Software as a Service (SaaS)

Results of the Microsoft Office 365 eDiscovery Challenge Survey: eDiscovery Trends

Remember the Microsoft Office 365 eDiscovery Challenge Survey that Tom O’Connor and Don Swanson were conducting?  The results are in!

The results were published on Bob Ambrogi’s LawSites blog last week.  The survey was conducted over seven weeks using both an online SurveyMonkey tool and telephone interviews. Tom and Don received a total of 75 survey responses from corporations, government agencies and law firms, with the estimated breakdown of respondents mostly being from corporate legal (69 percent of the total respondents).  Law firms were a distant second at 20 percent, followed by government respondents at 10 percent.  Vendors constituted just 1 percent of the responses.  1 percent!

Of all respondents, approximately 30 percent were attorneys. The remainder were litigation support professionals, paralegals and IT staff.

As for the questions, here are some notable results:

What was your first reaction to Microsoft offering eDiscovery features within Office 365?: Nearly two-thirds of respondents said their initial reaction was either very positive and promising (37 percent), or somewhat positive (29 percent).  Thirteen percent of respondents did not know that O365 offered eDiscovery functionality.

Does your organization run Microsoft Office 365? Version?: Just over 3/4 of respondents said they were running O365, with version E3 (G3) the leader at 32 percent22 percent did not know what version they use.  Only 7 percent had no plans to move to O365.

Which EDRM activities can be/have been performed within Office 365 eDiscovery? (check all that apply): Generally, the phases on the left side of the EDRM model were considered to be the most likely to be performed within O365, with Preservation the leader at 73 percent, closely followed by Identification at 72 percent.  However, only 46 percent and 41 percent of respondents (respectively) had actually used it in those phases.  40 percent of respondents had never used any of O365’s eDiscovery capabilities.

Are Microsoft Office 365’s eDiscovery features helpful?: Over 4 out of 5 respondents indicated that they would definitely need (53 percent) or probably need (29 percent) O365’s eDiscovery capabilities.  Only two percent of respondents indicated that they probably don’t need or definitely don’t need O365’s eDiscovery capabilities (1 percent each).

Click here for a complete set of results on Bob’s blog.  In early 2019, Tom and Don will be publishing their findings and observations.

So, what do you think?  Are you surprised by any of the finding?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Here’s Another Survey to Check Out on the eDiscovery Uses and Capabilities of Office 365: eDiscovery Best Practices

A survey a day keeps the…blog posts written!  Yesterday, we covered the survey on Rob Robinson’s Complex Discovery site regarding predictive coding technologies and protocols.  Today, here is another survey worth participating in regarding the use of Microsoft Office 365’s eDiscovery capabilities.

On his Techno Gumbo blog, my colleague Tom O’Connor poses the question: Can eDiscovery Really Be Done Within Microsoft Office 365? Help Us Find Out. (Okay, that’s a question and a statement, but anyway…)

Tom is working with Don Swanson, president of Five Star Legal, to find out just how many firms out there are actually using Office 365 for eDiscovery. Most people know Office 365 as a software-as-a-service (SaaS) offering of email, word processing, spreadsheet and presentation applications. Office 365 and the Microsoft Cloud are not only used by most of the Fortune 500, it’s also used by many federal, state and local governments and educational institutions – and a growing number of businesses of any size.  To that end, they have come up with the O365 Challenge, a successor to the 2009 EDna Challenge posed by noted eDiscovery thought leader Craig Ball (which he reprised in 2016) and Tom’s 2011 follow up to that, the Ernie Challenge.

Like EDna and Ernie, the matter in question still has a budget restriction but all relevant data now resides within Microsoft Office 365.  Tom and Don really want to know if Office 365’s eDiscovery capabilities are for real, whether litigants can achieve the goals outlined in EDna and Ernie within Office 365 and whether big case eDiscovery processes can be handled within Office 365 on a small budget.

As with any good challenge, Tom provides on his blog the hypothetical scenario and describes the challenge, which includes several goals identified by the company general counsel noted in the hypothetical.  Then, Tom and Don have built a survey which asks about eDiscovery capabilities in Office 365, including each of the phases of the EDRM model.

Tom provides a link to the five-question survey in the post in SurveyMonkey (check the post link above to get it) and survey responses submitted before October 15 will be included in the white paper detailing the Microsoft Office 365 Challenge findings which Don and Tom will publish sometime in Q4.  You can also just send your comments directly to Don or Tom to include them in the final report.

While more and more organizations are using Office 365, I’m not sure they are fully using the eDiscovery capabilities of it, nor am I sure that they are finding those capabilities sufficient to accomplish what they need to accomplish to meet their eDiscovery burdens and goals.  I’ll be looking forward to the white paper to see what people have to say about it.

P.S.: For more about Tom and his latest video with Craig regarding Forensic Examination Protocol, click here.

So, what do you think?  Does your organization use Office 365?  If so, does it use its eDiscovery capabilities and find them useful?  Please share any comments you might have or if you’d like to know more about a particular topic.

Image Copyright © Microsoft Corporation

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Public or Private Isn’t the Only Question You Should be Asking about Cloud Solutions: eDiscovery Best Practices

In yesterday’s post detailing the discussion of industry experts regarding the adoption of cloud technology within the legal industry, several points of discussion were discussed, including the differentiation between “public cloud” and “private cloud”.  It’s important to know the difference between the two implementations and why you might consider selecting one over the other (and what you need regardless of which one you select).  But, public or private cloud isn’t the only question you should be asking about a cloud solution.

To begin to understand what we’re talking about, it’s important to define three terms typically related to cloud computing: Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS):

  • Infrastructure as a Service (IaaS) is a service model that delivers computer infrastructure on an outsourced basis to support enterprise operations. Typically, IaaS provides hardware, storage, servers and data center space or network components.
  • Platform as a service (PaaS) is a category of cloud computing services that provides a platform allowing customers to develop, run, and manage web applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an app.
  • Software as a service (SaaS) is a software distribution model in which a third-party provider hosts applications and makes them available to customers over the Internet.

This diagram, courtesy of the site virtualclouds.in, does a good job of illustrating examples of each.

As you can see, the software application residing on top of the cloud platform and infrastructure are separate and unique and don’t necessarily have to be from the same provider.  Sometimes they are, like in the case of Office 365 hosted in the Microsoft Azure platform; other times they aren’t, like in the case of Salesforce.com hosted in Amazon Web Services (AWS).

Here’s another diagram, courtesy of YourDailyTech, which illustrates the different components to the solution and what you manage in a) an on-premise implementation, b) an IaaS implementation, c) a PaaS implementation and d) a SaaS implementation.

As you can see, there’s a lot of components to manage.  A lot of organizations are managing many (if not all) of those components anyway to support various internal needs for their organizations, but many organizations are turning to IaaS, PaaS and SaaS implementations for at least some of their solution choices.  The choices they make are based on several factors, including costs and security requirements.  There’s no right or wrong answer here – each choice can be appropriate depending on the organization and its needs.

However, you know the saying that a chain is only as strong as its weakest link?  Well, that holds true for cloud solutions as well.  Whether you favor a public cloud or a private cloud approach, you still have to vet the software provider on top of that public or private cloud infrastructure.  Obviously, when evaluating comparable software solutions, it goes without saying (but I’ll say it anyway) that you should look at the features of the different solution choices and evaluate them against the needs of your organization.

But, you shouldn’t stop there.  You also want to evaluate the companies offering the different solution choices as well.  How long has each company been in business?  What’s the average tenure of their top leadership team?  What’s the average tenure of their support and services teams?  You don’t want to select a “fly-by-night” company that could be gone tomorrow or a company that has a “revolving door” in key positions where you’re continually dealing with someone new in support or services.  Familiarity breeds…comfort – not contempt (at least when it comes to a cloud SaaS provider).

So, what do you think?  How closely do you vet the SaaS company providing the solution in a cloud solution selection?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

The Speed of Migration of Legal to the Cloud is Debatable: eDiscovery Trends

How fast is the legal industry moving to the cloud?  And, what is holding some law firms back from migrating to the cloud?  These and other questions were discussed in a recent online discussion among industry experts.

In an article sponsored by ReplyAll on Bloomberg Law (Live Conversation: Making Sense of Legal’s Migration (or Not) to the Cloud), Zach Abramowitz moderated the discussion and introduced the topic as follows:

“The migration of the legal industry to the cloud has been, much like the word migration would suggest, slow and deliberate. Although Fortune 500 companies are using cloud based technology to track everything from their back office to their marketing and sales teams — and (as anyone who’s been through an airport can tell you) all the biggest tech companies in the world like Microsoft, Amazon and Alibaba are competing to offer you cloud storage and related services — many law firms are still insisting on keeping client data behind the firewall… Many of the best legal technology start-ups tell me that their #1 obstacle in selling their product is law firm resistance to the cloud. So, as we kick off this conversation, the question I’d like to start tackling today, is what should be the industry standard (we can discuss that too), but also begin by trying to better understand the disconnect between law firms and the rest of the world. With all the information available, is it rationale for law firms to still hesitate when it comes to the cloud?”

Panelists included:

  • Alma Asay, Founder of Allegory which was acquired last year by Integreon (where Alma is now the Chief Innovation Officer)
  • Dan Baker, Chief of Staff and Director of Legal Operations at Ancestry.com
  • Adam Cohen, Managing Director at Berkeley Research Group
  • Heidi Fessler, member of the Litigation Department and the eDiscovery, Data and Document Management Practice Group at Barnes & Thornburg
  • Bryon Bratcher, Managing Director at Gravity Stack LLC and formerly Director of Practice Solutions at Reed Smith LLP

Here are some of the observations from the panelists:

Asay: “Law firms regularly use private cloud providers, we simply don’t call them that. Legal service providers like Integreon regularly host data for their clients, effectively offering private cloud services, and are well adopted by law firms… Law firms know that they will fight tooth and nail against turning over their clients’ data, and they’re quite sure that service providers that specialize in the legal industry will fight just as hard (or risk never having another client). However, law firms have been less sure about how big companies servicing many different industries would proceed in the face of an order to release data in their possession. This is an issue that has come up time and time again, even as great strides have been made by law firms to understand and accept the benefits of the cloud… I think you’d be surprised how many professionals inside law firms quietly are advocating to use the cloud and recognize the benefits over hosting data inside the law firm, but they don’t feel empowered to execute until the banks do. Just as (supposedly) no one ever got fired for choosing IBM, there is still a sense that no one gets fired for NOT choosing the cloud.”

Cohen: “I think this (the question whether Amazon is handing over client data} is a real issue for some, but it’s not the overriding issue, which is a fundamental ignorance as to the allocation of risk in the cloud and how to deal with it. If you don’t understand the services you are buying, then you can’t assess security appropriately–something lawyers are required to do by virtue of their professional responsibilities.”

Cohen also quoted the headline from this press release “Threat Stack Analysis Reveals 73% of Companies Have Critical AWS Cloud Security Misconfigurations” where Threat Stack, a cloud security and compliance management company, announced the findings of an analysis of more than 200 companies using AWS that revealed nearly three-quarters have at least one critical security misconfiguration, such as remote SSH open to the entire internet.

Baker: “The concern – benchmarked with several large firms – is that cloud solutions may result in a scenario where the cloud provider could read the law firm’s files/email, if the provider wanted to. This could violate privilege or provide alternate, and unexpected, routes of discovery…{With regard to a question from Abramowitz as to whether public cloud providers simply change their terms of service to get law firms comfortable or is legal such small fry for them that they wouldn’t bother} Through a certain lens, yes. Through another lens, there’s booming growth in legal tech – especially surrounding contract and litigation discovery. I expect that public cloud providers will need to update their terms of services to get law firms more comfortable, and that it will be the discovery firms driving the change.”

Bratcher: “Ultimately many law firms are adopting a hybrid approach between a private cloud with a smaller public provider coupled with a cloud area with the larger public providers like AWS or Azure. I would see that trend continuing for the foreseeable future.”

Fessler: “It is hard for those outside of the law firm environment to understand the level of reticence to adopt “new” technology within the legal world. Most attorneys feel an enormous responsibility to keep their client data secure and under their personal lock and key. Unfortunately, this perception of control and security does not equate with fact. It is still common to find otherwise sophisticated attorneys who refuse to use eDiscovery tools and technology and instead running review using Excel spreadsheets. At times this hesitation is also the result of a misdirected drive to reduce legal spend.”

These are just a few snippets from an overall interesting conversation regarding legal’s adoption of the cloud.  Click here to view the entire conversation.  Tomorrow, I’ll have some thoughts about cloud selection and why the question of private or public cloud isn’t the only one you should be asking.

So, what do you think?  Do you think that the legal industry is still slow to adopt the cloud?  If so, why do you think that is?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Looking to the Future with CloudNine, Concordance and LAW PreDiscovery: eDiscovery Webcasts

CloudNine recently acquired the Concordance, LAW PreDiscovery and Early Data Analyzer platforms.  So, who is CloudNine, why did they acquire these products and what is their vision for them going forward?  If you’re an existing user of these products, now’s your chance to find out!

During the month of May, CloudNine will conduct the webcast Looking to the Future with CloudNine, Concordance and LAW PreDiscovery LIVE on three separate occasions.  In this one-hour webcast, we will provide an overview of CloudNine, the vision for our new robust suite of products and how they will extend and enhance your data and legal discovery efforts.  We’re conducting the webcast three different times to make the webcast presentation more interactive, giving existing customers of our products a chance to have their questions addressed, so you’ll want to register for one of these dates if you want to attend.  The webcast will include both a presentation and a demonstration of our CloudNine platform:

Presentation Highlights:

  • Who is CloudNine?
  • What We Do and How We Solve the Problems
  • Considerations for On-Premise, Off-Premise and Hybrid Approaches
  • What the Acquisition Means for Current On-Premise Customers
  • Looking to the Future with CloudNine Off-Premise and On-Premise Products

Demonstration Highlights:

  • CloudNine Automated Legal Hold
  • CloudNine eDiscovery Platform (Upload/Process/Review/Produce)
  • CloudNine Automated Data Preservation and Collection

The three dates for the webcast are:

  • Wednesday, May 2, 2018 (click to register here)
  • Tuesday, May 8, 2018 (click to register here)
  • Thursday, May 17, 2018 (click to register here)

All times are noon CST (1:00pm EST, 10:00am PST).

So, what do you think?  Do you use Concordance, LAW or EDA?  Then, come join us!  And, as always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Germany Finds that Facebook’s Privacy Settings and Terms of Service Violate Their Privacy Rules: Data Privacy Trends

One of the things that Tom O’Connor and I discussed in last week’s webcast about the upcoming Europe General Data Protection Regulation (GDPR) was how consent will be interpreted for use of data for its data subjects.  Last month, a German court may have given an early indication of how consent will be enforced.

In Legaltech News (Facebook Foreshadowing: German Court Underscores Tech’s Uncertain GDPR Future, written by Rhys Dipshan, free subscription required), the author notes that after a three-year battle, a regional court in Berlin has found that Facebook’s default privacy settings, terms of service, and requirement that users register under their own name violate Germany’s data privacy and consent rules.

The January 2018 ruling (available here, in German, of course) based on German law on a case brought by The Federation of German Consumer Organisations (VZBV) could nonetheless illustrate trouble for international technology companies under the GDPR, once it takes effect on May 25th of this year.

Germany’s data privacy laws are currently based on the EU Directive 95/46/EC, the data privacy directive passed by the European Union in 1995 which has provisions that mirror those in the GDPR, especially around the issue of consent.  EU Directive 95/46/EC will be replaced by GDPR on May 25th.

Last November, the EU Article 29 Data Protection Working Party (WP29) issued Guidelines on Consent under Regulation 2016/679 to clarify how the EU would move to define and regulate consent and that guidance aligns closely with how the German court interpreted consent in the case against Facebook. For example, the court ruled that the pre-activated privacy settings on Facebook’s mobile application, such as allowing geotagging and for search engines to index a user’s Facebook profile, are a violation of user consent.

The court also found that eight clauses in Facebook’s terms of service assumed and framed consent too broadly and declared that asking users to register under their own names “was a covert way of getting people’s consent to use their real names,” said Nick Wallace, a senior policy analyst at the Center for Data Innovation.

The WP29’s guidance affirms both points and it also notes, “If consent is bundled up as a non-negotiable part of terms and conditions, it is presumed not to have been freely given.”  WP29 also states, “The use of pre-ticked opt-in boxes is invalid under the GDPR. Silence or inactivity on the part of the data subject, as well as merely proceeding with a service cannot be regarded as an active indication of choice.”

Debbie Reynolds, director of EimerStahl Discovery Solutions, an affiliate of law firm Eimer Stahl, stated that “Facebook and a lot of tech companies sell marketing,” and having their users register under their real names “makes the information they collect more valuable. So I think this is going to in some way change the foundation of how they are operating today.”

As you can imagine, the requirements of specific consent could change things for a lot of companies that currently collect data from individuals, including EU data subjects – perhaps significantly.  We will see.

Speaking of data privacy, today is the day that the Supreme Court will hear oral argument in United States v. Microsoft Corp (which we’ve referred to as the “Microsoft Ireland” case).  Needless to say, the ruling in this case will have major impact on how organizations treat data privacy as well.  We will certainly cover the ruling when it’s issued.

So, what do you think?  Is your organization changing how it obtains consent from individuals for handling their data?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Are Cloud Companies Moving Away from Pricing Transparency?: eDiscovery Trends

Last May, I wrote a post asking if pricing transparency is finally happening in eDiscovery.  Here’s an article where the trend seems to be reversing – at least for Software-as-a-Service (SaaS, aka cloud) companies in general.  And, what the heck is a SaaS “unicorn”?

In his article on OpenViewWhy SaaS Companies Are Moving Away From Pricing Transparency (And Why That’s a Bad Thing), by Kyle Poyar (hat tip to Rob Robinson’s Complex Discovery blog for initial coverage of the article), the author compared his findings from June 2016 to his findings from November 2017 for private SaaS “unicorns” regarding price transparency.

What Poyar found was that more than half of private SaaS unicorns (55%) were publishing their pricing online for the world to see in June 2016 (as opposed to only 28% of public SaaS companies).  However, in November 2017, he revisited the private SaaS unicorns that he had previously analyzed and found that only 47% publish their pricing, an 8% drop over a year and a half.  Poyar took a look at one of those sites at three different intervals – June 2014 (when their pricing was not published), May 2016 (when it was) and January 2018 (when it wasn’t again).  When looking at data for new SaaS unicorns, Poyar found that only “a measly” 21% of those publish pricing.  So, taken together, just 33% of SaaS unicorns of the 66 he studied currently publish their pricing.

Poyar discusses potential reasons for the shift away from pricing transparency (which Rob covers on his blog).  He also identifies three reasons why they should publish pricing, as follows:

  1. SaaS companies can’t hide anymore: Buyers are almost always going to search “insert category” and “cost” or “price.” If they can’t find that information on a company’s site, they will go elsewhere. The emergence of third party review sites like G2 Crowd, Capterra, Quora and Siftery increasingly put pricing information into the public domain. Wouldn’t you rather showcase that information on your own terms as opposed to being cut out of the buyer journey?
  2. SaaS companies need to reorient their brands around transparency: Buyers are doing more and more research about vendors before they get in touch with a sales rep. The role of the modern sales rep is going to be more similar to that of an expert or consultant, rather than someone “selling” their products at all costs. To win in this environment, SaaS companies need to establish brands that emphasize trust, helpfulness, and, you guessed it, transparency.
  3. SaaS companies need to accelerate their sales cycles: Most SaaS startups with an inside sales model can’t waste precious resources on less serious, unqualified prospects or those only looking to be educated on the market. Wasted sales and marketing resources leads to poor unit economics, making it hard for a company to attract future funding. Transparent pricing acts as an important qualification gate that allows sales reps to focus their time on serious buyers.

All excellent points.  From an eDiscovery perspective, I noted in last year’s post how Craig Ball’s EDna challenge from 2016 promoted an “apples to apples” comparison on pricing and that’s key.  But, do eDiscovery cloud solution providers as a general rule publish their pricing?  Feel free to check for yourself – I can only speak to how CloudNine (shameless plug warning!) does it.  We do publish our pricing and what our pricing covers and that info is available here.  Hopefully, we’ll see a trend toward more price transparency in our industry as I certainly think it’s what the clients would like to see.

BTW, a SaaS “unicorn” is a SaaS company with a billion dollar valuation.  Now you know!  CloudNine isn’t quite there – yet.  :o)

So, what do you think?  How important is pricing transparency to you when considering solution alternatives?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

In the Market for an eDiscovery Solution? Check Out this Buyers Guide: eDiscovery Trends

If you’re a small to medium sized law firm and you have yet to “dip your toe” into the water of selecting an eDiscovery solution (or are unhappy with the one you have selected), a couple of legal technologists have created a terrific new 2018 eDiscovery Buyers Guide to provide education about the alternatives to help you select a solution that’s right for you.

Brett Burney of Burney Consultants and Chelsey Lambert of Lex Tech Review have reviewed twenty different products in the guide, which is contained in a comprehensive (but easy to read) 89 page PDF document.  As noted in the Introduction, their eDiscovery Buyers Guide has two primary goals:

First, it is a literal “Buyers Guide” to “provide you with options available to you and your firm so you can avoid the manual, time-wasting, and ineffective processes you’re currently using”. Each review is written to explain exactly what features and capabilities each tool offers to facilitate an informed decision.

Second, the eDiscovery Buyers Guide “empowers you to be a more knowledgeable, competent, and trusted counselor. While you personally won’t use all of the products featured in this Guide, your clients might benefit from them in their own data collection efforts based on your recommendation. Plus having some knowledge about other products means you can talk intelligently with opposing counsel on the products they’re using so you don’t look ignorant or uninformed.”

Knowledge is power, right?

Anyway, the key differentiator between this guide and others that have been written over the years is that this one is tailored to the small to mid-size firm audience, so it’s written with the idea that you’re at a firm that doesn’t have a huge budget for eDiscovery.  Fortunately, there are still solutions for you.

The guide includes reviews for products in several categories, including Case Analysis & Chronologies, Social Media Collection & Web Capture, Data Identification & Collection and three categories of Processing & Review applications: Desktop Software, Hosted Solutions and Cloud-Based SaaS Platforms.  A.I. & Data Analysis in eDiscovery, eDiscovery Managed Services and Utilities for Litigators reviews are included as well.  Each review includes a “Why You Should Consider” the product section that sums up several key benefits of the offering and succinctly describes differentiation points.

CloudNine is included in the largest category – Cloud-Based SaaS Platforms for Processing & Review (seven total applications reviewed), which maybe means that this is a good area to be in, right?  :o)  Regardless, we appreciate the opportunity to be included and Brett’s review of our platform covers a number of key functional areas and their benefits to the user of the product, as well as addressing pricing info.

However, the Buyer’s Guide doesn’t just include reviews, it also includes articles from several key thought leaders in the industry, including Amy Bowser Rollins, Craig Ball, Tom O’Connor and Rob Robinson.  Chelsey also wrote a terrific article on Artificial Intelligence and Machine Learning Innovation in eDiscovery.  And, they were also nice enough to include an article from me on cloud automation and how it has made eDiscovery more affordable than ever.

All of the reviews and articles can serve to educate you to make a more informed decision when you decide to consider selecting the eDiscovery solution for your firm.

You can download the guide – for free! – here.

So, what do you think?  Do you have an eDiscovery solution in house?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

No Dismissal of Claim Against Defendant Accused of Transferring Company Info to Dropbox Account: eDiscovery Case Law

In Abbott Labs. v. Finkel, No. 17-cv-00894-CMA (D. Colo. Nov. 17, 2017), Colorado District Judge Christine M. Arguello denied the defendant-movant’s motion to dismiss the plaintiff-respondent’s conversion claim that the defendant disclosed the plaintiff’s confidential information and trade secrets to a third party and transferred that information to his personal online cloud storage Dropbox account.

Case Background

In December 2014, the plaintiff hired the defendant as a General Manager for its Nutrition Division, where he received access to its confidential information and trade secrets.  To protect its confidential information and trade secrets, the plaintiff required the defendant to sign confidentiality and non-disclosure agreements and its Electronic Messages policy prohibited the defendant from backing up or storing digital information on personal devices and also prohibited sharing info with outside parties.  Despite that, during the defendant’s employment, he both disclosed plaintiff confidential information and trade secrets to a third party and transferred that information to his personal online cloud storage Dropbox account and was fired, in part, for that.  On the date of his termination, the plaintiff’s IT personnel (with the defendant’s consent) deleted its confidential information that he transferred to his personal Dropbox account.

However, the plaintiff later discovered that “Dropbox has a feature that allows a user to restore any file or folder removed from an active user account in the past 30 days or longer, depending on the version of Dropbox.”  As a result, the plaintiff asked the defendant 1) to certify that all its information was deleted from any electronic or physical storage location owned or used by the third party, 2) that it be allowed to monitor his Dropbox account activity and ensure that the deletion restoration feature was not activated and 3) to allow a third-party forensic consultant to examine his Dropbox account to ensure that all of the plaintiff’s information was deleted and not re-downloaded or transferred.  When the defendant refused, the plaintiff sued, asserting claims of breach of contract, conversion, and misappropriation of trade secrets.  The defendant filed a motion to dismiss the conversion claim, arguing that the claim is preempted by the Colorado Uniform Trade Secrets Act (“CUTSA”) and the allegations showed that the defendant was authorized to access and use the information and that he returned it to the plaintiff upon request.

Judge’s Ruling

Judge Arguello stated: “To assert a claim of conversion, Plaintiff must show: (1) Plaintiff has a right to the property at issue; (2) Defendant has exercised unauthorized dominion or ownership over the property (3) Plaintiff has made a demand for possession of the property; and (4) Defendant refuses to return it.”  In her analysis, Judge Arguello addressed elements two and four (as one and three were undisputed) and found that the defendant still has unauthorized “dominion or ownership” over the documents and concluded that “Plaintiff has sufficiently pled the fourth element” with regard to defendant’s refusal to allow it to re-access his Dropbox account.

As for the defendant’s contention that the plaintiff’s claim is preempted by CUTSA, Judge Arguello rejected that argument, stating: “At this stage in the litigation, the Court is without a sufficient record to determine whether some, part, or all of Plaintiff’s conversion claim depends on a finding of trade secret status and is, therefore, preempted by the CUTSA. Indeed, none of the allegedly converted information has been presented to the Court, nor has it been described in much detail.”  As a result, she denied the defendant’s motion to dismiss the claim.

So, what do you think?  Should the plaintiff have the right to re-access the defendant’s Dropbox account?  Please share any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

If You’re a Cloud Provider or Consumer, Consider These Guidelines on How to Conduct Yourself in Europe: eDiscovery Best Practices

While we were preparing to eat turkey and stuff ourselves with various goodies last week, the Cloud Security Alliance (CSA) provided an important guideline for compliance with the European Union General Data Protection Regulation (GDPR).

The CSA, a world leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, last week announced the release of the CSA Code of Conduct for GDPR Compliance, which provides cloud service providers (CSPs), cloud customers, and potential customers with much-needed guidance in order to comply with the new obligations stemming from the GDPR.  As part of the release, the CSA also launched the CSA GDPR Resource Center, a new community-driven website with tools and resources to help educate cloud service providers and enterprises on the new GDPR.

“Companies worldwide are struggling to keep pace with shifting regulations affecting personal data protection. The Privacy Level Agreement (PLA) Working Group realized it was critical for cloud providers to have guidance that would enable them to achieve compliance with EU personal data protection legislation,” said Francoise Gilbert, CSA Lead Outside Counsel and PLA Working Group co-chair.

“With the introduction of GDPR, data protection compliance becomes increasingly risk-based. Data controllers and processors are accountable for determining and implementing within their organizations appropriate protection levels for the personal data they process,” noted Paolo Balboni, European ICT, privacy and data protection lawyer, and co-chair of the Privacy Level Agreement Working Group. “In this scenario, the CSA Code of Conduct for GDPR Compliance is of fundamental importance as it gives guidance for legal compliance and the necessary transparency on the level of data protection offered by the CSPs.”

The new CSA Code of Conduct for GDPR Compliance is designed to meet both actual, mandatory EU legal personal data protection requirements (i.e., Directive 95/46/EC and its implementations in the EU member states) and the forthcoming requirements of the GDPR and specifies the application of the GDPR in the cloud environment, primarily with regard to the following categories:

  • Fair and transparent processing of personal data;
  • Information provided to the public and to data subjects (as defined in Article 4 (1) GDPR);
  • Exercise of data subjects’ rights;
  • Measures and procedures referred to in Articles 24 and 25 GDPR and the measures to ensure security of processing referred to in Article 32 GDPR;
  • Notification of personal data breaches to supervisory authorities (as defined in Article 4 (21) GDPR) and the communication of such personal data breaches to data subjects; and
  • Transfer of personal data to third countries.

The CSA Code of Conduct for GDPR Compliance also contains mechanisms that enable the body referred to in Article 41 (1) GDPR to carry out mandatory compliance monitoring by the controllers or processors who undertake to apply it, without prejudice to the tasks and powers of competent supervisory authorities pursuant to Article 55 or 56 of GDPR.

With GDPR adoption looming in less than six months, you can expect to hear more about GDPR on this blog and other publications in the coming months.  Click here to access the CSA Code of Conduct for GDPR Compliance (after completing a short survey).

So, what do you think? Is your organization preparing for GDPR?  Please share any comments you might have or if you’d like to know more about a particular topic.

Hat tip to Rob Robinson and his excellent Complex Discovery blog for coverage of the story.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.