Information Governance

According to Consilio, Strong Majority of Companies are Increasing Investment in Detecting “Bad Behaviors”: eDiscovery Trends

As I’ll be discussing in my presentation next week at the University of Florida E-Discovery Conference, there are a lot of reasons why organizations should be focusing a lot more of their eDiscovery efforts on compliance and investigations.  Last week, Consilio released the results of a survey that indicates that they appear to be doing just that.

In their release which details the results of a survey of 138 legal professionals conducted at this year’s Legalweek conference in New York, the majority of legal professionals (77 percent) believe their companies have either “somewhat” or “to a great extent” increased investment in resources to detect “bad behaviors” that go against the company’s mission (i.e. discrimination, sexual harassment, fraud, IP theft, etc.).

The survey also found that many organizations use more than one approach to facilitate investigations, though most were handled internally through the compliance department (66 percent) and/or investigations department (45 percent). In addition, 28 percent of respondents said their companies facilitate investigations externally through a law firm, followed by investigations facilitated via consultants at 16 percent.

“Compliance departments that are running most internal investigations often are better equipped to detect financial vs. non-financial corporate misconduct such as fraud or embezzlement,” said Roger Miller, Managing Director at Consilio. “In our experience, technology used by compliance departments largely relies on simple keyword and/or number-based searches. However, detection of non-financial wrongdoing at companies through digital communications like email, IM, and text is opaque and often requires more sophisticated technology, such as contextual analytics to identify.”

Miller went on to comment, “In a hypothetical keyword search to detect the occurrence of bribery in a company, contextual analytics provide the ability to search for the definition of the word “bribe” or use its legal definition in the FCPA and/or UK Bribery Act. This technology allows investigators to identify incriminating document(s) even if a bad actor is trying to obfuscate their misconduct.”

Respondents cited fraud (72 percent) among the most common types of investigations at their company, to their knowledge. This was followed by non-financial “bad behaviors” including: discrimination (60 percent), IP theft (52 percent), and sexual harassment (51 percent). The least common investigations cited were tied to antitrust/pricing fixing (42 percent) and the FCPA/UK Bribery Act (29 percent).

Interestingly, 62 percent of legal professionals said that they are very confident their company is proactively identifying “bad behaviors” that go against the company’s mission. Further, when asked whether their company has existing policies and/or technology, such as financial or behavioral audits and communication monitoring, to identify high risk behavior in employees, an overwhelming majority (74 percent) said these measures are in place.

Those numbers surprise me, given the challenge of big data, the increasing variety of data sources to track and the reported lack of companies that have a formal information governance policy.  Do these companies really have things as under control as they indicated?  I wonder.

So, what do you think?  Are you surprised by any of these stats?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Today is the Day to “Master” Your Knowledge of eDiscovery in Washington DC for 2018: eDiscovery Trends

It’s here!  Today is the start of the The Master’s Conference DC event!  It’s almost two days of educational sessions covering a wide range of topics!  If you’re in the DC area, it’s not too late to attend!

The Master’s Conference brings together leading experts and professionals from law firms, corporations and the bench to develop strategies, practices and resources for managing eDiscovery and the information life cycle.  This year’s Washington DC event includes nearly two days of educational sessions covers topics ranging from privacy to cybersecurity to social media to cloud computing.  GDPR, blockchain and big data are also significant topics for the event.

The event is being held today and tomorrow at Sidley Austin LLP, 1501 K Street, N.W. #600, Washington, DC 20005.  It’s about three blocks away from the White House.  Registration begins at 8am each day, with sessions starting right after that, at 8:30am.

CloudNine will be sponsoring the session Data, Discovery, and Decisions: Extending Discovery From Collection To Creation at 11:15pm tomorrow.  I will be moderating a panel of eDiscovery experts that includes Mike Quartararo, Founder and Managing director of eDPM Advisory Services and author of the 2016 book Project Management in Electronic Discovery; Robert D. Keeling, Partner with Sidley Austin and an experienced litigator whose practice includes a special focus on electronic discovery matters; and Mimi Singh, General Counsel and Director of Consulting at Sandline Discovery, who has over thirteen years of eDiscovery legal counseling experience.  We will be discussing the challenges that big data place on information governance and legal discovery professionals and potential approaches for addressing those challenges.  Hope you can join us!

Click here to register for the conference.  The cost to attend can be as low as $250 for nearly two days of terrific educational content.  So, if you plan to attend and haven’t registered yet (why not?), now is the time to do it.

This year, The Master’s Conference still has one more event scheduled for Orlando.  Click here for more information on remaining scheduled events for the year.

So, what do you think?  Are you going to be in Washington DC today and tomorrow?  If so, come join us!  And, as always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

“Master” Your Knowledge of eDiscovery With This Conference in Washington DC Again This Year: eDiscovery Trends

It’s October!  The leaves are turning, the baseball playoffs are currently going on (with the Astros one step closer to making my prediction come true again).  And, it’s time for another The Master’s Conference DC event!  It’s almost two days of educational sessions covering a wide range of topics!

The Master’s Conference brings together leading experts and professionals from law firms, corporations and the bench to develop strategies, practices and resources for managing eDiscovery and the information life cycle.  This year’s Washington DC event includes nearly two days of educational sessions covers topics ranging from privacy to cybersecurity to social media to cloud computing.  GDPR, blockchain and big data are also significant topics for the event.

The event will be held on Tuesday, October 23 and Wednesday, October 24 at Sidley Austin LLP, 1501 K Street, N.W. #600, Washington, DC 20005.  It’s about three blocks away from the White House (anything happening over there these days?).  Registration begins at 8am each day, with sessions starting right after that, at 8:30am.

CloudNine will be sponsoring the session Data, Discovery, and Decisions: Extending Discovery From Collection To Creation at 11:15pm on Wednesday, October 24th.  I will be moderating a panel of eDiscovery experts to discuss the challenges that big data place on information governance and legal discovery professionals and potential approaches for addressing those challenges.  Hope you can join us!

Click here to register for the conference.  The cost to attend can be as low as $250 for nearly two days of terrific educational content.  So, if you plan to attend and haven’t registered yet (why not?), now is the time to do it.

This year, The Master’s Conference still has one more event scheduled for Orlando.  Click here for more information on remaining scheduled events for the year.

So, what do you think?  Are you going to be in Washington DC on October 23 and 24?  If so, come join us!  And, as always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

The Sedona Conference Has Updated its Commentary on Information Governance: eDiscovery Best Practices

It’s been a busy year for The Sedona Conference® (TSC).  Already this year, TSC has published the Public Comment Version of its Principles and Commentary on Defensible Disposition, the Public Comment Version of their Primer on Social Media, Second Edition (which we discussed in our panel at Relativity Fest earlier this week), the Public Comment version of its Commentary on BYOD: Principles and Guidance for Developing Policies and Meeting Discovery Obligations and the final version of its new Data Privacy Primer.  Now, TSC is releasing an update to its 2014 commentary on Information Governance.

On Wednesday, TSC and its Working Group 1 on Electronic Document Retention & Production (WG1) announced the publication of the Public Comment Version of The Sedona Conference Commentary on Information Governance, Second Edition.  In 2014, The Sedona Conference published its first edition of the Commentary on Information Governance which recommended a top-down, overarching framework guided by the requirements and goals of all stakeholders that enables an organization to make decisions about information for the good of the overall organization and consistent with senior management’s strategic directions.

This Second Edition of the Commentary accounts for the changes and advances in technology and law over the past four years; underscores the role of IG as part of and complimentary to the business, rather than something separate that adds overhead; and emphasizes the costs of eDiscovery which should drive organizations to focus on IG on the front end, resulting in eDiscovery that is more efficient, less painful, and which allows the organization to reap additional benefits from a business perspective. Additionally, this Second Edition also incorporates the knowledge and guidance embodied in the new and updated Sedona commentaries since 2014 such as The Sedona Principles, Third Edition and the above referenced Principles and Commentary on Defensible Disposition, which was spawned by the work on this commentary.

The structure is largely similar to the 2014 Commentary, with updated information in key places.  The eleven principles are virtually identical to the ones from 2014 (only principles 3 and 7 have slight word changes), so the foundation remains the same.  The eleven principles are:

  1. Organizations should consider implementing an Information Governance program to make coordinated, proactive decisions about information for the benefit of the overall organization that address information-related requirements and manage risks while optimizing value.
  2. An Information Governance program should maintain sufficient independence from any particular department or division to ensure that decisions are made for the benefit of the overall organization.
  3. All stakeholders’ views/needs should be represented in an organization’s Information Governance program.
  4. The strategic objectives of an organization’s Information Governance program should be based upon a comprehensive assessment of information-related practices, requirements, risks, and opportunities.
  5. An Information Governance program should be established with the structure, direction, resources, and accountability to provide reasonable assurance that the program’s objectives will be achieved.
  6. The effective, timely, and consistent disposal of physical and electronic information that no longer needs to be retained should be a core component of any Information Governance program.
  7. When Information Governance decisions require an organization to reconcile conflicting laws or obligations, the organization should act in good faith and give due respect to considerations such as data privacy, data protection, data security, records and information management (RIM), risk management, and sound business practices.
  8. If an organization has acted in good faith in its attempt to reconcile conflicting laws and obligations, a court or other authority reviewing the organization’s actions should do so under a standard of reasonableness according to the circumstances at the time such actions were taken.
  9. An organization should consider reasonable measures to maintain the integrity and availability of long-term information assets throughout their intended useful life.
  10. An organization should consider leveraging the power of new technologies in its Information Governance program.
  11. An organization should periodically review and update its Information Governance program to ensure that it continues to meet the organization’s needs as they evolve.

This Commentary is contained within a 53 page PDF file, so it’s certainly a reasonable read (less than one court case we recently covered).

The Sedona Conference Commentary on Information Governance, Second Edition is open for public comment through December 5, 2018. As always, questions and comments regarding the Commentary may be sent to comments@sedonaconference.org and the drafting team will carefully consider all comments received and determine what edits are appropriate for the final version.  You know the drill.

Also, I’m sad to pass along the news that Nigel Murray passed away a couple of nights after his two-year battle with brain cancer.  I did not know Nigel well, but, in the couple of times I encountered him (including this thought leader interview a few years ago), I found him delightful and very engaging. Craig Ball has written a wonderful tribute to Nigel on his Ball in Your Court blog here.  My condolences to his family and to all in the profession who had the good fortune to work with him or get to know him personally or professionally.

So, what do you think?  Does your organization have a formal Information Governance program?  As Tom O’Connor and I discussed in a recent webcast, many organizations don’t.  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Today is the Day to Learn How to Prepare for Litigation Before it Happens: eDiscovery Webcasts

Information Governance (IG) has always been part of the eDiscovery landscape and it has always been important for reducing the population of potentially responsive electronically stored information (ESI) that might be subject to litigation by helping organizations adopt best practices for keeping their information “house in order”. But how can you leverage IG best practices to prepare for litigation before it happens?  Find out in our webcast today!

Today at noon CST (1:00pm EST, 10:00am PST), CloudNine will conduct the webcast Preparing for Litigation Before it Happens. In this one-hour webcast that’s CLE-approved in selected states, we will explore the implementation of Information Governance best practices to help organizations better prepare for litigation before it happens. Topics include:

  • Minority Report: Pre-Case for Litigation Avoidance
  • What Information Governance is and What it Isn’t
  • General Principles for Information Governance
  • Who Uses Information Governance?
  • IG Considerations and Issues
  • Basic Information Governance Solutions
  • Information Governance vs. Analytics
  • How Privacy/Security Has Impacted the Importance of an IG Program
  • Recommendations for Implementing an IG Program

As always, I’ll be presenting the webcast, along with Tom O’Connor – who wrote a seven(!) part blog post series on the topic.  To register for it, click here.  Even if you can’t make it, go ahead and register to get a link to the slides and to the recording of the webcast (if you want to check it out later).  If you want to know how to leverage IG best practices to prepare for litigation before it happens, this is the webcast for you!

So, what do you think?  Is your organization as prepared as it could be for impending litigation?  If not, please join us!  And, as always, please share any comments you might have or if you’d like to know more about a particular topic.

Also, if you’re going to be in Houston tomorrow, September 27, just a reminder that I will be speaking at the second annual Legal Technology Showcase & Conference, hosted by the Women in eDiscovery (WiE), Houston Chapter, South Texas College of Law and the Association of Certified E-Discovery Specialists (ACEDS).  I’ll be part of the panel discussion AI and TAR for Legal: Use Cases for Discovery and Beyond at 3:00pm and CloudNine is also a Premier Platinum Sponsor for the event (as well as an Exhibitor, so you can come learn about us too).  Click here to register!

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Here’s a Webcast to Help You Prepare for Litigation Before it Happens: eDiscovery Webcasts

Information Governance (IG) has always been part of the eDiscovery landscape and it has always been important for reducing the population of potentially responsive electronically stored information (ESI) that might be subject to litigation by helping organizations adopt best practices for keeping their information “house in order”. But now with an increased concentration on the two-fold concerns of privacy and security, IG has become more important than ever.  Here’s a webcast that can enable you to leverage IG best practices to prepare for litigation before it happens.

Wednesday, September 26th at noon CST (1:00pm EST, 10:00am PST), CloudNine will conduct the webcast Preparing for Litigation Before it Happens. In this one-hour webcast that’s CLE-approved in selected states, we will explore the implementation of Information Governance best practices to help organizations better prepare for litigation before it happens. Topics include:

  • Minority Report: Pre-Case for Litigation Avoidance
  • What Information Governance is and What it Isn’t
  • General Principles for Information Governance
  • Who Uses Information Governance?
  • IG Considerations and Issues
  • Basic Information Governance Solutions
  • Information Governance vs. Analytics
  • How Privacy/Security Has Impacted the Importance of an IG Program
  • Recommendations for Implementing an IG Program

As always, I’ll be presenting the webcast, along with Tom O’Connor.  To register for it, click here.  Even if you can’t make it, go ahead and register to get a link to the slides and to the recording of the webcast (if you want to check it out later).  If you want to know how to leverage IG best practices to prepare for litigation before it happens, this is the webcast for you!

Also, if you’re going to be in Houston on Thursday, September 27, just a reminder that I will be speaking at the second annual Legal Technology Showcase & Conference, hosted by the Women in eDiscovery (WiE), Houston Chapter, South Texas College of Law and the Association of Certified E-Discovery Specialists (ACEDS).  I’ll be part of the panel discussion AI and TAR for Legal: Use Cases for Discovery and Beyond at 3:00pm and CloudNine is also a Premier Platinum Sponsor for the event (as well as an Exhibitor, so you can come learn about us too).  Click here to register!

So, what do you think?  Is your organization as prepared as it could be for impending litigation?  If not, please join us!  And, as always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Preparing for Litigation Before it Happens: eDiscovery Best Practices, Part Seven

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.  He has also been a great addition to our webinar program, participating with me on several recent webinars.  Tom has also written several terrific informational overview series for CloudNine, including eDiscovery and the GDPR: Ready or Not, Here it Comes (which we covered as a webcast), Understanding eDiscovery in Criminal Cases (which we also covered as a webcast), ALSP – Not Just Your Daddy’s LPO, Why Is TAR Like a Bag of M&M’s?, eDiscovery for the Rest of Us (which we also covered as a webcast) and Litigate or Settle? Info You Need to Make Case Decisions (which is our next scheduled webcast on August 29th).  Now, Tom has written another terrific overview regarding pre-litigation considerations titled Preparing for Litigation Before it Happens that we’re happy to share on the eDiscovery Daily blog.  Enjoy! – Doug

Tom’s overview is split into seven(!) parts, so we’ll cover each part separately.  Parts one, two and three were published last week, part four was published Monday, part five was published Tuesday and part six was published yesterday.  Here’s the seventh and final part.

BTW, in addition to exhibiting at ILTACON in National Harbor, MD next week in booth 936, CloudNine will also host a happy hour on Tuesday, August 21 from 4:30 to 6:30pm ET at the National Harbor’s Public House (click here to register).  Come and get to know CloudNine, your provider for LAW PreDiscovery®, Concordance® and the CloudNine™ SaaS platform!  We want to see you!

Concluding Remarks

An IG strategy will depend entirely upon the business practice of your client and their various needs, including but not limited to proactive handling of eDiscovery matters for litigation.

ARMA suggests five main guidelines for building out the IG strategy that provide terrific guidance for any organization looking to implement or improve its IG program.  They are:

1) Think big but start small: A good data governance process has three components: people, process and technology. Start by identifying and hiring the right people, then define a process, and finish by sourcing the technology to get the job done.

2) Build a business case: I had a client tell me once, “anyone can tell me what my problem is, Tom. You suggest solutions.”  What are your goals? What are you trying to improve and how will the IG policy do it? Show an ROI to drive the change.

3) Metrics: You must be able to measure progress and display success to make your plan succeed. And since the plan will most likely take time to implement, use metrics to set milestones and measure progress.

4) Communicate: Regular and consistent communication is essential to show progress and correct problems that may arise during implementation.  Include not just team members but all people in the organization with an emphasis on key players.

5) Get buy in: The project must become part of the business not something with a beginning and end date.  You are making changes, not a product. Get buy in from everyone.

With an increased concentration on the two-fold concerns of privacy and security, IG has become more important than ever.  These five guidelines can help your organization more efficiently and cost-effectively manage its data, enabling it to accomplish its organizational IG goals.

So, what do you think?  Does your organization have a plan for preparing for litigation before it happens?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Preparing for Litigation Before it Happens: eDiscovery Best Practices, Part Six

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.  He has also been a great addition to our webinar program, participating with me on several recent webinars.  Tom has also written several terrific informational overview series for CloudNine, including eDiscovery and the GDPR: Ready or Not, Here it Comes (which we covered as a webcast), Understanding eDiscovery in Criminal Cases (which we also covered as a webcast), ALSP – Not Just Your Daddy’s LPO, Why Is TAR Like a Bag of M&M’s?, eDiscovery for the Rest of Us (which we also covered as a webcast) and Litigate or Settle? Info You Need to Make Case Decisions (which is our next scheduled webcast on August 29th).  Now, Tom has written another terrific overview regarding pre-litigation considerations titled Preparing for Litigation Before it Happens that we’re happy to share on the eDiscovery Daily blog.  Enjoy! – Doug

Tom’s overview is split into seven(!) parts, so we’ll cover each part separately.  Parts one, two and three were published last week, part four was published Monday and part five was published Tuesday.  Here’s the sixth part.

BTW, in addition to exhibiting at ILTACON in National Harbor, MD next week in booth 936, CloudNine will also host a happy hour on Tuesday, August 21 from 4:30 to 6:30pm ET at the National Harbor’s Public House (click here to register).  Come and get to know CloudNine, your provider for LAW PreDiscovery®, Concordance® and the CloudNine™ SaaS platform!  We want to see you!

One Reason Why IG is Not More Popular

I have developed one theory for why formal IG policies and software have not been used more widely. It is that the increased improvements in and use of technology to analyze data and find patterns in Big Data has preempted more widespread use of IG applications.

This is not a new phenomenon.  Knowledge Management pioneers were doing this type of development years. People like Ron Friedmann, Partner at Fireman & Co. and Peter Krakaur, Vice President of Legal Business Solutions at United Lex, were building home-grown systems at their firms (Ron at Wilmer Cutler Perkins in the early 90’s and Peter at Brobeck Phleger & Harrison came in the early 2000’s) to share, use and manage internal information.  These KM systems were the first multidisciplinary approach to achieving organizational objectives by making the best use of enterprise wide knowledge

Search engines were not unique but later came blazingly fast search engines like X1.  Using indexing across more than 500 filetypes, X1 allowed unified searching through their local data indices across multiple data types with a user-friendly interface.

Then came Google with it’s equally fast web-based searching. Google wanted to index all the information they were collecting and then present meaningful results to users. There was nothing on the market that would do that, so they built their own platform which eventually came to be the open source project Nuch. Hadoop was spun-off from that and Yahoo then helped develop Hadoop for enterprise applications.

Both Google and then Hadoop were designed to search large amounts of data that didn’t fit into tables and could benefit from analytical searching. Further, Hadoop was designed to run on a large number of machines that don’t share either memory or disks, so users could buy their own servers, link them together and run Hadoop on each one. The result is you can have organizational data on multiple separate servers and Hadoop is good at dealing with data spread across multiple servers.

So, as the data environment became one where early systems in limited domains were struggling to find distributed data, the need arose for this new generation of knowledge management solutions using semantic and linguistic capabilities that could provide system wide information access in a non-structured way.

Ralph Losey made the point best when he observed that AI-Enhanced Big Data Search Will Greatly Simplify Information Governance” (in this blog post here).  Why? Because as he put it,

In order to meet the basic goal of finding information, Information Governance focuses its efforts on the proper classification of information. Again, the idea was to make it simpler to find information by preserving some of it, the information you might need to access, and destroying the rest. That is where records classification comes in.

This creates a basic problem for Information Governance because the whole system is based on a notion that the best way to find valuable information is to destroy worthless information. Much of Information Governance is devoted to trying to determine what information is a valuable needle, and what is worthless chaff. This is because everyone knows that the more information you have, the harder it is for you to find the information you need. The idea is that too much information will cut you off. These maxims were true in the pre-AI-Enhanced Search days, but are, IMO, no longer true today, or, at least, will not be true in the next five to ten years, maybe sooner.

The interesting point is that Ralph said this in 2014.  That’s right. Four years ago.  So maybe the issue with lack of IG deployment is that were undergoing the same realization that Ralph articulated and were drifting away from IG programs into more analytics-based programs that they could build themselves.

As I pointed out above, business data can be regulated by hundreds if not thousands of federal, state and local laws which require different types of information to be preserved for different lengths of time. Information governance thus became a very complicated legal analysis problem and building an IG policy around this “records life-cycle” paradigm to reflect those requirements might have made sense in a paper world.

But Big Data in the ESI world is cheap to store and easy to search, especially with the new analytic algorithms and the new paradigm is what Ralph calls “Save and Search v. Classify and Delete.”  Ralph also likes to call all this new analytic power “AI.” I myself think that’s an underdefined and over used label but is the name really important? If I can use a newer analytical search product such as Brainspace or Heureka to effectively comb through massive amounts of corporate data and then see trends and links among users and data types I’m not sure that it matters what we call it.

To sum up, Ralph sees three big advances in the field of search analytics that are dictating the new alternatives to IG: Big Data, cheap parallel computing and better algorithms. All three of those combine to make IG systems less important as clients learn to adopt aggressive search strategies with new technology that allow them to find data for both corporate strategy and litigation avoidance.

We’ll publish Part 7 – Concluding Remarks – tomorrow.

So, what do you think?  Does your organization have a plan for preparing for litigation before it happens?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Preparing for Litigation Before it Happens: eDiscovery Best Practices, Part Five

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.  He has also been a great addition to our webinar program, participating with me on several recent webinars.  Tom has also written several terrific informational overview series for CloudNine, including eDiscovery and the GDPR: Ready or Not, Here it Comes (which we covered as a webcast), Understanding eDiscovery in Criminal Cases (which we also covered as a webcast), ALSP – Not Just Your Daddy’s LPO, Why Is TAR Like a Bag of M&M’s?, eDiscovery for the Rest of Us (which we also covered as a webcast) and Litigate or Settle? Info You Need to Make Case Decisions (which is our next scheduled webcast on August 29th).  Now, Tom has written another terrific overview regarding pre-litigation considerations titled Preparing for Litigation Before it Happens that we’re happy to share on the eDiscovery Daily blog.  Enjoy! – Doug

Tom’s overview is split into seven(!) parts, so we’ll cover each part separately.  Parts one, two and three were published last week and part four was published yesterday.  Here’s the fifth part.

BTW, in addition to exhibiting at ILTACON in National Harbor, MD next week in booth 936, CloudNine will also host a happy hour on Tuesday, August 21 from 4:30 to 6:30pm ET at the National Harbor’s Public House (click here to register).  Come and get to know CloudNine, your provider for LAW PreDiscovery®, Concordance® and the CloudNine™ SaaS platform!  We want to see you!

Basic Information Governance Solutions

One option, as mentioned above, is to design your own IG structure. An interesting option in that regard is that if you already use the Office 365 operating system, Microsoft has a Compliance Manager add on for Azure, Dynamics 365, and Office 365 Business and Enterprise subscribers operating in a public clouds infrastructure.

Compliance Manager allows an organization to build a custom process to manage all compliance activities from one place with three key capabilities:

  • Perform on-going risk assessments, now with Compliance Score

Compliance Manager is a cross-Microsoft Cloud services solution designed to help organizations meet complex compliance obligations, including the EU GDPR, ISO 27001, ISO 27018, NIST 800- 53, NIST 800- 171, and HIPAA[2].

  • Provides actionable insights from a certification/regulation view

Compliance Manager builds a connection between data protection capabilities and regulatory requirements, enabling users to know which technology solutions they can leverage to meet certain compliance obligations. One centralized view shows customer actions for each certification or regulatory control, and the specific actions recommended for each control. This includes step-by-step guidance through implementing internal controls and developing business processes for the organization.

  • Simplifies management of compliance activities with the capability to create multiple assessments for each standard and regulation

Compliance Manager enables assigning, tracking, and recording compliance activities to collaborate across teams and easily manage documents for creating audit reports.  This group functionality allows multiple assessments for any standard or regulation that is available in Compliance Manager by time, by teams, or by business units.

For example, you can create a GDPR assessment for the 2018 group and another one for the 2019 group. Similarly, you can create an ISO 27001 assessment for your business units located in the U.S. and another one for your business units located in Europe.

You can learn more about Compliance Manager in the white paper, Simplify your Compliance Journey with Service Trust Portal and Compliance Manager (downloadable here) or on the Compliance Manager support page.

A second method for creating an IG structure is to use the EDRM Information Governance Reference Model (IGRM).  As mentioned at the onset of this paper, IG was largely ignored when the EDRM started. That is not the case now as the updated EDRM wall poster diagram below illustrates.  

IGRM is one of 8 projects within the EDRM.net organization, and as such is specifically designed to help eDiscovery projects. While the well-known diagram of the EDRM illustrates a model for electronic discovery, the IGRM diagram (shown at the top of this blog post) illustrates a more detailed model for information management.

IGRM provides a framework for cross functional and executive dialogue and serves as a catalyst for defining a unified governance approach to information.  It is available to corporations, analyst firms, industry associations and other parties as a tool for communicating with and to organization stakeholders on responsibilities, processes and practices for information governance.

The IGRM diagram is a responsibility model rather than a document or case life cycle model and as such, can be used in a variety of industries and companies.  It helps to identify the stakeholders, define their respective “stake” in information, and highlights the intersection and dependence across these stakeholders.

The diagram was developed from multiple key inputs, including:

  • Interested parties with expertise in RIM, Discovery, and Information Management
  • Community effort
  • Series of bi-weekly sessions over more than 12 months
  • Socialized with more than 350 Compliance, Governance and Oversight Council (CGOC) corporate member practitioners in several CGOC meetings, and broadly distributed to over 750 CGOC member practitioners

The CGOC also issued a survey of corporate practitioners which showed:

  • 100% of respondents stating that defensible disposal was the purpose of information governance practice
  • Two-thirds of IT and one-half of RIM respondents said their current responsibility model for information governance didn’t work
  • 80% of respondents across legal, IT, and RIM said they had little or very weak linkage between legal obligations for information and records management and data management

You can link to the survey’s preliminary results here: http://www.cgoc.com/webinars/introduction-to-imrm

As you can see at the top of this blog post, the IGRM model has an outer ring of stakeholder groups including business users who need information to operate the organization, IT departments who must implement the mechanics of information management, and legal, risk, and regulatory departments who understand the organization’s duty to preserve information beyond its immediate business value.  In the center of the diagram is a workflow, or lifecycle diagram.  The information basics are distilled out, with the notable inclusion of “dispose” as the end state of information. Note the “information gates” in the middle, where information accumulates.

You can read more about how to use the IGRM model here.

Once comfortable with the components of the IGRM diagram, there are tools that provide the “next level” detail from the IGRM. One example is the CGOC’s process maturity model which outlines 13 key processes in eDiscovery and information management. Each process is described in terms of a maturity level from one to four – completely manual and ad hoc to greater degrees of process integration across functions and automation.

We’ll publish Part 6 – One Reason Why Information Governance is Not More Popular – on Thursday.

So, what do you think?  Does your organization have a plan for preparing for litigation before it happens?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Preparing for Litigation Before it Happens: eDiscovery Best Practices, Part Four

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.  He has also been a great addition to our webinar program, participating with me on several recent webinars.  Tom has also written several terrific informational overview series for CloudNine, including eDiscovery and the GDPR: Ready or Not, Here it Comes (which we covered as a webcast), Understanding eDiscovery in Criminal Cases (which we also covered as a webcast), ALSP – Not Just Your Daddy’s LPO, Why Is TAR Like a Bag of M&M’s?, eDiscovery for the Rest of Us (which we also covered as a webcast) and Litigate or Settle? Info You Need to Make Case Decisions (which is our next scheduled webcast on August 29th).  Now, Tom has written another terrific overview regarding pre-litigation considerations titled Preparing for Litigation Before it Happens that we’re happy to share on the eDiscovery Daily blog.  Enjoy! – Doug

Tom’s overview is split into seven(!) parts, so we’ll cover each part separately.  Part one was published last Monday, part two was published last Wednesday and part three was published last Friday.  Here’s the fourth part.

BTW, in addition to exhibiting at ILTACON in National Harbor, MD next week in booth 936, CloudNine will also host a happy hour on Tuesday, August 21 from 4:30 to 6:30pm ET at the National Harbor’s Public House (click here to register).  Come and get to know CloudNine, your provider for LAW PreDiscovery®, Concordance® and the CloudNine™ SaaS platform!  We want to see you!

Who Uses Information Governance?

The first problem with IG policies is that not everyone has one. A 2014 Rand study found that 44% of companies didn’t have any formal data governance policy and 22% of firms without a data policy had no plans to implement one.

This situation has not changed substantially since then.  In November 2017, data governance company erwin partnered with survey company UBM to ask business technology professionals at large organizations about their attitudes on data governance.

Their report was based on a survey of North American companies with more than 1,000 employees across more than 16 industries and included CIOs, CTOs, data center managers and directors, IT staff, and consultants. While the respondents agreed that IG is an important issue, nearly four in 10 of them said they do not have a separate budget for data governance and 46% do not have a formal strategy for it. So, while organizations continue to show awareness of the importance of data governance within their company, nearly half are not acting on that awareness.

The result of this inactivity? Inefficiency. According to the Thomson Reuters report, Cost of Compliance 2017, 32 percent of companies spend more than 4 hours per week creating and amending audit reports. Just audit reports. Imagine the time spent on other issues such as privacy or potential litigation.

SPECIFIC EXAMPLES

Statutes of Limitation

“Statute of limitations” or “limitation of action” are, of course, laws prescribing the time periods during which legal actions or lawsuits may be initiated. And once the statute of limitations time has passed, no future legal action may be brought related to the incident in question.

Once a legal action has commenced, either party may uncover relevant information which may be in the possession of the other party under the applicable rules of discovery. But if the statute of limitations has tolled, a business may delete relevant records and thus the SOL acts as a simple de facto IG policy.

Some types of matters may have special statutes of limitations. EG, most states specify that the statute of limitations related to personal injury begins at the time the actual injury occurs. Since this could be years after the product was brought to market, the manufacturer and/or distributor may be responsible for an extended period of time for product defects of various types.

Architects, engineers, and contractors may have similar concerns related to construction projects, although only in those locations where the construction occurred.  The requirements for those specific states need to be reviewed in detail before making an IG decision with regards to construction related records.

Records Retention

Typically, when asked about IG, attorneys will say it is a records retention policy. And traditionally, lawyers have advised their clients to “retain records forever in case they are sued”. As a result, the development of effective records retention programs has sometimes been thwarted based upon the mistaken belief that records must be kept for long periods in case they may be needed in litigation.

Records can often effectively be destroyed under an approved records retention program prior to the culmination of the statute of limitations period. When records have been destroyed prior to the start of litigation, they will not be available to the adverse party and so court rules prohibit record destruction while litigation or government investigation related to those records are imminent or pending.

The disadvantages then, of not having records that may be needed in litigation must also be balanced against the cost and inefficiencies associated with maintaining valueless records. Some questions related to these determinations include the following:

  • What are the chances of litigation?
  • In case of litigation, which party would have the burden of proof?
  • When does the statute of limitations take effect?

Regulations

Some statutes, such as those mentioned above, may result in extended liability for an organization since a legal action may be brought at any time. Think, for example, of a construction defect case, where the action may not arise until the defect becomes apparent and/or someone is injured. In addition, industry specific regulations in areas such as gaming or insurance can vary from state to state. An interesting example is an opinion by a member of the ARMA Board of Directors that new California Privacy Act is, in fact, a de facto American GDPR.  See https://www.arma.org/news/409199/

Healthcare Records

When it comes to IG standards for a specific profession, health care leads the way, under the guidance of the American Health Information Management Association (AHIMA).   AHIMA defines information governance as an “organization-wide framework for managing information throughout its lifecycle and for supporting the organization’s strategy, operations, regulatory, legal, risk, and environmental requirements.”

Their Information Governance Principles for Healthcare (IGPHC) provide a framework for healthcare organizations to enhance their ability to leverage information in order to achieve the organization’s goals and conduct their operations effectively while ensuring compliance with legal requirements and other duties and responsibilities.

IGPHC is a set of eight principles that are intended to inform an organization’s information governance strategy.  The eight principles, which incorporate the seven principles of ARMA mentioned above, are:

  • Accountability
  • Transparency
  • Integrity
  • Protection
  • Compliance
  • Availability
  • Retention
  • Disposition

They are described in great detail in the publication Evaluating the Information Governance Principles for Healthcare by Galina Datskovsky, PhD; Sofia Empel, PhD  and Ron Hedges, JD. (Ron of course is well known to people in the ESI arena as the former MJ from New Jersey and accomplished speaker and writer in the eDiscovery field.)

We’ll publish Part 5 – Basic Information Governance Solutions – tomorrow.

So, what do you think?  Does your organization have a plan for preparing for litigation before it happens?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.