Electronic Discovery

Thursday’s ILTACON 2017 Sessions: eDiscovery Trends

As noted Monday, Tuesday and yesterday, the International Legal Technology Association (ILTA) annual educational conference of 2017 (otherwise known as ILTACON) is happening this week and eDiscovery Daily will be reporting this week about the latest eDiscovery trends being discussed at the show.  Today is the last day to check out the show at the Mandalay Bay if you’re in the Las Vegas area with a number of sessions available and as many as 215(!) exhibitors providing information on their products and services.

Sessions of interest in the main conference tracks include (all times PT):

9:00 AM – 10:00 AM:

O365 and Exchange Ediscovery Capabilities: While Office 365 and Exchange ediscovery capabilities can make our jobs easier, they can also be subject to problems. What can you expect from these products? In this live demo, you’ll get an interactive tutorial of the features these platforms offer – from the glitz to the glitches.

Takeaways:

  • Understand what the different software offerings are and are not good at
  • Identify gotchas for each product

Speakers include: John Collins, Director of Information Governance & Office 365 Consulting DTI.

Your Perimeter Will Be Breached: Your law firm will be hacked. What do you do when that happens? How do you mitigate the damage done? Join us for a technical discussion on what you can put in place that will help you identify where you have been hacked and how to get rid of the threat.

Takeaways:

  • Determine a list of things to check when you’re back in the office
  • Identify ways to find intruders in your perimeter and mitigate risk

Speakers include: Brian Johnson, Sr. Security Engineer Emergent Networks.

11:15 AM – 12:15 PM:

New Microsoft Features That Will Affect Ediscovery in the Future: Microsoft continues to add features to its products that could make preservation, collection, review and production easier in the future. More and more corporations are using those products. Is it time for law firms to follow suit? Come hear a panel discuss how Microsoft’s legal hold and ediscovery compliance features could change how we deal with ediscovery now and in the future. Will you be prepared to take advantage of these changes?

Takeaways:

  • Learn how Microsoft’s legal hold and ediscovery compliance features are making it easier to deal with ediscovery challenges
  • See how these new features could affect how we deal with edIscovery
  • Discover how to take advantage of these features to further your career

Speakers include: Scott M. Cohen, Managing Director Winston & Strawn LLP; Jake Frazier, Information Governance & Compliance Practice Leader FTI Consulting; EJ Bastien, Lead eDiscovery Program Manager Microsoft Corporation – Legal and Corporate Affairs; Troy Dunham, eDiscovery Program Manager Adobe Systems Legal Department.

2:00 PM – 3:00 PM:

Data Analytics for Information Governance: Whether you’re in a law firm or corporate environment, using data and key metrics can improve your information governance (IG) and system performance. What types of data should you be evaluating, and how to do find the value of it? How can you create the ideal information governance framework by distilling data into building blocks that tie together? We’ll examine case studies to demonstrate data-driven decisions made throughout the building and remodeling of successful IG programs.

Speakers include: Gillian Glass, Director of Practice Support, Paralegals and Records Farella Braun + Martel LLP; Megan Beauchemin, Director of Business Intelligence and Analytics InOutsource; Daniel Holohan, Chief Information Officer The Advisory Board Company.

What’s in YOUR Ediscovery/Litigation Support Strategic Plan?!: Looking into the future, what is the focus of your strategic plan? What are your staff needs and technology needs? Is there company growth? Creating and managing a strategic plan can be difficult, especially as emerging needs fight for resources and attention. This presentation will give ediscovery and litigation support professionals tips on updating, revamping and revisioning their strategic plan. We will also discuss various approaches and timetables for the strategic planning process.

Takeaways:

  • Cultivate ideas on how to develop a strategic plan
  • Identify who needs to be involved
  • Determine factors to consider in your strategic plan

This session will NOT be recorded.

Speakers include: Mary Pat Poteet, Managing Consultant; David Bryant Isbell, Director, Global Practice Support Baker & McKenzie; Ashley Smith, Managing Director Deloitte.

3:30 PM – 4:30 PM:

Preserving, Collecting and Producing Databases for Ediscovery: An industry expert will share how they deal with, manage and produce structured data and databases during litigation and government investigations. Attendees will hear about common challenges and solutions to help deal with these challenging sources of data, and they will learn about techniques to preserve, collect, review and produce structured data and databases.

Takeaways:

  • Learn how to preserve, collect and produce databases
  • Understand common challenges and pitfalls to avoid when dealing with databases
  • Establish a list of questions to ask when dealing with databases

Speakers include: Jim Vint, Managing Director, Practice Lead Global Legal Technology Solutions Navigant.

So, what do you think?  Did you attend ILTACON this year?  If so, what did you think?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Wednesday’s ILTACON 2017 Sessions: eDiscovery Trends

As noted Monday and yesterday, the International Legal Technology Association (ILTA) annual educational conference of 2017 (otherwise known as ILTACON) is happening this week and eDiscovery Daily will be reporting this week about the latest eDiscovery trends being discussed at the show.  There’s still time to check out the show at the Mandalay Bay if you’re in the Las Vegas area with a number of sessions available and as many as 215(!) exhibitors providing information on their products and services.

Sessions of interest in the main conference tracks include (all times PT):

9:00 AM – 10:00 AM:

eDiscovery Industry Resources: There are many industry resources for professionals in ediscovery, including Women in eDiscovery, ILTA, ACEDS, EDRM and Sedona. How can you get involved with these organizations, and what are the benefits of becoming a member? Speakers from each organization will share how they can help you and your team.

Takeaways:

  • Gain a better understanding of each organization
  • Learn how to become a member

Speakers include: Amy Juers, Founder & CEO Edge Legal Marketing; Peter Pepiton II, Director of eDiscovery Dinsmore & Shohl; Janelle Eveland Belling, Managing Director of E-Discovery Services & Strategy Perkins Coie; Doug Austin, Vice President of Professional Services CloudNine; Martin Tully, Co-Chair, Data Law Practice Akerman LLP.

Everything You Need to Know About EU General Data Protection Regulation, but Were Afraid to Ask (Until Now): Law firms that deliver services to European Union residents need to be prepared for the new General Data Protection Regulation going into effect May 25, 2018. Discover what you need to know about the GDPR, so you can develop a strategy for reviewing and updating your operations to meet the new obligations. We will also explore technologies available to assist and ways you can secure funding and support from firm leadership.

Takeaways:

  • Understand how to prepare for GDPR compliance
  • Develop a basic plan for implementing GDPR controls
  • Identify resources for GDPR preparation and implementation
  • Understand technology tools available

Speakers include: Ian Raine, Director of Product Management iManage; Jeff Hemming, Product Manager – Marketing Solutions Tikit Inc.; Robert Cruz, Senior Director, Information Governance Actiance, Inc.; Grant Shirk, Vice President, Marketing.

11:00 AM – 12:30 PM:

How to Hack a Law Firm: Many law firm’s conduct external penetration tests, but you can still be hacked. Whether you’ve been through a dozen tests or are facing your first, it’s important to gain insight into the most common ways hackers gain access to a law firm’s data and assets. Learn about the best controls you can put in place to defend against these threats.

Takeaways:

  • Determine a list of top 10 things you need to go back to your firm and check
  • Identify how your firm policies can increase your risk

Speakers include: Kenny Leckie, Senior Technology & Change Management Consultant Traveling Coaches, Inc.

3:30 PM – 4:30 PM:

Automating Information Governance: We’ve all been told that automation is the future of managing and governing information. With automation come many benefits, including rule-based email management, the most sophisticated forms of automated classification and discovery of data’s “meaning.” Interested? Come learn about available technologies, challenges in implementing automation and important lessons information governance (IG) practitioners have learned that can help us put these next-generation tools and techniques to work today.

Takeaways:

  • Discover different techniques to automate solutions to your IG problems
  • Outline what works and what doesn’t
  • Understand why automating IG is worth the investment

Speakers include: Julie J. Colgan, Senior Director, Strategy & Innovation DTI; Leigh Isaacs, Director, Records & Information Governance White & Case LLP; Brianne Aul, Firmwide Senior Records and Information Governance Manager Morgan, Lewis & Bockius, L.L.P.

Ediscovery Data and Records Collaboration: A closed matter is just the beginning to what can often be a complex data storage process. What information gets returned to the client? What data sets get destroyed? What data do you need to keep? From understanding your client’s records retention strategy to having a step-by-step plan with records managers, a collaborative strategy is necessary to ensure records are safeguarded and processes are compliant.

Takeaways:

  • Understand complex data storage methods
  • Comprehend the importance of your clients’ records retention policies and how they affect your retention practices
  • Identify best practices from records managers and general counsel

Speakers include: Brian Jenson, Director, Litigation Support & E-Discovery Services Orrick, Herrington & Sutcliffe LLP; Martin Susec, Assistant General Counsel Nationwide Mutual Insurance; Richard Dilgren, National Director, Data Science & Strategy FRONTEO.

So, what do you think?  Are you planning to attend ILTACON this year?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Tuesday’s ILTACON 2017 Sessions: eDiscovery Trends

As noted yesterday, the International Legal Technology Association (ILTA) annual educational conference of 2017 (otherwise known as ILTACON) is happening this week and eDiscovery Daily will be reporting this week about the latest eDiscovery trends being discussed at the show.  There’s still time to check out the show at the Mandalay Bay if you’re in the Las Vegas area with a number of sessions available and as many as 215(!) exhibitors providing information on their products and services.

Sessions of interest in the main conference tracks include (all times PT):

11:00 AM – 12:30 PM:

A Deep Dive into Project Management in Litigation Support: Take a deep dive into advanced litigation support project management (PM) principles. This workshop will be led by three high-level ediscovery strategists and is designed for professionals who live in the trenches of complex litigation support management. Learn principles you can leverage and apply immediately to improve your organization’s PM maturity.

Speakers include: Michael Quartararo, Director of Litigation Support Services Stroock & Stroock & Lavan LLP; Daryl Shetterly, Director, DRS Operations Orrick, Herrington & Sutcliffe LLP

1:30 PM – 2:30 PM:

Managing Data from the EU During Litigation: A panel will discuss current issues and solutions for dealing with data from the European Union during litigation and government investigations. Topics will include certification through Privacy Shield and using Model Clauses in your agreements to address privacy and security concerns.

Takeaways:

  • Learn about the current status of EU data privacy issues
  • Identify how to avoid getting in trouble when dealing with EU data
  • Become comfortable with how the Privacy Shield certification process works

Speakers include: Michael Boggs, Director of Practice Support Holland & Hart; Mollie C. Nichols, Senior Attorney Cleary Gottlieb Steen & Hamilton LLP; Chris Dale, e-Disclosure Consultant E-Disclosure Information Project; Ben Rusch, V.P. Review Solutions – Europe & APA Consilio; Jonathan Wilan, Partner Baker & McKenzie.

3:30 PM – 4:30 PM:

Real-World On-Prem to Cloud Migrations: A panel of peers from firms with experience migrating on-premises systems to the cloud will discuss how their cloud strategies were formed; what moved when and resource allocation; what to look for in a cloud provider; affected business processes; level of effort (time, cost, etc); cloud growth projections; addressing client data audits; and security concerns and challenges. This is a follow-up to Monday’s session on “The Cloud vs. No Cloud Debate.”

Takeaways:

  • Determine things to consider when planning a move to the cloud
  • Gain lessons learned from peers and how to avoid the same pitfalls

Speakers include: Jeffrey Brandt, Chief Information Officer Jackson Kelly PLLC; Christopher P. McDaniel, Chief Information Officer Smith, Gambrell & Russell, LLP; David Tremont, Director, Network Services Bracewell LLP; Moosa Matariyeh, Principal Solutions Architect CDW.

3:30 PM – 5:30 PM:

Litigation Support Roundtable: What major challenges will we face next in litigation support? Gather around this lively, moderated roundtable discussion that will focus on hot topics in industry-wide litigation support and issues to consider for the future. Topics will be selected by session attendees and could include staffing, product selection, technological advances, recent case decisions and outsourcing.

Takeaways include:

  • Experience a lively and timely discussion

Speakers include: Stephen Dooley, Assistant Director of Electronic Discovery and Litigation Support Sullivan & Cromwell LLP; Jack Thompson, Sr. Manager – Litigation Support/Legal Operations Sanofi.

So, what do you think?  Are you planning to attend ILTACON this year?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Time for ILTACON 2017: eDiscovery Trends

The International Legal Technology Association (ILTA) annual educational conference of 2017 (known as ILTACON) kicked off yesterday with several networking events, and begins in earnest today with the first day of sessions.  eDiscovery Daily will be reporting this week about the latest eDiscovery trends being discussed at the show.  Over the next four days, we will provide a description each day of some of the sessions related to eDiscovery to give you a sense of the topics being covered.

If you’re in the Las Vegas area, come check out the show at the Mandalay Bay – there are a number of sessions available and as many as 215(!) exhibitors providing information on their products and services.  Sessions of interest in the main conference tracks include (all times PT):

11:00 AM – 12:00 PM:

Challenging ESI Sources: Judge Peck and Craig Ball will discuss the technical and legal issues related to the most challenging electronically stored information (ESI) sources they have dealt with over the past six months in ediscovery. Learn how to prepare and deal with these challenges in your own matters.

Takeaways:

  • Better understand some of the emerging data sources that will become more mainstream in the next several years
  • Identify real-world examples of how to deal with these ESI sources in a defensible way today

Speakers include: Craig Ball, ESI Special Master and Texas Attorney Craig D. Ball, P.C.; Allen McNee, Chief Revenue Officer Integreon; Honorable Andrew J Peck, US Magistrate Judge of New York.

1:00 PM – 2:00 PM:

Latest Trends in Leveraging Analytics in Litigation Support: As the ediscovery industry matures, much has been written and said about the concepts and theories underlying technology-assisted review. How is it being leveraged in practice in 2017, and what’s next on the horizon? Judge Peck and three industry experts will present real-life case studies — some including new applications — and give predictions on the future of advanced analytics in litigation support.

Speakers include: Thomas Barce, Director of Consulting Services KrolLDiscovery; Beth Patterson, Chief Legal & Technology Services Officer Allens; Doug Matthews, Partner Vorys, Sater, Seymour and Pease LLP; Jeremiah Weasenforth, Managing Attorney Team Lead Orrick, Herrington & Sutcliffe LLP Honorable Andrew J Peck, US Magistrate Judge of New York.

The Cloud vs. No Cloud Debate: More and more vendors are moving to cloud models, which can put you in a difficult spot. How do you successfully make the case to move to these cloud solutions? How do you address risk concerns from your firm’s leadership and clients? Can you comply with a client’s “no cloud” demands while leveraging cloud technology? Let’s explore the cloud vs. no cloud debate and prepare you for Tuesday’s session on “Real-World On-Prem to Cloud Migrations.”

Takeaways:

  • Develop a review process for considering cloud solutions
  • Identify features and controls to mitigate risk and make clients happy

Speakers include: Robert DuBois, Chief Information Officer Briggs and Morgan, P.A.

Using the Information Governance Maturity Model: Understanding the defining characteristics of information governance (IG) programs at differing levels of completeness and maturity is a must for your program to be effective.Using the Law Firm Information Governance Symposium (LFIGS) information governance maturity model as a guide, attendees will learn how to identify where you are in different facets of law firm IG maturity and how you can advance your program to the next level.

Speakers include: Brian Donato, Chief Information Officer Vorys, Sater, Seymour and Pease LLP; Dana C. Moore, Manager of Records & Information Compliance Vedder Price P.C.; Terry Coan, Senior Director HBR Consulting LLC.

2:30 PM – 3:30 PM:

Transition Your Litigation Support Career to Cybersecurity and Information Governance: Litigation and practice support specialists are cornering new niches of consultation and expertise in cybersecurity and information governance. While many of the skills and experiences of ediscovery professionals touch on the implications of information governance policies and data security issues, the transition from the litigation support world to another related discipline is not a short and easy path. Success requires significant additional education and certification, an understanding of advanced developing technology proficiencies, and the ability to leverage these areas of high value consulting work from a business perspective. Come hear tips and lessons learned from industry leaders who have incorporated cybersecurity and information governance into their roles.

Speakers include: Caroline Sweeney, Global Director Ediscovery & Client Technology Services Dorsey & Whitney; Rachelle Rennagel, eDiscovery Counsel Pillsbury Winthrop Shaw Pittman LLP; Wale Elegbe, Senior Manager, eDiscovery & Litigation Support Sullivan & Cromwell LLP; Jared Coseglia, Founder & CEO, TRU Staffing Partners, Inc.

4:00 PM – 5:00 PM:

Stand By Me: A Mock 30(b)(6) Deposition of a Corporate IT Representative: Litigation support professionals are often called upon to shepherd client data identification, preservation and collection. Discovery challenges could call into question the integrity and sufficiency of these processes, leading to motion practice and the deposition of a client’s corporate IT representative. In this interactive session, watch as we stage a 30(b)(6) deposition from start to finish and stop along the way to discuss key points and issues you should plan for and be aware of. We’ll also involve the audience to get thoughts and feedback on what you perceive to be the correct course of action.

Takeaways:

  • Understand what to expect during a typical 30(b)(6) deposition
  • Receive tips on how to properly prepare your client by focusing on litigation readiness
  • Learn how to avoid common pain points and errors

Speakers include: Scott B Reents, Lead Attorney, Data Analytics and E-Discovery Cravath, Swaine & Moore LLP; Matthew K. Blaine, Partner Davison Eastman & Munoz, P.A.; George Chiu, Director, Systems Development Prudential Financial, Inc.; Roe Frazer, Attorney, Frazer P.L.C.

The Future of Search in Law Firms: What does the future hold for search in law firms? How far will legal knowledge management push the search envelope beyond documents, matters and expertise? Further than you think! Let’s explore the future of search, including integrating search-enabled applications, broadening the search scope available to the mobile professional, incorporating artificial intelligence, enhanced visualization and the use of predictive analytics, and the use of machine-generated metadata to improve search results. See how search can fulfill its promise of making your lawyers more effective and firm-client relationships more collaborative.

Takeaways:

  • Identify possible search functions
  • Visualize the future of search in your law firm
  • Learn how you can prepare for the future of search
  • Hear Case Studies from two law firms to improve search

Speakers include: Todd Friedlich, Sr. Manager of KM Technology and Innovation Ropes & Gray; Douglas Freeman, Knowledge Systems Manager White & Case LLP; Glenn LaForce, EVP / Chief Strategy Officer Handshake Software; Peter Wallqvist, VP of Strategy iManage.

And, of course, you don’t want to miss the Exhibit Hall Opening Reception from 7:00 PM – 9:00 PM ET, where they’ll “beam you up” into another realm of space and science fiction. As always, this is a great opportunity to visit with exhibitors and tour the Exhibit Hall in a relaxed setting and hors d’oeuvres and beverages will be served.

So, what do you think?  Are you planning to attend ILTACON this year?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Plaintiff Sanctioned for Spoliation of Evidence in His Case Against Taylor Swift: eDiscovery Case Law

In Mueller v. Swift, No. 15-cv-1974-WJM-KLM (D. Colo. July 19, 2017), Colorado District Judge William J. Martinez ruled that “Plaintiff’s loss or destruction of the complete recording of the June 3, 2013 conversation [between the plaintiff and his supervisors] constitutes sanctionable spoliation of evidence”, but rejected the defendants’ request to make a finding of bad faith and to give the jury an adverse inference instruction, opting instead for permitting the defendants to cross-examine the plaintiff in front of the jury regarding the record of his spoliation of evidence.

Case Background

In this case against the defendants for tortious interference with the plaintiff’s employment contract and one defendant’s counterclaims for the torts of assault and battery over a well-publicized claim of inappropriate touching, the plaintiff met with his superiors at the radio station where he worked on June 3, 2013 to discuss the defendant’s claim of inappropriate touching. Unbeknownst to the supervisors at the time, the plaintiff made an audio recording of their conversation.  The following day, the plaintiff was terminated from his employment by one of the supervisors, who explained that one reason for the plaintiff’s termination was because he perceived Plaintiff had “changed his story that it couldn’t have occurred, then that it was incidental.”

At some point thereafter, well after having first contacted an attorney regarding potential legal action, the plaintiff edited the audio recording of the conversation, and then sent only “clips” of the entire audio file to his attorney.  According to his testimony, the plaintiff edited the audio file on his laptop computer, on which he also retained a full copy of the original audio file(s).  However, he claimed that he spilled coffee on the keyboard of his laptop and was given “a new machine” by the Apple Store and he didn’t retain the hard drive from the old laptop.  The plaintiff also kept an external hard drive “to store audio files and documents”, and the complete audio recording was saved on this drive, but he indicated that, at some point, it “stopped working.”  At his deposition, the plaintiff testified that he “may have kept” this hard drive, but that because it was “useless” he “[didn’t] know if I discarded it because it was junk”. As a result, the complete audio file was never produced and the defendants moved for a Court-imposed sanction for spoliation of evidence, and for the Court to give the jury an adverse inference instruction at trial, to direct the jury “that the entirety of the June 3, 2013 audio recording would have been unfavorable to Plaintiff.”

Judge’s Ruling

Judge Martinez ruled that the plaintiff had a duty to preserve the recording, that the recording was “relevant to numerous disputed facts and issues” in the case, that the defendants were prejudiced by the loss of evidence and that the degree of culpability warrants a sanction.  While declining to make a finding that the plaintiff acted in bad faith, Judge Martinez indicated that the “spoliation falls higher up on the ‘continuum of fault’” than mere negligence”, noting that it was “troubling” that the plaintiff also threw out his cell phone, months after the litigation was filed, noting “it may have been the device that he originally used to record the June 3, 2013 conversation”.

As a result, Judge Martinez concluded that “Plaintiff’s loss or destruction of the complete recording of the June 3, 2013 conversation constitutes sanctionable spoliation of evidence”, but, determining that the defendants’ request for an adverse inference instruction sanction “would be unduly harsh in the circumstances of this case”, deciding instead to permit the defendants to cross-examine the plaintiff in front of the jury regarding the record of his spoliation of evidence.

So, what do you think?  Was that an appropriate sanction given the lack of finding of bad faith?  Please share any comments you might have or if you’d like to know more about a particular topic.

Case opinion link courtesy of eDiscovery Assistant.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Retired NIST Expert Says His Advice on Creating Passwords was Wrong: Cybersecurity Best Practices

If you’re a person who takes password security seriously and followed advice to create passwords that use a combination of lower and upper case letters, numbers and special characters to foil hackers, good for you.  Unfortunately, that advice was wrong, according to the National Institute of Standards and Technology (NIST) and the retired expert who authored that advice in the first place.

According to The Wall Street Journal (The Man Who Wrote Those Password Rules Has a New Tip: N3v$r M1^d!, written by Robert McMillan), the author of an 8-page primer written in 2003 which advised people to protect their accounts by inventing awkward new words rife with obscure characters, capital letters and numbers – and to change them regularly – has admitted the advice was largely incorrect.

Back in 2003, as a midlevel manager at NIST, Bill Burr was the author of “NIST Special Publication 800-63. Appendix A.”  The document became a sort of Hammurabi Code of passwords, the go-to guide for federal agencies, universities and large companies looking for a set of password-setting rules to follow.

The problem is the advice ended up largely incorrect, Burr says. Change your password every 90 days? Most people make minor changes that are easy to guess, he lamented. Changing Pa55word!1 to Pa55word!2 doesn’t keep the hackers at bay.  The advice that demanded a letter, number, uppercase letter and special character – such as an exclamation point or question mark was also wrong.  Years of research has shown that these measures actually don’t do that much to foil hackers.

“Much of what I did I now regret,” said Burr, 72 years old, who is now retired.

In June, Special Publication 800-63 got a thorough rewrite, led by Paul Grassi, an NIST standards-and-technology adviser, which resulted in removal of several of these password commandments.  The new guidelines, which are already filtering through to the wider world, drop the password-expiration advice and the requirement for special characters, Grassi said. Those rules did little for security—they “actually had a negative impact on usability,” he said.

NIST’s newly updated guide instead encourages a long, easy-to-remember string of words instead.  In a widely circulated piece, cartoonist Randall Munroe calculated it would take 550 years to crack the password “correct horse battery staple,” all written as one word whereas the password Tr0ub4dor&3 (a typical example of a password using Burr’s old rules) could be cracked in three days, according to Mr. Munroe’s calculations, which have been verified by computer-security specialists.

With data accumulated over the last decade or so (which wasn’t available to Burr back then), experts have concluded that the password recommendations from 2003 don’t work because we tend to gravitate toward the same old combinations over and over.  With that in mind, Grassi thinks his former colleague Burr is being a little bit hard on himself over his 2003 advice.

“He wrote a security document that held up for 10 to 15 years,” Grassi said. “I only hope to be able to have a document hold up that long.”

So, what do you think?  Do you use 2003 recommendations to create your passwords?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Here’s a Chance to Learn Whether an On-Premise or Off-Premise Solution is Right For You: eDiscovery Best Practices

Today, when consumers are considering their eDiscovery technology choices, there are more factors to consider than ever. In addition to considering the functionality of the software application, you now also have to consider whether to buy or “rent” the application, how the software is delivered to you and whether it’s required to be within your firewall or can be an off-premises solution.

On Wednesday, August 30 at noon CST (1:00pm EST, 10:00am PST), CloudNine will conduct the webcast On Premise or Off Premise? A Look at Security Approaches to eDiscovery.  This one-hour webcast will discuss different on-premise and off-premise eDiscovery solution options and considerations for each. Topics include:

  • Drivers for eDiscovery Technology Solution Decisions Today
  • eDiscovery Industry Market Trends and Their Relation to General Industry Trends
  • What Law Firms are Saying about the Technology
  • What Industry Analysts are Saying about the Technology
  • The Cloud vs. No Cloud Debate
  • Why Not All Cloud Solutions Are the Same
  • A Comparative Approach to eDiscovery Technology
  • Putting a Face on Solutions and Risks
  • Key Components of an eDiscovery Technology Solution

I’ll be presenting the webcast, along with (for the first time) Tom O’Connor, who is now a Special Consultant to CloudNine!  If you follow our blog, you’re undoubtedly familiar with Tom as a leading eDiscovery thought leader (who we’ve interviewed several times over the years) and I’m excited to have Tom as a participant in this webcast!  To register for it, click here.

So, what do you think?  Do you use on-premise, off-premise or a combination for your eDiscovery solution(s)?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

“Summer” More Confident in eDiscovery Business Than Others: eDiscovery Trends

See what I did there?  :o)

The results are in from the Complex Discovery Summer 2017 eDiscovery Business Confidence Survey, which concluded last week and (as was the case for the 2016 Winter, Spring, Summer and Fall surveys and the 2017 Winter and Spring surveys) the results are published on Rob Robinson’s terrific Complex Discovery site.  How confident are individuals working in the eDiscovery ecosystem in the business of eDiscovery?  Let’s see.

As always, Rob provides a complete breakdown of the latest survey results, which you can check out here.  As I’ve done for the past few surveys, I will primarily focus on trends over the past four surveys to see how the responses have varied from quarter to quarter and will take a look at a year over year comparison to the Summer 2016 survey.

The Summer 2017 Survey response period was initiated on July 6, and continued until registration of 100 responses by July 31 (this survey was capped at 101). Rob notes that this limiting of responders to 100 (or so) individuals is designed to create linearity in the number of responses for each quarterly survey.  So, in the future, if you want your voice heard, respond early!

Percentage of Provider Respondents Remains High: Of the types of respondents, 56.4% were either Software and/or Services Provider (39.6%) or Consultancy (16.8%) for over half of respondents as some sort of outsourced provider (over half of total respondents – I’m counting law firm respondents as consumers even though they can also be providers as well).  Law firm respondents comprised a majority of the remaining respondents with 34.6%.  No other type of respondents was over 3%.  Here’s a graphical representation of the trend over the past four quarters:

When comparing this year’s Summer survey to last year’s survey, the survey is less diverse than it was a year ago, especially with regard to the percentage of “Other” respondents.  Last year’s survey had 168 respondents, so it was before the cap of approximately 100 respondents was set:

Just Over Half of Respondents Consider Business to Be Good: Over half (53.4%, to be exact) of respondents rated the current general business conditions for eDiscovery in their segment to be good, with only 5% rating business conditions as bad.  Last quarter, those numbers were 52.9% and 6.7% respectively, so this quarter reflects slightly more bullish than last quarter, our second up quarter in a row.  Will the momentum continue?  We’ll see.  Here is the trend for the last four quarterly surveys:

When comparing against last year’s Summer survey, respondents this Summer are considerably more bullish as they were a year ago (only 47.6% rated the current general business conditions for eDiscovery in their segment to be good in 2016).  So, no summer doldrums this year, at least with regard to general business conditions:

Most Still Expect eDiscovery Business Conditions to be as Good or Better Six Months From Now: Most respondents (93.1%) expect business conditions will be in their segment to be the same or better six months from now (good, but down from last quarter’s 96.2%), and the percentage expecting business to be better fell to 43.6%.  Revenue (at combined 94.1% for the same or better) rose from the last quarter, while profit (combined 89.1%) dropped from last quarter.  Here is the profits trend for the last four quarterly surveys:

When compared against last year’s Summer survey, the distribution for profits six months from now in this year’s survey is comparable to last year’s Summer results with a 0.6% increase of respondents expecting higher profits and a 3.7% decrease of respondents expecting lower profits:

For the First Time, Increasing Types of Data is Most Impactful to eDiscovery Business: Increasing Types of Data was the top impactful factor to the business of eDiscovery over the next six months at 21.7% (almost twice the percentage as last quarter) with Increasing Volumes of Data and Budgetary Constraints next up at 20.8% each (so, one vote away from a three way tie).  Lack of Personnel was next up with 14.9%, followed by Data Security (11.9%) and Inadequate Technology (at 9.9%) bringing up the rear.  The graph below illustrates the distribution across the most recent four quarterly surveys.

A year ago, Increasing Volumes of Data edged out Budgetary Constraints as the most impactful to eDiscovery business (with Increasing Types of Data a distant fifth, less than half of this year’s percentage).  It will be interesting to see if the move up by Increasing Types of Data signals a trend or just a one-time anomaly:

Executive Leader and Management Respondents Comprise the Majority: Executive Leadership respondents dipped slightly down to 41.6% of respondents (from 44.2% last quarter), while Operational Management respondents rose to 34.6% – a total of 76.2% respondents from leadership and management roles.  Tactical Execution respondents dropped to 23.8%.  Here’s the breakdown of the last four quarters:

The survey is less distributed than last year, where the response groups were fairly even.

Again, Rob has published the results on his site here, which shows responses to additional questions not referenced here.  Rob has also provided his own observations about the results here.  Check them out.

So, what do you think?  What’s your state of confidence in the business of eDiscovery?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

ILTACON 2017 Preview Edition: eDiscovery Trends

Believe it or not, it’s almost time for another ILTACON!  ILTACON is the annual conference for the International Legal Technology Association (ILTA).  This year, it is being held in Las Vegas (baby!) at the Mandalay Bay Hotel and Resort.  And, once again, eDiscovery Daily will be covering the show!  If you’re in the Las Vegas area, you may want to check out a few of these sessions regarding eDiscovery and Information Governance.

Technically, ILTACON opens in 6 days with the annual golf tournament, orientation and opening reception happening on Sunday.  Oh, and (as always) every day starts with Yoga and Zumba at 6:30am!  However, the Keynote and Educational Sessions start a week from today, on Monday, the 14th.  Here are a few sessions to check out (including one that I’m speaking on at 9am on Wednesday, just sayin’):

Monday, 08/14/2017:

Challenging ESI Sources, 11:00 AM – 12:00 PM PT: Judge Peck and Craig Ball will discuss the technical and legal issues related to the most challenging electronically stored information (ESI) sources they have dealt with over the past six months in eDiscovery. Learn how to prepare and deal with these challenges in your own matters.

The Cloud vs. No Cloud Debate, 1:00 PM – 2:00 PM PT: More and more vendors are moving to cloud models, which can put you in a difficult spot. How do you successfully make the case to move to these cloud solutions? How do you address risk concerns from your firm’s leadership and clients? Can you comply with a client’s “no cloud” demands while leveraging cloud technology? Let’s explore the cloud vs. no cloud debate and prepare you for Tuesday’s session on “Real-World On-Prem to Cloud Migrations.”

And, of course, you don’t want to miss the Exhibit Hall Opening Reception from 7:00 PM – 9:00 PM PT, where the exhibitors will create their own spin on our Vendor Galaxy theme, competing for our annual Best of ILTA awards for 1st, 2nd and 3rd. Have fun walking around the exhibits while enjoying food, drinks and space-age entertainment.

Tuesday, 08/15/2017:

A Deep Dive into Project Management in Litigation Support, 11:00 AM – 12:30 PM PT: Take a deep dive into advanced litigation support project management (PM) principles. This workshop will be led by three high-level eDiscovery strategists and is designed for professionals who live in the trenches of complex litigation support management. Learn principles you can leverage and apply immediately to improve your organization’s PM maturity.

Real-World On-Prem to Cloud Migrations, 3:30 PM – 4:30 PM PT: A panel of peers from firms with experience migrating on-premises systems to the cloud will discuss how their cloud strategies were formed; what moved when and resource allocation; what to look for in a cloud provider; affected business processes; level of effort (time, cost, etc); cloud growth projections; addressing client data audits; and security concerns and challenges. This is a follow-up to Monday’s session on “The Cloud vs. No Cloud Debate.”

Wednesday, 08/16/2017:

eDiscovery Industry Resources, 9:00 AM – 10:00 AM PT: There are many industry resources for professionals in eDiscovery, including Women in eDiscovery, ILTA, ACEDS, EDRM and Sedona. How can you get involved with these organizations, and what are the benefits of becoming a member? Speakers from each organization will share how they can help you and your team.

Ediscovery Data and Records Collaboration, 3:30 PM – 4:30 PM PT: A closed matter is just the beginning to what can often be a complex data storage process. What information gets returned to the client? What data sets get destroyed? What data do you need to keep? From understanding your client’s records retention strategy to having a step-by-step plan with records managers, a collaborative strategy is necessary to ensure records are safeguarded and processes are compliant.

Thursday, 08/17/2016:

Data Analytics for Information Governance, 2:00 PM – 3:00 PM PT: Whether you’re in a law firm or corporate environment, using data and key metrics can improve your information governance (IG) and system performance. What types of data should you be evaluating, and how to do find the value of it? How can you create the ideal information governance framework by distilling data into building blocks that tie together? We’ll examine case studies to demonstrate data-driven decisions made throughout the building and remodeling of successful IG programs.

We will cover all of the eDiscovery and Information Governance related sessions next week and will provide a post-show wrap up at the end, so look for that next week!  Viva Las Vegas!

So, what do you think?  Are you going to ILTACON next week?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Test Your Searches Before the Meet and Confer: eDiscovery Replay

Sometimes, even blog editors need to take a vacation.  But, instead of “going dark” for the week, we thought we would re-cover some topics from the past, when we had a fraction of the readers we do now.  If it’s new to you, it’s still new, right?  Hope you enjoy!  We’ll return with new posts on Monday, August 7.

This was one of the “pitfalls” and “potholes” in eDiscovery we discussed in a recent webcast.  Click here to learn about others.

One of the very first posts ever on this blog discussed the danger of using wildcards.  For those who haven’t been following the blog from the beginning, here’s a recap.

Years ago, I provided search strategy assistance to a client that had already agreed upon several searches with opposing counsel.  One search related to mining activities, so the attorney decided to use a wildcard of “min*” to retrieve variations like “mine”, “mines” and “mining”.

That one search retrieved over 300,000 files with hits.

Why?  Because there are 269 words in the English language that begin with the letters “min”.  Words like “mink”, “mind”, “mint” and “minion” were all being retrieved in this search for files related to “mining”.  We ultimately had to go back to opposing counsel and attempt to negotiate a revised search that was more appropriate.

What made that process difficult was the negotiation with opposing counsel.  My client had already agreed on over 200 terms with opposing counsel and had proposed many of those terms, including this one.  The attorneys had prepared these terms without assistance from a technology consultant (I was brought into the project after the terms were negotiated and agreed upon) and without testing any of the terms.

Since they had been agreed upon, opposing counsel was understandably resistant to modifying the terms.  The fact that my client faced having to review all of these files was not their problem.  We were ultimately able to provide a clear indication that many of the terms in this search were non-responsive and were able to get opposing counsel to agree to a modified list of variations of “mine” that included “minable”, “mine”, “mineable”, “mined”, “minefield”, “minefields”, “miner”, “miners”, “mines”, “mining” and “minings”.  We were able sort through the “minutia” and “minimize” the result set to less than 12,000 files with hits, saving our client a “mint”, which they certainly didn’t “mind”.  OK, I’ll stop now.

However, there were several other inefficient terms that opposing counsel refused to renegotiate and my client was forced to review thousands of additional files that they shouldn’t have had to review, which was a real “mindblower” (sorry, I couldn’t resist).  Had the client included a technical member on the team and had they tested each of these searches before negotiating terms with opposing counsel, they would have been able to figure out which terms were overbroad and would have been better prepared to negotiate favorable search terms for retrieving potentially responsive data.

When litigation is anticipated, it’s never too early to begin collecting potentially responsive data and assessing it by performing searches and testing the results.  However, if you wait until after the meet and confer with opposing counsel, it can be too late.

So, what do you think?  What steps do you take to assess your data before negotiating search terms?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.