Archives for rvm

eDiscovery in O365 is Easy, But Still Best Left to the Experts

By Sean King, Chief Operations Officer

I admit it. I do my own taxes.  I like the control I have in organizing my finances and filling out a ridiculously complex set of forms and fields. Honestly, I do my own taxes because the software that is available makes completing it much easier. But despite the “risk meter” shown by the software, every year after I complete the process and triple-check all of my information, I never feel confident I did it 100 percent correctly. I worry about the potential for an audit and the stiff penalties that accompany a failed audit.

A lot of technology that has rolled out in the last few years takes complex tasks and reduces them to everyday functions. With cloud-based solutions like Office 365, management of a company’s email and legal functions that relate to data management and information governance are becoming routine. As someone who has spent his career working with and around legal professionals, I wonder whether we realize the potential legal risk that presents.

Recently I moderated an RVM webinar, Office 365 – The Unseen Legal Risks, where we elaborated on some of those risks inherent in the implementation and use of Office 365. There is an expectation of compliance, process, and collaboration that has greatly expanded over the years as new technology, such as predictive coding and technology-assisted review (TAR), has become more acceptable in the mainstream, as noted in court opinions from matters like Moore v. Publicis Groupe (287 F.R.D 182 (S.D.N.Y. 2012) or in Winfield v. City of New York, 2017 US. Dist. LEXIS 194413 (S.D.N.Y. Nov 27, 2017) where Judge Parker directed the City to use TAR instead of linear review. This trend is further complicated by cloud-based systems like Office 365.

As you may be aware, the heavy lifting in completing personal income taxes is the overall questionnaire. During this stage you enter in your family information, where you live, your W2 data, investments, etc. If you read or interpret the question wrong, the best tax calculator in the world won’t be able to help you.

Same thing with Office 365.

In Office 365, you need to create your rules and establish how your data will look. Companies who choose to go with an “out of the box” setup in their application may get a nasty surprise when it comes time to pull data for an investigation. One such example we learned about was how long Microsoft will store data. Your company policy may be to keep emails for one year, but if you’re not aware of your settings, you could be responsible for producing emails going back much farther.

There are other legal concerns as well, using a product that proudly associates with “the cloud,” which suggests that the data is in an unknown location. This could present jurisdictional concerns or GDPR compliance issues, as your responsibility for producing data or protecting privacy may hinge on the country or region in which your data is being stored. Just because your data is not in the United States does not protect it from the U.S. courts, and being an American company does not mean that your U.K.-based data is exempt from GDPR compliance.

Another important concern is whether like me and my taxes, companies are performing tasks that are perhaps best left to certified professionals. Typically, a company that receives a document request or subpoena will engage in a process overseen by a lawyer or outside counsel. But, with Office 365, it becomes easy for a company to bypass much of that process, believing that the risk is low. But, is that enough? What if I misinterpret or do not understand the function of search or analytics in O365 and do not get the right results?  Will I even know if it is right?  Do I know what O365 is NOT giving me, and should?  While it may seem easy, it may not be done correctly to meet discovery or evidentiary requirements.

RVM has written in the past about self-collection and the risks that it can entail. The logical interface and robust nature of O365 could lead even more companies down a road that we previously described as similar to driving with too little insurance: it may save in the short run, but in the long-term you’ll likely end up paying more.

Finally, Office 365 gives companies the ability to analyze and review documents.  As a litigation support professional, I recognize the power and effectiveness of this kind of technology, as have the courts who have started encouraging the use of analytics during document review. But, in the hands of someone lacking the proper training, such a tool becomes highly ineffective, resulting in potentially deficient production that can negatively impact summary judgments. The key question as we learned from Allan Johnson, from Actium LLP, was whether you are able to speak to the results you achieved and the process used to get those results. The best way to guarantee that is to ask about your O365 environment from your IT person or consultant and work with an experienced forensics professional familiar with O365.

We as professionals have a requirement and a duty to understand the technology that we use every day. I am concerned by the lack of understanding that companies exhibit about their Office 365 licensing, functionality, setup, and workflows. The courts will not accept ignorance as a legitimate rationalization for failing to meet the standards of legal competence, and most companies cannot afford the fallout from a negative ruling.

Doing your taxes on your own might be one thing, letting anyone do email collection and export might be a level of risk we should not take for granted.

 

Learning from Equifax: Preparing for a Cybersecurity Breach

by Danielle McGregor

 

data server bankOn March 1, Equifax announced that its 2017 data breach affecting over 140 million Americans had actually affected over 2 million MORE than previously reported. The initial breach took place on July 29, 2017, but wasn’t made known to the public until September 7, over a month later. For a month, information such as driver’s license numbers, birth dates, and social security numbers were exposed without their knowledge, and as a result Equifax and its reputation were excoriated.

Unfortunately, data breaches like this are not uncommon, and, in fact, might be becoming a norm rather than an exception. We need to ask ourselves what have we done to prepare for a data breach and do I have access to technologies that will allow me to respond quickly and efficiently?

Earlier this month, The Sedona Conference released an Incident Response Guide that addressed this scenario. Their guidance was for every company to have an Incident Response Plan in place for handling data breaches. This plan should be broad enough to cover any scenario, but provide key actionable details so that should the unthinkable happen in the middle of the night, everyone knows who to call first. The first step in the plan is to identify what format of data the organization has (e.g., digital, or paper) and where it is located.

RVM recommends that any protocol include three basic steps to minimize the risk to the public as well as mitigate any potential public relations fallout.

Step 1 – Determine the nature of the breach and fix it! This is easier said than done. The company’s IT department or technology experts have to determine what vulnerabilities may have given outsiders access to their information and plug the hole. This is important from a business perspective, but also very helpful when assuring the public that the problem will not be repeated in the future.

Step 2 – Engage a Data Forensic Team that can isolate the affected systems and collect the images of the breached data for your review and analysis. This will help to determine the extent of the damage of the breach by identifying affected parties, data sources, and the sensitivity of the information that was stolen.

Step 3 – Consult with legal counsel to determine what the law states in regards to a duty to notify and who should be notified. Determining what type of information was accessed will provide guidance for who outside of the governmental entities will need to be notified. While transparency may open you up to scrutiny, it will also help to establish a level of trust with the authorities and the general public.

Most states require that notice be given “without unreasonable delay.” For example, New York State requires that consumer notice be given in the “most expedient time possible and without unreasonable delay.” (N.Y. Gen. Bus. Law § 899-AA, N.Y. State Tech. Law 208) However, some states have a specific date limitation. Vermont requires that consumer notice be made “in the most expedient time possible and without unreasonable delay, but no later than 45 days after discovery.” (9 V.S.A. § 2435)

With so much on the line, time is of the essence, so it is critical to identify the affected information/data as quickly as possible. This is where analytics comes into play.

Doing simple linear review in these cases can take a lot of time, especially if the amount of data breached is large. Leveraging a large variety of processes, analytics can help narrow down the data or help to identify what is in the data.

After a data breach, analytics can help a company determine whether personally identifiable information (PII) was exposed and identify the documents in which this information is held. This is possible through the use of fact first, the idea of prioritizing what is known. What types of sensitive information could be accessed? What information is the most damaging?

RVM’s analytics team typically starts by identifying standard PII, which includes social security numbers, bank card numbers, etc. With the use of technology and our analytics experience, we can quickly identify documents that contain social security information and isolate those documents for review. After the breached data is identified, the next step is to determine whether it contained trade secrets or privileged information. When you know what you are looking for, analytics can help shorten the time spent on the search.

A large-scale data breach can be a scary event for any organization, no matter the size. However, by adequately preparing for this likelihood and applying sound analytics, it is possible to mitigate the damages and maintain a positive relationship with stakeholders. In particular, companies with large volumes of sensitive data may do well to work with an advisor capable of developing a plan and implementing it.

While no company wishes to go through this ordeal, the important thing is to take the proper steps to minimize the likelihood of it happening again.

Keeping in Step with eDiscovery

Like many people, I am obsessed with my fitness tracker.

Not only do I participate in weekly challenges with friends and strangers alike to see who takes the most steps per day, but I also rely on the heart rate monitor to initiate breathing exercises in order to alleviate stressful situations (hello airplane turbulence!). And, while my collection of non-smart watches gathers dust in the dresser, I’ve added classier bands to accessorize my tracker. Through a smartphone app I can generate a report on how many miles I’ve walked, stairs I’ve climbed, calories I’ve burned and when I’m active or inactive. And for those who haven’t hopped on the fitness band-wagon, the handy iPhone can often collect all the same data as a wearable.

smart watch

The Gartner research company forecasted earlier this year that “8.4 billion connected things will be in use worldwide in 2017, up 31 percent from 2016, and will reach 20.4 billion by 2020.”  That’s a lot of information!

So what’s the takeaway from this story? Evidence.

Since the advent of email, litigators have been required to think literally out of the box for discoverable evidence. And, as technology advances, attorneys are increasingly expected to be “sufficiently versed in matters relating to their clients’ technological systems to discuss competently all issues relating to electronic discovery.” Gone are the days when a simple forensic collection of email and loose files from the company network were sufficient.

In 2014 a Canadian law firm set a legal precedent in a personal injury case by using data from a Fitbit fitness tracker to prove that their client suffered detrimental effects from an accident that resulted in decreased physical activity. In that case, the key data came from a Fitbit, but the same principles can apply to data from apps, social media accounts and more. Already criminal law practitioners are looking to use data from pacemakers, key fobs, interactive smart speakers and electronic personal assistants such as Amazon’s Alexa or Apple’s Siri. Connectivity is the new norm, and as a result lawyers have an ever-expanding pool of potentially relevant information to sift through.

Having an acute awareness of these new potential sources of electronically stored information (ESI) is only the first step in staying on top of your eDiscovery game. Amendments to Rule 902 of the Federal Rules of Evidence, set to take effect December 1, 2017, give preferential treatment to ESI “collected in a forensically sound manner,” which preserves the audit history and maintains a strict chain of custody. So resist the urge to have your client self-collect.

Going into the holiday season, amid the flood of advertisements for the latest gadgets and gizmos, keep in mind those very same devices could hold critical evidence for a future case!

###

RVM to Participate in the 2017 NAMWOLF Annual Meeting & Law Firm Expo in September

In alignment with our dual passions for education and diversity, RVM is pleased to be a sponsor and CLE presenter at the 2017 NAMWOLF Annual Meeting & Law Firm Expo September 17-20, 2017 in New York City.  The National Association of Minority & Women Owned Law Firms, founded in 2001, is committed to promoting diversity in the legal profession by fostering successful relationships among preeminent minority and women owned law firms and private/public entities.  The event is full of networking opportunities and continuing legal education sessions on provocative and poignant topics that face legal professionals today.

RVM’s Manager of Education & Development, Talia Page,  will be moderating an esteemed and diverse panel of attorneys from around the country on a topic entitled OMG, There’s Evidence in My Pocket!? How the Proliferation & Accessibility of Data Affects Discovery, & What You Need to Know about the New Federal Rules on Monday September 17th from 1:45pm-2:45pm.  In this session, we will address hot topics and trends in eDiscovery using recent case law to work through some of the challenging issues litigators face in the digital age in light of the new Federal Rules.  For more information on NAMWOLF and other CLE opportunities, visit www.namwolf.org.

Corporate Counsel Magazine Recognizes RVM as a Top Provider in Litigation Services

The votes are in, results counted and RVM Enterprises, Inc., a leader in the eDiscovery industry, takes the top spot in six of Corporate Counsel Magazine’s “Best of Corporate Counsel” annual supplement, it announced today.  RVM was recognized as a top service provider in nine categories across its service offerings in total.

Corporate Counsel Magazine Recognizes RVM as a Top Provider in Litigation Services

RVM took first place in the following categories:

  • Best End-to-End Litigation Consulting Firm,
  • Best Technology Assisted Review eDiscovery Solution,
  • Best Managed eDiscovery & Litigation Support Service Provider,
  • Best Data & Technology Management eDiscovery Provider,
  • Best Data Recovery Solution Provider,
  • Best Information Governance Solution.

It was also recognized in the areas of Expert Witness Provider, Managed Document Review Services, and End-to-End eDiscovery Provider. Voting was conducted via online ballot and was limited to those working within in-house corporate legal and compliance departments. In total, 1500 votes were cast. The results are published in Corporate Counsel’s special supplement, Best of Corporate Counsel.

“We are thrilled to be recognized in nine categories across the full range of RVM’s services. RVM is honored to have ranked first in six of those categories, and remains focused on enhancing and innovating our services,” said Vincent Brunetti, Chief Executive Officer of RVM Enterprises, Inc. “I am extremely proud that our clients, the readers of Corporate Counsel, have bestowed RVM with this honor.”

RVM Recognized Amongst The “20 Most Promising Legal Technology Solution Providers 2017” by CIO Review

CIO Review Magazine released their Legal Technology special edition and have recognized RVM Enterprises, Inc. in an elite group of the 20 Most Promising Legal Technology Solution Providers 2017.

RVM’s Chief Technology Officer, Geoffrey Sherman, was interviewed in honor of the recognition and spoke about RVM, our products, and the eDiscovery landscape. As CTO, Geoffrey is committed to innovating the architecture, security, progression and maintenance of RVM’s corporate infrastructure. He leads a team of engineers and support administrators that serve RVM’s staff and clients.

“The eDiscovery ecosystem is transforming like never before. Technology-enabled eDiscovery solutions and tools are simplifying litigation processes and minimizing errors. However, with the profliferation of data, organizations are struggling to identify, collect and manage electronically stored information, impeding their ability to make informed decisions,” says Geoffrey Sherman.

Read more here.

RVM is proud to be recognized for our services and is committed to excellence for our customers.

 

 

RVM Announces Enterprise Release of the RVM Tracer

 

RVM Tracer LogoRVM Enterprises, Inc., a leader in the eDiscovery industry, today announced the launch of the Enterprise Edition of their signature product, RVM TracerTM. The Tracer is an early assessment solution used to quickly view any suspicious activity on a user’s computer. The RVM TracerTM doesn’t replace a full forensic investigation; but is an easy to use, cost effective first look at determining if there are red flags in a user’s history that would spark a full forensic investigation.

Since its introduction last year, the existing offering of TracerTM now being called Tracer Standard Edition has been used by clients worldwide to triage a user’s computer and determine whether there’s been any potential corporate intellectual property theft.

Based on the success of Tracer, large organizations have requested more control over the tool to generate reports immediately, retain all investigatory information locally, centralize collection information, and to provide a licensing model for enterprise use. As a result, RVM has simplified the challenges that large organizations face by allowing them the ability to manage investigations behind their firewall. RVM TracerTM Enterprise Edition provides enterprise reporting, collection device management, and introducing subscription based licensing.

“The release of the Enterprise Edition of RVM TracerTM will allow clients to have more control over their Tracer implementations. Clients will be able to quickly deploy Tracer and receive reports without any information ever leaving their organization,” said Greg Cancilla, RVM’s Director of Forensics and New York Law Journal’s four-time “Best Individual Expert Witness.”

The RVM TracerTM Enterprise and Standard Edition offerings is part of RVM’s commitment to bring innovative products and services to our clients in a continuous effort to better assist their business needs and interests.

In June 2016, RVM was awarded first place as the Best End-to-End eDiscovery Provider and Best End-to-End Litigation Consulting Provider in the inaugural Best of Corporate Counsel. In 2015, RVM was named Best End-to-End eDiscovery Provider by both the New York and New Jersey Law Journals

eDiscovery Technology Training for the Diverse Adult Learner

Being born in 1980, I’ve struggled with a bit of generational identity crisis. Growing up, I longed to be part of the Generation X that represented all of my tall-haired, effortlessly cool celebrity icons of the 80s. Alas, my year of birth fell right on the fence between Generation X’s punk rock cool and the technologically-obsessed, mistaken-as-entitled Millennials.

In the workplace, as Manager of Education and Development for RVM, I still find myself riding that line, at times struggling to reach and influence such a diverse community of clients and coworkers in my training programs. Depending on who you’re talking to, technology is seen as an exciting advantage over past methodologies or an intimidating but necessary evil. Especially in the realm of litigation support. Sometimes, a person’s take on technology is influenced by their generation and habits they’ve developed throughout their lives. However, the unavoidable truth is if you want to stay competent and competitive in litigation support, you’ve got to understand the applicable technology.

Best Practice

Full disclosure, I’ve studied Andragogy, which is the method and practice of teaching adults. What I’ve found to be most applicable to the challenge of training attorneys and litigation support staff in eDiscovery technology is the concept of Self-Directed Learning (SDL). To successfully incorporate SDL, an eDiscovery training program must:

  1. Meet the trainees where they are, respecting the extensive breadth of knowledge that each trainee brings to the table
  2. Include sufficient resources and support following training and
  3. Include an opportunity for trainees to evaluate and provide feedback on the training program.

Lawyers, Paralegals, and legal support staff are generally highly educated, hard-working, and successful individuals who have already established traditional ways of doing things such as legal research from books (gasp!) or paper document review (double gasp!!) which worked well for them in the past. There’s no doubt that technology has changed the legal industry, and continues to do so.

eDiscovery Technology Training for the Diverse Adult Learner

The Plan in Action

One way I gauge the temperature of my training audience is to send an information gathering survey in advance asking what they want to get out of the session, and what they absolutely don’t want to cover. This way, I can customize the content and not waste their valuable time covering topics they don’t need. For support and resources, we at RVM pride ourselves on the skill and responsiveness of our Client Services department, making ourselves available by phone and email to answer follow-up questions or provide troubleshooting on any of the applications we support. This helps minimize the frustration that typically comes with learning a new technology.

Finally, the most humbling component of this process, and arguably the most important is the evaluation process. I seek honest critical feedback on what worked, what didn’t, and what the trainees would like to change for future training programs. This gives my trainees an opportunity to contribute to future training success by sharing their feedback, perspectives, and experiences.

One Last Thing

eDiscovery technology is not going away, and in fact it is becoming more sophisticated. Legal professionals are staying in the workforce longer and as younger generations enter the industry, they strive to become contributing members of the team. Which means it becomes imperative that continuing education and training programs adapt to meet the needs of our varied and diverse adult workforce. In my opinion, there is no magical formula for successful eDiscovery training, but if I can at least convince my training resistant colleagues that it is a challenge worth tackling, I have won half the battle. I’d like to leave you with a quote from the education scholar, Deborah Meier “Teaching is listening. Learning is talking”.

RVM Offers Affordable Way To Simplify The Discovery Process: Eclipse

We’re proud to announce that RVM Enterprises, Inc. now offers Eclipse, the web-based review component on Ipro’s integrated workflow platform called Automated Digital Discovery (ADD). RVM will be employing Eclipse’s analytics capabilities, including Technology Assisted Review and ADD workers, for fully automated processing. By using the applications within the ADD platform, data can be automatically copied, processed, filtered and loaded into Eclipse to be reviewed quickly; providing fully interactive Early Case Assessment capability.RVM Eclipse

“By utilizing components of Ipro’s ADD platform with Eclipse, we can offer clients a more affordable way to process, track, review and produce evidence,” said Geoffrey Sherman, Chief Technology Officer of RVM.

“We are honored to be a part of the long-term growth strategy at RVM,” said Geoff Schmidt, Ipro’s Regional Vice President. “By leveraging the ADD platform, RVM will be able to simplify the discovery process while passing along savings to their customers.”

With our long history of serving a diverse clientele with expansive global operations and eDiscovery demands, RVM remains dedicated to innovation and addressing the ever-changing business models in today’s legal and corporate environments.

RVM Expands Corporate Headquarters to Jersey City, NJ

RVM Enterprises, Inc., has announced plans to expand its corporate headquarters from 40 Rector Street in New York City to Jersey City, NJ in the spring of 2017.RVM Enterprises is relocating corporate headquarters to Newport Center

The opening of the Jersey City office in the Newport Tower at 525 Washington Blvd in Jersey City’s Waterfront section signals another milestone in our company’s growth. The Waterfront section of Jersey City, less than five miles from RVM’s current location, has become a natural extension of Manhattan’s business community and the home of many corporate headquarters in the region.

While RVM corporate functions will be centered in Jersey City, the company will maintain its New York presence including a state-of-the-art Managed Document Review Center.

Expansion is not new to RVM.  Earlier this year, RVM opened its London office and in 2015, RVM expanded its Managed Review Center in Cleveland. With its long history of serving a diverse corporate clientele with expansive global operations and eDiscovery demands, RVM remains dedicated to innovation to address the ever-changing business models in today’s legal and corporate environments.

“RVM’s growth is a continuing testament to our commitment to customer service, innovative solutions, and client satisfaction. We look forward to our expansion to New Jersey and the opportunity it gives us to broaden our outreach to the legal community.” said Vinnie Brunetti, CEO of RVM Enterprises, Inc.