Building information governance (IG) protocols from scratch can feel like getting lost in a jungle. Often it is difficult to know which direction to go to get started on your journey, especially with a thick forest of documents standing in your way. But orienting yourself in the IG jungle is essential to avoid the possibility of leopards attacking you, birds swooping down on you, or those sneaky critters that might come back to bite you. Luckily, we’ve created a handy IG Guide to help you navigate through the underbrush and into the clear!
The guide includes critical information on IG, such as how to amplify the value of enterprise information, manage data and control ediscovery, as well as how to reduce data governance risks and costs. Also included is a look into how a hypothetical company, Healthy Nuts, found their way through the IG jungle. Find out more about their story and information governance here.
Happy Autumn! As the leaves start changing color and the infusion of pumpkin-flavored food dominates our culinary palates, let’s take a moment to look back to the days of Spring, with blooming flowers, baby birds, and…wildfires?!
Back in April, Kroll Ontrack launched a red-hot Legal Hold Guide that explored the importance of document preservation in litigation and regulatory matters. With data volumes on the rise, organizations need to have an effective legal hold plan in place to avoid being burned with spoliation sanctions.
Take the time to reminisce, but don’t get too comfortable. Be on the lookout next week for an exciting new Information Governance guide that promises to be wild…
Failure to Engage in Basic Litigation Hold Results in Sanction
HM Electronics, Inc. v. R.F. Technologies, Inc., 2015 WL 4714908 (S.D. Cal. Aug. 7, 2015).
Court Orders New Search Parameters for Document Preservation
New Orleans Reg’l Physician Hosp. Org., Inc. v. United States, 2015 WL 5000512 (Fed. Cl. Aug. 21, 2015).
Proper Litigation Hold Results in Denial of Sanctions
Grove City Veterinary Serv., LLC v. Charter Prac. Int’l, LLC, 2015 WL 4937393 (D. Or. Aug. 18, 2015).
Court says FTC has Power to Regulate Corporate Cybersecurity Policies
Fed. Trade Comm’n v. Wyndham Worldwide Corp., 2015 WL 4998121 (3d Cir. N.J. Aug. 24, 2015).
Court Orders Inclusion of Technology Specialist Fees in Award Calculation
Gen. Protecht Grp., Inc. v. Leviton Mfg. Co., 2015 WL 4988635 (D.N.M. Aug. 3, 2015)
65% of ediscovery projects contain at least one document with the XXX-XX-XXXX number format. Accidentally disclosing Personally Identifiable Information (PII) could lead to a messy discovery process and costly penalties. Do you know how to best protect PII in ediscovery? Check out this new PII infographic to learn more.
What is PII?
Personally Identifiable Information (PII) is any information about an individual maintained by an organization that can distinguish, trace or link to that individual. This can include anything as benign as a person’s full name to confidential medical, educational, financial and employment information or a social security number.
What’s at Risk in Ediscovery?
While the threat of identity theft looms over individuals who fail to safeguard their personal information, litigation teams are in a unique position. They must be the safeguard that ensures opposing counsel doesn’t accidentally receive confidential medical records, social security numbers or other PII during the discovery process. In a perfect scenario, all PII would be redacted prior to production, but with exponentially increasing volumes of data, PII becomes increasingly at risk of being unintentionally compromised in litigation. If an inadvertent disclosure occurs, a legal team may face sanctions.
Assisted Redaction: A Sophisticated Solution
At a basic level, the manual redaction process completely removes targeted content from an electronic document, making it irretrievable and unavailable for view, print, search or copy. Building beyond manual redaction, ediscovery platforms can utilize an automated approach to identifying, verifying and applying user-defined redactions to maximize efficiency in a process known as “assisted redaction.” The assisted redaction application, featured in Kroll Ontrack’s Relativity offering, provides users with full control to review, approve or reject each applied redaction across an entire data collection workspace or subset of data. Assisted redaction streamlines the manual redaction process, reducing the risk of inadvertent disclosure while allowing counsel to quickly and correctly apply user-defined redactions throughout the data.
A Light in the Dark
The ediscovery process may put PII at risk when not carefully managed, but much of that risk can be alleviated when paired with a strong legal team and savvy technology. Shine some light on PII protection in ediscovery before watching Kroll Ontrack’s new video to learn more about assisted redaction and other new capabilities within Kroll Ontrack’s Relativity offering.
A few weeks ago, the FTC and DOJ released their annual HSR Report. Like any report card, this annual assessment allows us to see the developments of the last year when it comes to premerger notification and merger enforcement.
Before sitting down to do some serious studying of the full report, take a quick peek at a few of the numbers, then read Kroll Ontrack’s analysis, “Top 10 Takeaways: 2014 HSR Annual Report.”
Mergers are up
- In 2014, merger filings increased by more than 25% from 2013.
- 1,663 transactions were reported under the HSR Act in 2014.
Considerable emphasis on consumer market competition
- Consumer Goods & Services comprised 30.8% of the HSR transactions in 2014, more than any other industry.
Growth in multi-million dollar mergers
- 4% of reported transactions had a value of over $500 million.
Second Request volumes steady with previous years
- Second Requests were issued in 51 merger investigations – 30 by the FTC, 21 by the DOJ.
- The number of Second Requests issued in 2014 increased 8.5% over 2013.
- Second Requests were issued in 3.2% of total HSR transactions, down from 3.7% in 2013.
- More than 80% of Second Request investigations occurred in transaction ranges of $300 million or greater.
With ample antitrust and Second Request experience under our belts, Kroll Ontrack is uniquely equipped to help manage your document productions to the FTC, DOJ and other global competition bureaus. To learn more about Kroll Ontrack’s expertise, be sure to check out our Second Request Services.
“Electronic document creation and/or storage, and electronic communications, have become commonplace in modern life…attorneys who handle litigation may not ignore the requirements and obligations of electronic discovery. A lack of technological knowledge in handling ediscovery may render an attorney ethically incompetent to handle certain litigation matters involving ediscovery, absent curative assistance.”
New California Ethics Opinion
With those words, earlier this summer the California State Bar officially addressed the ethical duties of counsel during ediscovery, and finally established competency standards for counsel in the Golden State. Although the opinion is advisory and non-binding upon courts, the opinion provides a much needed support structure in a field that has historically been faced with varied interpretations; it further serves as a major triumph for ediscovery gurus that have been pushing for a core standard for ediscovery.
Set within the parameters of a hypothetical bar exam question, the committee of the state bar’s opinion went on to discuss the 9 defined skills that attorneys should be able to perform in ediscovery (either “by themselves or in association with competent co-counsel”):
- Initially assess ediscovery needs and issues, if any;
- Implement/cause to implement appropriate ESI preservation procedures;
- Analyze and understand a client’s ESI systems and storage;
- Advise the client on available options for collection and preservation of ESI;
- Identify custodians of potentially relevant ESI;
- Engage in competent and meaningful meet and confer with opposing counsel concerning an ediscovery plan;
- Perform data searches;
- Collect responsive ESI in a manner that preserves the integrity of that ESI;
- Produce responsive non-privileged ESI in a recognized and appropriate manner.
Expand your knowledge and expertise
Ultimately, this opinion reiterates that attorneys’ obligations evolve as new technologies develop and become integrated with the practice of law. To make sure you are staying up to speed, let us share our expertise with you. Kroll Ontrack offers customized Continuing Legal Education (CLE) courses on a myriad of EDRM (Electronic Discovery Reference Model) topics, free of charge. These 60 to 90 minute courses – taught by expert legal and technology professionals – are held in your office, exclusively for your legal and IT teams. If you are interested, contact our events team.
Choice A or Choice B? Choice C or Choice D? There’s nothing quite like the mystery and thrill of the Choose Your Own Adventure (CYOA) novel, where the reader gets to direct and navigate the story of their choice.
Similarly, when it comes to Information Governance (IG) programs, corporate counsel and the IG team get to create their own old school CYOA storyline by defining the processes and implementation of the multi-disciplinary structures, policies and programs necessary to control and organize data. Kroll Ontrack’s Tom Barce recently wrote an article, Information Governance: Be Prepared for a Data Disaster, discussing the importance of IG programs and what corporations should be aware of in regards to what an IG program can do.
To showcase the advantages of IG programs, let’s consider the following scenario for Health Nuts (HN), a large (fictional) multi-national company in the nutritional supplements industry:
The company has hundreds of employees and millions of records containing private and personal data. Over the past decade, the company has grown rapidly through acquisition. HN recently expanded into Brazil, however, very little has been done to integrate the various data management policies and procedures from the newly acquired companies. Some divisions of HN are highly technical, with employees leveraging modern communication devices and forums, as well as using personal devices for work communications.
Choice A: continue as is and allow various data management policies to continue
Choice B: re-evaluate the complexities and dangers of rapid growth and insufficient data policies and consider incorporating an IG program
For inside counsel and IG teams, the above hypothetical should raise blaring issues of security, management and data protection. Unfortunately, with corporations now fully entrenched in the digital age, counsel are playing a catch-up game with how fast data is created and where the data goes, and many do not recognize the need for a robust IG program. When utilized properly, IG programs can control a corporation’s data and maximize its value, but only if the information at hand is under control. So what happens if the information is not under control and a corporation chooses Choice A? Let’s return to aforementioned Heath Nuts Corporation:
The nature of the organization’s data management and decentralized IT systems left it ripe for attack. Three months ago, the company suffered a data breach and is still trying to determine the scope of the attack across its divisions. Due to this, customers have experienced identity theft and fraud. Compounded with the fact that state and federal agencies are investigating the nature of the breach, a lawsuit is clearly imminent.
Choice C: Await litigation
Choice D: Go back to the initial set-up and implement an IG program
For Health Nuts and for most corporations, the above situation is not too far from the norm if corporations choose Choice A over Choice B. Fortunately, steps can be taken to mitigate this hair-raising data disaster by choosing Choice D and following these initial steps:
Be Aware of Your Data and Know How to Leverage People, Processes and Technology
Before making any decisions about a company’s data, counsel needs to understand what, and where, data is stored and what the current policies regarding data retention and destruction are. Counsel needs to be especially concerned with the nature, location, security and maintenance of personally identifiable information (PII) as well as “dark data,” or data that is created, processed, and stored in the regular course of business and is not currently in use. Once a corporation’s data is located and secured, the next step would be to leverage current employees in the IT and Information Security departments to ensure the appropriate emphasis is placed on training them and the organization-at-large about the policies and definitions of the IG program. In addition, data categorization, auto-classification, and predictive coding solutions may be utilized as part of your IG strategy to reduce costs while organizing data for future use. Furthermore, counsel must consider data that has been placed on legal hold and held in a legal hold repository. This data and the associated obligations are the burdensome, but necessary, exceptions to effective IG that can lead so many corporations to complacency.
De-Cluttering Company Data…
The success of IG programs depends on a number of factors, including the increased business utility of the data under management, storage savings, impact on ediscovery and company productivity. In today’s modern age, data tends to accumulate exponentially. To prevent the hoarding of extraneous data, corporations must learn to dispose of unnecessary information and learn to sift through the types of data that will have a great effect on protecting company, employee and consumer data while streamlining ediscovery responses by eliminating irrelevant documents. In addition, de-cluttering company data can increase the value and efficiency of an IG program, thus allowing for more effective analytics.
…But Keeping the Necessary Documentation
Through the process of streamlining the IG program, organizations must ensure that they effectively document their processes. This includes clarifying IG program goals, definitions, policies and procedures, as well as employee training, enforcement actions, audit practices and program evaluations. Corporations should document these processes in anticipation of dealing with legal or regulatory actions, as well as help in the overall evaluation of the IG program. Successful documentation can lead to increased visibility and better opportunities for corporations to address and fix problems.
If corporations wish to avoid a data disaster, the choice is clear. By utilizing an effective IG program to locate, secure, and document their information retention and destruction processes, corporations may avoid or, at a minimum, mitigate the risks and damages that result from data breaches and/or regulatory and litigation events. For more information, check out Information Governance: Be Prepared for a Data Disaster today!
With August comes languid heatwaves, leisurely days outdoors and (for many) the looming dread of heading back to school. For students everywhere – and perhaps especially law students – the start of a new semester brings new challenges, lessons and discoveries.
One thing that is slow to change though is the dearth of ediscovery courses in law schools around the nation. Kroll Ontrack’s previous analysis of law school websites showed that less than 40% of law schools offer a course in ediscovery. Of those schools, only a fraction offer courses with any practical ediscovery lawyering skills.
My Kroll Ontrack colleague, Michele Lange, recently partnered with noted ediscovery educator, William Hamilton, to publish an article, Law Schools Lag in Teaching Ediscovery, which delves into this deficit.
Both Hamilton and Lange found the limited access and resources for adjuncts qualified in the ediscovery field to be a likely cause for why there are so few courses in ediscovery. Indeed, many universities lack tenured professors that are comfortable and skilled in the constantly evolving ediscovery field, while the adjunct professors that do teach ediscovery lack the time and resources to properly educate and grade student coursework. To remedy this, Hamilton and Lange suggested two major changes that law schools should undertake to alleviate the course shortages.
Create a dynamic relationship between students and ediscovery professionals
The first step law schools need to take is to stress the mandatory need for a robust ediscovery module in their basic civil procedure course, as these courses are especially important for litigation-tracked students. By inviting ediscovery professionals from law firms, corporations, technology providers and the government, law schools can help foster an environment of communication and understanding about the importance of ediscovery and the career opportunities ediscovery presents to students. In addition, these partnerships have the potential to create cadres of adjuncts that will develop courses together, share instructional design responsibilities and alternate teaching both elementary and advanced courses. By laying down the groundwork for success, these partnerships between students and professionals will create a new breed of lawyers who are ready to tackle modern ediscovery litigation issues straight out of law school.
Promote the value of an ediscovery education
The laws of supply and demand in economics apply to ediscovery courses as well. This means that merely providing ediscovery coursework is not enough. For ediscovery courses to become a mainstay in law schools, students need to understand and embrace the value of an ediscovery education.
The hurdle that schools need to overcome is this misguided belief that an education in ediscovery is “too techie” or that it falls under the heading of “litigation support,” rather than “real lawyering.” In reality, an ediscovery education opens the door to a variety of career options. Firms and corporations need litigators who can rapidly assess risk and exposure and who possess real life skills to manage cases and control costs. Those who are knowledgeable about ediscovery and know how to cut costs by using different platforms will have an edge over other young lawyers who first explore the ediscovery field upon arrival at a firm. By offering ediscovery courses and enlightening students to the need for such courses, law schools will help train and provide students with valuable, real life skills that they can bring to the workplace.
The historical model that taught aspiring young lawyers that a law school’s purpose was to teach them how to “think like a lawyer” is no longer applicable today. For the next generation of lawyers to succeed, they must begin their education in ediscovery in the classroom, not in practice at a firm. For a more in-depth analysis, check out the article, Law Schools Lag in Teaching Ediscovery.
A specialized field such as ediscovery in antitrust matters requires an equally specialized and expertly trained team. Here at Kroll Ontrack, we are fortunate enough to have some of the most seasoned and knowledgeable consultants, including professionals with direct work experience with antitrust agencies and private merger and acquisition practices. When you can’t second guess a second request, you need to know one of Kroll Ontrack’s very own antitrust experts, Adam Strayer.
Q: Tell us about your background and what led you to becoming an ediscovery expert that focuses on antitrust matters.
A: Before working as an ediscovery consultant, I was an attorney at the Federal Trade Commission (FTC), where I reviewed proposed mergers and investigated anticompetitive conduct. While there, I drafted and negotiated a number of second requests and gained valuable insight into federal agency document requests. That was a great foundation for what I am doing today—helping Kroll Ontrack’s clients develop strategies for responding to similar requests. I’ve also worked on the private practice side, defending companies in antitrust investigations and helping them respond to second requests and similarly large data requests in commercial litigation. After these roles, I moved into the ediscovery service provider world, where I worked on the managed review side—designing workflows, driving strategy timelines and responses, and meeting production deadline goals.
Q: What types of services do ediscovery consultants provide to law firms and corporations involved in a second request?
A: Kroll Ontrack leverages a proven, defensible process for handling second requests from inception through completion. This process involves dedicated team resources with specialized expertise to handle the sheer complexity and tight timeframes associated with second requests. The team provides 24/7 support for your case, including onsite project scoping, planning and kickoff and daily status calls and briefings. In addition, an ediscovery consultant is skilled at honing the technology platform specifically for the needs of a second request review – from setting up the workflow and category tree to leveraging predictive coding. Our goal is to provide efficient, accurate and defensible ediscovery for deadline-driven second requests.
Q: Can you give us an example of a recent second request that Kroll Ontrack helped with?
A: Kroll Ontrack works on dozens of antitrust matters each year. For example, in 2014 alone, Kroll Ontrack produced over 20 million pages of documents involved in second request matters. Furthermore, many of these antitrust matters involve global competition bureaus or merging companies outside of the United States. In one recent case, two device companies looking to merge were issued a second request by the FTC. Kroll Ontrack’s ediscovery.com platform, predictive coding technology and document reviewers aided the merging companies in completing the FTC production in less than two months, taking 2.5 terabytes of data down to about 500,000 documents.
Q: Since we’re getting to know your work, it would be great to get to know a little about you. What is your ideal day outside of the office?
A: I live in Brooklyn Heights, just across the Brooklyn Bridge from Manhattan, but I really like to escape from the city as often as possible. This summer, I have spent a lot of time hiking in upstate New York and in Michigan’s Upper Peninsula.
Thank you Adam for sitting down with us and giving us some great insight into the world of ediscovery consulting in antitrust matters.