The 2018 NorCal eDiscovery & IG Retreat was held at the Carmel Valley Ranch, location of the first Ing3nious retreat in 2011 (though the company wasn’t called Ing3nious at the time). It was a full day of talks with a parallel set of talks on Cybersecurity, Privacy, and Data Protection in the adjacent room. Attendees could attend talks from either track. Below are my notes (certainly not exhaustive) from the eDiscovery and IG sessions. My full set of photos is available here.
Digging Into TAR
I moderated this panel, so I didn’t take notes. We challenged the audience to create a keyword search that would work better than TAR. Results are posted here.
Information Governance In The Age Of Encryption And Ephemeral Communications
Facebook messenger has an ephemeral mode, though it is currently only available to Facebook executives. You can be forced to decrypt data (despite the 5th Amendment) if it can be proven that you have the password. Ephemeral communication is a replacement for in-person communication, but it can look bad (like you have something to hide). 53% of email is read on mobile devices, but personal devices often aren’t collected. Slack is useful for passing institutional knowledge along to new employees, but general counsel wants things deleted after 30 days. Some ephemeral communication tools have archiving options. You may want to record some conversations in email–you may need them as evidence in the future. Are there unencrypted copies of encrypted data in some locations?
Blowing The Whistle
eDiscovery can be used as a weapon to drive up costs for an adversary. The plaintiff should be skeptical about about claims of burden–has appropriate culling been performed? Do a meet and confer as early as possible. Examine data for a few custodians and see if more are needed. A data dump is when a lot of non-relevant docs are produced (e.g., due to a broad search or a search that matches an email signature). Do sampling to test search terms. Be explicit about what production formatting you want (e.g., searchable PDF, color, meta data).
Emerging Technology And The Impact On eDiscovery
There may be a lack of policy for new data sources. Text messages and social media are becoming relevant for more cases. Your Facebook info can be accessed through your friends. Fitbit may show whether the person could have committed the murder. IP addresses can reveal whether email was sent from home or work. The change to the Twitter character limit may break some collection tools–QC early on to detect such problems. Vendors should have multiple tools. Communicate about what tech is involved and what you need to collect.
Technology Solution Update From Corporate, Law Firm And Service Provider Perspective
Cloud computing (infrastructure, storage, productivity, and web apps) will cause conflict between EU privacy law and US discovery. AWS provides lots of security options, but it can be difficult to get right (must be configured correctly). Startups aim to build fast and don’t think enough about how to get the data out. Are law firm clients looking at cloud agreements and how to export data? Free services (Facebook, Gmail, etc.) spy on users, which makes them inappropriate for corporate use where privacy is needed. Slack output is one long conversation. What about tools that provide a visualization? You may need the data, not just a screenshot. Understand the limit of repositories–Office 365 limits to 10GB of PST at a time. What about versioning storage? It is becoming more common as storage prices decline. Do you need to collect all versions of a document? “Computer ate my homework” excuses don’t fare well in court (e.g., production of privileged docs due to a bad mouse click, or missing docs matching a keyword search because they weren’t OCRed). GDPR requires knowing where the users are (not where the data is stored). Employees don’t want their private phones collected, so sandbox work stuff.
Employing Intelligence – Both Human And Artificial (AI) – To Reduce Overall eDiscovery Costs
You need to talk to custodians–the org chart doesn’t really tell you what you need to know. Search can show who communicates with whom about a topic. To discover that a custodian is involved that is not known to the attorney, look at the data and interview the ground troops. Look for a period when there is a lack of communication. Use sentiment analysis (including emojis). Watch for strange bytes in the review tool–they may be emojis that can only be viewed in the original app. Automate legal holds as much as possible. Escalate to a manager if the employee doesn’t respond to the hold in a timely manner. Filter on meta data to reduce the amount that goes into the load file. Sometimes things go wrong with the software (trained on biased data, not finding relevant spreadsheets, etc.). QC to ensure the human element doesn’t fail. Use phonetic search on audio files instead of transcribing before search. Analyze data as it comes in–you may spot months of missing email. Do proof of concept when selecting tools.
Practical Discussion: eDiscovery Process With Law Firms, In-House And Vendor
Stick with a single vendor so you know it is done the same way every time. Figure out what your data sources are. Get social media data into the review platform in a usable form (e.g., Skype). Finding the existence of cloud data stores requires effort. How long is the cloud data being held (Twitter only holds the last 100 direct messages)? The company needs to provide the needed apps so employees aren’t tempted to go outside to get what they need.