A New Year’s Wish List

Jim Shook

Rather than trying to make predictions for 2012, which I tend to avoid, I thought it might be interesting to put together a short wish list of things that I hope for in 2012.  The usual suspects immediately sprang to mind:  that Legal and IT learn to effectively communicate; companies begin to defensibly delete their stale and legacy data, more eDiscovery moves in-house, etc.  Those all seemed to be a little much to absorb in January, so instead I put together a much more achievable “To Do” list with some additional resources to help.

Don’t Be Scared Of  “Archiving”

Despite surveys suggesting otherwise, our experience is that email remains the most important and painful eDiscovery repository in a company.  Email sprawl also creates operational costs and risks when it’s not properly managed.  Yet many legal departments either block or fail to assist the efforts of their IT counterparts when they decide to do something about email.  Many times, this failure is because they really do not understand email, or their understanding of an “archive” implies that they will be keeping everything forever.

In reality, modern archives enable companies to implement and enforce retention policies on email, which is a strong foundation to enable defensible deletion of email.  Better archives can also enable similar management of other content repositories, such as Sharepoint and fileshares.  A good archive, with associated policies, will improve and reduce the cost of operations, and make eDiscovery cheaper and easier.

Learn more:

• Advanced Discovery, Why (and How) To Archive Email

• EMC Corporation, A 15 Minute Guide To Archiving

Dive Into Machine Classification and Coding

Machine-based coding for document review is a hot topic.  We’re learning that in many cases, people just do not do a great job in reviewing and coding large volumes of information.  However, machines are built for this type of work because they are consistent, never tire and are cheaper than human review.  An open and shut case, right?

In reality, there remains a misunderstanding about how these technologies actually work, and how they can be successfully deployed and defended in a litigation matter.  Clearly they hold great promise, but there’s a lot of work to be done before they become mainstream.

Learn more:

• Honorable A. Peck, “Search, Forward”
• Ralph Losey,  “Secrets of Search Part 3”
• Maura Grossman  & Gordon Cormack,  Technology Assisted Review in EDiscovery

Be Proactive With Social Media

Many companies are using different types of “social media” to more effectively and rapidly reach their customers, partners and even their own employees.  Technologies such as Twitter, Facebook, wikis and blogs are being used daily, and it’s likely we’ll see some even newer technologies develop in 2012.

Yet social media is not a free ride.  Gartner’s Debra Logan predicted a year ago that by YE 2013, half of all companies will have produced social media content in response to an eDiscovery request.  But today, most companies do not have policies to regulate social media content, nor do they have much of an idea on how they might preserve and collect that ESI in response to a regulatory or litigation matter.

Learn more:

• Alitia Faccone, It’s Not Personal, It’s Business:  Or Is It?
• On Demand Webinar, No Longer A World Apart

Understand “The Cloud”

Ahhh, the Cloud.   Depending on your vantage point, Cloud Computing may be the answer to every issue you have or the most overhyped idea since push computing in the 90s.  The IT department is attracted to the cloud’s operational efficiencies and flexibility, and the business enjoys the rapid rate of deployment.

But don’t dive in without being informed.  “Cloud Computing” is actually an umbrella term representing a number of different deployment and service models.  Operational and cost benefits found with cloud computing should be weighed against the loss of control that comes with those deployments.  In some cases, that’s an easy trade-off.  In others, particularly where compliance is concerned, it can be more difficult.  Even in tougher cases, better informed teams might be able to get the best of both worlds by leveraging private or hybrid cloud deployments.

•  Jim Shook, “If Your Head Is In the Clouds, Keep Your Feet on the Ground”

• CIO Update, “Top 7 Legal Things To Know About Cloud, SaaS and eDiscovery”

Beware Of Dupes

Jim Shook, Director, E-Discovery and Compliance Practice EMC Corp

If The Bard were around today, his work on eDiscovery would undoubtedly include an update to one of his more famous turns of phrase:   “To de-dupe or not to de-dupe – what is the question?”

We all want to save money during eDiscovery, and the typical enterprise contains a substantial amount of duplicate information that increases the costs and risks of processing and review.  For example, we know that a single email message to four colleagues can immediately result in five copies of that message – the sender’s copy, along with a copy for each recipient.  With replies and forwards, the number seems to increase almost exponentially.  Similarly, laptops and fileshares abound with duplicates of documents from collaborative efforts or resulting from saving an “extra” copy of a document sent with an email message. All of these extra copies drive up eDiscovery costs.

How De-Duplication Can Help In eDiscovery

The temptation in eDiscovery is to quickly get rid of all of these extra copies – to de-duplicate the information so that we can spend less in collecting, processing and reviewing that information.  We commonly see duplication rates of 15 to 30% depending upon the source data and the environment.  Thus, a company spending $1,000,000 for collection and review in a case could, in theory, save $150,000 to $300,000 just by eliminating duplicate data.

In reality, de-duplication for eDiscovery can be a tricky and worrisome process.  It’s important to understand exactly what – and how – you will be de-duplicating data to insure that you get exactly what you expect and do not run afoul of preservation requirements or compliance concerns.

The Technology Behind De-Dupe

A typical “document” can have many different parts, so when we perform de-duplication, we need to understand which of those parts are being used to determine whether two documents are the same.  Without being too philosophical, it’s clear that no two documents can ever be completely identical.  At minimum, even if they are identical in all other respects, they will be stored in two different locations.  In some cases, even that fact – the location or “path” of the document — could be important.

To take a closer look at this issue, let’s start with the file “badStuff.doc”, a file containing Continue reading →

Bringing (More) eDiscovery In-House

Jim Shook, Director, E-Discovery and Compliance Practice EMC Corp

Companies large and small continue to grow the size of their in-house departments to manage litigation.  The recent 8^thAnnual Litigation Trends report from international law firm Fulbright and Jaworski found that 53% of larger companies have 5 or more in-house attorneys managing litigation, up from 46% last year.  The growth is far more significant in smaller companies, where 16% now have at least 5 litigation attorneys, more than triple the number from last year.

Why are companies increasing the size of their in-house litigation departments?  The survey does not try to answer the question, but our anecdotal evidence shows that companies are trying desperately to better control their costs and risks in litigation, particularly in the area of electronic discovery.  Although it’s been almost five years since the amendments to the Federal Rules of Civil Procedure, eDiscovery remains a difficult and expensive process for most companies.

As companies add in-house lawyers, they often look to have Continue reading →

Blurring the Boundary Between Work and Personal Lives

Jim Shook, Director, E-Discovery and Compliance Team, EMC Corp

Sometimes it’s difficult to believe that everyday phrases have lost their meaning, or that the younger generation is baffled when they hear them.  I’m referring to ancient gems like “Yeah, I VCR-ed that show last night” and even mundane office technology references like “sneakernet”, “box of floppy disks” and “can you xerox that?”.

In the workplace, it may not be long until we see the end of “9-to-5” and “I’m going to the office to get a few things done”.  We are blurring the line between our personal and professional lives – or maybe they have just merged into one?

In response to the demands of our job, and enabled by ever more sophisticated technology, many of us handle more social activities during “normal business hours” – checking Facebook and Twitter, sending text messages, talking on our cell phones and sending personal email messages.  Similarly, we may be handling more work issues after-hours, while on the road or even at home – checking Facebook and Twitter, sending text messages, talking on our cell phones and sending work email messages.  Do you see the problem?

How complex have these issues become?  Recently, the National Labor Relations Board reinstated five employees terminated for criticizing their work place on Facebook, noting that workplace social media policies cannot regulate all employee activity.  More personal computers and devices (iPads, cell phones, home computers) are implicated now in eDiscovery requests because they contain work-specific content.

And it’s the just the beginning.  Most companies have a difficult time properly maintaining records and other compliance-focused information when all of the information is located on company equipment and under company control.  What will we do when more and more of this information – technically created for and owned by the company – is not only stored at third-party locations, but may have never touched a company-owned device or even traversed the company network?

Join us this Thursday, September 22, at 11 am Eastern for a webcast discussing these issues, especially their impact on compliance and eDiscovery requirements.  You can register (it’s free) at http://bit.ly/oymvRP.  Continuing Legal Education (CLE) credits are available for most states.

Adversary Case Assessment: Putting Your ESI To Good Use

In eDiscovery, we tend to focus most of our attention internally, on our own electronically stored information (ESI).  This makes sense because the data is under our control, and if we cannot get this work done properly, we significantly raise the risk (and cost) of handling eDiscovery.

But what about the other side – what should we do when the other parties in litigation produce their ESI to us?  This is an issue that seems to be discussed very little.  Most companies just have their outside litigation counsel handle this data – but that’s what most of us did just a few years ago with our own ESI.  For companies using an eDiscovery solution for in-house collection and early case assessment, shouldn’t there be a matching process for the data received from other parties?

ACA – Adversary Case Assessment

There’s a lot of value that can be derived from analyzing the other side’s ESI, especially when it is juxtaposed against our own data.  If you plan ahead in your eDiscovery process, you can insure that you’re able to “view” the data in a few different groupings – your data; their data (by party if there’s more than one) and together.  Let’s look at some of the leverage that we can get from using our in-house solution in this manner.

File types.  How many different ESI file types did the other side produce?  In most cases, you should expect a good mix of email, spreadsheets, “productivity” files such as Microsoft Office, Excel and Powerpoint, image files (e.g. jpg/gif) and maybe even various log files, possibly in text form (.txt, .log, etc.).  You might probe a little more deeply:  did they produce any NSF or PST files (the local caches of email that many users keep on their desktop or fileshares)?

If you didn’t receive at least a few items representing these file types – why not?  There may be good reasons – you may have agreed to limit eDiscovery, maybe none of those file types contained relevant information, etc.  But ask the question – first of yourself, and then, if necessary, of the other side.  In many cases, parties frequently focus on email – largely ignoring laptops, fileshares and other repositories of relevant information.  Also, because these files are frequently produced as attachments to emails, it may give the appearance that these repositories were searched.  Thus, run another filter check — are the non-email items just attachments to emails, or were they produced on their own?

Volume.   Overall, does it seem like a fair amount of ESI that’s been produced, i.e. does the number of items seem right?  Again, this will vary greatly from case-to-case but you should have a good idea of how much “stuff” you are receiving.  Back in the paper days, we might question the other side if we produced a warehouse of boxes and they sent us a slim manila folder.  How does their production compare to your production?  Better yet – start to filter the produced ESI by custodian.  Is there a significant amount of information produced from key players?   How does it compare to your key people?  Interactive charts and graphs can go a long way here in helping you to understand what you’re seeing.

Date ranges.   Take a look at the date of the information and see how the volume of information varies over time.  Email will normally be grouped by its date, but files could be grouped by date of creation, modification or last access date.  Is there a high volume of information during the time that you would expect to be most relevant?  What items, in each file type category, are the oldest and most recent by date – and does that fit announced data retention policies and the scope of eDiscovery?  Do the dates and volumes fit with your understanding of the case?   Do this work first by using filters to exclude your data, and then include your own for a second review.  How much does that change the picture, if at all?  Does the other side seem to think that a different range of dates is more important than you did?

Email Domains.   Look at all of the email domains (e.g. emc.com, cnn.com, espn.com) that are represented in the production as either senders or recipients.  Are there any “new” companies of interest?  Maybe there’s a third party show in email that could have important information available by subpoena.  Did the other side include any information sent to or from their law firm?  If not, was every item really privileged — and did they produce a privilege log?

Email Threading.  Because of its nature, email can be “threaded” into conversations so that you can view a nicely ordered chain of emails that has gone back and forth between parties.  Even one or two message “side conversations” became very noticeable when a group of emails has been properly threaded.  Using your own key email messages as a starting point, thread the messages to include the other side’s production.  Are there new “back channel” or side conversations that the other side held internally, which you never saw?  Were key messages re-forwarded well after the fact  – say weeks or months later as “reasonable anticipation of litigation” began to occur?  Did you receive another copy of emails representing conversations with the other party (which you already produced) – or did they not produce those messages (and if not – why not?).

Wrapping Up

These are just a few very basic ideas of how you can begin to evaluate the other side’s ESI production.  Leveraged properly, in-house eDiscovery solutions can be another powerful tool for corporate (and law firm) counsel to rapidly get their arms around a case and begin to evaluate the other side’s production, too.  Happy ACA-ing!

Justifying The Cost of eDiscovery

Jim Shook, Director, E-Discovery and Compliance Practice EMC Corp

Most who have handled eDiscovery have a sense that with the right tools, bringing some (or all) of the eDiscovery process in-house will save money and cut risk.  However, that gut feeling is not enough if you are called to justify purchases to a board or steering committee – you need hard data.

If you have ever tried to put together an ROI Model for eDiscovery, you know that it can be a difficult process.  While stories abound about extraordinary costs, actual data about internal and external costs can be hard to find.  Even if you do have data, it’s difficult to build a model that matches your process and predicts how well the new process will work.  Worse still, because many companies still handle their eDiscovery with a lot of (usually unknown) risk, sometimes there is no apparent savings by bringing the work in-house – the change actually results in substantially cutting risk, not costs.  That’s even more difficult to model and justify.  (We have written about these challenges before and provided some helpful steps  you might consider when creating an ROI Model).

To make the process easier, our team has developed an easy-to-use “eDiscovery ROI Calculator”, which is now available for the iPad.  You input just a few variables – -the number of small, medium and large cases that you expect to see in a year, and the typical number of custodians for each.  We have preset the rest of the variables to what we consider to be industry standard amounts.  Don’t like our default values?  Change them all you want with the easy-to-use sliders (it’s actually kind of fun to manipulate the model).  In just a few minutes, you’ll get a good estimate of what it costs to handle those cases on an outsourcing basis, and what you might expect to save by bringing the process in-house.   (If you don’t have access to an iPad, we have flash-based versions of the tool available through our IG Account Management team).

Intrigued?  We are hosting a webcast next week with the smart folks from Enterprise Strategy Group.  It’s called “ESG Presents: Truly Realizing eDiscovery ROI” and you can sign up for free right here.  I’ll bet you get a fast ROI on that investment!

GRC: Another Benefit of A Good Legal/IT Partnership

Jim Shook, Director, E-Discovery and Compliance Practice EMC Corp

Originally posted by James D. Shook on http://www.kazeon.com/blog

Want some additional job security?  How about a raise?  It seems like one easy way to gain

traction in your job is to learn a new language.  And no, I’m not talking about a foreign language  . . . well, at least not in the usual sense.  Getting legal to “speak IT” – and vice-versa –has another benefit beyond the eDiscovery world.

Governance, Risk and Compliance – or GRC – is a developing cross-functional discipline where companies establish an integrated framework to satisfy governance requirements, evaluate and monitor risk, and track compliance.  This typically requires work across four key domains: IT, operations, finance and legal.  If you haven’t heard of GRC, you may be falling behind – it’s emerging as a top C-suite priority.  But there’s still time – so far, only 20% of respondents in an EMC-sponsored survey by the Ponemon Institute have a clearly defined eGRC strategy.

Even though it’s new, eGRC is already an area where difficulties with cross-functional collaboration and communication creates issues.  In the survey, Dr. Larry Ponemon notes that “Without collaboration across functions – the business is at risk.”

For those of you tracking the eDiscovery space (itself a component of an integrated eGRC plan) – does the cross-functional difficulty sound familiar?  It’s likely that most of the key domains will be able to interact and communicate just fine, they just need to understand the enterprise’s common goals.  But when it comes to Legal and IT working together – I’m not as sure.

Legal and IT have a difficult time working together.  Is it something that can be learned or is it a DNA problem?  The legal department is used to working in very gray areas – very few things are right or wrong, on or off – it’s all about sliding scales like “reasonableness” and “due diligence”.  In contrast, IT deals with specifics – every bit is either backed up or it’s not, and that fifth “9” (99.999%) really matters.  Many lawyers also seem to have a very difficult time – or outright resent — learning enough about IT systems to make them more effective in today’s e-centric world.   In the eDiscovery space, it’s still a rarity to find legal and IT groups that work well together.

And yet there is a big payoff for groups that can meet this challenge.  EMC’s Jeff Bettencourt notes that  “Organizations that truly understand the critical dependencies across domains and can align policies, processes, and technologies, gain greater visibility and control to more effectively manage risk across the enterprise. This can be a key competitive advantage.”

In this new GRC space, challenges abound.  But getting legal and IT together early – just as in eDiscovery –is a strategy that can quickly pay off.

By the way – we’re here to help.  Our new Dummies Books — “EDiscovery For Technologists / EDiscovery For Lawyers” – can help legal, IT (and the business) to better understand the issues that are generally difficult for them.  You can get a free copy here.

eDiscovery in the Post-PC Era

Originally posted by Jim Shook on http://www.kazeon.com/blog

Jim Shook, Director, E-Discovery and Compliance Practice EMC Corp

The term “Post-PC Era” refers to a key transformation in computing, characterized by a shift to small form-factor, mobile devices and enhanced collaboration. EMC’s own Jeetu Patel talked about and wrote an insightful blog post on this issue as part of the Momentum Conference at EMC World.

At its core, the Post-PC Era is about empowering individuals to be more efficient and productive by accessing content when they need it, from whatever device they wish to use, and enhancing the tools that enable them to get work done. It’s also about collaboration with others, not just across the enterprise but with partners, customers and other parties that don’t live behind your corporate firewall. That’s great for business – but what does the Post-PC Era mean for eDiscovery? As a whole, the legal profession is Continue reading →

Security By Another Name

Sony Corp is the latest to suffer public embarrassment — and potentially lawsuits — for a security breach.  Reportedly,

Jim Shook, Director, E-Discovery and Compliance Practice EMC Corporation

information on over 77 million customers were stolen, including credit card numbers – although Sony says that credit card information was encrypted.  (One report on this story can be found at http://reut.rs/lqSey2).

Everyone is vulnerable to security threats.  Is the answer always that you should have

better security?  In many cases, yes.  But with ever more complex systems interacting, more money at stake and ever more sophisticated threats, successful attacks cannot be completely prevented.  Security remains only as strong as the weakest link in the chain, and when people are included in that chain, can take just one person being tricked, confused, or letting their guard down to Continue reading →

The Ghosts of eDiscovery Past, Present and Future

This is the time of year when many make predictions for 2011.  But while we try to look forward, the reality is that as an industry, we have not yet conquered our eDiscovery challenges from 2010 – or even 2009 or earlier!  In the spirit of the season and with a nod to Charles Dickens’ A Christmas Carol, I decided to take a Scrooge-based approach to eDiscovery.  Without further ado, I present the ghosts of eDiscovery Past, Present and Future.

eDiscovery Past

In the early days of eDiscovery, even before the amendments to the FRCP in December 2006, we all made plenty of mistakes as we learned about this challenging new area.  Many of our problems resulted from collecting and preserving electronically stored information (ESI) from backup tapes; artificially segmenting the eDiscovery process into three stages known informally as “collect stuff”, “throw stuff over the wall” and “review stuff”; and pretending that eDiscovery either was a passing fad, or just could not be as difficult as we had heard.

While the list of mistakes and challenges from the past is virtually limitless (see Ralph Losey’s recent blog entry on this issue), many of these mistakes really boiled down to a few fundamental issues:  a lack of coordination and communication between Legal and IT (and Records Management or “RM”); and a lack of basic knowledge on IT systems from people working in legal roles.

If these ghosts of eDiscovery past continue to plague you, next year resolve to:

• Have your legal team learn at least the basics about your IT infrastructure;
• Insure that Legal, IT (and RM) coordinate, communicate and interact on a regular basis; and
• Have a basic plan, prepared in advance, for what to do when eDiscovery hits.

eDiscovery Present

Over the last year, we continued to struggle with the concept of when sanctions should be awarded for eDiscovery blunders, and how we should determine the severity of those sanctions.  In fact, these are such difficult issues that there is currently disagreement even within the same jurisdiction (compare Pension Committee of the University of Montreal Pension Plan, et al. v. Banc of America Securities, et al., 2010 WL 184312 (S.D.N.Y. Jan. 15, 2010) (Amended Order) with Orbit One Commc’ns, Inc. v. Numerex Corp., 2010 WL 4615547 (S.D.N.Y. Oct. 26, 2010)).

But there were several other trends that rang through loud and clear.  One of the clearest trends is that there is significant risk in relying upon employees to preserve and collect their own data for eDiscovery.  (See our “Weekend At Bernie’s” post).  While there is still no absolute prohibition, the problem with “custodian-based eDiscovery” is that employees can be self-interested or uninterested in a case, making it risky to assume that they will do what they are asked.  Even for those who are sufficiently motivated, many will still fail because they are under-educated on both legal and IT issues.  This makes it exceptionally difficult for them to determine what ESI should be retained as relevant to a case, and how to properly find and preserve that ESI.

Another clear trend is that unintentional – and even seemingly minor and understandable—eDiscovery blunders can cascade into prejudicing a case and result in severe sanctions.  (See Harkabi v. Sandisk Corp., 08 Civ. 8203 (WHP) (S.D.N.Y. Aug, 23, 2010).

A trend that has been around for a while, but seems to finally be gaining momentum, is enforcing the point that litigation holds do not begin upon receipt of the first Request For Production of Documents, or even upon being served with a Complaint.  Instead, the hold duty attaches when one can reasonably anticipate litigation, which typically occurs before the data of service (and for plaintiffs, will certainly occur before filing the Complaint).  Courts are beginning to take a closer look at when a party’s preservation process actually began, so companies need to get legal informed about litigation threats so that decisions on holds can be made at the right time.

If these ghosts have the chance of haunting you, next year resolve to:

• Rely more upon your eDiscovery team of investigators and counsel, and arm them with useful technologies to complete their work.  Merely hoping that your employees are handling the preservation and collection of critical ESI is no longer a viable option;

• Review your eDiscovery processes to insure that litigation holds are integrated into your business processes.  This will insure that holds can be recognized at the appropriate time and not just after litigation has already commenced.

eDiscovery Future

There are two main roads that the ghost of eDiscovery Future can take.  The first is the obvious road of emerging and future technologies.  For 2011, emerging issues will clearly include the Cloud and social media technologies such as Facebook and Twitter, and we will certainly see some new technologies that we have not yet even worried about.

The second road in the future is more sinister, and relates to issues that we should already be aware of but have failed to adequately address because they have not yet risen to the right level.  These issues are actually riskier because we should be prepared, and mistakes with these technologies may not be viewed in a forgiving light because we should know better.  As a few examples, this group would include legal issues around international data privacy, data stored in Sharepoint repositories, and structured databases.

It is difficult to predict what you should do about the ghosts of eDiscovery Future, but consider a few possible resolutions for the new year:

• At minimum, update your ESI Map to include basic information about data that may be outside your firewall (such as outsourced Email and other Cloud technologies, Facebook, Twitter, etc.);

• If you transact business outside the U.S., understand the basics of privacy law and determine whether and how they may impact you in normal litigation matters; and

• Subscribe to a publication that will keep you updated on the latest legal and technology developments (Law Technology News and its Daily Alert are terrific, free resources).

Good luck in 2011!