Keeping in Step with eDiscovery

Like many people, I am obsessed with my fitness tracker.

Not only do I participate in weekly challenges with friends and strangers alike to see who takes the most steps per day, but I also rely on the heart rate monitor to initiate breathing exercises in order to alleviate stressful situations (hello airplane turbulence!). And, while my collection of non-smart watches gathers dust in the dresser, I’ve added classier bands to accessorize my tracker. Through a smartphone app I can generate a report on how many miles I’ve walked, stairs I’ve climbed, calories I’ve burned and when I’m active or inactive. And for those who haven’t hopped on the fitness band-wagon, the handy iPhone can often collect all the same data as a wearable.

smart watch

The Gartner research company forecasted earlier this year that “8.4 billion connected things will be in use worldwide in 2017, up 31 percent from 2016, and will reach 20.4 billion by 2020.”  That’s a lot of information!

So what’s the takeaway from this story? Evidence.

Since the advent of email, litigators have been required to think literally out of the box for discoverable evidence. And, as technology advances, attorneys are increasingly expected to be “sufficiently versed in matters relating to their clients’ technological systems to discuss competently all issues relating to electronic discovery.” Gone are the days when a simple forensic collection of email and loose files from the company network were sufficient.

In 2014 a Canadian law firm set a legal precedent in a personal injury case by using data from a Fitbit fitness tracker to prove that their client suffered detrimental effects from an accident that resulted in decreased physical activity. In that case, the key data came from a Fitbit, but the same principles can apply to data from apps, social media accounts and more. Already criminal law practitioners are looking to use data from pacemakers, key fobs, interactive smart speakers and electronic personal assistants such as Amazon’s Alexa or Apple’s Siri. Connectivity is the new norm, and as a result lawyers have an ever-expanding pool of potentially relevant information to sift through.

Having an acute awareness of these new potential sources of electronically stored information (ESI) is only the first step in staying on top of your eDiscovery game. Amendments to Rule 902 of the Federal Rules of Evidence, set to take effect December 1, 2017, give preferential treatment to ESI “collected in a forensically sound manner,” which preserves the audit history and maintains a strict chain of custody. So resist the urge to have your client self-collect.

Going into the holiday season, amid the flood of advertisements for the latest gadgets and gizmos, keep in mind those very same devices could hold critical evidence for a future case!


eDiscovery Technology Training for the Diverse Adult Learner

Being born in 1980, I’ve struggled with a bit of generational identity crisis. Growing up, I longed to be part of the Generation X that represented all of my tall-haired, effortlessly cool celebrity icons of the 80s. Alas, my year of birth fell right on the fence between Generation X’s punk rock cool and the technologically-obsessed, mistaken-as-entitled Millennials.

In the workplace, as Manager of Education and Development for RVM, I still find myself riding that line, at times struggling to reach and influence such a diverse community of clients and coworkers in my training programs. Depending on who you’re talking to, technology is seen as an exciting advantage over past methodologies or an intimidating but necessary evil. Especially in the realm of litigation support. Sometimes, a person’s take on technology is influenced by their generation and habits they’ve developed throughout their lives. However, the unavoidable truth is if you want to stay competent and competitive in litigation support, you’ve got to understand the applicable technology.

Best Practice

Full disclosure, I’ve studied Andragogy, which is the method and practice of teaching adults. What I’ve found to be most applicable to the challenge of training attorneys and litigation support staff in eDiscovery technology is the concept of Self-Directed Learning (SDL). To successfully incorporate SDL, an eDiscovery training program must:

  1. Meet the trainees where they are, respecting the extensive breadth of knowledge that each trainee brings to the table
  2. Include sufficient resources and support following training and
  3. Include an opportunity for trainees to evaluate and provide feedback on the training program.

Lawyers, Paralegals, and legal support staff are generally highly educated, hard-working, and successful individuals who have already established traditional ways of doing things such as legal research from books (gasp!) or paper document review (double gasp!!) which worked well for them in the past. There’s no doubt that technology has changed the legal industry, and continues to do so.

eDiscovery Technology Training for the Diverse Adult Learner

The Plan in Action

One way I gauge the temperature of my training audience is to send an information gathering survey in advance asking what they want to get out of the session, and what they absolutely don’t want to cover. This way, I can customize the content and not waste their valuable time covering topics they don’t need. For support and resources, we at RVM pride ourselves on the skill and responsiveness of our Client Services department, making ourselves available by phone and email to answer follow-up questions or provide troubleshooting on any of the applications we support. This helps minimize the frustration that typically comes with learning a new technology.

Finally, the most humbling component of this process, and arguably the most important is the evaluation process. I seek honest critical feedback on what worked, what didn’t, and what the trainees would like to change for future training programs. This gives my trainees an opportunity to contribute to future training success by sharing their feedback, perspectives, and experiences.

One Last Thing

eDiscovery technology is not going away, and in fact it is becoming more sophisticated. Legal professionals are staying in the workforce longer and as younger generations enter the industry, they strive to become contributing members of the team. Which means it becomes imperative that continuing education and training programs adapt to meet the needs of our varied and diverse adult workforce. In my opinion, there is no magical formula for successful eDiscovery training, but if I can at least convince my training resistant colleagues that it is a challenge worth tackling, I have won half the battle. I’d like to leave you with a quote from the education scholar, Deborah Meier “Teaching is listening. Learning is talking”.

NAMWOLF – Small Firms and the Reality of eDiscovery

National Association of Minority & Women Owned Law Firms (NAMWOLF), the friendliest conference I’ve ever been to.

Perhaps the diverse makeup of attendees makes it easy for people to share. NAMWOLF had everything:

  • CLE presentations ranging from Insurance to Analytics and Big Data;
  • Networking amongst giants and dinosaurs at the Houston Museum of Natural Science;
  • Cupcakes and Cocktails;
  • Hill Harper discussing the connection between one-on-one hoops with Obama and debating prison reform in the oval office just days ago;

NAMWOLF, simply put, was an amazing conference. The great part about NAMWOLF was meeting the women and minority owned law firms representing a variety of practice areas, all making names for themselves.



The Misconception

Equally interesting was that upon mentioning my focus is eDiscovery, the most common response was a deflated “Oh, we don’t do eDiscovery.” My stock response to this is, “do your clients or adversaries have computers?” If they do and that data is implicated in a litigation or investigation, then in fact you do, DO eDiscovery because someone would need to:

  1. Retrieve those emails;
  2. Review them and maybe produce them;

These two steps are a big part of what eDiscovery is about. If you’ve ever sent or received a Request for Production that mentions electronically stored information (ESI), then you do eDiscovery.

It strikes me that minority and women-owned law firms don’t “do eDiscovery” because of a belief that they lack the resources to take on matters involving electronically stored information. By not taking on eDiscovery, smaller firms unnecessarily limit the size and scope of matters they could retain, and in turn, limit the revenue they could generate. Some smaller firms are operating under the assumption that eDiscovery is for big firms with technology departments. In my estimation, eDiscovery is actually more important for smaller firms, especially those with limited technical resources and personnel.

Take for instance document review in an investigation or litigation where 1,000,000 documents need to be reviewed before discovery closes, may have once been impossible for a small firm. Larger firms contain armies of young junior associates they’ll throw at the problem and then bill the client for hundreds of hours of review time. Small firms don’t have to shy away from these matters, regardless of the firm’s or client’s resources. New eDiscovery tools, particularly those leveraging analytics, help identify patterns in large data sets that wouldn’t be apparent otherwise. This helps identify the important evidence quickly, and in many cases, identify large quantities of data that bear no relevance to issues in the case and are not worth reviewing. Many large firms aren’t leveraging these tools and would rather spend hundreds of unnecessary hours billing to review irrelevant data. In this scenario, the small firm gains a competitive advantage.

2 men and a woman collaborate around a table

Partnering Opens Doors to Opportunity

Understandably, eDiscovery brings up concerns about budget, data management and overburdening your IT department resources. However, doing eDiscovery doesn’t mean that you do it alone. A key aspect of eDiscovery is partnership with an end to end eDiscovery provider such as RVM. This can be especially true for small law firms who once thought certain litigations and investigations were out of their reach.

Firms of all sizes in partnership with a top tier eDiscovery provider can find their technical and practical abilities to support increasingly complex and sizable matters grow beyond what they once thought to be attainable. Turn loose your legal expertise and rely on proven technical solutions and capabilities to lead you to ultimate success.

Near Duplicates and Email Threading – So Simple It Should Be Standard

Of all of the many tools in our eDiscovery Analytics arsenal, one more complex than the next, near duplicates and email threading are two of the simplest tools to implement. So simple they should be the standard.

Near Duplicates Identification and Email Threading (ND and ET) are separate but complimentary processes, and are therefore, often run together. They are also available and relatively simple to implement in most standard eDiscovery tools. While there are some nuances with respect to how the technology is run on the backend, the end result is the same – expedited review by identifying near duplicate documents and the most complete email chains.


Benefits of Near Duplicates and Email Threading

Near duplicates identification and email threading is like having an insurance policy for consistency and quality control during document review.

Near duplicates processing involves the grouping of two or more documents that have a certain percentage of similarity of text within those documents. The key benefit of near duplicates processing is the quick identification of textually similar documents. On the other hand, email threading technology gathers and arranges related email discussions in chronological order.  The important benefit of email threading is that it identifies the most inclusive or complete email – the one that was last sent and contains all the prior exchanges or conversations in the chain. Applying email threading adds full context to what otherwise would be a disjointed set of email messages and responses.


A Simple Insurance Policy

For instance, a typical document review project may task several reviewers with coding sets of documents. In a non-ND/ET scenario it is likely that similar documents can be assigned to different reviewers who may code them differently. Likewise, different parts of an email thread might be coded differently by reviewers. In some cases even the same reviewer may code a document differently because the document showed up in an earlier or later review set. Reviewers will typically code documents based on their current understanding of the overall issues in the matter or the context presented by surrounding documents rather than precise memory of how they coded a similar document weeks before.

Near duplicates and email threading alleviates this issue by easily identifying near duplicates and grouping email threads.  One reviewer can look at similar documents versus splitting them up or review all the emails in one thread. This method increases coding accuracy and consistency as well as quality control. Think of your privileged documents! Email threads that are coded and redacted differently will undoubtedly raise a red flag with opposing counsel and the courts. Still not convinced that ND and ET are a no-brainer?

In 2013 in reference to 502(d) orders, U.S. Magistrate Judge Andrew Peck said:

“In my opinion it is malpractice to not seek a 502(d) order from the court before you seek documents. That doesn’t mean you shouldn’t carefully review your material for privileged documents before production, but why not have that insurance policy?”

I think the same applies to near duplicates processing and email threading – not using them is almost malpractice.

As lawyers, we are expected to be zealous advocates for our clients, and their pockets.  It is our duty to apply easy-to-implement, defensible, commonsense strategies to obtain the best results possible.  Technologies like near duplicates identification and email threading are available in most tools and are so easy to implement that there’s no compelling reason not to use it.

The Challenges of “Deleted” Data

shutterstock_308641526Some applications such as Snapchat became famous for allowing users send 10-second picture messages that were “deleted forever” after being opened for 60 seconds. In theory, this feature offered the opportunity to go off the grid; to send controversial messages without the risk of getting caught. In reality, those messages, also known as electronically stored information (ESI), left metadata behind even after deletion. The “deleted” messages were not “deleted forever” but could in fact be recovered.

Nothing is really deleted. Wherever there is metadata, there is discoverable data.

In the context of litigation proceedings, Fed. R. Civ. P. 26(b)(1) permits discovery of ESI regarding any non-privileged matter that is relevant to any party’s claim or defense, and proportional to the needs of the case. A “deleted” picture message may therefore become source for contention, and a party who intentionally used an application to avoid creating evidence may be held accountable in a motion for spoliation sanctions.

The doctrine of spoliation refers to the improper destruction of evidence relevant to a case. How do judges determine whether the spoliation of evidence is sanctionable? They look at three factors:

  • There was a duty to preserve evidence;
  • The spoliation was negligent or deliberate; and
  • The spoliation prejudiced the other party’s ability to present its case.

Additionally, the amended Fed. R. Civ. P. 37(e) applies specifically to ESI spoliation. The rule states that spoliation of evidence is sanctionable if there was a duty to preserve evidence, the spoliation was negligent or deliberate, and the lost information cannot be restored or replaced through additional discovery.

What this means in practice is that deleted evidence may not automatically give rise to sanctions if the same data exists somewhere else. Some legal experts expressed concerns about over-preservation of ESI in response to Rule 37(e). However, efforts to restore lost ESI should be proportional to the importance of the ESI to the claims of defenses, thus removing the over-preservation burden on the parties.

As new methods of communication are developed, the universe of potentially discoverable ESI continues to expand. Whether data is transferred through falsely-proclaimed “auto-deleting” applications, social media, text messages, chat rooms, emails, and any other kind of application or device that creates metadata, proper information governance plays an essential part in litigation, not only to avoid evidence spoliation and sanctions, but to know where relevant data resides. As a result, litigation holds need to clearly explain that all electronically transmitted data may be subject to preservation and eDiscovery.

Emojis and Emoticons: What is their value in the discovery world?

emoji-loveThe smiley or frowny face you absentmindedly insert at the end of an email conversation or text message is giving the legal profession a new puzzle to solve. The first emoticon was born in 1982, fruit of the imaginary brain of Professor Scott Fahlman. Thirty-four years later, they’re an integral part of our digital life, as they convey the facial expressions that are missing from online communications like text messages, email and social media posts.

Since emoticons have become an integral part of our online communication, it isn’t a surprise that these symbols have made their entry in court rooms and been used as evidence in recent cases. Juries have been instructed to pay attention to the use of emojis and emoticons to fully understand the meaning of a conversation. A smiley face might not suggest that the person was joking, rather that they were amused by an opportunity to harass or threaten someone else. Emojis and emoticons are often misunderstood and misinterpreted, as not everyone uses these symbols in the same fashion. These same symbols also change appearances, shapes and forms when traveling through different platforms, such as text messaging or email applications. Someone could valuably argue that their look is misleading, and couldn’t be taken seriously.

What happens to emojis and emoticons in the digital world? What transformation do they go through between the moment data gets forensically collected and the time it gets produced to the adversarial party?

There are currently 1,624 emoticons in the Unicode standard. Emoticons have been standardized to work across all major computer systems. What this means, is that emojis and emoticons have their own code points, which are basically series of numerical values. What we see as a smiley face translates to a bit sequence in the background. Emojis and emoticons intrinsically remain what they are despite taking a slightly different appearance when viewed inside a browser, or emailed via software like Outlook or a web-based email platform like Gmail. In the digital world of 1s and 0s, emojis and emoticons have their special place, and a smiley face cannot be construed as something else.

Emojis and emoticons constitute discoverable evidence if they are relevant to a particular legal matter. The way they’re understood in the digital universe is simple; the way they’re interpreted by human beings pleading their case is an entirely different story. Like slang words and expressions, not everyone uses the same words in the same way. It’s up to the attorneys presenting their cases to clarify that. The latest trend certainly shows that they cannot be ignored, and will most certainly become more and more used as evidence in court.

Cross Border Data Security: What Happens When Data Lives Abroad?

Changes in the rules governing cross border data security have presented new challenges to the world of eDiscovery. What can you do when your data lives abroad?

shutterstock_85733249RVM was recently asked to perform a forensic data collection overseas by a Company dealing with a governmental pre-investigation regarding potential wrongdoing and federal laws violations. The Company needed to collect data from computers and android and Blackberry cell phones located in India and Dubai. The Company was hitting a wall when it came to the extraordinary costs associated with such a collection, despite the small number of devices from which it needed to collect data.

When approached by the Company, RVM explored a more cost-effective and defensible solution. Rather than incurring the extraordinary expenses of traveling to India and Dubai, RVM’s experts proposed a guided remote collection. Once the client determined that there were no privacy law issues, RVM was hired to do the work.

RVM prepared pre-configured hard drives to be sent to each Company’s office and trained the Company’s IT personnel on how to proceed with the computer collection via GoToMeeting. Regarding the cell phones, the Company shipped all but one Android device to RVM, so that the forensic team could perform the data collection onsite. Since one user couldn’t part with his cell phone for an extended period of time because the device was critical to his job function, RVM came up with a solution not attempted before. After obtaining approval from the Company’s IT, the RVM Forensic Team configured a restricted workstation, set up with a unique user account and password for the Company. Both RVM and the Company recognized that shipping the laptop overseas created additional risks: the device could get lost, or damaged in transit. Even if the workstation arrived in one piece at destination, it was imperative that the collection work seamlessly once the computer was turned on. All of the parameters were checked and the Company and RVM confirmed the collection could begin safely, so the cell phone was plugged in to the laptop, and the collection software acted as an extension of RVM’s secure network. This custom workflow allowed the Forensic Team to successfully perform the collection on the Android device in compliance with all applicable evidentiary and authentication protocols.

Forensic collection includes the physical acquisition of digital data using a methodology that satisfies evidentiary requirements relating to chain-of-custody and authentication. The Company’s personnel connected the pre-configured hard drives via USB to the computers with the ESI. RVM’s technicians then connected remotely to the computers (only with the users’ permission and knowledge).

Adding yet another challenge, the Company required that workers not be disturbed during business hours, so the collection happened during the off hours. RVM continuously monitored the progress of the collection despite the 12 hour time difference.

While the collection process happened over the span of one month, the full collection only took an aggregate of 12 hours, saving the Company thousands of dollars.

The data collected was encrypted, and the hard drives and laptop were shipped back to RVM. RVM helped cull and deliver the data to the law firm representing the Company, and the documents were successfully reviewed. This outcome confirmed RVM’s expertise to seamlessly handle projects around the globe.

Messaging Applications in Business Environments: Watch What You Send

We all use a messaging application in our daily routine. They are a convenient way to communicate with people and
offer a quick alternative to phone calls, and emailing. Sending sensitive information through these applications, however, may raise red flags.shutterstock_197029355

Recent findings showed that lawyers and other professionals using consumer messaging applications to
exchange confidential business information could be in trouble. These third-party applications do not guarantee security, nor maintain an audit trail, or an archiving mechanism. Worse, they do not support information disclosure should the request arise in legal or other proceedings.

A recent survey showed that:

  • 69 percent of participants use e-mail most frequently for business communications;
  • 22 percent mobile messaging; and
  • 8 percent voice calling.

Out of these results, the next question asked why the participants didn’t use messaging applications more often:

  • 30 percent prefer sending e-mails or making calls;
  • 23 percent say there’s no paper trail;
  • 3 percent say it’s not as secure as phone or e-mail;
  • 17 percent say it’s too informal; and
  • 30 percent say it’s not authorized by the company.

So, what should your company do? Blocking messaging applications completely isn’t a viable solution in the long term. Messaging applications have proven to be a reliable tool to enhance employee productivity. The key is education. Company staff has to not only understand what regulatory laws they’re working under, but they also need to be able to use a secure messaging system that is company-approved, and adheres to the provisions of the Sarbanes Oxley Act and other applicable regulations. 44 percent of survey participants answered that their company doesn’t have an official messaging platform, which leads to the use of third party messaging applications and the release of confidential information.

The rule of thumb is to never send confidential data via an unsecure platform. If you suspect one of your employees has been transferring sensitive information via messaging applications, the RVM Tracer™ can help you audit your employees’ computers safely and quickly, instead of immediately undertaking a costly forensic investigation.

Protect your data to protect your business.