GDPR and eDiscovery: More Benefit Than Burden?

The General Data Protection Regulation (GDPR) is more benefit than burden. At least that was the argument put forward by the panelists of Relativity Fest’s International eDiscovery session. While they focused primarily on regulatory compliance, several of their points apply to eDiscovery as well.

This is the glass half full view of the GDPR and eDiscovery:

Confusion gives way to uniformity and predictability

Creating a uniform legal standard for data privacy in the EU is a primary purpose of the GDPR. It replaces a patchwork of sometimes conflicting laws and regulations administered by various national agencies. The panel argued persuasively that the benefits of operating under a single regulation with centralized, predictable enforcement outweighs the heightened compliance burden. The argument is equally applicable to collection and transfer of documents and ESI from the EU for discovery.

Cybersecurity investments pay dividends

The regulation takes a hard line on data security. Particularly notable are the 72 hour breach notice obligation and stiff fines. Stronger cybersecurity in business and legal is better for everyone except the hackers. More specifically, cybersecurity was already top of mind for eDiscovery professionals and has been for some time. The law firms and service providers who have made significant investments in infrastructure and training are best prepared for the GDPR. This gives them a competitive advantage in cases involving EU discovery.

Technological innovators have the advantage

Regulatory compliance – both in general and specifically for eDiscovery – requires technological solutions. The GDPR immediately created a large market for the design, sale and support of new products. The panelists further recommended repurposing and expanding existing eDiscovery tools, such as redaction solutions for PHI. Also needed are improved workflows to track and manage data originating in the EU. Service providers and software developers in particular are poised to benefit from the opportunity for innovation presented by the GDPR’s burdens.

Information governance is good for eDiscovery

Finally, the GDPR is a huge impetus to information governance. It governs the use, handling and storage of personal data of EU residents. The first step in compliance is to identify and map covered data. Evaluating the business value of collecting and keeping that data is essential to risk management. These issues and more fall under the umbrella of information governance. And as all eDiscovery practitioners know, strong infogov leads to more efficient and cost-effective eDiscovery.

The GDPR is voluminous, onerous and at points unclear. It also caught many US companies unprepared. It’s no surprise that the commentary so far has mostly focused on the regulation’s broad scope, compliance burdens, potential fines and other negatives.

The panel offered a thought-provoking counterpoint by focusing on the GDPR’s positive aspects instead. For litigators and eDiscovery companies, the most significant benefit may be the opportunity to get ahead of the competition by providing superior GDPR-compliant services.

This article was inspired by the “International eDiscovery and Data Protection” session at Relativity Fest 2018. The panelists were Karyn Harty of McCann Fitzgerald, Karl Hennessee of Airbus, Johnny Lee of Grant Thornton US and Heidi Stenberg of EY. Chris Dale of the eDisclosure Information Project moderated.

Craig Ball Discusses Digital Forensic Examination Protocols with ACEDS in Three Parts: Part One – WHY You Need a Digital Forensic Examination Protocol

INTRODUCTION

On August 28th, 2018 ACEDS had the fortunate experience of hosting Craig Ball as he introduced the specifics of his master work, Digital Forensic Examination, Negotiating Forensic Examination Protocols. Craig has been a Texas trial lawyer for over 35 years, a computer forensic examiner for more than 25 years, an author, a blogger, and an educator. He is a principal of the Georgetown University Law Center eDiscovery Training Academy and also teaches electronic discovery and digital evidence at the University of Texas School of Law. He is often appointed as a Special Master in federal and state cases around the country. Craig continues to write his award-winning blog, Ball in Your Court.

This three-part blog will examine the why, the what and the scope of the protocols from Craig’s August 28th webinar presentation on Negotiating Forensic Examination Protocols. Craig Ball’s Drafting Digital Forensic Examination Protocols is detailed and comprehensive and is available online in PDF format.

WHY?

Why do we need a protocol for a digital forensic exam? Is it really necessary? When asked these questions, Craig was quick to respond, “It’s a place in my mind and when I begin looking repeatedly at the pathways and byways of a modern computer, it becomes a place. It’s a metropolis of essentially virtual buildings and streets and homes and closets and junk much of which has to be traversed, often repeatedly going back and forth to check and double-check, cross-collaborate information. And recognizing that when you are sending someone into a metropolis like that, you need a map.”

The overriding reason is that a forensic examination yields certain commonalities from exam to exam but the differences are not only profound but distinct from eDiscovery examinations. As Craig says, “The difference between what I do as a computer forensic examiner and what I do in my role advising clients with respect to electronic discovery is very significant in that in computer forensics we are dealing with something much different from documents.

Computer forensics deals with data, not documents. And so, the skills attorneys have learned in dealing with electronic discovery don’t necessarily apply to the realm of computer forensics. For example, the skills we learn in using keyword search or advanced analytics just don’t apply and the most mistake in devising a forensics protocol is trying to make the forensics examiner work in the same way that they’ve traditionally worked to find keywords or identify potentially responsive documents.

Craig says it quite succinctly:

Lawyers historically are trained to think of everything as being a document. When we draft our request for productions, we couch our definition of what we seek no matter what it might be as a document. But in computer forensics we are dealing with data and in particular we are dealing with artifacts and the recognition of certain patterns and the configurations of the environment, the operating system and the various applications, all about context.

Most of what we get out of an electronic discovery effort in the form of documents, whether it be a photograph that an individual may have downloaded or a document they’ve crafted, an Excel spreadsheet, a PowerPoint, most of these things are largely capable of speaking for themselves. It’s generally easyto be able to understand them without a significant amount of context.

But when you start dealing with forensic artifacts where you may have recovered them from the unallocated clusters, wholly devoid of their associated context in metadata, where you may be looking at a pattern or you are looking at a metadata value, a data value, so called MAC date modified access created date, all of these things require a certain context because there is often more to them than meets the eye.

Craig also notes that although different digital forensic examinations may have certain things in common, they are more likely to have differences based on the different devices with different operating systems as well as different cases with different issues. As he puts it, he would have different routine protocols he might use “…. if a case involves, say, allegations of data theft or if another case involves allegation of a cyber security breach.”

Furthermore, a PC might hold over a million items of potentially responsive information, a Some of those information items will, themselves, hold tens of thousands or hundreds of thousands of data points. This is much different from the structure of documents we see in traditional eDiscovery.

Craig notes that these enormous data stores often present a challenge in terms of the time limits for a protocol deployment. As he puts it, echoing his statement above about a virtual “place,” “…I often will be spending hours, days, sometimes, weeks within the environment of a single device. It begins to be very much like a place. I can close my eyes and I can walk through all the streets and stores of the little town I grew up in outside New York City called Bronxville.”

We need forensics protocols because we need precise, focused instructions for what we wish to accomplish. The variety of devices, operating systems, cases and issues makes specific instructions for their examination absolutely crucial. These may include selecting the examiner as well as specifying the devices, the media and the sources that will be examined.

More on that in our next installment, The What of Forensics Examination Protocols.

International #eDiscoveryRockstar CEDS Spotlight: The Netherlands – Dennis Van Der Meer – Manager, Deloitte Netherlands

Please Share Your Thoughts on the Certification Training, How Long It Took You to Prepare for the Exam, Thoughts on the Exam and How It Has Benefited You- Both the Knowledge Gained from Training and Certification and Being Part of the ACEDS Community as a Whole. (Whole Experience)

The preparation for the exam took me about 4 months. The ACEDS eDiscovery Essentials was a great first step in the preparation and the On-demand Prep Seminar was very useful. The CEDS Certification Exam Preparation Manual (fourth edition) is sufficient as an additional reference, but is limited as a true eDiscovery resource. For my preparation I purchased two books on eDiscovery.

In our jurisdiction (Netherlands/Europe) there are no explicit legal rules on eDiscovery and we are not used to working with the American rules (like the FRCP), so I have had to put in extra time to understand these rules. My recommendation to ACEDS is to try and create an International version of the course material like the ACFE have done in the past. Although is still very much based on the American jurisdiction, it makes the study material and certification a bit more accessible to non-American. The ACEDS have indicated to take my recommendation in to consideration.

The exam was very hard, because of the large amount of questions and the fact that some questions were quite extensive.

Being a member of the ACEDS offers me the chance to interact with other members and to access different kind of interesting webinars. I would also recommend to all new ACEDS members to join one of the many local chapters.

Why Did You Decide to Get Certified? Do You Have Any Other Certifications?

Many eDiscovery professionals are only certified by a specific vendor on the software they use, but I was looking for a more generic certification which covers the whole process of eDiscovery. This certification is a great addition to my Forensic certification with the Association of Certified Fraud Examiners (ACFE).

Please Share Your Background of eDiscovery Experience:

I have worked in the major insolvency cases in the Netherlands of the last 8 years. I was the main contact for the liquidators if they had questions regarding specific information out of these cases. Thanks to the international network of Grant Thornton, I have been involved in a few American eDiscovery cases and we had to deal with the specific FRCP rules.

Beside those cases I have also been working in dozens of fraud, bribery and anti-corruption cases. These forensic jobs were also very interesting. Thanks to our partnership with AccessData were we always very capable in handling all those different cases.

As of October 1st, I have started at Deloitte Netherlands as a manager eDiscovery. Deloitte is one of the major players in the world of eDiscovery so I am very proud to further develop my eDiscovery experience and skills.

Would You Recommend Our CEDS Training/Certification to Other?

Yes, I would recommend the CEDS training/certification to others. The ACEDS organization is a very involved and committed to the eDiscovery community.

Advice to Others Looking to Take the Exam?

Take your time for your preparation and try to read as much on eDiscovery as possible and take some extra time to understand the essence of the significant eDiscovery court cases.

It’s difficult to prepare for an exam of 4 hours, but at the exam you must try to keep track of your progress and skip questions if you’re not completely sure on the answer so you can tag it for later review at the end of your exam if you still have some time left.