Showing posts with label Best Practices. Show all posts
Showing posts with label Best Practices. Show all posts

P&G E-Discovery Manager Outlines How to Streamline In-House E-Discovery

One of the high points of our 2014 Guidance Software E-Discovery webinar series was when Scott Van Nice, E-Discovery Manager for Procter and Gamble (P&G), outlined his process for enabling P&G to revamp their e-discovery model, reducing their e-discovery spend by fifty percent in the first eight months and compressing a four-to-six-week case start-up schedule to just two days.

Now there’s even better news, which is that e-discovery veteran Scott Van Nice has documented this knowledge in a new case study that explores in more detail how Procter & Gamble, the world’s largest consumer goods company, tackled a hefty in-house e-discovery process and now supports e-discovery for the company with a lean team of two.  

“E-Discovery Best Practices for IT” Webinar Highlights

Jason Pickens

IT teams are the unsung heroes of litigation, spending many hours searching for relevant electronically stored information (ESI), helping the legal team “herd cats” to ensure that custodians respond to litigation holds, and preparing massive files for both review and production phases. Having spent time with many legal and IT teams across North America and Canada, I’ve compiled a few best practices after some discussion with my recent webinar co-presenter and former colleague, Carl Wong, who’s an adjunct professor in forensic computing at the John Jay College of Criminal Justice.

#1 – Bring Preservation and Collection In-House

Lowering costs relative to both software and a streamlined collection process are big benefits, but not the only ones. No one understands your IT landscape better than you do, and it makes sense for you to be the drivers of a repeatable and defensible process that’s part of a total response plan. Bringing the oversight of the process in-house doesn’t mean your team has to do all the work, but rather that you should have control over the process for greater efficiency and lower risk.

Out of Cold Storage and Onto Your Screen: Why In-House E-Discovery Review is Taking Hold


Bringing e-discovery review in-house is becoming more common by the week. The days of sending legal assistants and paralegals away to “storage camp” are becoming history not just because of the reality that the overwhelming amount of our business information is stored electronically. It’s because bringing review in house makes sense in terms of early case assessment as well as costs and time.

A few developments in the legal industry are fueling this trend, too. Inside counsel are becoming both savvier about technology and more impatient with the inability to gain oversight on the process when review is always and only outsourced. When counsel asks, “How far along are we in the review process?” and receives an answer like, “Um, it’s hard to quantify exactly,” it’s time to get a different system in place.

Learn New Options from a Field Expert

Betsy McCabe, a principal business consultant for Guidance Software with plenty of hands-on review experience, will present a webinar on Wednesday, April 16th called, “Taking Control: Benefits and Best Practices for Bringing Review In-House.” 

Join her for a look at research on the expectations of increased corporate litigation, how you and your ever more technologically proficient colleagues now have a number of options for performing review, and how to establish a methodology for secure, flexible multi-party, multi-matter review. You can register here. We hope to see you there.

Comments? We welcome discussion in the Comments section below.

Digital DNA Strikes Again in Civil Discovery

John Blumenschein

A recent article written by attorney Mark A. Berman in Law Technology News, entitled Recent Decisions Focus on Duty to Preserve ESI and Metadata, highlights the important role that metadata can play in civil discovery. He focused on a series of recent New York State decisions that dealt with these issues, and one particular case he referenced, Alfano v. LC Main, LLC, 2013 N.Y. Misc. LEXIS 1046 (N.Y. Sup. Ct. Mar. 18, 2013), involved an EnCE®-certified computer examiner named Michael Nelson, who used EnCase® Forensic in his tool set to help establish that the metadata associated with a digital photograph submitted by the plaintiff had not been taken at the time of the event at issue in the matter.

This action was commenced to recover damages for personal injuries allegedly sustained by the plaintiff when he slipped and fell on ice on a construction site owned by the defendant. The plaintiffs submitted photographs of the accident scene taken several days after the accident, which they claimed depicted the area where the accident occurred and the snow and ice conditions as they existed at the time of the accident.

The ABCs of BYOD to CYA

Chad McManamy

In an effort to reduce the overwhelming cost of staying current on IT hardware for employees, many organizations are considering the alternative approach of Bring Your Own Device (BYOD).  Since employees are already bringing their own devices into the workplace and these employees have a passion for using the latest and greatest devices, it follows that organizations should consider a policy to allow the use of these employee-owned devices for corporate purposes.

There exists a major challenge with opening a corporate network to the expansive list of potential devices employees might want to bring to work. That challenge is that the structure and controls the IT department put in place to protect data for employer-owned devices become very difficult to enforce on employee-owned machines. 

CEIC 2013: Leading Judges Speak on TAR and Digital Information in Criminal Prosecutions

Daniel Lim

Many thanks to Judges Vanessa D. Gilmore, (U.S. District Court, S.D. Tex. – Houston Division), David Waxse (U.S. District Court, Kansas), and Karla Spaulding (U.S. District Court, M.D. Fla.) for an engaging and informative panel at the CEIC® 2013 conference in Orlando.

TAR: Holy Grail or Helpful Tool?
Judge Waxse helped to start us off with a discussion of whether experts would be required to testify for the use of new technologies in discovery, such as technology assisted review (TAR).  While Judge Peck has indicated his view that such testimony would NOT be needed because Federal Rule of Evidence applies to trial, rather than discovery, Judge Waxse takes an opposing view.  

Rolling the Dice on Legal Hold: Still Not Worth the Risk

Daniel Lim

On July 10, 2012, the Second Circuit issued an opinion in Howard Chin v. The Port Authority of New York & New Jersey, 2012 WL 2760776 (C.A.2, 2012), addressing the legal standard for failure to issue a legal hold notice for relevant evidence. The opinion limits the often-cited standard for legal holds announced in Pension Committee by Judge Schiendlin in 2010.

The Chin case is an appellate opinion that addresses the alleged failure to institute a legal hold for relevant files. The case involved a group of Asian American police officers alleging violations of Title VII by the New York and New Jersey Port Authority based on being passed over for promotions. Charges of discrimination were filed in January of 2001. During discovery, the plaintiffs learned that the Port Authority had failed to issue a legal hold to preserve at least thirty-two promotion folders used to make decisions between August 1999 and August 2002. Plaintiffs sought an adverse inference instruction for the spoliation. The district court denied the motion, finding ample alternative evidence regarding the relative qualifications of the plaintiffs. The district court found that the defendant’s destruction of relevant documents was “negligent, but not grossly so.”

A Strategic Approach to Cloud E-Discovery: Five Key Considerations

Bryant Bell


According to a Nov. 2011 survey from analysts at eDiscovery Journal, 35 percent of in-house legal teams surveyed were planning a move to a cloud or hybrid cloud solution for e-discovery. Why this increasing interest in cloud? Because of the scalability, computing power, and secure accessibility it offers for facilitating portions of the e-discovery process.

If you’re considering a move to cloud or hybrid e-discovery, you first need a good grasp of what the cloud can and can’t do. And central to that is an understanding of which e-discovery processes are best adapted to cloud solutions. In actual practice, those phases best suited to cloud solutions are:

  • Processing
  • Analysis
  • Review
  • Production. 

E-Discovery Gone Wrong: The Blooper Reel





Five years after the changes to the Federal Rules of Civil Procedure (FRCP) our professions should have worked out the kinks in collecting, processing, culling, reviewing, and producing electronically stored information (ESI). 

And yet, most haven’t. ESI is still being created in the main through the use of Microsoft Word and Outlook for written communications. Social networking and smartphones and tablets are complicating matters, but they’re not yet primary sources of discoverable ESI.

Virtualization and cloud computing are adding to the complexity of the enterprise technology environment. While that contributes to e-discovery challenges, it doesn’t justify most of the issues being presented by litigants. The main problems lie elsewhere. 

Here’s a collection of key takeaways from recent cases involving e-discovery errors.

New Options in Cloud Computing and E-Discovery

Bryant Bell

In the information age, one of your biggest challenges as in-house counsel is defending the enterprise along increasingly porous electronic borders, as well as in litigation matters calling for accountability in communications of every type, from chat messages to documents on thumb drives.

Which makes cloud computing for e-discovery a matter for cautious investigation for the midsized to large corporation. As a recent article on The Metropolitan Corporate Counsel website noted:
With litigation and e-discovery on the rise, it’s important to cut costs without sacrificing quality, and cloud computing is the new “go-to” solution. Yet some litigators are hesitant to switch e-discovery databases to the cloud for fear of risks such as security breaches or data loss.

SEC Cybersecurity Guidelines -- What You Should Know

Anthony Di BelloChad McManamy On October 13, the Division of Finance at the Securities and Exchange Commission (SEC) released “CF Disclosure Guidance: Topic No. 2 - Cybersecurity” representing the culmination of an effort on behalf of a group of Senators led by Senator Jay Rockefeller to establish a set of guidelines for publicly traded companies to consider when faced with data security breach disclosures. The concern from the Senators was that investors were having difficulty evaluating risks faced by organizations where they were not disclosing such information in their public filings.

According to the SEC in issuing the guidelines, "[w]e have observed an increased level of attention focused on cyber attacks that include, but are not limited to, gaining unauthorized access to digital systems for purposes of misappropriating assets or sensitive information, corrupting data, or causing operational disruption." And while the guidelines do not make it a legal requirement for organizations to disclose data breach issues, the guidelines lay the groundwork for shareholders suits based on failure to disclose such attacks.

The guidelines come on the heels of number of recent high-profile, large-scale data security breaches including those involving Citicorp, Sony, NBC and others – many of which have affected organizations around the world. A catalyst for the regulations is found in part in many organizations failure to timely report, or complete failure to report, their breaches. To curb any future disclosure issues, the SEC released the guidelines ordering companies to reveal their data security breaches.

As stated in the guidance notes, “[c]yber incidents may result in losses from asserted and unasserted claims, including those related to warranties, breach of contract, product recall and replacement, and indemnification of counterparty losses from their remediation efforts.”

“Cyber incidents may also result in diminished future cash flows, thereby requiring consideration of impairment of certain assets including goodwill, customer-related intangible assets, trademarks, patents, capitalized software or other long-lived assets associated with hardware or software, and inventory.”

Consistent with other SEC forms and regulations, organizations are not being advised to report every cyber incident. To the contrary, registrants should disclose only the risk of cyber incidents “if these issues are among the most significant factors that make an investment in the company speculative or risky.” If an organization determines in their evaluation that the incident is material, they should “describe the nature of the material risks and specify how each risk affects the registrant,” avoiding generic disclosures.

The SEC indicated that in evaluating the risks associated with cyber incidents and determining whether those incidents should be reported, organizations should consider:

-- prior cyber incidents and the severity and frequency of those incidents;

-- the probability of cyber incidents occurring and the quantitative and qualitative magnitude of those risks, including the potential costs and other consequences resulting from misappropriation of assets or sensitive information, corruption of data or operational disruption; and

-- the adequacy of preventative actions taken to reduce cyber security risks in the context of the industry in which they operate and risks to that security, including threatened attacks of which they are aware.

Rather than exposing new obligations for organizations, the SEC guidance highlights what company executives already knew about their obligations to report cyber incidents but may not have fully appreciated. The true lynch pin for every organization will be the determination of materiality and making the decision on which breaches gets reported and which do not. As such, public companies will also need to weigh real-world business risks specific to their particular market associated with incidents. For example, “if material intellectual property is stolen in a cyber attack, and the effects of the theft are reasonably likely to be material, the registrant should describe the property that was stolen and the effect of the attack on its results of operations, liquidity, and financial condition and whether the attack would cause reported financial information not to be indicative of future operating results or financial condition," the statement says.

Given the sophistication and success of recent attacks, forensic response has taken center stage when it comes to exposing unknown threats, assessing potential risks to sensitive data and decreasing the overall time it takes to successfully determine the source and scope of any given incident and the risk it may present.

Cybersecurity threats will continue to proliferate for companies of all sizes around the world. Failing to protect sensitive company data will pose an even greater risk going forward, so too will the legal implications for failing to disclose those material cyber incidents. A proactive, timely approach to prevention of cyber incidents represents the best case scenario for all organizations. Guidance Software’s Professional Services team and partners can help. Our consultants can help expose unknown risks in your environment, remediation of those risks, as well as provide prevention techniques designed to give your organization an active defense and knowledge against possible attacks unique to your organization.

Chad McManamy is assistant general counsel for Guidance Software, and Anthony Di Bello is product marketing manager for Guidance Software.

Out with the Old: the Importance of Purging ESI

Guidance Software

In my last post, I wrote about the importance of data mapping and knowing where your electronically stored information (ESI) lives within your organization. Today, I want to touch upon document retention policies and the importance of purging unnecessary data.

If you've been following the conversation in e-discovery circles, then you undoubtedly know how imperative it is to implement a comprehensive data retention policy to ensure a defensible e-discovery process. Without uniformly and routinely enforcing your data retention policy, you risk getting slapped with the dreaded spoliation accusation. And as we've seen in many cases, the monetary cost of spoliation can surpass the entire claim being litigated.

But the preservation of ESI only addresses half of a retention policy's intended purpose. In addition to outlining what information should be held and for how long, a data retention policy should also speak to data purging. Specifically, the policy should address what information should be purged, when should this information be purged and what process should be undertaken to purge this information.

There are several reasons to include data purging procedures in a data retention policy.

First, amassing giga- and petabytes of old information unnecessarily complicates your IT infrastructure. Your organization must store this information somewhere. If it is to be retained indefinitely, your IT department will need to continually add storage devices to your organization's IT network. Although data storage is relatively inexpensive, the time you must devote to continually update your data map represents a significant cost.

Second, the more data you have within your organization, the more data you will have to search through, collect, process and review should a matter arise. Anything on the corporate network outside of privileged information is fair game for a requesting party. Therefore, the more information you retain, the higher your e-discovery costs.

Third, the more varied and dispersed your data and your data stores, the more likely you are to inadvertently miss ESI that is potentially responsive to a matter. Think of your organization's network as a file cabinet. If your file cabinet is cluttered with outdated, unnecessary documents, it is going to be significantly more difficult to locate information than if you were to routinely clean out your file cabinet. By purging data uniformly and routinely, you can decrease the risk associated with failing to identify, collect and produce responsive ESI.

Finally, by destroying information uniformly and routinely according to a document retention policy, you are increasing your policy's defensibility. As long as the ESI is not subject to legal hold or other retention obligations, purging the information does not present an increased risk of spoliation. In fact, the opposite is true. In order for your data retention practices to hold up in court, you must uniformly and routinely retain and purge data according to your policy. This also gives reason to periodically auditing your retention and purging practices to ensure the policy is being adhered to routinely throughout the organization. Evidence of these audits can serve to embolden your position in court.

So, yes, data retention is an essential ingredient for a defensible e-discovery process. But compliantly preserving ESI should not overshadow the importance of purging unnecessary data. By cleaning house, so to speak, you can decrease your organization's risk and costs while strengthening your e-discovery efforts.

Russ Gould is director of product marketing at Guidance Software.

E-Discovery Expert Offers Best Practices to Inside Counsel

Guidance Software

When Inside Counsel Magazine wanted to beef up its content on e-discovery it turned to Guidance Software’s Vice President and Deputy General Counsel Patrick Zeller who contributed his expertise to the publication’s “Counsel Commentary” column.

Patrick joined colleagues from across the legal community, sharing his tips on everything from building a response team to data mapping.

A summary of his articles is listed below (click on the titles to read the full story on the Inside Counsel website):

Proactive ESI data mapping for e-discovery

September 9, 2011

In this article, Patrick discusses how data mapping can help organizations prepare for litigation and evaluate costs.

Is it finally time to bring e-discovery processing in-house?

August 26, 2011

In this article, Patrick discusses how in-house data processing can help companies realize cost savings and reduced risk.

Early case assessment – What you don’t know can (and likely will) hurt you

August 12, 2011

In this article, Patrick discusses the risks associated with not understanding your data.

Recent cases help evolve guidelines for producing metadata

July 29, 2011

In this article, Patrick discusses the importance of keeping ESI load files in a forensically sound manner that preserves metadata.

Creating a discovery response team

July 15, 2011

In this article, Patrick discusses the universal roles that are important to in creating a successful discovery response team.