Survey says… New trends from corporate in-house counsel

Recently, Kroll and Kroll Ontrack surveyed over 170 corporate in-house counsel to share their perspectives on modern legal challenges facing organizations. We asked about some of the most pressing issues – from big data and compliance to fraud and cyber security – to uncover some striking corporate counsel trends.

Benchmark your company’s legal risks: download the report!

These were just some of the questions asked:

  • What are the most pressing legal issues facing your corporation?
  • Does your company have a data breach or incident response plan in place?
  • Does your corporation have an information governance program in place?
  • How frequently do you discuss data security issues with your organization’s head of technology?

The key findings in this 2016 Corporate Risk Survey indicate that organizations are making noteworthy strides as the result of new risks facing the enterprise. Nevertheless, the survey also reveals that organizations have additional room to evolve if they seek to combat these modern risks in an efficient, cost-effective manner. Some of the in-house counsel findings include:

  • Only 41% report that their company’s Incident Response plan is regularly updated and tested.
  • 20% indicate that they never discuss data security issues with their organization’s head of technology.
  • 73% believe that they do not have an effective Information Governance (IG) program in place to deal with skyrocketing data volumes.

Want to see how your organization compares? Click here to answer seven of the questions we asked in-house counsel, then download a copy of the report summarizing key findings.

April 2016 Ediscovery Case Summaries

April 2016 ediscovery case summaries

Failure to Stop Automatic Deletion of Text Messages Does Not Merit Sanctions
Living Color Enters., Inc. v. New Era Aquaculture, Ltd., 2016 WL 1105297 (S.D. Fla. Mar. 22, 2016)

Court Denies Plaintiffs’ Motion to Compel the Production of Documents from Defendant’s Overseas Manufacturer
Grayson v. Gen. Elec. Co., 2016 WL 1275027 (D. Conn. Apr. 1, 2016)

Court Compels Production of Database for Forensic Metadata Analysis
Thorne Research v. Atlantic Pro-Nutrients, 2016 WL 1122863 (D. Utah Mar. 22, 2016)

Case and Sanctions Dismissed in Light of New Evidence
CAT3, LLC v. Black Lineage, Inc., No. 14 Civ. 5511 (S.D.N.Y. Apr. 4, 2016)

Claims of Lightning Strike and Power Surge Fail to Protect Against Sanctions
InternMatch v. Nxtbigthing, 2016 WL 491483 (N.D. Cal. Feb. 8, 2016)

UK High Court Approves the Use of Predictive Coding in Litigation

UK Predictive Coding

Legal technology providers in the UK have a lot to celebrate as the English High Court recently approved the use of predictive coding for disclosure in litigation.

The judgment, handed down by Master Matthews in Pyrrho Investments Ltd. v. MWB Property Ltd. [2016] EWHC 256 (Ch), gave official judicial authorization for the use of predictive coding in High Court proceedings. Summing up his decision, Master Matthews stated that predictive coding is just as accurate, if not more so than a manual review using keyword searches, mirroring the sentiments shared by Judge Peck’s 2012 opinion in Da Silva Moore v. Publicis Groupe regarding the appropriateness of predictive coding and its potential benefits. Master Matthews also estimated that predictive coding would offer significant cost savings in this particular case and that the possible disclosure of over two million documents done via traditional manual review would be disproportionate and “unreasonable.”

To read a short summary of the judgment, please click here, or read the judgment in full here.

Predictive Coding Goes Global

Predictive coding has become a global phenomenon over the past few years. The United States and Ireland have led the way in giving judicial approval to predictive coding, with Judge Peck’s Da Silva Moore opinion setting the predictive coding tone in 2012. Since then, the United States has continued to adopt the use of predictive coding, with a number of substantive cases further establishing its use. Ireland recently embraced predictive coding as well in the 2015 Irish Bank Resolution Corporation Ltd & ors v. Quinn & ors case holding that, in the discovery of large data sets, technology-assisted review using predictive coding is at least as accurate as, and probably more accurate than, the manual or linear method of identifying relevant documents. Not surprisingly, the Pyrrho judgment in the UK references these cases in detail.

Combatting Predictive Coding Objections

Despite these cases and the ever-increasing sophistication of the technology itself, the UK law community has been somewhat reluctant to make use of the technology, as explored in this study by Kroll Ontrack Legal Consultant and former litigation lawyer Hitesh Chowdhry. In Chowdhry’s white paper, “Rage against the Machine; Attitudes to Predictive Coding Amongst UK Lawyers,” he notes that his study revealed that the main barriers to adopting predictive coding technology were:

  • Risk aversion and mistrust of the technology’s accuracy
  • Belief that predictive coding would have a negative effect on revenue
  • Satisfaction with existing methods and a belief that existing practices offered more accuracy than studies have suggested
  • Insufficient understanding and knowledge of the complex predictive coding process
  • Diffusion among professionals

The UK Pyrrho judgment counters many of the fears uncovered in Chowdhry’s study by stating that the technology is accurate and offers cost savings. The efficiency of TAR and the cost savings offered by predictive coding will undoubtedly be popular with clients and potentially will give a competitive edge in winning work. Hopefully, this ruling will encourage more UK firms to take advantage of the benefits offered by predictive coding.

For more information about this technology, read Kroll Ontrack’s e-book, “Mastering Predictive Coding: The Ultimate Guide.”

Never Second Guess a Second Request

Second Request

Massive mergers are never a simple matter for organizations and their antitrust attorneys. The Second Request process can be a major burden for merging organizations since it requires that companies review, analyze and produce massive volumes of data in what can be a very short amount of time. If that doesn’t already cause panic, keep in mind that failing to fully comply can lead to substantial civil penalties and even the rejection of the merger transaction.

While Second Requests are a daunting task for any antitrust lawyer, my colleagues John D. Pilznienski and Sheldon A. Noel recently discussed the requirements counsel must meet to comply with a Second Request and how utilizing analytics like predictive coding can help simplify the process. The article written by Pilznienski and Noel, “Never Second Guess a Second Request: Leveraging Predictive Coding for Reviewing Documents in Antitrust Matters,” appeared in the March 2016 edition of Digital Discovery & e-Evidence, a Bloomberg BNA publication.

Read the article: Never Second Guess a Second Request

What is a Second Request?

For those of you not intimately aware of the corporate merger process, a Second Request is the issuance of a request by the Department of Justice (DOJ) or Federal Trade Commission (FTC) for “additional information and documentary material relevant to the proposed acquisition.” When corporations intending to merge meet a certain financial threshold, their proposed merger is subject to review by federal antitrust agencies. If the DOJ or FTC determines that more information is needed to ensure that there is no violation of federal antitrust laws during the initial review, they can request more information from the merging corporations. These requests can be extremely broad, requiring extensive resources, time and manpower to collect, process and produce the relevant documents and data.

Second Requests, Ediscovery and Predictive Coding: A Case Study

As discussed in the article by Pilznienski and Noel, in a recent technology sector merger the two companies utilized Kroll Ontrack’s predictive coding technology and review platform to respond to an FTC Second Request. The merger presented a number of hurdles – a large data set, multiple jurisdictions, complicated review guidance based on the document requests and an unexpectedly short production deadline – all of which were easily overcome by leveraging predictive coding. From the approximately 600,000 searchable documents, a random sample of approximately 2,300 documents was generated, sampled at a 95% confidence level and a 2% margin of error.  After applying a variety of review methods, the most relevant documents were reviewed first, aiding the merging companies in meeting the FTC’s deadline and significantly reducing the costs of review.

Be sure to read the full article, Never Second Guess a Second Request: Leveraging Predictive Coding for Reviewing Documents in Antitrust Matters, for a more in-depth discussion on the application of predictive coding to the Second Request process.

April Webinar: Got Data? Analytics to the Rescue!

Got Data Analytics to the Rescue

On April 19, 2016 join Kroll Ontrack experts Cathleen Peterson and Jim Sullivan, along with Kiriaki Tourikis from JP Morgan, as they discuss data analytics as both the lifeblood powering critical business operations and the kryptonite preventing the business from flexing its muscle. When investigations, litigation or compliance matters strike, organizations and their counsel that leverage analytics are more likely to win.

Register for the Data Analytics webinar today!

This session will feature hypothetical scenarios to explain the various analytics tools and how they fit into a case, data breach or investigation. At the end of the session, participants will understand how analytics can help:

  • Map the data collection and explore key points and related themes
  • Identify key players, timelines and communication patterns
  • Mine data for Personally Identifiable Information (PII)
  • Find redundant information and remove non-relevant, junk data

Plus Check Out These 2016 Webinar Recordings

Click the links below to watch Kroll Ontrack experts and panelists discuss the FRCP amendments and “dark data.”

January 2016: 2015 Year in Review: Ediscovery Case Law and Rules
February 2016: Turning on the Lights in a [Dark] Data Room

March 2016 Ediscovery Case Summaries

April 2016 ediscovery case summaries

Defendants’ Proposal to Redact Irrelevant Information Upheld under Newly Amended Rule 26
In re Takata Airbag Prods. Liab. Litig., MDL No. 2599 (S.D. Fla. Mar. 1, 2016)

Not All Documents from Agreed-Upon Search Terms Required to be Produced
Gardner v. Continental Cas. Co., 2016 WL 155002 (D. Conn. Jan. 1, 2016)

Court Denies Motion to Compel In Part Based on Newly Amended Proportionality
Wilmington Trust Co. v. AEP Generating Co., 2016 WL 860693 (S.D. Ohio Mar. 7, 2016)

Court Denies Motion to Compel Additional Email Searches on Proportionality Grounds
Moore v. Lowe’s Home Centers, LLC, 2016 WL 687111 (W.D. Wash. Feb. 19, 2016)

Adverse Inference Instruction Issued in Light of Newly Amended Rule 37(e)
Brown Jordan Int’l v. Carmicle, 2016 WL 815827 (S.D. Fla. Mar. 2, 2016)

Special International Case Summary

UK Court Approves Predictive Coding for First Time
Pyrrho Investments Ltd. V. MWB property Ltd. [2016] EWHC 256 (Ch)

Discovery Implications of the EU Data Protection Regulation

Passport

RMP_D_15

A recent article by my Kroll Ontrack colleagues from across the pond, Lawrence Ryz and Tracey Stretton, details the new EU Data Protection Regulation, which aims to solidify and unify the European Union’s data protection laws. As the Regulation takes effect, American companies with operations or customers in the EU will soon find themselves having to comply witl_ryz2015h a new set of laws.

US Discovery and EU Privacy Collide

In US litigation, the fundamental principle of broad discovery conflicts with the wide-ranging privacy framework of the European Union. US civil litigation under the Federal Rules of Civil Procedure (FRCP) is premised on the idea that expansive pre-trial discovery cuts to the heart of a dispute because it allows judges to focus on the legal issues with a well-developed record. European law is founded on the idea that citizens have a broad right to privacy, with little government intervention. The strengthened Regulation prohibits the transfer of any personal data processed in the European Union to a country whose privacy laws are considered inadequate by the EU’s determination such as the United States, which poses a significant conflict with US discovery obligations.

EU Gains Sword to go with its Shield

The extraterritoriality of the new Regulation is particularly worrisome for discovery in the United States. While the European Union has strengthened its shield against data collectors with the Regulation, it has also equipped itself with a shiny new sword. When the fundamental principles of American discovery and European privacy collide in a US court judges must choose between adhering to the traditional discovery rules of the FRCP and respecting an EU litigant’s legitimate right to privacy. Furthermore, with the addition of pending changes to the EU-US Privacy Shield agreement (a replacement for the Safe Harbor data transfer agreement which was invalidated by the European Court of Justice last October), the landscape of international data privacy and data transfer laws grows more complex by the day.

Impact on Ediscovery Providers

The current Directive only applies to data controllers, but the Regulation introduces a number of detailed obligations and restrictions on data processors and is therefore likely to have a significant impact on ediscovery providers and those that engage them. In the future, penalties can be imposed on data processors that do not comply with their new responsibilities and, if they act outside of the instructions received from data controllers, they could be held to be joint controllers subject to higher standards of accountability. The new obligations include the following:

  • Maintain documentation about the processing operations under their responsibility
  • Implement appropriate security measures
  • Carry out data protection impact assessments
  • Obtain prior authorization or undertake prior consultation
  • Comply with the international data transfer requirements
  • Cooperate with a supervisory authority

For more on the new EU Data Protection Regulation and its impact, be sure to read the full article, EU Data Protection Gains a Sword to go with its Shield.

Explore the Global Expansion of Ediscovery

Global ediscovery

Ediscovery is in the midst of global change. Even for countries with legal frameworks that don’t require parties to disclose electronic documents, global ediscovery is emerging as a critical component of business and corporate governance.

Kroll Ontrack experts created a new, interactive map to help you explore global ediscovery insights. Organized by nation and theme, Ediscovery Goes Global: 2016 Trends” explores the influence of data privacy laws and regulations, cyber security concerns, advancements in computer forensics and the evolution of technology assisted review around the world.

  • Have you ever wondered what the largest emerging market in ediscovery is?
  • How, why and when does ediscovery activity increase in the Netherlands?
  • Where is the use of predictive coding expanding?
  • Ever wondered how China deals with data protection and privacy in ediscovery?
  • Coming out of significant recessions, will Spain & Italy’s use of ediscovery technologies and techniques expand?
  • How do computer forensic tools influence ediscovery in France?
  • Which APAC countries are seeing the most ediscovery growth?

Click here to explore the map and learn more about trends in the hottest emerging ediscovery markets.

February 2016 Ediscovery Case Summaries

April 2016 ediscovery case summaries

Court Vacates Prior Adverse Inference Order in Light of Amended Rule 37(e)
Nuvasive v. Madsen Med., 2016 WL 305096 (S.D. Cal. Jan. 26, 2016)

Court Emphasizes Proportionality under Amended Rule 26(b)(1)
Henry v. Morgan’s Hotel Group, 2016 WL 303114 (S.D.N.Y. Jan. 25, 2016)

Court Focuses on Balance of Proportionality and Parties’ Burdens in Light of Amended Rule 26(b)(1)
ChriMar Systems v. Cisco Systems, 2016 WL 126556 (N.D. Cal. Jan. 12, 2016)

Court States that Plaintiffs’ Overly Broad Requests Do Not Justify Defendants’ Failure to Issue Litigation Hold
Stinson v. City of New York, 2016 WL 54684 (S.D.N.Y. Jan. 5, 2016)

Court Emphasizes the Importance of Proportionality and The Addition of New Proportionality Factors in Rule 26(b)(1)
Herrera v. Plantation Sweets, 2016 WL 183058 (S.D. Ga. Jan. 14, 2016)

Top Considerations When Building BYOD Policies

ediscovery

Vikas_PallIn a recent article, my Kroll Ontrack colleague Vikas Pall wrote about the growing concerns over bring your own device (BYOD) policies. Today’s employees integrate their personal and professional lives, and the use of personal devices for day-to-day employment duties has become ubiquitous. The days of doubling up on devices—one personal, one professional—are over, with BYOD policies emerging as the most enticing option for employees and companies.

 

While there are many advantages to BYOD, taking on the ambiguities and complications that can come with having employees bring their own devices to work can be a risky move if an organization fails to put a well-planned policy in place.  In his article in ILTA’s Peer to Peer magazine, Vikas outlines the top things to consider when building a BYOD policy.

#1: Assess

Crafting a well thought out BYOD policy is the key to fully utilizing its benefits, but a perfectly planned policy does not appear overnight. A policy must be effective, relatively simple and easy to follow for end users and the IT department. Communication across departments is the best way to make sure all bases are covered.

#2: Plan

Once the broad framework is in place, it is time to finalize the details of the policy. From Android to Apple phones to tablets and wearables, defining exactly what is meant by “bring your own device” is critical. Companies should be device-specific, or limit the devices, and establish a clear service policy for the list of approved BYOD devices. In the midst of planning the functional aspects of a policy, it is equally important to address employee exit strategies. BYOD policies should reference the company’s separated employee process and vice versa.

#3: Implement

To prevent data breaches or corporate hacks, specify what kinds of corporate data may be accessed on which devices and implement mobile device, data and app security measures in your BYOD policy to protect company data and confidentiality. BYOD policies should also touch on preservation and discovery in litigation. Companies can get ahead of failed preservation efforts by adding BYOD data to their ESI data maps and issuing legal hold notices to address what content must be preserved.

#4: Iterate

Companies should regularly audit the effectiveness of their BYOD policy. Look at what new technologies are available and whether they should be supported. Review the current policy points to see if anything wasn’t adopted or could be improved. BYOD polices will continue to evolve with technology and the workforce.

Be sure to read the full article, From Blurred to Secured: Four Steps to a Better BYOD Policy, for a more in-depth analysis of best practices for bring your own device policies.

 
css.php