Shielding the Organization from Data Risk & E-Discovery Failures

Ignatius Grande, Senior Discovery Attorney, Hughes Hubbard

Jordan Razza, Senior Counsel and Director of U.S. Litigation, Diageo North America, Inc.

Matthew Fisher, Global Head of Records and Information Management, Diageo North America, Inc.

Moderator: Jason Ray, Managing Director, FTI Technology

legalweekshow.com | legaltechshow.com | #Legalweek17 | #Legaltech

Audience Poll #1

Where do you work? Choose one:

1. Corporate/In-House

2. Law Firm

3. Service Provider

4. Other

2

Audience Poll #2

What is your role? Choose one:

1. Lawyer

2. Litigation Support

3. Compliance/Security

4. IT/Technologist

5. Paralegal

6. Consultant

7. Other

3

Computing Paradigm’s Changes

Creating Chaos in the Enterprise

Technical Diversity

A new Apple App is submitted for approval every two minutes

New companies and new applications appear faster than packaged software can be modified

Minimal IT expense, instant scalability, and (almost) free software

Lack of Corporate

Control

IT and Legal departments do not know their data universe

Users can easily move, share or delete data

Collection tools cannot keep pace with new applications

Workplace Changes

Mobile, global workforce puts new demands on data storage and access

Lines blurring between professional data “owned” by a company or by an individual

Many users do not know how to (or want to) maintain multiple identities

+ =

Legal Requirements:Not a priority for public app developers

□ Critical features for legal compliance and discovery are often missing or unreliable

□ Rapid changes targeted at the key customers break tools used for legal management

□ Every system has unique challenges in accessing information

□ Every messaging systems has individual interfaces and logging mechanisms

□ Apps often have no real search capability – and do not index external links or attached files

□ Email systems and archives (including Google and eVault) do not support complex legal searches

6

Today’s Biggest Data Risks

Hacks, data leaks, privacy violations Migration to cloud and especially O365

Shadow IT Unchecked data volumes

Non-traditional data types and sources

•BYOD/Mobile

•Texting and Private Messaging

•Work Collaboration Platforms

•Social media

Incomplete data preservation efforts

7

Audience Poll #3

Which of the following do you think creates the biggest data risk? Choose one:

1. Hacks/leaks

2. Migration to cloud and especially O365

3. Shadow IT

4. Unchecked data volumes

5. Non-traditional data types and sources

6. Incomplete data preservation efforts

8

Cost vs Risk Balance

Eliminating risk

• Sometimes to the detriment of cost-savings

Keeping costs down

• Cost pressure is bad and getting worse

9

Where is the

middle ground?

Audience Poll #4

In today’s climate, which is more important; eliminating risk or controlling cost? Choose one:

1. Eliminating Risk

2. Controlling Cost

10

In-House Legal Department -Recommended Best Practices

•Where/what/how much/who manages

•How are they organized and used?

•Knowing your organization = lower costs and higher value informationKnow your systems

•Routine and consistent remediation

•Less volume and less risk

•More up to date knowledge of business process

Make regular data deletion a part of your process

•Don’t text or use chat apps for business processes

•Keep personal and company data separate on BYO devices

•What does Litigation Hold mean and what are the expectations around it?

Train your staff on data best practices

•Have a standard, vetted process for 80-90% of cases and treat the 10-20% outliers on an individual basis

•Make sure affirmative documentation is part of that process

Have a playbook for when litigation is contemplated

•To control scope and target high value information

•Employ a baseline set of questions plus customized queries for specific matters

•Especially important for cases involving mobile, app and chat data

Custodian interviewsare key

11

Audience Poll #5

Which of the following do you currently utilize? Choose all that apply:

1. Systems/data map

2. Regular data remediation

3. Staff training on data preservation & litigation hold

4. Updated BYOD policy

5. Playbook for data handling during litigation

6. Custodian interview template

12

Outside Counsel –Recommended Best Practices

• Be clear on methods and scope

• Share documentation for litigation hold, preservation and collection

• Define clear roles and responsibilities

Close coordination and collaboration between

client and firm

• Have a summary description of your baseline process than can be shared with your client

• Make sure the process has appropriate controls

• When dealing with clients unused to litigation, provide additional information

Have a baselinee-discovery process

• Key team members with enough training and experience that you would be comfortable having them testify

• Able to focus on the case to ensure success

• Engage specialists for case specific needs

Field a team with the right tools and skills

13

Consultants & Vendors -Recommended Best Practices

•Clients included on emails to counsel at a minimum during scoping, preservation and collection

•Affirmative documentation of all specifications and controls

•Clear approvals of all collection and culling decisions

Clear and consistent communication between

law firms, vendors and clients is key

•Regular updates about budget estimates and requirements

•Frequent cross checks to identify process gaps

•Proactive follow up on pending decisions and actionsMinimize surprises

•Listen to requirements and propose solutions instead of just executing instructions

•Recommend methods to reduce costs including culling, analytics, TAR, or early fact finding approaches

• Move data to near line or offline when possible to reduce unnecessary hosting

Find efficiencies

14

Audience Poll #6

Which of the following do you currently utilize? Choose all that apply:

1. Summary description of baseline processes for data management during litigation

2. Documented specifications and controls on your current data collection/management process

3. Regularly-scheduled, consistent updates between client, law firm and consultant/vendor?

4. Documented process for cross-checks, decisions and approvals for data management during litigation

15

Ethical Considerations

ABA Model Rules:

• “To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.”

California Ethics Opinion:

• Attorneys handling e-discovery should be able to perform (either by themselves or in association with competent co-counsel or expert consultants) the following:

• initially assess e-discovery needs and issues, if any;

• implement/cause to implement appropriate ESI preservation procedures;

• analyze and understand a client’s ESI systems and storage;

• advise the client on available options for collection and preservation of ESI;

• identify custodians of potentially relevant ESI;

• engage in competent and meaningful meet and confer with opposing counsel concerning an e-discovery plan;

• perform data searches;

• collect responsive ESI in a manner that preserves the integrity of that ESI; and

• produce responsive non-privileged ESI in a recognized and appropriate manner.

What level of technological expertise should a lawyer reasonably be expected to have in 2017?

16

What types of e-discovery practices or omissions could put a lawyer in danger of violating these rules?

Q&A

17

Thank You

18