Close
Enter your
text here

eDiscoveryDaily

Tending Your Garden: Why Information Governance Should be an Ongoing Process in Your Organization: eDiscovery Best Practices

Editor’s Note: Jim Gill’s writing about eDiscovery and Data Management has been twice recognized with JD Supra Reader’s Choice Awards and he holds an MFA in Creative Writing from Southern Illinois University, Carbondale.  Before working in eDiscovery, Jim taught college writing at a number of institutions and his creative work has been published in numerous national literary journals, as well as being nominated for a Pushcart Prize.

Jim’s post below highlights the importance of a strong information governance program and how creation of a data map can be a key component to that IG program.  Complying with the management requirements of personal data in Europe’s impending General Data Protection Regulation (GDPR) will make information governance even more of a priority than ever as Tom O’Connor and I discussed in last week’s webcast.

Just south of San Francisco lies the Filoli mansion, built in 1916 for the Bourn family, and then sold to the Roth family in the 1930s. During that time, the formal gardens gained worldwide renown, and in 1975, the family donated the house and gardens to the National Trust for Historic Preservation.

This month, I was visiting a friend who is the head of horticulture there and was asking about the seasonal planning of the garden and if they use landscape maps, or if it’s up to the garden managers to decide what to plant and maintain. The answer, as most answers tend to be, involved a little of both. But he told me that they no longer had access to a lot of the maps, because they had recently upgraded their computers, and the new machines couldn’t read the old files.

“Did you switch from Mac to PC?” I asked.

“No, we just went with the latest Macs, but they can’t read the old Apple files.”

As computing has shifted more to mobile-based platforms, the issue of legacy document accessibility comes along with that shift. Certainly, it’s nothing new, as system updates with both hardware and software have become increasingly frequent over the last 20 years. But often there was a built-in reverse compatibility – the newest machines could read older software versions but not the other way around.

To add even more complexity, Apple has so far made the decision to keep its mobile iOS platform separate from its desktop/laptop OS. In an article in Time, written in December 2016 by Tim Bajarin, he states, “Keeping two separate operating systems makes sense for Apple, enabling the company to offer a more basic and approachable OS for mobile users, with more powerful software for pro buyers.” But he continues with his belief that “both everyday consumers and business users will embrace so-called “2-in-1” computers, which can function as both a tablet and a laptop-with-keyboard.”

When I asked my friend what Filoli was planning to do about the old maps, he simply smiled and said, “we’re not exactly sure yet.” Mainly, they’d just started creating new maps using the new programs, which at a small organization like his, will probably work just fine.

But it raises some interesting considerations when thinking about information governance and eDiscovery policy in a larger corporate setting.

First, in the same way that the Filoli gardeners used maps to understand the property’s landscape, organizations should create data maps in order to learn the same about their data landscape. What types of data are being stored, where is it stored, when was it created, and in the case of hardware and software updates, will there be compatibility issues.

Second, once a data map is created, policies should be created surrounding retention and storage. If you have older files that can’t be opened, one should question whether it’s even necessary to keep it around. Because storage is moving to the cloud and is becoming more and more affordable, many find it easier to simply just keep everything. But this can lead to issues down the road should litigation arise.

Finally, hardware and system updates are a great time to bring your organization’s data management program up to speed. Before moving old files over into a new system (such as Office 365), it could be beneficial, especially in the long term, to clean house before moving. However, this can be easy to put off, it takes extra time and effort, and if you’re in the middle of a move, being proactive about defensible deletion isn’t often top of mind. It’s the same reason why after you move into a new house and start unpacking boxes, you’re often left shaking your head and thinking, why did I bring this?

Even if you’re not planning to upgrade hardware or software platforms anytime soon, it is inevitable that your organization will do so. And in this day and age, the space between upgrades continues to grow narrower all the time. It may be a good idea to use the “off time” to begin the process of creating a data map, as well as information governance policies and contingencies, so that when the day comes for that upgrade, you won’t have to recreate some things from scratch, while still feeling compelled to carry around the outdated and inaccessible files.

So, what do you think?  Does your organization have a data map that is periodically updated?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

93 Percent of Legal Professionals Surveyed by Consilio Think AI Will Be Helpful to Legal: eDiscovery Trends

The things I do to get a blog post out. When you travel to Dallas for the Masters Conference (which is today) and forget your laptop charger, then make a trip to Best Buy to get a replacement — only to get back to the hotel and find out that the one you bought doesn’t fit your laptop (even though it listed the laptop manufacturer on the package) you wind up typing your blog post on the hotel computer in the Business Center. So, my apologies if it is a bit off.

While the ultimate impact of artificial intelligence (AI) on the business of law remains to be seen, legal professionals are largely positive about how it will affect the industry and their day-to-day jobs, according to a survey conducted by Consilio. The survey of 105 legal professionals from in-house law departments, law firms and government affiliated entities, was conducted by Consilio at the Legalweek conference held from January 30 – February 1, 2018. In the survey, the majority of legal professionals (53 percent) indicated that they believe AI will create more opportunity within the legal industry with another 40 percent saying it will help the industry.

As those of us who follow eDiscovery know, AI has already improved tasks like technology-assisted review (TAR), but respondents believe that AI will soon begin impacting the industry in other ways. Outside of eDiscovery, legal professionals believe contract drafting and management will be the most heavily impacted legal task affected by AI (37 percent) followed by litigation analysis (32 percent), risk assessment (15 percent) and computational models predicting legal outcomes (15 percent).

Here are some other notable findings from the survey:

  • 62 percent of legal professionals surveyed say AI is impacting their day-to-day jobs right now;
  • 95 percent of respondents expect AI to impact their day-to-day jobs in the next five years;
  • 33 percent of legal professionals surveyed believe that AI will not negatively affect the industry at all;
  • 29 percent think that loss of jobs will be the biggest negative impact of AI on the industry, while 28 percent believe it will create less opportunity for junior associates.

“Artificial intelligence is slowly integrating itself into every aspect of our lives and the legal industry is no exception,” said Amy Hinzmann, Managing Director at Consilio. “The results of this survey confirm the legal industry is preparing for and excited about how AI will impact their jobs. Improved processes, like those already seen in eDiscovery, will help speed up once tedious processes and give legal professionals time to focus more on the strategic aspects of their roles.”

AI was one of the hottest topics at Legaltech this year, along with GDPR.  So, these results are probably not that surprising to many.

So, what do you think?  Are you surprised by these survey results?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Germany Finds that Facebook’s Privacy Settings and Terms of Service Violate Their Privacy Rules: Data Privacy Trends

One of the things that Tom O’Connor and I discussed in last week’s webcast about the upcoming Europe General Data Protection Regulation (GDPR) was how consent will be interpreted for use of data for its data subjects.  Last month, a German court may have given an early indication of how consent will be enforced.

In Legaltech News (Facebook Foreshadowing: German Court Underscores Tech’s Uncertain GDPR Future, written by Rhys Dipshan, free subscription required), the author notes that after a three-year battle, a regional court in Berlin has found that Facebook’s default privacy settings, terms of service, and requirement that users register under their own name violate Germany’s data privacy and consent rules.

The January 2018 ruling (available here, in German, of course) based on German law on a case brought by The Federation of German Consumer Organisations (VZBV) could nonetheless illustrate trouble for international technology companies under the GDPR, once it takes effect on May 25th of this year.

Germany’s data privacy laws are currently based on the EU Directive 95/46/EC, the data privacy directive passed by the European Union in 1995 which has provisions that mirror those in the GDPR, especially around the issue of consent.  EU Directive 95/46/EC will be replaced by GDPR on May 25th.

Last November, the EU Article 29 Data Protection Working Party (WP29) issued Guidelines on Consent under Regulation 2016/679 to clarify how the EU would move to define and regulate consent and that guidance aligns closely with how the German court interpreted consent in the case against Facebook. For example, the court ruled that the pre-activated privacy settings on Facebook’s mobile application, such as allowing geotagging and for search engines to index a user’s Facebook profile, are a violation of user consent.

The court also found that eight clauses in Facebook’s terms of service assumed and framed consent too broadly and declared that asking users to register under their own names “was a covert way of getting people’s consent to use their real names,” said Nick Wallace, a senior policy analyst at the Center for Data Innovation.

The WP29’s guidance affirms both points and it also notes, “If consent is bundled up as a non-negotiable part of terms and conditions, it is presumed not to have been freely given.”  WP29 also states, “The use of pre-ticked opt-in boxes is invalid under the GDPR. Silence or inactivity on the part of the data subject, as well as merely proceeding with a service cannot be regarded as an active indication of choice.”

Debbie Reynolds, director of EimerStahl Discovery Solutions, an affiliate of law firm Eimer Stahl, stated that “Facebook and a lot of tech companies sell marketing,” and having their users register under their real names “makes the information they collect more valuable. So I think this is going to in some way change the foundation of how they are operating today.”

As you can imagine, the requirements of specific consent could change things for a lot of companies that currently collect data from individuals, including EU data subjects – perhaps significantly.  We will see.

Speaking of data privacy, today is the day that the Supreme Court will hear oral argument in United States v. Microsoft Corp (which we’ve referred to as the “Microsoft Ireland” case).  Needless to say, the ruling in this case will have major impact on how organizations treat data privacy as well.  We will certainly cover the ruling when it’s issued.

So, what do you think?  Is your organization changing how it obtains consent from individuals for handling their data?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Court Rules on Scope of Plaintiff Discovery Requests: eDiscovery Case Law

In Performance Pulsation Control, Inc. v. Sigma Drilling Techs., LLC, et al., No. 4:17-CV-00450 (E.D. Tex. Fe. 13, 2018), Texas District Judge Amos L. Mazzant granted the plaintiff’s motion to compel in part, ordering the defendants to produce documents related to four specific categories, but within certain parameters.

Case Background

In this case regarding claims of misappropriation of trade secrets and confidential information by a former employee of the plaintiff who formed a competing company, the parties had discovery disputes and the plaintiff contended that the defendants failed to produce any of the materials they generally described in their Rule 26 disclosures or state when they intended to produce such materials.  In September 2017, the plaintiff sent more than 850 Requests for Production to the Defendants and, about a month later, the defendants objected and responded to their requests.  In response to a letter by the plaintiff detailing stated issues with the defendants’ production, the defendants produced additional documents, but the parties still needed a telephonic conference with the Court in December 2017 to discuss the discovery dispute and the Court recommended that the parties file briefing on the issue.  Six days later, the plaintiff filed its motion to compel.

In its motion, the plaintiff sought an order compelling the defendants to produce four general categories of documents and tangible items from time periods before, during, and after employment by the former employee, as follows:

“(1) Emails and documents sent to or received from any “PPC Contact” and similar documents sent to or received from relevant third parties.

(2) Emails and documents relating to PPC trade secrets, specific pulsation control products, and pulsation control generally.

(3) Emails and documents relating to Defendants’ scope of work with PPC, information owned by PPC, and emails to and from PPC.

(4) Emails and documents relating to Defendants’ competitive business.”

Judge’s Ruling

With regard to the first category, the parties had already further refined the scope of “PPC Contacts” and “relevant third parties” and the defendants had produced additional documents and were “conducting additional searches based on that information.”  With that in mind, Judge Mazzant stated: “The Court finds that to the extent Defendants have not already done so, they must produce documents sent to or received from any “PPC Contact” or “third party” as limited in the conference letter. However, the Court narrows such production to documents and communications dated during and after the time of Defendants’ employment.”

With regard to category #2, Judge Mazzant stated: “The Court finds production of such information and documents is warranted as limited in PPC’s conference letter, with the exception that such production is narrowed to documents and communications dated during or after Defendants’ employment with PPC.”  He also reminded the defendants that such trade secret related information could be produced subject to the Court’s protective order with an Attorney’s Eyes Only or Confidential designation.

With regard to category #3, Judge Mazzant stated: “The Court finds that to the extent that Defendants have not produced such information, they must do so. However, any production is limited to information dated or obtained during and after Defendants’ employment with PPC. Further, to the extent Defendants are concerned that any information is confidential or relates to any trade secrets, the Court reiterates Defendants’ ability to produce any information pursuant to the Court’s Protective Order and/or in a reasonably redacted format.”

In discussions with the defendant on category #4, the plaintiff, in its conference letter, described “competitive business activities” to include “formation documents, corporate governance documents, revenues and net profits earned, employees, agreements with third parties, contacts, types of work, etc.”  With that in mind, Judge Mazzant stated: “The Court finds to the extent Defendants have not already done so, they must produce all emails and documents related to Defendants’ formation documents, corporate governance documents, revenues and net profits earned, employees, agreements with third parties, contacts, and types of work. However, such production is limited to during and after Defendants’ employment with PPC.”

So, what do you think?  Did the court manage the discovery disputes effectively?  Please share any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Once Again, Florida is the Place to Be for eDiscovery Education in March: eDiscovery Best Practices

I alluded to it last week, now I’ll discuss it in more depth.  Next month, the University of Florida E-Discovery Conference will be held on Thursday, March 29 – believe it or not, this is the sixth annual conference.  And, for the first time, I’m going to be there!  If you’re going to be in Gainesville then too, great!  If not, you can still attend from the comfort of your desk at work or at home.

But first, this week’s eDiscovery Tech Tip of the Week is about Proximity Searching.  When performing keyword searching, the challenge to performing those searches effectively is to balance recall (retrieving responsive documents with hits) and precision (not retrieving too many non-responsive documents with hits).  One way to achieve that balance is through proximity searching, which is simply searching for two or more words that appear close to each other in the document.  Proximity searching is more precise then an AND search (where two terms can appear in the document together but be completely unrelated) with more recall than a phrase search (where the terms must be exactly together in that order).  It’s an especially useful technique when searching for names, among other things.  So, proximity searching can be a valuable search strategy for striking the proper balance in your search results.

To see an example of how Proximity Searching is conducted using our CloudNine platform, click here (requires BrightTalk account, which is free).

The focus of this year’s UF Law E-Discovery conference is effectively managing the everyday case and they will have interesting sessions throughout the day, covering topics ranging from eDiscovery security and data protection to early assessment of the case and the data to keywords, TAR and AI (do I need to spell out those acronyms anymore?).  Want to know about eDiscovery of the JFK files?  They’ve got it.  Want to get judges’ perspectives on sanctions and other eDiscovery issues?  They’ve got that too.

The panel of speakers is a regular who’s who in eDiscovery, including Craig Ball, George Socha, Kelly Twigger, David Horrigan, Martin Audet, Mary Mack, Rose Jones, Mike Quartararo and also US Magistrate Judges John Facciola, James Francis, Judges William Matthewman, Mac McCoy, Amanda Arnold Sansone and Gary Jones, and retired Florida Circuit Court Judge Ralph Artigliere.

I’m on a panel discussion at 9am ET in a session titled Getting Critical Information From The Tough Locations – Cloud, IOT, Social Media, And Smartphones! with Craig, Kelly, with Judge Sansone.  We’ve already had two planning calls about the session and it should be terrific!

As always, the conference will be conducted in Gainesville, FL on the University of Florida Levin College of Law campus (as well as being livestreamed), with CLE-accredited sessions all day from 8am to 5:30pm ET.  The conference has been approved for 7.5 Continuing Legal Education (CLE) general credits, 2.0 ethics credits and 3.0 technology credits by the Florida Bar for attorneys attending the conference. The Florida Bar has also approved 7.5 civil trial certification credits.    So, this is a great opportunity to get those needed CLE credits!

In addition, E-Discovery CareerFest will precede the 6th Annual E-Discovery Conference for the second straight year on Wednesday, March 28 from 3pm to 5:30pm ET.  And, for the first time, the Law School E-Discovery Core Curriculum Consortium (composed of law professors teaching electronic discovery courses at their respective law schools) will host its first in person workshop focusing on curriculum development on Friday, March 30th from 9am to 12pm ET.

Click here to register for the conference – it’s only $199 for the entire day in person and only $99 for livestream attendance.  And, if you’re a currently enrolled student (in an ABA accredited law school, accredited E-Discovery graduate program or accredited paralegal program), it’s free(!), either in person or livestreamed.  It’s also free if you’re university or college faculty, professional staff, judicial officials, clerks and employees of government bodies and agencies, it’s free(!) for you too.  In any case, it’s a tremendous bargain.

About the only issue I have with the conference is the way they spell “E-Discovery”.  I’ll have to take that up with Bill Hamilton when I see him… :o)

So, what do you think?  Are you going to attend the conference next month?  If not, why not?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

No Sanctions for Failing to Preserve Cell Phone Records and Call Logs: eDiscovery Case Law

In Dotson, et al. v. Edmonson, et. al., No. 16-15371 (E.D. La. Jan. 22, 2018), Louisiana District Judge Susie Morgan denied the plaintiff’s motion in limine seeking sanctions for spoliation of evidence, finding that the plaintiff had “not met his burden of establishing that the Trooper Defendants had a duty to preserve” cell phone records and call logs from the evening of October 7, 2015 from Louisiana State Police (LSP) issued cell phones that were used that night by LSP officers during an undercover operation, or that their destruction of the evidence was intentional.

Case Background

In this case related to a civil suit over a drug bust involving the plaintiff, the defendants provided interrogatory responses deposition testimony which indicated that LSP troopers relied on their LSP-issued (or LSP-funded) cell phones to communicate during the course of operations in general, and specifically on the night of October 7, 2015.  The plaintiff asserted that this “establishes the existence of electronically stored information such as call logs and text messages on those cell phones” and argued that, as early as October 7, 2016, when the defendants were named in an article on nola.com and the case was filed, the defendants and the LSP were on notice that litigation was pending, and thus should have known that any ESI relating to the investigatory stop and arrest of the plaintiff was required to be preserved. Nonetheless, Defendants traded in their cell phones one month after Plaintiff filed his suit.

The plaintiff issued multiple discovery requests and subpoenas, and filed several motions to compel in efforts to obtain the call logs and text messages and develop an understanding of the officers’ movements and observations on the night of the arrest to no avail and claimed the loss of these records prejudiced his case, because the movements and communications among these officers were crucial to establishing whether reasonable suspicion existed to stop the plaintiff.  In response, the defendants argued that the plaintiff’s proposed remedy unfairly targeted Defendant Bodet (one of the Trooper Defendants), “as the Fifth Circuit makes clear that sanctions for spoliation should be taken against the alleged spoliator” and argued there is no evidence to suggest that Bodet acted in bad faith, or that he should have known of a need to preserve any electronically stored information on his phone.

Judge’s Ruling

Citing Rule 37(e), Judge Morgan stated: “The Plaintiff has not met his burden of establishing that the Trooper Defendants had a duty to preserve the electronically stored information related to the cell phone records from October 7, 2015 at the time the information was destroyed or that their destruction of the evidence was intentional. The Court will not provide the requested instruction to the jury based on an adverse inference.”

However, Judge Morgan excluded the Trooper Defendants from speculating at trial that they “may have” called a particular trooper based on deposition testimony to the contrary.  She also stated that “the Court’s ruling does not preclude the Plaintiff from eliciting testimony regarding the loss of the cell phone records and text messages”, nor did it prohibit questioning “regarding the cell phone record preservation policies of the Louisiana State Police, as such testimony is relevant and its relevance is not outweighed by the risk of undue prejudice.”

So, what do you think?  Should the defendants have received some sanctions?  Please share any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Don’t Panic, but the Countdown is on and GDPR is Coming!: Data Privacy Trends

I have a “panic button” on my desk.  Are you panicking about the upcoming Europe General Data Protection Regulation (GDPR) yet?  If so, see below.

I stumbled across an EU GDPR countdown clock yesterday.  As of when I’m writing this, the clock says there are 92 days, 22 hours, 11 minutes and 08 seconds “Until the EU GDPR comes into force” (on May 25th).  So, time is ticking!

Are you ready?  Gartner predicts that on May 25th, more than half of companies affected by the GDPR will not comply fully with its requirements.

If you’re afraid you may be one of those companies, or not even sure whether or not GDPR applies to you, today at noon CST (1:00pm EST, 10:00am PST), CloudNine will conduct the webcast eDiscovery and the GDPR: Ready or Not, Here it Comes! In this one-hour webcast that’s CLE-approved in selected states, we will discuss how data privacy requirements have evolved over time, the parameters associated with the GDPR, what they mean to your organization and what steps your organization needs to take to ensure compliance with the GDPR.

Once again, I’ll be presenting the webcast, along with Tom O’Connor, who recently wrote an article about GDPR that we covered as a four part blog series.  It’s not too late to register for it, if you want to attend, click here.  Even if you can’t make it today, you can still go ahead and register to get a link to the slides and to the recording of the webcast (if you want to check it out later).

Oh, and I really do have a “panic button” from Hoops & Yoyo™.  I keep it on my desk at work and it comes in handy at times to relieve stress.  If you want to see what it looks like and sounds like, click here.

So, what do you think?  Are you ready for GDPR?  If not, don’t panic!  Please share any comments you might have or if you’d like to know more about a particular topic.

*Oh, now we’re down to 92 days, 21 hours, 41 minutes and 49 seconds!  Just in the time it’s taken me to write this blog post!  :o)

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Only 53 Percent of Surveyed Security Officers Are Confident in Security of Data by Third Parties: Cybersecurity Trends

A recently issued report provides an interesting look at how Chief Information Security Officers (CISOs) and others responsible for security are addressing the challenges in today’s cybersecurity climate.

The report (The Shifting Cybersecurity Landscape: How CISOs and Security Leaders Are Managing Evolving Global Risks to Safeguard Data, by Ankura and Ari Kaplan Advisors), issued earlier this month, explores the roles of CISOs (chief information security officers), the adoption of cloud technology and how entities are auditing their vendors.  Ankura partnered with Ari Kaplan Advisors and interviewed 30 industry leaders in August 2017, to detect how corporations are adapting to today’s evolving threat landscape.  Most of these were large organizations (70 percent with over $1 billion in annual revenue, 80 percent with over 5,000 employees).

Interesting findings include:

  • 97 percent of the respondents indicated they were evaluating security practices of their vendors, partners, law firms, and third parties that interact with their data. For 17 percent of them, regulatory requirements have driven that effort.
  • However, only 53 percent said they were confident in the security of their data being managed by vendors, partners, and other third parties.
  • 57 percent of the participants noted that their organizations are periodically involved in litigation or investigations that require them to transfer information to law firms and eDiscovery vendors, among others. 27 percent frequently need to do so.
  • 87 percent of respondents were using third-party cloud providers to “host non-critical information” to save money and streamline business processes. 17 percent of the respondents noted that Office 365 is a common impetus for moving to the cloud.
  • 77 percent of respondents advised that the scope of their managed security services includes incident response. And, for 63 percent, that support included onsite response. However, only 37 percent were confident that their managed services provider would provide a legally defensible investigation if they were the victim of a breach or other cyber incident.
  • 80 percent of respondents reported having a Bring Your Own Device (BYOD) plan, though some noted that their plan is to prohibit personal devices. 63 percent believe that those gadgets contain company sensitive information.

GDPR is one significant regulatory requirement affecting security considerations, with one respondent stating that “GDPR will influence the way many companies appraise their partners, given the expansion of responsibilities for both data controllers and processors under the new privacy framework set for implementation in 2018.”  Good thing we have a webcast on the topic tomorrow!  :o)

The report, a 24 page PDF, chock full of other statistics and findings, is available here.  As always, hat tip to Sharon Nelson of the Ride the Lightning blog for her coverage of the report.

So, what do you think?  Do any of these numbers surprise you?  Do you disagree with any of them?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.