I'm going to with....
Sometimes they will contain the data necessary to prove your case, and other times they will contain all sorts of data that do nothing but muddy up your case and the discovery process.
These are all good, and it's even better that these basic security measures are being discussed by the legal sector, finally! ;-)
Silly government workers. Go to all that trouble to try and hide the identity of the person under investigation but forget to redact the email address associated with that person, which happens to have his name in it?
See, this is why you have to consider any and all personally identifiable information when you're looking for things that need to be redacted, including variations of email addresses. This is a silly mistake by the government, but one that probably gets repeated in less public cases on a regular basis. Stop and think about all the information that could be used to identify someone before you make the data public.
"Bill has generously allowed me to make you, dear reader, my guest at the fourth annual EDRM E-Discovery Conference on March 30. Free, on campus or via the webcast, from anywhere. Free is my favorite price. How about you?"
That's pretty cool. If I wasn't going to be in a classroom all day on the 30th I would definitely take advantage of the webcast, but you can't go wrong with saying hi to Craig in Gainesville as well.
Check out Craig's post for the details.
"RSA 2016 For years, the security industry has been primarily focused on stopping information theft. Now more and more people in the trade are worried that the next wave of attacks won't steal data – they'll alter it instead."
There are a couple of examples in the linked article, but know that these types of attacks are coming, and they will be a lot harder to fix once it's been done. Instead of stealing your information, what if I close your bank account? Or change your DMV record to show that your license has been suspended? Those are some of the small ways you could screw with individuals, but think of all the NSA-collected data that could be altered to show anything you want it do, or manipulate markets, energy grids, etc.
For me, professionally, so much of what we do in the legal system is based on the data being preserved, but we assume it's accuracy. What if it's been hacked and altered? What if right before I filed a discrimination case, I hacked an HR system and altered the race, sex, or age of every terminated employee, and then that data was requested as part of discovery?
Scary, scary stuff. Like the article says, maybe storing a paper record as a backup wouldn't be the worst idea.
"While the panel advocated eliminating shadow IT, they admitted the efforts involved in doing so could prove daunting.
“The average employee is using about 28 cloud services, so when someone leaves that company, how long is it going to take … to shut all that down, and how do you get that data back?” said Jenkins.
Yet he agreed that this was a problem companies brought the problem upon themselves. When asking employees why they use auxiliary non-sanctioned programs, “what you see is a lot of them saying I have to get my job done, need to get things in by the end of the day, and here’s the technology to do help with that,” explained Jenkins."
Here' the thing that many on the IT/Security side don't get. Users don't generally just decide to use other services for kicks and giggles. It's because the organization expects them to get work done, but doesn't provide the proper tools. Most people who host corporate data on Dropbox, for example, need to be able to share it with remote coworkers, or access the data when they are not connected to the company network, and don't have a company-provided way to do that.
All it would really take is providing a company-owned Dropbox account, but nah, why bother with that? That would be something else for the IT folks to keep track of, which they don't want to do. Unfortunately, anyone with an interest in Info Governance, including anyone involved in eDiscovery, should want them to.
"I remember when I was in high school, one of my friends was learning to write code and, as some friends and I were giving him a hard time about spending his free time reading about Java for Dummies (or something like that), he said, “Technology is going to change everything, you’ll see.”
Said friend now makes a lot of money (much more than Biglaw money) working for Google. What was preventing me or my friends from learning how to code? Cynicism. The exact kind of cynicism that asks the question, “Why should I care about legal technology?”"
Technology isn't going anywhere. I feel the same way about the work I do as a trainer. Sure, you could just keep doing what you're doing and not attend any training to attempt to learn how to use a given tool more efficiently. That only means that when someone does learn a better way of doing things, and changes your workplace, you'll be the one left behind.
Do you want to be that person?
"Whether we like it or not every lawsuit now has ESI and IT is responsible for helping protecting ESI."
This is one of those things that I don't think the legal industry truly understands. IT's job is first and foremost about keeping all the technology running and proiding useful solutions to business needs. Keeping track of data for potential litigation is not a huge priority. In fact, most people in IT would not even think about it unless directed to do so by the legal department.
So make sure you've communicated with them and come up with a process by which they can do what is needed. Don't assume everyone else spends their days thinking about eDiscovery. They don't.
"A long workday hides many hidden costs. It’s a fallacy to assume that the longer employees work, the more they’ll produce. “Working hours and outcome do not correlate,” Komuro says. In fact, she has observed precisely the reverse relationship among some of her hardest charging clients. As employees scaled back their hours, managers were surprised to see revenue increase. “Some companies even have more revenue after cutting down their overtime hours by 30%.”"
It comes as no surprise that the legal industry hasn't really figured this out. Maybe part of the problem is that people working late into the night make mistakes that then have to be corrected at the last minute, causing people to work until late in the night.
And so on, and so on... ;-)
"Aside from salary, career development (33%) and work-life balance (25%) were cited as the most important factors for employees when considering new roles.
However just 14% of employers said that work-life balance was important when attracting staff.
According to the results, 43% of legal employees said their work-life balance was average or below average.
Meanwhile 60% cited flexible working as one of the most important employee benefits and 67% said their most important benefit was having over 25 days' annual leave. "
There would seem to be a serious disconnect here, no?
"77% of firms are more concerned about security threats than they were just two years ago: In addition, the majority of respondents to the survey indicated that their security concerns have increased over the past year, with none indicating a decrease in concern over the past year;"
It's about time. Everyone who has any private data of any kind should be concerned about keeping that data safe, law firms are no exception.
"The short video which was the trigger for this thought is about Ringtail’s ability to manage social media. It takes as an example a Facebook post with a photograph, Comments, Likes etc, and shows how this kind of data can be assimilated into Ringtail, viewed and tagged like any other, and appear in search results, in Ringtail’s Mapper and other visualisation tools, and in predictive coding exercises.
The video also serves as a subliminal warning to those of us who make social media posts that apparently trivial jottings can end up years later as part of an eDiscovery exercise – or, of course, because security services or commercial entities have an interest in knowing more about you."
Working in this industry, I see the need to locate and deal with various types of data that people create on a daily basis, and the need for tools to dig into the details of Facebook posts, audio, video, etc; that is posted online.
As a social media user with an eye toward privacy, it's also good to be reminded that the tools are out there not just to be used by people in the legal industry, but government and commercial entities as well, not to mention others with even more nefarious plans for that data.
Tomorrow is the day the new amendments to the FRCP rules on eDiscovery, and thus has been a focus of the EDRM group as a day to educate our industry about the new rules and then some.
Personally, I'll be teaching a class, but I'm definitely looking forward to checking out some of these resources after the fact. If you get a chance to hit some of these webinars tomorrow, let us know how useful they are!
"Those of us here at Exterro are already preparing for a new year of E-Discovery and have put together a feast of new tools and resources that will help you get ready for what lies ahead."
Definitely worth a bookmark for future reference!
"One panelist, U.S. Magistrate Judge Kristen Mix, who sits in Colorado, said the first thing lawyers need to remember is that most judges don’t have Facebook pages, and may know about how the site works only through their grandchildren’s explanations.
“Our understanding is nowhere near as thorough as complete as if we were users,” said Mix."
And yet, when it comes to making legal decisions about social media evidence, those decisions are left in the hands of lawyers and judges who admit to not using them or understanding how they work?
I wouldn't be proud of that. Would you?
Look, the article is absolutely correct. Data is being created in millions of different places that didn't exist even a couple of years ago. That data could be evidence. That data could be the most important piece of information about a case.
That's why bar associations are laying down rules that say lawyers need to be competent or hire someone who is, when it comes to dealing with this data. More and more, cases hinge on data created is not being created on a local computer, but online, in various networks, websites, cloud storage locations and so on. Not understanding how these things work is not an excuse to not do your job.
"The three major distinctions are:
Per Family (email + attachment) vs. Per Document
Deduplication is performed on the family level, while near-duplication is performed on the document level.
Textual Analysis vs. File Analysis
Near-duplicate detection uses only the text AND white space to compare documents, but deduplication uses a set of criteria based on the actual metadata of the files.
Duplicates vs. Similarities
Deduplication removes identical document families, while near-duplicate detection groups documents together by similarity."
Deduplication is not the same as identifying near-duplicates. On the other hand, there are a lot of reasons to do both, so long as you understand the differences, and the different things you are trying to accomplish with each.
"There is so much potential benefit and harm for provider driven content being delivered by formal academic institutions that it boggles the mind. I remember early debates at EDRM about these kinds of programs and frustration that we could not get the resources allocated. The more than $2.2 Billion (yes, I capitalize that B) in 2015 investment in the eD/IG market certainly is trickling down to the next generation of law students and technical colleges. California’s new requirements for eDiscovery technical competence and other compliance challenges (EU Data Protection) are raising the bar for counsel and giving marketer’s an audience. Let’s hope that the content is solid and peer reviewed to remove potential bias."
Greg asks an interesting question here. On one hand, having eDiscovery technology available to law schools will help make sure that lawyers are graduating with at least some hands-on experience with technology before they have to go deal with it in the real world. On the other, how can schools avoid becoming a marketing place for that specific tool? It's easy to say they should offer more than one tool, but let's face it, budgets being what they are, they'll take whatever free tool is offered to them, by companies who understand that lawyers will be reluctant to "try something" other than what they're already familiar with.
Of course, the other thing in that equation is that, in many places, it's not the lawyers who are really digging into the tools, so are they better positioned in paralegal programs, or should we just have legal technology programs in schools?
That last one is an idea I could get behind.
Did you learn a specific tool in college that was donated by the company? Did it impact the curriculum, or did it impact a later purchasing decision?
"Q: Since electronic information is an intangible item, what are some of the more common issues that arise for your clients in e-discovery practice?
A: Clients will often ask about the best ways to manage the enormous amounts of data that they create on a daily basis. I will work with clients to focus on what needs to be preserved and eventually needs to be collected in any given case – this can affect not only the scope of the litigation but also the cost. E-discovery is becoming a much more complicated area than it used to be. Emails and documents saved on a computer or server used to be all that clients needed to worry about, but in recent years that has changed. Courts now expect parties to be able to preserve text messages, instant messages sent through corporate systems, and also different forms of data saved on the cloud. Companies are also realizing that they need to have a better grasp on the data that they create. This is a developing area where I have been keeping busy lately, and where I think there is a lot to be learned as far as the new ways in which people are communicating and the resulting data that is being created."
As I wrote earlier this week, the importance of information governance is growing. Whether you want to talk about keeping it secure, or deciding whether to preserve it as part of eDiscovery, you have to know what and where it is first.
" Information gleaned from social media should be top of mind when lawyers are considering e-discovery requests in litigation matters ranging from personal injury to labour and employment and the corporate sphere, according to a panel of in-house lawyers.
Despite the way many people freely share their personal information on Twitter, Facebook, and Instagram these days, many lawyers don’t think to turn to it for valuable material to use against someone in a case."
This should be obvious. Of course, this being the legal industry, it isn't. I'd say the law is slow to adapt, but that would be putting it mildly. While the rest of the world is experiencing stunning technological changes, lawyers are still trying to figure out how many pages this stuff is.
I'm only half-joking.
Seriously, though, if you're going to be involved in litigation, why wouldn't public information you post to social media be part of it?
"If you don’t, you should. When litigation is anticipated, it’s never too early to begin collecting potentially responsive data and assessing it by performing searches and testing the results. However, if you wait until after the meet and confer with opposing counsel, it can be too late.
On the very first day we introduced eDiscovery Daily, we discussed the danger of using wildcards in your searches (and how they can retrieve vastly different results than you intended). Let me recap that example.
Several years ago, I provided search strategy assistance to a client that had already agreed upon several searches with opposing counsel. One search related to mining activities, so the attorney decided to use a wildcard of “min*” to retrieve variations like “mine”, “mines” and “mining”.
That one search retrieved over 300,000 files with hits."
Really, how can you agree to search terms without knowing what the terms will return? It's like going to court and asking your witness a question that you don't know the answer to already, and don't they teach you not to do that in law school?
Click in to find related links.