Software as a Service (SaaS)

The Speed of Migration of Legal to the Cloud is Debatable: eDiscovery Trends

How fast is the legal industry moving to the cloud?  And, what is holding some law firms back from migrating to the cloud?  These and other questions were discussed in a recent online discussion among industry experts.

In an article sponsored by ReplyAll on Bloomberg Law (Live Conversation: Making Sense of Legal’s Migration (or Not) to the Cloud), Zach Abramowitz moderated the discussion and introduced the topic as follows:

“The migration of the legal industry to the cloud has been, much like the word migration would suggest, slow and deliberate. Although Fortune 500 companies are using cloud based technology to track everything from their back office to their marketing and sales teams — and (as anyone who’s been through an airport can tell you) all the biggest tech companies in the world like Microsoft, Amazon and Alibaba are competing to offer you cloud storage and related services — many law firms are still insisting on keeping client data behind the firewall… Many of the best legal technology start-ups tell me that their #1 obstacle in selling their product is law firm resistance to the cloud. So, as we kick off this conversation, the question I’d like to start tackling today, is what should be the industry standard (we can discuss that too), but also begin by trying to better understand the disconnect between law firms and the rest of the world. With all the information available, is it rationale for law firms to still hesitate when it comes to the cloud?”

Panelists included:

  • Alma Asay, Founder of Allegory which was acquired last year by Integreon (where Alma is now the Chief Innovation Officer)
  • Dan Baker, Chief of Staff and Director of Legal Operations at Ancestry.com
  • Adam Cohen, Managing Director at Berkeley Research Group
  • Heidi Fessler, member of the Litigation Department and the eDiscovery, Data and Document Management Practice Group at Barnes & Thornburg
  • Bryon Bratcher, Managing Director at Gravity Stack LLC and formerly Director of Practice Solutions at Reed Smith LLP

Here are some of the observations from the panelists:

Asay: “Law firms regularly use private cloud providers, we simply don’t call them that. Legal service providers like Integreon regularly host data for their clients, effectively offering private cloud services, and are well adopted by law firms… Law firms know that they will fight tooth and nail against turning over their clients’ data, and they’re quite sure that service providers that specialize in the legal industry will fight just as hard (or risk never having another client). However, law firms have been less sure about how big companies servicing many different industries would proceed in the face of an order to release data in their possession. This is an issue that has come up time and time again, even as great strides have been made by law firms to understand and accept the benefits of the cloud… I think you’d be surprised how many professionals inside law firms quietly are advocating to use the cloud and recognize the benefits over hosting data inside the law firm, but they don’t feel empowered to execute until the banks do. Just as (supposedly) no one ever got fired for choosing IBM, there is still a sense that no one gets fired for NOT choosing the cloud.”

Cohen: “I think this (the question whether Amazon is handing over client data} is a real issue for some, but it’s not the overriding issue, which is a fundamental ignorance as to the allocation of risk in the cloud and how to deal with it. If you don’t understand the services you are buying, then you can’t assess security appropriately–something lawyers are required to do by virtue of their professional responsibilities.”

Cohen also quoted the headline from this press release “Threat Stack Analysis Reveals 73% of Companies Have Critical AWS Cloud Security Misconfigurations” where Threat Stack, a cloud security and compliance management company, announced the findings of an analysis of more than 200 companies using AWS that revealed nearly three-quarters have at least one critical security misconfiguration, such as remote SSH open to the entire internet.

Baker: “The concern – benchmarked with several large firms – is that cloud solutions may result in a scenario where the cloud provider could read the law firm’s files/email, if the provider wanted to. This could violate privilege or provide alternate, and unexpected, routes of discovery…{With regard to a question from Abramowitz as to whether public cloud providers simply change their terms of service to get law firms comfortable or is legal such small fry for them that they wouldn’t bother} Through a certain lens, yes. Through another lens, there’s booming growth in legal tech – especially surrounding contract and litigation discovery. I expect that public cloud providers will need to update their terms of services to get law firms more comfortable, and that it will be the discovery firms driving the change.”

Bratcher: “Ultimately many law firms are adopting a hybrid approach between a private cloud with a smaller public provider coupled with a cloud area with the larger public providers like AWS or Azure. I would see that trend continuing for the foreseeable future.”

Fessler: “It is hard for those outside of the law firm environment to understand the level of reticence to adopt “new” technology within the legal world. Most attorneys feel an enormous responsibility to keep their client data secure and under their personal lock and key. Unfortunately, this perception of control and security does not equate with fact. It is still common to find otherwise sophisticated attorneys who refuse to use eDiscovery tools and technology and instead running review using Excel spreadsheets. At times this hesitation is also the result of a misdirected drive to reduce legal spend.”

These are just a few snippets from an overall interesting conversation regarding legal’s adoption of the cloud.  Click here to view the entire conversation.  Tomorrow, I’ll have some thoughts about cloud selection and why the question of private or public cloud isn’t the only one you should be asking.

So, what do you think?  Do you think that the legal industry is still slow to adopt the cloud?  If so, why do you think that is?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Looking to the Future with CloudNine, Concordance and LAW PreDiscovery: eDiscovery Webcasts

CloudNine recently acquired the Concordance, LAW PreDiscovery and Early Data Analyzer platforms.  So, who is CloudNine, why did they acquire these products and what is their vision for them going forward?  If you’re an existing user of these products, now’s your chance to find out!

During the month of May, CloudNine will conduct the webcast Looking to the Future with CloudNine, Concordance and LAW PreDiscovery LIVE on three separate occasions.  In this one-hour webcast, we will provide an overview of CloudNine, the vision for our new robust suite of products and how they will extend and enhance your data and legal discovery efforts.  We’re conducting the webcast three different times to make the webcast presentation more interactive, giving existing customers of our products a chance to have their questions addressed, so you’ll want to register for one of these dates if you want to attend.  The webcast will include both a presentation and a demonstration of our CloudNine platform:

Presentation Highlights:

  • Who is CloudNine?
  • What We Do and How We Solve the Problems
  • Considerations for On-Premise, Off-Premise and Hybrid Approaches
  • What the Acquisition Means for Current On-Premise Customers
  • Looking to the Future with CloudNine Off-Premise and On-Premise Products

Demonstration Highlights:

  • CloudNine Automated Legal Hold
  • CloudNine eDiscovery Platform (Upload/Process/Review/Produce)
  • CloudNine Automated Data Preservation and Collection

The three dates for the webcast are:

  • Wednesday, May 2, 2018 (click to register here)
  • Tuesday, May 8, 2018 (click to register here)
  • Thursday, May 17, 2018 (click to register here)

All times are noon CST (1:00pm EST, 10:00am PST).

So, what do you think?  Do you use Concordance, LAW or EDA?  Then, come join us!  And, as always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Germany Finds that Facebook’s Privacy Settings and Terms of Service Violate Their Privacy Rules: Data Privacy Trends

One of the things that Tom O’Connor and I discussed in last week’s webcast about the upcoming Europe General Data Protection Regulation (GDPR) was how consent will be interpreted for use of data for its data subjects.  Last month, a German court may have given an early indication of how consent will be enforced.

In Legaltech News (Facebook Foreshadowing: German Court Underscores Tech’s Uncertain GDPR Future, written by Rhys Dipshan, free subscription required), the author notes that after a three-year battle, a regional court in Berlin has found that Facebook’s default privacy settings, terms of service, and requirement that users register under their own name violate Germany’s data privacy and consent rules.

The January 2018 ruling (available here, in German, of course) based on German law on a case brought by The Federation of German Consumer Organisations (VZBV) could nonetheless illustrate trouble for international technology companies under the GDPR, once it takes effect on May 25th of this year.

Germany’s data privacy laws are currently based on the EU Directive 95/46/EC, the data privacy directive passed by the European Union in 1995 which has provisions that mirror those in the GDPR, especially around the issue of consent.  EU Directive 95/46/EC will be replaced by GDPR on May 25th.

Last November, the EU Article 29 Data Protection Working Party (WP29) issued Guidelines on Consent under Regulation 2016/679 to clarify how the EU would move to define and regulate consent and that guidance aligns closely with how the German court interpreted consent in the case against Facebook. For example, the court ruled that the pre-activated privacy settings on Facebook’s mobile application, such as allowing geotagging and for search engines to index a user’s Facebook profile, are a violation of user consent.

The court also found that eight clauses in Facebook’s terms of service assumed and framed consent too broadly and declared that asking users to register under their own names “was a covert way of getting people’s consent to use their real names,” said Nick Wallace, a senior policy analyst at the Center for Data Innovation.

The WP29’s guidance affirms both points and it also notes, “If consent is bundled up as a non-negotiable part of terms and conditions, it is presumed not to have been freely given.”  WP29 also states, “The use of pre-ticked opt-in boxes is invalid under the GDPR. Silence or inactivity on the part of the data subject, as well as merely proceeding with a service cannot be regarded as an active indication of choice.”

Debbie Reynolds, director of EimerStahl Discovery Solutions, an affiliate of law firm Eimer Stahl, stated that “Facebook and a lot of tech companies sell marketing,” and having their users register under their real names “makes the information they collect more valuable. So I think this is going to in some way change the foundation of how they are operating today.”

As you can imagine, the requirements of specific consent could change things for a lot of companies that currently collect data from individuals, including EU data subjects – perhaps significantly.  We will see.

Speaking of data privacy, today is the day that the Supreme Court will hear oral argument in United States v. Microsoft Corp (which we’ve referred to as the “Microsoft Ireland” case).  Needless to say, the ruling in this case will have major impact on how organizations treat data privacy as well.  We will certainly cover the ruling when it’s issued.

So, what do you think?  Is your organization changing how it obtains consent from individuals for handling their data?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Are Cloud Companies Moving Away from Pricing Transparency?: eDiscovery Trends

Last May, I wrote a post asking if pricing transparency is finally happening in eDiscovery.  Here’s an article where the trend seems to be reversing – at least for Software-as-a-Service (SaaS, aka cloud) companies in general.  And, what the heck is a SaaS “unicorn”?

In his article on OpenViewWhy SaaS Companies Are Moving Away From Pricing Transparency (And Why That’s a Bad Thing), by Kyle Poyar (hat tip to Rob Robinson’s Complex Discovery blog for initial coverage of the article), the author compared his findings from June 2016 to his findings from November 2017 for private SaaS “unicorns” regarding price transparency.

What Poyar found was that more than half of private SaaS unicorns (55%) were publishing their pricing online for the world to see in June 2016 (as opposed to only 28% of public SaaS companies).  However, in November 2017, he revisited the private SaaS unicorns that he had previously analyzed and found that only 47% publish their pricing, an 8% drop over a year and a half.  Poyar took a look at one of those sites at three different intervals – June 2014 (when their pricing was not published), May 2016 (when it was) and January 2018 (when it wasn’t again).  When looking at data for new SaaS unicorns, Poyar found that only “a measly” 21% of those publish pricing.  So, taken together, just 33% of SaaS unicorns of the 66 he studied currently publish their pricing.

Poyar discusses potential reasons for the shift away from pricing transparency (which Rob covers on his blog).  He also identifies three reasons why they should publish pricing, as follows:

  1. SaaS companies can’t hide anymore: Buyers are almost always going to search “insert category” and “cost” or “price.” If they can’t find that information on a company’s site, they will go elsewhere. The emergence of third party review sites like G2 Crowd, Capterra, Quora and Siftery increasingly put pricing information into the public domain. Wouldn’t you rather showcase that information on your own terms as opposed to being cut out of the buyer journey?
  2. SaaS companies need to reorient their brands around transparency: Buyers are doing more and more research about vendors before they get in touch with a sales rep. The role of the modern sales rep is going to be more similar to that of an expert or consultant, rather than someone “selling” their products at all costs. To win in this environment, SaaS companies need to establish brands that emphasize trust, helpfulness, and, you guessed it, transparency.
  3. SaaS companies need to accelerate their sales cycles: Most SaaS startups with an inside sales model can’t waste precious resources on less serious, unqualified prospects or those only looking to be educated on the market. Wasted sales and marketing resources leads to poor unit economics, making it hard for a company to attract future funding. Transparent pricing acts as an important qualification gate that allows sales reps to focus their time on serious buyers.

All excellent points.  From an eDiscovery perspective, I noted in last year’s post how Craig Ball’s EDna challenge from 2016 promoted an “apples to apples” comparison on pricing and that’s key.  But, do eDiscovery cloud solution providers as a general rule publish their pricing?  Feel free to check for yourself – I can only speak to how CloudNine (shameless plug warning!) does it.  We do publish our pricing and what our pricing covers and that info is available here.  Hopefully, we’ll see a trend toward more price transparency in our industry as I certainly think it’s what the clients would like to see.

BTW, a SaaS “unicorn” is a SaaS company with a billion dollar valuation.  Now you know!  CloudNine isn’t quite there – yet.  :o)

So, what do you think?  How important is pricing transparency to you when considering solution alternatives?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

In the Market for an eDiscovery Solution? Check Out this Buyers Guide: eDiscovery Trends

If you’re a small to medium sized law firm and you have yet to “dip your toe” into the water of selecting an eDiscovery solution (or are unhappy with the one you have selected), a couple of legal technologists have created a terrific new 2018 eDiscovery Buyers Guide to provide education about the alternatives to help you select a solution that’s right for you.

Brett Burney of Burney Consultants and Chelsey Lambert of Lex Tech Review have reviewed twenty different products in the guide, which is contained in a comprehensive (but easy to read) 89 page PDF document.  As noted in the Introduction, their eDiscovery Buyers Guide has two primary goals:

First, it is a literal “Buyers Guide” to “provide you with options available to you and your firm so you can avoid the manual, time-wasting, and ineffective processes you’re currently using”. Each review is written to explain exactly what features and capabilities each tool offers to facilitate an informed decision.

Second, the eDiscovery Buyers Guide “empowers you to be a more knowledgeable, competent, and trusted counselor. While you personally won’t use all of the products featured in this Guide, your clients might benefit from them in their own data collection efforts based on your recommendation. Plus having some knowledge about other products means you can talk intelligently with opposing counsel on the products they’re using so you don’t look ignorant or uninformed.”

Knowledge is power, right?

Anyway, the key differentiator between this guide and others that have been written over the years is that this one is tailored to the small to mid-size firm audience, so it’s written with the idea that you’re at a firm that doesn’t have a huge budget for eDiscovery.  Fortunately, there are still solutions for you.

The guide includes reviews for products in several categories, including Case Analysis & Chronologies, Social Media Collection & Web Capture, Data Identification & Collection and three categories of Processing & Review applications: Desktop Software, Hosted Solutions and Cloud-Based SaaS Platforms.  A.I. & Data Analysis in eDiscovery, eDiscovery Managed Services and Utilities for Litigators reviews are included as well.  Each review includes a “Why You Should Consider” the product section that sums up several key benefits of the offering and succinctly describes differentiation points.

CloudNine is included in the largest category – Cloud-Based SaaS Platforms for Processing & Review (seven total applications reviewed), which maybe means that this is a good area to be in, right?  :o)  Regardless, we appreciate the opportunity to be included and Brett’s review of our platform covers a number of key functional areas and their benefits to the user of the product, as well as addressing pricing info.

However, the Buyer’s Guide doesn’t just include reviews, it also includes articles from several key thought leaders in the industry, including Amy Bowser Rollins, Craig Ball, Tom O’Connor and Rob Robinson.  Chelsey also wrote a terrific article on Artificial Intelligence and Machine Learning Innovation in eDiscovery.  And, they were also nice enough to include an article from me on cloud automation and how it has made eDiscovery more affordable than ever.

All of the reviews and articles can serve to educate you to make a more informed decision when you decide to consider selecting the eDiscovery solution for your firm.

You can download the guide – for free! – here.

So, what do you think?  Do you have an eDiscovery solution in house?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

No Dismissal of Claim Against Defendant Accused of Transferring Company Info to Dropbox Account: eDiscovery Case Law

In Abbott Labs. v. Finkel, No. 17-cv-00894-CMA (D. Colo. Nov. 17, 2017), Colorado District Judge Christine M. Arguello denied the defendant-movant’s motion to dismiss the plaintiff-respondent’s conversion claim that the defendant disclosed the plaintiff’s confidential information and trade secrets to a third party and transferred that information to his personal online cloud storage Dropbox account.

Case Background

In December 2014, the plaintiff hired the defendant as a General Manager for its Nutrition Division, where he received access to its confidential information and trade secrets.  To protect its confidential information and trade secrets, the plaintiff required the defendant to sign confidentiality and non-disclosure agreements and its Electronic Messages policy prohibited the defendant from backing up or storing digital information on personal devices and also prohibited sharing info with outside parties.  Despite that, during the defendant’s employment, he both disclosed plaintiff confidential information and trade secrets to a third party and transferred that information to his personal online cloud storage Dropbox account and was fired, in part, for that.  On the date of his termination, the plaintiff’s IT personnel (with the defendant’s consent) deleted its confidential information that he transferred to his personal Dropbox account.

However, the plaintiff later discovered that “Dropbox has a feature that allows a user to restore any file or folder removed from an active user account in the past 30 days or longer, depending on the version of Dropbox.”  As a result, the plaintiff asked the defendant 1) to certify that all its information was deleted from any electronic or physical storage location owned or used by the third party, 2) that it be allowed to monitor his Dropbox account activity and ensure that the deletion restoration feature was not activated and 3) to allow a third-party forensic consultant to examine his Dropbox account to ensure that all of the plaintiff’s information was deleted and not re-downloaded or transferred.  When the defendant refused, the plaintiff sued, asserting claims of breach of contract, conversion, and misappropriation of trade secrets.  The defendant filed a motion to dismiss the conversion claim, arguing that the claim is preempted by the Colorado Uniform Trade Secrets Act (“CUTSA”) and the allegations showed that the defendant was authorized to access and use the information and that he returned it to the plaintiff upon request.

Judge’s Ruling

Judge Arguello stated: “To assert a claim of conversion, Plaintiff must show: (1) Plaintiff has a right to the property at issue; (2) Defendant has exercised unauthorized dominion or ownership over the property (3) Plaintiff has made a demand for possession of the property; and (4) Defendant refuses to return it.”  In her analysis, Judge Arguello addressed elements two and four (as one and three were undisputed) and found that the defendant still has unauthorized “dominion or ownership” over the documents and concluded that “Plaintiff has sufficiently pled the fourth element” with regard to defendant’s refusal to allow it to re-access his Dropbox account.

As for the defendant’s contention that the plaintiff’s claim is preempted by CUTSA, Judge Arguello rejected that argument, stating: “At this stage in the litigation, the Court is without a sufficient record to determine whether some, part, or all of Plaintiff’s conversion claim depends on a finding of trade secret status and is, therefore, preempted by the CUTSA. Indeed, none of the allegedly converted information has been presented to the Court, nor has it been described in much detail.”  As a result, she denied the defendant’s motion to dismiss the claim.

So, what do you think?  Should the plaintiff have the right to re-access the defendant’s Dropbox account?  Please share any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

If You’re a Cloud Provider or Consumer, Consider These Guidelines on How to Conduct Yourself in Europe: eDiscovery Best Practices

While we were preparing to eat turkey and stuff ourselves with various goodies last week, the Cloud Security Alliance (CSA) provided an important guideline for compliance with the European Union General Data Protection Regulation (GDPR).

The CSA, a world leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, last week announced the release of the CSA Code of Conduct for GDPR Compliance, which provides cloud service providers (CSPs), cloud customers, and potential customers with much-needed guidance in order to comply with the new obligations stemming from the GDPR.  As part of the release, the CSA also launched the CSA GDPR Resource Center, a new community-driven website with tools and resources to help educate cloud service providers and enterprises on the new GDPR.

“Companies worldwide are struggling to keep pace with shifting regulations affecting personal data protection. The Privacy Level Agreement (PLA) Working Group realized it was critical for cloud providers to have guidance that would enable them to achieve compliance with EU personal data protection legislation,” said Francoise Gilbert, CSA Lead Outside Counsel and PLA Working Group co-chair.

“With the introduction of GDPR, data protection compliance becomes increasingly risk-based. Data controllers and processors are accountable for determining and implementing within their organizations appropriate protection levels for the personal data they process,” noted Paolo Balboni, European ICT, privacy and data protection lawyer, and co-chair of the Privacy Level Agreement Working Group. “In this scenario, the CSA Code of Conduct for GDPR Compliance is of fundamental importance as it gives guidance for legal compliance and the necessary transparency on the level of data protection offered by the CSPs.”

The new CSA Code of Conduct for GDPR Compliance is designed to meet both actual, mandatory EU legal personal data protection requirements (i.e., Directive 95/46/EC and its implementations in the EU member states) and the forthcoming requirements of the GDPR and specifies the application of the GDPR in the cloud environment, primarily with regard to the following categories:

  • Fair and transparent processing of personal data;
  • Information provided to the public and to data subjects (as defined in Article 4 (1) GDPR);
  • Exercise of data subjects’ rights;
  • Measures and procedures referred to in Articles 24 and 25 GDPR and the measures to ensure security of processing referred to in Article 32 GDPR;
  • Notification of personal data breaches to supervisory authorities (as defined in Article 4 (21) GDPR) and the communication of such personal data breaches to data subjects; and
  • Transfer of personal data to third countries.

The CSA Code of Conduct for GDPR Compliance also contains mechanisms that enable the body referred to in Article 41 (1) GDPR to carry out mandatory compliance monitoring by the controllers or processors who undertake to apply it, without prejudice to the tasks and powers of competent supervisory authorities pursuant to Article 55 or 56 of GDPR.

With GDPR adoption looming in less than six months, you can expect to hear more about GDPR on this blog and other publications in the coming months.  Click here to access the CSA Code of Conduct for GDPR Compliance (after completing a short survey).

So, what do you think? Is your organization preparing for GDPR?  Please share any comments you might have or if you’d like to know more about a particular topic.

Hat tip to Rob Robinson and his excellent Complex Discovery blog for coverage of the story.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Here’s an Opportunity to Learn More About On-Premise and Off-Premise Solutions and Where CloudNine Fits in Both: eDiscovery Trends

Many say that the cloud is revolutionizing eDiscovery as we know it, while others still prefer the control of the on-premise eDiscovery solutions they’re used to using.  So, what factors should you consider when selecting your own eDiscovery solution?  Thanks to our friends at ACEDS, you can learn more about the different approaches and how CloudNine supports both of those environments.

Today’s ACEDS webinar at noon CT (1pm ET, 10am PT) is titled On-Premise, Off-Premise or Both?  This is a one-hour session that I will be conducting that is part presentation and part demonstration, including a couple of new modules we’ve recently introduced at CloudNine.

Presentation Highlights:

  • Drivers for eDiscovery Technology Solution Decisions Today
  • The Cloud vs. No Cloud Debate
  • A Comparative Approach to eDiscovery Technology
  • Key Components of an eDiscovery Technology Solution

Demonstration Highlights:

  • CloudNine eDiscovery Platform (Upload/Process/Review/Produce)
  • NEW: Outpost from CloudNine: Data Transfer into Relativity
  • NEW: CloudNine Automated Data Collection

If you want an opportunity to learn a lot more about CloudNine and how we address today’s challenges with both on-premise and off-premise technology, this webinar is for you!  To sign up for today’s webcast, click here.  Hope to see you there!

So, what do you think?  Do you feel overwhelmed by the eDiscovery solution choices that exist today?  If so, please feel free to join us!  And, as always, please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

After Objection, No Waiver of Privilege for Putting Information on File Share Site without Protection: eDiscovery Case Law

In Harleysville Insurance Co. v. Holding Funeral Home, Inc., No. 1:15cv00057 (W.D. Va. Oct. 2, 2017), Virginia District Judge James P. Jones sustained the plaintiff’s objections to the Magistrate Court ruling that the plaintiff’s placement of privileged information on a file share site and distribution of the hyperlink to access that information without providing any protection for the site resulted in a failure to take reasonable steps to protect the information.  As a result, for their “improper” conduct in failing to promptly return the materials, the defendants received an evidentiary sanction, barring their use of the inadvertently disclosed privileged materials.  Judge Jones overruled the plaintiff’s objection to the decision not to disqualify defense counsel, stating he was “not convinced that the ‘blunt remedy of disqualification is appropriate.’

Case Background

In this dispute over a fire insurance claim by the defendants against the plaintiff insurance agent, a senior investigator for Nationwide Insurance, owner of the plaintiff company, uploaded surveillance footage to a file share service operated by Box, Inc. and sent an email containing a link to the site to an investigator at the National Insurance Crime Bureau (“NICB”) in September 2015.  The email contained a confidentiality notice indicating that the “e-mail contains information that is privileged and confidential”, but the information on Box was not password protected.  For a while, only the video was available on the Box site, but in April 2016, the Nationwide investigator placed files containing the plaintiff’s entire claims file and Nationwide’s entire investigation file for the defendants’ fire loss on the Box Site to be accessed by the plaintiff’s counsel – a month later, in response to a subpoena, the NICB electronically produced its files – including the email containing the link – to the defense counsel, which gave them access to the file share site containing the claims files.

Defense counsel subsequently accessed the site and reviewed and downloaded the entire claims file, but did not notify the plaintiff’s counsel that it had accessed the information until plaintiff’s counsel discovered the claims file included in materials produced by the defense in October 2016.  As a result of this discovery, the plaintiff moved to disqualify defense counsel; in response, they argued that that the motion should be denied because the plaintiff “waived any claim of privilege or confidentiality by placing the information on the Box, Inc., site where it could be accessed by anyone.”  Magistrate Judge ruled that Pamela Meade Sargent, determining that “Rule 502 does not apply in this situation to prevent a waiver of the work-product doctrine”, concluded that the plaintiff waived any claim of privilege or work-product protection over its Claims File.  She also declined to disqualify defense counsel, but ruled that they should bear the cost of the parties in obtaining the court’s ruling on the matter.  The plaintiff’s objected to both rulings.

Judge’s Ruling

Noting that “the magistrate judge did not have the benefit of reviewing the Claims File” and that “it is within my discretion to receive and consider additional evidence”, Judge Jones found that “the attorney-client privilege attaches to multiple documents contained in the Claims File”, calling them “the epitome of privilege.”  Judge Jones overruled the plaintiff’s objection to the magistrate court findings that the disclosure was inadvertent, leading to the consideration of three of five factors (Judge Jones agreed with the magistrate court that “Factors Three and Five have no applicability to this case”) to determine whether privilege had been waived:

(1) [T]he reasonableness of the precautions to prevent inadvertent disclosures, (2) the time taken to rectify the error and (4) the extent of the disclosure.

Noting that “the Box Folder was not searchable through Google or any other search engine, nor was it searchable on the Box, Inc. website” and that “as a practical matter, the [disclosed] URL itself functions as a password”, Judge Jones did “conclude that Nationwide, acting for Harleysville, did take reasonable precautions to prevent an inadvertent disclosure of the Claims File and that this factor weighs against a finding of waiver” and sustained the objection on reasonable precautions.  Judge Jones also observed that “Harleysville’s counsel were not notified of the disclosure until October 27, 2016” and “reached out to Insureds’ counsel to request destruction of the privileged materials on November 1, 2016” in sustaining the objection on time taken to rectify the error.  He also noted that the “disclosure in this case was not extensive” in sustaining that objection as well.

As for sanctions against defense counsel, Judge Jones found that “Insureds’ counsel had an obligation to ‘promptly return, sequester, or destroy’ the privileged materials, Fed. R. Civ. P. 45(e)(2)(B), with which they refused to comply.”  He also found that “Insureds’ counsel had a duty to uphold the integrity of the legal profession and to strive to avoid impropriety, as well as the mere appearance of impropriety” and that they “failed to do so”.  However, noting that “the mistakes by Nationwide’s employee initiated this issue”, Judge Jones declined to disqualify defense counsel, stating that “I am not convinced that the ‘blunt remedy of disqualification is appropriate.’”  Instead, Judge Jones found that “an evidentiary sanction is appropriate”, ruling that “the Insureds must not use any information contained in the privileged material, or information derived from such material, to seek additional information in discovery, through a subpoena, or in any other manner. Moreover, the Insureds must not use the information contained in or derived from the privileged material for any purpose in any filing or proceedings (including trial) in this action or any other related civil action.”

We covered the case previously here and Tom O’Connor and I also discussed it in a webcast as one of the key eDiscovery cases in the first half of 2017 here.

So, what do you think?  Was the first ruling right in waiving privilege or the second one right in determining that privilege was not waived?  Please share any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

eDiscovery in the Cloud: eDiscovery Best Practices

Relativity Fest started on Sunday and CloudNine is there.  As part of the team, I will be there covering the conference for eDiscovery Daily and will speaking(!) today.  Click here to see our post on some of the anticipated highlights from the conference.

Today’s highlight is my session: e-Discovery in the Cloud, today at 11:00 am, moderated by David Horrigan, e-Discovery Counsel and Legal Content Director at Relativity and we will be joined by Rachi Messing, Senior Program Manager at Microsoft, Ari Kaplan, Principal at Ari Kaplan Advisors and Kelly Twigger, Founder of ESI Attorneys.  If you’re at the show today, come check it out!

Yesterday was a terrific day, starting with the keynote speech from Andrew Sieja, the CEO of Relativity and continuing with terrific sessions, including the The Judicial Panel, with David Horrigan of Relativity, along with Judge Nora Barry Fischer of the Western District of Pennsylvania, Judge Andrew Peck of the Southern District of New York, Judge Xavier Rodriguez of the Western District of Texas and (all the way from Australia) Justice Peter Vickery of the Supreme Court of Victoria (and the recent landmark TAR decision in that country) to discuss the latest legal developments in eDiscovery.

There were several other great sessions, an ACEDS happy hour and a speaker dinner, with an opportunity to have a great time with other speakers at the show!  Quite a day!  Hopefully, today will be as much fun as yesterday!

So, what do you think?  Are you attending Relativity Fest this year?  Please share any comments you might have or if you’d like to know more about a particular topic.

Also, I’m excited to report that eDiscovery Daily has been nominated to participate in The Expert Institute’s Best Legal Blog Contest in the Legal Tech category!  Thanks to whoever nominated us!  We’re fading fast, but if you enjoy our blog, you can still vote for it and help it win a spot in their Best Legal Blogs Hall of Fame.  You can cast a vote for the blog here.  Thanks!

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.