Chat and Collaboration Data

Keep up with an evolving modern data landscape with our insights on compliance, information governance, and data collection and preservation.

Filter by content type
Select content type
Filter by trending topics
No items found.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Button Text
February 1, 2023
Case Study

Global Law Firm Partners with Lighthouse to Save Millions During Government Investigation

Lighthouse partners with a global law firm to meet a 60-day production deadline for an 11.5 million-document population, saving the firm millions. What They Needed A global law firm was representing a large analytics company being investigated by the Federal Trade Commission (FTC) for antitrust activity. The company faced an extremely aggressive production deadline—approximately 60 days to collect, review, and produce responsive documents from an initial data population of roughly 11.5M. How We Did It The firm partnered with Lighthouse to create a workflow to execute multiple work streams simultaneously (collections, processing, TAR, privilege review, and logging) to ensure the company could meet the production deadline. Lighthouse expert teams managed the entire process, implementing daily standup calls and facilitating communication between all stakeholders to ensure that each workflow was executed correctly and on time. Lighthouse clients that leverage our AI technology to its full potential can realize even more cost savings and efficiency. For example, in this case, this global law firm would have seen the removal of close to 420K documents from privilege review that our AI accurately (as verified in the qc process) deemed to be highly unlikely or unlikely to be privilege. The Lighthouse team also provided strategic and defensible review methods to attack data volume and increase overall efficiency throughout the project. This included Technology Assisted Review (TAR) and email thread suppression in combination with our proprietary AI-technology and privilege log application. The different work streams that Lighthouse designed and executed to reduce the time, burden, and expense of review included: Lighthouse Forensic Collection : Lighthouse’s dedicated expert forensic team implemented a workflow to perform all initial collections, as well as all refresh collections across M365 mailboxes, Teams data, OneDrive, and SharePoint. TAR 1.0 : Lighthouse implemented predictive coding via a TAR 1.0 workflow to systematically find and remove non-relevant documents in a defensible manner. Not relevant documents that fell below the cutoff score were removed from the review population to reduce privilege review. Non-TAR Review : A detailed file analysis was conducted on documents that could not be scored via the TAR model by Lighthouse experts to remove non-responsive documents from eyes-on responsiveness review. Email Threading : Once TAR 1.0 reached stability and a cutoff score was achieved, Lighthouse applied email thread suppression on the documents above the cutoff score to further decrease privilege review and the production set overall. Managing Teams data : The Lighthouse team leveraged our proprietary chat tool to deduplicate Microsoft Teams data. Using the tool, the team stitched Teams messages back together in a format that allowed outside counsel to easily see the conversation in totality (e.g., who was part of the thread, who entered/left the chat room, who said what, at what time, etc.). The tool then integrated and threaded chat messages with search and filtering capabilities for review directly in Relativity. Privilege Review : Even as collections, TAR 1.0, email threading, and document review workflows were ongoing, the Lighthouse advanced analytics team leveraged technology in combination with their expertise to drastically reduce the privilege review set and guard against inadvertent production of privileged documents: Lighthouse Strategic Privilege Reduction : Lighthouse data reduction experts worked with outside counsel to analyze the data to identify large categories of documents that could be safely removed from privilege review, such as two large tranches of calendar items that were pulled into the privilege review. Lighthouse also ran a separate header-only privilege screen across and located a pattern in the privilege hits, which outside counsel confirmed were not privileged and removed from privilege review. AI-enabled Privilege QC : To minimize risk and increase efficiency of privilege review, Lighthouse deployed our advanced AI-technology, which uses multiple algorithms to analyze the text and metadata of documents, enabling highly accurate privilege predictions. First, it analyzed the entire review workspace and identified additional privileged documents that were not picked up by the conventional privileged screen approach. Then, the tool was utilized in privilege review QC workflows where it helped reviewers overturn first and second level privilege calls. Privilege logging application : Lighthouse also leveraged our privilege logging application to automate privilege log generation, saving outside counsel significant time and driving consistent work product in creating their privilege log. The Results Lighthouse forensic collection collected roughly 11.5M documents from more than 600 unique datasets and over 90 custodians, spanning M365 mailboxes, Teams data, OneDrive, and SharePoint sources. Lighthouse’s TAR 1.0 workflow then dramatically reduced the document population for privilege review, ultimately removing over 6M documents in full families from review, thereby delivering a savings of nearly $6.2M. The Lighthouse team’s detailed file analysis of non-TAR universe resulted in an additional 640K files removed from responsiveness review—encompassing close to a 90% reduction in the non-TAR review volume and delivering a savings of roughly $640K. Our email thread suppression process then removed another 1.1M documents from review (for a savings of $1.1M), while the Lighthouse proprietary chat tool removed over 63K Teams items and generated over 200K coherent transcript families from 1.3M individual messages. Law Firm Case Studycase-study; antitrust; ediscovery; tar; tar-predictive-coding; law-firm; hsr-second-requests; investigations; mergers; ai-and-analytics; ai-big-data; artificial-intelligence; ai; acquisitions; analytics; predictive-coding; prism; privilege; privilege-review; name-normalization; microsoft; emerging-data-sources; forensics; collectionsediscovery-review; ai-and-analytics; antitrust; chat-and-collaboration-data; client-successCase-Study, client-success, Antitrust, eDiscovery, TAR, TAR-Predictive-Coding, Law-Firm, HSR-Second-Requests, investigations, Mergers, ai-and-analytics, AI-Big-Data, artificial-intelligence, AI, Acquisitions, analytics, predictive-coding, Prism, privilege, privilege-review, name-normalization, microsoft, Emerging-Data-Sources, digital forensics, collections, ediscovery-review, ai-and-analytics, antitrust, chat-and-collaboration-data
June 1, 2023
Case Study

Engineering a Customized M365 eDiscovery Premium Add-on

Lighthouse bridges internal gaps during technology overhaul and solves longstanding compliance issues for a German multinational healthcare manufacturer. Key Actions Lighthouse engaged company stakeholders in operational planning and received funding from Microsoft to devise and integrate a premium Microsoft 365 (M365) add-on to existing Purview Premium eDiscovery, which resolved an outstanding compliance need. Key Results The proof-of-concept achieved a zero-trust security model integrated with third-party software, and satisfied the barring of critical needs for the Company that centralized IT and legal departments after years of dysfunction. What They Needed Automating a transition to M365 commonly yields a clash between IT, legal, and compliance stakeholders if the decision to convert was spearheaded by IT and made without consulting legal and compliance teams. Typically, during planning or implementation of converting to M365, legal teams ask IT how the new platform will manage compliant and defensible processes, and if IT doesn’t have the answers, the project stalls. This was the situation facing a multinational manufacturing Company that engaged Lighthouse for help during the spring of 2020. At that time, the Company was several years into its M365 transition, and the legal teams’ requirements for adoption of native M365 compliance tools barred a complete transition. Pressure to adopt the tools escalated as M365 workloads for content creation, collaboration, and communication were already rolled out, creating an increasingly large and complex volume of data with significant degrees of risk. Lighthouse Responds to Need and Launches New Technology In partnership with Microsoft Consulting Services, Lighthouse organized a companywide M365 “reset,” hosting a three-day workshop to revamp the transition process and generate an official statement of work. The strategic goal was to streamline the stakeholders from litigation, technical infrastructure, cybersecurity, and forensics teams that previously failed to align. The workshop fielded critical topics geared to encourage constructive discussions between stakeholders and to strengthen departmental trust. The outcome of these discussions eventually enabled the company to move forward with critical compliance updates, including the collection and parsing of Microsoft Teams data, and the management of myriad files and email attachments. Lighthouse took stock of the current state, testing potential solutions, and arrived at a proof-of-concept for an eDiscovery Automation Solution (EAS) that augmented existing M365 capabilities to meet the legal team’s security requirements and remediate any performance gaps. Microsoft recognized the potential value of the EAS for the wider market, ultimately leading to Microsoft funding for the proof-of-concept. Inside the eDiscovery Automation Solution (EAS) Technology Azure-native web application designed to orchestrate the eDiscovery operations of an M365 subscriber through Purview Premium eDiscovery automation Maximized Microsoft Graph API “/Compliance/eDiscovery/” functions and other Microsoft API Simplified to Azure AD trust boundary, targeting the M365 tenant hosted within, and enabling full governance of identity and entitlement throughout Azure and M365 security features Benefits Achieved a zero-trust security model Authorized high-velocity, high-volume eDiscovery tasks without outside technology through automation and orchestration of existing M365 eDiscovery premium capabilities native to M365 Mobilized integration with third-party software included in the Company’s eDiscovery workflows Amplified workload visibility by automatically surfacing relevant Mailboxes, OneDrives, and other M365 group-based technologies dependent upon selected Custodians’ access Corporate Case Studybig-data; case-study; cloud-migration; cloud; cloud-services; cloud-security; corporate; corporation; data-privacy; emerging-data-sources; information-governance; ediscovery; microsoft; manufacturing-industry; risk-managementchat-and-collaboration-data; ediscovery-review; microsoft-365; data-privacy; information-governance; client-success; lighting-the-path-to-better-information-governanceBig-Data, Case-Study, Cloud-Migration, cloud, Cloud-Services, Cloud-Security, Corporate, Corporation, Data-Privacy, Emerging-Data-Sources, Information-Governance, eDiscovery, microsoft, manufacturing-industry, risk-management, chat-and-collaboration-data, ediscovery-review, microsoft-365, data-privacy, information-governance
No items found.
September 29, 2023
Podcast

The Great Link Debate and the Future of Cloud Collaboration

Michael Blank, Corporate Counsel ‚Äì eDiscovery, at DISH, and Lisa Lukaszewski, counsel at Gunster, discuss how the issues with hyperlinks and collaboration data continue to transform., Links, modern attachments, shared documents‚Äîthe descriptors for files exchanged through email and collaboration platforms continue to grow with no clear consensus on what to call them or how exactly to handle them. Despite their wide use, why are they a persistent challenge for eDiscovery and data governance teams? Beyond semantics, links and attachments raise bigger questions about how to manage collaboration data as it proliferates in the evolving workplace. Michael Blank , Corporate Counsel ‚Äì eDiscovery , at DISH, and Lisa Lukaszewski , Of Counsel at Gunster, join Law & Candor to discuss how the issues with links and collaboration data continue to transform‚Äîincluding changes to ESI protocols‚Äîhow recent legal decisions are contributing to the debate, and best practices for tackling these persistent challenges.  This episode‚Äôs sighing of radical brilliance: ‚Äú Carmakers are failing the privacy test. Owners have little or no control over data collected ,‚Äù Frank Bajak, AP, September 6, 2023. Learn more about the show and our speakers on lawandcandor.com , rate us wherever you get your podcasts, and join in the conversation on LinkedIn and Twitter . , chat-and-collaboration-data; information-governance, chat and collaboration data, information governance, Microsoft 365, big-data; compliance; corporate; emerging-data-sources; g-suite; information-governance; microsoft; podcast; preservation; legal-holds
March 29, 2023
Podcast

The Chat Effect: Improving eDiscovery Workflows for Modern Collaboration Data

Law & Candor welcomes Vanessa Quaciari, Senior eDiscovery Counsel at Baker Botts, to discuss improvements in collection, review, and production that can help you manage collaboration data.,   We are all participating in the unprecedented evolution of workplace communication. From virtually editing a shared document, to ‚Äúliking‚Äù a chat message, to responding to a colleague with an emoji during a video call‚Äîmost employees in a modern work environment are actively (and often unknowingly) creating large volumes of collaboration data. For the legal and eDiscovery professions, the speed of this innovation has necessitated parallel rapid advancements in technology and new approaches to workflows to stay ahead of the complexity and scale of chat and collaboration data. Law & Candor welcomes Vanessa Quaciari , Senior eDiscovery Counsel at Baker Botts, to discuss improvements in collection, review, and production that can help you manage collaboration data and scale your approach as the evolution continues. This episode's sighting of radical brilliance: ChatGPT If you enjoyed the show, learn more about our speakers and subscribe on lawandcandor.com , rate us wherever you get your podcasts, and join in the conversation on LinkedIn and  Twitter .  , chat-and-collaboration-data; ediscovery-review, collections, review, emerging data sources, podcast, production, chat-and-collaboration-data, ediscovery-review, collections; review; emerging-data-sources; podcast; production
March 29, 2023
Podcast

Why Your Data is Key to Reducing Risk and Increasing Efficiency During Investigations and Litigation

Minimizing Re-Review
Cassie Blum, Senior Director of Review Consulting at Lighthouse, discusses how to implement a data reuse strategy, including what technology and workflows can optimize its success.,   Handling large volumes of data during an investigation or litigation can be anxiety-inducing for legal teams. Corporate datasets can become a minefield of sensitive, privileged, and proprietary information that legal teams must identify as quickly as possible in order to mitigate risk. Ironically, corporate data also provides a key to speeding up and improving this process. By reusing metadata and work product from past matters in combination with advanced analytics, organizations can significantly reduce risk and increase efficiency during the review process. Law & Candor welcomes Cassie Blum , Senior Director of Review Consulting at Lighthouse, to discuss how to implement this data strategy, including what technology and workflows can optimize its success. This episode's sighting of radical brilliance:  7 Ways to be a more inclusive colleague ,  Fast Company , February 24, 2023. If you enjoyed the show, learn more about our speakers and subscribe on lawandcandor.com , rate us wherever you get your podcasts, and join in the conversation on LinkedIn and  Twitter . , chat-and-collaboration-data; ediscovery-review; lighting-the-path-to-better-ediscovery, podcast, data reuse, document review, chat-and-collaboration-data, ediscovery-review, podcast; data-reuse; document-review
March 29, 2023
Podcast

Everything Dynamic Everywhere: Managing a More Collaborative Microsoft 365

Emily Dimond, Managing Senior Counsel, eDiscovery, at PNC Bank, shares practical strategies for managing updates in Microsoft 365 and how to develop an agile governance program.,   Collaborative technology‚Äîgreat for employee productivity but often challenging for legal and IT departments. Balancing the risk and reward requires a deep understanding of ever evolving updates while proactively managing those changes. As organizations adopt cloud-based enterprise software like Microsoft 365, previous change management and governance approaches are often no longer sufficient. Emily Dimond , Managing Senior Counsel, eDiscovery, at PNC Bank, shares practical strategies for managing updates in M365, including recent changes to transcripts and loop components, and how to develop a strong governance program equipped for today‚Äôs dynamic landscape.  This episode's sighting of radical brilliance:  Where is Tech Going in 2023? Harvard Business Review,  January 26, 2023. If you enjoyed the show, learn more about our speakers and subscribe on lawandcandor.com , rate us wherever you get your podcasts, and join in the conversation on LinkedIn and  Twitter .  , microsoft-365; chat-and-collaboration-data; lighting-the-path-to-better-information-governance, microsoft, emerging data sources, podcast, record management, microsoft-365, chat-and-collaboration-data, microsoft; emerging-data-sources; podcast; record-management
March 31, 2022
Podcast

Spring Cleaning for Legal Teams: The Cloud and Defensible Deletion of Data

Law & Candor welcomes Erika Namnath of Lighthouse to discuss new challenges with data retention and deletion in the Cloud, developing a defensible disposal program, and getting stakeholder buy-in., To kick off the show, Bill Mariano and Rob Hellewell discuss another Sighting of Radical Brilliance: How scientists are using AI to identify new drug combinations for children with incurable brain cancer. Next, they interview Erika Namnath  from Lighthouse about how to develop a sound and efficient defensible deletion program and the benefits of getting buy-in for it throughout an organization. Some of the key questions they discuss include: Defensible disposal of data continues to be a key challenge for eDiscovery and information governance programs. Why has this issue persisted and how has it evolved? Historically, because of the risk of deleting important information or not being able to defend deletion, teams have defaulted to saving as much as possible. Why is this approach becoming increasingly impossible and even poses a greater risk? How should leaders approach developing a data retention and disposal program or updating their existing one? When developing these retention policies and updates, we often hear challenges with legacy data and legal holds. How can teams wrap their heads around existing data while also considering what they‚Äôre retaining today?  It seems a significant challenge for these programs is gaining stakeholder buy-in and assigning ownership for retention and deletion. What can leaders do to tackle this? Our co-hosts wrap up the episode with a few key takeaways. If you enjoyed the show, learn more about our speakers and subscribe on the podcast homepage , rate us wherever you get your podcasts, and join in the conversation on Twitter .  Related Links : Blog post: Cloud Adaptation: How Legal Teams Can Implement Better Information Governance Structures for Evolving Software Blog post: Making the Case for Information Governance and Why You Should Address It Now Podcast: Achieving Information Governance through a Transformative Cloud Migration Article: Scientists use AI to identify new drug combination for children with incurable brain cancer About Law & Candor   Law & Candor is a podcast wholly devoted to pursuing the legal technology revolution. Co-hosts Bill Mariano and Rob Hellewell explore the impacts and possibilities that new technology is creating by streamlining workflows for eDiscovery, compliance, and information governance. To learn more about the show and our speakers, visit the podcast homepage .  , data-privacy; chat-and-collaboration-data; microsoft-365, cloud migration, legacy data remediation, legal holds, podcast, record management, preservation, risk management, data-privacy, chat-and-collaboration-data, microsoft-365,, cloud-migration; legacy-data-remediation; legal-holds; podcast; record-management; preservation; risk-management
December 15, 2022
Podcast

Data Governance for the BYOD Age

Our hosts chat with Lighthouse's John Bair about implementing proactive data management programs and emerging challenges with remote working, including mobile devices and collaboration data., Law & Candor returns for Season 10 with co-hosts  Bill Mariano  and Rob Hellewell. They kick off the episode with a discussion of a Harvard Business Review article about the ways AI can make strategy more human. Next they are joined by John Bair , Senior Consultant in Digital Forensics at Lighthouse, to discuss bring your own device (BYOD) policies, implementing proactive data management programs, and emerging data challenges with remote working. Some questions that they tackle include: From a data governance and management perspective, what are the greatest challenges that have emerged from working from home and BYOD policies? Many organizations may have governance programs in place but still struggle with new data sources or devices. What can make some programs inadequate to face these changes? For those needing to refresh their governance approach, or build something new, what advice do you have for creating a more proactive program to get ahead of these data challenges? How should legal teams work with IT to ensure these types of programs are a success? How should we think about their roles? As mobile devices and virtual work continue to advance, how can teams ensure their data governance programs keep pace? If you enjoyed the show, learn more about our speakers and subscribe on the  podcast homepage , listen and rate the show wherever you get your podcasts, and join in the conversation on  Twitter .  , chat-and-collaboration-data; data-privacy; forensics; lighting-the-path-to-better-information-governance, collections, emerging data sources, departing/onboarding employee, podcast, preservation, risk management, chat-and-collaboration-data, data-privacy, digital-forensics,, collections; emerging-data-sources; departing-onboarding-employee; podcast; preservation; risk-management
December 15, 2022
Podcast

Anonymization and AI: Critical Technologies for Moving eDiscovery Data Across Borders

Our hosts are joined by Lighthouse's Damian Murphy for a lively chat about what AI solutions can be deployed to optimize eDiscovery workflows and maximize data insights while adhering to privacy laws., In this episode's Sighting of Radical Brilliance, our hosts discuss strategies for putting your data to work outlined in a recent Harvard Business Review article. To elucidate the complexities of moving data across borders, Lighthouse's Damian Murphy , Executive Director of Advisory Services in EMEA, joins the podcast. With Paige and Bill, Damian explains recent updates to data transfer policies, and what AI solutions can be deployed to optimize eDiscovery workflows and maximize data insights while adhering to privacy laws. Some key questions they answer, include: With fines continuing to be issued for GDPR violations and organizations grappling with how to transfer data across regions, data privacy is still not a resolved issue. What are some recent policy changes our audience should be aware of? How have these created challenges for the ways that data is managed and how organizations can ultimately utilize it? Many of our listeners are likely aware of how anonymization and pseudonymization are being utilized, but can you remind us how they work? Is there a typical approach for a client faced with the need to supply data held within the EU in order to comply with an eDiscovery order in the US? If the past is any indication, we should expect privacy policies to continue to change and impact data governance. How are anonymization and pseudonymization, and other approaches, helping prepare for what‚Äôs on the horizon? If you enjoyed the show, learn more about our speakers and subscribe on the  podcast homepage , rate us wherever you get your podcasts, and join in the conversation on  Twitter .  , data-privacy; chat-and-collaboration-data; microsoft-365; practical-applications-of-ai-in-ediscovery, gdpr, cross border data transfers, podcast, privacy shield, data-privacy, chat-and-collaboration-data, ai and analyics, microsoft-365, gdpr; cross-border-data-transfers; podcast; privacy-shield
November 16, 2021
Podcast

Understanding Microsoft 365 Unindexed Items

James Hart of Lighthouse and our hosts discuss this complex aspect of Microsoft 365 eDiscovery, identify best practices and mitigation strategies, and proactive tips for the future., Law & Candor co-hosts Bill Mariano and Rob Hellewell kick things off with Sightings of Radical Brilliance, in which they discuss a framework for building accountability into AI from an article in Harvard Business Review by Stephen Sanford . In this episode, Bill and Rob are joined by James Hart of Lighthouse. They discuss this critical component of Microsoft 365 and its important role in maximizing the effectiveness of ediscovery workflows and mitigation strategies. Key questions from their conversation include: What are unindexed items and how critical are they to efficiency in ediscovery workflows? After identifying unindexed items, what is the next step and how do you approach it? What are some key strategies for handling unindexed items? How are different organizations approaching unindexed items from a policy perspective? What are best practices for approaching this unique issue in Microsoft 365? In conclusion, our co-hosts end the episode with key takeaways. If you enjoyed the show, learn more about our speakers and subscribe on the podcast homepage , rate us on Apple and Stitcher , and join in the conversation on Twitter . Related Links Blog Post: An Introduction to Managing Microsoft 365 Updates that Present Legal and Compliance Considerations Blog Post: Making the Case for Information Governance and Why You Should Address It Now White Paper: The Impact of Schrems II and Key Considerations for Companies Using M365 Podcast: Keeping Up with M365 Software Updates , microsoft-365; chat-and-collaboration-data; information-governance; lighting-the-path-to-better-information-governance, microsoft, emerging data sources, podcast, record management, preservation, microsoft-365, chat-and-collaboration-data, information-governance,, microsoft; emerging-data-sources; podcast; record-management; preservation
March 23, 2021
Podcast

Keeping Up with M365 Software Updates

In the fourth episode of the seventh season, co-hosts¬†Bill Mariano and¬†Rob Hellewell discuss¬†why diversity in AI is important and how this could impact legal outcomes and decisions.¬†Next, they..., In the fourth episode of the seventh season, co-hosts  Bill Mariano and  Rob Hellewell discuss  why diversity in AI is important and how this could impact legal outcomes and decisions.  Next, they introduce their guest speaker,  Jamie Brown of Lighthouse, who uncovers key strategies to keep up with the constant flow of Microsoft 365 software updates. Jamie answers the following questions (and more) in this episode: What are some of the common challenges associated with M365‚Äôs rapid software updates? How do these constant updates lead to compliance risks? What are some best practices for overcoming these challenges? What recommendations would you pass along to those who are experiencing these challenges? What advice would you give to other women in the ediscovery industry looking to move their careers forward? Our co-hosts wrap up the episode with a few key takeaways. If you enjoyed the show, learn more about our speakers and subscribe on the  podcast homepage , rate us on  Apple and  Stitcher , and join in the conversation on  Twitter . , microsoft-365; information-governance; chat-and-collaboration-data, microsoft, podcast, microsoft-365, information-governance, chat-and-collaboration-data,, microsoft; podcast
March 23, 2021
Podcast

Efficiently and Defensibly Addressing Microsoft Teams Data

Bill Mariano and¬†Rob Hellewell kick off episode 3 with another segment of¬†Sightings of Radical Brilliance, where they discuss¬†Anis Uzzaman‚Äôs Inc.com article that dives into 2021 business and..., Bill Mariano and  Rob Hellewell kick off episode 3 with another segment of Sightings of Radical Brilliance, where they discuss  Anis Uzzaman‚Äôs Inc.com article that dives into 2021 business and technology trends . Bill and Rob review these trends and discuss how they will have an impact on the space. Next, Bill and Rob chat with  Royce Cohen of Lighthouse about key ways to efficiently and defensibly address Microsoft Teams data. In this interview, Royce uncovers the answers to the following questions:  How do you achieve a balance between encouraging collaboration amongst colleagues and the ediscovery impact of that collaboration?  What are some of the challenges associated with the rise in Teams data? How do you overcome those challenges? How do organizations ensure they are overcoming those challenges efficiently and defensibly?  What advice would you give to other women in the ediscovery industry looking to move their careers forward? Our co-hosts wrap up the episode with a few key takeaways. If you enjoyed the show, learn more about our speakers and subscribe on the  podcast homepage , rate us on  Apple and  Stitcher , and join in the conversation on  Twitter . Related Links Blog Post:  Key Compliance & Information Governance Considerations As You Adopt Microsoft Teams Podcast: Tackling Modern Attachment and Link Challenges in G-Suite, Slack, and Teams , chat-and-collaboration-data; microsoft-365, microsoft, podcast, chat-and-collaboration-data, microsoft-365, microsoft; podcast
December 3, 2020
Podcast

Does Cellular 5G Equal 5x the Fraud and Misconduct Risk?

In the very first episode of season six, co-hosts Bill Mariano and Rob Hellewell, introduce themselves and welcome listeners back for another season of Law & Candor, the podcast wholly devoted to...,   In the very first episode of season six, co-hosts Bill Mariano and Rob Hellewell , introduce themselves and welcome listeners back for another season of Law & Candor, the podcast wholly devoted to pursuing the legal technology revolution. To kick things off, Bill and Rob begin with Sightings of Radical Brilliance, the part of the show where they discuss the latest news of noteworthy innovation and acts of sheer genius. In this episode, they dive into a recent article from ITPro.com that discusses the increase in insider data breaches with the remote work shift .  For the guest speaker segment of the show, Bill and Rob bring on Jerry Bui of Lighthouse to discuss cellular 5G and how it could lead to more fraud and misconduct risk via the following key questions: How does 5G lead to fraud and misconduct?  What insider threats are there (i.e. shadow IT, encrypted messages, etc.)? What about outsider threats (i.e. outside of IT‚Äôs purview, data breaches, hacking, etc.)? How does this impact compliance programs?  How does one overcome 5G challenges?  Are there other recommended best practices related to this topic? The episode wraps up with key takeaways. If you enjoyed the show, subscribe here , rate us on Apple and Stitcher, join in the conversation on Twitter , and discover more about our speakers and the show here . , forensics; chat-and-collaboration-data, preservation and collection, podcast, digital-forensics, digital-forensics, chat-and-collaboration-data, preservation-and-collection; podcast; digital-forensics
September 22, 2020
Podcast

Top Microsoft 365 Features to Leverage in Your eDiscovery Program

Microsoft‚Äôs agile development and rapid product enhancement allows Microsoft 365 (M365) users to stay up to date with emerging industry challenges. However, keeping pace with these M365 features,   In the final episode of season five, co-hosts  Bill Mariano and  Rob Hellewell review an article on a recent ILTA>ON panel that examined how  tech has created certain power dynamics in legal space. Next, Bill and Rob bring on John Collins of Lighthouse to walk them through the top M365 features to leverage in an ediscovery program. Together they cover the latest and greatest as well as uncover answers to the following questions:  How many updates and enhancements is Microsoft making? How often/fast are these coming out? What are some of the common challenges around these rapid changes?  What are the top M365 features that folks in the industry should be aware of? Are there other ways and/or resources folks can use to stay up-to-date? The season ends with key takeaways from the guest speaker section. Subscribe to the show here , rate us on Apple and Stitcher, connect with us  Twitter , and discover more about our speakers and the show  here . Related Links Blog Post: Microsoft 365, G-Suite, and the Growing Demand for Consulting and ifying Experts Blog Post: Leveraging Microsoft 365 to Reduce Your eDiscovery Spend Blog Post: Key Compliance & Information Governance Considerations As You Adopt Microsoft Teams Podcast Episode:  Microsoft Office 365 Part 1: Microsoft‚Äôs Influence on the Next Evolution of eDiscovery Podcast Episode: Microsoft Office 365 Part 2: How to Leverage all the Tools in the Toolbox   , microsoft-365; ediscovery-review; chat-and-collaboration-data, microsoft, podcast, microsoft-365, ediscovery-review, chat-and-collaboration-data,, microsoft; podcast
September 22, 2020
Podcast

Achieving Information Governance through a Transformative Cloud Migration

Data migrations are generally perceived as painful and disruptive experiences. However, they also provide unique opportunities to transform the way unstructured data is used and managed within an,   In the first episode of season five, co-hosts  Bill Mariano and  Rob Hellewell , introduce themselves and welcome listeners back for another season of Law & Candor, the podcast wholly devoted to pursuing the legal technology revolution. To kick things off, Bill and Rob begin with Sightings of Radical Brilliance, the part of the show where they discuss the latest news of noteworthy innovation and acts of sheer genius. In this first episode, they dive into a recent article written by the folks at Baker Botts LLP around  Federal Expedited Review in Response to COVID-19 and what that means for the industry. For the guest speaker segment of the show, Bill and Rob bring on  John Holliday of Lighthouse to discuss transformative cloud migrations and how to ensure a successful outcome via the following questions: How do cloud migrations provide an opportunity to transform processes and workflows within an organization?  How does information architecture come into play? What benefits can one achieve during a cloud migration? What are best practices for a successful transformative cloud migration? The episode wraps up with key takeaways. If you enjoyed the show, subscribe here, rate us on Apple and Stitcher, join in the conversation on  Twitter , and discover more about our speakers and the show  here . Related Links Blog Post:  Top Three Things That Could Derail Your Cloud Migration Project Blog Post:  Why Moving to the Cloud is a Legal Conversation   , information-governance; microsoft-365; chat-and-collaboration-data, information-governance, cloud migration, podcast, information-governance, microsoft-365, chat-and-collaboration-data,, information-governance; cloud-migration; podcast
June 23, 2020
Podcast

Emerging Data Sources – Get a Handle on eDiscovery for Collaboration Tools

In the first episode of season four, co-hosts¬†Bill Mariano and¬†Rob Hellewell, introduce themselves and welcome listeners back for a fourth season of Law & Candor, the¬†podcast wholly devoted to...,   In the first episode of season four, co-hosts  Bill Mariano and  Rob Hellewell , introduce themselves and welcome listeners back for a fourth season of Law & Candor, the podcast wholly devoted to pursuing the legal technology revolution. To kick things off, Bill and Rob begin with Sightings of Radical Brilliance, the part of the show where they discuss the latest news of noteworthy innovation and acts of sheer genius. In this first episode, they dive into a recent story around  COVID-19 and the reformation of legal culture .  The guest speaker segment for episode one highlights  Ellen Blanchard of T-Mobile. Ellen, Bill, and Rob discuss the growth in emerging data sources, especially with the introduction of more remote work due to COVID-19. They cover tips on how to manage, collect, process, and review collaboration data for ediscovery purposes via the following questions: What has changed over the last couple of years and even in the last few months with COVID-19? How do you get a handle on these data sources? How do you weigh that balance between risks and what teams need to use to be productive? What are some key tips to keep in mind when managing ediscovery around collaboration tools? At the end of the episode, Bill recaps key takeaways and thanks Ellen for joining. If you enjoyed the show, join in the conversation on  Twitter and discover more about our speakers and the show  here . Related Links Case Study:  Rapid and Reliable Chat Message Review About Law & Candor Law & Candor is a podcast wholly devoted to pursuing the legal technology revolution. Co-hosts Bill Mariano and Rob Hellewell explore the impacts and possibilities that new technology is creating by streamlining workflows for ediscovery, compliance, and information governance. To learn more about the show and our speakers, click  here .   , chat-and-collaboration-data; microsoft-365, emerging data sources, podcast, chat-and-collaboration-data, microsoft-365, emerging-data-sources; podcast
March 24, 2020
Podcast

How Microsoft 365 and GDPR Are Driving a Proactive Approach to eDiscovery Across the Globe

Law & Candor co-hosts¬†Bill Mariano and¬†Rob Hellewell kick things off with¬†Sightings of Radical Brilliance, in which they discuss¬†changes the legal system may face thanks to¬†innovation brought...,   Law & Candor co-hosts  Bill Mariano and  Rob Hellewell kick things off with Sightings of Radical Brilliance, in which they discuss changes the legal system may face thanks to  innovation brought about by AI, big data, and online courts .  In this episode, Bill and Rob are joined by  Mike Brown of Lighthouse. The three uncover how Microsoft 365 (M365) and GDPR are driving change for a more proactive approach to ediscovery across the globe and answer the following questions:  How have GDPR and M365 changed company attitudes from a reactive to a more proactive approach to ediscovery? How does Brexit impact this? How does a company actually become GDPR compliant? How do companies prepare? How do DSARs come into play? How does M365 help solve for these concerns? In conclusion, our co-hosts end the episode with key takeaways. To join the conversation, connect with us  Twitter and discover more about our speakers and the show  here . Related Links Blog Post:  Why Moving to the Cloud is a Legal Conversation , data-privacy; microsoft-365; chat-and-collaboration-data, microsoft, gdpr, data-privacy, cross border data transfers, podcast, data-privacy, microsoft-365, chat-and-collaboration data,, microsoft; gdpr; data-privacy; cross-border-data-transfers; podcast
December 4, 2019
Podcast

Understanding and Creating Effective and Best eDiscovery Practices for G-Suite

In the final episode of season two, co-hosts¬†Bill Mariano and¬†Rob Hellewell discuss what a¬†US approach to data protection and privacy would look like in the¬†Sightings of Radical Brilliance segment...,   In the final episode of season two, co-hosts  Bill Mariano and  Rob Hellewell discuss what a  US approach to data protection and privacy would look like in the Sightings of Radical Brilliance segment of the show. In particular, they discuss how we are seeing these pop up on a state-by-state basis and whether we need a Federal law that applies to privacy.  Bill and Rob are joined by  Alison Shier , Client Development Manager at Lighthouse, to discuss the challenges and best practices around G-Suite data for their sixth and final episode of the season. The three cover the following questions:  Is leveraging G-suite a more common trend/theme in the space? How is Gmail data different than Outlook data?  What are some of the challenges around managing this data? What are some of the downstream issues and challenges around review of this data? How do we address these challenges? How do TAR and analytics impact G-suite data? The season ends with key takeaways from the guest speaker section.  Connect with us  Twitter , discover more about our speakers and the show  here , and, if you are interested in attending the live podcast show at Legaltech,  email us for details. About Law & Candor Law & Candor is a podcast wholly devoted to pursuing the legal technology revolution. Co-hosts Bill Mariano and Rob Hellewell explore the impacts and possibilities that new technology is creating by streamlining workflows for ediscovery, compliance, and information governance. To learn more about the show and our speakers, click  here .   , chat-and-collaboration-data; information-governance, g suite, ediscovery process, podcast, chat-and-collaboration data, information-governance, g-suite; ediscovery-process; podcast
December 4, 2019
Podcast

Data Preservation in the World of Ephemeral Data, Mobile Devices, and Other New Challenges in Forensic Technology

Co-hosts Bill Mariano and¬†Rob Hellewell share details around the¬†five biggest data breaches of the year so far in¬†Sightings of Radical Brilliance and what this means for the future of legal...,   Co-hosts Bill Mariano and  Rob Hellewell share details around the  five biggest data breaches of the year so far in Sightings of Radical Brilliance and what this means for the future of legal space. Next, Bill and Rob bring on  Jerry Bui , Executive Director of Digital Forensics at Lighthouse, to help uncover the answers to the following questions around data preservation when it comes to ephemeral and encrypted data:  What do ephemeral and encryption mean? What are the different types of enterprise communication platforms? Which platform gives you the most in terms of investments from a legal and compliance perspective? What about data privacy on these platforms? How is the personal data treated? What should IT and Legal departments keep in mind when it comes to platforms that are not encrypted? The show concludes with key takeaways from the guest speaker segment. Join the conversation on  Twitter and discover more about our speakers and the show  here . Related Links Podcast: Digital Forensics Future About Law & Candor Law & Candor is a podcast wholly devoted to pursuing the legal technology revolution. Co-hosts Bill Mariano and Rob Hellewell explore the impacts and possibilities that new technology is creating by streamlining workflows for ediscovery, compliance, and information governance. To learn more about the show and our speakers, click  here .   , chat-and-collaboration-data; forensics; information-governance; microsoft-365, emerging data sources, preservation and collection, podcast, digital-forensics, chat-and-collaboration-data, digital-forensics, information-governance, microsoft-365, emerging-data-sources; preservation-and-collection; podcast; digital-forensics
September 20, 2019
Podcast

Microsoft Office 365 Part 2: How to Leverage all the Tools in the Toolbox

In the fourth episode of season one, co-hosts Bill Mariano and Rob Hellewell begin with SIGHTINGS OF RADICAL BRILLIANCEaround the dawn of realistic face masks as well as retina scans and...,   In the fourth episode of season one, co-hosts Bill Mariano and Rob Hellewell begin with SIGHTINGS OF RADICAL BRILLIANCEaround the dawn of realistic face masks as well as retina scans and fingerprints for authentication, and the security and legal concerns that hide beneath. Next, Bill and Rob introduce guest Chris Hurlebaus , eDiscovery Architect at Lighthouse, to discuss the tools that are available in Office 365 and how to leverage them. The speakers cover the following questions in this episode: What do I need to know around Office 365 licensing when having an ediscovery conversation? What Office 365 tools are currently available to users? What are the different options/subscription levels? What are the advanced features of Office 365? What about reporting of ediscovery activities in Office 365? What is Microsoft looking to do next around this technology? In the end, our co-hosts wrap up with a few key takeaways. Follow us on Twitter and discover more about our speakers and the show here . Related Links Case Study: The Benefits of an Office 365 Workshop About Law & Candor Law & Candor is a podcast wholly devoted to pursuing the legal technology revolution. Co-hosts Bill Mariano and Rob Hellewell explore the impacts and possibilities that new technology is creating by streamlining workflows for ediscovery, compliance, and information governance. To learn more about the show and our speakers, click here .   , microsoft-365; information-governance; chat-and-collaboration-data, microsoft-365, information-governance, chat-and-collaboration-data, microsoft; podcast
October 3, 2023
Blog

Law & Candor Season 12: Five Views of Innovation and Risk Impacting AI, eDiscovery, and Legal

AI, generative AI, antitrust, second requests, HSR, eDiscovery, review, information governance, healthcare, legal operations, law firm, corporate counsel ai-and-analytics; compliance; corporate; corporate-legal-ops; data-analytics; healthcare; healthcare-litigation; innovative-technology; innovation; information-governance; law-firm; mergers; modern-data; phi; pii; podcast; self-service, spectra; regulation; production mitch montoya In a year of unprecedented advancement in AI capabilities and economic uncertainty, legal teams and attorneys have been given both a compelling look into what the future of their work may look like and a sharp picture of today’s challenges. With a critical eye on how to manage and capitalize on these dueling perspectives that define legal’s current landscape, the guests on the new season of Law & Candor offer insights on a range of issues, including generative AI, new M&A guidelines and HSR rules, collaboration data, strategic partnerships, and the future of the industry. Listen for news, AI and technology updates, and best practices from leaders confronting these challenges and charting new paths forward. Episode 1: The Power of Three: Maximizing Success with Law Firms, Corporate Counsel, and Legal Technology Episode 2: What You Need to Know About the New FTC and DOJ HSR Changes Episode 3: Why Your eDiscovery Program and Technology Need Scalability Episode 4: Generative AI and Healthcare: A New Legal Landscape Episode 5: The Great Link Debate and the Future of Cloud Collaboration To keep up with news and updates on the podcast, follow Lighthouse on LinkedIn and Twitter . And check out previous episodes of Law & Candor at lighthouseglobal.com/law-and-candor-podcast. For questions regarding this podcast and its content, please reach out to us at info@lighthouseglobal.com.
June 20, 2023
Blog

Here Today, Gone Today: Managing Third-Party Messaging Apps in a New Regulatory Environment

When the Federal Rules of Civil Procedure were amended in December of 2006 to include “electronically-stored information” as an information category subject to discovery, even the most visionary eDiscovery practitioners could not have anticipated what this would mean in the years to come.Although the tech-savvy among them may have anticipated the future challenge of increasing data volumes, who could have foreseen the impact of the Cloud and the exponential growth of data types and communication applications? No one in 2006 could have anticipated the explosion of third-party messaging apps (think WhatsApp, Signal, Snapchat, Telegram, WeChat, etc.) proliferated by a worldwide pandemic. Some of these applications allow users to send encrypted messages or ephemeral messages (messages that disappear after sending) and usually exist outside of native Apple or Android apps. Therefore, they raise uniquely challenging data governance and eDiscovery issues. Unfortunately, for a variety of reasons, organizations have had trouble implementing compliance policies that directly address those downstream eDiscovery and data governance implications. Mobile device policies tend to focus heavily on security considerations, with little attention given to how corporate communications can be preserved, collected, and/or produced should the need arise.Information use policies that require employees to use certain systems for work-related communications and collaboration do not always account for the realities of the business. Additional complexities include the proliferation of chat applications in the market, practical challenges collecting mobile device data (including forensic imaging in some cases), the co-mingling of personal and work data, and privacy implications.But while organizations have struggled to implement policies that address the full breadth of these challenges, eDiscovery obligations remain constant. Given the rise in the use of third-party applications for work communications (in some cases to potentially evade recordkeeping policies for more traditional tools like email), government agencies and regulators have increased scrutiny of how these systems are being used and managed. In doing so, they increasingly consider company policies that manage records and whether adequate controls are in place to ensure compliance. Both in-house and outside counsel have a responsibility to their clients to stay abreast of this increased scrutiny in order to advise them. In light of this responsibility, we are providing an overview of recent regulatory changes, as well as best practices for companies to survive within this new regulatory era. Focus on messaging apps by government agencies and regulators Until very recently, government agencies and regulators investigating companies have focused their attention on communications contained in traditional ”workplace” messaging applications, i.e., systems designed purely for business purposes. Regulated entities have recordkeeping requirements that mandate the retention of specific categories of records for a designated period of time, including communications, with penalties for record-keeping violations. Financial institutions have paid billions in SEC and Commodity Future Trading Commission penalties to settle related allegations. Private equity firms have been in the crosshairs as well. In an ironic twist, the SEC itself has been under scrutiny for similar behavior as members of the House Financial Services Committee and other House panels question whether the agency has suffered similar recordkeeping lapses, illustrating how widespread these apps are and how difficult it is to curtail their use. The 2022 Monaco Memo and subsequent sanctionsAmidst this backdrop, the Department of Justice ("DOJ") stepped up significantly with new directives and corporate compliance guidelines for personal mobile devices and third-party chat applications. In September 2022, Deputy Attorney General Lisa Monaco issued a memo to the DOJ Criminal Division to provide "best corporate practices regarding use of personal devices and third-party messaging platforms" in what has become known as the "Monaco Memo." Monaco stated, "[t]he ubiquity of personal smartphones, tablets, laptops, and other devices poses significant corporate compliance risks, particularly as to the ability of companies to monitor the use of such devices for misconduct and to recover relevant data from them during a subsequent investigation. The rise in use of third-party messaging platforms, including the use of ephemeral and encrypted messaging applications, poses a similar challenge." 2023 DOJ best practice guidelines and DOJ sanctions In February of 2023, the DOJ filed a memorandum in support of sanctions against a large technology company for alleged "intentional and repeated destruction of company chat logs" that the U.S. government sought to use in an antitrust case against the company. The DOJ filing indicated that the company set chats to delete after 24 hours. The Federal Rules of Civil Procedure required the company to suspend its standard retention upon notice of the government's legal action in 2019, which it did not do until it received notice of the 2023 motion for sanctions. In March of 2023, after those sanctions, the DOJ updated its Evaluation of Corporate Compliance Programs ("ECCP") to emphasize the importance of preserving business communications on personal devices, various communications platforms, and messaging applications, including those offering ephemeral messaging. In subsequent remarks announcing the 2023 ECCP best-practice guidelines, Assistant Attorney General Kenneth A. Polite, Jr. pointedly noted that when companies fail to produce communications for DOJ investigations, "a company's answers—or lack of answers—may very well affect the offer it receives to resolve criminal liability. So when crisis hits, let this be top of mind." The 2023 DOJ guidelines state that prosecutors will consider three factors when evaluating the adequacy of corporate policies governing the use of personal devices, communication platforms, and messaging applications: 1. Existing communication channels2. Policies governing the existing communication channels3. Whether the corporation is adequately communicating and consistently enforcing the policiesThese new DOJ guidelines significantly expand the scope of an organization's duty to preserve corporate communications. They create a new preservation duty targeted at business-wide compliance operations. Where internal legal departments may have struggled in the past to implement culture-changing mobile device policies, compliance teams may succeed in garnering the requisite executive buy-in.A path forward for organizationsAs law enforcement agencies and regulators continue to take a more rigorous stance towards messaging applications, companies will need to explore more expansive policies to comply with various obligations to retain and preserve data. But it’s a sticky problem for both sides to address, given the different capabilities of each system, incompatibility of certain tools with regulatory recordkeeping requirements, and the hard realities of today’s workplace. For some organizations, the risks of using certain third-party applications (including the inability of the organization to comply with certain regulatory requirements) simply does not outweigh the benefit to the business, and in these circumstances, companies might choose to not permit them. There may be legitimate business reasons for employees to use these apps—they are readily available, convenient, and provide certain security and data reduction benefits. However, organizations will need to weigh whether those benefits are worth the risk of possibly losing relevant data or enabling potentially nefarious behavior.Policies, procedures, and information governance—again “Guidance” and “controls” are the operative words here. For most businesses—and certainly for those in regulated industries or frequently subject to litigation—information governance and compliance functions only increase in importance as the datasphere continues to become more complex. Guidance: To reduce exposure and risk, businesses first need to consider the requirements they are subject to and clearly define their stance on the use of ephemeral data apps. It helps to have in place a solid information governance framework, with applicable written policies and procedures that reflect that stance. As with all data-related responsibilities, employees should be provided explicit guidance regarding personal devices and messaging tools during onboarding with continual reinforcement during routine training on policies and procedures that should be a part of any robust compliance program. Evidence of rigor in communicating to employees the appropriate use of these messaging platforms vis à vis data retention obligations can only be a benefit in case of an investigation or litigation. Controls: In addition, appropriate controls should be in place to monitor compliance and ensure required preservation, with effective means to handle non-compliance. If personal devices are approved for use, they should be subject to mobile device management (MDM), as well as policies and procedures that address their use to help ensure data safety and security.Realistically, whether or not a company allows the use of third-party apps doesn’t mean employees are sticking with the plan. It is the responsibility of the business to know what their employees are doing. Periodic testing and auditing of messaging applications is well-advised, and any employee misconduct in violation of company policies related to ephemeral messaging should be addressed and documented. Voluntarily self-disclosed misconduct can go a long way in mitigating potential damage and fines. Due consideration should also be given to whether there is the necessary IT infrastructure, resources, and budget to undertake surveillance of employee behavior and to respond to regulatory or legal requests for information, including proper implementation of a legal hold. If ephemeral messaging is allowed, can it be disabled in the event of potential litigation so that potentially relevant material is preserved? If not, there could be a problem.ConclusionThe datasphere is only going to become increasingly complex as more data-creation (and deletion) tools emerge. With regulatory recordkeeping and data retention mandates likely to remain in place, government agencies will continue to scrutinize third-party messaging applications. A robust information governance approach, as usual, is key. Companies with a defensible and effective electronic records retention policy that covers the legitimate use of messaging apps—with employees that are trained in related policies and procedures and how best to use them—will have the best chance of avoiding trouble and/or defending themselves against potential wrongdoing. chat-and-collaboration-data; forensicsforensicsdaniel black; jodi daniels
September 8, 2020
Blog

Google Drive: What Happened to Our Date?

Like most cloud-based productivity platforms, Google offers solutions for both home and business environments. Free for personal use applications such as Gmail, Google Docs, and Google Drive deliver a rich set of communication and Office-like functionality that have near feature parity with their commercial corporate-focused G Suite counterparts. From the perspective of evidence acquisition in the civil arena, we find a significant number of organizations bypassing the conventional Microsoft stack in favor of G Suite. These organizations tend to operate in the technology space including biotech, electronics, engineering, and all flavors of “garage” startups.While cloud platforms enable a limitless world of collaboration and information storage, they also introduce an alternative set of metadata that can trip up seasoned examiners and eDiscovery practitioners. This can be particularly problematic for metadata dates. Historically, determining the date of a file that moved between computers is quite simple; however, arriving at the “best” date for any given piece of cloud evidence can be a subjective exercise and is limited to metadata exposed and potentially altered by the cloud platform. In the following post, I’ll dive into how this issue arises so that practitioners and analysts can use the most accurate evidence date for their eDiscovery needs. A “document” in Google Docs is simply a set of records and field values stored in a database. This departs from the traditional concept of a document being contained in a stand-alone file on your computer’s desktop. Currently, to be reviewed alongside traditional ESI, a Google Doc (ie, a spreadsheet or presentation) must be pulled from Google’s database, converted into a traditional document file, and downloaded for processing and review.Thus, the handling of dates can become an issue for documents within G Suite. If a Microsoft (MS) Excel document is created by a user on their laptop, uploaded to Google Drive, edited in place, and then later downloaded for eDiscovery purposes, what is the document’s date? A typical MS Office (Excel, Word, PowerPoint, etc) document has three dates assigned by the file system (think: my laptop’s hard drive): Created, Modified, and Accessed. It also has up to three dates “embedded” inside the file itself: Created, Modified, and Last Printed. What happens when the Excel file makes a round trip to Google and back? With so many dates to choose from, it’s tough to pick just one!Before the upload to Google Drive, here are the file system dates for our MS Excel document. Notice that the file system is telling us the document was created on June 30, 2020, at 11:33 AM.And here are the embedded “application” dates. Note that “Date last saved” is essentially a “modified” date, and this document has not yet been printed. By looking at the application-level dates, we can also tell that the file was actually created at 11:04 AM, and then copied to its present location at 11:33 AM.After uploading to Google Drive, Google will assign its own Created and Modified dates to the item. You’ll notice in the graphic below that Google’s displayed Modified date of June 30 at 1:36 PM matches the Modified date of the original file. So far so good! But, take a look at Google’s recording of the Created Date: it’s been set by Google to simply “11:23 AM” on the date of the upload action (July 10, 2020.) Notice also that Google indicates the document was created “with Google Drive Web.”Now, let’s make an edit to the Excel file. There are two ways to accomplish this in Google Drive: 1) you can edit the document “in place” using Google Docs without abandoning the original MS Excel format, or 2) you can do a “Save As” and convert the document into Google Sheets format. In this example, we are going to use method #1 and make a couple of edits to our MS Excel file. Google Docs immediately auto saves the file for us. Let’s look at the dates.After editing in Google Drive, but leaving as Excel format, you’ll notice in the graphic below that Google’s Modified date has been changed to the time of the edit. This makes sense. The Created date, which Google previously set to the time of upload, remains the same.Let’s assume that this record is needed for e discovery purposes, and it is downloaded from Google Drive to a forensic examiner’s machine to pass along to the case team. When the file reaches the machine, the creation of the new file results in the following file system date values. Notice that they’ve all been changed to the date/time of the download action!However, if we take a look inside the Excel file at the embedded “application” dates, we notice that we have a creation date of 6/30/2020 at 11:04 AM that has remained unaltered throughout this entire process. However, the “Date last saved” is reflective of the time of the download action. We may have expected this date to be set to 11:27 AM, which was the time at which the document was edited in Google Drive, but it is unfortunately altered by the download action. The image on the right shows the “Info” tab from MS Excel itself, which indicates a blank value for “Last Modified.”Using the same Excel file, I will now choose to “Save as Google Sheets”.You’ll notice that the creation and modification timestamps in the graphic below have been set to the time at which the MS Excel file was converted to a Google Sheet. Google also indicates the application that created the document was “Google Sheets.”I made a couple of edits to the file in Google Sheets and then right clicked to download it to my workstation. First, Google converts the file from Google Sheets format into MS Excel format.chat-and-collaboration-data; information-governancecloud, g-suite, blog, chat-and-collaboration-data, information-governancecloud; g-suite; blogjosh headley
October 12, 2021
Blog

What Attorneys Should Know About Advanced AI in eDiscovery: A Brief Discussion

AI & Analytics
What does Artificial Intelligence (AI) mean to you? In the non-legal space, AI has taken a prominent role, influencing almost every facet of our day-to-day life – from how we socialize, to our medical care, to how we eat, to what we wear, and even how we choose our partners.In the eDiscovery space, AI has played a much more discreet but nonetheless important role. Its limited adoption so far is due, in part, to the fact that the legal industry tends to be much more risk averse than other industries. The innate trust we have placed in more advanced forms of AI technology in the non-legal world to help guide our decision making has not carried over to eDiscovery – partly because attorneys often feel that they don’t have the requisite technological expertise to explain the results to opposing counsel or judges. The result: most attorneys performing eDiscovery tasks are either not using AI technology at all or are using AI technology that is generations older than the technology currently being used in other industries. All this despite the fact that attorneys facing discovery requests today must regularly analyze mountains of complicated data under tight deadlines.One of the most prominent roles AI currently plays in eDiscovery is within technology assisted review (TAR). TAR uses “supervised” machine learning algorithms to classify documents for responsiveness based on human input. This classification allows attorneys to prioritize the most important documents for human review and, often, reduce the number of documents that need to be reviewed by humans. TAR has proven to be especially helpful in HSR Second Requests and other matters with demanding deadlines. However, the simple machine learning technology behind TAR is already decades old and has not been updated, even as AI technology has significantly advanced. This older AI technology is quickly becoming incapable of handing modern datasets, which are infinitely more voluminous and complicated than they were even five years ago.Because the legal industry is slower to adopt more advanced AI technology, many attorneys have a muddled view of what advanced AI technology exists, how it works, and how that technology can assist attorneys in eDiscovery today. That confusion becomes a significant detriment to modern attorneys, who must start being more comfortable with adopting and utilizing the more advanced AI tools available today if they stand a chance overcoming the increasingly complicated data challenges in eDiscovery. This confusion behind AI can also lead to a vicious cycle that further slows down technology adoption in the legal space: attorneys who lack confidence in their ability to understand available AI technology subsequently resist adoption of that technology; that lack of adoption then puts them even further behind the technology learning curve as technology continues to evolve. This is where legal technology companies with dedicated technology services can help. A good legal technology company will have staff on hand whose entire job it is to evaluate new technology and test its application and accuracy within modern datasets. Thus, an attorney who has no interest in becoming a technology expert just needs to be proficient enough to know the type of tools that might fit their needs – the right technology vendor can do the rest. Technology experts can also step in to help provide detailed explanations of how the technology works to stakeholders, as well as verify the outcome to skeptical opposing counsel and judges. Moreover, a good technology provider can also supply expert resources to perform much of the day-to-day utilization of the tool. In essence, a good legal technology vendor can become a trusted part of any attorney team – allowing attorneys to remain focused on the substantive legal issues they are facing. With that in mind, it’s important to “demystify” some common AI concepts used within the eDiscovery space and explain the benefits more advanced forms of AI technology can provide within eDiscovery. Once comfortable with the information provided here, readers can take a deeper dive into the advantages of leveraging advanced AI within TAR workflows in our full white paper – “TAR + Advanced AI: The Future is Now.” Armed with this information, attorneys can begin a more thoughtful conversation with stakeholders and legal technology companies regarding how to move forward with more advanced AI technology within their own practice.Demystifying AI Jargon in eDiscoveryAt its most basic, AI refers to the science of making intelligent machines – ones that can perform tasks traditionally performed by human beings. Therefore, AI is a broad field that encompasses many subfields and branches. The most relevant to eDiscovery are machine learning, deep learning, and natural language processing (NLP). As noted above, the technology behind legacy TAR workflows is supervised machine learning. Supervised machine learning uses human input to mimic the way humans learn through algorithms that are trained to make classifications and predictions. In contrast, deep learning eliminates some of that human training by automating the feature extraction process, which enables it to tackle larger datasets. NLP is a separate branch of machine learning that can understand text in context (in effect, it can better understand language the way humans understand it).The difference between the AI technology in legacy TAR workflows and more advanced AI tools lies in the fact that advanced AI tools use a combination of AI subsets and branches (machine learning, deep learning, and NLP) rather than just the supervised machine learning used in TAR. Understanding the Benefits of Advanced AIThis combination of AI subsets and branches used in advanced AI tools provides additional capabilities that are increasingly necessary to tackle modern datasets. These tools not only utilize the statistical prediction that supervised machine learning produces (which enables traditional TAR workflows), but also include the language and contextual understanding that deep learning and NLP provide. Deep learning and NLP technology also enable more advanced tools to look at all angles of a document (including metadata, data source, recipients, etc.) when making a prediction, rather than relying solely on text. Taking all context into consideration is increasingly important, especially when making privilege predictions that lead to expensive attorney review if a document is flagged for privilege. For example, with traditional TAR, the word “judge” in the phrases, “I don’t think the judge will like this!” on an email thread between two attorneys and, “Don’t judge me!” on a chat thread with 60 people regarding a fantasy football league will be classified the same way – because statistically, there is not much difference between how the word “judge” is placed within both sentences. However, newer tools that combine supervised machine learning with deep learning and NLP can learn the context of when the word “judge” is used as a noun (i.e., an adjudicator in a court of law) within an email thread with a small number of recipients versus when the word is being used as a verb on an informal chat thread with many recipients. The context of the data source and how words are used matters, and an advanced AI tool that leverages a combination of technologies can better understand that context.Using Advanced AI with TAROne common misconception regarding using newer, more advanced AI tools is that old workflows and models must go out the window. This is simply not true. While there may be some changes to review workflows due to the added efficiency generated by advanced AI tools (the ability to conduct privilege analysis simultaneously with responsive analysis, for example), attorneys can still use the traditional TAR 1.0 and TAR 2.0 workflows they are familiar with in combination with more advanced AI tools. Attorneys can still direct subject matter experts or reviewers to code documents, and the AI tool will learn from those decisions and predictive responsiveness, privilege, etc.The difference will be in the results. A more advanced AI tool’s predictions regarding privilege and responsiveness will be more accurate due to its ability to take nuance and context into consideration –leading to lower review costs and more accurate productions.ConclusionMany attorneys are still hesitant to move away from the older, AI eDiscovery tools they have used for the last decade. But today’s larger, more complicated datasets require more advanced AI tools. Attorneys who fear broadening their technology toolbox to include more advanced AI may find themselves struggling to stay within eDiscovery budgets, spending more time on finding and less time strategizing – and possibly even falling behind on their discovery obligations.But this fear and hesitancy can be overcome with education, transparency, and support from legal technology companies. Attorneys should look for the right technology partner who not only offers access to more advanced AI tools, but also provides implementation support and expert advisory services to help explain the technology and results to other stakeholders, opposing counsel, and judges.To learn more about the advantages of leveraging advanced AI within TAR workflows, download our white paper, “TAR + Advanced AI: The Future is Now.” And to discuss this topic more, feel free to connect with me at smoran@lighthouseglobal.com.ai-and-analytics; chat-and-collaboration-data; ediscovery-review; lighting-the-path-to-better-ediscoveryreview, ai-big-data, tar-predictive-coding, blog, ai-and-analytics, chat-and-collaboration-data, ediscovery-review,review; ai-big-data; tar-predictive-coding; blogai-analyticssarah moran
October 6, 2020
Blog

Trends Analysis: New Sources of Evidentiary Data in Employment Disputes

Below is a copy of a featured article written by Denisa Luchian for The Lawyer.com that features Lighthouse's John Shaw.A highlight of the challenges arising from the increased use of collaboration and messaging tools by employees in remote-work environments.Our “top trends” series was born out of a desire to help in-house lawyers with their horizon scanning and with assessing the potential risks heading their way. Each post focuses on a specific area, providing companies and their lawyers with quick summaries of some of the challenges heading their way.Our latest piece in the series looks at the top 3 trends in-house lawyers should take notice of in the area of employment disputes, and was carefully curated by one of our experts – Lighthouse director of business development John Shaw. The Covid-19 pandemic has affected every sector of law and litigation, and employment law is certainly no exception. From navigating an ever-changing web of COVID-19 compensation regulations, to ensuring workplaces are compliant with shifting government health guidelines – the last six months have been chaotic for most employers. But as we all begin to regain our footing in this “new normal”, there is another COVID-19-related challenge that employers should be wary of: the increased use of collaboration and messaging tools by employees in remote-work environments.This past spring, cloud-based collaboration tools like Slack and Microsoft’s Teams reported record levels of utilisation as companies around the world were forced to jettison physical offices to keep employees safe and comply with government advice. Collaboration tools can be critical assets to keep businesses running in a remote work environment but employers should be aware of the risks and challenges the data generated from these sources can pose from an employment and compliance perspective.Intermingling of personal and work-related data over chatAs most everyone has noticed by now, working remotely during a pandemic can blur the line between “work life” and “home life.” Employees may be replying to work chat messages on their phone while simultaneously supervising their child’s remote classroom, or participating in a video conference while their dog chases the postman in the background. Collaboration and chat messaging tools can blur this line even further. Use of chat messaging tools is at an all-time high as employees who lost the ability to catch up with co-workers at the office coffee station transition these types of casual conversation to work-based messaging tools. These tools also make it easy for employees to casually share non-work related pictures, gifs, and memes with co-workers directly from their mobile phone.The blurring line between home and work, as well as the increased use of work chat messaging can also lead to the adoption of more casual written language among employees. Most chat and collaboration tools have emojis built into their functionality, which only furthers this tendency. Without the benefit of facial expressions and social cues, interpretation of this more casual written communication style can vary greatly depending on age, context, or culture.All of this means that personal, non-work related conversations with a higher potential for misinterpretation or dispute are now being generated over employer-sanctioned tools and possibly retained by the company for years, becoming a part of the company’s digital footprint.Evidence gathering challengesEmployers should expect that much of the data and evidence needed in future employment disputes and investigations may originate from these new types of data sources. Searching for and collecting data from cloud-based collaboration tools can be a more complicated process than traditional searching of an employee’s email or laptop. Moreover, the actual evidence employers will be searching for may look different when coming from these data sources and require additional steps to make it reviewable. Rather than using search terms to examine an employee’s email for evidence of bad intent, employers may now be examining the employee’s emoji use or reactions to chat comments on Teams or Slack.Evidence for wage and hour disputes may also look a bit different in a completely remote environment. When employees report to a physical office, employers can traditionally look to data from building security or log-in/out times from office-based systems to verify the hours an employee worked. In a remote environment, gathering this type of evidence may be a bit more complex and involve collecting audit logs and data from a variety of different platforms and systems, including collaboration and chat tools. A company’s IT team or eDiscovery vendor will need to understand the underlying architecture of these tools and ensure they have the capacity to search, collect, and understand the data generated from them.Employer best practicesEmployers should consider implementing an employee policy around the use of collaboration tools and chat functionality, as well as a comprehensive data retention schedule that accounts for the data generated from these tools. Keep these plans updated and adjust as needed. Ensure IT teams or vendors know where data generated by employees from these new data sources is stored, and that they have the ability to access, search, and collect that data in the event of an employment dispute.chat-and-collaboration-data; microsoft-365microsoft, cloud, emerging-data-sources, blog, chat-and-collaboration-data, microsoft-365microsoft; cloud; emerging-data-sources; blogthe lawyer
October 19, 2022
Blog

To Reinvigorate Your Approach to Big Data, Catch the Advanced AI Wave

Emerging challenges with big data—large sets of structured or unstructured data that require specialized tools to decipher— have been well documented, with estimates of worldwide data consumed and created by 2025 reaching unfathomable volumes. However, these challenges present an opportunity for innovation. Over the past few years, we’ve seen a renaissance in AI products and solutions to help address and evolve past these issues. From smaller players creating bespoke algorithms to bigger technology companies developing solutions with broader applications, there are substantial opportunities to harness AI and rethink how to manage data.A recent announcement of Microsoft’s Syntex highlights the immense possibilities for, and investment in, leveraging AI to manage content and augment human expertise and knowledge. The new feature in Microsoft 365 promises advanced AI and automation to classify and extract information, process content, and help enforce security and compliance policies. But what do new solutions like this mean for eDiscovery and the legal industry?There are three key AI benefits reshaping the industry you should know about:1. Meeting the challenges of cloud and big data2. Transforming data strategies and workflows3. Accelerating through automationMeeting the challenges of cloud and big data Anyone close to a recent litigation or investigation has witnessed the challenge posed by today’s explosion of data—not just volume, but the variety, speed, and uncertainty of data. To meet this challenge, traditional approaches to eDiscovery need to be updated with more advanced analytics so teams can first make sense of data and then strategize from there. Simultaneous with the need to analyze post-export documents, it’s also clear that proactively managing an organization’s data is increasingly essential. Organizations across all industries must comply with an increasingly complex web of data privacy and retention regulations. To do so, it is imperative that they understand what data they are storing, map how that data flows throughout the organization, and have rules in place to govern the classification, deletion, retention, and protection of data that falls within certain regulated categories of data types. However, the rise of new collaboration platforms, cloud storage, and hybrid working have introduced new levels of data complexity and put pressure on information governance and compliance practices—making it impossible to use older, traditional means of information governance workflows. Leveraging automation and analytics driven by AI advances teams from a reactive to proactive posture. For example, teams can automate a classification system with advanced AI where it reads documents entering the organization’s digital ecosystem, classifies them, and labels them according to applicable sensitivity or retention categories implemented by the organization—all of which is organized under a taxonomy that can be searched later. This not only helps an organization better manage data and risks upfront—creating a more complete picture of the organization’s data landscape—but also informs better and more efficient strategies downstream. Transforming data strategies and workflows New AI capabilities give legal and data governance teams the freedom to think more holistically about their data and develop strategies and workflows that are updated to address their most pressing challenges. For eDiscovery, this does not necessarily mean discarding legacy workflows (such as those with TAR) that have proven valuable, but rather augmenting them with advanced AI, such as natural language processing or deep learning, which has capabilities to handle greater data complexity and provide insights to approach a matter with greater agility. But the rise of big data means that legal teams need to start thinking about the eDiscovery process more expansively. An effective eDiscovery program needs to start long before data collection for a specific matter or investigation and should contemplate the entire data life cycle. Otherwise, you will waste substantial time, money, and resources trying to search and export insurmountable volumes of data for review. You will also find yourself increasingly at risk for court sanctions and prolonged eDiscovery battles if your team is unprepared or ill-equipped to find and properly export, review, and produce the requested data within the required timeline. For compliance and information governance teams, this proactive approach to data has even greater implications since the data they’re handling is not restricted to specific matters. In both cases, AI can be leveraged to classify, organize, and analyze data as it emerges—which not only keeps it under control but also gives quicker access to vital information when teams need it during a matter.Advanced AI can be applied to analyze and organize data created and held by specific custodians who are likely to be pulled into litigation or investigations, giving eDiscovery teams an advantage when starting a matter. Similarly, sensitive or proprietary information can be collected, organized, and searched far more seamlessly so teams don’t waste time or resources when a matter emerges. This allows more time for case development and better strategic decisions early on.Accelerating through automation Data growth continues to show no signs of slowing, emphasizing the need for data governance systems that are scalable and automated. If not, organizations run the risk of expending valuable resources on continually updating programs to keep pace with data volumes and reanalyzing their key information.The best solutions allow experts in your organization to refine and adjust data retention policies and automation as the organization’s data evolves and regulations change. In today’s cloud-based world, automation is a necessity. For example, a patchwork of global and local data privacy regulations (GDPR, California’s CCPA, etc.) include restrictions related to the timely disposal of personal information after the business use for that data has ended. However, those restrictions often conflict with or are triggered by industry regulations that require companies to keep certain types of documents and data for specific periods of time. When you factor in the dynamic, voluminous, and complex cloud-based data infrastructure that most company’s now work within, it becomes obvious why a manual, employee-based approach to categorizing data for retention and disposal is no longer sustainable. AI automation can identify personal information as it enters the company’s system, immediately classify it as sensitive data, and label it with specific retention rules. This type of automation not only keeps organizations compliant, it also enables legal and data governance teams to support their organization’s growth—whether it’s through new products, services, or acquisitions—while keeping data risk at bay. Conclusion Advancements in AI are providing more precise and sophisticated solutions for the unremitting growth in data—if you know how to use them. For legal, data governance, and compliance teams, there are substantial opportunities to harness the robust creativity in AI to better manage, understand, and deploy data. Rather than be inhibited by endless data volumes and inflexible systems, AI can put their expertise to work and ultimately help to do better at the work that matters. practical-applications-of-ai-in-ediscovery; ai-and-analytics; chat-and-collaboration-data; microsoft-365; lighting-the-path-to-better-information-governancemicrosoft, ai-big-data, cloud-security, blog, record-management, ai-and-analytics, chat-and-collaboration-data, microsoft-365,microsoft; ai-big-data; cloud-security; blog; record-managementmitch montoya
July 22, 2020
Blog

Three Key Tips to Keep in Mind When Leveraging Corporate G Suite for eDiscovery

In the eDiscovery space, we are always spotting new trends. Our industry has seen text messages, chat message platforms, websites, and various unstructured data sources become increasingly relevant during discovery. Over the past several years, we have started to see another new trend emerge - many of our clients are using Corporate G Suite rather than Office 365.The use of emerging technologies is part of everyday life for many companies in the space. However, we are beginning to see established biotech, healthcare, manufacturing, and retailers shift to G Suite, an area that was once almost exclusively dominated by on-prem Microsoft products. This transition introduces some new considerations around managing discovery. In this post, we talk about three impacts that G Suite data has on downstream eDiscovery workflows, and the need to factor these items into your discovery plan. Recipient Metadata: Gmail renders email header information in a unique format. While the last-in-time email in a given string will have all expected sender and recipient information (From, To, CC, BCC), all other previous messages exchanged in the email string will display only the sender information and will not display the recipient information. This is not a collection, processing, metadata, or threading issue. Rather, this relates to how Gmail stores and exports recipient information. This presents some unique document review challenges, as previous parts of the thread could include recipients that are not visible to the reviewer, and may include attorneys who have sent privileged communications. As a result, it is important to work closely with your project management team to create workflows related to Gmail. ‚ÄçLinks: Historically, we have all attached copies of documents (e.g. Word, Excel, and PowerPoint files) to an email during the normal course of business. Due to the emergence of technologies such as SharePoint and Google Drive, we now have the ability to send emails with embedded links that reference documents rather than attaching the document itself. When Gmail is exported from Google Vault, the documents referenced in links embedded throughout email exchanges are not exported. As a result, reviewers will encounter these links, but will be unable to readily view the corresponding document referenced in said link. At present, Google Vault does not allow for the mass search and export of these links. However, you do have the ability to manually pull documents referenced in these links. You should be mindful of this issue when drafting your ESI protocol, as opposing parties and regulators may request that your company retrieve these documents.‚ÄçExported Load File: Unlike a standard PST export, when you export a mailbox or set of documents from Google Vault, you have the ability to retrieve a corresponding load file that contains metadata captured in G Suite. Sometimes, the date-related metadata extracted during processing, will not align with dates exported from G Suite. There are a variety of legitimate reasons for this. You will need to determine if you want to produce the date metadata extracted from the processing platform, date values exported from Vault, or both.All of the above items are manageable when in-house legal teams, outside counsel, and eDiscovery vendors work together to proactively implement appropriate downstream eDiscovery workflows. If you have experience with G Suite data or thoughts on managing the discovery of G Suite data, please reach out to me at ashier@lighthouseglobal.com.chat-and-collaboration-data; information-governancechat-and-collaboration-data, information-governanceemerging-data-sources; g-suite; preservation-and-collection; blogalison shier
March 26, 2021
Blog

The Impact of Schrems II & Key Considerations for Companies Using M365: The Future

The Schrems II decision invalidated the EU-US Privacy Shield – the umbrella regulation under which companies have been transferring data for the last half-decade. In earlier parts of this four-part series, we described the impact of the Schrems decision, discussed how companies should evaluate their risk in using cloud technologies, and took a deeper dive on M365 in light of Schrems II. In sum, if you are a global business that previously relied upon Standard Contractual Clauses (SCCs) to transfer data, there is no clear guidance on what to do currently.It is even murkier in a cloud environment because the location of the data is not as transparent. Fortunately, there are ways to undertake a risk assessment to determine whether to proceed with any new cloud implementations. In the case of Microsoft products, there is also additional support from Microsoft with changes in its standard contractual terms and features in the product to mitigate some risks. Even so, many companies are holding off making any changes because the legal landscape is evolving. In this final part, we opine on what the future may hold. We can expect in the first half of this year that the European Commission will finalise the amended SCCs. We can anticipate that the EDPB will also produce another draft of its recommendations concerning data transfers. We should see plenty of risk assessments taking place. Even for companies adopting a “wait and see” policy in terms of taking significant steps, those companies should still be looking at their data transfers and carrying out risk assessments to make sure they are as well placed as possible for the moment when the draft SCCs and EDPB guidance are finalised.It would not be a surprise to see Microsoft continue to expand and develop M365 so that it offers yet more services that could be used as technical measures to reduce the risk around data transfers. These changes would strengthen the position of any company doing business between Europe and the US using M365.We do not have a crystal ball, and like many of you, are eager to see what happens next in this space. We will continue to monitor and keep you up to date with developments and our thoughts. If you have any questions in the meantime, feel free to reach out to us at info@lighthouseglobal.com.data-privacy; microsoft-365; information-governance; chat-and-collaboration-datamicrosoft, cloud, data-privacy, blog, law-firm, data-privacy, microsoft-365, information-governance, chat-and-collaboration-datamicrosoft; cloud; data-privacy; blog; law-firmlighthouse
November 20, 2020
Blog

The Sinister Six…Challenges of Working with Large Data Sets

Collectively, we have sent an average of 306.4 billion emails each day in 2020. Add to that 23 billion text messages and other messaging apps, and you get roughly 41 million messages sent every minute[1]. Not surprisingly, there have been at least one or two articles written about expanding data volumes and the corresponding impact on discovery. I’ve also seen the occasional post discussing how the methods by which we communicate are changing and how “apps that weren’t built with discovery in mind” are now complicating our daily lives. I figured there is room for at least one more big data post. Here I’ll outline some of the specific challenges we’ll continue to face in our “new normal,” all while teasing what I’m sure will be a much more interesting post that gets into the solutions that will address these challenges.Without further delay, here are six challenges we face when working with large data sets and some insights into how we can address these through data re-use, AI, and big data analytics:Sensitive PII / SHI - The combination of expanding data volumes, data sources, and increasing regulation covering the transmission and production of sensitive personally identifiable information (PII) and sensitive health information (SHI) presents several unique challenges. Organizations must be able to quickly respond to Data Subject Access Requests (DSARs), which require that they be able to efficiently locate and identify data sources that contain this information. When responding to regulatory activity or producing in the course of litigation, the redaction of this content is often required. For example, DOJ second requests require the redaction of non-responsive sensitive PII and/or SHI prior to production. For years, we have relied on solutions based on Regular Expressions (RegEx) to identify this content. While useful, these solutions provide somewhat limited accuracy. With improvements in AI and big data analytics come new approaches to identifying sensitive content, both at the source and further downstream during the discovery process. These improvements will establish a foundation for increased accuracy, as well as the potential for proactively identifying sensitive information as opposed to looking for it reactively.Proprietary Information - As our society becomes more technologically enabled, we’re experiencing a proliferation of solutions that impact every part of our life. It seems everything nowadays is collecting data in some fashion with the promise of improving some quality of life aspect. This, combined with the expanding ways in which we communicate means that proprietary information, like source code, may be transmitted in a multitude of ways. Further, proprietary formulas, client contacts, customer lists, and other categories of trade secrets must be closely safeguarded. Just as we have to be vigilant in protecting sensitive personal and health information from inadvertent discloser, organizations need to protect their proprietary information as well. Some of the same techniques we’re going to see leveraged to combat the inadvertent disclosure of sensitive personal and health information can be leveraged to identify source code within document populations and ensure that it is handled and secured appropriately.Privilege - Every discovery effort is first aimed at identifying information relevant to the matter at hand, and second to ensure that no privileged information is inadvertently produced. That is… not new information. As we’ve seen the rise in predictive analytics, and, for those that have adopted it, a substantial rise in efficiency and positive impact on discovery costs, the identification of privileged content has remained largely an effort centered on search terms and manual review. This has started to change in recent years as solutions become available that promise a similar output to TAR-based responsiveness workflows. The challenge with privilege is that the identification process relies more heavily on “who” is communicating than “what” is being communicated. The primary TAR solutions on the market are text-based classification engines that focus on the substantive portion of conversations (i.e. the “what” portion of the above statement). Improvments in big data analytics mean we can evaluate document properties beyond text to ensure the “who” component is weighted appropriately in the predictive engine. This, combined with the potential for data re-use supported through big data solutions, promises to substantially increase our ability to accurately identify privileged, and not privileged, content.Responsiveness - Predictive coding and continuous active learning are going to be major innovations in the electronic discovery industry…would have been a catchy lead-in five years ago. They’re here, they have been here, and adoption continues to increase, yet it’s still not at the point where it should be, in my opinion. TAR-based solutions are amazing for their capacity to streamline review and to materially impact the manual effort required to parse data sets. Traditionally, however, existing solutions leverage a single algorithm that evaluates only the text of documents. Additionally, for the most part, we re-create the wheel on every matter. We create a new classifier, review documents, train the algorithm, rinse, and repeat. Inherent in this process is the requirement that we evaluate a broad data set - so even items that have a slim to no chance of being relevant are included as part of the process. But there’s more we can be doing on that front. Increases in AI and big data capabilities mean that we have access to more tools than we did five years ago. These solutions are foundational for enabling a world in which we continue to leverage learning from previous matters on each new future matter. Because we now have the ability to evaluate a document comprehensively, we can predict with high accuracy populations that should be subject to TAR-based workflows and those that should simply be sampled and set aside.Key Docs - Variations of the following phrase have been uttered time and again by numerous people (most often those paying discovery bills or allocating resources to the cause), “I’m going to spend a huge amount of time and money to parse through millions of documents to find the 10-20 that I need to make my case.” They’re not wrong. The challenge here is that what is deemed “key” or “hot” in one matter for an organization may not be similar to that which falls into the same category on another. Current TAR-based solutions that focus exclusively on text lay the foundation for honing in on key documents across engagements involving similar subject matter. Big data solutions, on the other hand, offer the capacity to learn over time and to develop classifiers, based on more than just text, that can be repurposed at the organizational and, potentially, industry level.Risk - Whether related to sensitive, proprietary, or privileged information, every discovery effort utilizes risk-mitigation strategies in some capacity. This, quite obviously, extends to source data with increasing emphasis on comprehensive records management, data loss prevention, and threat management strategies. Improvements in our ability to accurately identify and classify these categories during discovery can have a positive impact on left-side EDRM functional areas as well. Organizations are not only challenged with identifying this content through the course of discovery, but also in understanding where it resides at the source and ensuring that they have appropriate mechanisms to identify, collect and secure it. Advances in AI and big data analytics will enable more comprehensive discovery programs that leverage the identification of these data types downstream to improve upstream processes.As I alluded to above, these big data challenges can be addressed with the use of AI, analytics, data reuse, and more. Now that I have summarized some of the challenges many of you are already tasked with dealing with on a day-to-day basis, you can learn more about actual solutions to these challenges. Check out my colleague’s write up on how AI and analytics can help you gain a holistic view of your data.To discuss this topic more or to ask questions, feel free to reach out to me at NSchreiner@lighthouseglobal.com.[1] Metrics courtesy of Statistachat-and-collaboration-data; ai-and-analyticsprivilege, analytics, ai-big-data, data-re-use, phi, pii, blog, chat-and-collaboration-data, ai-and-analyticsprivilege; analytics; ai-big-data; data-re-use; phi; pii; blognick schreiner
December 21, 2021
Blog

Rethinking the EDRM for Today’s Evolving eDiscovery Data Landscape

The approach of a new year is often a good time to step back and take stock of the eDiscovery industry, so that we can be better prepared to move forward. One of the most dramatic changes over the past few years has been the seismic shift across the legal and corporate data landscapes. That shift has slowly been expanding the concept of eDiscovery beyond a single-litigation focus, to encompass data governance, data privacy and security, and an overall more holistic, strategic approach to review and analysis.As we prepare to move forward in this brave new world, it’s important to understand how those industry changes affect the traditional framework of the eDiscovery process: the Electronic Discovery Reference Model (EDRM). Recently, I was lucky enough to join a panel of industry experts, including Microsoft’s EJ Bastien, TracyAnn Eggen from CommonSpirit Health, and Lighthouse’s Sarah Barsky-Harlan, to dive deeper into that specific issue. Together, we tackled questions like: Does the EDRM still apply in today’s more complex eDiscovery environment? If so, how is the evolving data and eDiscovery landscape reshaping how organizations and law firms think about the EDRM? How can the EDRM be used to meet today’s more complex communication, data, and business challenges?Below are some of the key themes and ideas that emanated from that discussion: A Brave New Data World: Dynamic Changes in eDiscoverySince its inception, the EDRM has been the industry’s standard approach to the eDiscovery process (i.e., identification, collection, processing, review, analysis, and production of electronically stored information (ESI)). However, what we’re seeing today is that organizations and law firms now must think about eDiscovery in much broader terms than that traditionally very linear method. There are three primary reasons for this change:New cloud-based and Software as a Service (SaaS) systems: Enterprise systems are not nearly as controlled by the underlying organization as they used to be. Even five years ago, IT departments could more closely manage what software was installed, as well as when, how, and what upgrades were rolled out. Now those updates and installations are managed by cloud providers, with upgrades rolling out on an almost weekly basis – often with no notice to the organization. All those changes have downstream eDiscovery impacts, which must be dealt with at each stage of the EDRM process.New data formats: Data is no longer structured in the traditional document “family” of an email parent with attachment children. The shift to chat and collaboration platforms within organizations means that communications and workflows generate more data across multiple data sources and are much more fluid and informal. For instance, instead of an employee working on a static document saved on a desktop and then passing that document back and forth to co-workers via email, those employees may work on that document together while it’s saved on a cloud-based collaboration platform, chat about it via an in-office chat application, post updates on it via the collaboration tool channel, as well as email copies back and forth to each other. This means counsel must analyze how relevant data ties together and analyze the relationships between data sources in order to understand the full story of a communication during an investigation or litigation.New capabilities with eDiscovery technology: There are many new types of capabilities that are native to enterprise systems, as well as new types of analytics and artificial intelligence (AI) that can handle more data at scale. These new capabilities are allowing case teams to leverage past data on new cases and get to key data more quickly in the EDRM process. The Impact: How Those Changes Affect the EDRM FrameworkThinking of the EDRM as a monolithic linear process that flows straight from beginning (collection) to end (production) does not fit the way eDiscovery takes place in practice anymore. There is a world of complexity within each step of the EDRM – one that is highly dependent on the data source. And the decisions made along the way for each data source at each new step will impact what happens next – often in a non-linear fashion: Sometimes that next step will send practitioners back to collection again, because they found another data source during review. Sometimes review takes place simultaneously with collection or processing phases, depending on the data source and those newer capabilities discussed above. In short, the old model of collecting all data, exporting it all, and then reviewing it all, in large chunks, one step at a time, is no longer applicable nor practical.Instead, a “mini-EDRM” framework might make more sense, where organizations prepare workflows for the preservation, collection, processing, and review of each particular data source. Thinking of the EDRM in this way also helps the framework stay relevant and future-proof as practitioners deal with the sea-change happening across our data landscape. Practitioners need to be agile enough to handle new data sources as they pop up, for each step of the EDRM process, and then be prepared to do it all over again when someone in a deposition mentions another new data source, and to adapt it when something changes in the data source. A mini-EDRM framework would help organizations and practitioners better meet those challenges.The EDRM and Data-in-PlaceAs noted above, the eDiscovery process is now much broader and has much more of an impact on organizational information governance and data-in-place than ever before. This presents an opportunity to use learnings from across the EDRM to more effectively manage data “to the left” of that traditional process. For example, if a particular data source was problematic during review, that information can be disseminated at the organizational level and help inform how that source is used within the organization moving forward. Or if practitioners notice a large volume of irrelevant data during review that shouldn’t exist in the system at all, that information can be used to redraft document retention policies. In this way, eDiscovery (and the EDRM framework) can now be a force for change over the entire organization.Thinking Beyond a Single MatterIn today’s more dynamic and voluminous data landscape, the work we did in the past is more valuable than ever before and it can be used to inform and impact current processes across the EDRM.This can come in the form of people and institutional knowledge: experienced and consistent staff and outside partners are an invaluable resource. These organizational experts can use their understanding and experience with an organization’s past matters, system architecture, data sources, workflows etc. to improve eDiscovery efficiency and solve current problems more effectively. It can also come in the form of technology: when the EDRM first evolved, data analytics were a much heavier lift. The process and tools were expensive and the amount of data that they could be applied to was much smaller than today. Advancements in AI capabilities now allow us to analyze much larger volumes of data with much more accurate results. Thus, this newer, advanced AI technology is now capable of leveraging the goldmine of millions of previous decisions made by attorneys on an organization’s past matters. That work product is baked into the data, and advanced AI can use it to make more accurate decisions on current data at a much larger scale than ever before.Tips to Keep the EDRM Applicable in an Evolving Data LandscapeStrive to retain institutional knowledge across matters: The constantly evolving eDiscovery landscape makes continuity and retaining institutional knowledge incredibly important. Starting from scratch each time you confront a new data source or problem along the EDRM is no longer practical with today’s diversified and larger data volumes. Work to cultivate valuable partners and staff who will work to understand your organization’s data architecture, as well as the eDiscovery workflows that are effective within your environment.Lean on your peers: Chances are, if you’re facing a problem with a challenging data source at one stage of the EDRM, someone in your peer group has also faced the same or a similar problem. Don’t be afraid to reach out and ask folks to benchmark. Peer experience can help each practitioner learn and move forward, solving challenging industry problems along the way.Open the lines of communication: Because the EDRM process is much more iterative and each step impacts other steps, it is incredibly important that the people working on those steps do not work in silos. Everyone should know the downstream impacts of their decisions and workflows.Test… and test again: Employ a testing framework to test the impact of eDiscovery workflows on the underlying platforms, and then have a feedback loop to apply changes. This will ensure your eDiscovery program is forward-thinking, as opposed to reactive. Automate where possible: When striving for repeatable, defensible eDiscovery processes, predictability is key. And automation, when feasible, is a great way to achieve that predictability. Automating workflows across the EDRM will not only help improve efficiency and lower costs, it will also help minimize risk and keep your eDiscovery program defensible.information-governance; ediscovery-review; chat-and-collaboration-datacloud, analytics, information-governance, ediscovery-process, blog, information-governance, ediscovery-review, chat-and-collaboration-data,cloud; analytics; information-governance; ediscovery-process; bloglighthouse
March 30, 2022
Blog

New Opportunities, New Risks: A Disrupted Workforce Reshapes the Data Landscape

In case the complexities of corporate data weren’t creating enough turbulence to keep corporate and legal teams up at night, along comes a prolonged pandemic to really shake things up. Because now, a complex data landscape has also become a complex employee landscape.What has been dubbed the “great resignation” (approximately 38 million workers voluntarily quit their jobs in 2021) has left many companies shaken as they struggle to adapt their organizations to a reconfigured and remote workforce. With little time to plan for the risks and contingencies such a seismic shift would normally entail, companies are now playing catch-up, seeking ways to ensure proper data management, better responses to fast-moving litigation and internal investigations, and enhanced security as they grapple with offsite employees, transformative applications, and the impact of an exodus that may have caused company data to escape its bounds.These unique circumstances present a number of challenges for companies and their legal teams alike. In a webinar with Today’s General Counsel, I was pleased to join Scott McVeigh, industry principal from Onna, to discuss the ways in which many companies have been affected. We looked at the recent workplace disruption and considered the impact: What data risks have emerged or intensified? What efficiencies or advantages? What areas of the company data environment deserve renewed focus? What steps can internal teams take to help ensure that data concerns are addressed and legal imperatives met? A Shift to Remote Work Accelerates Transition to the CloudPrior to the pandemic, an estimated 20% of the U.S workforce was working remotely. By December, 2020, that number had increased to 71%. Even with offices now deemed safer as the pandemic wanes, it is anticipated that more than 51% of the U.S. workforce will continue to be remote or hybrid.The impact of this shift has already been profound, reshaping the use, format, and storage of data. As many as 81% of organizations say the pandemic accelerated their cloud timelines as they raced to engage with new tools and applications that flooded the market to accommodate the remote workforce. Online collaboration has now become the new normal, with document sharing apps, chat functionalities, and web conferencing becoming the dominant forces that underpin daily work. Enhanced Collaboration — A Mixed Blessing While this shift may have resulted in some efficiencies as more informal practices took hold, the explosion of collaborative data technologies has also created significant challenges, especially for data and records management, security, and legal teams. As a result, some important enterprise areas are ripe for renewed attention and innovation:Information governance models: The disrupted workforce has made information governance efforts more complicated—and more necessary. Remote collaboration and sharing applications mean more data in more places, making it harder for internal teams to create and maintain a cohesive vision of the data landscape to contain and control growing data volumes.Rapid data growth from both authorized and unauthorized tools and new forms of communication (think gifs, memes, and emojis) makes it easier for data to proliferate, morph, even disappear, which may call for modified or additional policies and procedures. From a data security standpoint, privacy breaches coupled with other security stressors are magnified as siloed data, a perennial problem, pressure-tests existing processes and policies.eDiscovery and preservation imperatives: In the implementation of cloud applications, preserving and collecting data in a defensible manner has not been a top priority. More tools enabling informal, dispersed, and fluid content challenge the paradigm of traditional collection and review. Where is a particular kind of data living and who controls it? Who is the custodian or author of content in shared collaborative spaces? With so many new data types, what is now the definition of a “document” or a conversation?Employee transitioning: As employees moved offsite or departed during the pandemic, company data may have gone with them — if not through malicious exfiltration, then just because HR and IT, with reduced teams as well, could not keep up with the onboarding and offboarding process. One top concern for organizations is that the lost data or IP could have gone to a competitor. Training requirements: With workers at a distance, training on company privacy, security, and preservation policies — which should be intensifying — may be taking a back seat to other business priorities impacted by the pandemic. Too, cultivating a data-sensitive culture is now more difficult with employees often untethered from the norms of company data access and storage and little to no face-to-face interaction with other employees and their own managers. Law Firms and Legal Departments Not Exempt from DisruptionTo complicate matters, as companies were transformed by the pandemic, so too were the law firms and legal departments that support them. Already in a state of flux, the legal market was highly impacted by both employee departures and the migration to remote work, relatively foreign to an entrenched in-office culture. Lack of attention to document management, often a law firm weakness, has just added fuel to the fire.The resignation-induced talent drain has likely affected workflows, adding to inefficiencies and duplicative work as corporate and legal knowledge, both in-house and outside, dissipated with the overall disruption of formerly routine processes and responsibilities. It has certainly impacted eDiscovery processes; legal professionals are still working to master the art of conducting discovery remotely from cloud-based data sources.Bucking the Trends: Take These Steps to Reduce RiskThe disrupted workplace calls for renewed diligence, nimbleness, and a certain amount of creativity on the part of internal teams responsible for data and its management. Most of all, it requires rigorous attention to potential risks exacerbated by a still-evolving landscape.Here are some important steps companies can take to reduce risk: Scrutinize what may now be a very different data landscape. As in pre-pandemic times, knowing where data resides and in what format is a big part of the battle. With new tools and cloud storage locations making everything even more complex, thinking through applications and the data they generate before they roll out can save time, effort, and grief down the line. Analyze: Who uses what applications? Where does the data go and how is it stored? Who has control over it? From an eDiscovery standpoint, with so much data in play, it pays to scale efforts to potential returns; focusing on the most-used data sources is more fruitful than “boiling the ocean.” Cultivate stakeholder partnerships. As the workforce transforms, partnerships among internal stakeholders, especially IT, compliance, data privacy, records management, and information security teams — in close coordination with business units — are more important than ever in controlling how and by whom data is created and used. Corporate silos only enhance risk, especially when workers are remote and unsanctioned applications may be proliferating. Remember, though, that data initiatives are most effective when they come from the top, especially if funding is required. Engage the C-suite as much as possible. Improve information governance capabilities. As data pools from multiple collaborative sources and cloud applications proliferate, making prior linear processes cumbersome and expensive, a shift in focus to the left side of the Electronic Discovery Reference Model (EDRM) makes even more sense now. With the right cloud-based tools and services, as well as good information governance models, teams can perform better upstream and reduce downstream costs.Foster a culture of data awareness and protection. Training, training, training — for both current and incoming employees — is critical. Sound policies mean nothing if employees are unaware of or don’t abide by them or don’t understand the nature of the risk they are meant to address. Educate employees on data “ownership” best practices. Encourage sound data hygiene and enhance onboarding and offboarding procedures to take data risks into account, especially those related to preservation imperatives. Remember that inbound data from new employees that works its way into the company can be just as problematic as data exfiltration. Review and, if necessary, update records management policies. Records management policies should be considered programmatically to align with the nature of the business. Reducing company exposure by updating policy gaps that may be caused by evolving privacy regulations (e.g., GDPR, CCPA/CPRA, etc.) should be a top priority for any company’s records and data management teams. Remember that training goes hand in hand with any policy changes.Engage experts where you need them. Data complexities of today, especially related to privacy and security, may require the expertise beyond that routinely found in-house. Be sure to work with providers and experts well-versed in today’s challenges.Leverage technology where possible, with expertise in mind. Various data automation tools can provide the power to import, manage, and modify records in ways never before possible. AI and categorization tools can be used to assess data in place, potentially mitigating the need for linear collection, processing, and review of data in discovery. Automated tools can enable a more managed examination of departing employee data. But technology not carefully deployed or without the right experts behind the scenes can diminish the potential benefits. Know what questions to ask. Be an informed and thoughtful user: implement wisely. If you are interested in this topic, feel free to reach out to me at dblack@lighthouseglobal.com. chat-and-collaboration-data; forensics; information-governanceemerging-data-sources, cloud-security, red-flag-reporting, departing-onboarding-employee, pii, blog, record-management, risk-management, chat-and-collaboration-data, forensics, information-governance,emerging-data-sources; cloud-security; red-flag-reporting; departing-onboarding-employee; pii; blog; record-management; risk-managementdaniel black
March 4, 2021
Blog

Mitigating eDiscovery Risk of Collaboration Tools

Below is a copy of a featured article written by Kimberly Quan of Juniper Networks and John Del Piero of Lighthouse for Bloomberg Law.Whether it's Teams, Slack, Zendesk, GChat, ServiceNow, or similar solutions that have popped up in the market over the last few years, collaboration and workflow platforms have arrived. According to Bloomberg Law's 2020 Legal Technology Survey, collaboration tools are being used by 77% of in-house and 44% of law firm attorneys. These tools are even more widely used by workers outside of the legal field.With many companies planning to make remote working a permanent fixture, we can expect the existing collaboration tools to become even more entrenched and new competitors to arrive on the scene with similarly disruptive technologies.This will be a double-edged sword for compliance and in-house legal teams, who want to encourage technology that improves employee productivity, but are also wary of the potential information governance and eDiscovery risks arising because of these new data sources. This article explains the risks these tools can pose to organizations and provides a three-step approach to help mitigate those risks.Understand Litigation and Investigation RiskThe colloquial and informal nature of collaborative tools creates inherent risk to organizations, much like the move from formal memos to email did 20 years ago. Communications that once occurred orally in the office or over the phone are now written and tracked, logged, and potentially discoverable. However, a corporation's ability to retain, preserve, and collect these materials may be unknown or impossible, depending on the initial licensing structure the employee or the company has entered into or the fact that many new tools do not include features to support data retention, preservation, or collection.Government agencies and plaintiffs’ firms have an eye on these new applications and platforms and will ask specifically about how companies and even individual custodians use them during investigations and litigations. Rest assured that if a custodian indicates during an interview or deposition that she used the chat function in a tool like Teams or Slack, for example, to work on issues relevant to the litigation, opposing counsel will ask for those chat records in discovery. Organizations can mitigate the risk of falling down on their eDiscovery obligations because of the challenges posed bycollaboration tool data using this three-step approach:Designate personnel in information technology (IT) and legal departments to work together to vet platforms and providers.Develop clear policies that are regularly reviewed for necessary updates and communicated to the platform users.Ensure internal or external resources are in place to monitor the changes in the tools and manage associated retention, collection, and downstream eDiscovery issues.Each of these steps is outlined further below.Designate IT & Legal Personnel to Vet Platforms and Providers‍Workers, especially those in the tech industry, naturally want to be free to use whatever technology allows them to effectively collaborate on projects and quickly share information.However, many of these tools were not designed with legal or eDiscovery tasks in mind, and therefore can pose challenges around the retention, preservation and collection of the data they generate.Companies must carefully vet the business case for any new collaboration tool before it is deployed. This vetting process should entail much more than simply evaluating how well the tool or platform can facilitate communication and collaboration between workers. It also involves designating personnel from both legal and IT to work together to evaluate the eDiscovery and compliance risks a new tool may pose to an organization before it is deployed.The importance of having personnel from both legal and IT involved from the outset cannot be understated. These two teams have different sets of priorities and can evaluate eDiscovery risks from two different vantage points. Bringing them together to vet a new collaboration tool prior to deployment will help to ensure that all information governance and eDiscovery downstream effects are considered and that any risks taken are deliberate and understood by the organization in advance of deployment. This collaborative team can also ensure that preservation and discovery workflows are tested and in place before employees begin using the tool.Once established, this dedicated collaborative IT and legal team can continue to serve the organization by meeting regularly to stay abreast of any looming legal and compliance risks related to data generation. For example, this type of team can also evaluate the risks around planned organizational technology changes, such as cloud migrations, or develop workflows to deal with the ramifications of the near-constant stream of updates that roll out automatically for most cloud-based collaborative tools.Develop Clear Policies That Are Regularly Reviewed‍The number of collaborative platforms that exist in the market is ever evolving, and it is tempting for organizations to allow employees to use whatever tool makes their work the easiest. But, as shown above, allowing employees to use tools that have not been properly vetted can create substantial eDiscovery and compliance risks for the organization.Companies must develop clear policies around employee use of collaborative platforms in order to mitigate those risks. Organizations have different capabilities in restricting user access to these types of platforms. Historically, technology companies have embraced a culture where innovation is more important than limiting employees’ access to the latest technology. More regulated companies, like pharmaceuticals, financial services, and energy companies, have tended to create a more restrictive environment. One of the most successful approaches, no matter the environment or industry, is to establish policies that restrict implementation of new tools while still providing users an avenue to get a technology approved for corporate use after appropriate vetting.These policies should have clear language around the use of collaboration and messaging tools and should be frequently communicated to all employees. They should also be written using language that does not require updating every time anew tool or application is launched on the market. For instance, a policy that restricts the work-related use of a broad category of messaging tools, like ephemeral messaging applications, also known as self-destructing messaging applications, is more effective than a policy that restricts the use of a specific application, like Snapchat. The popularity of messaging tools can change every few months, quickly leading to outdated and ineffective policies if the right language is not used.Make sure employees not only understand the policy, but also understand why the policy is in place. Explain the security, compliance, and litigation-related risks certain types of applications pose to the organization and encourage employees to reach out with questions or before using a new type of technology.Further, as always with any policy, consider how to audit and police its compliance. Having a policy that isn't enforced issometimes worse than having no policy at all.Implement Resources to Manage Changes in Tools‍Most collaboration tools are cloud-based, meaning technology updates can roll out on a near-constant basis. Small updates and changes may roll out weekly, while large systemic updates may roll out less frequently but include hundreds of changes and updates. These changes may pose security, collection, and review challenges, and can leave legal teams unprepared to respond to preservation and production requests from government agencies or opposing counsel. In addition, this can make third-party tools on which companies currently rely for specific retention and collection methodologies obsolete overnight.For example, an update that changes the process for permissions and access to channels and chats on a collaborative platform like Teams may seem like a minor modification. However, if this type of update is rolled out without legal and IT team awareness, it may mean that employees who formerly didn't have access to a certain chat function may now be able to generate discoverable data without any mechanism for preservation or collection in place.The risks these updates pose mean that is imperative for organizations to have a framework in place to monitor and manage cloud-based updates and changes. How that framework looks will depend on the size of the organization and the expertise and resources it has on hand. Some organizations will have the resources to create a team solely dedicated to monitoring updates and evaluating the impact of those updates. Other organizations with limited internal access to the type of expertise required or those that cannot dedicate the resources required for this task may find that the best approach is to hire an external vendor that can perform this duty for the organization.When confronted with the need to collect, process, review, and produce data from collaboration tools due to an impending litigation or investigation, an organization may find it beneficial to partner with someone with the expertise to handle the challenges these types of tools present during those processes. Full-scale, cloud-based collaboration tools like Microsoft Teams and Slack are fantastic for workers because of their ability to combine almost every aspect of work into a single, integrated interface. Chat messaging, conference calling, calendar scheduling, and group document editing are all at your fingertips and interconnected within one application. However, this aspect is precisely why these tools can be difficult to collect, review, and produce from an eDiscovery perspective.With platforms like Teams, several underlying applications, such as chat, video calls, and calendars, are now tied together through a backend of databases and repositories. This makes a seemingly simple task like “produce by custodian” or “review a conversation thread” relatively difficult if you haven't prepared or are not equipped to do so. For example, in Teams communications such as chat or channel messages, when a user sends a file to another user, the document that is attached to the message is no longer the static, stand-alone file.Rather, it is a modern attachment, a link to the document that resides in the sender's OneDrive. This can beg questions as to which version was reviewed by whom and when it was reviewed. Careful consideration of versioning and all metadata and properties will be of the utmost importance during this process, and will require someone on board who understands the infrastructure and implications of those functions.The type of knowledge required to effectively handle collection and production of data generated by the specific tools an organization uses will be extremely important to the success of any litigation or investigation. Organizations can begin planning for success by proactively seeking out eDiscovery vendors and counsel that have experience and expertise handling the specific type of collaboration tools that the organization currently uses or is planning on deploying. Once selected, these external experts can be engaged early, prior to any litigation or investigation, to ensure that eDiscovery workflows are in place and tested long before any production deadlines.ConclusionCloud-based collaboration tools and platforms are here to stay. Their ability to allow employees to communicate and collaborate in real time while working in a remote environment is becoming increasingly important in today's world. However, these tools inherently present eDiscovery risks and challenges for which organizations must carefully prepare. This preparation includes properly vetting collaboration tools and platforms prior to deploying them, developing and enforcing clear internal policies around their use, monitoring all system updates and changes, and engaging eDiscovery experts early in the process.With proper planning, good collaboration between IT and legal teams and expert engagement, organizations can mitigate the eDiscovery risks posed by these tools while still allowing employees the ability to use the collaboration tools that enable them to achieve their best work.Reproduced with permission. Published March 2021. Copyright © 2021 The Bureau of National Affairs, Inc.800.372.1033. For further use, please contact permissions@bloombergindustry.com.chat-and-collaboration-data; ediscovery-review; microsoft-365emerging-data-sources, blog, corporate, chat-and-collaboration-data, ediscovery-review, microsoft-365,emerging-data-sources; blog; corporatebloomberg law
July 17, 2020
Blog

Leveraging Microsoft 365 to Reduce Your eDiscovery Spend

In the early days of electronic discovery, technologies that legal teams utilized were researched and procured by specialists independent of information technology teams. Getting IT, legal, compliance, records managers, and other stakeholders to come together to discuss and strategize as a team was almost impossible. The move to the Cloud is changing that dynamic, as corporations move to address data challenges including eDiscovery, information governance, data privacy, and cybersecurity, in a more holistic fashion. When a corporation leverages Microsoft 365 (M365), they have procured a technology that not only meets their data storage requirements but provides eDiscovery, privacy, data governance, and cybersecurity features as well.With the upside that a single platform can provide, there are also challenges including the continued growth in data and new data types that M365 presents. Most eDiscovery professionals are still working to understand how to leverage the functionality in M365 and how to incorporate it into their existing program. Teams usage, for example, has risen with the addition of 31 million new users in one month when the COVID-19 pandemic first hit. Based on that statistic, it is clear that Teams is new to many professionals and eDiscovery teams need to understand how to deal with Teams data in discovery.eDiscovery features in M365 vary based on licensing, but can include data culling, data processing, and even some high-level review. The functionality in no way is an end-to-end solution for discovery. It can achieve some basic needs and other technologies are still required to address limitations in the platform.M365 is also an incredibly dynamic program. It is a challenge to track modifications and updates to the system. Organizations need to invest in personnel to test their M365 environment proactively to identify potential issues that could occur in the discovery process, understand limitations, and capture benchmarking data on the time and effort certain tasks can take in the system. This information should be discussed with legal teams, as it can impact their discovery negotiations and should be considered for proportionality assessments. It’s vitally important to train internal and external legal teams on the capabilities and the limitations of the technologies.Keeping pace with M365 often requires multiple resources. Consider having a dedicated team to test the new tools and ensure any new updates get incorporated back into your workflows. Reach out to your peers at other organizations to learn from their experiences with the tool. Working with service providers who have deep expertise in the tool and the roadmap is extremely beneficial. Microsoft is open to receiving feedback on your experiences outside of simply support tickets. In fact, there is a formal design change request option available to M365 users. Contact your Microsoft representative to learn more about that alternative.When it comes to leveraging M365 for eDiscovery, keep these key takeaways in mind:The explosion of data, new technology, and cybersecurity risks have all led to a continual evolution of the M365 tool.Staying up to date with these continuous evolutions can be a challenge, be sure to (1) have dedicated resources to test new capabilities and report back; and (2) ensure these new updates get incorporated into training and workflow documentation.Train both your internal and external teams on your M365 needs.Collaborate with your various partners (i.e. providers, third-party vendors, outside counsel, etc.).To discuss this topic further, please feel free to continue the discussion by emailing me at PHunt@lighthouseglobal.com.microsoft-365; information-governance; chat-and-collaboration-data; legal-operationsmicrosoft, legal-ops, blog, microsoft-365, information-governance, chat-and-collaboration-data, legal-operationsmicrosoft; legal-ops; blogpaige hunt
November 6, 2020
Blog

Case Preparation - Thinking out Loud! Summarized…

Long gone are days when the majority of discovery records were kept in paper format. Documents, invoices, and other related evidence needed to be scanned and printed in the tens (if not hundreds) of thousands. Today, a huge number of discovery efforts (internal or external) revolve around digital content. Ergo, this article will highlight the collection of digital evidence and how to best prepare your case when it comes to preservation and collections as well as processing and filtering.But, before we get into that, one of the core factors to keep in mind here is time, which will always be there irrespective of what we have at hand. It is especially complicated if multiple parties are involved, such as vendors, multiple data locations, outside counsels, reviewers, and more. For the purposes of this blog, I have divided everything into the following actionable groups - preservation and collection as well as processing and filtering.Preservation and CollectionIn an investigation or litigation there could be a number of custodians involved, for example, people who have or had access to data. Whenever there are more than a handful of custodians the location may vary. It is imperative to consider where and what methods to use for data collection. Sometimes an in-person collection is more feasible than a remote collection. Other times, a remote collection is the preferred method for all those concerned. A concise questionnaire along with answers too frequently asked questions is the best approach to educate the custodian. Any consultative service provider must ensure samples are readily available to distribute that will facilitate the collection efforts.Irrespective of how large the collection is, or how many custodians there are, it is best to have a designated coordinator. This will make the communication throughout the project manageable. They can arrange the local technicians for remote collections and ship and track the equipment.The exponential growth in technology presents new challenges in terms of where the data can reside. An average person, in today’s world, can have a plethora of potential devices. Desktops and laptops are not the only media where data can be stored. Mobile devices like phones and tablets, accessories such as smartwatches, the IoT (everything connected to the internet), cars, doorbells, locks, lights…you name it. Each item presents a new challenge and must be considered when scoping the project.User-generated data is routinely stored and shared on the Cloud using a variety of platforms. From something as ancient as email servers to “new” rudimentary storage locations, such as OneDrive, Google Drive, Dropbox, and Box.com. Others include collaborative applications, such as SharePoint, Confluence, and the like.Corporate environments also heavily rely on some sort of common exchange medium like Slack, Microsoft Teams, and email servers. These applications also present their own set of challenges. We have to consider, not just what and how to collect, but equally important is how to present the data collected from these new venues.The amount of data collected for any litigation can be overwhelming. It is imperative to have a scope defined based on the need. Be warned, there are some caveats to setting limitations beforehand, and it will vary based on what the filters are. The most common and widely acceptable limitation is a date range. In most situations, a period is known and it helps to set these parameters ahead of time. In doing so, only the obvious date metadata will be used to filter the contents. For example, in the case of emails, you are limited to either the sent or received date. The attachment's metadata will be ignored completely. Each cloud storage presents its own challenges when it comes to dates.Data can be pre-filtered with keywords that are relevant to the matter at hand. It can greatly reduce the amount of data collected. However, it is solely dependent on indexing capabilities of the host, which could be non-existent. The graphical contents and other non-indexable items could be excluded unintentionally, even if they are relevant.The least favored type of filter among the digital-forensics community is a targeted collection, where the user is allowed to guide where data is stored and only those targeted locations are preserved. This may not be cost effective, however, it can restrict the amount of data being collected. This scope should always be expected to be challenged by other parties and may require a redo.Processing and FilteringOnce the data collected goes through the processing engine the contents get fully exposed. This allows the most thorough, consistent, and repetitive filtering of data. In this stage, filtering relies on the application vetted by the vendor and accompanied by a process that is tested, proven, and updated (when needed).The most common filtering in eDiscovery matters is de-NIST-ing, which excludes the known “system” files from the population. Alternatively, an inclusion filter can be applied, which only pushes forward contents that typically a user would have created, such as office documents, emails, graphic files, etc. In most cases, both de-NIST-ing and inclusion filters are applied.Once the data is sent through the meat grinder (the core processing engine) further culling can be done. At this stage, the content is fully indexed and extensive searches and filters will help limit the data population even further to a more manageable quantity. The processing engine will mark potentially corrupt items, which are likely irrelevant. It will also identify and remove any duplicate items from all collected media from the entire matter data population. Experts can then apply relevant keyword searches on the final product and select the population that will be reviewed and potentially produced.I hope this article has shed some light on how to best prepare your case when it comes to preservation and collections as well as processing and filtering. To discuss this topic further, please feel free to reach out to me at MMir@lighthouseglobal.com.digital-forensics; information-governance; chat-and-collaboration-datacollections, ediscovery-process, preservation-and-collection, processing, blog, digital-forensics, information-governance, chat-and-collaboration-data,collections; ediscovery-process; preservation-and-collection; processing; blogmahmood mir
September 30, 2020
Blog

Cloud Based Collaboration Tools are not Just Desirable, but Necessary for Keeping Workforces Productive

Below is a copy of a featured article written by Denisa Luchian for The Lawyer.com, where she interviews Lighthouse's Matt Bicknell. Lighthouse business development director EMEA Matt Bicknell talks to The Lawyer about how in today’s remote environment, cloud based collaboration tools are not just desirable but a necessity – but also the challenges they pose for eDiscovery processes.What is the driving force behind the massive migration to cloud-based environments over the last few years?There are a few factors at play here. Prior to the Covid-19 pandemic, companies were already moving their data to the Cloud (both public and private) in droves, in order to take advantage of unlimited data capacities and drastically lower IT overhead. The move to the Cloud is also being driven by a younger workforce that feels at home working with cloud-based chat and collaboration tools, like M365 or G-Suite. However, the worldwide shift to remote work due to the pandemic really broke the dam when it comes to cloud migration. We’ve seen a seismic shift to cloud-based tools and environments since March of 2020. In a completely remote environment, cloud-based collaboration tools are not just desirable, they are necessary to keep workforces productive. Migrating to the Cloud can greatly reduce the need for workers to be physically present in an office building.What are some of the challenges that cloud migration can pose to the eDiscovery process?Unlimited storage capacity at low cost can be a great thing for an organisation’s bottom line, but can definitely cause issues when it comes time to find and collect data that is needed for a litigation or investigation. Search functions built for cloud-based tools are often built for business use, rather than for the functionality that legal and compliance teams require in order to find relevant information. In addition, collecting and producing from collaboration tools like Teams or Slack can be much more complicated than a traditional email collection. Relevant communications that previously would have happened over email now happen over chat, through emoticon reactions, or through collaboratively editing a document. All of this relevant data may be stored in several different places, in a variety of formats within the Cloud. Even attachments are handled differently in cloud-based applications – instead of sending a static document as an attachment via email, Teams defaults to sending a link to the document in Teams. This means that the document could look significantly different at the time of collection than it did when the link was sent. Collecting from those types of sources, producing them in a format that makes sense to a reviewer/opposing counsel, and accounting for all the dynamic variables can be a difficult hurdle to overcome if the organisation hasn’t planned for it.How can companies prepare for eDiscovery challenges in a cloud environment?First, make sure compliance, legal and IT all have a seat at the table and have input into decisions that may affect their workflows and processes. Understand where your data resides and have effective retention, data governance, and compliance policies in place. Your policies should spell out which cloud-based applications employees may use and also have rules in place regarding how they can be used and where work product should be stored. Understand your legal hold policy and what type of data it encompasses. Make sure you have the right talent (either within your organisation or through a vendor) who understands the underlying architecture behind Teams, G-Suite, or any other cloud-based tool your organisation uses and also knows how to collect relevant information when needed. Ensure that your IT team or vendor has a system in place to monitor application and system updates. Cloud-based updates can roll out on a weekly basis; those changes may significantly impact the efficacy of your data retention and collection policies and workflows.As cloud technology continues to evolve, what does the future hold for eDiscovery? Because of the near endless storage capacity of the Cloud, the amount of data companies generate will just continue to exponentially expand. As a result, the technology behind AI and analytics will continue to improve, and those tools will eventually be less of an option to use in certain matters and more of a necessity to use for most matters. I also think as more companies feel comfortable moving their data to the Cloud, we will start to see more and more of these companies bring their eDiscovery programs in house. Vendors are already beginning to offer subscription-based, self-service, spectra eDiscovery programs which hand over the eDiscovery reigns to the organisation, while the vendor stores and manages the data in the Cloud (both public and private). This type of service allows companies to eliminate the middleman, control their own eDiscovery costs, and easily scale up or down to meet their own needs, while leaving the burden of data storage security and maintenance with the vendor. Finally, look for vendors to start offering subscription-based services to help organisations manage the near-constant stream of application and system updates for cloud-based services.microsoft-365; chat-and-collaboration-data; information-governancemicrosoft, cloud, g-suite, blog, microsoft-365, chat-and-collaboration-data, information-governance,microsoft; cloud; g-suite; blogthe lawyer
May 18, 2022
Blog

IT at the Helm: Change Management for Cloud-Based SaaS is Key to Minimizing Risk

Cloud computing dates to the mid-1990s – so why is this relatively old concept still such a hot topic? Haven’t we figured it all out by now? And isn’t the benefit of today’s SaaS cloud environments that someone else, namely the SaaS provider, handles software management? What else is there to figure out? Having spent the last several months talking to legal, compliance, and IT professionals about their Microsoft 365 environments, I am confident that there is still a lot that corporate IT departments are grappling with. In fact, a recent survey conducted by Lighthouse of 106 IT managers and executives found that although most organizations had a change management process in place for on-premises feature updates and upgrades, and most organizations planned to have change management in place for enterprise-wide SaaS technology updates in the next five years, only 16% had something in place today.[1] To better harness this technology as it continues to evolve and to minimize risks along the way, it’s important to understand why these change management gaps exist, what their impact is, and how legal and IT teams can work together in new ways to close them.Managing the Evolution of SaaSThe adoption of enterprise SaaS cloud technologies has only become prevalent in the last decade and growth has skyrocketed over the last couple of years. In fact, Microsoft 365 had 23.1 million consumer subscribers five years ago (Fiscal Year 2016) and that number has grown to 58.4 million. As such, IT organizations have not had to support SaaS enterprise offerings at scale until very recently and today most IT departments are supporting both on-premises and SaaS cloud environments. The first priority in supporting this explosive adoption was to implement and migrate over to the new system. It is only recently that focus has shifted toward governance and processes around these systems.Even with a newer focus on process, one of the touted benefits of SaaS cloud technology is less maintenance and software support by the in-house IT team. Of course, there is the need to set up process to resolve user questions and to ensure systems have been set up to facilitate the business running properly. But, planning and executing hardware or software upgrades is mostly managed by a third-party provider so there is not an urgent need to set up robust change management. In addition, the old change management process where major developments are analyzed, tested, and timed for deployment to desktops still applies to Microsoft 365.However, using the old process for new applications can have drawbacks. First, not all updates that Microsoft or others make are configurable updates where there is a choice on how, and whether, to implement. Second, if users are logging into a web environment (as opposed to desktop apps), IT teams don’t necessarily have control over the version their users are utilizing. Finally, given that most organizations have differing levels of IT permissions, meaning some groups are upgraded sooner than others, teams must move quickly to handle unpredictable and varied update schedules. With the speed and variability of new feature updates, the old process may not be agile enough to handle them. The differences between SaaS and on-premises environments (where you have full control of the upgrade schedule) can leave some gaps even when organizations review, analyze, and test the roadmap and updates from the Microsoft Message center.The old process often fails to prepare the business for these changes because IT, legal, and other teams are not always communicating about the broader risk or implementation implications. Because the IT team is focused on availability and scalability, it often misses how certain changes can introduce business risks outside of their ken. Solely relying on IT professionals to determine the broader impact of updates can mean that business, regulatory, and other risks outside of IT’s awareness are overlooked.Measuring the Impact of UpdatesWhether these management gaps are tolerable is a risk decision that each organization must make—one that can put the user experience in tension with a developed IT process. In discussions with legal, compliance, and information governance professionals that focus on SaaS services, handling the cadence and speed of these updates is a concern that keeps them up at night. But, quickly providing users new features has considerable benefits for the business too. It’s important for IT to prioritize ensuring that users can access their business data and that the business can continue without interruption over cumbersome update management.When weighing these risks and benefits it’s important to fully appreciate their potential impacts. An example of where these priorities conflict is highlighted in a change around Microsoft Teams meeting transcripts. In March 2021, Microsoft made an update that allows for a live transcript of certain Teams meetings. In November 2021, Microsoft expanded that functionality to Teams Channel meetings and upgraded the features of live transcripts to include name attribution to the speaker. This is helpful functionality for users and, given that it is an automatic upgrade, there may be little to do from an IT perspective. From a risk and legal perspective, however, there are a couple of key considerations. First, where is the transcript stored after the meeting and do retention policies apply? Second, is the data subject to ongoing regulatory or litigation requests and how is it accessed? The answers to those questions are complicated by the fact that the location of the data depends on whether a user downloaded the transcript after the meeting. Many IT organizations caught this change by reviewing the Microsoft Message center for updates—and in doing their own testing they determined that disabling the functionality was the best course of action. This was an update with obvious data ramifications that outweighed the potential benefits in a risk assessment from both IT and legal. For updates that are less obvious, IT may not have consulted legal. For updates where the value to users may seem to outweigh the risk, where the risks aren’t initially apparent, or when there are no configuration options—IT may have a more challenging decision to make.Reimagining a Change Management ProcessHaving a cross-functional framework in place to discuss and implement these types of updates is key to managing changes. Many organizations have some sort of accountability in place around updates—an individual or group of people are responsible for reviewing the Microsoft Message center. Although this structure is lower in cost and requires fewer resources, it has a few drawbacks. First, if only IT is involved, you may have only one perspective on the impacts of updates and that can be too narrow to determine the effects on the broader business. Second, many organizations do not have a tracking mechanism to determine what Microsoft updates they have read, evaluated, tested, and taken action against. With dozens of messages, many of which don’t need action, it is easy to lose track of what has been evaluated. Finally, if there isn’t clear accountability with dedicated resources the process can lose legitimacy and fail. Organizations who choose to minimize their business risk do not have to put in place a heavy structure to manage updates. In fact, the process around on-premises software upgrades can easily be adapted to the cloud situation.The single most important thing that an IT team can do for an effective SaaS support practice is to adapt and enforce existing change management and organizational controls. More specifically, IT organizations should consider:Dedicating a resource to track and review changes from service and cloud providers to ensure updates and changes are properly evaluated for risk and business continuity.Relying on a robust change management system with stakeholders throughout the organization to provide clearly articulated approval, risk identification, testing, and risk management.Partnering with your compliance team to ensure adherence to governance frameworks, organizational commitments, and client requirements. The compliance function is trained to manage risk and is uniquely chartered with authority and independence with a company’s governing body.Collaborating with legal. Lawyers are trained to spot issues and manage risk for the entire business. Often times, individual departmental stakeholders are responding to team-level incentives. Legal teams are also learning to adapt their governance structures to evolving cloud solutions.Leveraging the Project Management Office to ensure that stakeholders and risks are identified at the start of any specific project (i.e., measure twice, cut once).One of the most effective ways to get the right stakeholders’ input is to create a Change Approval Board (“CAB”) with subject matter experts from every business group to meet on a periodic basis. The CAB provides a framework that ensures IT has input from across the business while still giving it the opportunity to own and manage the support of the software.One of the benefits of SaaS technologies is the ability to utilize and optimize with the newest features and to take some of the hardware management burden off IT. By putting in place a cross-functional team to review and manage the update process, you can mitigate your organizational risk while allowing users take full advantage of the benefits.[1] In February 2022, Lighthouse surveyed 106 IT managers or above who had Microsoft on-premises and now have Microsoft 365. The survey found that only 16% had implemented a change management process for M365 and 62% of organizations planned to implement one in the next 5 years.microsoft-365; chat-and-collaboration-data; information-governancemicrosoft, cloud-migration, cloud-services, blog, microsoft-365, chat-and-collaboration-data, information-governance,bloglighthouse
February 24, 2021
Blog

AI and Analytics: Reinventing the Privilege-Review Model

Identifying attorney-client privilege is one of the most costly and time-consuming processes in eDiscovery. Since the dawn of the workplace email, responding to discovery requests has had legal teams spending countless hours painstakingly searching through millions of documents to pinpoint attorney-client and other privileged information in order to protect it from production to opposing parties. As technology has improved, legal professionals have gained more tools to help in this process, but inevitably, it still often entails costly human review of massive amounts of documents.What if there was a better way? Recently, I had the opportunity to gather a panel of eDiscovery experts to discuss how advances in AI and analytics technology now allow attorneys to identify privilege more efficiently and accurately than previously possible. Below, I have summarized our discussion and outlined how legal teams can leverage advanced AI technology to reinvent the model for detecting attorney-client privilege.Current Methods of Privilege Identification Result in Over IdentificationCurrently, the search for privileged information includes a hodgepodge of different technology and workflows. Unfortunately, none of them are a magic bullet and all have their own drawbacks. Some of these methods include:Privilege Search Terms: The foundational block of most privilege reviews involves using common privilege search terms (“legal,” “attorney,” etc.) and known attorney names to identify documents that may be privileged, and then having a review team painstakingly re-review those documents to see if they do, in fact, contain privileged information.‍Complex Queries or Scripts: This method builds on the search term method by weighting the potential privilege document population into ‘tiers’ for prioritized privilege review. It sometimes uses search term frequency to weigh the perceived risk that a document is privileged.‍Technology Assisted Review (TAR): The latest iteration of privilege identification methodologies involves using the TAR process to try to further rank potential privilege populations for prioritized review, allowing legal teams to cut off review once the statistical likelihood of a document containing privilege information reaches a certain percentage.Even applied together, all these methodologies are only just slightly more accurate than a basic privilege search term application. TAR, for example, may flag 1 out of every 4 documents as privilege, instead of the 1 out of every 5 typically identified by common privilege search term screens. This result means that review teams are still forced to re-review massive amounts of documents for privilege.The current methods tend to over-identify privilege for two very important reasons: (1) they rely on a “bag of words” approach to privilege classification, which removes all context from the communication; (2) they cannot leverage non-text document features, like metadata, to evaluate patterns within the documents that often provide key contextual insights indicating a privileged communication.How Can Advances in AI Technology Improve Privilege Identification MethodsAdvances in AI technology over the last two years can now make privilege classification more effective in a few different ways:Leveraging Past Work Product: Newer technology can pull in and analyze the privilege coding that was applied on previous reviews, without disrupting the current review process. This helps reduce the amount of attorney review needed from the start, as the analytics technology can use this past work product rather than training a model from scratch based on review work in the current matter. Often companies have tens or even hundreds of thousands of prior privilege calls sitting in inactive or archived databases that can be leveraged to train a privilege model. This approach additionally allows legal teams to immediately eliminate documents that were identified as privileged in previous reviews.Analyzing More Than Text: Newer technology is also more effective because it now can analyze more than just the simple text of a document. It can also analyze patterns in metadata and other properties of documents, like participants, participant accounts, and domain names. For example, documents with a large number of participants are much less likely to contain information protected by attorney-client privilege, and newer technology can immediately de-prioritize these documents as needing privilege review.Taking Context into Account: Newer technology also has the ability to perform a more complicated analysis of text through algorithms that can better assess the context of a document. For example, Natural Language Processing (NLP) can much more effectively understand context within documents than methods that focus more on simple term frequency. Analyzing for context is critical in identifying privilege, particularly when an attorney may just be generally discussing business issues vs. when an attorney is specifically providing legal advice.Benefits of Leveraging Advances in AI and Analytics in Privilege ReviewsLeveraging the advances in AI outlined above to identify privilege means that legal teams will have more confidence in the accuracy of their privilege screening and review process. This technology also makes it much easier to assemble privilege logs and apply privilege redactions, not only to increase efficiency and accuracy, but also because of the ability to better analyze metadata and context. This in turn helps with privilege log document descriptions and justifications and ensuring consistency. But, by far the biggest gain, is the ability to significantly reduce costly and time-intensive manual review and re-review required by legal teams using older search terms and TAR methodologies.ConclusionLeveraging advances in AI and analytics technology enables review teams to identify privileged information more accurately and efficiently. This in turn allows for a more consistent work product, more efficient reviews, and ultimately, lower eDiscovery costs.If you’re interested in learning more about AI and analytics advancements, check out my other articles on how this technology can also help detect personal information within large datasets, as well as how to build a business case for AI and win over AI naysayers within your organization.To discuss this topic more or to learn how we can help you make an apples-to-apples comparison, feel free to reach out to me at RHellewell@lighthouseglobal.com.ai-and-analytics; chat-and-collaboration-data; ediscovery-reviewprivilege, analytics, ai-big-data, blog, ai-and-analytics, chat-and-collaboration-data, ediscovery-review,privilege; analytics; ai-big-data; bloglighthouse
June 29, 2021
Blog

An Introduction to Managing Microsoft 365 Updates that Present Legal and Compliance Considerations

Increasingly, opportunities for cloud-based collaboration and efficiencies, and challenges presented by the rapid proliferation of complex data, are incentivizing organizations to transform their corporate data governance and eDiscovery operations from traditional self-managed infrastructure to the Microsoft 365 (M365) Cloud. Benefits in terms of convenience, security, robust functionality, and native capabilities related to eDiscovery and compliance are the primary drivers of this move.While there are many benefits to moving into the M365 ecosystem, it requires legal and compliance teams to take on new considerations regarding the constant evolution that characterizes cloud software. With continually changing applications, establishing static workflows for eDiscovery, legal holds, data dispositions, and other legal operations is not enough. As the M365 software and functionality changes, workflows must be constantly evaluated to ensure their validity, relevance, and defensibility.Exacerbating this challenge is the reality that the traditional IT change management paradigm designed to preemptively address cross-organizational considerations (including impacts to legal, compliance, and eDiscovery operations) does not fit the Cloud/SaaS framework. Organizations must now rethink their change management approach as they modernize with M365.This is the first in a series of blog posts devoted to highlighting key changes that have been released into the M365 production environments. One of the biggest challenges for organizations is identifying which of the myriad of updates pose potential risks to eDiscovery operations. Distinguishing the changes that do and do not pose a significant eDiscovery impact can be extremely difficult unless the reviewer has some level of subject-matter expertise and understands the specific workflows deployed within the organization. Here are some common scenarios with potential eDiscovery impact that could easily go unnoticed by the untrained eye:Updates that create a new data sourceUpdates that change a backend data storage locationUpdates altering the risk profile of features that were previously disabled due to legal / privacy riskUpdates that render an existing eDiscovery process obsoleteEach subsequent blog post in this series will highlight an example of a software update related to our key software scenarios, detailing the nature of the change, the potential impact, as well as when and why organizations should care.microsoft-365; chat-and-collaboration-data; information-governancemicrosoft, compliance-and-investigations, blog, cloudcompass, advisory-services, microsoft-365, chat-and-collaboration-data, information-governance,microsoft; compliance-and-investigations; blog; cloudcompass; advisory-serviceslighthouse
No items found. Please try different search parameters.