Onna ACEDS Partnership

ACEDS Announces New Partnership with Onna

June 26, 2020EAGAN, Minn. – The Association of Certified E-Discovery Specialists (ACEDS), the world’s leading e-discovery training and certification professional association and part of The BARBRI Group, is pleased to announce its new affiliate partnership with leading knowledge integration platform provider Onna.

The Onna platform integrates multiple workplace, cloud, or on-premise applications while ensuring data is protected, facilitating organizations’ ability to fully leverage their proprietary knowledge. The abilty to integrate disparite workplace platforms allows users to – for the first time – unify, protect, search, automate and build on top of an organization’s proprietary knowledge. This enables multiple existing applications to transform and deliver more value and new use cases — from Discovery and insights to enhanced compliance, as well as the ability to build entirely new applications on top of existing information.

“We continue to build the breadth and quality of ACEDS resources for our community and the e-discovery profession,” said Mike Quartararo, president ACEDS and professional development. “Onna brings a differentiated set of capabilities and knowledge which we’re excited to offer to members. Conversely, I’m confident Onna stakeholders will also find value and benefit from their affiliation with our global ACEDS community.”

Through the partnership, employees and partners of Onna can access ACEDS’ breadth of job tools and networking forums, a global chapter network and events, and a best-practice-oriented worldwide community of professionals. As an ACEDS Affiliate Partner, Onna plays an important role in the global ACEDS community, leveraging and contributing to the community’s collective knowledge and expertise, and the association’s education, marketing, training and professional development resources.

“The workplace is becoming increasingly digitized as teams are relying more and more on communication and collaboration tools like Slack, Jira, and GSuite.  Legal teams are faced with a new set of challenges as enterprise information is spread across systems, making it difficult to find, understand and control” said Kelly Griswold, Chief Strategy Officer at Onna. “New ways of working have transformed the way we exchange information, and consequently, how we discover it. We’re committed to raising awareness in this ever-changing landscape, and are thrilled to join forces with ACEDS in this endeavor.”

About ACEDS
The Association of Certified E-Discovery Specialists (ACEDS), part of leading legal education provider The BARBRI Group, is a global member-based association for professionals who work in e-discovery, information governance, compliance and the broader legal community. ACEDS provides training and certification in e-discovery and related disciplines to corporate legal departments, law firms, the government, service providers and institutions of higher learning. Our CEDS certification is recognized around the world and used to verify skills and competence in electronic discovery for organizations and individuals through training, certification and ongoing education. The CEDS credential is held by practitioners at the largest Fortune 500 companies, Am Law 200 firms and government agencies. ACEDS has 23 chapters, with locations in most major US cities, the UK, Ireland, Canada, the Netherlands and South Africa (with Australia and South America chapters coming soon). Our goal is to help professionals and organizations reduce the costs and risks associated with e-discovery while helping to improve and verify their skills and advance their careers and overall technology competence in e-discovery and related fields. http://www.aceds.org/

About ONNA
As more companies are implementing cloud-based applications like G Suite, Slack, Salesforce, and Dropbox, data is taking on new forms and is compiling in multiple places. For legal teams conducting eDiscovery, this is posing new challenges.

Onna is a Knowledge Integration Platform (KIP) that centralizes information from scattered data sources in one single place, allowing organizations to unify, protect, and search across their data. With machine learning and natural language processing at its core, Onna helps organizations like Facebook, Dropbox, and Electronic Arts with eDiscovery, information governance, compliance, and more.

Read more at www.onna.com, or reach out at contact@onna.com

 

FOR IMMEDIATE RELEASE
Contact: Cindy Parks
913.526.6912
cindy@parkscommunications.com

 

Locked chain on laptop as computer protection and cyber safety concept. Private data protection from hacker malware

DSAR Best Practices and Workflows an Organization Should Follow

In my latest post, I outlined the process involved in the actual response to DSAR requests. In my last article of this series, I will discuss the best practices and workflows that your organization should follow when responding to DSAR requests.

Generally, “controllers” are responsible for responding to DSARs, and “processors” assist them in handling the requests. Here are my recommendations for best practices in responding to DSARs to ensure General Data Protection Regulation (GDPR) compliance:

Review and Update Privacy Notices and Policies

The GDPR requires organizations to inform data subjects of their rights. Companies need to make sure that their existing policies comply with the new entitlements given to data subjects by the law, including the right to:

  • Obtain certain information from the controller beforehand, and without asking for it
  • Be made aware of whether a controller is processing their data and how it was collected
  • Request that inaccurate personal data about them be rectified, with communication regarding the rectification made to each recipient of the data
  • Demand that their personal data be erased and no longer processed (right to be forgotten)
  • Ask the controller to restrict the processing of their data
  • Receive their data in a structure, commonly-used format for transmission elsewhere (data portability)
  • Object to the handling of their data at any time (in certain circumstances)
  • Not be subject to decisions based solely on automated processing
  • Withdraw consent at any time during processing

In certain circumstances, EU member states may pass legislation to limit DSAR requests under local law. One example of this is the UK’s Data Protection Act of 2018.

Create and Implement a DSAR Process

Your company needs to have a process in place to address:

  • How you will enable DSARs, e.g., offering a standardized online form for submission
  • What those who receive DSARs will be required to do
  • How requests to obtain or delete data will be processed
  • How to efficiently and securely handle responses to the data subject

According to the GDPR, controllers must demonstrate compliance with the law and monitor the requests received. This should be done by tracking how many DSAR requests are made each month, how many requests are being accepted and rejected, and prioritizing the oldest requests to ensure that a response is made within one month, as required by law. Monitoring your process will allow you to revise it if necessary, allocate the appropriate amount of resources, and identify any gaps in your workflow.

Weigh Your Options for Hosting and Automation

You will need to consider your hosting options for providing the data to the requestor: either in-house servers hosted behind the organization’s firewalls, or externally through the use of a communication portal.

Automation can often be seamlessly integrated into your internal systems, and can be extremely helpful in the handling of DSARs by ensuring that:

  • Critical deadlines are met
  • Requests are verified
  • Data exempt from disclosure requirements is identified
  • Assignments to facilitate responses are made
  • Extensions are requested promptly
  • You are tracking your response process

Freeing up your team from manually tracking and storing data will increase efficiency, cut operational overhead, enable a more accurate response, and prevent your organization from wasting time on inauthentic DSAR requests.

Educate Employees

One of your biggest challenges will probably be how to train critical employees. Those requiring training will likely include:

  • Support personnel and other employees who receive the requests
  • Those who will be responsible for implementing the requests
  • Your internal privacy team

To minimize the risk of costly sanctions for noncompliance, your staff will need to understand the importance of prompt response to a DSAR request.

Do you know of any other best practices to follow when responding to DSAR requests? Tell us about them in the comments!

If We Have the Courage and the Will: Remarks on Race, Equality and Justice

(Note: These remarks were originally shared by ACEDS President Michael Quartararo with leaders of our 25 global chapters during ACEDS’ monthly chapter leadership call, and since then many have asked that the remarks be made available publicly)

I want to say a few words about the conversation we are having, certainly here in the United States, but also around the world, about race and equality and justice.

To be clear, the killing of Black Americans and any person of color by police is unacceptable to me. It reflects part of a shameful and troubling legacy of race in America. And I believe that we can do better. We must do better – that is, if we have the courage and the will.

You know, we all work in the legal industry – a place where equality undergirds much of what we do. I feel it should be a place where equality is not an issue. As we all know, that is not always the case. I believe that as part of the legal community we are obligated to do more; to do better.

It has become evident to me over the past few weeks that more conversation around race and equality are needed. That even though it may be uncomfortable for some, a new and different conversation needs to be had. Apathy and complacency feel like complicity. Silence and ignorance seem to suggest acceptance. In my experience, the only time people grow and change is when they are pushed outside their comfort zone. So, I think it is time for some uncomfortable conversation.

My hope of course is that ACEDS is an organization where everyone feels welcome, feels valued and has a voice. But, of course, how I hope others feel is largely irrelevant. And it may not reflect the reality for everyone. What is important is how those who are most affected feel.

Make no mistake. I do not have all the answers. I am not going to solve racism. I am not even entirely sure that I know what the solution looks like. But I do know that as a leader in the community I feel that I can do more. As someone who has a platform, someone who has the privilege of speaking and writing to reach thousands of people, I feel I can do better. I feel that we all can do more. And as the leader of ACEDS, I feel that there is more that we can do as an organization –if we have the courage and the will.

One way to engage on the subject of race, equality and justice is to talk more about it.

And so, I’m asking all of you today, no, I am challenging you all today, as leaders in our community, to offer me your thoughts on what ACEDS can do as an organization to better support those in our community who have been marginalized and treated unequally?

I am asking each of you to give me one good idea on how ACEDS can improve in this regard.

And let me know, too, your level of interest in being part of any initiative or larger conversation that will come out of this.

I consider myself fortunate to work for a company that believes in giving back; that believes in supporting under-served communities, people of color and the less fortunate. I am proud, in fact, that our parent company, BARBRI, has a long history of supporting individual law students, public interest groups, and nonprofit organizations that seek to advance racial equality and diversity in the legal profession.*

But, from where I sit, that is not enough. We can do more. ACEDS can do more. If we have the courage and the will.

It is not my intention to appear gloomy. In fact, I feel quite the opposite. Demonstrations across the globe have involved young people – people of every race, color, creed, orientation, and nationality. And so, this gives me hope, and I am optimistic that young people will in fact drive change. If they have the courage and the will.

My commitment to you today is to start a conversation and make every effort to keep it going. I invite you all to join in the collective thinking and in whatever we may accomplish together. The goal is to ensure that ACEDS is doing everything it can do to not just promote or encourage equality, but also to proactively demand equality for its members and the broader community. I want to lead by example here and show the world that in our little corner of the legal community we have the courage and the will to help effectuate change.

I look forward to hearing from you.

I hope you all are safe and well.

And please be kind to one another.

 

*One example is BARBRI’s support of the Pipeline to Practice Foundation. Learn more at https://pipelinetopractice.org/

Stadium-Home

Home or Away? New eDiscovery Collection Market Sizing and Pricing Considerations

Editor’s Note: Given the changing environmental and economic conditions based on the outbreak and impact of the coronavirus disease 2019 (COVID-19), eDiscovery professionals are considering business revisions to their 2020 plans and also making or accelerating eDiscovery decisions supporting the collection, processing, and review of electronically stored information (ESI). One of the key home (onsite) and away (remote) decisions that business, legal, and IT professionals in the eDiscovery ecosystem are currently having to consider is how they plan for and execute the core eDiscovery task of collection in today’s new world. From adjusted market sizing to selected task pricing, the following update provides context and considerations that may be helpful for eDiscovery decision-makers as they consider the critical eDiscovery task of collection during 2020.

Revisions in Market Size: A New Estimate for the Task of Collection

In considering the relative costs of the three core eDiscovery tasks of collection, processing, and review, in 2020, the core task of collection is estimated to represent approximately 13% of total eDiscovery expenditures. While the coronavirus disease 2019 (COVID-19) appears to be having a substantial impact on the economics and execution of eDiscovery, it does not appear at this early juncture in the evaluation of its on-going impact to have significantly altered the task percentage estimates in 2020 for collection, processing, and review.


Chart 1 – eDiscovery Relative Core Task Expenditures – 2020

1 – eDiscovery Relative Core Task Expenditures – 2020

Initial estimates (November 2019) suggested the market size for the collection task of eDiscovery to be at $1.65B during 2020. Revised modeling estimates that take into consideration the legal landscape changes driven by the outbreak and impact of COVID-19 have reduced market size estimations for the collection task of eDiscovery by approximately 23%, with the revised working estimate now being $1.28B for 2020. The model takes into consideration the generally standard market growth in the first quarter of 2020 as well as adjustments to revenue estimates based on marketplace changes during the last three calendar quarters of 2020.


Chart 2 – eDiscovery Market for Collection – 2020 – Revision

2-eDiscovery-Market-for-Collection-2020-Revision

Initial market model estimates for 2020 (non-published) suggested that approximately 95% of collections would take place onsite, while almost 5% would be performed remotely. However, with the outbreak and impact of COVID-19 and the corresponding location-dependent travel and group aggregation restrictions, revised estimates for the percentage of collections conducted onsite has been reduced from 95% to 10% for 2020. Correspondingly, the estimated percentage of collections to be performed remotely in 2020 has increased from 5% to 90%.


Chart 3 – eDiscovery Relative Core Collection Task Expenditures – 2020 – Revision

3-eDiscovery-Relative-Core-Collection-Task-Expenditures-2020-Revision

When applying revised market model estimates for the percentage of collections conducted onsite or remotely to the revised collection revenue estimates for 2020, it appears that the remote collection market will increase from original market size projections of $0.08B to $0.8B. Additionally, the onsite collection market will decrease from original market size projections of $1.57B to $0.48B. The model also takes into consideration the generally standard remote collection to onsite collection percentage ratio in the first quarter of 2020 as well as adjustments of these percentages based on marketplace changes during the last three calendar quarters of 2020.


Chart 4 – eDiscovery Market for Onsite and Remote Collection – 2020 – Revision

4-eDiscovery-Market-for-Onsite-and-Remote-Collection-2020-Revision

These collection-centric market size revisions will undoubtedly be reviewed and considered in the development of annual eDiscovery Market Size Mashups by ComplexDiscovery. However, they may be beneficial for business, legal, and information technology professionals as they consider the increasing acceptance and market size trajectory for remote collections in the conduct of eDiscovery.

Collection Pricing Considerations in the Summer of 2020

While the eDiscovery ecosystem is still in the early stages of understanding how the pandemic will directly impact the economics of eDiscovery and specifically the pricing of core collection tasks, the following summer results of the semi-annual eDiscovery Pricing Survey* from ComplexDiscovery may be helpful for industry professionals seeing to better understand currently reported general pricing ranges regarding selected collection-centric eDiscovery tasks.


eDiscovery Collection Pricing Survey Responses (May 11-20, 2020)

n=105 Respondents

What is the per hour cost for a collection by a forensic examiner?

  • Less than $250 per hour. 23.8% (Up from 18.8%)
  • Between $250 and $350 per hour. 61.0% (Down from 62.5%)
  • Greater than $350 per hour. 6.7% (Up from 2.5%)
  • Do not know. 8.6% (Down from 16.2%)

Chart 5 – Collection Pricing: Per Hour Cost by a Forensic Examiner

5-Collection-Pricing-Per-Hour-Cost-for-a-Collection-by-a-Forensic-Examiner

What is the per-device cost for a collection by a forensic examiner?

  • Less than $250 per device. 12.4% (Down from 12.5%)
  • Between $250 and $350 per device. 30.5% (Up from 16.2%)
  • Greater than $350 per device. 43.8% (Down from 51.3%)
  • Do not know. 13.3% (Down from 20.0%)

Chart 6 – Collection Pricing: Per Device Cost for a Collection by a Forensic Examiner

6-Collection-Pricing-Per-Device-Cost-for-a-Collection-by-a-Forensic-Examiner

What is the per hour cost for analysis and expert witness support by a forensic examiner?

  • Less than $350 per hour. 15.2% (Up from 15.0%)
  • Between $350 and $550 per hour. 62.9% (Up from 60.0%)
  • Greater than $550 per hour. 7.6% (Up from 5.0%)
  • Do not know. 14.3% (Down from 20.0%)

Chart 7 – Collection Pricing: Per Hour Cost for Analysis and Expert Witness Support by a Forensic Examiner

7-Collection-Pricing-Per-Hour-Cost-for-Analysis-and-Expert-Witness-Support-from-a-Forensic-Examiner

* The semi-annual eDiscovery Pricing Survey is designed to provide insight into eDiscovery pricing through the lens of 15 specific questions answered by legal, business, security, and information professionals operating in the eDiscovery ecosystem. The summer 2020 survey was open from May 11, 2020, until May 20, 2020, and had 105 respondents share their understanding of the pricing of eDiscovery services.

Additional Reading

Source: ComplexDiscovery

Prism ACEDS Partnership

ACEDS Announces New Partnership with Prism Litigation Technology

June 12, 2020EAGAN, Minn. – The Association of Certified E-Discovery Specialists (ACEDS), the world’s leading e-discovery training and certification professional association and part of The BARBRI Group, is pleased to announce its latest affiliate partnership with Prism Litigation Technology, which recently launched their new Evidence Optix proportional discovery solution.

The launch of its patent pending software, Evidence Optix®, positions Prism as a leader in providing proportional discovery to practitioners in the e-discovery space who seek to control the increasingly massive volumes of data involved in e-discovery projects. “This is the first purpose-built tool we have seen that is specifically designed to provide a defensible, transparent, technology-enabled workflow for managing proportionality in litigation, investigations and regulatory inquiries,” said Mike Quartararo, President of ACEDS. “We are excited to partner with Prism and add our voice to the growing chorus of proportionality advocates.”

Through this partnership, employees and partners of Prism can access ACEDS’ breadth of resources and networking forums, a global chapter network, events, and a best-practice-oriented worldwide community of professionals. As an ACEDS Affiliate Partner, Prism plays an important role in the e-discovery community, leveraging and contributing to the community’s collective knowledge and expertise, and in ACEDS training and professional development resources. “Prism has established itself as a leader in the field with a deep and diverse team of experts,” Maribel Rivera, senior director of community relations for ACEDS said. “We are excited about the partnership and look forward to leveraging their knowledge for the greater ACEDS community.”

“Prism Litigation Technology is proud to partner with ACEDS and supports its mission to provide industry certifications, training and networking opportunities for the e-discovery community,” shared Mandi Ross, CEO of Prism Litigation Technology. “As data volumes continue to expand and technological complexities increase, it is paramount that legal and ediscovery professionals continue to collaborate around best practices and workflows that leverage technology. We are excited to participate in a community that shares our vision regarding innovation.”

About ACEDS
The Association of Certified E-Discovery Specialists (ACEDS), part of leading legal education provider The BARBRI Group, is a global member-based association for professionals who work in e-discovery, information governance, compliance and the broader legal community. ACEDS provides training and certification in e-discovery and related disciplines to corporate legal departments, law firms, the government, service providers and institutions of higher learning. Our CEDS certification is recognized around the world and used to verify skills and competence in electronic discovery for organizations and individuals through training, certification and ongoing education. The CEDS credential is held by practitioners at the largest Fortune 500 companies, Am Law 200 firms and government agencies. ACEDS has 23 chapters, with locations in most major US cities, the UK, Ireland, Canada, the Netherlands and South Africa (with Australia and South America chapters coming soon). Our goal is to help professionals and organizations reduce the costs and risks associated with e-discovery while helping to improve and verify their skills and advance their careers and overall technology competence in e-discovery and related fields. http://www.aceds.org/

About Prism Litigation Technology

Prism Litigation Technology has been providing ediscovery advisory services in governmental and regulatory investigations and complex litigation for over two decades. We are often called upon to act as a court-appointed ediscovery liaison, providing expertise in legal hold, data mapping, index-in-place solutions, collection, search term optimization, and accelerated review workflows.

Prism’s team includes legal professionals, linguistic experts, certified technologists, and forensic examiners. With the recent launch of its patent-pending software, Evidence Optix® (please hyperlink to proportionaldiscovery.com), we are the industry leader in Proportional Discovery Assessment®; providing a defensible, transparent, technology-enabled workflow to support an early proportionality mindset.

Website: https://prismlit.com/

 

FOR IMMEDIATE RELEASE
Contact: Cindy Parks
913.526.6912
cindy@parkscommunications.com

Microsoft outlook app icon. Microsoft OutLook application

Microsoft 365 eDiscovery Practical Resources for Law Firms

Microsoft 365 eDiscovery Practical Resources for Law Firms

During our recent webinar, “How Law Firms Can Support Their Clients Who Use Microsoft 365”, we promised attendees some practical resources and an overview of Microsoft 365 (M365) plans and licensing options that would be useful for law firm personnel.

The recording of the webinar can be accessed here: “How Law Firms Can Support Their Clients Who Use Microsoft 365

M365 Plans and Licenses

M365 offers plans for Enterprise, Government, and Education. The features vary depending upon license structure and organization type. For the purposes of our discussion we will share differences within “E3” vs. “E5” licenses. Please note that licensing plans, availability, and functionality will vary and be modified over time.

Compliance Functions in E3 vs E5

Compliance Functions in E3 vs E5

  • Core eDiscovery has hold, search, and export features. It can be accessed with an E3 license.
  • Advanced eDiscovery adds hold notifications, review, and redaction to the above. It can be accesses with an E5 license or an E3 license with a “buy-up” SKU.

Resources from M365 Compliance Documentation

In most instances, law firm personnel do not have access to  M365 and are entrusted with guiding and advising client personnel with performing various tasks within M365. Microsoft has very detailed documentation for M365 compliance. Access documentation on eDiscovery in M365.

Below are some of the  most common tasks and questions that arise while performing eDiscovery in a given matter. All images below are from Microsoft’s website.

  1. Creating searches: M365 allows you to run content search and displays estimated number of search results in the search statistics. The results can be previewed or exported to a local computer. View the documentation.
    Search Query
  2. Reviewing and downloading search statistics: This is very useful when case teams are trying to get a sense of hit counts;the results can be downloaded to a csv file and shared with counsel. Microsoft limits 20 rows in the keyword list of a search query. – View the documentation.
    Search Statistics
  3. Exporting search results: The search results can be exported as a PST file or individual messages for emails. Copies of native files are exported for OneDrive and SharePoint content. M365 generates a clean log of what is exported – the export includes a Results.csv file that contains information about every item that’s exported and a manifest file (in XML format) that contains information about every search result is also exported. View the documentation
    Export Results
  4. Search limitations within M365 content search documents can be found at https://docs.microsoft.com/en-us/microsoft-365/compliance/limits-for-content-search?view=o365-worldwide
  5. Partially indexed items within M365: Partially indexed items are Exchange mailbox items and documents on SharePoint and OneDrive for Business sites that for some reason weren’t completely indexed for search. Detailed overview can be found at https://docs.microsoft.com/en-us/microsoft-365/compliance/partially-indexed-items-in-content-search?view=o365-worldwide
Locked chain on laptop as computer protection and cyber safety concept. Private data protection from hacker malware

Responding to a DSAR Request

In a previous post, I discussed what a DSAR is, the laws that such requests arose from, and the importance of having a systematic approach to dealing with a request. Now let us outline the process involved in the actual response to DSAR requests.

An organization is required to provide a DSAR requester with a copy of any relevant information collected or stored. The time to prepare for these requests is before you receive your first DSAR and find yourself not knowing quite what to do with it. Here are the steps to follow when responding to a DSAR:

Conduct a Data Inventory

Before you answer a data request, you need to know where the requester’s data can be found within your organization and allow for easy access and retrieval of the requested information.  The data can come in many different forms including structured data formats which will require planning on the appropriate output format such as a PDF or CSV file to meet the request requirements.

Organize DSAR Requests

You will need to implement a process to classify all incoming DSARs, including who will oversee receiving and organizing the requests. This might potentially be your chief data officer (CDO), who routinely manages, secures, assesses, and oversees the collection and analysis of data.  There are technology solutions to help organize DSARs as well as other legal requests that can be implemented to manage the workflow from request to delivery.

Fulfill the Request

A standard process will need to be followed for identifying a valid DSAR request, verifying the requester’s identity, requesting more information, if necessary, determining if the organization possesses the requested data and if so, whether it must be provided, deciding whether charging a reasonable fee is justified (based on the administrative costs associated with providing the data), and finally, providing the information within the required timeframe.  Remember that you can’t violate any other person’s privacy rights when delivering data so you will need to mask or redact any personally identifiable information (PII).

Demonstrate Compliance

According to the provisions of the GDPR, organizations must have the ability to demonstrate compliance with the regulation, including being able to show records outlining all DSARs received. The record should include the data subject’s contact information, a description of the request, when and how the response was made and by whom (including reasons why it was honored or denied) and the time taken to reply.

When responding to a data request, organizations are required to remind the requester that they have the right to object to the processing of the data, request the rectification of it, or lodge a complaint with a supervisory authority.

Next up in this series: DSAR Best Practices and Workflows an Organization Should Follow. Do you have anything to add regarding how to respond to a DSAR request? Tell us about it in the comments!

Police Body Camera on Tactical Vest for Officers

Court’s Police Body Camera Opinion Highlights E-Discovery Issues

The California Supreme Court recently issued an opinion that analyzes the public disclosure of police body camera footage and demonstrates the overlap between e-Discovery processes and other records production schemes.

The opinion, National Lawyers Guild v. City of Hayward [https://www.courts.ca.gov/opinions/documents/S252445.PDF], interprets a California law regulating government transparency, but the Court’s technological discussion may also interest ACEDS professionals and like-minded e-Discovery practitioners.

The Court analyzes a California Public Records Act (PRA) provision that permits governments to charge a fee for “data compilation, extraction, or programming” when producing electronic records in response to a records request.

In National Lawyers Guild, the City of Hayward redacted police body camera footage taken during a protest over grand jury decisions to not indict the police officers involved in the deaths of Eric Garner and Michael Brown, both unarmed African American men. The City claimed that redaction qualified as data “extraction” because the police needed to take out sensitive medical and police tactic information. The National Lawyers Guild, which requested the footage, disagreed, and argued that “extraction” only applied when the government agency was creating new content from existing records. The Court sides with the Guild.

The Court held that data “extraction,” as used in the PRA at California Government Code section 6253.9, does not apply to records redaction, but, instead, relates to record identification. Applying the Court’s holding to the Electronic Discovery Reference Model (EDRM), data “extraction” takes place during records Collection, instead of records Review.

The PRA and the e-Discovery processes are parallel practices. According to the Court in National Lawyers Guild, “[b]efore providing access to requested records [under the PRA], public agencies need to locate and collect records, determine which records are responsive, determine whether any portions of responsive records are exempt from disclosure, convert the records into a reviewable format, and, if requested, create a copy of the record.” Translating this into EDRM terminology, public agencies must perform Identification, Collection, Processing, Review, Analysis, and Production, and most of this process must be performed as a cost of doing business.

The Court states that their opinion was promoted by the unique issues associated with producing electronic records. California Government Code section 6253.9 recognizes that the production of electronic records should be easier than paper records, but acknowledges the “difficulties associated with retrieving responsive data from massive, potentially intractable databases,” according to the Court. E-Discovery professionals face similar hurdles.

Practitioners in both areas of the law are tasked with complex productions, prompting technological solutions. Justice Cuellar devotes his concurrence to these automated antidotes.

He writes, “Imagine a not-so-distant future when government entities deploy more thoroughly automated, artificially intelligent systems for responding to [public records] records.” He predicts that, “[s]uch technology could readily help agencies be more accurate, efficient, and thorough.”

Some local agencies are turning to technology to assist with records collection and production. Companies like GovQA and JustFOIA help with this type of processing. But what Justice Cuellar may be hinting at is records review on a whole other level, such as Technology Assisted Review or TAR.

Justice Cuellar optimistically suggests that these types of advanced tools may qualify for the fee provision in California Government Code section 6253.9, permitting governments to recoup some of the costs, although this issue was not before the Court in National Lawyers Guild. If so, local agencies could be incentivized to invest in some of the same platforms that E-Discovery professionals are using, such as TAR. This would be a welcome development.

Government agencies increasingly use technology to provide services and expand communications to their constituents, creating electronic records that are publicly disclosable, such as body cameras, databases, and social media, to name a few. At the same time, records requests have become ubiquitous and incredibly complex. As shown in National Lawyers Guild, e-discovery practices could help government agencies to response more efficiently to PRA requests.

Locked chain on laptop as computer protection and cyber safety concept. Private data protection from hacker malware

DSARs 101: What to Expect When Doing Business with EU Customers

For any organization that deals with privacy issues in the European Union and other privacy-centric jurisdictions like the United Kingdom, an effective information governance program is a must. A program that includes a systematic approach to DSARs will significantly minimize exposure to risk.

Several of my clients in the EU have been extensively working through the Data Subject Access Request (DSAR) process and how to best address such requests. The following is the first in a series of articles intended to unpack DSAR challenges.

What is a DSAR?

On its face, a DSAR is a simple written request that can lead to an extremely complex workflow. The request may be made to a company via email, an online form, or another form of communication. Upon receipt of the DSAR, the organization must track the request through to resolution within a specific timeframe, usually 30-45 days (after first verifying the requestor’s identity and existence in their data system).

Under the provisions of two complex sets of laws, the EU’s General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018 (DPA), a DSAR may be sent to any organization that processes the personal data of individuals residing in the EU.

The General Data Protection Regulation

The GDPR, which became effective on May 25, 2018, is a set of laws intended to standardize privacy regulations across Europe. However, the GDPR does not only affect organizations within the EU. Instead, it pertains to all organizations processing and storing the personal data of individuals in the EU, no matter where the company is located.

According to the GDPR, a data subject is identified as “an identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

DSARs are the direct result of the right of access provided for in the GDPR. Such requests might ask for specific personal details or could demand a full list of the personal data being stored. Either way, an organization is required to provide the requester with a copy of any relevant information about them.

The UK Data Protection Act 2018

Countries across the EU have passed or will soon enact their own data protection legislation, and the Data Protection Act 2018 is the UK’s implementation of the GDPR. The DPA provides individuals in the UK with the right to obtain a copy of their personal data and extends the lawful bases for processing sensitive personal information beyond what the GDPR provides. The DPA also sets the minimum age of consent for processing a subject’s data at 13, as opposed to 16 in the GDPR.

According to a 2019 survey conducted by Lexology, since the introduction of the GDPR and the DPA, a growing trend is rapidly emerging: DSARs are increasingly being used by those more aware of their rights surrounding their personal information. This tendency is expected to grow, amplifying the need for businesses to put clear policies and procedures in place that will not only keep them in compliance with the GDPR and the DPA, but also help them avoid costly enforcement action.

 

Next up in this series: How to Respond to a DSAR Request. Do you have other thoughts to add regarding DSARs? Tell us about them in the comments!

Block chain network/Blockchain network concept , Distributed register technology , Block chain text and computer connection with blue background

The Increasing Promise of Technology-Assisted Review: How to Tame the Vulgar Expense of E-Discovery

In my first major case using technology-assisted review, our team had to review documents in Korean, which brought with them privacy and cross-border transfer concerns. The technology was very helpful, but we still had to employ two rooms filled with Korean-speaking lawyers to support the effort. Needless to say, it was a very expensive production.

During a more recent matter in the second half of 2019, we collected nine-million documents and applied basic and broad keyword searches at the outset to quickly reduce that dataset to two-and-half-million records. We then applied Brainspace and its continuous active learning functionality to the remaining information and were able to quickly categorize each document, including those categories that were uniquely valuable to our case, to immediately and painlessly eliminate millions of documents from consideration.

The contrast between the two experiences was striking. Instead of multiple rooms filled with reviewing lawyers, we enlisted a skilled, but relatively small team of contract attorneys to code 25,000 records in two weeks. When all was said and done, the client told us that this project was far less expensive than the similarly sized project he had just completed on another case, and I am very comfortable that we identified the correct documents in a highly defensible manner.

As a result, leveraging artificial intelligence in this way is not just an option, it is the only one if you want to tame the vulgar expense of e-discovery.

This more effective model is not without its challenges, which include the following:

You Need Skilled Lead Counsel

Given that lead lawyers on matters of this type heavily rely on technology to determine which documents are relevant, it is essential that they have the requisite skill and understanding of the current technology to complement their legal talent. While they once simply designated documents as privileged or responsive in a linear manner, using mapping and other visualization tools allow them to highlight conversations, issues, windows in time, and specific types of documents, all in a manner that can quickly identify the most important documents related to a specific issue and cleave out those with no relevance. In other words, to fully harness the technology, counsel must not only have deep knowledge of the case, but must understand what can be done with the AI and how to do it.

Contract Attorneys Require Training

While contract attorneys may have fewer documents to review because of the technology, human eyes still need to review whatever the technology identifies as relevant.  Accordingly, and possibly even to a greater extent than when they reviewed “everything,” contract attorneys must be deeply trained on the matter in order to optimize their efforts. Insufficient preparation may result in inconsistent document coding, i.e., responsive vs. non-responsive, which could materially delay the process. In fact, the more you rely on computers perform key tasks, the more disciplined the human interaction and input needs to be.

Client Collaboration is Critical

Full transparency and client buy-in about the process is critical.  New tools are launching regularly so even sophisticated, large organizations may not understand the significant benefits and savings on the back end that usually result from the slightly higher front-end cost of the initial computerized data analysis. This may require preparing a cost-benefit analysis demonstrating the overall savings, which again, I have found to be increasingly substantial.  We were certain that our advanced approach would result in a substantial cost reduction and it turned out to be one of the smoothest productions we had ever completed. Our collaboration ensured that the client’s sophisticated team collected efficiently and transferred it to the host.  With well-documented culling followed by the AI analysis, we were able to save thousands in monthly hosting fees alone.

Choose the Right Technology

In our case, the head of litigation support technology at our firm recommended Brainspace because it integrated with our existing portfolio of tools. What I derisively call the golden age of big-law document review, with teams of associates reviewing every document in a linear manner, thankfully no longer exists. Increasingly, even the more restrained days of law firms simply supervising lower-cost contract reviewers are also in the rearview mirror. Now, the law firm’s role is to optimize the use of AI-driven review tools, manage the technology, ensure the contract lawyers are well trained, and produce a defensible production.

While the firm associates still must participate in reviews, often performing quality-control aspects of the job, they are now supported by our manager of technology-assisted review. That manager can compare what the reviewers are finding with the broader database as a whole, essentially performing a statistical QC of the overall findings that further validates the integrity of the production.

And the emerging new model is not a bad thing for those like me in “big law.”  Although the “golden age” ended—as it should have—with much of the rote review work being outsourced to contract reviewers, when AI is involved on large cases, the tech-savvy partners and associates are reemerging with new roles that actually create the kinds efficiencies that really justify their fees.

Key Best Practices

To maximize the value of your efforts and optimize efficiency:

  1. Remember that data security is the most important issue; it must be addressed with every vendor, contract lawyer, and team member.
  2. Surround yourself with the right people; people who truly understand the technology are worth their hourly rates and contribute to real savings overall.
  3. Carefully consider the roles of each member of the team. Often, it will be important to have a chief technologist liaising with both the client and professionals handling other aspects of the case.
  4. Hire the most talented contract lawyers, train them well, QC their work, and immediately let go of those who are not working out. Document review cannot be forgiving. One bad reviewer can infect the entire process.
  5. Quality control is key and must be done in a rigorous and consistent manner.
  6. Memorialize everything, from search terms, to AI processes, to the metrics on each stage of the review. I put everything into a defensibility memorandum so that if needed in two years I can explain to a court or tribunal exactly what was done and why it was reasonable.

Promoting the Promise of TAR

We have been discussing the promise of technology assisted review for years.  Whether called TAR or AI, I believe the technology is now well in the mainstream, and am very impressed with its effectiveness. The challenge for junior lawyers is that technology is limiting the work that formerly provided them with foundational experience. Document review, though arduous, helps one learn about the business of a client. I remember spending many months as a young lawyer sitting at document repositories flipping moldy pages of old client files.  It’s a great, if expensive, way for young lawyers to learn not only about the case, but about the ways of the business world.  While automated review is better for clients in the long run, it does reduce the amount of work for human lawyers, so that supply and demand will have to re-balance over time.