Close
Enter your
text here

Security

Jason R. Baron of Drinker Biddle & Reath LLP: eDiscovery Trends

This is the fifth of the 2015 LegalTech New York (LTNY) Thought Leader Interview series. eDiscovery Daily interviewed several thought leaders at LTNY this year and generally asked each of them the following questions:

  1. What are your general observations about LTNY this year and how it fits into emerging trends? Do you think American Lawyer Media (ALM) should consider moving LTNY to a different time of year to minimize travel disruptions due to weather?
  2. After our discussion last year regarding the new amendments to discovery provisions of the Federal Rules of Civil Procedure, additional changes were made to Rule 37(e). Do you see those changes as being positive and do you see the new amendments passing through Congress this year?
  3. What are you working on that you’d like our readers to know about?

Today’s thought leader is Jason R. Baron. An internationally recognized speaker and author on the preservation of electronic documents, Jason is a member of Drinker Biddle’s Information Governance and eDiscovery practice and also a member of the leadership team for the Information Governance Initiative. Jason previously served as Director of Litigation for the U.S. National Archives and Records Administration (NARA) and as trial lawyer and senior counsel at the Department of Justice. He was a founding co-coordinator of the National Institute of Standards and Technology TREC Legal Track, a multi-year international information retrieval project devoted to evaluating search issues in a legal context. He also founded the international DESI (Discovery of Electronically Stored Information) workshop series, bringing together lawyers and academics to discuss cutting-edge issues in eDiscovery.

What are your general observations about LTNY this year and how it fits into emerging trends? Do you think American Lawyer Media (ALM) should consider moving LTNY to a different time of year to minimize travel disruptions due to weather?

Well, it’s not going to come as a big surprise to you that I have seen more sessions related to information governance. Those of us who are part of the movement here may see IG under every rock, but I did make a humorous aside at a panel that I participated in on the first day of LegalTech: “Welcome to the 29th session on Information Governance.” It seems to me that we have gone through a hype curve that Gartner talks about with both technology assisted review and with big data, and I think we are definitely going up that same curve on information governance. Whether that will level off at some point, I don’t know. But, I did see it as a more major element of this year’s conference. And, it’s not just that there was a dedicated track to the topic of IG here at LegalTech, but an increased focus on talking about IG issues across several tracks and in new and different ways.

Of course, as we came upon the year 2015, we are now living in a post-Sony, post-Snowden world. If you had to do a Time magazine cover, it might be called the year of the data breach. In my mind the increased focus on cybersecurity issues is a leveraging opportunity for those of us in the information governance community, given that it’s a moment where the C-Suite in corporations is thinking about data breaches all around the enterprise, and also going beyond that to think about their data. Because it’s one thing to secure the borders – I draw a little square when I diagram this out – and to ensure constant vigilance. But it’s another thing to figure out what’s inside the borders that you’re securing. And that’s where the information governance proposition shows up.

So, while the C-Suite is focused on cybersecurity threats, they should also be having a conversation about the amount of data they’re accumulating, the legacy data that they have, how are they getting visualization into the data they have, how are they maximizing the opportunities in terms of ROI on the data that’s being collected on the consumer side, and figuring out what’s of high value and what’s of low value. This is something that the records profession has attempted to do for decades, but we’re in a new world of big data and we need to apply 21st century thinking to this. So, what I see here at the conference is an increased attention on IG and an increased attention on cybersecurity generally and I think that those are “twins” – they go together conceptually.

The world is accelerating in terms of the pace of change of technology and if lawyers aren’t competent in understanding new technologies that they can utilize in their practices across the board – not just in eDiscovery but as a general practice – then they are going to lose out to others in the Darwinian sense. So, I don’t think LegalTech has ever been more important than right now. I think we need to expand our horizon beyond eDiscovery collection, preservation and production to the greater world of analytics and other new things that are happening in the business space. And aside from analytics and IG itself, it would be interesting for LegalTech to talk about artificial intelligence and deep learning and about how robots and software may eventually be replacing lawyers in terms of legal research. It has been very much an eDiscovery-centric conference for a long time, but that’s not everything that’s encompassed in the world of legal practice. So, it would be great to see LegalTech expand beyond its current focus.

As for the possibility of moving LTNY to a different time of year, what could be better than snow storms, slush and ice in New York City in February? Of course, if you’re asking me if I’d like to see it in Hawaii instead, the answer is yes. 🙂

After our discussion last year regarding the new amendments to discovery provisions of the Federal Rules of Civil Procedure, additional changes were made to Rule 37(e). Do you see those changes as being positive and do you see the new amendments passing through Congress this year?

No question about it – there is no known Congressional opposition to the rules and we all expect them to be effectuated. Some close colleagues of mine have made the point that Rule 37 particularly will enormously help large defendants in being able to push back on the trend towards over-preservation of data caught up in litigation. If this holds true, the rules will support an important pillar of practicing good information governance, namely, finding ways in which corporations can continue to dispose of information without running n the risk of spoliation claims in litigation.

I have not a contrary view, but let’s just call it a “view from the mountaintop.” I wrote a letter on behalf of the Information Governance Initiative which is on our web site. It was an open letter to the Federal Rules Committee that was looking at the thousands of comments that came in regarding the proposed rules changes. Basically, the IGI’s position is that the changes to Rule 37 and Rule 26 may be welcome; however, what we believe in even more strongly is that real changes will come with technology and with cultural change. We’re all advocates, at least at the IGI and in my own legal practice at Drinker Biddle, in seeking more optimal ways to automate processes and the overall workflow, to essentially reduce the burden on individuals at all points in the eDiscovery process and in the greater IG space.

We’re also advocates in support of Rule 1, which now more clearly emphasizes cooperation in discovery (via the Notes section of the proposed rule which states “Effective advocacy is consistent with – and indeed depends upon – cooperative and proportional use of procedure.”). I have been very proud to be associated with The Sedona Conference® and the Cooperation Proclamation that it issued. The late Richard Braman spearheaded this movement – as discussed in Joe Looby’s film The Decade of Discovery. Lawyers know that The Sedona Conference has been advocating for lawyers and judges to sign on to a different practice culture, at least at the Meet and Confer stage of litigation, where there is more transparency and more open discussion among lawyers in trying to narrow issues that opposing sides feel strongly about. The ideal result is that the very narrowest set of issues is presented to a judge going forward. I think the culture of cooperation is taking hold. It is not “Pollyanna-ish” to think that, in every district in the country, there will be one or more judges who are aggressively pushing lawyers to be more open and cooperative earlier in the process.

The technology in the eDiscovery space is getting to a level of complexity that you simply have to have a conversation with opposing counsel about preservation issues and about search and access issues early on in the game. We just all need to “raise our games” in terms of being competent to talk about tools to make the eDiscovery process more efficient. I am one who holds the view that enormous resources being continuously devoted to tinkering with the Federal Rules of Civil Procedure misses the larger picture here, which is that the pace of change of technology is so great, that no Rules can ever catch up, as such. As lawyers, we need to give our best advice to clients on how to improve their processes to lower costs. And of course, many remain hopeful that there will be less of a “dagger over the heads” of large entities in litigation with the rules changes going into effect.

What are you working on that you’d like our readers to know about?

Glad you asked, Doug! It has been quite a ride for the past 15 months working in the private sector after 34 years in the government, including at the Justice Department, and being Director of Litigation at the National Archives. The problems faced in the public sector are profound, with respect to information governance challenges, both from a security perspective and well as with respect to record keeping, open government and open access in the digital age. But I now see many of the same issues here that the private sector faces as well. We all live in a world of litigation of increasing complexity. How you get your arms around the need to preserve some of your high value data, while segregating other portions of your data including legacy data that is to be considered low value, is a profound IG issue. I am very fortunate to now be part of a practice group at Drinker Biddle that is talking about all of these important information governance issues, in ways that we hope will be attractive to clients.

I’ve also been having a great time in working with Barclay Blair, Bennett Borden and Jay Brudz as part of the Information Governance Initiative, which is a new think tank and consortium launched a year ago at Legaltech (in 2014). We now have a whole a large number of sponsors and lots of activities continuously going on, including boot camps, dinners, benchmark studies, white papers, and a conference in Chicago in May about Chief Information Governance officers (a new position in the IG space).

I have also had the pleasure of going around the US and the world to be part of screenings of a film by Joe Looby calledThe Decade of Discovery (covered by this blog here, here and here; click here for the latest listing of film screening locations and dates), which traces the evolution of search in eDiscovery since around the year 2000. Joe has done a wonderful job of capturing in a 60 minute documentary the issues we all have been facing. In particular, the film is a tribute to the late Richard Braman and his vision for dialogue and cooperation in discovery. The movie also talks about what I had the privilege of doing, in terms of being tasked to search for White House email, and the film also involves a number of prominent judges and lawyers. So, for the next few months, I’ll continue our world tour with screenings of the film in law schools and other venues talking about these issues.

It’s very important to me to get a message out to younger lawyers and law students in particular that this field of eDiscovery and information governance is growing, it’s a hot field, an interesting field and one where you can be what we call a “SME” — a subject matter expert – in a pretty short amount of time. So, for anyone reading this, the message is “get on board”, become an expert in some niche in this space and in a relatively still chilly market for lawyers, you can distinguish yourself. I would be happy to have that conversation with anyone who is interested in being part of the dialogue about eDiscovery and information governance.

Thanks, Jason, for participating in the interview!

And to the readers, as always, please share any comments you might have or if you’d like to know more about a particular topic!

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Tom O’Connor of Advanced Discovery: eDiscovery Trends

This is the fourth of the 2015 LegalTech New York (LTNY) Thought Leader Interview series. eDiscovery Daily interviewed several thought leaders at LTNY this year and generally asked each of them the following questions:

  1. What are your general observations about LTNY this year and how it fits into emerging trends? Do you think American Lawyer Media (ALM) should consider moving LTNY to a different time of year to minimize travel disruptions due to weather?
  2. After our discussion last year regarding the new amendments to discovery provisions of the Federal Rules of Civil Procedure, additional changes were made to Rule 37(e). Do you see those changes as being positive and do you see the new amendments passing through Congress this year?
  3. Last year, most thought leaders agreed that, despite numerous resources in the industry, most attorneys still don’t know a lot about eDiscovery. Do you think anything has been done in the past year to improve the situation?
  4. What are you working on that you’d like our readers to know about?

Today’s thought leader is Tom O’Connor. Tom is a nationally known consultant, speaker and writer in the area of computerized litigation support systems. A frequent lecturer on the subject of legal technology, Tom has been on the faculty of numerous national CLE providers and has taught college level courses on legal technology. Tom’s involvement with large cases led him to become familiar with dozens of various software applications for litigation support and he has both designed databases and trained legal staffs in their use on many of the cases mentioned above. This work has involved both public and private law firms of all sizes across the nation. Tom is the Director of the Gulf Coast Legal Technology Center in New Orleans and he just joined Advanced Discovery as a Senior ESI Consultant in January.

What are your general observations about LTNY this year and how it fits into emerging trends? Do you think American Lawyer Media (ALM) should consider moving LTNY to a different time of year to minimize travel disruptions due to weather?

Like all LegalTech shows, it’s hectic. I come to New York thinking, “hey, I’m going to go have a good dinner one night, maybe go down to Times Square” and by 8pm, I’m exhausted. You talk to people all day and at the end of the show day there’s a group of people who want to go out to parties and I’m going across the street to the 24 hour deli and getting a sandwich. It’s always busy and there’s always a ton of things going on at the show. It is great, though, that I get people that I don’t get to see on a regular basis, like Michael Arkfeld and George Socha, so this show is really priceless for me to get to talk to them. Craig (Ball) and George and I just had lunch and talked about Continuous Active Learning and those are the sorts of discussions that LTNY facilitates.

Last night, when I was grabbing my sandwich at the end of the day, Henry Dicker (Executive Director of LegalTech) came walking in and we had a great talk about LegalTech and their worldwide schedule. Henry and I have been doing these shows for about the same amount of time. So, it was interesting getting his perspective in a quiet moment about how the show is going and the attendance and so forth. ALM has apparently been having great success with their overseas shows. I think Henry said that, at the end of the year, he was in Singapore, Taiwan, Hong Kong and mainland China – all within five weeks. So, they have been having great success internationally.

As for the show itself, if you’re looking for new product information and what the latest and greatest is across a wide swath of product types (i.e., every type of legal software imaginable), LTNY, because it is in late January/early February has always been the “granddaddy of them all”. Vendors like to get new releases out for the show, make announcements, etc. ILTA is probably the better show for highly technical information and IT types because it’s where they start opening the hood and popping the carburetor off and boring out the engine. That being said, Henry has a great relationship with ILTA and they have an ILTA track here. But, for what LTNY does, which is cut across all products, it’s unbeatable.

The one issue I have with LTNY (which is not really a negative because the slack is picked up by the ABA Tech Show) is the over-emphasis on BIG firm solutions. BIG firms, BIG corporations, BIG data – everything’s BIG. But, the ABA Tech Show does a good job in picking up and emphasizing small to mid-sized firms and solutions for them.

As for trends for this year, every year there’s a buzzword or two that interests people. The one that I think is particularly discussed a lot this year (again, by big firms) is cybersecurity. After last year, with the big security breaches at Sony and Home Depot, I think that’s in the forefront of people’s discussions right now. I think that’s a very hot topic. Information Governance continues to be a hot topic as well – Patrick Burke had a great program on Monday at the Cardozo Law School – so, I think that continues to be (if you’ll pardon the pun) a huge interest for attendees here. The third area of interest that I’m hearing a lot about is analytics – how to use computer tools of all sorts before you get to review and, in some cases, before you even get to the processing stage and pare down that huge amount of data. Using those tools to try to reduce that volume and get a handle on what’s relevant. A few years ago, the hot topic was early case assessment. It’s a continuation of that trend, but with much more sophisticated tools and ability to do it.

As for moving LTNY to a different time of year, yes, I’ve been advocating for years that they consider flipping LegalTech West and LegalTech East. Have LegalTech West at this time of year and go to San Francisco (where the show will be held this year) or Los Angeles (where the show has been held in past years) during the wintertime and New York in the late spring or early summer. I understand there are long term contracts and it would take a while, but it sure would help things with the weather and travel issues. Once you delay a flight for bad weather by half an hour or 45 minutes, everything goes “to hell in a hand basket” quickly. So, yes, I would love to see it moved.

After our discussion last year regarding the new amendments to discovery provisions of the Federal Rules of Civil Procedure, additional changes were made to Rule 37(e). Do you see those changes as being positive and do you see the new amendments passing through Congress this year?

I don’t think the changes were necessarily for the better. The revised Rule 37(e) still benefits corporate defendants, lowering their burden and making it easier for them to not preserve data. Again, I think that only affects a small percentage of litigants. To paraphrase Judge (Shira) Scheindlin, she essentially said that she just doesn’t think it will have an “in the trenches” sort of an impact. It may in one or two cases, but she didn’t see it as being all that big a deal with the amount of cases that they see, at least in her court. Certainly where I live, in New Orleans and throughout the southeast, the people who I work with in more rural or semi-rural jurisdictions with smaller cases and smaller case loads, there is no impact.

Last year, most thought leaders agreed that, despite numerous resources in the industry, most attorneys still don’t know a lot about eDiscovery. Do you think anything has been done in the past year to improve the situation?

Clearly, we’ve advanced. I think there is better understanding by some attorneys, especially corporate counsel, which I think have a much firmer grasp of what’s going on in eDiscovery. Four or five years ago, Michael Arkfeld said probably only 2% of attorneys really got eDiscovery and understood all of the rules. We’ve improved, but, unfortunately, I think we’ve only gone to about 10%. I think there’s still a lot of work to be done. Law schools are still dragging their feet on what they see as some sort of technical training. It’s not in their “wheelhouse”, not in their charter. I think that’s changing and I think you’re going to see a lot more aggressive legal education around these issues in law schools in the next year or so.

I think that you’re seeing the judiciary be very aggressive in demanding competence and, with some of the local rules changes and ethics opinions (such as the recent one in California), requiring some sort of affidavit or certification that you have enough knowledge to make a pleading in this field. I think we will continue to see more of that. It’s great when we see Judge Scheindlin say that or Judge (John) Facciola or Judge (Andrew) Peck or other big names in the field, but I see judges in the federal district courts in places like New Orleans, Mobile and Mississippi also be much more demanding of competence. So, I don’t think it’s isolated to the northeast or the big name judges, it’s something that the judiciary as a whole is pushing. That has probably been the biggest change.

What are you working on that you’d like our readers to know about?

I have a new position – doing what I’ve always been doing, but now for a national company – heading up the consulting services for Advanced Discovery. I’m working with clients on cases, trying to help them find the right tools to answer these problems that we’re talking about in this interview. And, as always, I’m performing a lot of pro bono work for the Louisiana and Mississippi state bars because we have a very high concentration of solo and small firm attorneys “in our neck of the woods”. They are struggling with all sorts of education issues, especially around eDiscovery and technology updates. That’s a major undertaking, from Houston to Pensacola, in states that are poorer and mostly rural. You think about New Orleans or Mobile, but when you get above that I-10 line, you get to an area that’s underserved by the legal community in general and by technology. Courts, attorneys and clients are all struggling with these issues down there.

Thanks, Tom, for participating in the interview!

And to the readers, as always, please share any comments you might have or if you’d like to know more about a particular topic!

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

James D. Zinn, Managing Director of Huron Consulting Group: eDiscovery Trends

This is the second of the 2015 LegalTech New York (LTNY) Thought Leader Interview series. eDiscovery Daily interviewed several thought leaders at LTNY this year and generally asked each of them the following questions:

  1. What are your general observations about LTNY this year and how it fits into emerging trends? Do you think American Lawyer Media (ALM) should consider moving LTNY to a different time of year to minimize travel disruptions due to weather?
  2. After our discussion last year regarding the new amendments to discovery provisions of the Federal Rules of Civil Procedure, additional changes were made to Rule 37(e). Do you see those changes as being positive and do you see the new amendments passing through Congress this year?
  3. Last year, most thought leaders agreed that, despite numerous resources in the industry, most attorneys still don’t know a lot about eDiscovery. Do you think anything has been done in the past year to improve the situation?
  4. What are you working on that you’d like our readers to know about?

Today’s thought leader is James D. Zinn. James is Managing Director of Huron Consulting Group. James is responsible for leading Huron Legal’s technology vision and strategy globally. He directs the practice’s software engineering, information technology, and product management teams. James is responsible for driving innovation by identifying and incubating emerging technologies and technology-driven solutions with relevance to Huron Legal. He has more than twenty years of experience developing and delivering services and solutions to clients.

{Editor’s Note: Because of travel issues, James did not make it to LTNY this year, but we were able to re-schedule the interview for after the show.}

What are your general observations about LTNY this year and about emerging trends in general for 2015? Do you think American Lawyer Media (ALM) should consider moving LTNY to a different time of year to minimize travel disruptions due to weather?

While I didn’t make it to the show, from what I’ve heard from my colleagues, all of the themes from last year seem to be continuing to mature, including information governance and the convergence of IG and discovery. Also, the focus on security certainly took a step forward this year and the use of predictive coding and other analytical technologies has become a perennial topic and has continued to move forward. So, what I saw was a continued maturing and growth of last year’s themes, which I think will continue throughout 2015.

As for the possibility of moving LTNY to a different time of year, I think that’s a big change. Certainly, New York is much nicer in the fall than in the winter, so I’d love to see a change from that perspective. Realistically, I think that there is a lot of inertia behind the current scheduling, so it would be a big change and disruption to the industry to try and move it.

After our discussion last year regarding the new amendments to discovery provisions of the Federal Rules of Civil Procedure, additional changes were made to Rule 37(e). Do you see those changes as being positive and do you see the new amendments passing through Congress this year?

I don’t think there will be any roadblocks. I think the proposed changes to the Federal rules are useful and I think we’re already starting to see the impact as our clients have started to act consistent with the proposed changes. So, I don’t really see any challenge with them being adopted and incorporated into current practices; in fact, I think that adoption has already begun.

Some of this could be due to the pending rules changes and some could be due to the maturing of organizations and the industry in general. We have seen the increased use of technology to try to wrestle down the volumes of information. We’re seeing more targeted collection, more targeted use of analytics earlier in the process to reduce data volumes, even before the more traditional review stages begin. We are seeing an increasing number of projects where the data volumes are getting culled much more quickly than they have in the past. The days of collecting large volumes and dumping those large volumes indiscriminately into the discovery process and then sorting it all out are evolving into much more careful efforts. As a result, we see the downstream benefits already starting to appear where there’s less need for brute forcing your way through a corpus of documents.

Last year, most thought leaders agreed that, despite numerous resources in the industry, most attorneys still don’t know a lot about eDiscovery. Do you think anything has been done in the past year to improve the situation?

I think that there has been a continued progress in that area. Our client attorneys that we see on a regular basis are absolutely more knowledgeable about eDiscovery, aware of the issues associated with it and how to address those issues more efficiently. From our view, there’s a clear maturing of that knowledge in the industry.

What are you working on that you’d like our readers to know about?

At Huron Legal, we’re continuing to try to support these trends by offering technology everywhere where it can improve the process and make the process as cost-efficient as possible. We’ve continued, much as the industry has, to try to advance and mature those solutions. I mentioned predictive coding earlier and that has been a recurring theme for years and I think predictive coding technology has slowly continued to get better and easier and, as a result, become more adopted within the industry. We’re also seeing a lot more interest in security and with the increase in security breaches and those breaches becoming more publicized, there has been a lot more interest from our clients in understanding how we’re protecting their data, as well as what steps they can also take to protect their data. So, we have a lot of exciting things going on in that area as well.

Also, a little outside the eDiscovery realm but closely related, is cost management. We recently acquired a technology company called Sky Analytics, which focuses on helping lawyers, predominantly corporate law departments, to analyze and understand their external spend (of which discovery is a large component). It helps them to evaluate the efficiency of the services that are being provided by their outside counsel. This fits in well with our efforts to support organizations in managing their legal costs by using analytics and technology to provide meaningful, real-time insight. We’ve made some big strides in this area in the past few months and it will continue to be a significant focus for Huron Legal.

Thanks, James, for participating in the interview!

And to the readers, as always, please share any comments you might have or if you’d like to know more about a particular topic!

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Data Breaches are Up, But Records Breached are Down: Cybersecurity Trends

One of the most discussed topics at last week’s LegalTech® New York 2015 (LTNY) was cybersecurity. And, with good reason, as it seems as though every other day, there is another report of a data breach (last week, it was health insurance company Anthem with an estimated 80 million people affected). Now, 27001 Academy has prepared an informative infographic with stats regarding 2014 data breaches and an offer of a free eBook with cybersecurity best practices.

Here are some key statistics:

  • Data Breach Incidents in 2014: The number of reported incidents rose from 614 in 2013 to 783 in 2014 – a 27.5% increase.
  • Records Exposed in 2014: However, the reported number of records exposed in breaches dropped from 91,982,172 in 2013 to 85,611,528 in 2014 – a 7.1% decrease.
  • Breaches by Month: Last year, January had the highest number of breaches with 113, 40 more than the next highest month (August with 73). February had the lowest number of breaches with 44.
  • Breaches by Industry: Breaches in each measured industry rose last year, with government/military breaches showing the biggest percentage rise – over 53% from 60 in 2013 to 92 in 2014. The healthcare industry had the greatest number of breaches – 333 in 2014, up from 271 in 2013 (a 22.9% increase). The potential cost for breaches in the healthcare industry is estimated to be as much as $5.6 billion annually.
  • Breaches by State: California organizations were more than twice as likely as any other state to experience a breach – 120 total breaches affecting 112 organizations. Texas and New York were second and third with 57 and 50 breaches respectively. It appears that Rhode Island was the only state without a reported data breach in 2014.

For the full infographic, click here. Thanks to Sharon Nelson and her always excellent Ride the Lightning blog for the tip – her post regarding the infographic is here.

On the page with the infographic, 27001 Academy also provides a link to download a free eBook, 9 Steps to Cybersecurity, written by Dejan Kosutic. It’s designed to be a primer on cybersecurity basics, written in an easy-to-understand format. It’s 80 pages, so it’s pretty comprehensive, covering topics ranging from types of security incidents to cybersecurity myths and basics to steps and standards for implementing. I downloaded it, looks promising.

So, what do you think? Has your organization, or have you personally, suffered a data breach? Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscoveryDaily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

More Organizations Have Data Breach Plans in Place, But More Are Reporting Data Breaches – eDiscovery Trends
 

You cannot talk about eDiscovery these days without talking about data security and breaches.  Bank of America, Home Depot and Target are just three examples of big name companies that have been hit by data breaches.  A recent study, conducted by the Ponemon Institute, shows that more organizations have data breach response plans and teams in place, yet more organizations are reporting at least one data breach in the past two years.

In this second annual study (Is Your Company Ready for a Big Data Breach?  The Second Annual Study on Data Breach Preparedness), sponsored by Experian® Data Breach Resolution, Ponemon Institute surveyed 567 executives in the United States about how prepared they think their companies are to respond to a data breach.  Here is a sampling of their key findings:

  • More companies have data breach response plans and teams in place. In 2014, 73% of companies had such a plan in place, up from 61% in last year’s study.  Also, more companies have teams to lead data breach response efforts – 72% of respondents, up from 67% last year.
  • Yet, data breaches have increased in frequency.  Last year, 33% of respondents said their company had a data breach involving the loss or theft of more than 1,000 records in the past two years. This year, the percentage has increased to 43%. Of those that experienced data breaches, 60% reported their company experienced more than one data breach in the past two years – up from 52% of respondents in 2013.
  • More companies have data breach response plans but they are not considered effective.  Despite the majority of companies having data breach plans, only 30% of respondents said their organizations are effective or very effective in developing and executing a data breach plan.
  • Maybe part of the reason is they don’t review their plans regularly.  Only 22% of respondents with data breach plans said their organizations review and update their plans at least yearly, with 41% of those respondents indicating no set time period for reviewing and updating the plan and 37% of those respondents having not reviewed or updated since the plan was put in place.

It’s also interesting to note that 17% of respondents were unsure whether their organization had a data breach in the past two years.  Really?  Well, at least that’s down from 22% in last year’s survey.

The 24 page report is chock-full of statistics and survey results and available here.  Thanks to Sharon Nelson and her always excellent Ride the Lightning blog for the tip.

So, what do you think? Does your organization have a plan for responding to data breaches?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.