We Can All Be More Litigation Ready: Does It Make Sense for Your Organization

By |2020-10-22T19:50:15+00:00October 22nd, 2020|Categories: eDiscovery, Information Governance|Tags: , , |

Having spent more than 20 years in the eDiscovery and technology industry as both in-house and in an outside advisory capacity in the EU, I have seen many ways organizations develop & manage their eDiscovery programs. Not all eDiscovery programs are the same and it’s important to categorize the type of program in order to advise on critical improvements to determine what is the best approach for your organizations. I find there are two main camps of eDiscovery programs: Ad-Hoc eDiscovery Programs and Litigation Ready eDiscovery Programs. Let’s take some time to look at both of these approaches and see how they impact an organization’s eDiscovery program. Ad-hoc eDiscovery is treated as an unplanned exercise that may happen 1-5 times per year and involves departments or functions that do not communicate on regular basis. This reactive approach can be very painful and expensive for the organization. Organizations with an Ad-hoc mindset typically react when asked to discover unstructured information in email, SharePoint, or other data sources. Since the departments don’t have a centralized response approach, the people involved are often overwhelmed with the request and there is a feeling of the house is on fire. Ad-hoc programs usually rely heavily on their outside counsel to drive approach and decisions as well as pay a premium on their eDiscovery projects. Litigation Ready eDiscovery is for organizations that typically deal with 10 or more complex cases throughout the year that often have the same departments or people involved in similar matters. Litigation Ready programs understand that eDiscovery is a business process enabled by technology with the focus on reducing risks and controlling spend. I find Litigation Ready programs have their overall year-over-year eDiscovery spend reasonably predictable even as the number of matters increase. I [...]

M365 Advanced eDiscovery: Tipping Point?

By |2020-10-13T01:37:08+00:00October 13th, 2020|Categories: eDiscovery|Tags: , , |

I often have discussions with people looking to understand the eDiscovery space better as part of the eDiscovery Advisory Strategy Practice. One of the most recent conversations was around understanding how organizations that are doing in-house culling will impact the volume of downstream data going into the traditional eDiscovery process ending in contract review. Many of my clients over the years have implemented toolsi Nuix, Relativity, ProSearch, CloudNine Law, OpenText EnCase, Forensic Tool Kit (FTK) as well as legal hold tools like Zapproved, IBM Atlas, or Exterro to identify and triage data as part of the initial identification and collection process. It is my experience that the larger, highly regulated organizations typically have a mature workflow around data culling to reduce the data as early as possible in the EDRM lifecycle. But where does that leave the rest of the organizations in the corporate world where it doesn’t make sense to invest heavily in advanced eDiscovery technologies? What can these types of organizations do to cull data down by date, users, and search terms to reduce their downstream eDiscovery costs? I believe that Microsoft 365 (M365) may be the tipping point for smaller organizations making a significant dent in downstream eDiscovery data. M365 comprises of messaging (Exchange) and file sharing (OneDrive) along with underlying services like MS Office, SharePoint, and Teams. Underneath the hood is an indexing engine and administrative tools to manage all the data. eDiscovery functionality is found in the Microsoft Compliance Center which manages the data in the M365 ecosystem. Within the M365 Advanced eDiscovery technology (which requires an E5 license or comparable academic license) exists the functionality to search the indexable data stored in the Microsoft tenant as well as place the data on preservation/legal hold. From there [...]

Back to Basics (Part 2): Embracing Change Management

By |2020-10-07T16:07:46+00:00October 7th, 2020|Categories: eDiscovery|Tags: , , , |

In my previous article, Back to Basics – Part 1: The Importance of the eDiscovery Process Review, we discussed the importance of continually evaluating processes in a world of constant change specifically around people movement and data movement. In this article, we’ll examine technology on-boarding and dealing with upstream data as well as provide some best practices for your eDiscovery program. Technology Onboarding According to Go-Globe, 85% of people prefer native mobile applications to mobile websites because of the enhanced user experience which is why many companies are developing in-house technologies designed for mobile use. However, it can be difficult for new users to intuitively know how to navigate a new application which can significantly hinder adoption and the lose control of the underlying data. Organizations should emphasize technology onboarding as part of their roll-out process so that their employees get familiar with the new technology and use it. The underlying reason we wanted new technology to be onboarded and used properly is to ensure the data is managed to the appropriate policy. As part of rolling out any new technology is considering how the data will be onboarded to the appropriate compliance archive. Data ingestion processes are created to capture the application data as it is known today. However, applications change over time, especially by adding or retiring functionality, and there is a major risk that new data may not be captured properly, or the old data may be corrupted. Some of the critical features of a defensible archiving solution include: An audit log to track all actions taken by users to help ensure regulatory compliance Tags and comment features to record process flow The ability to automate the classification of data Backup and disaster recovery that provides multiple layers of [...]

Back to Basics (Part 1): The Importance of eDiscovery Process Review

By |2020-10-07T14:36:55+00:00September 29th, 2020|Categories: eDiscovery|Tags: , , , |

The past 5 years of my career were spent in-house at Deutsche Bank as part of the eDiscovery technology team, and now that I have my own advisory practice, I can share my thoughts, advice, and opinions more freely. This article is based in my belief that focusing on the basics will keep your eDiscovery program on the right path regardless of the size and type of organization. Why Back to Basics? We all know that eDiscovery is the process of identifying, collecting, searching, reviewing, and producing electronic documents during the discovery phase of litigation. The same methods apply to regulatory requests, investigations, or other data requests that could, in the future, move to litigation. Although organizations spend a significant amount of time creating their eDiscovery processes—working with the legal, compliance, and technology departments—they do not always review and update the procedures for technology changes. In my experience working in-house, it is essential to integrate eDiscovery practices with your organization’s change management process to avoid technology changes that could impact your eDiscovery effort today or in the future. Below are some key basic areas that I always keep an eye on for our clients when discussing change management and process review. People Movement People move, but their data may or may not go with them. As part of that process, organizations need to identify people that move to a different geographic location. It is important to track people, their responses to a litigation hold, reminding custodians of their hold responsibilities, and having a plan for dealing with custodians that have moved is all part of having a defensible legal hold process. If you have employees moving to a country like Switzerland or France, you need to be aware of policies that inhibit [...]

2020 eDiscovery and IG Corporate Initiative Survey

By |2020-09-28T14:04:20+00:00July 13th, 2020|Categories: Announcements, eDiscovery, Information Governance|Tags: , , , |

What happens when a global pandemic intersects with corporate eDiscovery & IG initiatives?  We’re curious about what’s happening with these initiatives as well.  Please share your insight by taking the 2020 eDiscovery and IG Corporate Initiatives Survey hosted by the eDiscovery Advisory team.  The survey is six questions and takes approximately two minutes to complete.  A final report will be provided to participants that sign up at the end of the survey. One participant will be selected and $100 will be donated to St. Jude's Medical Center in their name.     Share your insight and help a great cause!!!  2020 eDiscovery and IG Corporate Initiatives Survey  Thank you from everyone at the eDiscovery Advisory Team!!! 

Remembering eDiscovery Defensibility in a Crisis

By |2020-07-08T00:30:15+00:00July 8th, 2020|Categories: eDiscovery, Technology|Tags: , , , |

Notwithstanding containment efforts, the coronavirus has spread worldwide.  According to a recent McKinsey & Co. report, the U.S. economy could be in a state of recovery until as late as 2023. The hardest-hit sectors – commercial aerospace, air & travel, and oil & gas – might not even restart until sometime in 2021. The COVID-19 pandemic is having a massive impact on a wide range of industries, including the eDiscovery space. However, despite the global crisis, litigation has not stopped and the eDiscovery process continues. Data is being collected, preserved, reviewed, and produced, hopefully in a cost-effective manner and fully-defensible manner. Pandemic-Proofing Your eDiscovery Defensibility Covid-19 has vast potential to expose flaws in the eDiscovery workflow, making the need for a defensible process more critical than ever. Here are some ways to strengthen your procedure: Collect data defensibly. Data collection from a custodian’s laptop may not be possible with social distancing guidelines unless remote enterprise-level forensic technology is available. Work with your outside and in-house counsel to formulate and document a plan ranking critical custodians’ availability. Then prioritize available network sources like file shares and email servers while deprioritizing physical media until collection is deemed safe for both collectors and collectees. The active data collection approach will vary from data source to data source, so work with your outside counsel and collection specialist on the best practices for a data source type. If your organization uses Microsoft O365, it might be time to develop a plan and approach for using the eDiscovery & Legal Hold modules in the Security and Compliance Center to streamline and document your collection efforts from Microsoft systems. Document your chain of custody. As the data transitions from its original source (e.g., Exchange, file shares, SharePoint, etc.) to the collection destination such as a [...]

DSAR Best Practices and Workflows an Organization Should Follow

By |2020-07-07T15:05:10+00:00June 30th, 2020|Categories: eDiscovery, Information Governance, Privacy|Tags: , , , , |

In my latest post, I outlined the process involved in the actual response to DSAR requests. In my last article of this series, I will discuss the best practices and workflows that your organization should follow when responding to DSAR requests. Generally, “controllers” are responsible for responding to DSARs, and “processors” assist them in handling the requests. Here are my recommendations for best practices in responding to DSARs to ensure General Data Protection Regulation (GDPR) compliance: Review and Update Privacy Notices and Policies The GDPR requires organizations to inform data subjects of their rights. Companies need to make sure that their existing policies comply with the new entitlements given to data subjects by the law, including the right to: Obtain certain information from the controller beforehand, and without asking for it Be made aware of whether a controller is processing their data and how it was collected Request that inaccurate personal data about them be rectified, with communication regarding the rectification made to each recipient of the data Demand that their personal data be erased and no longer processed (right to be forgotten) Ask the controller to restrict the processing of their data Receive their data in a structure, commonly-used format for transmission elsewhere (data portability) Object to the handling of their data at any time (in certain circumstances) Not be subject to decisions based solely on automated processing Withdraw consent at any time during processing In certain circumstances, EU member states may pass legislation to limit DSAR requests under local law. One example of this is the UK’s Data Protection Act of 2018. Create and Implement a DSAR Process Your company needs to have a process in place to address: How you will enable DSARs, e.g., offering a standardized online [...]

Responding to a DSAR Request

By |2020-07-07T14:59:23+00:00June 10th, 2020|Categories: eDiscovery, Information Governance, Privacy|

In a previous post, I discussed what a DSAR is, the laws that such requests arose from, and the importance of having a systematic approach to dealing with a request. Now let us outline the process involved in the actual response to DSAR requests. An organization is required to provide a DSAR requester with a copy of any relevant information collected or stored. The time to prepare for these requests is before you receive your first DSAR and find yourself not knowing quite what to do with it. Here are the steps to follow when responding to a DSAR: Conduct a Data Inventory Before you answer a data request, you need to know where the requester’s data can be found within your organization and allow for easy access and retrieval of the requested information.  The data can come in many different forms including structured data formats which will require planning on the appropriate output format such as a PDF or CSV file to meet the request requirements. Organize DSAR Requests You will need to implement a process to classify all incoming DSARs, including who will oversee receiving and organizing the requests. This might potentially be your chief data officer (CDO), who routinely manages, secures, assesses, and oversees the collection and analysis of data.  There are technology solutions to help organize DSARs as well as other legal requests that can be implemented to manage the workflow from request to delivery. Fulfill the Request A standard process will need to be followed for identifying a valid DSAR request, verifying the requester’s identity, requesting more information, if necessary, determining if the organization possesses the requested data and if so, whether it must be provided, deciding whether charging a reasonable fee is justified (based on the administrative costs associated [...]

Mentorship During a Pandemic: Why It’s More Essential Than Ever

By |2020-07-07T15:31:45+00:00May 19th, 2020|Categories: eDiscovery|Tags: , , |

Mentorship is one of the principal keys to success, yet many people struggle to find a mentor or to establish a productive mentor/mentee relationship. At every point of my career, mentors have helped me develop and improve certain vital skills including communication, leadership, and management. What is Mentorship?  Mentorship is a relationship between two people in which the more senior person (the mentor) passes along what they have learned to the more junior individual (the mentee). But the mentee isn’t the only one who benefits from a mentor/mentee relationship. The mentor often finds great satisfaction in helping rising professionals become more knowledgeable about a particular industry or skill. After a mentoring session, I always get a boost of confidence and motivation that continues to push me grow as an individual. Mentoring is just good karma all around for everyone involved.  Why Mentorship Matters  Mentors can provide valuable insight into roles, opportunities, and guide mentees as they make critical decisions in their professional and personal lives. During the current climate of economic upheaval and social distancing, mentorship is more important than ever, even if networking events and social functions are absent.   I have been using some technology resources to facilitate individual mentorship and connect with groups of people. For more individualized mentorship activities, I have been using: EDRM Hub - a space recently launched by the EDRM to help people with careers and mentorship. “The Hub” posts job opportunities and information about those who participate in the organization then makes it easy to make connections. ACEDS Mentorship program – the professional certification organization has a structured platform entirely focused on mentorship and enhancing the mentor/mentee relationship. Facebook - I have also created a mentorship section on the highly moderated group for eDiscovery professionals on the Facebook eDiscovery page to help people make connections and obtain individual support to grow their careers. For more group mentorship activities and get the happy hour feel for networking, I’ve been using: Zoom – the go-to video conferencing application with over 200 million daily users. The background feature is fun and very easy to use. Microsoft Teams – The [...]