Are you a Data Hygienist?

By |2021-03-11T16:37:41+00:00March 11th, 2021|Categories: Data, eDiscovery, Information Governance, Knowledge, Privacy, Productivity|Tags: , , , , |

The first real job in my formative years was as a line cook at a Big Boy family restaurant in north-central Indiana.  I learned many lessons about working with people, teamwork, customer service, inventory management, and managing a business. In the kitchen, I remember the grizzled cook that had been there for many years telling me when there was a break in the dinner rush: “If you've got time to lean, you’ve got time to clean”.  That mantra stuck with me for the rest of my career.  In a conversation today with my partners, Jason Thompson and Michael Epstein, we were discussing the dusty data landscape of Microsoft Teams and other collaboration sites.  Every organization, including Kindato, struggles daily with ensuring their team members accidently don’t use erroneous chats and meeting notes. Naturally, the conversation then led towards how to manage SharePoint and shared folders across a myriad of cloud platforms.    My career in technology allows me to play with terabytes (and sometime petabytes) of unstructured data. Now I’m spending quite a bit of time in Microsoft Teams, Slack, Trello, and a few other collaboration technologies across the different projects we are engaged. These tools are amazing at providing the foundation for remote teams to continue working together especially in the middle of a pandemic.    The challenge is that collaboration technologies often become a “data dumping ground” for all sorts of data such as meeting notes, files, meeting recordings, and chats. This makes it very difficult to manage on a day-to-day basis as well as raises the risk of retaining large volumes of unknown data.    Building data hygiene and data management into the culture of your organization is a healthy way to manage the exploding volume of data that is stored across these [...]

Identification in eDiscovery and Information Governance

By |2021-03-04T16:27:39+00:00March 1st, 2021|Categories: Data, eDiscovery, Events, Information Governance|Tags: , , , , , , , |

Last week the Los Angeles Chapter of Women in eDiscovery invited me to moderate a discussion with some amazing women leaders in the Information Governance space about the challenges & solutions related in identifying users and data as part of the eDiscovery process.  In our conversation with Susan Bennett of Information Governance ANZ and Justine Phillips of Sheppard Mullin we covered topics around:  Securing and locating data with personally identifiable information (PII) for eDiscovery identification stage in relation to cross borders (e.g. tokenization and legal approaches)  Compliance and benchmarking within an organization for identifying relevant data  Using identity management for acceptable risk and understanding risk profiles  As part of this discussion, Justine and Susan provided materials to share with our broader audience.   Justine shared with us some great insight on the California Consumer Privacy Acct (CCPA) and California Privacy Rights Act (CPRA) as organizations continue to understand the different types of “Personal Information” (PI) required to be protected. She shared what is considered to be Personal Information by the CCPA and CPRA.    Susan supplied us with her knowledge related to data privacy in Australia and around the globe with the General Data Protection Regulation (GDPR) as the gold standard privacy protection regulation. Susan has written an article explaining the InfoGovANZ Information Governance model and framework that I suggest people review as part of their IG learnings:   Information Governance: optimising the lifeblood of organisations - InfoGovANZ  There is also a section on law and eDiscovery in the recently released InfoGovANZ Hindsights and Insights Report - Information governance reflections on 2020 and insights for 2021.  Thank you to the wonderful Women in eDiscovery — Los Angeles Chapter for the opportunity to learn and facilitate an interesting conversation with Justine and Susan. It can be overwhelming with the [...]

Knowledge & Intelligence through Data: The KinDato Innovation Lab

By |2020-12-03T17:53:46+00:00December 3rd, 2020|Categories: Announcements, eDiscovery, Technology|Tags: , , , , , |

One of the unique opportunities I have as an advisor working with organizations looking at data information governance and eDiscovery issues is that we have an opportunity to look at the strategic use of data within an organization. Over time what we have learned is that organizations get value and reduce risk from data by making sure there is a combination of Knowledge and Intelligence that is driven by Data, or as we call it…the state of “KinDato”. As part of that effort to improve the use of technology and gain value from data within an organization we built the KinDato Innovation Lab, allowing us to assess and leverage multiple technologies through integration and workflows. In the context of eDiscovery and data management, we look at integrating numerous tools in an agnostic way since we don't have a specific relationship with any specific tool or provider. Our goal is to create effective integrations within a client’s environment particular their technology stack. Every organization that we work with uses different types of technologies to manage both their knowledge and data across their organization. From an eDiscovery viewpoint, this is challenging especially when trying to identify sources of relevant information as well as understanding the value and risk of that data.  At the core of things, it is really all about data and understanding that data from various stakeholder perspectives. The KinDato Innovation Lab is completely agnostic to the technology used in our innovation.  For example, we work with mid-size organizations on leveraging the technology they have in-house specifically around Microsoft M365 Advanced eDiscovery solution. Many organizations can’t spend the money or effort on complex eDiscovery technologies.  They simply want to be able to have an easy to use and defensible workflow for things like third party requests and data subject access requests (DSARs).  The KinDato Innovation Lab worked with the built-in Microsoft tools using PowerShell, Graph API, SharePoint and other automation techniques to build a system within the Microsoft Teams environment to create a defensible workflow for these types of cases.  More complex eDiscovery matters that require a greater effort will of course have a different workflow, but this approach will save clients a significant amount of money and effort allowing them to [...]

eDiscovery Productions in Business Productivity Suites: Truly End-to-End?

By |2020-11-03T19:58:54+00:00November 2nd, 2020|Categories: eDiscovery|Tags: , , , , , |

I work with many clients that implement cloud-based messaging and storage systems like Microsoft 365 (M365) and Google Workspace to manage their enterprise. I’m a proponent of moving enterprise systems to the cloud and generally encourage IT organizations to consider all manner of cloud solutions. Legal hold and eDiscovery needs are often secondary (or tertiary or not even considered) in the decision to move messaging and storage to the cloud especially when an organization is not regularly dealing with eDiscovery or data subject access requests (DSAR). Do these tools help enable an “End-to-End” eDiscovery workflow? My definition of an “End-to-End” eDiscovery solution starts with legal hold, data identification, data processing, data review, data search (basic and advanced), and data productions. Based on that definition my answer is no specifically because data productions require additional tools to meet the typical production obligations. Both M365 and Google Workspace have functionality to support legal hold, eDiscovery and data compliance at the tenant level. That equates to using the native index to search for responsive users and content which does not include non-indexable data. eDiscovery in M365 and Google Workspace were built as data triage tools to reduce the amount of information going into the expensive review process. The functionality to support that triage process is powerful with both tools in the hands of a practitioner that understands the nuances of the data workflow in these technologies. Producing data to requesting parties will require additional steps and/or technology depending on the requirements for the production. Production formats vary from case to case, but it is common to have a production specification for TIFF or PDF with native spreadsheet along with a load file. This is important especially with when markings (e.g. Bates stamp, etc.) or redactions [...]

We Can All Be More Litigation Ready: Does It Make Sense for Your Organization

By |2020-10-22T19:50:15+00:00October 22nd, 2020|Categories: eDiscovery, Information Governance|Tags: , , |

Having spent more than 20 years in the eDiscovery and technology industry as both in-house and in an outside advisory capacity in the EU, I have seen many ways organizations develop & manage their eDiscovery programs. Not all eDiscovery programs are the same and it’s important to categorize the type of program in order to advise on critical improvements to determine what is the best approach for your organizations. I find there are two main camps of eDiscovery programs: Ad-Hoc eDiscovery Programs and Litigation Ready eDiscovery Programs. Let’s take some time to look at both of these approaches and see how they impact an organization’s eDiscovery program. Ad-hoc eDiscovery is treated as an unplanned exercise that may happen 1-5 times per year and involves departments or functions that do not communicate on regular basis. This reactive approach can be very painful and expensive for the organization. Organizations with an Ad-hoc mindset typically react when asked to discover unstructured information in email, SharePoint, or other data sources. Since the departments don’t have a centralized response approach, the people involved are often overwhelmed with the request and there is a feeling of the house is on fire. Ad-hoc programs usually rely heavily on their outside counsel to drive approach and decisions as well as pay a premium on their eDiscovery projects. Litigation Ready eDiscovery is for organizations that typically deal with 10 or more complex cases throughout the year that often have the same departments or people involved in similar matters. Litigation Ready programs understand that eDiscovery is a business process enabled by technology with the focus on reducing risks and controlling spend. I find Litigation Ready programs have their overall year-over-year eDiscovery spend reasonably predictable even as the number of matters increase. I [...]

M365 Advanced eDiscovery: Tipping Point?

By |2020-10-13T01:37:08+00:00October 13th, 2020|Categories: eDiscovery|Tags: , , |

I often have discussions with people looking to understand the eDiscovery space better as part of the eDiscovery Advisory Strategy Practice. One of the most recent conversations was around understanding how organizations that are doing in-house culling will impact the volume of downstream data going into the traditional eDiscovery process ending in contract review. Many of my clients over the years have implemented toolsi Nuix, Relativity, ProSearch, CloudNine Law, OpenText EnCase, Forensic Tool Kit (FTK) as well as legal hold tools like Zapproved, IBM Atlas, or Exterro to identify and triage data as part of the initial identification and collection process. It is my experience that the larger, highly regulated organizations typically have a mature workflow around data culling to reduce the data as early as possible in the EDRM lifecycle. But where does that leave the rest of the organizations in the corporate world where it doesn’t make sense to invest heavily in advanced eDiscovery technologies? What can these types of organizations do to cull data down by date, users, and search terms to reduce their downstream eDiscovery costs? I believe that Microsoft 365 (M365) may be the tipping point for smaller organizations making a significant dent in downstream eDiscovery data. M365 comprises of messaging (Exchange) and file sharing (OneDrive) along with underlying services like MS Office, SharePoint, and Teams. Underneath the hood is an indexing engine and administrative tools to manage all the data. eDiscovery functionality is found in the Microsoft Compliance Center which manages the data in the M365 ecosystem. Within the M365 Advanced eDiscovery technology (which requires an E5 license or comparable academic license) exists the functionality to search the indexable data stored in the Microsoft tenant as well as place the data on preservation/legal hold. From there [...]

Back to Basics (Part 2): Embracing Change Management

By |2020-10-07T16:07:46+00:00October 7th, 2020|Categories: eDiscovery|Tags: , , , |

In my previous article, Back to Basics – Part 1: The Importance of the eDiscovery Process Review, we discussed the importance of continually evaluating processes in a world of constant change specifically around people movement and data movement. In this article, we’ll examine technology on-boarding and dealing with upstream data as well as provide some best practices for your eDiscovery program. Technology Onboarding According to Go-Globe, 85% of people prefer native mobile applications to mobile websites because of the enhanced user experience which is why many companies are developing in-house technologies designed for mobile use. However, it can be difficult for new users to intuitively know how to navigate a new application which can significantly hinder adoption and the lose control of the underlying data. Organizations should emphasize technology onboarding as part of their roll-out process so that their employees get familiar with the new technology and use it. The underlying reason we wanted new technology to be onboarded and used properly is to ensure the data is managed to the appropriate policy. As part of rolling out any new technology is considering how the data will be onboarded to the appropriate compliance archive. Data ingestion processes are created to capture the application data as it is known today. However, applications change over time, especially by adding or retiring functionality, and there is a major risk that new data may not be captured properly, or the old data may be corrupted. Some of the critical features of a defensible archiving solution include: An audit log to track all actions taken by users to help ensure regulatory compliance Tags and comment features to record process flow The ability to automate the classification of data Backup and disaster recovery that provides multiple layers of [...]

Back to Basics (Part 1): The Importance of eDiscovery Process Review

By |2020-10-07T14:36:55+00:00September 29th, 2020|Categories: eDiscovery|Tags: , , , |

The past 5 years of my career were spent in-house at Deutsche Bank as part of the eDiscovery technology team, and now that I have my own advisory practice, I can share my thoughts, advice, and opinions more freely. This article is based in my belief that focusing on the basics will keep your eDiscovery program on the right path regardless of the size and type of organization. Why Back to Basics? We all know that eDiscovery is the process of identifying, collecting, searching, reviewing, and producing electronic documents during the discovery phase of litigation. The same methods apply to regulatory requests, investigations, or other data requests that could, in the future, move to litigation. Although organizations spend a significant amount of time creating their eDiscovery processes—working with the legal, compliance, and technology departments—they do not always review and update the procedures for technology changes. In my experience working in-house, it is essential to integrate eDiscovery practices with your organization’s change management process to avoid technology changes that could impact your eDiscovery effort today or in the future. Below are some key basic areas that I always keep an eye on for our clients when discussing change management and process review. People Movement People move, but their data may or may not go with them. As part of that process, organizations need to identify people that move to a different geographic location. It is important to track people, their responses to a litigation hold, reminding custodians of their hold responsibilities, and having a plan for dealing with custodians that have moved is all part of having a defensible legal hold process. If you have employees moving to a country like Switzerland or France, you need to be aware of policies that inhibit [...]

2020 eDiscovery and IG Corporate Initiative Survey

By |2020-09-28T14:04:20+00:00July 13th, 2020|Categories: Announcements, eDiscovery, Information Governance|Tags: , , , |

What happens when a global pandemic intersects with corporate eDiscovery & IG initiatives?  We’re curious about what’s happening with these initiatives as well.  Please share your insight by taking the 2020 eDiscovery and IG Corporate Initiatives Survey hosted by the eDiscovery Advisory team.  The survey is six questions and takes approximately two minutes to complete.  A final report will be provided to participants that sign up at the end of the survey. One participant will be selected and $100 will be donated to St. Jude's Medical Center in their name.     Share your insight and help a great cause!!!  2020 eDiscovery and IG Corporate Initiatives Survey  Thank you from everyone at the eDiscovery Advisory Team!!! 

Remembering eDiscovery Defensibility in a Crisis

By |2020-07-08T00:30:15+00:00July 8th, 2020|Categories: eDiscovery, Technology|Tags: , , , |

Notwithstanding containment efforts, the coronavirus has spread worldwide.  According to a recent McKinsey & Co. report, the U.S. economy could be in a state of recovery until as late as 2023. The hardest-hit sectors – commercial aerospace, air & travel, and oil & gas – might not even restart until sometime in 2021. The COVID-19 pandemic is having a massive impact on a wide range of industries, including the eDiscovery space. However, despite the global crisis, litigation has not stopped and the eDiscovery process continues. Data is being collected, preserved, reviewed, and produced, hopefully in a cost-effective manner and fully-defensible manner. Pandemic-Proofing Your eDiscovery Defensibility Covid-19 has vast potential to expose flaws in the eDiscovery workflow, making the need for a defensible process more critical than ever. Here are some ways to strengthen your procedure: Collect data defensibly. Data collection from a custodian’s laptop may not be possible with social distancing guidelines unless remote enterprise-level forensic technology is available. Work with your outside and in-house counsel to formulate and document a plan ranking critical custodians’ availability. Then prioritize available network sources like file shares and email servers while deprioritizing physical media until collection is deemed safe for both collectors and collectees. The active data collection approach will vary from data source to data source, so work with your outside counsel and collection specialist on the best practices for a data source type. If your organization uses Microsoft O365, it might be time to develop a plan and approach for using the eDiscovery & Legal Hold modules in the Security and Compliance Center to streamline and document your collection efforts from Microsoft systems. Document your chain of custody. As the data transitions from its original source (e.g., Exchange, file shares, SharePoint, etc.) to the collection destination such as a [...]