October 2017 Ediscovery Case Summaries

Court Issues Sanctions for Loss of Cell Phone Data by Non-Party, Holding that “Control” for FRCP 37(e) Applies to Non-Parties
Ronnie Van Zant, Inc. v. Pyle, 2017 U.S. Dist. LEXIS 138039 (S.D.N.Y. Aug. 28, 2017)

Court Declines to Impose Sanctions for Litigation Hold that Gave Employees Self-Preservation Discretion
N.M. Oncology & Hematology Consultants v. Presbyterian Healthcare Servs., 2017 U.S. Dist. LEXIS 130959 (D.N.M. Aug. 16, 2017)

Citing “Reasonably Calculated” in Discovery Request is “All Too Familiar, But Never Correct”
Pothen v. Stony Brook Univ., 2017 U.S. Dist. LEXIS 146026 (E.D.N.Y. Sept. 8, 2017)

Court Emphasizes Equal Use of the Rule 26(b)(1) Proportionality Factors
Oxbow Carbon & Minerals LLC v. Union Pac. R.R., 2017 U.S. Dist. LEXIS 146211 (D.D.C. Sept. 11, 2017)

For Productions “Reasonably Usable Form” (and Not “Form Ordinarily Maintained”) Is the Standard for FRCP 34
Ortega v. Mgmt. & Training Corp., 2017 U.S. Dist. LEXIS 3861 (D.N.M. Jan. 6, 2017)

Dutch Data Discovery

The Netherlands is one of the most economically developed countries in the world. Despite being a small country in comparison to others in the EU, the Netherlands is a significant player in the banking and energy sectors and is home to some of the largest corporations in the world. The Netherlands is our next stop, as KrolLDiscovery explores ediscovery in countries around the world.

How is ediscovery unique in the Netherlands?

The Netherlands has no formal requirement for disclosure of electronic documents in legal proceedings (and thus the word “ediscovery” is not regularly used in Dutch legal circles), though international law firms use ediscovery technology in cross-border litigation. For the most part, regulatory matters are the biggest driver for Dutch law firms and corporations when it comes to using ediscovery technology.

The Dutch economy is dominated by companies operating in sectors which are frequently the subject of regulatory investigations such as energy, banking and electronic good manufacturers. Domestically, the Netherlands Authority for Consumers and Markets (ACM) has become very active and has been carrying out an increasing number of dawn raids on businesses, particularly those in the energy, automotive and telecommunications sectors. As an international business center, Dutch subsidiaries of foreign companies or Dutch multinational firms are also vulnerable to scrutiny from international regulators such as the European Commission or foreign authorities such as the U.S. Department of Justice.

This period of increased regulatory activity has caused something of a paradigm shift within Dutch companies when it comes to compliance. In the past it was more common for a reactive approach to be taken whereby companies only used ediscovery technology when under investigation. Now we are finding that companies in the Netherlands are prioritizing internal compliance and dedicating more resources and budget towards implementing schedules of compliance audits.

What data protection and privacy laws affect legal proceedings in the Netherlands?

The Dutch Personal Data Protection Act (Wet bescherming persoonsgegevens [Wbp]) was updated in January 2016. The changes include the ability to impose substantially higher fines for a broader range of violations. The update also introduces various data breach obligations, including the obligation for companies to notify the data protection authorities and affected individuals of any data breach.

Aside from the Wbp, there are other national laws that may affect ediscovery such as the Dutch Telecommunication Act (Telecommunicatiewet, implementing Directive 2002/58/EC on the protection of privacy in the electronic communications sector). Dutch law firms, corporations and ediscovery providers need to be familiar with both these laws and ready themselves for the forthcoming General Data Protection Regulation which will replace the Wbp.

Finally, many Dutch lawyers have concerns about the impact of Brexit and how it might affect transferring data between the United Kingdom and the Netherlands. At the moment, the United Kingdom is one of the Netherlands’ biggest trading partners and so regulatory and litigation cases often involve both Dutch and British companies. Depending on what happens when the United Kingdom and European Union negotiate data protection agreements, Dutch firms may begin choosing ediscovery providers who can offer local data centers or mobile ediscovery solutions to avoid the risk of breaching laws that restrict cross-border data transfers.

What are some examples of best practices for conducting ediscovery in the Netherlands?

  • Consider using a forensics expert for data collection in the Netherlands rather than in-house IT teams.
  • Understand the changes in data protection legislation and be ready for the General Data Protection Regulation.
  • Employ predictive coding technology to manage big data, particularly for competition investigations.
  • Be proactive and prepared for potential dawn raids. The Dutch competition authority is branching out from banking and casting a wider net in its investigations.

How can KrolLDiscovery help?

KrolLDiscovery is your international ediscovery resource, no matter your location on the around world. Read more about predictive coding in Australia and Ireland, ediscovery cooperation in Canada, fighting fraud in France, data protection in the UK, Japan and China, ediscovery practices in Belgium and Germany, and anti-corruption laws in Brazil.

What’s the Deal with WhatsApp? Investigating and Discovering Mobile Device Data

Julian Sheppard and Michele C.S. Lange, KrolLDiscovery, Legaltech News

Editor’s note: this article appeared in Legaltech News.

Analyzing data from mobile devices is still uncharted territory for many in Legal and IT. Accordingly, today’s modern legal and technology professionals need to brush up on all things mobile. This includes understanding where applicable data resides in a mobile device and what common challenges are associated with accessing, preserving and extracting this data.

To make things complicated, mobile devices contain more than just email, text messages and photos — all fully discoverable in litigation and ripe for investigation. Legal teams cannot forget that inter-application (“app”) chat communications may also contain relevant information. Each of these apps store content on the mobile device and function in slightly different manners, creating myriad data preservation, collection and privacy issues.

One such app taking the mobile device world by storm is WhatsApp. This article explores what legal teams need to know about accessing, preserving and extracting mobile data from WhatsApp, in light of recent news and privacy concerns.

The History of WhatsApp

WhatsApp is a stand-alone, cross-platform messaging service for mobile phones. It is marketed as being an inexpensive alternative to carrier-billed text messaging. WhatsApp functions by utilizing a mobile phone’s Internet or Wi-Fi connection. Through this connection, the WhatsApp user can send and receive text, pictures, audio or video.

WhatsApp was created in 2009 and since then has made international headlines by becoming one of the most popular standalone messaging platforms. In June 2013, WhatsApp had 250 million users and its user base keeps growing. WhatsApp’s popularity attracted the social media giant Facebook, which acquired WhatsApp in February 2014, to play a bigger role in the rapidly growing messaging market. At the time that this deal was announced, WhatsApp had 450 million users worldwide.

In 2014, WhatsApp implemented end-to-end 256-bit encryption on Android mobile phones, making it possible for secure communications. When a message is sent through WhatsApp, the messages are automatically “locked” once the user sends the message to the receiver. The message will not be “unlocked” until the receiver opens the message. This type of encryption — where the communication from sender to receiver cannot be decrypted during transit, making interception by a “middle man” virtually impossible — makes it unique from other messaging apps.

WhatsApp stresses in a statement from 2014 that not even the best hacker or the WhatsApp company itself can access and read users’ messages. In 2016, WhatsApp expanded its end-to-end encryption to other types of mobile phones beyond Android. That same year, WhatsApp decided to make a bold change to its privacy policy by modifying its terms and conditions. Unless the user does not agree to the terms and conditions, users will immediately start sharing their data with Facebook and its affiliated companies, such as Instagram. Shared data will consist of users’ phone numbers and the last time they logged onto WhatsApp. The interplay between WhatsApp’s end-to-end encryption and these new privacy terms are leaving many users wondering if WhatsApp communications are truly secure and private.

Despite the change in policy, WhatsApp remains very popular. It is particularly popular in Europe, where unlimited texting mobile plans are less common. Further, WhatsApp is seeking to shift from personal to professional use. Initially designed for personal communications, WhatsApp is trying to acquire a new user base, by having companies adopt the platform, especially if the company has BYOD (bring your own device) or COPE (corporate-owned personally-enabled) policies. Particularly, in some Eastern European countries, WhatsApp has become especially popular for secure business communications because users know it is difficult to access.

WhatsApp Data in Mobile Discovery and Investigations

Drilling into a phone’s memory to attain information, such as WhatsApp communications, requires an advanced level of expertise. This is especially true given the intricacy of the phone and the growing ecosystem of device types. Further, mobile device extraction attempts, including attempts to recover data from WhatsApp, typically require phone passwords, PINs (Personal Identification Numbers) or swipe patterns to gain access to the device. Yet, even with this information, and depending on the mobile device itself, if the message data from WhatsApp is encrypted, it may not be possible to extract the data. Thus, even though mobile phone forensics is a fairly new discipline, an investigator needs a firm grasp on both the diversity of devices available on the market and the security measures used specifically on phones if any data is to be forensically retrieved.

While WhatsApp data may be retrievable from a user’s laptop or a cloud account, these possibilities are rare. As such, it is important to understand how the data may be extracted from the mobile device itself. In any forensic investigation of a mobile device, there are factors that influence what and how much data is retrievable. These factors include: the type of mobile device; the operating system version; the version of the specific app being used; and the type of encryption.

When it comes to retrieving WhatsApp communications on mobile devices, all these factors are intertwined. For instance, extracting WhatsApp data is not the same across all devices, as there are a variety of operating systems and versions of WhatsApp. To further complicate matters, WhatsApp’s messaging options store content in different locations on different mobile devices and each device functions in a different manner.

This lack of standardization is confounding for forensic investigators and case teams involved in the matter. As such, documenting the time and date of the extraction, as well as the operating system and app versions, is critical. Finally, investigators will need the key associated with the local database, which is often inaccessible without special software, in order to decrypt WhatsApp data.

The Debate of the Backdoor and WhatsApp

Currently, there is a major debate among legal and technology professionals about whether or not WhatsApp should have a “backdoor,” likely weakening WhatsApp’s encryption. When a message is transmitted, a backdoor could be used to circumvent the need for a specific encryption key and convert the message into plain text for it to be read by a third party. Discussed below are the viewpoints of both sides discussing whether there should be a backdoor within WhatsApp.

Some security and intelligence agencies prefer WhatsApp to be modified by implementing a backdoor. They argue that this would benefit not only them, but also the public. They claim that by monitoring WhatsApp messages through the backdoor they can detect criminal and terrorist activity.

One major concern of these agencies is the fear that terrorist organizations will use WhatsApp to communicate with each other, because of the security with end-to-end encryption. As a result of WhatApp’s encryption, there has been a recent trend of terrorist organizations using WhatsApp to communicate. In March 2017, a terrorist used WhatsApp moments before carrying out on attack in Westminster, London. This recent attack, and other uses of WhatsApp, has continued to worry these agencies.

Agencies advocate that a backdoor within WhatsApp can have many benefits toward making the public feel more secure. If agencies had access to the messages within WhatsApp, it would give them an advantage to combat criminal activity and terrorist attacks. For example, British Intelligence claimed if they had the ability to read messages communicated by the terrorist back in March 2017, the attack might have been less severe. Thus, if agencies are allowed to monitor messages through WhatsApp, it may help prevent WhatsApp from becoming a safe harbor for terrorist communication.

Weakening End-to-End Encryption

Some security and intelligence agencies believe that modifying WhatsApp by creating a backdoor would be a mistake. Specifically, organizations and individuals will not know in advance whom the government will spy on when they have access to all users’ decrypted WhatsApp messages. This could impact how organizations and individuals communicate with each other.

It has been argued that implementing a backdoor will not help, but only weaken WhatsApp’s end-to-end encryption. There are other ways that agencies may be able to gain intelligence without the expense of sacrificing security, such as bugging rooms, infiltrating surveillance software, etc. Although having a backdoor is easier, it will sacrifice the security of the end-to-end encryption in WhatsApp and could become a slippery slope to backdoors in other apps.

Lastly, some analysts claim that security and intelligence agencies may have trouble monitoring WhatsApp through the backdoor. Malicious conduct may be hard to detect because of WhatsApp’s large user base and the chance of detecting criminal and terrorist activity is minimal. Further, once the public becomes suspicious that backdoors are in place, they are more likely to abandon WhatsApp for a different messaging app that does not have backdoors in place. Thus, by security and intelligence agencies diverting their attention to monitoring WhatsApp, they could lose the public’s confidence in the safety net that end-to-end encryption provides.

WhatsApp’s controversial end-to-end encryption has affected the ways legal and technology professionals access, preserve and extract this data from mobile devices. Although end-to-end encryption is complex, with help from a seasoned forensics investigator, valuable information on WhatsApp may be just a click, swipe or post beneath your fingertips.

Julian Sheppard (julian.sheppard@krolldiscovery.com) is the Director of Computer Forensics for the EMEA region of KrolLDiscovery, based in London, United Kingdom. Michele C.S. Lange, Esq. (michele.lange@krolldiscovery.com) is the Director of Thought Leadership for KrolLDiscovery, based in Minneapolis, Minn. The authors acknowledge the assistance of Christine Barry, KrolLDiscovery law clerk, for her assistance in researching and writing this article.

Inspiration & Innovation from ING3NIOUS: 3 Takeaways from NorCal 2017

Last week, I enjoyed the privilege of speaking on a panel with distinguished colleagues at the ING3NIOUS 2017 NorCal Information Governance Retreat in Carmel Valley, Calif. Our panel was appointed to discuss TAR and what we, as an industry, have learned about using it in legal matters. This session was one among a series of insightful discussions about the needs, direction, impact and practicality of technology in information governance, data security and electronic discovery. Overall, this retreat inspired, challenged and informed everyone in attendance. The scale and setting is more intimate than some other events, which resulted in a healthy exchange of ideas and challenges from experts and innovators in technology and law. Amongst the many great stories and lessons learned, I walked away from the retreat with three major observations.

#1 There’s more work to do with Technology Assisted Review.

As mentioned in my prior blog post, predictive coding and Technology Assisted Review are commonly accepted at this point. Nevertheless, stakeholders continue to evaluate, and have a healthy debate about, the conflicts and merits of related topics such as the appropriate level of disclosure and incorporation of traditional keyword search. Meanwhile, most of the technology itself has had only one major revolution in its 10 years of use. Namely, the ascent from Simple Active Learning (i.e., the first generation of predictive coding) to Continuous Active Learning. Of course, I am honored to be part of a respected and select field of leaders and innovators in predictive coding solutions to deliver these types of enhancements and much more. After synthesizing the discussion from a few of the panels at the NorCal Retreat, it is apparent that while the sufficiency of productions resulting from predictive coding endeavors remain largely unchallenged, there are a number of opportunities for on-going development and enhancement of predictive analytics, which will require a critical focus on both operability and underlying technology to maintain defensibility and enable counsel to focus on the most important content.

#2 Business processes conflict with situational nuances.

Corporate data has tremendous value to be protected and yet to be derived. In fact, there might even be an opportunity cost to not measuring and assigning an intrinsic value to the data itself. For example, consider valuation of data protected from or subject to a breach. Imagine the insurability of data itself under a commonly accepted valuation model. Meanwhile, a practical path to this idea seems as elusive as substantial application of retention policies to electronically stored information. In fact, trends and sentiments continue to suggest that information retrieval and classification are superseding data destruction priorities as search and analytics technology becomes more precise and computing capacity continues to expand. Many reasonably contend that there is risk in letting old data pile up and rightfully cite the fact that 85 percent of corporate data could be redundant, obsolete or trivial. Others contend volume should not dictate value because losing one good item amongst 20 records matters to some. All of these points demonstrate the natural and on-going tension between the demands of disputes and investigations amidst corporate governance in the information age. While information governance professionals, corporate electronic discovery managers, in-house legal operations and technology companies increasingly strive to manage legal matters and electronic discovery in a manner similar to other business processes, outside counsel cautiously, and almost unilaterally, operate around the variables and nuances of different cases and situations, strongly advocating for approaches that are tuned to the situation.

#3 We all hope and need to unify and streamline.

Despite the complications mentioned above, everyone’s strong conviction is that a more effective and consistent set of solutions can be realized. The give-and-take between customized solutions, new technology, preferred providers and pre-defined solutions means there is still a lot of opportunity along with the challenges. Each organization is aiming to adopt and provide unified processes and innovative technology with practical capabilities across the spectrum of information management, data security, case administration, project management and electronic discovery. For every firm or corporation that selects a solution, there are still others with strong preferences and compelling features and value propositions. There is a lot of room, and perhaps even an acute need, to coalesce around a more concise, stable and sustainable portfolio of technology-enabled solutions. This need will continue to ignite outstanding conferences and working groups like Ing3nious (and Sedona, ILTA, EDI, ERDM, ACEDS, IGI, WiE, etc.), where legal and technology professionals can propel the conversations and initiatives associated with these opportunities in our industry.

September 2017 Ediscovery Case Summaries

Court Orders an Aggressive Production Timeline, Citing Efficiencies of TAR
Rabin v. Pricewaterhousecoopers LLP, 2017 U.S. Dist. LEXIS 125404 (N.D. Cal. Aug. 08, 2017)

Court Puts the Brakes on Auto Manufacturer’s Proposed Discovery Protocol Involving an Onerously Restrictive Onsite Inspection
Pertile v. GM, 2017 U.S. Dist. LEXIS 141088 (D. Colo. Aug. 31, 2017)

Court Rules that Asking for Everything is Overly Broad and Unacceptable
Mirmina v. Genpact LLC, 2017 U.S. Dist. LEXIS 90422 (D. Conn. June 13, 2017)

Mere Speculation is Not Enough to Compel an Additional Search for ESI
Mirmina v. Genpact, 2017 WL 3189027 (D. Conn. July 27, 2017)

Privilege Waived as a Result of Reckless Production and Inadequate Clawback Agreement
Irth Sols. v. Windstream Commc’ns, 2017 WL 3276021 (S.D. Ohio Aug. 2, 2017)

Manage Unstructured Data with Unified Archiving: A Case Study

As data volumes grow in today’s digital workplace, so do costs and risks associated with storing large amounts of data for litigation, investigations, regulatory requests, compliance and other requirements. To address these costs and risks, organizations need one technology system to seamlessly address information management, bringing together data from disparate systems while eliminating duplicate data sets. The compliance and ediscovery challenges of one organization are documented in a recent case study, developed by ZL Technologies and KrolLDiscovery.

An Archiving Case Study

A large, international bank, based in Switzerland, operated two instances of a compliance technology solution. These compliance tools were incompatible and incapable of merging, thereby creating an unnecessarily complex compliance process. Also, the bank sought a platform that would facilitate searching for documents across the enterprise to aid in collecting and producing documents in legal discovery matters.

The bank understood that while compliance and ediscovery are often treated as separate functions, the two are closely interrelated and use much of the same data. This relationship led the bank to look for a solution that could offer a single repository for both systems in order to streamline compliance and ediscovery processes. The bank turned to KrolLDiscovery and its partner ZL Technologies to assist in implementing such a solution. Combining KrolLDiscovery’s experts in data management with ZL Technologies’ dynamic information governance platform, enables enterprises to better understand what data they have and where it resides.

The ZL solution was initially deployed in the bank’s Americas region, specifically in the United States and Canada. Once proven successful in these locales, the bank decided to launch the solution in other international locations, deploying it in its Bahamas, Europe and Asia offices. Beyond standardizing on a unified, global compliance and ediscovery technology platform, the bank also established its governance and data management principles as well as compliance and ediscovery workflows, critical goals for the global enterprise.

ZL and KrolLDiscovery: A 10+ Year Partnership

With the ZL Unified Archive platform, KrolLDiscovery helps to eliminate common business problems that go along with the unrelenting growth of data. Recently, KrolLDiscovery and ZL celebrated more than 10 years of partnership helping organizations manage unstructured data for ediscovery, compliance, records management and knowledge management.

A Taste of Ediscovery in Brazil


Brazil is the next stop on our 2017 ediscovery world tour. As the only Portuguese-speaking country in South America, Brazil has the largest population, area and economy on the continent. An increase in industrial production, consumer and business productivity, and a stable currency have set the stage for flourishing business opportunities in Brazil, accompanied by heightened volumes of litigation and investigations…ripe for the use of ediscovery technology.

Brazil’s Unique Ediscovery Conditions

Brazil is a civil law jurisdiction, where there is no procedure or requirement to use discovery-like mechanisms in legal proceedings. Additionally, the process of collecting, filtering and reviewing data is unfamiliar to Brazil’s business culture, impaired by the fact that much corporate data is in a hard copy or non-searchable digital format. Given that a considerable volume of data is not in a format that makes ediscovery processing easy and streamlined, many Brazilian corporations view ediscovery processes and expenses as difficult to justify.

This does not mean, however, that ediscovery is absent in Brazil. Collecting and processing data in Brazil is driven mainly by practical necessity due to national and international regulatory investigations, international arbitration issues, mergers and acquisitions of Brazilian companies, and out-of-country litigation extending into Brazil. In all of these legal and regulatory scenarios, Brazilian companies are benefiting from ediscovery technology. Furthermore, in 2014 Brazil passed an anti-corruption law called the “Clean Compliance Act,” compelling some corporations and their counsel to take advantage of ediscovery technology in corporate compliance efforts.

What About Data Protection and Privacy in Brazil?

Currently, Brazil does not have an extensive set of data protection or privacy laws. However, Brazilian statutory law protects narrow classifications of data. For example, the Brazilian Federal Constitution and certain regulations, such as medical rules and consumer codes, contain privacy protections. Furthermore, Brazilian law does not expressly restrict cross-border data transfer, but transferring data out of Brazil is not the norm. Also, there have been recent changes impacting the need for increased security and protection of personal data, such as the Brazilian Internet Law. Lastly, keeping up with changes in Europe and Asia, it is highly expected that Brazil will enact its first over-arching data protection law in the near future.

Around the World with KrolLDiscovery

KrolLDiscovery is your international ediscovery resource, with current information about predictive coding in Australia and Ireland, ediscovery cooperation in Canada, fighting fraud in France, data protection in the UK, Japan and China, and ediscovery practices in Belgium.

Hurricane Harvey: Helpful Tips for Handling Your Data

For what promises to be a long and catastrophic hurricane season, the wrath has just begun with Hurricane Harvey on parts of the United States.  The 2017 hurricane season is set to last until November 30 and is said to be an above-normal season for the Atlantic. According to Live Science, the region has a 70 percent chance of experiencing between 11 and 17 storms this season and between five and nine of these storms may elevate to hurricane status.

As the hurricane season lets loose, there are important steps to keep in mind to increase your odds of a successful data recovery from a wet device. Many flood victims when returning to their homes gather the items important to their lives. Eventually, they might begin to wonder if the important data stored on their electronic devices can be recovered and what they can do to help. Whether you have sacred family photos or important personal documents, understanding how to minimize the damage to your data can be helpful at this time.

We recommend that flood victims fearing loss of their vital information consider the following before assuming that the damage is permanent:

  • Never assume that data is unrecoverable, no matter what it has been through
  • Never attempt to plug in or turn on water-damaged devices
  • Do not shake, disassemble or attempt to clean any hard drive or server that has been damaged; improper handling can make recovery operations more difficult which can lead to valuable information being lost
  • Never attempt to dry water-damaged media by opening it or exposing it to heat, such as from a hairdryer
  • Do not attempt to operate visibly-damaged devices
  • Do not attempt to freeze-dry media
  • Do not use common software utility programs on broken or water-damaged devices
  • For mission-critical situations, contact a data recovery professional before any attempts are made to reconfigure, reinstall or reformat

Data loss is stressful, but dealing with a disaster on top of it is far worse. If you are affected by a hurricane, or other natural disaster, we hope you find these tips helpful in easing the process of your recovery.

Hot Topics in Ediscovery

As you get ready to head back to the office this fall, make sure you’re up to speed on some of the most significant developments in ediscovery from this summer.

New Data Protection and Transfer Laws in Japan and China

Earlier this summer, Japan and China enacted significant changes to their data protection and transfer laws. In Japan, the Act on the Protection of Personal Information (APPI) went into full effect on May 30, 2017 and companies are expected to make immediate changes. China’s controversial Cybersecurity Law went into full effect in early June 2017 and focuses on network operators managing data in the country.

Antitrust Law and Technical Innovation

Technological advancements throughout the world have transformed policies and institutions that enforce antitrust law. Check out parts one and two of our video series focusing on how policy and technology changes create implications in the many fields of antitrust law.

Civil Procedure Rules in State Court

Following the release of the 2015 amendments to the Federal Rules of Civil Procedure (FRCP), states have taken different approaches to updating their own rules. Some states have adopted the new FRCP, other states are currently considering changes and a handful of states march to the beat of their own drum. Learn more about your state and states that may be important to you in the future.

Fighting Fraud in France

Fraud, corruption and bribery hit close to home for legal and IT professionals around the globe. In France, game-changing legislation has taken effect to strengthen anti-corruption efforts. Sapin II, as the legislation is called, is modelled on the U.S. Foreign Corrupt Practices Act (FCPA) and the U.K. Bribery Act. U.S. businesses with global operations should be prepared with renewed understanding of France’s regulations.

Whether you have a matter that requires collection of electronically stored information (ESI) in a country with strict data protection rules or have questions about state rules of civil procedure, you can keep up to date on everything ediscovery with weekly updates from The Ediscovery Blog.

That’s a Wrap! Reflecting on ILTACON 2017

Following the Path to Maturity amidst Innovation

A few weeks before more than 1,600 members descended upon ILTACON 2017 in Las Vegas, I had a chance to catch up with a couple distinguished peers in our industry to talk about their latest areas of focus. Always respected as “Blue Ocean” strategists, I was keen to hear their views on the latest and greatest challenges. The response was, perhaps, a surprising precursor to one of the major underlying themes amongst ediscovery and information management professionals at ILTACON this year: ensuring mature processes are in place.

The Newer Generation Unites with Seasoned Professionals

The primary focus of ILTA has always been peer-to-peer education. It was apparent at this year’s annual conference that, amongst a mature community, there is also a growing third generation of newer ediscovery professionals. Full EDRM lifecycle project management, processes and support; balanced outsourcing; use of multi-faceted Technology Assisted Review (TAR) strategies, predictive coding and Continuous Active Learning (CAL); and upstream, holistic information governance and effective legal hold were all familiar, prevalent themes at ILTACON 2017. The major difference is that this new generation of professionals are learning and adopting mature, data-driven principles, management skills, discovery processes and innovative technology derived from the path others have been blazing and curating over the last decade or two. So, foregone questions about “should we do this” or “how can we do this” have evolved into deeper discussions about “how do we do this best” and “which tools do I need to get the job done.”

From Predictive Coding to the Cloud…and Everything in Between

Corporations continue to build process, control and maturity around their approach to ediscovery as part of their broader efforts to help outside counsel efficiently respond to discovery under more astringent financial and information security constraints. Therefore, the community came to ILTACON 2017 seeking ideas and tools to maintain control of data, complement corporate movement to the cloud and build process efficiency into the EDRM lifecycle.

First, the debates over predictive coding have more or less waned. Instead, we found a deliberate focus on stronger implementation and significant rates of adoption, especially given enhanced methods such as CAL, which is fully built into KrolLDiscovery’s TAR solutions and complimented by our suite of technologies to accelerate document review. For instance, we learned during the ILTACON session I moderated, “Latest Trends in Leveraging Analytics in Litigation Support,” that 62 percent of the ediscovery professionals in attendance use predictive coding sometimes and 40 percent sometimes used CAL, too. Meanwhile, 27 percent have never used predictive coding. These statistics alone demonstrate great levels of acceptance and also reveal that the up-and-coming generation is ready to jump in!

Another significant ILTACON 2017 theme was the cloud. When it comes to corporations moving some data sources to the cloud, ILTACON attendees came seeking truly cloud-enabled and optimized ediscovery technology like KrolLDiscovery’s tool, NebulaTM. While one ILTA session poll revealed that 10 percent of corporate clients always use ediscovery analytics behind their firewall and an additional 29 percent do so sometimes, the majority do not. Therefore, when faced with the average ediscovery project, stakeholders continue to rely heavily on third-party expertise and technology.

Last, but certainly not least, was the topic of data security and control. There continues to be a trend toward centralized information management systems to better maintain and analyze corporate data and ensure effective legal holds through solutions like KrolLDiscovery’s Unified Archive. Yet, the majority of projects or initiatives continue to be motivated by reactions to the cyber attack and data loss epidemics, GDPR readiness and increases in litigation or investigations. Of course, the truly global ILTA community also came seeking secure, nimble and portable solutions that they could operate, such as KrolLDiscovery’s Remote Collection Manager (RCMgr®) to complete data preservation, collection and transfer anywhere in the world.

See You Next Year: ILTACON 2018

Whether the session labels touted “analytics,” “cloud,” “ediscovery,” “information governance,” “artificial intelligence,” “business intelligence” or “Blockchain,” the entire ILTA community, across peer groups, came together with one overarching theme in 2017: how do we more efficiently leverage better technology to compile, process, distill, analyze and transform information into actionable results. At ILTACON 2017, it was my privilege to tackle these challenges with legal technology colleagues from around the country and around the world. I am definitely looking forward to doing it again, August 19 – 23, 2018 in Washington, DC.