and want to drive the process, others are not.  Based on the description of events, I would suggest that this attorney was not very experienced in eDiscovery matters or in using eDiscovery software.  When that’s the case, it’s important for the vendor to be prepared to take more of a lead in driving the production QC and raising issues like those I discussed above.  As Turiano stated, “I realize now that I misunderstood the role of the vendor.”  Evidently, there was certainly a lack of communication on who was “driving the bus” on this production – when that’s the case, “the bus” tends to end up in a ditch.

So, what do you think?  What steps do you take to avoid inadvertent disclosures?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Denies Plaintiff’s Request for Defendant’s Source Code Production: eDiscovery Case Law

In Congoo, LLC v. Revcontent LLC, et al, No. 16-401 (MAS) (D.N.J. Aug. 10, 2017), New Jersey Magistrate Judge Tonianne J. Bongiovanni, finding that the plaintiff “has not met its burden of demonstrating that production of the source code is relevant and necessary”, denied the plaintiff’s Motion to Compel the inspection and production of the defendants’ source code.

Case Background

In this case the plaintiff alleged that the defendant (its competitor) published or caused to be published false and misleading “native advertising” (i.e., integrated online advertising in published content on various internet news and information sites).  The plaintiff stated that the source code was highly relevant because it pertained to a central issue in the case, that is, whether the defendants were involved in the creation of the content in false and misleading ads and asserted that production of the source code was necessary to prove their claim.  The defendants argued that requiring it to produce its source code to a competitor would cause irreparable harm to its business and stated that it has provided the plaintiff with evidentiary support concerning the few software functions that are relevant to its claims.

In February 2017, a discovery conference was held to discuss the issue of production of the source code and the Court stated that the parties should make their full submission to the Court on the issue.  Then, in March, the plaintiff filed the instant motion to compel inspection and production of the defendants’ source code.

Judge’s Ruling

Judge Bongiovanni, noting that “[t]he Court has broad discretion in deciding discovery issues such as that raised by the parties here”, indicated that “[i]n order for the production of source code to be compelled, Plaintiff must prove that it is relevant and necessary to the action.”  In that regard, Judge Bongiovanni stated that:

“The Court is not convinced that an understanding of the Defendants’ influence on or creation of the ads requires production of the technology, i.e., the source code, utilized by the Defendants. Rather, the Court is persuaded that through witness testimony an understanding of the functionality of the software algorithm as it relates to issues in this case, e.g., selection of higher paying Content Recommendations, can be adequately addressed.”

Judge Bongiovanni also found that the source code’s “highly confidential nature is such that it cannot be adequately safeguarded by a Discovery Confidentiality Order and therefore outweighs the need for production”, pointing to the declaration of the defendant’s Chief Product Officer, which pointed to an investment of 7 to 10 million dollars in the development of the software and the fact that neither the defendant’s “in-house lawyers nor any of our outside counsel is permitted to access and/or view Revcontent’s highly proprietary Source Code.”

As a result, Judge Bongiovanni found that the plaintiff “has not met its burden of demonstrating that production of the source code is relevant and necessary” and denied the plaintiff’s Motion to Compel the inspection and production of the defendants’ source code.

So, what do you think?  Should there be special considerations for producing source code or other intellectual property?  Please share any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Potential Topics for Your 30(b)(6) Witnesses: eDiscovery Best Practices

I was talking to a client the other day about having to prepare their 30(b)(6) witness for a case, so I thought I’d revisit this topic…

When it comes to questions and potential issues that the receiving party may have about the discovery process of the producing party, one of the most common and direct methods for conducting “discovery about the discovery” is a deposition under Federal Rule 30(b)(6).

Rule 30(b)(6) enables a party to serve a deposition notice on the organization involved in the litigation rather than an individual. That notice identifies the topics to be covered in the deposition, and the organization being deposed must designate one or more people qualified to answer questions on the identified topics. While those designated to testify may not necessarily have day-to-day responsibility related to the identified topics, they must be educated enough in those issues to sufficiently address them during the testimony.

Topics to be covered in a 30(b)(6) deposition can vary widely, depending on the facts and circumstances of the case. However, there are some typical topics that the deponent(s) should be prepared to address.

Legal Hold: Perhaps the most common area of focus in a 30(b)(6) deposition is the legal hold process as the deposing party will want to find out if there is a possibility of spoliation of data, which could result in sanctions against your organization.  Issues to address include:

  • General description of the legal hold process including all details of that policy and specific steps that were taken in this case to implement the hold.
  • Timing of issuing the legal hold and to whom it was issued.
  • Substance of the legal hold communication (if the communication is not considered privileged).
  • Process for tracking and follow-up with the legal hold sources to ensure understanding and compliance with the hold process.
  • Whether there are any auto-delete processes in place in the organization and, if so, what steps were taken to disable them and when were those steps taken?

Collection: Logically, the next eDiscovery step discussed in the 30(b)(6) deposition is the process for collecting preserved data:

  • Method of collecting ESI for review, including whether the method preserved all relevant metadata intact.
  • Chain of custody tracking from origination to destination.
  • How the collection process was managed and conducted – i.e., was there custodian self-collection being performed and, if so, how tightly was that process managed by counsel.

Searching and Culling: Once the ESI is collected, the methods for conducting searches and culling the collection down for review must be discussed:

  • Methods used to cull the ESI prior to review (including de-duping, date range exclusion and other mechanisms, as well as the search criteria for inclusion or exclusion in review and how the search criteria was developed (including potential use of subject matter experts to flush out search terms).
  • Process for testing and refining the search terms used as well any testing or sampling conducted on ESI not retrieved.

Review: The 30(b)(6) witness(es) should be prepared to fully describe the review process, including:

  • Methods to conduct review of the ESI including review application(s) used and workflow associated with the review process.
  • Use of technology to assist with the review, such as clustering, predictive coding and near-duplicate identification.
  • Methodology for determining privileged ESI (this methodology may be important if the producing party may request to “claw back” any inadvertently produced privileged ESI – this order makes it easier to do that).
  • Personnel employed to conduct ESI review, including their qualifications, experience, and training.

Production: Information regarding the production process, including:

  • Methodology for organizing and verifying the production, including confirmation of file counts and spot QC checks of produced files for content.
  • The total volume of ESI collected, reviewed, and produced.

Depending on the specifics of the case and discovery efforts, there may be further topics to be addressed to ensure that the producing party has met its preservation and discovery obligations.

So, what do you think?  Have you had to prepare 30(b)(6) witnesses for deposition?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Think That Your Firm Isn’t Subject to GDPR? You May Be Wrong About That: eDiscovery Trends

We’re getting closer and closer to the implementation of the General Data Protection Regulation (GDPR) standard designed to strengthen and unify data protection for all individuals within the European Union (EU).  It goes into effect in about eight months (May 25th of next year, to be exact).  Do you think GDPR doesn’t apply to your firm?  You may be wrong about that.

This JD Supra article (GDPR Applies to US Firms, written by Stanislaw Kastory)* discusses instances where GDPR can apply to firms and companies that are not established in the European Union.  According to the author, the GDPR applies to processing of personal data of data subjects who come from the European Union, by a controller or processing entity not established in the European Union if the processing activities relate to:

  1. a) the offering of goods or services to such data subjects in the European Union and
  2. b) the monitoring of their behaviour. (or “behavior”, depending on who’s reading it) – :o)

Oh, behave!

Here are examples of US companies that may be subject to GDPR requirements:

  • A US insurance company not based in the EU will be subject to the GDPR (and all the requirements thereunder) if it offers its insurance products to entities in EU countries.
  • The new GDPR will also apply to all companies offering “suggestions” used for example on YouTube, Instagram or Spotify. Suggestions that you may like someone’s profile or music are based on processing of personal data. If a US company makes such suggestions to EU citizens, it will automatically fall under the ambit of the GDPR.
  • Even if you’re just a local whisky producer in Kentucky and you send 10 bottles to a client in France, you’re still subject to the rules of GDPR.

So, it’s not just cloud providers, it impacts any organization that might have a market of customers in the EU.  According to the article, more than 50% of US companies will be required to implement the GDPR requirements, including having to process personal data in compliance with the EU regulation. They will therefore be directly required to ensure they have the appropriate legal basis for data processing, to meet the requirement of informing data subjects and to implement new procedures and documents under the GDPR.

Fines can reach up to EUR 20,000,000 or 4% of global turnover, so failing to comply could be costly.  For those that are fined at some level, I’ll bet the “GD” in GDPR may no longer stand for “General Data”.  :o)  Anyway, it’s clear that GDPR will be a big topic of discussion in our industry in the coming months and I expect that we’ll have quite a bit more coverage of it during that time.

BTW, just a reminder that, on Wednesday, August 30 at noon CST (1:00pm EST, 10:00am PST), CloudNine will conduct the webcast On Premise or Off Premise? A Look at Security Approaches to eDiscovery.  This one-hour webcast will discuss different on-premise and off-premise eDiscovery solution options and considerations for each. I’ll be presenting the webcast, along with eDiscovery thought leader Tom O’Connor.  To register for it, click here.

So, what do you think?  Is your organization preparing for GDPR?  Please share any comments you might have or if you’d like to know more about a particular topic.

*Hat tip to Rob Robinson’s Complex Discovery site for the tip on the article.  Here’s two other articles he has covered in just the past two weeks on the topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Citing SCA, Court Denies Motions to Compel Microsoft, Google and Yahoo to Produce Emails: eDiscovery Case Law

In PPG Indus., Inc. v. Jiangu Tie Mao Glass Co., Ltd., No. 2:15-cv-965 (W.D. Pa. July 21, 2017), Pennsylvania District Judge Mark R. Hornak denied the plaintiff’s Motions to Compel third parties Microsoft, Google and Yahoo to Produce Responsive Documents Pursuant to their Subpoenas, finding that “resolution of this case begins and ends with the Stored Communications Act (‘SCA’), which generally provides that ‘a person or entity providing an electronic communication service to the public shall not knowingly divulge to any person or entity the contents of a communication while in electronic storage by that service.’”

Case Background

In this case where one of the plaintiff’s employees was arrested and charged with theft of trade secrets and ultimately committed suicide while under house arrest, the plaintiff obtained consent for the production of all materials related to the case from the employee’s brother, who was also the executor and beneficiary of his estate.  After receiving permission from the Court to conduct limited pre-answer discovery and serve specified subpoenas, the plaintiff served subpoenas on Microsoft, Google and Yahoo seeking e-mail communications received and sent from the employee’s accounts with each company.  When Microsoft, Google and Yahoo refused to provide the requested communications, the plaintiff filed the Motions to Compel.

Judge’s Ruling

Judge Hornak began his ruling by stating: “The resolution of this case begins and ends with the Stored Communications Act (‘SCA’), which generally provides that ‘a person or entity providing an electronic communication service to the public shall not knowingly divulge to any person or entity the contents of a communication while in electronic storage by that service.’”  He also noted, however, “under the SCA a provider ‘may divulge the contents of a communication’ in certain circumstances, including when it has ‘the lawful consent of the originator or an addressee or intended recipient of such communication.’ § 2702(b)(3).”

The plaintiff argued that because the executor of the employee’s estate had consented to production of the emails, the SCA’s exception for the “lawful consent of the originator,”§ 2702(b)(3), applies and argued that under Pennsylvania law an executor has the authority to handle a decedent’s digital assets, including his electronic communications.  However, Judge Hornak stated that “First, it is plain that the SCA does not provide an exception to its general prohibition on disclosure for civil subpoenas…Second, even when one of the exceptions to prohibited disclosures delineated in§ 2702(b) applies, the SCA nonetheless does not require providers to disclose communications. To begin, § 2702(b) specifically states that providers ‘may’ divulge communications if an exception applies; it does not state that they ‘must’ do so.”

Judge Hornak did note that the plaintiff “could still gain access to the emails in Thomas Rukavina’s Microsoft account should it choose to pursue them. Microsoft stipulated at argument and in its papers that if the Pennsylvania court with jurisdiction over Thomas Rukavina’s estate concludes that Robert Rukavina’s consent is ‘lawful consent’ under § 2702(b)(3), Microsoft will voluntarily divulge the emails PPG seeks.”  He also noted that the plaintiff “could also potentially obtain the emails in Thomas Rukavina’s Yahoo and Google accounts by identifying the individual(s) who have been accessing the accounts since Thomas Rukavina’s death” (since both providers had indicated that his accounts had been accessed on “numerous” occasions since his death).

However, Judge Hornak’s parting notice was that, in the case of the Yahoo account, the employee had “repeatedly consented to Yahoo’s Terms of Service (‘TOS’), which included…a ‘No Right of Survivorship and Non-Transferability’ provision… [which] explains that any rights Thomas Rukavina had to the contents of his Yahoo account terminated upon his death.”  So, he would have been unlikely to order Yahoo to produce the emails under any circumstances.

Regardless, for the reasons noted above, Judge Hornak the plaintiff’s Motions to Compel against all three third parties.

So, what do you think?  Is it time to rewrite or update the 31 year old Stored Communications Act?  Please share any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

New Report from The Aberdeen Group Cites Lack of Advanced Technologies, Offers Recommendations: eDiscovery Trends

While recovering from ILTACON and Vegas, I found an interesting report with some interesting statistics and observations from The Aberdeen Group about how many organizations are handling eDiscovery and what they could be doing better.

The report, Key Strategies to Improve the Performance of eDiscovery Teams, is written by Michael Caton an IT Research Analyst at Aberdeen, who surveyed technology solution users.  Here are some of the observations and statistics included in the report:

  • In terms of technology adoption, 82% of companies surveyed use an eDiscovery solution.
  • Currently, organizations are 50% more likely to use an on-premises solution than a cloud-based solution.
  • While 33% of organizations have implemented a cloud-based solution, organizations plan to implement on-premises and cloud-based technologies in nearly equal numbers – 24% and 27%
  • Just 29% of responding organizations have adopted technology assisted review.
  • The same holds true (no pun intended) for legal hold management – just 29% of organizations have software tools to notify employees of legal hold and to prevent the loss of data that should be subject to eDiscovery.
  • Finally, only 27% of companies employ direct connectors to key systems to automate the collection of data, such as content management applications and communications systems.

The on-premises vs. cloud numbers might be the most surprising to me, given all of the recent numbers and trends that I’ve seen regarding cloud adoption within the eDiscovery industry.  It looks like both implementation methods will have a place in eDiscovery for some time to come.

Caton also provides statistics regarding top business pressures related to eDiscovery, core eDiscovery capabilities in use and eDiscovery technologies with low adoption levels (among other findings).  He provides several recommendations at the end of the document for organizations currently assessing eDiscovery solutions, including evaluating technology assisted review technology, assessing legal hold management solutions, integrating eDiscovery software with critical applications and evaluating cloud or hybrid technologies to simplify onboarding.  I won’t steal all his thunder here – I’ll leave it to you to check out his report here to see additional stats and recommendations (the report is free, with free signup for an Aberdeen membership).

BTW, speaking of on-premise vs. cloud, just a reminder that, on Wednesday, August 30 at noon CST (1:00pm EST, 10:00am PST), CloudNine will conduct the webcast On Premise or Off Premise? A Look at Security Approaches to eDiscovery.  This one-hour webcast will discuss different on-premise and off-premise eDiscovery solution options and considerations for each. I’ll be presenting the webcast, along with eDiscovery thought leader Tom O’Connor.  To register for it, click here.

So, what do you think?  Do you use on-premise, off-premise or a combination for your eDiscovery solution(s)?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Thursday’s ILTACON 2017 Sessions: eDiscovery Trends

As noted Monday, Tuesday and yesterday, the International Legal Technology Association (ILTA) annual educational conference of 2017 (otherwise known as ILTACON) is happening this week and eDiscovery Daily will be reporting this week about the latest eDiscovery trends being discussed at the show.  Today is the last day to check out the show at the Mandalay Bay if you’re in the Las Vegas area with a number of sessions available and as many as 215(!) exhibitors providing information on their products and services.

Sessions of interest in the main conference tracks include (all times PT):

9:00 AM – 10:00 AM:

O365 and Exchange Ediscovery Capabilities: While Office 365 and Exchange ediscovery capabilities can make our jobs easier, they can also be subject to problems. What can you expect from these products? In this live demo, you’ll get an interactive tutorial of the features these platforms offer – from the glitz to the glitches.

Takeaways:

  • Understand what the different software offerings are and are not good at
  • Identify gotchas for each product

Speakers include: John Collins, Director of Information Governance & Office 365 Consulting DTI.

Your Perimeter Will Be Breached: Your law firm will be hacked. What do you do when that happens? How do you mitigate the damage done? Join us for a technical discussion on what you can put in place that will help you identify where you have been hacked and how to get rid of the threat.

Takeaways:

  • Determine a list of things to check when you’re back in the office
  • Identify ways to find intruders in your perimeter and mitigate risk

Speakers include: Brian Johnson, Sr. Security Engineer Emergent Networks.

11:15 AM – 12:15 PM:

New Microsoft Features That Will Affect Ediscovery in the Future: Microsoft continues to add features to its products that could make preservation, collection, review and production easier in the future. More and more corporations are using those products. Is it time for law firms to follow suit? Come hear a panel discuss how Microsoft’s legal hold and ediscovery compliance features could change how we deal with ediscovery now and in the future. Will you be prepared to take advantage of these changes?

Takeaways:

  • Learn how Microsoft’s legal hold and ediscovery compliance features are making it easier to deal with ediscovery challenges
  • See how these new features could affect how we deal with edIscovery
  • Discover how to take advantage of these features to further your career

Speakers include: Scott M. Cohen, Managing Director Winston & Strawn LLP; Jake Frazier, Information Governance & Compliance Practice Leader FTI Consulting; EJ Bastien, Lead eDiscovery Program Manager Microsoft Corporation – Legal and Corporate Affairs; Troy Dunham, eDiscovery Program Manager Adobe Systems Legal Department.

2:00 PM – 3:00 PM:

Data Analytics for Information Governance: Whether you’re in a law firm or corporate environment, using data and key metrics can improve your information governance (IG) and system performance. What types of data should you be evaluating, and how to do find the value of it? How can you create the ideal information governance framework by distilling data into building blocks that tie together? We’ll examine case studies to demonstrate data-driven decisions made throughout the building and remodeling of successful IG programs.

Speakers include: Gillian Glass, Director of Practice Support, Paralegals and Records Farella Braun + Martel LLP; Megan Beauchemin, Director of Business Intelligence and Analytics InOutsource; Daniel Holohan, Chief Information Officer The Advisory Board Company.

What’s in YOUR Ediscovery/Litigation Support Strategic Plan?!: Looking into the future, what is the focus of your strategic plan? What are your staff needs and technology needs? Is there company growth? Creating and managing a strategic plan can be difficult, especially as emerging needs fight for resources and attention. This presentation will give ediscovery and litigation support professionals tips on updating, revamping and revisioning their strategic plan. We will also discuss various approaches and timetables for the strategic planning process.

Takeaways:

  • Cultivate ideas on how to develop a strategic plan
  • Identify who needs to be involved
  • Determine factors to consider in your strategic plan

This session will NOT be recorded.

Speakers include: Mary Pat Poteet, Managing Consultant; David Bryant Isbell, Director, Global Practice Support Baker & McKenzie; Ashley Smith, Managing Director Deloitte.

3:30 PM – 4:30 PM:

Preserving, Collecting and Producing Databases for Ediscovery: An industry expert will share how they deal with, manage and produce structured data and databases during litigation and government investigations. Attendees will hear about common challenges and solutions to help deal with these challenging sources of data, and they will learn about techniques to preserve, collect, review and produce structured data and databases.

Takeaways:

  • Learn how to preserve, collect and produce databases
  • Understand common challenges and pitfalls to avoid when dealing with databases
  • Establish a list of questions to ask when dealing with databases

Speakers include: Jim Vint, Managing Director, Practice Lead Global Legal Technology Solutions Navigant.

So, what do you think?  Did you attend ILTACON this year?  If so, what did you think?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Wednesday’s ILTACON 2017 Sessions: eDiscovery Trends

As noted Monday and yesterday, the International Legal Technology Association (ILTA) annual educational conference of 2017 (otherwise known as ILTACON) is happening this week and eDiscovery Daily will be reporting this week about the latest eDiscovery trends being discussed at the show.  There’s still time to check out the show at the Mandalay Bay if you’re in the Las Vegas area with a number of sessions available and as many as 215(!) exhibitors providing information on their products and services.

Sessions of interest in the main conference tracks include (all times PT):

9:00 AM – 10:00 AM:

eDiscovery Industry Resources: There are many industry resources for professionals in ediscovery, including Women in eDiscovery, ILTA, ACEDS, EDRM and Sedona. How can you get involved with these organizations, and what are the benefits of becoming a member? Speakers from each organization will share how they can help you and your team.

Takeaways:

  • Gain a better understanding of each organization
  • Learn how to become a member

Speakers include: Amy Juers, Founder & CEO Edge Legal Marketing; Peter Pepiton II, Director of eDiscovery Dinsmore & Shohl; Janelle Eveland Belling, Managing Director of E-Discovery Services & Strategy Perkins Coie; Doug Austin, Vice President of Professional Services CloudNine; Martin Tully, Co-Chair, Data Law Practice Akerman LLP.

Everything You Need to Know About EU General Data Protection Regulation, but Were Afraid to Ask (Until Now): Law firms that deliver services to European Union residents need to be prepared for the new General Data Protection Regulation going into effect May 25, 2018. Discover what you need to know about the GDPR, so you can develop a strategy for reviewing and updating your operations to meet the new obligations. We will also explore technologies available to assist and ways you can secure funding and support from firm leadership.

Takeaways:

  • Understand how to prepare for GDPR compliance
  • Develop a basic plan for implementing GDPR controls
  • Identify resources for GDPR preparation and implementation
  • Understand technology tools available

Speakers include: Ian Raine, Director of Product Management iManage; Jeff Hemming, Product Manager – Marketing Solutions Tikit Inc.; Robert Cruz, Senior Director, Information Governance Actiance, Inc.; Grant Shirk, Vice President, Marketing.

11:00 AM – 12:30 PM:

How to Hack a Law Firm: Many law firm’s conduct external penetration tests, but you can still be hacked. Whether you’ve been through a dozen tests or are facing your first, it’s important to gain insight into the most common ways hackers gain access to a law firm’s data and assets. Learn about the best controls you can put in place to defend against these threats.

Takeaways:

  • Determine a list of top 10 things you need to go back to your firm and check
  • Identify how your firm policies can increase your risk

Speakers include: Kenny Leckie, Senior Technology & Change Management Consultant Traveling Coaches, Inc.

3:30 PM – 4:30 PM:

Automating Information Governance: We’ve all been told that automation is the future of managing and governing information. With automation come many benefits, including rule-based email management, the most sophisticated forms of automated classification and discovery of data’s “meaning.” Interested? Come learn about available technologies, challenges in implementing automation and important lessons information governance (IG) practitioners have learned that can help us put these next-generation tools and techniques to work today.

Takeaways:

  • Discover different techniques to automate solutions to your IG problems
  • Outline what works and what doesn’t
  • Understand why automating IG is worth the investment

Speakers include: Julie J. Colgan, Senior Director, Strategy & Innovation DTI; Leigh Isaacs, Director, Records & Information Governance White & Case LLP; Brianne Aul, Firmwide Senior Records and Information Governance Manager Morgan, Lewis & Bockius, L.L.P.

Ediscovery Data and Records Collaboration: A closed matter is just the beginning to what can often be a complex data storage process. What information gets returned to the client? What data sets get destroyed? What data do you need to keep? From understanding your client’s records retention strategy to having a step-by-step plan with records managers, a collaborative strategy is necessary to ensure records are safeguarded and processes are compliant.

Takeaways:

  • Understand complex data storage methods
  • Comprehend the importance of your clients’ records retention policies and how they affect your retention practices
  • Identify best practices from records managers and general counsel

Speakers include: Brian Jenson, Director, Litigation Support & E-Discovery Services Orrick, Herrington & Sutcliffe LLP; Martin Susec, Assistant General Counsel Nationwide Mutual Insurance; Richard Dilgren, National Director, Data Science & Strategy FRONTEO.

So, what do you think?  Are you planning to attend ILTACON this year?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Tuesday’s ILTACON 2017 Sessions: eDiscovery Trends

As noted yesterday, the International Legal Technology Association (ILTA) annual educational conference of 2017 (otherwise known as ILTACON) is happening this week and eDiscovery Daily will be reporting this week about the latest eDiscovery trends being discussed at the show.  There’s still time to check out the show at the Mandalay Bay if you’re in the Las Vegas area with a number of sessions available and as many as 215(!) exhibitors providing information on their products and services.

Sessions of interest in the main conference tracks include (all times PT):

11:00 AM – 12:30 PM:

A Deep Dive into Project Management in Litigation Support: Take a deep dive into advanced litigation support project management (PM) principles. This workshop will be led by three high-level ediscovery strategists and is designed for professionals who live in the trenches of complex litigation support management. Learn principles you can leverage and apply immediately to improve your organization’s PM maturity.

Speakers include: Michael Quartararo, Director of Litigation Support Services Stroock & Stroock & Lavan LLP; Daryl Shetterly, Director, DRS Operations Orrick, Herrington & Sutcliffe LLP

1:30 PM – 2:30 PM:

Managing Data from the EU During Litigation: A panel will discuss current issues and solutions for dealing with data from the European Union during litigation and government investigations. Topics will include certification through Privacy Shield and using Model Clauses in your agreements to address privacy and security concerns.

Takeaways:

  • Learn about the current status of EU data privacy issues
  • Identify how to avoid getting in trouble when dealing with EU data
  • Become comfortable with how the Privacy Shield certification process works

Speakers include: Michael Boggs, Director of Practice Support Holland & Hart; Mollie C. Nichols, Senior Attorney Cleary Gottlieb Steen & Hamilton LLP; Chris Dale, e-Disclosure Consultant E-Disclosure Information Project; Ben Rusch, V.P. Review Solutions – Europe & APA Consilio; Jonathan Wilan, Partner Baker & McKenzie.

3:30 PM – 4:30 PM:

Real-World On-Prem to Cloud Migrations: A panel of peers from firms with experience migrating on-premises systems to the cloud will discuss how their cloud strategies were formed; what moved when and resource allocation; what to look for in a cloud provider; affected business processes; level of effort (time, cost, etc); cloud growth projections; addressing client data audits; and security concerns and challenges. This is a follow-up to Monday’s session on “The Cloud vs. No Cloud Debate.”

Takeaways:

  • Determine things to consider when planning a move to the cloud
  • Gain lessons learned from peers and how to avoid the same pitfalls

Speakers include: Jeffrey Brandt, Chief Information Officer Jackson Kelly PLLC; Christopher P. McDaniel, Chief Information Officer Smith, Gambrell & Russell, LLP; David Tremont, Director, Network Services Bracewell LLP; Moosa Matariyeh, Principal Solutions Architect CDW.

3:30 PM – 5:30 PM:

Litigation Support Roundtable: What major challenges will we face next in litigation support? Gather around this lively, moderated roundtable discussion that will focus on hot topics in industry-wide litigation support and issues to consider for the future. Topics will be selected by session attendees and could include staffing, product selection, technological advances, recent case decisions and outsourcing.

Takeaways include:

  • Experience a lively and timely discussion

Speakers include: Stephen Dooley, Assistant Director of Electronic Discovery and Litigation Support Sullivan & Cromwell LLP; Jack Thompson, Sr. Manager – Litigation Support/Legal Operations Sanofi.

So, what do you think?  Are you planning to attend ILTACON this year?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.