shielding the organization from data risk & e- discovery failures · shielding the organization...
TRANSCRIPT
Shielding the Organization from Data Risk & E-Discovery Failures
Ignatius Grande, Senior Discovery Attorney, Hughes Hubbard
Jordan Razza, Senior Counsel and Director of U.S. Litigation, Diageo North America, Inc.
Matthew Fisher, Global Head of Records and Information Management, Diageo North America, Inc.
Moderator: Jason Ray, Managing Director, FTI Technology
legalweekshow.com | legaltechshow.com | #Legalweek17 | #Legaltech
Audience Poll #1
Where do you work? Choose one:
1. Corporate/In-House
2. Law Firm
3. Service Provider
4. Other
2
Audience Poll #2
What is your role? Choose one:
1. Lawyer
2. Litigation Support
3. Compliance/Security
4. IT/Technologist
5. Paralegal
6. Consultant
7. Other
3
Creating Chaos in the Enterprise
Technical Diversity
A new Apple App is submitted for approval every two minutes
New companies and new applications appear faster than packaged software can be modified
Minimal IT expense, instant scalability, and (almost) free software
Lack of Corporate
Control
IT and Legal departments do not know their data universe
Users can easily move, share or delete data
Collection tools cannot keep pace with new applications
Workplace Changes
Mobile, global workforce puts new demands on data storage and access
Lines blurring between professional data “owned” by a company or by an individual
Many users do not know how to (or want to) maintain multiple identities
+ =
Legal Requirements:Not a priority for public app developers
□ Critical features for legal compliance and discovery are often missing or unreliable
□ Rapid changes targeted at the key customers break tools used for legal management
□ Every system has unique challenges in accessing information
□ Every messaging systems has individual interfaces and logging mechanisms
□ Apps often have no real search capability – and do not index external links or attached files
□ Email systems and archives (including Google and eVault) do not support complex legal searches
6
Today’s Biggest Data Risks
Hacks, data leaks, privacy violations Migration to cloud and especially O365
Shadow IT Unchecked data volumes
Non-traditional data types and sources
•BYOD/Mobile
•Texting and Private Messaging
•Work Collaboration Platforms
•Social media
Incomplete data preservation efforts
7
Audience Poll #3
Which of the following do you think creates the biggest data risk? Choose one:
1. Hacks/leaks
2. Migration to cloud and especially O365
3. Shadow IT
4. Unchecked data volumes
5. Non-traditional data types and sources
6. Incomplete data preservation efforts
8
Cost vs Risk Balance
Eliminating risk
• Sometimes to the detriment of cost-savings
Keeping costs down
• Cost pressure is bad and getting worse
9
Where is the
middle ground?
Audience Poll #4
In today’s climate, which is more important; eliminating risk or controlling cost? Choose one:
1. Eliminating Risk
2. Controlling Cost
10
In-House Legal Department -Recommended Best Practices
•Where/what/how much/who manages
•How are they organized and used?
•Knowing your organization = lower costs and higher value informationKnow your systems
•Routine and consistent remediation
•Less volume and less risk
•More up to date knowledge of business process
Make regular data deletion a part of your process
•Don’t text or use chat apps for business processes
•Keep personal and company data separate on BYO devices
•What does Litigation Hold mean and what are the expectations around it?
Train your staff on data best practices
•Have a standard, vetted process for 80-90% of cases and treat the 10-20% outliers on an individual basis
•Make sure affirmative documentation is part of that process
Have a playbook for when litigation is contemplated
•To control scope and target high value information
•Employ a baseline set of questions plus customized queries for specific matters
•Especially important for cases involving mobile, app and chat data
Custodian interviewsare key
11
Audience Poll #5
Which of the following do you currently utilize? Choose all that apply:
1. Systems/data map
2. Regular data remediation
3. Staff training on data preservation & litigation hold
4. Updated BYOD policy
5. Playbook for data handling during litigation
6. Custodian interview template
12
Outside Counsel –Recommended Best Practices
• Be clear on methods and scope
• Share documentation for litigation hold, preservation and collection
• Define clear roles and responsibilities
Close coordination and collaboration between
client and firm
• Have a summary description of your baseline process than can be shared with your client
• Make sure the process has appropriate controls
• When dealing with clients unused to litigation, provide additional information
Have a baselinee-discovery process
• Key team members with enough training and experience that you would be comfortable having them testify
• Able to focus on the case to ensure success
• Engage specialists for case specific needs
Field a team with the right tools and skills
13
Consultants & Vendors -Recommended Best Practices
•Clients included on emails to counsel at a minimum during scoping, preservation and collection
•Affirmative documentation of all specifications and controls
•Clear approvals of all collection and culling decisions
Clear and consistent communication between
law firms, vendors and clients is key
•Regular updates about budget estimates and requirements
•Frequent cross checks to identify process gaps
•Proactive follow up on pending decisions and actionsMinimize surprises
•Listen to requirements and propose solutions instead of just executing instructions
•Recommend methods to reduce costs including culling, analytics, TAR, or early fact finding approaches
• Move data to near line or offline when possible to reduce unnecessary hosting
Find efficiencies
14
Audience Poll #6
Which of the following do you currently utilize? Choose all that apply:
1. Summary description of baseline processes for data management during litigation
2. Documented specifications and controls on your current data collection/management process
3. Regularly-scheduled, consistent updates between client, law firm and consultant/vendor?
4. Documented process for cross-checks, decisions and approvals for data management during litigation
15
Ethical Considerations
ABA Model Rules:
• “To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.”
California Ethics Opinion:
• Attorneys handling e-discovery should be able to perform (either by themselves or in association with competent co-counsel or expert consultants) the following:
• initially assess e-discovery needs and issues, if any;
• implement/cause to implement appropriate ESI preservation procedures;
• analyze and understand a client’s ESI systems and storage;
• advise the client on available options for collection and preservation of ESI;
• identify custodians of potentially relevant ESI;
• engage in competent and meaningful meet and confer with opposing counsel concerning an e-discovery plan;
• perform data searches;
• collect responsive ESI in a manner that preserves the integrity of that ESI; and
• produce responsive non-privileged ESI in a recognized and appropriate manner.
What level of technological expertise should a lawyer reasonably be expected to have in 2017?
16
What types of e-discovery practices or omissions could put a lawyer in danger of violating these rules?