Practical Tips for APAC Ediscovery

by Eric Robinson on May 20, 2013 in Ediscovery, International Ediscovery with No comments
Tokyo

In our ever-shrinking, interconnected world, it is imperative that legal practitioners establish expertise in international ediscovery law. One of the most dramatic evolutions in ediscovery is occurring in the Asia-Pacific region (APAC).

As in the U.S., several APAC countries have created special rules for the discovery of electronic data. Hong Kong, Singapore and Japan have (or are in the process of) adopted data privacy regulations. Hong Kong uses traditional English discovery law, which makes Hong Kong the APAC country most amenable to American ediscovery efforts. Singapore is equally as advanced, given its recent adoption of aggressive measures to become the premiere dispute resolution hub of the region. Japan has likewise begun deliberations on the implementation of ediscovery laws, but the Japan Privacy Act permits the conditional transfer of personal information from a corporate entity to a third party.

Perhaps the most challenging ediscovery environments are those of China and South Korea. In South Korea, ediscovery law is still relatively non-existent. China, on the other hand, deals with data protection and privacy issues on a piecemeal basis, and a central framework for governing ediscovery matters has yet to be established.

Handling these APAC ediscovery issues seems like a daunting task, but here are seven practical tips:

 1. APAC Ediscovery Goes Beyond Translation
Even a U.S. attorney proficient in an Asian language will struggle with APAC ediscovery because of vast differences in legal systems. Most APAC companies cannot fathom why an American court would require a party to collect and exchange massive amounts of data.

2. Be Cautious of Nationalist Challenges
Strong nationalism may thwart U.S. litigation collection efforts, as parties question why APAC privacy considerations do not trump U.S. discovery laws.

 3. Capture Full Forensic Images and Conduct Client Interviews
Because of geographical and nationalist challenges in APAC, a lawyer cannot risk an insufficient collection. As such, active data capture is not recommended in the APAC region. Along the same lines, it is important to ask custodians for all spelling variations of their name during the client interview.

 4. Watch for International Data Nuances
In the APAC region, software is often vastly different from U.S. software. Furthermore, multilingual software platforms generate different metadata fields than U.S. software platforms. Finally, use of free email packages is more prevalent, and an attorney may need to collect ESI from several email systems.

 5. APAC Companies Tend to Encrypt More Data
Build a workflow into collection and review for handling password protected documents. Keep a list of passwords found during document review, and be prepared to use password cracking software.

 6. Don’t Overlook the Paper
Unlike in the U.S., APAC businesses still rely heavily on paper documentation. Pay special attention to paper in the APAC region, given that paper sizing and hole punching may be different. Optical Character Recognition (OCR) is often not available for many languages.

7. Make Friends and Work with Local Counsel
Perhaps most importantly, local counsel experienced in ediscovery collections or local service providers can greatly assist American attorneys by acting as a mitigating party, explaining sovereignty issues, integrating paper and data into one database, and collecting data before spoliation occurs.

Overall, APAC ediscovery law has proven to be extremely agile; thus, it is important for practitioners to keep afloat in these ever-changing waters.

For a top-notch overview of international ediscovery laws, check out this global ediscovery infographic.

Get Ready for New Ediscovery Rules in Minnesota

by Michele Lange on May 13, 2013 in Ediscovery with 1 Comment
Minnesota

The month of July ensures some much needed warmth in Minnesota after an offensively wintery spring, but July also brings an exciting new set of amendments to the Minnesota Rules of Civil Procedure. From July 1, 2013 onward, Minnesota lawyers are obligated to cooperate and be more upfront during the discovery process. In an effort to mirror the crux of the 2006 amendments to the Federal Rules of Civil Procedure (FRCP), electronic discovery and proportionality will be the focus of the new Minnesota Rules of Civil Procedure, due in no small part to the resounding plea from lawyers all over the state for the judicial enforcement of cost-effectiveness and manageability in civil litigation.

Particularly interesting is the new Rule 1, which explicitly addresses proportionality – a welcome step that actually goes above and beyond the FRCP. The specific mention of proportionality takes the wiggle room away from litigants tempted to play fiscal “chicken” with opposing counsel via discovery costs. It puts the onus on each party to work across the aisle and limit discovery to a practicable scope.

The most expansive change comes in Rule 16, by which Minnesota lawyers must make an earlier investment on tailored ediscovery plans. Lawyers must conduct ediscovery management with more effort than ever by way of compulsory initial disclosures related to custodians, data sources, litigation holds, scheduling, production format, and everything in between. A strict new timeline will be enforced – thirty days after the answer to the complaint, the discovery conference must take place, and fourteen days after that, the parties must file a discovery plan with the court. No longer will “Yep, we talked about ediscovery” end the story, as the court will now be more involved in early planning to ensure that the discovery beast stays tame. In fact, no discovery will be allowed until after the initial disclosures and scheduling order pass the court’s muster. In essence, early preparation and a strengthened call for cooperation are certainly the themes of the new rules in Minnesota state court.

Updates to the Minnesota Rules come at the perfect time, when high-level discussions are occurring about similarly strengthening the FRCP to reflect the growing need to address proportionality in litigation. All in all, the updates reflect the legal system moving forward on a path towards the “North Star” in ediscovery.

The text of the new Minnesota Rules of Civil Procedure can be found here.

Top 5 Ediscovery Case Summaries – May 2013

by Thought Leadership Team on May 6, 2013 in Case Law, Ediscovery with 2 Comments
Read the very latest ediscovery case law summaries

Below are the top 5 ediscovery case law summaries for May, 2013.

Court Considers Possibility of Clawback Order in Undue Burden Assessment
In re Coventry Healthcare Inc., 2013 WL 1187909 (D. Md. Mar. 21, 2013).

Sanctions Granted for Social Media Spoliation
Gatto v. United Air Lines, Inc., 2013 WL 1285285 (D.N.J. Mar. 25, 2013).

Court Looks to Circumstantial Evidence to Rely on Evidence from MySpace
People v. Kucharski, 2013 WL 1281844 (Ill. App. 2nd Dist. Mar. 29, 2013).

Proportionality is Key Principle in Predictive Coding Case
In re Biomet, 2013 WL 1729682 (N.D. Ind. Apr. 18, 2013).

Da Silva Moore Drama Dissipates
Da Silva Moore v. Publicis Groupe SA, 12-5020 (2d Cir. Apr. 10, 2013).

To check out more ediscovery case summaries, visit our Case Law library.

The ESI Report is Back in Business! New Ediscovery Podcast

by Michele Lange on May 1, 2013 in Ediscovery, Podcasts with 1 Comment
Computer Assisted Review Reference Model

After a brief hiatus, the ESI Report, sponsored by Kroll Ontrack and produced by the Legal Talk ESI ReportNetwork, is back on the air! We will bring you monthly ediscovery podcasts on the latest trends and case law that you can listen to anywhere.

Revving Up Your CARRM

In this new edition, George Socha of the EDRM and Tom Palladino of NightOwl Discovery join me to talk about the CARRM (Computer-Assisted Review Reference Model). Don’t miss the great interview with George and Tom – two of the contributors to the new CARRM.  [For a quick primer on the CARRM and other technology assisted review (TAR) reference models, take a look at this blog post from Jennifer Wightman.]

An Ediscovery “Puzzler”: Real or Fake

Because we don’t always have to be serious on the ESI Report, the new Arguably Relevant segment on the podcast takes our guests on a quick jaunt through some of the more light-hearted subject matter in ediscovery. This month, we challenged our guests to identify a witty snippet from a real judicial opinion versus a fictitious judicial quote concocted by ESI Report writers.

See if you can guess which are real, and score your answers with the key at the bottom of the blog post. (Hint: three of the quotes are genuine.)

  1. Real or Fake: “By destroying his computer with a sledge hammer, the plaintiff’s conduct was egregious enough to fortify his claims against the defendant; thereby, the court finds it appropriate to hammer these claims with a dismissal.
  2. Real or Fake: “This is a case of too many cooks spoiling the broth . . . the litigation was conducted in an Inspector Clouseau-like fashion. However, unlike a Pink Panther film, there was nothing amusing about this conduct
  3. Real or Fake: “Imagine a standup comic who delivers the punch-lines of his jokes first, a plane with landing gear that deploys just after touchdown . . . that’s what document production after trial is like—it defeats the purpose.”
  4. Real or Fake:  “Short of ordering a lobotomy—which, of course, this court cannot do—I strongly encourage the plaintiffs to forget these portions of the meeting notes and focus on documents that actually are discoverable.”
  5. Real or Fake: “American lawyers engaged in discovery have never been accused of asking for too little. To the contrary, like the Rolling Stones, they hope that if they ask for what they want they will get what they need.”
  6. Real or Fake: “Counsel could have included ‘Mickey Mouse’ or ‘Donald Duck’—both of which would have been about as useful as the information listed on the plaintiff’s privilege log.”

To hear how ESI Report guests, George Socha and Tom Palladino, scored on the Arguably Relevant ediscovery puzzler, download the full podcast here.  Lastly, don’t forget to subscribe to the RSS feed, so that podcasts from the Legal Talk Network appear in your iTunes account each month for free!

Ediscovery Puzzler Answers:

Answers: 1. Fake; 2. Real (Coquina Invs. v. Rothstein); 3. Real (DL v. Dist. of Columbia); 4. Fake; 5. Real (McPeek v. Ashcroft); 6. Fake

Deploying Trainers in Technology-assisted Review (TAR) without “Spoiling the Broth”

by Jen Wightman on April 29, 2013 in Ediscovery, Technology-assisted Review (TAR) with 1 Comment
Deploying trainers in technology-assisted review (TAR)

Leaving little room for interpretation, the court in Coquina Investments v. Rothstein, stated that the defendants’ litany of ediscovery project management pitfalls (which involved over 200 attorneys across two firms) culminated into a “case of too many cooks spoiling the broth.” While Coquina Investments involved format of production issues, the same rationale applies when deploying trainers in technology-assisted review (TAR) —too many trainers can lead to inconsistency and poor machine learning.

Taking Control of the Technology-Assisted Review Kitchen

Using TAR in litigation is strikingly similar to working in a professional kitchen. There are many parts moving on parallel tracks. Just like a pastry chef may begin working on dessert while a grill chef prepares the main dish, you may have reviewers allocated to train a recently found hard drive while a sub-team performs corrective training on a production set. And above all else, in either scenario, nothing leaves the kitchen without a taste test (quality control). But perhaps the most difficult task involves assigning appropriate roles to a diverse cast of employees during the stages of machine training.

  • Lead Attorney: The Chef de Cuisine—in charge of all things related to the kitchen. This role involves making executive decisions like when to stop review, how to provide additional training and who will train the machine.
  • Subject Matter Experts (SMEs): The Sous-Chefs—second-in-command to the Chef de Cuisine. These are attorneys that have a firm knowledge of the nature of the case and the issues involved. They are capable of making high-level decisions and have an expansive knowledge of the dispute.
  • Contract AttorneysThe Chefs de partie—line cooks responsible for certain areas of production. These are attorneys who are comfortable and trained on the issue at hand, but do not have the level of knowledge possessed by Subject Matter Experts.

Choose Your Recipe

The Chef de Cuisine works closely with the Sous-Chefs to ensure that everyone clearly understands the basics of the recipe so that when the Chef de Cuisine (the Lead Attorney) is out of the “kitchen” the quality of the output remains constant.

When it comes to dedicating a team of SMEs to train the system, the adage “less is more” carries the day. As discussed in a document produced by the TREC 2008 Legal Track, determining whether a document is responsive or not responsive is a deceptively subjective process.  Lawyers “draw lines”—often at different places—across a number of determinations like “the nature of the risk posed by production, the party requesting the information” and the willingness of the production party to face a challenge for underproduction. Because the risk of inconsistencies in deciding responsiveness is exacerbated by the introduction of more trainers, rarely will you want more than five SMEs training the system. The restaurant owner mutters, “but my project is big, there is no way that I can rely on only five reviewers.”  Generally, two to five reviewers can handle the targeted review load for even a very large project. The total amount of training documents will vary depending on if you plan to “seed” the system (and how much “seeding” you plan to do), the number of documents in your data set and your desired confidence level. Ultimately, responsiveness decisions made on this fraction of documents will be extrapolated to all remaining documents in the data set; it becomes critical that the SMEs are in sync with the goals and structure of the case.

Reduce and Stir

While the ideal structure for deploying this handful of SMEs is still up for debate, there is common consensus that there must be some process in place to arbitrate consistency when responsiveness disputes arise. I’ve seen some interesting hierarchical training structures over the years designed to handle training disputes. These are some of the most common:

Training Structures of technology-assisted review

Finally: Tasting the Broth

An effective document review and an efficient kitchen both rely upon QC measures to ensure quality and consistency of output. A well-designed plan for validating the automated technology-assisted review output is key to knowing when to stop training for quality and when the documents are ready for consumption at the next stage of the case. Where the Chef de Cuisine is responsible for ensuring that only quality dishes leave her kitchen, the Lead Attorney is also responsible for the quality of the data in her case. Only when quality control measurements reflect defensible levels of recall and precision will a Lead Attorney be in a position to move beyond first-pass review and plate the production for the requesting party—Bon Appetit!

To gain hands-on TAR experience, register now for the newest educational course offered by Kroll Ontrack, TAR Learning Labs.  The next Learning Lab is coming up in Minneapolis, MN, in early June.  Sign up soon, space is limited!

Math and Statistics for Ediscovery Lawyers Using Technology-assisted Review (TAR)

by Eric Robinson on April 22, 2013 in Ediscovery with No comments
Math and Statistics for Ediscovery Lawyers Using Technology-Assisted Review

Legal professionals learn a lot of complicated concepts and principles through education and/or practice… but they usually don’t have much—or anything—to do with math or statistics.

Then, along came Technology-assisted Review (TAR), which promises to revolutionize ediscovery by leveraging sampling techniques and advanced algorithms to predict whether documents are responsive to particular criteria. Simply put, these revolutionary technologies rely heavily on math and statistics—and modern practitioners need to be more tech- and math-savvy than ever before (or be willing to engage the appropriate predictive coding experts or other resources) in order to understand and leverage this new methodology to its highest potential.

However, to master the TAR process, legal professionals don’t need to dust off their slide rules and graphing calculators, crack open a stats book, or flock to the nearest college or university to enroll in a math class. Rather, they simply need to focus on understanding the key concepts and metrics necessary to manage the predictive coding process.

To help put you on the path to TAR technology mastery, here is a cursory overview of the metrics and processes you need to know.

Key Metrics in Effectiveness Reporting

After the technology has run machine learning, it will generate a report with raw data metrics and calculations that should look something like this:

Key Metrics in Technology-Assisted Review Effectiveness Reporting

Understanding the metrics on this report is key to analyzing your technology’s performance and determining what to do next.

True and False Positives/Negatives
In search or review exercises, “responsive” or “not responsive” classifications are reviewed. When the document is suggested as “responsive,” and the suggestion is correct, this is referred to as a True Positive; when it is incorrect (i.e., a non-responsive document is incorrectly coded as responsive), it is a false positive. Accordingly, when a document is suggested as “not responsive,” and the suggestion is correct, this is an example of a true negative; if the suggestion is incorrect (i.e., it should have been coded “responsive”), then it is a false negative.

Recall, Precision, and F-measure
While these three key metrics have been discussed previously, understanding these metrics is essential to successfully, effectively and efficiently employing predictive analytics for document review. Generally speaking, precision is the fraction of relevant documents within retrieved results—essentially a measure of exactness. Recall is the fraction of retrieved relevant documents, or the measure of completeness. F-measure is the harmonic average between the system’s recall and precision.

TAR technology Precision

Accuracy
Accuracy incorporates how well the classifier did by identifying the fraction of correctly coded documents, essentially expressed as (True Positives + True Negatives) / (All Documents). While accuracy can be helpful, it should not drive decisions. Accuracy can be skewed upward if there is an overwhelming amount of either true positives or true negatives in the database.

Analyzing Technology-Assisted Review Metrics with Sampling

Sampling is one of the most versatile tools in your technology-assisted review arsenal. The sampling process examines a fraction of the document population to determine characteristics of the whole, further validating what you do or don’t have and strengthening the defensibility of your review processes and procedures. Notably, it is often used to perform quality control (QC), which can take place iteratively, or at the back end of a review to assess it.

Quality control rests on a simple principle: TAR predictions are not always right. Through sampling, various sets of the data are drawn, manually reviewed by a quality control team, and evaluated. Based on these results, teams can decide whether additional training is needed, or the team might conclude that the technology is categorizing documents so effectively that they are comfortable relying wholly on machine predictions and stopping manual review.

The Next Step: Mastery

While general knowledge of these predictive coding metrics is a great start, it is merely a drop in the bucket. To learn more about mastering the math behind the TAR technology, don’t miss the May 10th webinar hosted by Kroll Ontrack and ACEDS, MATH & STATS 101: What Lawyers Need to Know to (Properly) Leverage TAR.

Top 5 Ediscovery Case Summaries – April 2013

by Thought Leadership Team on April 15, 2013 in Case Law, Ediscovery with 1 Comment
Read the very latest ediscovery case law summaries

Below are the top 5 ediscovery case law summaries for April, 2013.

Court Denies Motion to Compel Social Media Data 
Potts v. Dollar Tree Stores, Inc., 2013 WL 1176504 (M.D. Tenn. March 20, 2013).

Insufficiently Detailed “Image Processing” Not Included in Taxable Costs
Taylor v. Mitre Corp., 2013 WL 588763 (E.D. Va. Feb. 13, 2013).

“Careless” Deletion of ESI Warrants Exclusion of Evidence, Adverse Inference
E.E.O.C. v. Ventura Corp, Ltd., 2013 WL 550550 (D.Puerto Rico Feb. 12, 2013).

Court Denies Motion for Protective Order, Cost-Shifting
Juster Acquisition Co., LLC v. N. Hudson Sewerage Auth., 2013 WL 541972 (D.N.J. Feb. 11, 2013).

Discovery Requests Outweighing Amount in Controversy are Unduly Burdensome
Conn. Gen. Life Ins. Co. v. Scheib, 2013 WL 485846 (S.D. Cal. Feb. 6, 2013).

 To have the Top 5 Ediscovery case summaries sent directly to your inbox every month, subscribe to our newsletter: Ediscovery Rediscovered.

To the Merits, At Last: Judge Peck Recusal is Denied

by Michele Lange on April 11, 2013 in Case Law, Ediscovery with No comments
ediscovery case law news-Judge Peck recusal denied

Ediscovery case law enthusiasts, gather ‘round – thanks to the Second Circuit Court of Appeals, the Da Silva Moore recusal “sideshow” is finally dead in the water.

As first reported earlier today by the friendly folks at IT-Lex, on April 10, 2013 in an order of notable brevity, Judge Jane A. Restani denied the petitioners’ request for theJudge Peck Recusal is Denied recusal of Judge Andrew J. Peck, stating simply that: “Petitioners have not ‘clearly and indisputably demonstrate[d] that [Magistrate Judge Peck] abused [his] discretion’ in denying their district court recusal motion… or that the district court erred in overruling their objection to that decision.”

At last, the ediscovery community is free of this distracting drama. Cue the music!

Da Silva Moore’s Affect on Ediscovery

The recusal motions that clouded Da Silva Moore created nothing but distraction. Judges, lawyers and providers in the legal ediscovery industry are just as connected as the clients we serve. In ediscovery’s constant state of change, it’s important to remember that ideas precede growth – that leaving room for objective, non-confidential commentary and brainstorming in publications and at conferences is not only appropriate, but imperative for the development of standards, best practices and new technology innovations. Hopefully this short and succinct opinion from the Second Circuit is a clear call that our community’s focus should lie in progressing substantive ediscovery law and practices, not discord and frivolity.

Personally, I look forward to the future of ediscovery jurisprudence from Judge Peck. Like my Kindergarten teacher or childhood dentist, I never want to see him retire. A true trailblazer, in 1995, Judge Peck issued one of the first cases to order the discovery of electronic data (Anti-Monopoly, Inc. v. Hasbro, Inc.), and in 2012 he paved the way for cutting-edge machine learning technology to be used in legal document review through the Da Silva Moore case. What’s next? I can’t wait to discuss more about it with Judge Peck, Ralph Losey, and everyone else in this exceptional legal technology community.

What US Legal Ediscovery Professionals Can Learn from the New UK Rules of Civil Procedure

by Thought Leadership Team on April 8, 2013 in Ediscovery, Events, International Ediscovery with 1 Comment
What U.S. legal ediscovery professionals can learn from the new UK rules of civil procedure

In the last year, Americans have had a great deal of exposure to our British ally across the pond: we caught glimpses of the Queen’s Diamond Jubilee, we were awed by the London Olympics, and don’t even get us started about Downton Abbey. In 2013, ediscovery enthusiasts have something new to witness from our British counterparts – the updated UK Rules of Civil Procedure (CPR), which went into effect on April 1, 2013.

Significant Ediscovery Themes

Overall, there are a handful of significant ediscovery themes that come with these new civil procedure rules: proportionality, case management and budgeting, early and efficient disclosure, and the emphasis on the critical role of technology.   Below is a breakdown of some of the new provisions as they relate to ediscovery (or “edisclosure” as they call it in the UK).

The key concept underpinning the change in the UK is that of proportionality when it comes to litigation costs, and this is now made clear in the “overriding objectives” of the rules (Rule 1.1 of the CPR). It speaks volumes that this rule was amended to enable the “court to deal with cases justly and at a proportionate cost.” Interestingly, the new UK rule explicitly uses the word “proportionate,” while the US Federal Rules of Civil Procedure (FRCP) fails to explicitly include the term. US parties continue to struggle with proportionality, especially when large volumes of electronically stored data (ESI) are involved. Currently, there is much discussion in the US as to whether the US rules are in need of a change similar to that which has taken place in the UK.

Case Management and Cost Management Powers

Part 3 of the revised rules in the UK provides the court with new case and cost management powers. The most important section requires the parties to file a budget early in the case, which allows the courts to actively manage cases within the parameters of these budgets. The court may make at any time a “costs management order” to control the parties’ budgets. Only costs that have been budgeted for and approved by the court in advance will be recovered at the end of a case by the successful party. As a result of these new rules, UK lawyers must now consider disclosure much earlier in the process, scope their projects more carefully, and cooperate with opponents sooner. While American lawyers must “meet and confer” early on with regards to the scope of discovery, there is no formal requirement in the US to submit a litigation budget as is now required in the UK.

UK lawyers must also now file a formal disclosure report early on in the case, which sets out the option chosen and describes the documents and a rough estimate of the costs of standard disclosure. In the UK, the old forms of CPR 31.5 and 31.6 set out the default rules for standard disclosure, which require each party to examine all of their own documents and pick out the ones that will help or hinder any party’s case. This approach has become untenable; the costs of analyzing the enormous volume of electronically stored information can exceed the value of the case itself. However, the new Rule 31.5 provides a menu of disclosure options for the court’s disclosure orders, which provide for a more tailored approach in meeting the overriding objective of proportionality. These range from no disclosure to full blown train of enquiry disclosure with issues-based disclosure and reliance-based disclosure somewhere in between.

The option in the new UK CPR most likely to garner debate broadly states that courts can issue “[a]ny other order in relation to disclosure that the court considers appropriate.” Concerns swirling around this new language suggest that it could lead to a “key to the warehouse” approach by which each party hands over all non-privileged documents from which the other side can pick and choose what it needs at its own expense. Such options, as now standard in in the UK CPR, are also churning in the US, as courts look for flexibility in adopting tailored approaches to ediscovery given the specific circumstances of the case type and volume of data at issue.

Leveraging Technology in EDiscovery Litigation

As such provisions break new ground in the UK, these new rules emphasize one theme applicable to UK and US legal professionals alike – it has become essential to competently leverage the power of technology to manage discovery in litigation. From litigation databases in the “cloud” to Technology-assisted Review (TAR), new technology developments will continue to emerge that make proportionality achievable, keep litigation costs within budget, and protect privileged information from disclosure.

Want to hear more about the new UK rules directly from UK legal professionals?  Join Kroll Ontrack on April 12 for a webinar “Jolly Good Updates: New UK Rules of Civil Procedure and What the US Can Learn.” For this webinar, KrollNew UK Rules of Civil Procedure and what the US can Learn Ontrack is partnering with ACEDS to bring you what promises to be a great discussion!

Sign up here: http://www.aceds.org/jolly-good-updates-new-uk-civil-procedure-rules-and-what-the-us-can-learn/

Is data security your organization’s greatest worry? If not, it should be…

by Thought Leadership Team on April 1, 2013 in Ediscovery, Information Management with No comments
Data Security - should it be your organization's greatest worry?

This blog post is brought to you by Raul Cuervo, Ediscovery Manager at Kroll Ontrack

I recently had the pleasure of spending time with a partner and client at the largest law firm on the planet. During our conversation, he asked me a question that I have not been able to stop thinking about since. “What do I consider to be my greatest risk/fear as a company?” I began to think of several things, such as competition from behind the firewall solutions, the downward pressure on processing/hosting fees, etc. His response was totally different than I expected. “Your greatest risk/fear should be someone hacking into your servers, stealing my client’s data and putting it up on the Internet!” WOW!

Emphasizing Data Security

We have all, as of late, been hearing news stories about individuals stealing intellectual property and personal information from corporations and even countries! Such stories spur obvious questions, such as “how does this happen?” And, “how do we protect our law firm/corporation from the vulnerabilities that are a reality of today’s world?” After spending an hour with this partner and going through the client safety and data security concerns he wakes up daily worrying about, I was sold. More emphasis needs to be placed on data security.

Fortunately, I was able to answer his question about data security with the utmost confidence. My data center is like Fort Knox. With 20 PB of active data stored across four data centers around the globe, Kroll Ontrack  has a fully redundant infrastructure and monitors customer data 365X24X7 through ingress and egress monitoring, surveillance systems, dual biometric and personnel badge access. Having been in the ediscovery business for about 13 years, I can absolutely say that is not the case for a large majority of providers. It is not uncommon for a “data center” to in essence be a closet with a rack of several servers, which is “protected” by a receptionist at the front desk, whose main responsibility is to answer telephones and greet guests.

8 Key Data Security Questions

As a professional in the industry, I am certainly proud of the efforts, attention and expense Kroll Ontrack places on the security of our customer’s data. The idea of sending client data to a place where security is an afterthought at best should be truly frightening to my clients.  So, if data security has not previously been at the forefront of your concerns for your clients, I hope this message resonates and changes your behaviors and perhaps the questions you ask prospective providers. Here are 8 questions to consider the next time you need to leverage a third party:

  • How is access to physical premises controlled?
  • Have you asked for Security audits? Have you/vendor done Penetration testing(Pen testing)?
  • Where is the data stored/maintained?
  • What is your chain of custody process and how is it managed?
  • Who has access to my data?
  • Can I limit access and permissions?
  • How is access to my data controlled?
  • Any of these are good questions to ask and should be. Also have you toured the facility?

What are your greatest fears or risks as a company?

Raul Cuervo
Ediscovery Manager, Mid Atlantic & S.E. Region
Direct: 202-525-8049

← Older Entries