Data Rules and E-Discovery Law

ARMA Tri-Chapter Conference-RIM On A Shoestring

noreply@blogger.com (DredLaw.com) — Mon, 30 Apr 2012 23:48:00 +0000

I had the pleasure of stopping by the ARMA Tri-Chapter Conference-RIM On A Shoestring, to see if there might be something blog-worthy. Last year, I spoke on a panel. In fair turnabout, I was in the audience for the talk given by R. Scott Murchison of Kaizen InfoSource LLC. Scott has called on me to speak numerous times in the past, and after watching him present, I understand exactly why. We both are hands-on experienced professionals who like to share practical tips we have learned from doing work for clients. This is a direct contradiction to those on the other end of the spectrum, who call themselves, "thought leaders." If you were looking for high lofty thoughts (think SNL Deep Thoughts), that may not apply at all to your real world Data Rules and Electronic Discovery challenges, then this talk was not for you. If however, you appreciate real examples of issues and solutions, then you would have been paying attention and taking notes. I thought it was definitely worthy of a blog post.

Without giving away all of Scott's tips, there were a few that stood out. He explains that developing a workable retention schedule, is finding a good balance between legal requirements (warmed this lawyer's heart when he showed a slide entitled "Rules Matter") and business and practical needs. For example, a policy with too many record categories causes users to use avoid making a selection, or simply defaulting to a category of "permanent." When this happens retention policies are not readily applied and can not be adequately monitored. On the other hand, too few retention categories, and you really have not helped your company because every request for information becomes a search in a large repository or two. Once again, retention policies cannot be readily and accurately applied and monitored. Good luck finding what you need to respond to a legal or investigation hold. The solution is to work with the users and select a workable and functional number of retention categories based on how people work. There is also more to this method, around how to categorize the items, but I am not giving that one away here.

Scott also explained how he has dealt with both extreme types of workers: 1) those who delete everything and, 2) those who retain everything. Both of these types of users disrupt, if not, destroy even the best thought out record retention policies and practices. In short, there has to be audits, and consequences.

Scott also gave a few good tips on how to "sell" information management and good ARMA practices to your organization. His best tip was that your IT staff, would ultimately see this as a true asset. A well designed record retention schedule can serve as a file plan for your company's computer network and information management applications. It will make any of the RIM technology you deploy, work better.

This ARMA conference reminded me that the move away from paper and towards electronically stored information has brought about a reduction in the Records Management staff at many companies. Sometimes the responsibilities and tasks are shifted to Legal, Compliance, or IT staff. I think this is unfortunate. There is significant value to having staff that understands how people store, retrieve, use, and delete, their business information. I have found that when an experienced Records Manager is involved in the rollout of new technology, or new information policies and procedures, the projects go better and get finished. I have seen far too many projects started by Legal or IT, that end up getting shelved because implementing the solutions properly, is challenging, if not impossible for these groups. I do not believe this is mere coincidence. IT and Legal have skills and expertise for what they do, but seldom are they experienced with the practices and procedures of the computer end-users, who are less concerned about technology or legal specs and more concerned with being able to perform their job tasks with minimal interruption.

If you have not been to a local or national ARMA meeting, I urge you to consider it. They are about educating attendees about best practices for practical information management. The ARMA website offers quite a bit of good information.

What Happens At The Exchange, Stays At The Exchange

noreply@blogger.com (DredLaw.com) — Wed, 14 Mar 2012 15:44:00 +0000

by Cary J. Calderone, Esq.

Not really. But after spending a full day at the Executive Counsel Institute's E-Discovery Exchange I find myself not wanting to reveal much about what I learned. In its second year in San Francisco, The Exchange had approximately 4 times more participants (120ish) and that is good because it is the audience participation that makes this format shine. We have all experienced the usual conference. A panel of experts, curated by a vendor, discuss some of the people, processes, and technology, used to deal with the session topic, in the way the vendor believes is best or, at least, best for its product. By the end of the day, or even the hour, it can be both dull and disappointing. This is especially true if you happen to be someone who keeps up with the industry on a regular basis and was in search of more unbiased information. The Exchange is different.

The Exchange has moderated discussion topics, but the audience adds real-world examples of real issues they have encountered-or are encountering via email during the session! The end result is far more unbiased and useful best-practice tips. And, because of that, I feel like my typical style blog post recapping these tips, would be violating the code and spirit of The Exchange. That said, those in attendance, did learn more about dealing with a few very important items, like:

2011 was a slow year for newly reported cases and legal developments.
Addressing the unknown in Cloud services.
Recognizing you are already using Cloud services.
Not-so-secret gaps in your company's information management policies and procedures.
Lack of clarity-what does "reasonable" mean and how to use it to your advantage.
Consultants do not seem to worry about the unauthorized practice of law, but they should.
How to work best with ANY outside e-discovery vendor.

I will reveal that it was Christian Lawrence, CEO of SFL Data, Inc., that generously gave what I thought was the best tip on that last item. Corporate representatives who might deal with any e-discovery provider benefited from his comments. In brief, Christian explained that there are things you can plan for based on your experience, and then there are always new things that come up. The communication back and forth, which is often challenging due to the high-powered and high-pressured people involved, is the secret to achieving great results. Getting both sides' outside counsel, in-house counsel, in-house personnel, and your vendor(s) to communicate and work together is critical for good results.

Bill Kellermann, Jr., Director, Electronic Discovery, Wilson, Sonsini, et al., made a point that changed my way of thinking. This is a pretty rare occurrence!!! Readers of this blog know I get frustrated with attorneys who refuse to learn technology basics, even though technology is now fundamental to discovery practice. Bill pointed out that lawyers can be talented at using technology in their practice, without ever learning about the file structures of their iPhones, iPads, and office storage networks. It is for this reason most lawyers should, and usually do, stay out of the data collection business.

Robert Brownstone, Technology and E-Discovery Counsel, for Fenwick and West, and one of the moderators, agreed with Bill, even though his firm is one of the very few that has successfully built an Information Management practice. Fenwick and West has performed proactive data analysis, mapping, and collections, for years. They are one of the few firms I would recommend to perform E-Discovery for clients, especially since I think when a firm is expert in this area, it is a genuine litigation advantage. In most all other law firm instances, managed services is the way to go. Time for one of my personal admonitions. Every law firm and company legal department will come across small matters they need to be able to process in-house, and large or unfamiliar matters where they need to bring in an outside vendor to handle it. Have you planned for both scenarios? Do you have the people, processes, and technology, in place?

The moderators, rounded out by Browning Marean III, Senior Counsel, DLA Piper, and David Kessler Partner, Fulbright and Jaworski, (links to all moderators below) are all very highly regarded industry veterans, but you get the sense that they enjoy letting the audience talk and that they also learn a great deal about the e-discovery challenges companies face on a daily basis. During the session breaks for coffee, or lunch, people actually interacted with one another and followed-up on the session comments with questions or stories of their own experiences. It is in these somewhat private chats that I learned and revealed some of the most valuable nuggets which is the reason I would feel uncomfortable disclosing them here. E-Discovery is still relatively new, but it has matured some. Based on what was shared at The Exchange, we may all understand how to handle it a bit better.

The Exchange will be at many cities throughout the country (Chicago - June 5-6, New York - July 16-17, Houston - September 18-19, and Los Angeles - December 6-7). For more information go to www.executivecounselinstitute.com. Although it is described as a program for general and corporate counsel, if you are one of the "hands-on" people at your company, whether you are the CEO, CTO, CFO, or a leader of an Information Management or E-Discovery team, you should benefit from participating.

Link to Exchange Moderators

SharePoint Tech Con 2012-First Day Thoughts

noreply@blogger.com (DredLaw.com) — Tue, 28 Feb 2012 06:14:00 +0000

by Cary J. Calderone, Esq.

My mission for this conference (link) was to find experts with hands-on experience implementing RIM and governance (i.e., records and file management, legal hold and DRED) via SharePoint 2010. Could it really work? Or, would this be Mission Impossible? Cue the music. Records Center and legal hold management were highly touted feature upgrades to SP 2010 but my research found very little documentation for admins to learn how to effectively implement these features. Further research found that those who did RIM in SP used third party applications to accomplish it. Fortunately, I found a couple of great experts: Amanda Perran and Scott Jamison.

Amanda spoke about key consideration involved in planning and running SharePoint Records Center, and Scott stressed the need for policies, rules, training and consequences, to achieve successful governance in your SP. Scott explained that SP success involved only 20% technology. Much more of the successful deployment depended on setting up rules for governance and training the users.

DREDLaw readers know, I attend many conferences. There are times it feels that finding a speaker with depth of expertise AND the ability to communicate it in an effective and entertaining manner, is far too rare. These two speakers knew the subject, had real-world best practices to share, and were very entertaining to boot. There is more good news for those of you who missed their sessions-they both have authored books on the subject.

Given those highlights, most of the day I found myself questioning Microsoft's ultimate path for SharePoint? In the past, it was something smaller businesses might use to foster collaboration and efficiency in data storage. Or, a larger company might use it for an intranet or extranet. However, SP has evolved and grown bigger and more powerful. This means SP has more options and therefore, it is now far more complex. Is Microsoft chasing after newer and bigger enterprise customers at the risk of losing a great deal of it's smaller company base? What size company, can take the "free" SharePoint and properly deploy it, without a specialized staff including administrators, developers, and IT personnel? In this economy, when lean for most companies means LEAN, the new features and expanded role of SP may give potential adopters reason to reconsider.

My mission for tomorrow will be to determine whether managed Cloud services, with or without SharePoint, might be a more attractive alternative.

Judge John Facciola Says Discovery Practice Becomes Crucial

noreply@blogger.com (DredLaw.com) — Fri, 17 Feb 2012 15:34:00 +0000

by Cary J. Calderone, Esq.

Judge Facciola

For those of you legal professionals and information managers who are avoiding learning more about the technology aspects of electronic information and how it applies to litigation and compliance, you need to listen to the interview Judge John Facciola gave to law.com (link here) on e-discovery training. In his words, "discovery practice becomes crucial." Or, you can read an older post recapping our enjoyable visit with Judge Facciola in 2009, at the RSA Conference (link).

If you are reading this blog, you have a head start. We continue to report on the new technologies that will come into play in litigation. One of my favorite movie lines about the law is apropos: Tom Cruise's character in A Few Good Men says "It doesn't matter what I believe. It only matters what I can prove!" You have to be able to find it and authenticate it, to prove it. If you do not understand the technology of data and storage, it will be exceedingly difficult to do so.

Cloud Connect 2012-Quick Overview and A Few Lessons On The Side

noreply@blogger.com (DredLaw.com) — Thu, 16 Feb 2012 13:14:00 +0000

by Cary J. Calderone, Esq.

This was a terrific show with excellent presentations. Here are a few notable comments:

From Steve Wylie

The past was about defining the Cloud. Now it is about the Cloud in action.

From Jesse Robbins of Opscode

Everything breaks at scale.
Train for disaster. Start small, then add large scale fault injection across critical systems.
Failure is multiplicative 99.9 x 99.9 x 99.9 = 99.7% reliability.
Cloud failure has stages like death: Denial, Anger, More Anger, Bargaining, Depression, and finally, Acceptance.

From Geva Perry of Thinking Out Cloud Blog

Surprise! Your organization is already using the public cloud.
There is a new pattern of technology adoption-from the bottom up.
Users adopt, then CIO learns about it and authorizes-i.e., the freemium model.
Problem with most Cloud adoption surveys, they ask the CIO-always the last to know.

Other Random Nuggets:

There are three Cloud functions: store, compute, and deliver.
Rackspace gives away their software because service and support is the differentiater.
Some argue virtualize first, then move to the Cloud.
Others (SWIFT) believe virtualization is unnecessary and slows down Cloud performance.
There are already examples of Cloud security "options:" e.g. free Gmail, Gmail for Business, and Gmail for Government.
There are 3 kinds of Clouds: Community, Private, and Special Service
Can your Cloud vendor answer the same questions you do when it comes to your client's data?
For you to be compliant, you need compliance by your vendor, and their vendors and contractors too-otherwise, you are not really compliant.
Is your Cloud provider transparent? Trust but verify. Look at their policies and procedures.

I enjoy sharing technology factoids that are tangents to the event , or, "Lessons on the Side." At Cloud Connect there were a few worth mentioning:

At the Industry Summit, there were at least 10 laptops up and running for every iPad. Until the tablet does a better job of replacing a laptop by better enabling input, or, makes it possible to travel without your cell phone, this will continue to be the case. Cool technology, but apparently, when a laptop is necessary, even techies don't bother bringing a tablet.
The breakout sessions for Compliance in the Cloud had about 15-20 people. The session for Openstack had well over 100. Product development matters the most with disruptive technologies. The legal details can get worked out later.
Many lawyers still don't get it. As one disgruntled attendee mentioned, "I asked the panel about ensuring compliance and they responded with contract language?" Once the proprietary data escapes, a contract clause will not pull it back inside for safekeeping. Apparently, those who are very concerned with Cloud compliance, take little solace from nicely crafted legalese and penalties, after the fact.
Want to know how fast Twitter works? I Tweeted a fun line delivered by Glenn Solomon of GGV Capital, and 5 minutes later, when the MC got up to thank him for his presentation, he mentioned the Tweet. Unbelievable!
The Cloud is still very hot! I ball-parked twice the number of exhibitors and booth space as last year's show. Stay tuned...

Cloud Connect 2012-Why I Think The Cloud Will Rule Your Future

noreply@blogger.com (DredLaw.com) — Wed, 15 Feb 2012 21:28:00 +0000

by Cary J. Calderone

The keynotes on Tuesday and Wednesday, the official full days of Cloud Connect 2012, were both interesting and entertaining. My comment from last year still stands. Short and to the point 15 minute speeches by many industry influencers beats the heck out of one long keynote. This format means that speakers do not have to worry about filling time for an hour or more. Instead, they make their most important points fast. I'll list a few of my favorites later, but to me, the energy and focus of the show lead me to one conclusion. The Cloud is important because it offers a rare combination of the aspirin and the vitamin in the same pill. Silicon Valley lives and breaths by startups coming along with aspirin, to solve headaches, and vitamins to boost your revenue. Cloud solutions offer you both. At last year's Industry Summit, John Hagel quipped that with all the hype, we were still underestimating the impact of the Cloud. After this year's show, I think I can fully appreciate his forecast.
Many of the keynote words penetrated my ever-skeptical legal mind, and yet, try as I might to fight it, I ended up agreeing their visions. First, the Cloud really offers solutions for many headaches-reducing the growth of IT staff expenses and costly hardware and software upgrades. The way data is growing, easy, safe, and affordable expansion is necessary. Even more importantly though, the secondary Cloud positives, are vitamins. Not only will you manage and keep your growing stores of data better, you will also have many more opportunities to exploit your data. As a simple example consider your smart phone. On one level it now brings more data to the equation, your location. Tie that to Google Maps, or your favorite restaurant review website, or your client address book, and you have the best of everything-access to your old resources with new location data that makes it more useful to you. No need to spend on paper to printout maps either. For a law practice example, imagine clicking another button and your billing program captures the time you spend traveling to meet the client. No need to write it down or remember it for when you are back at your desk. It should go straight into your Cloud billing program. For a DRED application, imagine that all your data will be managed by powerful search and management tools. The metrics and algorithms will provide you with access to more critical information about your data, and your internal and external users. These tools to monitor your data are both the aspirin and vitamin. Why would you need business intelligence software and then a separate e-discovery early case assessment tool? These should be features of your data Cloud, not separate products. The list goes on and on. So, do you have a plan for the Cloud?

Cloud Connect 2012-Five Things You Need To Do Now

noreply@blogger.com (DredLaw.com) — Tue, 14 Feb 2012 01:52:00 +0000

by Cary J. Calderone, Esq.

One of the advantages I have being based here in San Francisco is I can report on technology innovations as they happen in Silicon Valley, long before lawyers get information at legal shows and can consider how these technologies may affect work at their firms. The Cloud Industry Summit was the original focus for what has grown into the Cloud Connect show. Attending last year I felt I had advanced knowledge of what was going on with the Cloud and this year is no different. Kamesh Pemmaraju of Sand Hill spoke of major announcements about new Cloud services that will keep your data for you, behind your firewall. In other words, there is another major security road block that has been cleared for many companies wishing to take advantage of Cloud services. One of the most important best-practice takeaways came from Jim Stikeleather, Chief Innovations Officer, Dell, inc., who kicked off the Industry Summit. He talked about the evolution of the Cloud and gave 5 Things To Do Now!

Prepare-Use virtualization in production environments and review your current applications.
Move something to the Cloud today-Email, or storage, or something in the backlog.
Establish a Cloud Strategy-What can move next? Which legacy applications must be replaced?
Prioritize-Determine which workloads are optimized in the Cloud and which are not?
Leverage-Where might infrastructure or service in the cloud increase your innovation?

On behalf of my brethren in the law, I would add a 6th step. Or, maybe the ongoing underlying consideration of all 5 steps-legal and regulatory requisites. We know that certain types of data must be safeguarded in specific ways. However, more than ever, I believe the security issues in most situations are likely to be better addressed by robust Cloud providers than by any individual company. This thought was echoed by panel presenters. I know what you are thinking. It is shocking that at a Cloud Connect show, speakers would believe data is safer in the Cloud. But, their arguments are valid. Nobody is more concerned with, or more capable of dealing with new security breaches, than those whose livelihoods depend upon it. I made this observation long ago (link) and still agree. Jerry Caron, VP of Analysis, IT Connection Group, pointed out that old servers and systems run by understaffed and under-trained IT departments are likely to be much bigger security risks.

James Staten, VP and Principal Analyst, Forrester Research, Inc. also commented on security. He believes Cloud providers when they say, "we do security better than you do." He also noted that there will always be major security issues that need to be addressed by company policies. In other words, who stops your employees from putting private protected information up in the Cloud? Hopefully, you do. He also noted that one of the biggest concerns, privacy protection, is a big opportunity. Individual companies will follow the model of payroll and benefits and outsource to a company that knows all the privacy rules for all the countries, and can store and manage their data accordingly. He also noted a few potential hurdles:

Not all countries have established privacy rules, and
Not all countries have data centers. You may need to partner locally, have a local presence, or, be sure to use a Safe Harbor to handle the data.

My favorite tweet line came from Glenn Solomon, General Partner, GGV Capital-"Cloud is like the Adele of the technology industry-a voice that comes along only once every 20 years."

On balance, the Cloud Industry Summit was great! I look forward to seeing presentations over the next few days, to learn more of the nitty-gritty nuts and bolts of the realization of the big predictions today's speakers outlined.

Churchill Club-Online Privacy Rules Revisited

noreply@blogger.com (DredLaw.com) — Fri, 10 Feb 2012 20:24:00 +0000

by Cary J. Calderone

It has been one year since I covered a terrific Churchill Club event on this subject (Location and Privacy). I was anxious to see what we have learned and what was new on the subject of online data privacy. Unfortunately, the short answer is, "not much." I really enjoy the Churchill Club events, but while this panel had members from various stages across the privacy spectrum, from the ACLU, to private companies like Microsoft (panel information below), it seemed like the discussion covered the same issues, with no new takeaways. It was the first time I have ever been a little bit disappointed by a Chuchill Club event. I was expecting a few new best practices for businesses but there really were none. That said, if this was your first event about online privacy, you would have learned the major issues the government regulators, companies, and consumers, need to consider.
The main concerns still are focused on setting rules for disclosure of privacy in a way that means consumers, who still seldom read privacy policies, will give informed consent to how their information will be used, and by whom. There was also an acknowledgment that the government regulators probably do not understand just how much information is collected and much more information can be gleaned from it. The best suggestion, which had been voiced a year earlier was a rating system so online consumers would know their information was either, not collected, or, if it was collected, how it would be safely used and when it may be destroyed.

In conclusion, the main issue from a year ago still exists. Consumers believe if a company has a "privacy policy" their information is private. This is not so...

If you want to watch for yourself, the Churchill Club video is at: http://www.youtube.com/watch?v=9dEmHZjRLrU

Moderator:
Jules Polonetsky, Co-chair and Director, Future of Privacy
Speakers:
Jim Adler, Chief Privacy Officer & General Manager, Data Systems, Intelius
Nick Bicanic, CEO and Founder, echoecho
Jules Cohen, Director of Online Privacy, Microsoft
Nicole Ozer, Technology and Civil Liberties Policy Director, ACLU of Northern California
Paul Schwartz, Faculty Director, Berkeley Center for Law & Technology, UC Berkeley

Data Privacy Rules in the EU, Asia, and USA and How John Cleese Might Summarize

noreply@blogger.com (DredLaw.com) — Wed, 18 Jan 2012 02:48:00 +0000

Copyright © 2012 Cary J. Calderone, Esquire

I had the pleasure of attending a terrific breakout session run by Amor Esteban (bio) and William Kellermann (bio). My words would not do their presentation on Cross-Border Discovery and Data Privacy justice. So please forgive me for borrowing the words of John Cleese from The Meaning of Life to summarize:

Before we begin your lesson, would those of you playing in the match this afternoon move your clothes down onto the lower peg, immediately after lunch. before you write your letter home, if you're not getting your hair cut, unless you've got a younger brother going out this weekend as the guest of another boy, in which case collect his note before lunch put it in your letter after you get your haircut and make sure he moves your clothes down to the lower peg for you. (Age restricted Python video clip on Youtube)

Yes it's perfectly simple!

This blog post was a challenge to write. I blogged about one of Amor's presentations on the same subject in 2008 (link to post) so I was looking forward to hearing updates and finally getting a little more clarity on the conflicts in the rules between the U.S.A. and other countries. The result? There has been progress and evolution but there still are so many conflicts and "what-ifs" that even experienced attorneys have to be careful and weigh the risk of each matter before offering the best option. Instead of giving what could only be incomplete tips that potentially cause more harm than good, or a workflow that ends up sounding like John Cleese, here is a list of considerations that can affect how and when you can or cannot preserve, review, and/or collect data. If you understand why all these options are important, and how to navigate through the various "what-ifs," then congratulations, you are probably qualified to be an international data expert.

Considerations

Is your US based legal or investigative matter sufficient justification to collect the data?
Is this personal or business data, or, both?
Could this data be considered a State Secret?
Do you know the country of origin of the data?
Do you know where the data is stored?
Is the data stored in multiple locations?
Is the data on a laptop that might be in a country other than where it originated?
Does your computer usage policy protect you?
Do you need to get consent from the Union to collect or use the data?
Is the data encrypted?
Does the data need to be encrypted to move it?
Do you need to use a special encryption key?
Do you need local counsel?
Are your clothes on the lower peg?

Just kidding with that last one but hopefully this list helps you understand why a simple workflow is not possible. This is one of those areas of law that is extremely complicated, and what's worse? It is constantly changing and evolving. The only "best practices" advice I can offer is:

If you have the chance to listen to Amor or William speak on this subject, do so. You will learn the reasons behind all the above considerations.
Review the 57 page Sedona Conference report on the subject (available here).
Retain experienced legal counsel to advise you on these types of matters before you get yourself into real trouble!

The Hills Are Alive With the Sound of E-Discovery???

noreply@blogger.com (DredLaw.com) — Sun, 25 Dec 2011 18:33:00 +0000

By Cary J. Calderone, Esquire

Still available on Amazon!

It is the Christmas season. Those of us involved in DRED Law wish you and yours the happiest of holiday seasons. Along with many of the more important traditions that occur, this time of year brings television repeats of classic movies like The Sound of Music. For the past few years, I could not help but think of e-discovery while watching parts of this movie. Now, I am not obsessed with e-discovery and data law. I promise you. However, a few scenes from the movie explain in most vivid detail just why the EU has a very different attitude and set of rules towards email and other information that may reveal a user's personal identification. So, this post is for all of you who are not aware, or, are uncertain as to why the EU Data Protection Act is far more strict and penal in attempting to protect personal privacy at work. Let's see if these bits of dialogue from the movie validate my point and perhaps give you an idea of who, is to blame. Take, for example:

Rolf to Lissel when delivering a telegram for Captain Von Trapp- “We make it our business to know everything about everyone.”

Or, dialogue from Heir Zeller-“You were sent a telegram which you did not answer. A telegram from Admiral Von Schreiber of the navy of the 3rd Reich.”
Captain Von Trapp “I was under the impression Heir Zeller that the contents of telegrams in Austria are private! At least the Austria I know.”

The reasons should now be clear. Once we in America understand the origins of the EU Data Protection Act, it will be easier to put in the systems and policies necessary to better comply with the rules. We will follow-up this holiday post in the new year with a more detailed explanation of the EU Data Privacy rules courtesy of a terrific breakout session run by Amor Esteban and William Kellermann. Until then, if you are frustrated and angry with the challenge of navigating US Data rules and EU Rules at the same time, take heart. You are not alone. We can all just blame the Nazis...

Happy Holidays

Churchill Club Presents The Big Data Effect

noreply@blogger.com (DredLaw.com) — Tue, 13 Dec 2011 02:39:00 +0000

Copyright © 2011 Cary J. Calderone

Is Big Data being over-hyped? "I certainly hope not" was Ping Li's heartfelt response to moderator Michael Chui's question to the panel (bios below). Li's firm, Accel Partners, made a splash in the news recently by announcing the creation of a 100 million dollar fund for investments in Big Data. The Churchill Club panel members each gave their own interpretations of the Big Data Effect. They emphasized that Big Data was not just about the volume of data, but how it could be researched, extracted, and analyzed.

Mr. Li, commented that Big Data was a mixture of machine-generated, user-generated, and open data, but the Big Data effect had to do less with size and volume and more with getting value from new data, old data, and, the mixture of the two. Li believes "we are in the early days of this transformation" and he wonders "what will be the next Seibel or Cognos of the Big Data world?" Gil Elbaz emphasized the important issue was whether the data would be open and transparent and therefore, easily accessed and exploited. An interesting explanation of the Big Data effect was offered by Luke Lonergan. Lonergan mentioned a unique situation where a large retailer, that had not yet bought into the idea of Big Data discovered it had customers, who because of their iPhones and Androids, knew more about the products than their retail clerks. So even though one would think the retail clerk is there to help the consumer, because the clerks were relying on an antiquated terminal and sku system, they were in reality, an impediment to the sale. To me, this particular Big Data effect might best be captured by the title of John Hagel's book, "The Power of Pull." How can a company not recognize and move towards the expectations of its better informed customers if it expects to stay in business? Slow moving retailers will be pulled towards Big Data by the expectations and capabilities of their customers and competitors.

My next favorite quote from the panel was that "privacy is the third rail of Big Data." The advanced mining capabilities if Big Data are relatively recent and yet they have already evolved to the point where the average smart phone user would be dumbfounded to learn what collectors and facilitators of meta-data, already know about them. The panel noted that at a recent government inquiry, even the government representatives were surprised by how much information is already mined and how powerful it can be when analytics and metrics are applied with location. This is especially true at what Ping Li finds the most interesting new area, the cross-section between mobile and Big Data. He believes the smart phone is the best data-capture device. Anand Rajaraman added that it is not just about Big Data captured, but rather "fast" data and this is exactly what smart phones capture so well. Mobile data is fast data. In other words, it matters not only that the data can be captured and analyzed, but that the answers or results are calculated quickly. This provides for the optimal Big Data effect. Rajaraman also appreciates the potential and challenges at the cross-section between public and private company data. "Do you bring all the public inside, or, move your private data to the cloud and risk security concerns?" Keith Collins added that it was the flow of data that may lead to the best discoveries and innovations.

It seems the entire panel agreed that one of the important new areas for the Big Data effect would be advancements in the healthcare industry. "The stores of information from real patients is a gold mine." The old model of testing medicines on groups of people, or, a doctor relying on the patient's questionnaire for history, are archaic when compared to mining of healthcare information of most everyone in the world. In this instance, size (of the data base) does matter. The ability to quickly "crunch" every possible variance in patient history may prove as an essential element to the innovators. My own favorite argument in support of the proposition is a simple one and involves Watson, the IBM computer that has been able to continually trounce very smart people in a game of Jeopardy. Very simply, wouldn't you like to have Watson analyze your health for one minute, in addition to your doctor? As smart as your doctor may be, can they cross-check possible side effects of the 3 to 4 pills you are taking as well or as quickly as Watson could? Unlikely. I believe everyone in the audience could identify a similar situation with their own healthcare experience.

Although it was not mentioned by the panel, my own personal experience has dealt with diagnosing food allergies. We allergy patients have always had to self-monitor and self-diagnose to help the process. I would love for that information to be readily available and accessible to every doctor I see. Moreover, I would even offer it to a general database on allergies and interactions so others may benefit from my experience and I, from theirs. To this end, the panel made the point simple. More and better information available to the patients will lead to more accurate understanding of the conditions, and lead the doctor to making a faster and more accurate prognosis and, finally, achieving a better outcome.

In a recent blog post Seth Godin gave an example of the problems that still exist in healthcare, which he labels as "pre-digital." Think about his frustration and imagine what Big Data technology may change. Godon's description of a visit to the Emergency Room:

Six people doing bureaucratic tasks and screening that are artifacts of a paper universe, all in the service of one doctor (and the need to get paid and not get sued). A 90-minute experience so we could see a doctor for ninety seconds. (full blog story)

It is easy to see how Big Data technology can improve a visit to the ER. The ultimate challenge according to the panel, is whether there is a way to do it responsibly? If so, open access to Big Data and personal health information is likely to garner quantifiable life-extending and quality of life improvements.

In addition to healthcare, Keith Collins explained how the Big Data Effect could help with energy policies and a smart grid by providing predictive and optimization analysis. Soon they will have the capability to analyze the grid on 15 minute intervals. He likes those who follow the creation of new regulations and then determine how to turn that into a value proposition. Lonergan added that the new tools, smart meters and smart grids, have provided us with new data and new opportunities around that data.

In conclusion, whether it is healthcare, energy, or just plain old business productivity and profits, the final takeaway from this terrific panel is that everyone involved with Big Data will have to be very careful to safely navigate the third rail. But, if they do it responsibly, then the innovation and growth potential will be very Big, indeed.

The Big Data Effect

		Speakers: Keith Collins, Senior Vice President and Chief Technology Officer, SAS Gil Elbaz, Founder and CEO, Factual Ping Li, Partner, Accel Partners Luke Lonergan, Chief Technology Officer, Vice President and Co-Founder, Greenplum, an EMC Company Anand Rajaraman, Senior Vice President, Walmart Global E-Commerce & co-founder, @WalmartLabs Moderator: Michael Chui, Senior Fellow, McKinsey Global Institute

Big Data-Not Just Big Storage Or It May Be A Big Headache

noreply@blogger.com (DredLaw.com) — Tue, 06 Dec 2011 17:17:00 +0000

Copyright © 2011 Cary J. Calderone Esq.

Time to give the busy professional's definition of the latest technology buzz phrase, "Big Data." In brief, it is about being able to process and mine very large amounts of data (even petabytes) for business intelligence. Big Data indexing and database technologies, like Hadoop and NoSQL allow for distributed processing that previously was impossible with standard table-based relationship databases. However, too many short-term thinkers will try to implement a Big Data strategy by doing nothing more than keeping everything they can and figuring it out later. This approach is fraught with Big danger.

The most frequent justification for employing a Big Data strategy is to improve business intelligence. Customer satisfaction and trends identified with Big Data technologies can be used to optimize your supply chain as well as shape your digital marketing efforts. However, more data can also mean more concerns with US and Foreign rules governing privacy and security. Will your data be anonymized? Will critical HIPAA or Credit Information be scrubbed or tokenized sufficiently to adequately secure and protect it? And last, but not least, are you going to have to analyze your Big Data for E-Discovery? By and large, if you own and control the data, at some point, a court, at the behest of one of your adversaries, will want you to analyze it for E-Discovery purposes. Will you be able to defend your practices? Will you be able to show why you should not have to produce it? If you have to analyze it for E-Discovery production, will you be able to do so in a timely fashion? One company that decided to keep all company email realized too late, that their search tools and storage drives were inadequate. It would take 12 days to get simple keyword search results. This was definitely not useful for performing Early Case Assessment. Good DRED practices suggest that before you decide to keep everything, make sure you have the policies and procedures and technology in place to use your Big Data to your advantage, and limit your exposure to those potential problems. Make sure your Big Data plans provide you with Big benefits that will far outweigh some of the potential costs. Then, maybe you can avoid Big Delays, Big Problems, Big Costs and even, Big Sanctions.

CEO Bans Email-Maybe Email Really Is Dead

noreply@blogger.com (DredLaw.com) — Wed, 30 Nov 2011 03:17:00 +0000

Atos Headquarters Location at Lago Maggiore

A few weeks back I pointed out to DredLaw readers ways that new technology would be superior to email. (Link to article) Now here is a European company, Atos, that is banning employees from using email to communicate with fellow employees (Link to article) and for precisely the same reasons mentioned. They will be using new collaborative tools and instant and video messaging as alternatives. While I applaud the effort, they will have to be very careful with their data retention and privacy programs.

The rules governing retention for business and legal application do not differentiate based on the type of computer tool or application, or smart phone, that may be used to create the data, but rather, the content of the data. I am not saying it can't be done. It can. However, it will take good planning, training, and auditing to make sure their policies and procedures will withstand legal scrutiny later. The ABC news article goes on to say:

When asked how employees have responded to the policy, Crouch told ABC News the overall response “has been positive with strong take up of alternative tools.”

Moreover, the CEO responsible, Thierry Breton is on point. The article reveals his bold logic:

“We are producing data on a massive scale that is fast polluting our working environments and also encroaching into our personal lives,” he said in a statement when first announcing the policy in Feburary. “At [Atos] we are taking action now to reverse this trend, just as organizations took measures to reduce environmental pollution after the industrial revolution.”

The article does not mention some of the applications, but described them as "Facebook-like." Which coincidentally, is the same way I described Rypple and Yammer. We will look to follow-up with Atos in the future to see how their approach continues to work. My hunch is it will be successful and will be emulated by many other companies trying to effectively manage their ever-growing repositories of electronically stored information. Kudos...

The C-Level Nightmare-Do You Know What You Do Not Know?

noreply@blogger.com (DredLaw.com) — Sun, 13 Nov 2011 22:46:00 +0000

Is this your CEO, CTO, or, General Counsel?

This post goes out to all those C-Levels who have not approved pro-active information management and DRED work because, "they can just search and find what they need when they have to." For almost any attorney or e-discovery professional with experience, this cavalier attitude causes a LOL moment. We also call this approach, "head in the sand," or sometimes, "ignorance is bliss...until it's not." After the 9-11 attacks, when the Department of Homeland Security was created, I remember Secretary of Defense, Donald Rumsfeld, speaking about 3 things: 1) What you know as fact, 2) What you do not know but can research and discover and, 3) What you do not know, you do not know. C-Levels who think they will just find what they need, when they have not tested their approach under the threat of pending litigation, are in the last category. They do not know, what they do not know. Not convinced? Then please consider these items:

In all likelihood, you have relevant data in a legacy system or proprietary repository that may not be touched by your search tool. Even the best technology has to be pointed in the right direction.
You have data that should not be touched by your search tool because it will violate a privacy policy.
The more data you have to search, the more it will cost you. This is true even if 99% of the data is ultimately not relevant to the case at hand.
The more data you have, the more likely your search results will be mediocre. Is mediocre acceptable when setting up a strategy to prosecute or defend a legal matter?
Your search plan will probably not adequately cover home computers, laptops, iPhones, or that 32 gig flash drive dangling from your employee's key chain, let alone all those employee posts on Facebook.

The end result will not be pleasant. You will be faced with substantial costs before you even consider the potential damages to an adverse judgement.

Even a basic DRED assessment can help let you begin to know, what you do not know. It is not hard to discover if you know who to ask, what to ask, and, where to look. I have never met with a general counsel for this assessment (I should call it DREAD because it describes the look on their face) who did not pay close attention and thank me profusely for what I shared with them. Now you, even as a C-Level, may still not know, or, care to know the dirty details, but your future opposing counsel most certainly will. Is that when you want to find out that you have ten years of backup tapes with relevant data stored in a closet? I didn't think so...

Coming to a Law School Near You- eDiscovery Class 101

noreply@blogger.com (DredLaw.com) — Fri, 04 Nov 2011 17:19:00 +0000

Professor Rick Marcus

Copyright © 2011 Cary J. Calderone

A few weeks ago, I had the pleasure of attending a Hastings College of the Law alum event where Diane Gibson, a prominent San Francisco litigator with Squire Sanders et al., and UC Hastings Professor Rick Marcus, presented, E-Discovery and Preservation. There was some good DRED news. For an alumnae event, this was very well attended. There were over 100 people who showed up because they were interested in learning about E-Discovery. The bad news was that when Professor Marcus, a principal drafter of the 2006 E-Discovery amendments to the Federal rules, polled the audience to find out who had heard of FRE 502 (critical for protecting privileged material from accidental disclosure) only myself and three others raised their hands. Scary! During the lecture and the Q&A afterword, we heard about many of the interesting E-Discovery and preservation issues, and what the Advisory Committee is considering for future amendments, but for me, the most important item was that Professor Marcus will, for the first time, be teaching Hasting's E-Discovery class in the spring of 2012.

I am looking forward to following up with Professor Marcus, to see how the class progresses from his initial course syllabus to the final exam. Based on my personal interactions and experiences with general counsel and attorneys, I think an E-Discovery course should be required for all law students and members of the bar. When he mentioned the new offering at the law school, and, especially considering the results of the FRE 502 poll, I thought "thank goodness." Still, I can not help but wonder how challenging it will be for Professor Marcus. The typical law case book does not change often and I am concerned that without a fairly deep discussion of the current technology employed, the E-Discovery law and techniques learned will be of short-term value.

It seems as though the Federal Rules of Civil Procedure get amended to keep up with technology, and before the ink is even dry on the amendments, technology innovation renders those rules, ambiguous at best. Remember a few years ago, when all the concern and debate was about what constituted "inaccessible data?" Technology has changed so now that discussion, if it were entertained, would be about easily accessed versus costly-to-access data. Inaccessible has been all but dropped from consideration and the California E-Discovery Act, specifically allows a Judge to require a litigant to produce the information, even if it is considered inaccessible. In all likelihood, practitioners and students are not going to bother discussing that subject. They will be far more worried about what to do with all the data coming in from Twitter and Facebook.

Another great example of law versus technology came from an audience comment. A retired attorney brought up the California rule that required Transit Authorities and certain government entities to keep all surveillance video tape, for 3 years. This rule was, of course, enacted into law during the days when an entity had only one camera and recorded the video to actual video tape. Today, an average bus has 10 to 12 digital hi-resolution cameras on board. For a Transit Authority to keep all "tape" from all cameras on hundreds of buses for even a year it would cost millions of dollars and probably require a special data warehousing structure. We can only wonder how long it will be before that law is updated? And, then, how long before technology advances render that new law obsolete as well?

If I described teaching E-Discovery technology to law students as a Sisyphusian challenge, it would not be adequate. To be appropriate the story would have to have the additional fact that every time Sisyphus rested, the boulder grew even bigger and heavier. Technology moves to Moore's law-processing power goes up and the price comes down. Technology innovation happens constantly and almost as quickly as the speed of thought. Government codes and case-law move and evolve slowly at best, and compared to technological innovation, at a glacial pace. Good luck Sisyphus and those poor attorneys and students who do not already understand quite a bit about technology. Mega-kudos to Hastings and Professor Marcus for recognizing the need for formal E-Discovery training and for getting started!

New Facebook Privacy Settings-Are You Now A Publisher Or A Public Figure?

noreply@blogger.com (DredLaw.com) — Tue, 18 Oct 2011 22:23:00 +0000

Copyright © 2011 Cary J. Calderone

This calls for a quick overview of Libel Law 101. A publisher has standards for accuracy or else they can be sued for defamation and other things (see Description at Student Press Law Center). There are things you can do to limit your exposure to legal action, by following certain protocols and guidelines. For example, you have heard the phrase, "the truth is an absolute defense." This may save you from a legal action for libel. But, unfortunately, sometimes publishing the "truth" can expose you to other legal claims, like invasion of privacy. This is especially so when the items published are, in fact, true, and perhaps, a tad unsavory. However, there may be a defense for that too, if you happen to publish these unsavory truths about a public figure. Public figures are pretty much considered fair game, or, at least at a level where even if you publish something about them, even with some non-truths or inaccuracies, you will be held to a more lenient standard. At this point you may be a bit confused by this area of law and are thinking that you would never consider yourself a publisher anyway? You don't even have a blog. So why worry? No reason, unless you happen to be on Facebook or another Social Media site and have a lot of friends, followers, or the newly created category of "Subscribers."

The latest Facebook feature is the "Subscribe" setting (see Facebook description) What an oxymoron to refer to it as a "privacy setting!" Basically, it permits you to allow "Subscribers" who can see your public posts in their Facebook Newsfeed and also, allows you to "Subscribe" to others. Now, even "non-friends," can subscribe to and follow all your posts and comments that you set to "public" on Facebook. Other sites, like LinkedIn and Google+, are looking for a way to make more of your posted information “public.” Does that make you feel powerful and influential like the New York Times or Kim Kardashian? Regardless of your answer, it is time to take a little closer look at the legal rules for publishing and public figures, because these standards may apply to you.

Here is what it takes to be a Publisher according to the Student Press Law Center.

Publication

A statement is "published" if it is communicated to someone other than the person whom the statement is about.
Publication can take many forms and does not simply mean that the statement has been printed in a newspaper or other document. For example, a defamatory statement's presence on a computer screen in the newsroom where it is read by other students could constitute publication.

In the case of celebrity Twitter, it is obvious. Ashton Kutcher, Kim Kardashian, Lady Gaga, and countless others have tens of millions of followers. These celebrities have learned to "Self-Publish." They are now authors and publishers. On the one hand, they have a simple way to publish and publicize accurate information about themselves. On the other hand, because they have millions of followers, they have learned that there can be legal repercussions when they are not accurate, or, conversely, are too accurate, when they tweet/publish information concerning others. Privacy and defamation lawsuits are an ever-present concern. The danger to you is that you can easily be considered a publisher too. The definition above shows that even if just one person reads your material, you are a publisher and exposed. So before you go "public" as a publisher, you should really learn a few of the basics about what you can and cannot safely publish. And, by learn, I mean do more research than simply reading this thoughtful and entertaining blog post!

Now the flip side. There is more. Maybe you are a publisher but you will always publish safely and you do not feel exposed. Great! But now lets consider what protections you have for those things others say about you. Can you stop them from hurting you or you reputation? Can you sue them for libel? Or, is it possible you have become a public figure due to your thousands of adoring fans and subscribers? Even as a cautious attorney, I hesitantly joined LinkedIn first, and then Facebook, a few years ago. It would be an understatement to say I have always been cautious about who I friend or connect with online. I urge my friends not become Facebook sluts. You know the type. They are the people who will "friend" anybody, anytime, no questions asked. Even with the added risks of exposure to viruses and spam messages, we all know somebody who has gone from 1 to 5,000 "friends," in a matter of weeks. It is notably ironic that at a time when we are witnessing a massive contraction in newspapers and other print media, there are people that, in a short time, increase their circulation from 1 to thousands. Some print newspapers would kill for that kind of a bump in circulation.

This is where it gets interesting. Do you have enough friends and subscribers to be considered a public figure? The fact is we can not know for sure because the law does not provide us with an exact number that is the trigger for transformation from private to public figure. You may be considered private, limited public, general purpose public depending on whether you thrust yourself or, are thrust into the public eye. Again from the Student Press Law Center:

Who is a Public Figure? There are two categories:

(1) General Purpose Public Figure: a "celebrity," whose pervasive fame or notoriety has made his or her name a "household word."

(2) Limited Purpose Public Figure: someone who has voluntarily assumed a leading role in a particular public controversy.

But even as a public figure you can still use the law to protect yourself right? Yes, but remember now you would have to prove the libelous behavior to a higher standard to be successful. Newspapers have published some pretty scandalous things about public figures, and then successfully defended the legal actions.

So you, or, your company, have to assess the situation. We do not know a specific number it takes to be considered a public figure or, a limited public figure. We know you may be considered a publisher. Do you now need to learn all the details and distinctions about General Purpose and Limited Purpose Public Figures, Public Officials, privileges, exceptions, and more, just to have fun or conduct business online with Social Media? It depends. What will you and your friends be publishing?

"ISSA: Emails Prove Holder Knew" and Other DRED Headlines

noreply@blogger.com (DredLaw.com) — Thu, 06 Oct 2011 19:03:00 +0000

Sometimes a headline can be a DRED story in and of itself. Today, while browsing the internet, I saw a headline that said "Issa: Emails Prove Holder Told About Fast And Furious." I could not help noticing how frequently we see those two words, emails and prove, together in a headline? By Googling "emails prove" it came up with 45,900 results. The list included story headlines with names like, Eric Holder, President Obama, Sarah Palin, Mark Zuckerberg and British Petroleum-and that was just on the first page of results. Do you still think it is acceptable to treat your email as non-records, non-information, and, nonchalantly?

By the way, Googling "emails faked" returned only 1,120 hits, and did not include any of the aforementioned names. Ironically, the only headline where the emails proved good behavior was in the case of Sarah Palin, whose emails were released after a blitzkrieg media campaign to reveal the real truth about her. So, perhaps you should reconsider your nonchalant approach? I mean, if we know "emails prove" is the presumption, wouldn't you prefer knowing what they prove, before your opposition does, and before any attention-grabbing headlines are published? In case you need further justification, here are a few links to some of my older posts on the subject of pro-actively managing your email:

E-Discovery-Shall we do it ourselves or outsource? The answer is, Yes

noreply@blogger.com (DredLaw.com) — Wed, 28 Sep 2011 18:21:00 +0000

Copyright © 2011 Cary J. Calderone

Sometimes customers and prospects can ask me difficult questions. The question on whether to in-source or outsource E-Discovery is an easy question. The answer is, Yes. There is no company, or law firm, no matter how large or small, that should do all or none of their E-Discovery themselves. Where should you draw the line between the two? Now, that is a more challenging question. Here are three factors to consider when deciding:

1) Your Potential Issues: There are many legal matters that can start small and then blossom into larger lawsuits. For example, the routine hiring and firing of employees goes on without worry, until a claim comes in. For many regular and routine items your hiring personnel and IT support should be trained to handle and secure electronic data in a defensible manner, when the need arises. As they run through the usual security checks, and other departing employee procedures, it does not take a much extra effort to secure the data so it could be authenticated for potential litigation. Bringing in an outside E-Discovery firm or law firm, for every routine employee departure would be overkill. On the other hand, even seasoned HR personnel know that sometimes routine terminations come back as big complicated lawsuits, so having a process in place that is legally defensible, is great insurance, even when you ultimately may hand off the matter to an outside firm. Also, when the matter is not routine and/or if your legal department has not already handled a particular type of case before, you may have to ask yourself, if your staff will even know what data is most critical? If you do not absolutely know the answer to that question, score another point for outsourcing.

2) The Experience Level of Your People: Will an outside vendor/firm be better than your knowledgeable staff? Sticking to the employee termination example, in many companies HR and IT positions are low turn-over. Often they have many years of experience and specific knowledge of your industry standards and data practices. Will an outside vendor be able to send in somebody who is already familiar with your issues? Doubtful. Your inside staff should be able to handle it. On the other hand, if the matter involves larger and more complicated legal issues, that might necessitate securing hundreds of gigabytes of different types of data, your staff could easily be overwhelmed. Will you over-collect or, under-collect data? In this instance, familiarity with the tools and techniques for large data sets are likely to be more critical to your E-Discovery success, than familiarity with your business practices. Plus, having an independent third party collecting potential evidence can make it more trustworthy and more likely the procedures will withstand legal scrutiny. Of course, your knowledgeable staff will need to work with the outside vendor to achieve the best results.

3) Your Budget: Doing it all yourself or never doing it yourself will waste money. There are great inexpensive E-Discovery tools available, if you do not already have a system that is set up to hold and collect data for E-Discovery purposes. For example, SharePoint 2010 and Exchange Server, as well as many other applications, have built-in features for E-Discovery purposes. However, when it comes to complicated and large volume matters, it is very unlikely your tools, hardware, and software, will be adequate. This is when an outside third-party firm can come to your rescue. Hiring outside managed services when your capacity is stretched, or, for only occasional "big litigation" matters will probably save you money. Infrequent litigation makes it difficult to justify the ROI on what might be a rather large investment in hardware, software, and staff training, just to be ready for the occasional big case.

In summary, there is no hard and fast rule for when to in-source or outsource. Each company must assess their own situation before making the decision. This article should make it rather obvious though, that if your decision to outsource E-Discovery is always, or never, you probably have not considered the correct factors.

Social Media Governance-5 Reasons New Technology Applications Are Better Than Email

noreply@blogger.com (DredLaw.com) — Thu, 15 Sep 2011 22:32:00 +0000

Copyright © 2011 Cary J. Calderone

DredLaw readers know I have mentioned the trend towards using "New Technology" like social media and social enterprise applications, in business. Rypple and Yammer were developed for business use and even Twitter, Facebook, LinkedIn, and Google Plus, are a common consideration for any company looking to market on the internet. Companies are using social style Wikis to manage internal projects. To be sure, I have warned readers about the need to have policies and procedures as a safeguard so their companies can use these New Technology applications in accordance with good data management and DRED practices. But, this post will focus on some of the positives and comparative benefits of using these newer applications. Yes, there are still potential pitfalls to social applications in business. However, when compared to old email policies and practices, social-style applications have the potential to be a tremendous improvement to your organization's computer communications practices, and here are 5 reasons why:

1) Tighter organization: Email is a communication vehicle that is frequently organized apart from its subject-i.e., whether the subject is a web page, a PowerPoint presentation, or a video clip, or a picture, email is kept with emails, and the other documents are stored someplace else. If you do not constantly attach the latest version of the "subject" document, or at least a link to the latest version, the email may be ineffective. In social-style applications, the comments can attach directly to the subject matter. This is so whether it is a document for editing, a video clip for viewing, or a whole host of other types of electronic information.

2) Enhances collaboration: Email that contains its subject as an attachment is inefficient. When three people start editing a document, nobody is working on the same version. How fun is it to get 3 or more versions back and have to resolve the changes and suggestions? Some are duplicates and some conflict other's changes. How does that help move the document to final version? With social collaboration applications, you work on the same version even at the same time.

3) Smaller carbon footprint: Email volume grows much too quickly. Did you get the cc? Did you get the bcc? Will you send me a confirmation? Every time you get an email with 10 ccs, that indicates that at least 10 times the amount of information is stored-and even worse if there is a large attachment with the email. Social collaboration applications avoid the need to cc. People just look at the project thread and see related comments, one after the other. Again, this is much more efficient than sending out ccs, which at some companies are so excessive, they are automatically and routinely ignored. This factor alone could justify the move to New Technology social-style applications.

4) Just the facts, please: When you want to search for project information you'll find your Inbox includes calendar dates and meeting requests that involve the subject, but not in a substantive way. Why should you keep or need to search through calendar or other unrelated information in your inbox, when you are searching for information about a certain project? Answer- you shouldn't.

5) Social is better even if you organize your email: For those who read #4 and thought it did not apply to them because they organize email into project folders, please remember that email can discuss multiple topics. Do you have to keep a copy of the same email in 4 different folders? Do you set one or multiple deletion dates for that email? Once again, social applications generally promote short, to the point comments, under one specific project heading. Moreover, down the road, when it is time to delete all information about that certain project, the entire data set can be deleted at once. This should include all the video clips, pictures, and comments too. That is much more efficient and effective than searching your email repository, your Word documents, your Excel Spreadsheets, etc. etc.

I'll bet that while reading this list you thought of some advantages New Technology social applications would have over your email practices at your business. On balance, one of the challenges of DRED and Information Governance is trying to create a set of best practice rules to manage a wide range of applications, data types, and formats. Social-style business can be scary at first, but it can also make it so all the communication, editing, explanatory materials, and supporting data, are viewed and reviewed in the same place. That works much better than plain old email.

eDiscovery Retreat-Laura Zubulake-Lessons from THE plaintiff

noreply@blogger.com (DredLaw.com) — Mon, 01 Aug 2011 20:05:00 +0000

by Cary J. Calderone

One highlight at the Carmel eDiscovery Retreat, was hearing from THE plaintiff Laura Zubulake. Zubulake v. UBS Warburg LLC., 217 F.R.D. 309(S.D.N.Y. 2003) is a seminal case and is the foundation for many other discovery decisions and even modifications to discovery procedure rules. Rules were modified so they could be better applied to electronic media and computers. Now I have to admit, I was like many attorneys who assumed that some very smart lawyers had recognized the value in searching defendant UBS's emails for evidence of wrongdoing. But, that is not how it happened. Laura was actually the one who insisted her attorneys demand production of emails because she KNEW the defendant had not done a reasonable job in producing the relevant materials in their possession or control. The end result? A $29.2 million dollar jury verdict in her favor. As Laura noted, Electronically Stored Information (ESI) and email in particular, is "like DNA evidence for trials!"

Her talk began with this simple observation-"Sometimes lawyers should listen to their client." And, to reword this lesson for defending counsel-when the plaintiff is a former employee, who routinely received and sent 200 emails a day on the job, and the time frame for the case spans years, producing only 100 "relevant" emails, is not going to suffice. The Zubulake case was written by Magistrate Judge Shira Scheindlin and is known for its discovery rulings and underlying guidelines to determine when ESI data might be considered inaccessible and when it might still be necessary to preserve and/or produce it. The case is a must read for anyone wanting to learn about a whole host of other "basic tenets" for determining "reasonable behavior" for handling ESI in advance of a potential legal matter. Legal scholars and courtrooms, have been discussing and debating the case since it was first published.

What was most surprising to me was to hear Laura describe how difficult it was for her to convince her own lawyers that they needed to press for more email evidence. The demands for production started in 2002 and it was not until 2004, that the bulk of the emails were finally produced. Her persistence did pay off however, as she ultimately won a huge verdict. I can't help but wonder how many attorneys still believe that printing out a few relevant emails is a solid eDiscovery strategy?

Laura described 2001 as the technology dark ages. (I had to laugh as I had just recently learned of a law firm that finally upgraded from Groupwise to MS Exchange for email. Whoa. Cutting edge technology!) It seems I am not alone in noticing that lawyers seldom move quickly to adopt or understand new technology. Part of the problem is they do not ever want to be on the bleeding edge of new technology and discover that a new technology is not reliable. While this is a valid reason for being cautious, there are far too many lawyers who believe, "if it aint broke, don't fix it." Meaning, why pay money for computer technology that can turn 5 hours of billable work into only 1 hour? Well, eventually the client figures it out. That's why. Or, you end up being the only one in court who does not understand the difference between an email, and an email attachment?(another of my real-world examples)

She made another great point regarding the lack of understanding of technology. She knew of some colleagues who had tried to protect emails from disclosure under the attorney-client communication privilege, even though there were no attorneys involved in the email chain! I once again was nodding my head in agreement. I have had more than one worker confide to me the they thought their boss marked everything as "Confidential" so they would not have to produce it in a legal proceeding. That is LOL funny. I bet the Judge will be smiling too as they calculate the appropriate sanction. As Judge Peck quipped during his keynote, "we Judges love being lied to." :)

Laura spoke for an hour, and made one great observation after another. My favorite was this: “eDiscovery is about going to trial and too many consultants and lawyers have never gone to trial." She noted that, since the Zubulake case, an entire new cottage industry has sprung up around litigation preparedness, and early case assessment. "But, there is still a lot of bad advice!" I wanted to give her a standing ovation. Readers of this blog know about some of my past frustrations when trying to guide clients away from sales-puffing claims and "best-practices" extolled by inexperienced consultants, who just recently started dabbling in the legal consulting arena. Wonder what she would have thought about the sincere confession to me by one technology consultant that "he really started to understand just how particular the judges can be, when he went through his divorce!" Yep, that ought to be plenty of legal background to help a company design a reliable eDiscovery plan...ugh. Laura Zubulake too, was frustrated with consultants who did not understand how discovery battles are fought and won, and how ultimately, they can determine the outcome of the case.

In conclusion, I was reminded of my old post from 2008, "Federal Court for Discovery? Be a Boy Scout." The lessons she described, about discovery and reasonable behavior, do not change even though the technology does. So, if you want to be safe, be prepared, and avoid sanctions today, you had better act reasonably in light of the current technology and techniques available. Keep up!

Finally, Laura has written a soon-to-be-released book about her experiences as THE plaintiff, and I will definitely be reading it. If it is half as interesting and illuminating as her talk, it will be well worthwhile. Perhaps you should read it too.

Carmel Valley eDiscovery Retreat-Great debut!

noreply@blogger.com (DredLaw.com) — Thu, 21 Jul 2011 18:12:00 +0000

Nearby Asilomar Beach

When Chris La Cour invited me to attend the inaugural Carmel Valley eDiscovery Retreat I was a little hesitant to accept. I have attended many legal technology, legal education, and eDiscovery shows, both as a speaker and blogger, so I expected an inaugural event to be, well, not very good. I was wrong. This event ran as smoothly as any conference I have ever attended. The panels of legal and judicial speakers were top notch, up to date, and the setting was spectacular. There were no problems with audio, acoustics, or scheduling. The event was well-attended but there was ample comfortable seating and spacious meeting areas to interact with other attendees. I am not alone in my praise. I heard quite a few other attendees lauding the venue and agenda. Some of the speakers really shared some valuable eDiscovery lessons. Here are just a few of the comments:

Laura Zubulake (the most famous eDiscovery plaintiff)-To attorneys wondering what ESI information to request from defendants- "Ask the plaintiff. They know what information is there!"
Magistrate Judge Andrew J. Peck-"Sometimes, when you look closely at the gold standard for review, there isn't much gold."
Magistrate Judge Elizabeth Laporte-"The Cooperation Proclamation is important. The system cannot function without more cooperation."
Kimbur Tate (McKesson)-"Sometimes when rolling out a new policy, it is best not to call it a policy."
Laura Zubulake-"As a plaintiff, she would have loved to receive inadvertently produced privileged material."
Anthony Knappen (Chevron)-"Hold-in-place can work if you have a process and you have the legal team follow-up."

I will post more about some of the specific sessions soon.

Facebook is now totally Ryppled! And, what that may mean for future eDiscovery

noreply@blogger.com (DredLaw.com) — Wed, 22 Jun 2011 17:49:00 +0000

Copyright 2011 Cary J. Calderone

A few weeks after commenting on Facebook's latest big lawsuit and the email evidence involved, I mentioned how a product like Rypple, may effect a company's data retention practices (link to post). Now that Facebook has announced they are using Rypple, I cannot help but wonder how future discovery requests in a lawsuit may have to differentiate between a "Like" designation and a "Thumbs Up" or, a Smiley Face? You can just imagine a cross-examination in court: "Isn't it true Mr. Boss, on this project you gave the former Disgruntled Employee, not one, but TWO Smiley Faces and a Thumbs Up!!!" "Let's bring up the digital display so the jury can see the Smiley Faces." Will the evidence of Smiley Faces be in native or some other format? Do we care? We should, and here's why.

Screenshot of Rypple

Gamification of work practices and procedures is gaining traction. One of the main selling points to Rypple is that better feedback will make for more productive employee/manager relationships and ultimately, lead to fewer disgruntled employees and more productive and collaborative work relationships. Win win we hope. At the same time, we lawyers can always anticipate the potential for a problem with an employee. So, what kind of Legal Hold and Collection challenges will you have if you are using any "gamification" tools? Is it time to be proactive and revisit your Computer Usage Policies and Retention practices? Definitely! On the bright side, if you do the work now, then maybe one day, after you contact your attorney for a potential legal matter, you'll be rewarded with a big Smiley Face... :)

The ROI of eDiscovery? Why not just calculate the ROI of a good night's sleep

noreply@blogger.com (DredLaw.com) — Fri, 17 Jun 2011 22:16:00 +0000

I have seen so many articles that attempt to sell the purchase of large eDiscovery tools with a Return On Investment analysis. The resulting magic formula always shows just how much money a customer can save in an average legal matter. And yet the ROI cannot be very compelling. With the exception of one General Counsel of an international enterprise software provider (kudos Kim), I have never been hired by a company that had not already been “tagged” in a litigation matter for big bucks. And, by tagged, I mean that they were sanctioned for discovery failures or, they realized they could not collect their data to mount a defense and had to settle the case. So, my argument is, it may be more effective and productive to calculate the ROI of a good night's sleep. Let me explain.

The ROI for eDiscovery all have some formula for calculating the average number of gigabytes of data that is collected and reviewed in the average case. Then they chart them against costs of in-house legal, outside counsel, and/or third party processors. They may also scare you with the potential for million dollar discovery sanctions. The ROI analysis for Records and Information Management are frequently less exact. These studies attmept to examine and quantify the average cost of the time that somebody spends searching for information before and after RIM enhancements. I sincerely believe these studies are not wrong. However, they may be too abstract and nebulous to be compelling.

Similarly, the ROI analysis of sleep has shortcomings. What is an extra hour of good sleep worth to you? Most studies show sleep is valuable for clarity of thinking, health, and productivity. But, do we know how much sleep is optimal for everybody everyday? The same unknowns exist for eDiscovery and litigation matters. What costs can you really save? Is it the same for big cases and small cases? And for routine cases or exceptions? If you are a big company or a small-sized one? Lots of litigation or almost none? We don't really understand in a compelling fashion because there are too many unknown variables. And yet, there is real value to knowing that no matter what type of case comes your way, you are prepared to respond quickly and effectively. Knowing that the tools and policies you have employed provide your company with a more organized and productive way to use your computer data, and find it when you need it for eDiscovery, is extremely valuable. And this is true regardless of whether an actual ROI can be formulated.

I recently was complimented by a client who had to test their eDiscovery process with a real matter. They were very happy because they had tools, training and checklists to help prepare them and guide them through the process. The result was that a stressful situation was less stressful. What is the ROI on that? Ultimately, it may just mean your General Counsel, CEO, CFO, CTO, and employees sleep better at night...

Social Network Applications Coming To Your Business-Will there be a Rypple effect?

noreply@blogger.com (DredLaw.com) — Tue, 26 Apr 2011 18:12:00 +0000

Here's a scoop. Companies like Rypple are making “Facebook-style” applications to be used in your business. The Wall Street Journal Digital Edition has an excellent article by Dr. Terri Griffith on this phenomenon. ( full article) With over 600 million users on Facebook and LinkedIn combined, people around the globe now understand the power of status updates, and sharing comments, pictures, and videos, instantly online. Social business applications use an underlying philosophy of open and easy information exchange and are applying it to personnel matters, project management, and collaborative learning and team innovation. I mentioned these new social-style tools recently in a DRED meeting with a CEO, a corporate counsel, and 3 department managers who were in charge of data compliance, and the response was unanimous...”UGH!” How could they possibly manage all this data? But it doesn't have to be so bad and in fact, if implemented properly, these social business tools may actually improve the way your company manages your electronically stored information.

It was great to see Dr. Terri Griffith's article in the Wall Street Journal digital edition, and not just because she has referenced this blog in past writings. The transformation of personal home technology toys into business tools at the office is not new. Noticed any iPhones at work lately? It may have begun as the favorite toy for uber-geeks but it, and similarly, Android smart phones, have made their way into the office as business productivity tools, often replacing the old standard tool, the Blackberry.

There are legitimate concerns to social business. What about your DRED practices? Does anyone understand how these applications will work with data retention policies and electronic discovery? How will they be backed up or locked down for a legal hold? Is it worthwhile to re-work retention and computer policies to allow social business? Is social business even a legitimate business tool?

While some may argue that these social business applications are too simple to afford any real help at the office, I disagree. Historically, more technology has failed in business because user-adoption never grew due to the software being too complex and difficult to use. As Dr. Griffith reported, "about half of company knowledge-management initiatives stagnate or fail." Simple tools that actually work are adopted at a higher rate and therefore, can lead to a much better increase in productivity. This is especially true when compared to those elaborate tools that were never rolled out and are sitting on the shelf collecting dust.

When you begin reviewing social business tools, you will notice that the user interfaces are very straightforward and easy to learn. Consider Facebook. There are many grandparents and parents, with little or no computer experience, now enjoying communicating with their families and friends on Facebook. Even computer newbies can snap a picture on their phone, and click the button to “share.” Simple works, but it can be very productive too.

Back to the office. Imagine being able to review a marketing campaign that includes a web page, a video, pictures, and maybe some sound bites, all on one web page in an application? Pretty neat. And, it is far more efficient then having to download separate email attachments to your computer and open them with separate programs to view them. Plus, co-workers can post their comments right there, under the picture or video. No longer will you have to review the comments buried in tens of emails from 6 co-workers, all desiring to share their thoughts. Sure sounds like a productivity tool now, doesn't it?

There will be challenges to “social business.” Open communications with peers will need to be balanced against security, privacy, and privilege concerns. You will need well crafted and thoughtful user policies. But, there are definite advantages in the design of many social business networking applications that will make adhering to a corporate data retention policy ultimately easier and more effective, than with many of those other "old-school" technologies, like email...

Need More Justification to Update Your Data Retention Policies? Here are a few benefits, on the side...

noreply@blogger.com (DredLaw.com) — Wed, 20 Apr 2011 19:52:00 +0000

An article on today's San Francisco Chronicle's website, SFGate.com, covers a computer mishap with the Division of Emergency Services. When their main computer system lost internet connectivity this past New Years, they discovered they could not switch over to a backup system because...(drum roll please)...no one had the password to get in. Only one person knew the password, and they were not on duty! Now why is this related to DREDLaw? Because in every company, as a part of the usual DREDLaw Assessment process, we have uncovered problems and potential problems related to Information Management and Governance.

Frequently, these were not obvious issues with DRED, but rather, they were jaw-dropping surprises to the clients. For example, I uncovered an instance of only one person knowing critical passwords, just by asking some of my standard interview questions to a department manager? In organizations, large and small, some information is more guarded, more remote, or maybe just seldom accessed. Without understanding who uses the resources and why, similar data traps can remain hidden, until it is too late. The solution may be simple. Redundancy can work just as well for people, as it does for computers.

Here are a few other "benefits on the side" that may be uncovered when you undergo an Assessment:

PST files that store business information off the network, where it is not backed-up
PST and other locally stored files that do not get searched for Legal Holds
Self-designed backup systems or workers who keep "everything" on a flash drive in their pocket
Search tools used by some employees, but not others
A separate hidden email server kept by a department (not making this up)
Instant Messaging records of communications with outside vendors or customers
Multiple copies of Records kept by many departments
No copies of important Records being kept because everyone thought another department was supposed to keep them
Personal copies of non-company authorized software applications-Yes, World of Warcraft can slow down a network...

So, just in case the obvious benefits of a better Information Management program are not enough motivation to persuade those who control the budget, maybe the above "benefits on the side," will help.