Shielding the Organization from Data Risk & E- Discovery Failures Ignatius Grande, Senior Discovery Attorney, Hughes Hubbard Jordan Razza, Senior Counsel and Director of U.S. Litigation, Diageo North America, Inc. Matthew Fisher, Global Head of Records and Information Management, Diageo North America, Inc. Moderator: Jason Ray, Managing Director, FTI Technology legalweekshow.com legaltechshow.com #Legalweek17 #Legaltech
Audience Poll #1 Where do you work? Choose one: 1. Corporate/In-House 2. Law Firm 3. Service Provider 4. Other 2
Audience Poll #2 What is your role? Choose one: 1. Lawyer 2. Litigation Support 3. Compliance/Security 4. IT/Technologist 5. Paralegal 6. Consultant 7. Other 3
Computing Paradigm s Changes
Creating Chaos in the Enterprise Technical Diversity A new Apple App is submitted for approval every two minutes New companies and new applications appear faster than packaged software can be modified Minimal IT expense, instant scalability, and (almost) free software Workplace Changes Mobile, global workforce puts new demands on data storage and access + = Lines blurring between professional data owned by a company or by an individual Many users do not know how to (or want to) maintain multiple identities Lack of Corporate Control IT and Legal departments do not know their data universe Users can easily move, share or delete data Collection tools cannot keep pace with new applications
Legal Requirements: Not a priority for public app developers Critical features for legal compliance and discovery are often missing or unreliable Rapid changes targeted at the key customers break tools used for legal management Every system has unique challenges in accessing information Every messaging systems has individual interfaces and logging mechanisms Apps often have no real search capability and do not index external links or attached files Email systems and archives (including Google and evault) do not support complex legal searches 6
Today s Biggest Data Risks Hacks, data leaks, privacy violations Migration to cloud and especially O365 Shadow IT Unchecked data volumes Non-traditional data types and sources BYOD/Mobile Texting and Private Messaging Work Collaboration Platforms Social media Incomplete data preservation efforts 7
Audience Poll #3 Which of the following do you think creates the biggest data risk? Choose one: 1. Hacks/leaks 2. Migration to cloud and especially O365 3. Shadow IT 4. Unchecked data volumes 5. Non-traditional data types and sources 6. Incomplete data preservation efforts 8
Cost vs Risk Balance Eliminating risk Sometimes to the detriment of cost-savings Where is the middle ground? Keeping costs down Cost pressure is bad and getting worse 9
Audience Poll #4 In today s climate, which is more important; eliminating risk or controlling cost? Choose one: 1. Eliminating Risk 2. Controlling Cost 10
In-House Legal Department - Recommended Best Practices Know your systems Where/what/how much/who manages How are they organized and used? Knowing your organization = lower costs and higher value information Make regular data deletion a part of your process Routine and consistent remediation Less volume and less risk More up to date knowledge of business process Train your staff on data best practices Don t text or use chat apps for business processes Keep personal and company data separate on BYO devices What does Litigation Hold mean and what are the expectations around it? Have a playbook for when litigation is contemplated Have a standard, vetted process for 80-90% of cases and treat the 10-20% outliers on an individual basis Make sure affirmative documentation is part of that process Custodian interviews are key To control scope and target high value information Employ a baseline set of questions plus customized queries for specific matters Especially important for cases involving mobile, app and chat data 11
Audience Poll #5 Which of the following do you currently utilize? Choose all that apply: 1. Systems/data map 2. Regular data remediation 3. Staff training on data preservation & litigation hold 4. Updated BYOD policy 5. Playbook for data handling during litigation 6. Custodian interview template 12
Outside Counsel Recommended Best Practices Close coordination and collaboration between client and firm Be clear on methods and scope Share documentation for litigation hold, preservation and collection Define clear roles and responsibilities Have a baseline e-discovery process Have a summary description of your baseline process than can be shared with your client Make sure the process has appropriate controls When dealing with clients unused to litigation, provide additional information Field a team with the right tools and skills Key team members with enough training and experience that you would be comfortable having them testify Able to focus on the case to ensure success Engage specialists for case specific needs 13
Consultants & Vendors - Recommended Best Practices Clear and consistent communication between law firms, vendors and clients is key Clients included on emails to counsel at a minimum during scoping, preservation and collection Affirmative documentation of all specifications and controls Clear approvals of all collection and culling decisions Minimize surprises Regular updates about budget estimates and requirements Frequent cross checks to identify process gaps Proactive follow up on pending decisions and actions Find efficiencies Listen to requirements and propose solutions instead of just executing instructions Recommend methods to reduce costs including culling, analytics, TAR, or early fact finding approaches Move data to near line or offline when possible to reduce unnecessary hosting 14
Audience Poll #6 Which of the following do you currently utilize? Choose all that apply: 1. Summary description of baseline processes for data management during litigation 2. Documented specifications and controls on your current data collection/management process 3. Regularly-scheduled, consistent updates between client, law firm and consultant/vendor? 4. Documented process for cross-checks, decisions and approvals for data management during litigation 15
Ethical Considerations What level of technological expertise should a lawyer reasonably be expected to have in 2017? What types of e-discovery practices or omissions could put a lawyer in danger of violating these rules? ABA Model Rules: To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject. California Ethics Opinion: Attorneys handling e-discovery should be able to perform (either by themselves or in association with competent co-counsel or expert consultants) the following: initially assess e-discovery needs and issues, if any; implement/cause to implement appropriate ESI preservation procedures; analyze and understand a client s ESI systems and storage; advise the client on available options for collection and preservation of ESI; identify custodians of potentially relevant ESI; engage in competent and meaningful meet and confer with opposing counsel concerning an e-discovery plan; perform data searches; collect responsive ESI in a manner that preserves the integrity of that ESI; and produce responsive non-privileged ESI in a recognized and appropriate manner. 16
Q&A 17
Thank You 18