Close
Enter your
text here

Information Governance

eDiscovery Trends: Social Media Policies to Manage Risk

As noted previously, ALM hosted another Virtual LegalTech online “live” day online last week.  We’ve talked about the session regarding Predictive Coding here and here.

Another session from last week’s “live” day was Facing the Legal Dangers of Social Media.  The speakers for this session were:

  • Harry A. Valetk: Internet Safety and Consumer Privacy Attorney, MetLife Privacy Office;
  • Daniel S. Goldman: Chair of Mayo Clinic’s business law practice group which oversees the corporate law, contracting and intellectual property functions of the Mayo Clinic legal department.; and
  • Michael E. Lackey, Jr.: Partner and co-chair of the Electronic Discovery and Records Management Practice for Mayer Brown LLP.

Establishing boundaries between your professional life and personal life continues to be more challenging as more personal information is available online.  The session cited a handful of cases where terminations resulted from postings on individuals’ personal social media accounts, one of which was challenged by the National Labor Relations Board (NLRB).  At least one state has rules in place – Section 201-d(2)(c) of New York’s Labor Law protects “legal recreational activities” engaged off-site during nonworking hours.

An interesting stat from the session was that “27% of employed Internet users now work for employer[s] with policies about how they may present themselves online”.  As noted previously in this blog, having a social governance policy in place is a good idea to govern use of outside email, chat and social media that covers what employees should and should not do.  From the session, here are some factors that a good social governance policy should address:

  • Educate: The social governance policy should be accessible and all employees should receive training with examples that illustrate what may not be obvious to everybody,
  • Plan for Crises: The speed and reach of social media means that a crisis will happen fast.  Identify a crisis team and develop a plan to react quickly.  When disgruntled employees of Domino’s pizza posted a video, showing them tainting food, Domino’s management reacted quickly.
  • Plagiarize:  Yes, plagiarize.  As in, there are many good ideas already implemented out there for social governance, don’t reinvent the wheel.
  • Use of Social Media During Work: Some companies will try to ban the use of social media during work by banning access to sites via work computers, but employees can simply access those sites on mobile devices, so it’s better to establish an expectation of level of acceptable use.
  • Preserve Customer Privacy: Any policy must stress the importance of this.
  • Identify Company Spokespersons: Establish who can speak on behalf of the company and make clear to others to stress that any views they espouse online are personal views.
  • Address the Blurring of Boundaries: Employees should not exhibit inappropriate behavior on social media when identified as employees, and there should be no association with the employer for any behavior incompatible with the brand/profession.
  • Business Confidentiality: Don’t discuss trade secrets or other confidential information online.  Even posting that you’re attending a meeting with a company that you’re negotiating with can violate NDA agreements.
  • Prohibit Employees from Speaking Anonymously: It’s considered unethical at best and may be an FTC violation at worst as John Mackey, Whole Foods CEO, found out back in 2007.
  • Don’t Harass: If it’s unacceptable behavior in the workplace, it’s unacceptable online.  Not to mention gutless.  And, employers can be liable if they’re aware of harassing behavior online and don’t act to address it.

Tomorrow, we’ll discuss the discoverability and use of social media content in litigation.  As noted with the predictive coding session, you can check out a replay of the session at the Virtual LegalTech site. You’ll need to register – it’s free – then login and go to the CLE Center Auditorium upon entering the site (which is up all year, not just on “live days”).  Scroll down until you see this session and then click on “Attend Now” to view the replay presentation.  You can also go to the Resource Center at the site and download the slides for the presentation.

So, what do you think?  Does your organization have a social media policy in place?  Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Tips: SaaS and eDiscovery – More Top Considerations

Friday, we began talking about the article regarding Software as a Service (SaaS) and eDiscovery entitled Top 7 Legal Things to Know about Cloud, SaaS and eDiscovery on CIO Update.com, written by David Morris and James Shook from EMC.  The article, which relates to storage of ESI within cloud and SaaS providers, can be found here.

The article looks at key eDiscovery issues that must be addressed for organizations using public cloud and SaaS offerings for ESI, and Friday’s post looked at the first three issues.  Here are the remaining four issues from the article (requirements in bold are quoted directly from the article):

4. What if there are technical issues with e-discovery in the cloud?  The article discusses how identifying and collecting large volumes of data can have significant bandwidth, CPU, and storage requirements and that the cloud provider may have to do all of this work for the organization.  It pays to be proactive, determine potential eDiscovery needs for the data up front and, to the extent possible, negotiate eDiscovery requirements into the agreement with the cloud provider.

5. If the cloud/SaaS provider loses or inadvertently deletes our information, aren’t they responsible? As noted above, if the agreement with the cloud provider includes eDiscovery requirements for the cloud provider to meet, then it’s easier to enforce those requirements.  Currently, however, these agreements rarely include these types of requirements.  “Possession, custody or control” over the data points to the cloud provider, but courts usually focus their efforts on the named parties in the case when deciding on spoliation claims.  Sounds like a potential for third party lawsuits.

6. If the cloud/SaaS provider loses or inadvertently deletes our information, what are the potential legal ramifications?  If data was lost because of the cloud provider, the organization will probably want to establish that they’re not at fault. But it may take more than establishing who deleted the data. – the organization may need to demonstrate that it acted diligently in selecting the provider, negotiating terms with established controls and notifying the provider of hold requirements in a timely manner.  Even then, there is no case law guidance as to whether demonstrating such would shift that responsibility and most agreements with cloud providers will limit potential damages for loss of data or data access.

7. How do I protect our corporation from fines and sanction for ESI in the cloud?  The article discusses understanding what ESI is potentially relevant and where it’s located.  This can be accomplished, in part, by creating a data map for the organization that covers data in the cloud as well as data stored within the organization.  Again, covering eDiscovery and other compliance requirements with the provider when negotiating the initial agreement can make a big difference.  As always, be proactive to minimize issues when litigation strikes.

Let’s face it, cloud and SaaS solutions are here to stay and they are becoming increasingly popular for organizations of all sizes to avoid the software and infrastructure costs of internal solutions.  Being proactive and including corporate counsel up front in decisions related to SaaS selections will enable your organization to avoid many potential problems down the line.

So, what do you think?  Does your company have mechanisms in place for discovery of your cloud data?  Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Tips: SaaS and eDiscovery – Top Considerations
 

There was an interesting article this week regarding Software as a Service (SaaS) and eDiscovery entitled Top 7 Legal Things to Know about Cloud, SaaS and eDiscovery on CIO Update.com, written by David Morris and James Shook from EMC.  The article, which relates to storage of ESI within cloud and SaaS providers, can be found here.

The authors note that “[p]roponents of the cloud compare it to the shift in electrical power generation at the turn of the century [1900’s], where companies had to generate their own electric power to run factories.  Leveraging expertise and economies of scale, electric companies soon emerged and began delivering on-demand electricity at an unmatched cost point and service level.”, which is what cloud components argue that the SaaS model is doing for IT services.

However, the decision to move to SaaS solutions for IT services doesn’t just affect IT – there are compliance and legal considerations to consider as well.  Because the parties to a case have a duty to identify, preserve and produce relevant electronically stored information (ESI), information for those parties stored in a cloud infrastructure or SaaS application is subject to those same requirements, even though it isn’t necessarily in their total control.  With that in mind, the article looks at key eDiscovery issues that must be addressed for organizations using public cloud and SaaS offerings for ESI, as follows (requirements in bold are quoted directly from the article):

  1. Where is ESI actually located when it is in the ethereal cloud or SaaS application?  It’s important to know where your data is actually stored.  Because SaaS providers are expected to deliver data on demand at any time, they may store your data in more than one data center for redundancy purposes.  Data centers could be located outside of the US, so different compliance and privacy requirements may come into play if there is a need to produce data from these locations.
  2. What are the legal implications of e-discovery in the cloud? Little case law exists on the subject, but it is expected that the responsibility for timely preservation, collection and production of the data remains with the organization at party in the lawsuit, even though that data may be in direct control of the cloud provider.
  3. What happens if a lawsuit is in the US but one company’s headquarters is in another country? Or what if the data is in a country where the privacy rules are different?  The article references one case – AccessData Corp. v. ALSTE Technologies GMBH , 2010 WL 318477 (D. Utah Jan. 21, 2010) – where the German company ALSTE cited German privacy laws as preventing it from collecting relevant company emails that were located in Germany (the US court compelled production anyway).  So, jurisdictional factors can come into play when cloud data is housed in a foreign jurisdiction.

This is too big a topic to cover in one post, so we’ll cover the other four eDiscovery issues to address in Monday’s post.  Let the anticipation build!

So, what do you think?  Does your company have ESI hosted in the cloud?  Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Trends: Facemail Unlikely to Replace Traditional Email

In a November post on eDiscoveryDaily, we reported that Facebook announced on November 15 that it’s rolling out a new messaging system, including chat, text messaging, status updates and email (informally dubbed “Facemail”) that would bring messaging systems together in one place, so you don’t have to remember how each of your friends prefers to be contacted.  Many have wondered whether Facemail would be a serious threat to Google’s Gmail, Yahoo Mail and Microsoft Live Hotmail, given that Facebook has a user base of 500 million plus users from which to draw.  And, there was considerable concern raised by eDiscovery analysts that Facebook plans to preserve these messages, regardless of the form in which they are generated, forever.

However, Facemail isn’t likely to replace users’ current email accounts, according to an online poll currently being conducted by the Wall Street Journal.  More than 61 percent of over 4,001 participants who have taken the poll so far said they wouldn’t use Facebook Messages as their primary email service.  18.4 percent of voters said that they would use it as their primary email, with 20.5 percent indicating that they were not sure.  You can cast your vote here.  I just voted, so these numbers reflect “up-to-the-minute” poll results (as of 5:52 AM CST, Wednesday, December 08, that is).

Facebook CEO Mark Zuckerberg envisions the Facemail model of email, instant messaging and SMS text messages as a simpler, faster messaging model than email’s traditional subject lines and carbon copies, which Zuckerberg considers to be “antiquated”.

Whether Facemail develops as a serious threat to Gmail, Hotmail or Yahoo Mail (or even Microsoft Outlook or Lotus Notes) remains to be seen.  However, at least a couple of industry analysts think that it could become a significant development.

“A powerful, unified presence manager would also enable the user to express how he’d like to communicate, and to manipulate that ‘how’ and ‘when’ availability to different types of contacts,” industry analyst David Card stated in a post on GigaOm.com.  “If Facebook establishes Messages as a user’s primary tool to manage presence across multiple communications vehicles, it would be an incredibly sticky app, with huge customer lock-in potential.”

Gartner analyst Matt Cain told eWEEK.com, “It will have little impact at first on the public portal email vendors because it is a barebones email service. But if Facebook makes it the equivalent of these other services, it will have a significant deleterious impact on competing email services”.

As stated in the earlier post, it’s important to have a social governance policy in place to not only address new mechanisms such as Facemail, but all social media mechanisms that might be in use by your employees.

So, what do you think?  Do you plan to consider using Facemail as your primary email service?  Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Best Practices: Data Mapping for Litigation Readiness
 

Federal Rule 26(f)–the Meet and Confer rule–requires the parties in litigation to meet at an early stage to discuss the information they have and what they will share.   The parties must meet “at least 21 days before a scheduling conference is to be held or a scheduling order is due under Rule 16(b)”, which states that the “judge must issue the scheduling order…within the earlier of 120 days after any defendant has been served with the complaint or 90 days after any defendant has appeared.”.

That means the meet and confer is required 90-100 days after the case has been filed and, at that meeting the parties must disclose to each other “a copy of, or a description by category and location of, all documents, electronically stored information and tangible things that are in the possession, custody or control of the party and that the disclosing party may use to support its claims or defenses” (Rule 26(a)(1)(A)(ii)).  That’s not much time to develop a thorough understanding of what data may be potentially responsive to the case.

The best way for organizations to address this potential issue is proactively, before litigation even begins, by preparing a data map.  As the name implies, a data map simply provides a guide for legal and IT to the location of data throughout the company and important information about that data, such as the business units, processes and technology responsible for maintaining the data, as well as retention periods for that data.  An effective data map should enable in-house counsel to identify the location, accessibility and format of potentially responsive electronically stored information (ESI).

Four tips to creating and maintaining an effective data map:

  • Obtain Early “Buy-In”: Various departments within the organization have key information about their data, so it’s important to obtain early “buy-in” with each of them to ensure full cooperation and a comprehensive data map,
  • Document and Educate: It’s important to develop logical and comprehensive practices for managing data and provide regular education to employees (especially legal) about the organization’s data management policies so that data is where it is supposed to be,
  • Communicate Regularly: Groups need to communicate regularly so that new initiatives that may affect existing data stores or create new ones are known by all,
  • Update Periodically: Technology is constantly evolving, employees come and go and terminologies change.  Data maps must be reviewed and updated regularly to stay accurate.  If you created a data map two years ago and haven’t updated it, it probably doesn’t address new social media sources.

Preparing and maintaining a data map for your organization puts you in a considerably better position to respond quickly when litigation hits.

So, what do you think?  Does your organization have a data map?  Please share any comments you might have or if you’d like to know more about a particular topic.

eDiscovery Trends: CGOC Information Governance Benchmark Report

Last month, at the EDRM Mid-Year Meetings, the Information Management Reference Model (IMRM) team within EDRM presented a status report for their project (as all of the project teams do during these meetings).  As a part of that presentation, the team presented findings from the first survey conducted by the Compliance, Governance and Oversight Council (CGOC) in collaboration with the IMRM of legal, records management (RIM) and IT practitioners in Global 1000 companies.  You can request a copy of the report here.

According to the CGOC report, there was an even distribution of respondents between legal, RIM and IT.  Just a few of the very interesting findings include:

    • Ineffective Disposal of Data: 75% of respondents identified the inability to defensibly dispose of data as the greatest challenge, leaving “massive” amounts of legacy data,
  • “People Glue” Compliance Processes: 70% of respondents depend on “liaisons and people glue” to support discovery and regulatory obligations within information management (as opposed to reliable and repeatable systems and processes),
  • Disconnect Between Legal, RIM and IT: There are big gaps between retention schedule development, legal hold communication, and information management.  Some key stats:
    • 77% said their retention schedules were not actionable as is or could only be applied to paper,
    • 75% of schedules included only regulatory record keeping requirements or long-range business information,
    • 66% did not describe legal holds by the records associated with them, and
    • 50% of IT departments never used the retention schedule when disposing of data.
  • Who’s In Charge?: Legal and RIM identified RIM as the organization responsible for “information management and disposal” whereas IT considered themselves responsible for this function.

These are just a handful of findings in this report, which clearly shows that most large organizations still feel that there is still much work to be done to achieve an effective information governance program.  The CGOC (and IMRM) have done a terrific job at compiling a comprehensive and informative report that illustrates the current state of affairs of information management in the corporate world.  Request your copy of the report to learn more!

So, what do you think?  How is your organization managing information governance?  Is it facing similar issues? Please share any comments you might have or if you’d like to know more about a particular topic.

Thought Leader Q&A: Kirke Snyder
 

Tell me about yourself and your experience.  I am a professor of law and ethics at Regis University College for Professional Studies in Denver, Colorado. The opinions expressed in this article are mine and are based upon my 25 years of experience consulting with public and private organizations.

Why is records management so important within the scope of eDiscovery?  Records Management is a sub-set of an organization’s overall information management. Take a look at the Electronic Discovery Reference Model (EDRM). Information management is on the far left-hand side of the model. An effective records/information management program is the most effective way for a company to reduce the volume of data that will become snagged in litigation hold, collection, production, and attorney review.

What are the most important concerns about corporate records and information management?  Organizations should be concerned about managing their corporate records for two main reasons: (1) the risk associated with regulatory compliance and litigation hold requirements, and (2) the cost of reviewing data to identify potentially relevant documents associated with litigation or an investigation.

What are the main risks associated with regulatory compliance and litigation hold requirements?  There are thousands of recordkeeping laws and regulations. A sound corporate records and information (RIM) program must be based upon legal research that identifies the applicable regulatory requirements (federal, state, and industry specific). Retention or destruction requirements apply to commonly encountered corporate records, such as job applications, employee medical records, and tax returns, as well as to the distinctive recorded information associated with specific industries, such as banking, insurance, pharmaceuticals, healthcare, energy, and telecommunications. Further, certain business records are subject to privacy legislation and regulations that protect personal information from unauthorized disclosure or use. Examples of U.S. laws with such privacy provisions include the Fair Credit Reporting Act (1992), the Health Insurance Portability and Accountability Act (1996), and the Gramm-Leach-Bliley Act (1999).

In addition to retaining corporate information to support a regulatory requirement, organizations must hold information that may be potentially relevant to litigation or an investigation. As a matter of fact, it is illegal for any organization to knowingly and intentionally destroy records relevant to pending or ongoing litigation or government investigations, even though their document management policies would otherwise permit such destruction. For public companies, the Sarbanes-Oxley Act of 2002 includes additional recordkeeping provisions and mandated retention requirements for certain types of records. It also criminalizes and provides severe penalties for executives and employees who obstruct justice by destroying or tampering with corporate accounting records. Most notably, the Sarbanes-Oxley Act created a new federal crime for the destruction, mutilation, or alteration of corporate records with the intent to impede or influence a government investigation or other official proceeding, either “in relation to or in contemplation of any such matter or case.” This provision expands upon previous laws relating to the destruction of records with presumed intent to obstruct justice.

How do you justify the cost of a good records management and information program?  With regards to litigation, size does matter. The cost of the litigation discovery process has a direct correlation to the volume of potentially relevant documents related to the matter. The smaller the population of potentially relevant data, the lower the costs will be from vendors to process the data into a searchable database and the lower the fees will be from outside counsel to review each email or document. Most organizations do not have an automated means to identify, collect, and preserve electronically stored information (ESI) based upon search criteria (key words, document type, document date or author). We hear the terminology megabyte, gigabyte, and terabyte used with regards to storage capacity of network servers, computer hard drives, and even portable “thumb drives.” To cost justify a budget for a new records/information management program, it’s important to convert the MB’s, GB’s. and TB’s into something to which management can relate. One megabyte of user documents is approximately one ream of paper. One ream of paper wouldn’t take the lawyers too long to review. However, one gigabyte of user documents if printed would be the approximate length of a basketball court and would require a team of lawyers to review. One terabyte of user documents if printed would be the approximate length of Long Island. It’s easy to see the economic and strategic advantage for an organization to be able to identify the smallest legally defensible data population (without duplicates) prior to handing over the data to vendors for processing or outside counsel for review.

About Kirke Snyder

Kirke has earned a law degree and also a masters degree in legal administration. He is an expert in document retention and litigation electronic discovery issues. He can be reached at KSnyder@Regis.edu.

Thought Leader Q&A: Alon Israely of BIA
 

Tell me about your company and the products you represent.  BIA is a full solution E-Discovery provider. Our core competencies are around E-Discovery Collections and Processing, but we offer the full spectrum of services around E-Discovery.   For almost a decade, BIA has been developing and implementing defensible, technology driven solutions that reduce the costs and risks related to litigation, regulatory compliance and internal audits.  BIA provides software and services to Fortune 1000, Global 2000 companies and Am Law 100 law firms. We are headquartered in New York City, and have offices in San Francisco, Seattle, Washington DC and in Southwest Michigan. We also maintain digital evidence response units throughout the United States, Europe, Asia, and the Middle East.

BIA’s products are defensible and cost effective, offering defensible remote collections with DiscoveryBOT™, fast e-discovery processing with our TD Grid system and automated and secure legal hold software with Solis™.  For more about BIA’s product, click here.

What is the best way for lawyers and litigation support professionals to take control of their eDiscovery?  The best way for litigation support professionals to take control of their e-discovery is to scope projects correctly.  It is important to understand that not one size fits all in e-discovery.  That is, there are many tools and service providers out there – it is important to focus (at the beginning) on what needs to be accomplished from a legal and IT perspective first and then to determine which technologies and methods fit that strategy best. 

What is a good way to achieve predictability in eDiscovery costs?  Most of the cost analysis that exists in e-discovery today is focused on the Review side, where the data has already been collected and perhaps culled. Yet, there are still too many documents, where most of the documents are not responsive. With a focus on the left side of the EDRM, e-discovery costs are visible early on in the process.  For example, using a good (light-touch) collection tool and method to lock data down is one of the best ways to control e-discovery costs – that is, doing the right collection early-on and getting the right metrics from those collections, allow you to analyze that data (even at a high-level without incurring processing and other costs) which can then help can help the attorneys and the institutional client determine costs early in the process, and in a more predictable manner.

Is there a way to perform self collection in a defensible manner?  Yes.  Use the right tools and methods and importantly, have those tools and methods vetted (reviewed and approved) by e-discovery collection professionals.  Defensible self-collections do NOT mean that the custodian or the IT people are left to perform the collection on their own without the right plan behind them.  There are best-practices that should be followed and there are some tools that maintain the integrity of the data.  Make sure that those best practices and tools are used (having been scoped correctly – see response above) by professionals or at least used by staff and peer-reviewed or monitored by professionals.  Also, rely on custodians for good ESI identification – that is, the custodians (users) usually know better than anyone where they maintain records – so, using custodian questionnaires early-on will help inform those systems which will be most relevant – which goes to diligence (an important factor in defensible collections).  Also then the professional can work in tandem with the custodian to gather the data in a manner which will ensure the evidentiary integrity of the data.  At BIA we have been following those methods for years and have been very successful with our clients, the Courts and Opposing parties, at defending those ways of identifying and collecting ESI.

What is the importance of the left side of the EDRM model?  The left side is where it all starts with e-discovery – that is, ESI collections are usually the most affordable parts of the overall e-discovery process and are arguably the most important – that is, “garbage in/garbage-out.”  Because the subsequent parts of the e-discovery process (i.e., the “right-side of the EDRM”) rely on the data identified and gathered in the early parts of the process, it is imperative that those tasks and activities performed for the “left side of EDRM” are done in the correct manner – that is, maintaining the evidentiary integrity of the data collected.  Also, the left side of the EDRM includes preserving data and notifying custodians of their obligations to preserve – which is a piece critical to defensible e-discovery – especially in light of Pension Committee and some other recent cases.  As for the money piece, the left side of the EDRM is an area where much of the planning can occur for the rest of the process without incurring substantial costs – that planning goes a long way to ascertaining the real costs and timing with respect to the remainder of the e-discovery process.

About Alon Israely

Alon Israely has over fifteen years of experience in a variety of advanced computing-related technologies. Alon is a Senior Advisor in BIA’s Advisory Services group and currently oversees BIA’s product development for its core technology products. Prior to BIA, Alon consulted with law firms and their clients on a variety of technology issues, including expert witness services related to computer forensics, digital evidence management and data security. Prior to that, he was a senior member of several IT teams working on projects for Fortune 500 companies related to global network architecture and data migrations projects for enterprise information systems. As a pioneer in the field of digital evidence collection and handling, Alon has worked on a wide variety of matters, including several notable financial fraud cases; large-scale multi-party international lawsuits; and corporate matters involving the SEC, FTC, and international regulatory boards.  Alon holds a B.A. from UCLA and received his J.D. from New York Law School with an emphasis in Telecommunications Law. He is a member of the New York State Bar as well as several legal and computer forensic associations.

Reporting from the EDRM Mid-Year Meeting
 

Launched in May 2005, the Electronic Discovery Reference Model (EDRM) Project was created to address the lack of standards and guidelines in the electronic discovery market.  Now, in its sixth year of operation, EDRM has become the gold standard for…well…standards in eDiscovery.  Most references to the eDiscovery industry these days refer to the EDRM model as a representation of the eDiscovery life cycle.

At the first meeting in May 2005, there were 35 attendees, according to Tom Gelbmann of Gelbmann & Associates, co-founder of EDRM along with George Socha of Socha Consulting LLC.  Check out the preliminary first draft of the EDRM diagram – it has evolved a bit!  Most participants were eDiscovery providers and, according to Gelbmann, they asked “Do you really expect us all to work together?”  The answer was “yes”, and the question hasn’t been asked again.  Today, there are over 300 members from 81 participating organizations including eDiscovery providers, law firms and corporations (as well as some individual participants).

This week, the EDRM Mid-Year meeting is taking place in St. Paul, MN.  Twice a year, in May and October, eDiscovery professionals who are EDRM members meet to continue the process of working together on various standards projects.  EDRM has eight currently active projects, as follows:

  • Data Set: provides industry-standard, reference data sets of electronically stored information (ESI) and software files that can be used to test various aspects of eDiscovery software and services,
  • Evergreen: ensures that EDRM remains current, practical and relevant and educates about how to make effective use of the Model,
  • Information Management Reference Model (IMRM): provides a common, practical, flexible framework to help organizations develop and implement effective and actionable information management programs,
  • Jobs: develops a framework for evaluating pre-discovery and discovery personnel needs or issues,
  • Metrics: provides an effective means of measuring the time, money and volumes associated with eDiscovery activities,
  • Model Code of Conduct: evaluates and defines acceptable boundaries of ethical business practices within the eDiscovery service industry,
  • Search: provides a framework for defining and managing various aspects of Search as applied to eDiscovery workflow,
  • XML: provides a standard format for e-discovery data exchange between parties and systems, reducing the time and risk involved with data exchange.

This is my fourth year participating in the EDRM Metrics project and it has been exciting to see several accomplishments made by the group, including creation of a code schema for measuring activities across the EDRM phases, glossary definitions of those codes and tools to track early data assessment, collection and review activities.  Today, we made significant progress in developing survey questions designed to gather and provide typical metrics experienced by eDiscovery legal teams in today’s environment.

So, what do you think?  Has EDRM impacted how you manage eDiscovery?  If so, how?  Please share any comments you might have or if you’d like to know more about a particular topic.

Thought Leader Q&A: Jim McGann of Index Engines
 

Tell me about your company and the products you represent.  Businesses today face a significant challenge organizing their files and email to ensure timely and cost efficient access, while also maintaining compliance to regulations governing electronic data. Founded in 2003, Index Engines’ mission is to organize enterprise data assets, and make them immediately accessible, searchable and easy to manage. 

Index Engines’ discovery platform is the only solution on the market to offer a complete view of electronic data assets. Online data is indexed in-stream at wire speed in native enterprise storage protocols, enabling high-speed, efficient indexing of proprietary backup and transfer formats. Our unique approach to offline records scans backup tapes, indexes the contents and extracts relevant data, eliminating the time-consuming restoration process. Index Engines provides the only comprehensive discovery platform across both online and offline data, saving time and money when managing enterprise information.

What has caused backup tapes to become so relevant in eDiscovery?  Tape discovery actually appeared on the map after the renowned Zubulake case in 2003, and was reinforced by the FRCP amendments in 2006 and then again last year with the adoption of California’s eDiscovery act AB-5. Each of these milestones propelled tape discovery further into the eDiscovery market. These days, tapes are as common as any other container to discover relevant electronically stored information (ESI).

What can companies proactively do to address tape storage?  Needlessly storing old backup tapes is both a potential liability and a wasted expense. The liability comes from not knowing what information the tapes contain. The cost of offsite tape storage –  even if it is only a few dollars a month per tape –  quickly adds up. Tape remediation is the process of proactively discovering data contained on legacy backup tapes, and then applying a corporate retention policy to this tape data. Once the relevant data has been identified and archived accordingly, the tapes can be destroyed or recycled. 

How can a legal or litigation support professional substantiate claims of processing speed made by eDiscovery vendors?  Without an industry standard vendor-neutral benchmarking process, this is a difficult challenge. I would recommend performing a proof of concept to actually see the performance in action. Another idea would be to question the components of the technology. Is the technology simply off-the-shelf freeware that has been repackaged, or is it something more powerful?

You have recently had patents approved for your technology. Can you explain this in greater detail?  Index Engines has engineered a platform that performs sequential processing of data. We received both US and European patents for this unique approach towards the processing of enterprise data, which makes the data searchable and discoverable across both primary and secondary (backup) storage. Our patented approach enables the indexing of electronic data as it flows to backup, as well as documented high speed indexing of network data at 1TB per hour per node.

About Jim McGann
Jim is Vice President of Information Discovery for Index Engines. Jim has extensive experience with the eDiscovery and Information Management. He is currently contributing to the Sedona working group addressing electronic document retention and production. Jim is also a frequent speaker for industry organizations such as ARMA and ILTA, and has authored multiple articles for legal technology and information management publications.  In recent years, Jim has worked for technology based start-ups that provided financial services and information management solutions. Prior to Index Engines, he worked for leading software firms, including Information Builders and the French based engineering software provider Dassault Systemes. Jim was responsible for the Business Development of Scopeware at Mirror Worlds Technologies, the knowledge management software firm founded by Dr. David Gelernter of Yale University. Jim graduated from Villanova University with a degree in Mechanical Engineering.