Archives for Litigation Readiness

RVM Top 5: Reasons to Revise Your Data Retention Policy

Do me a favor. Take a look at your records retention policy.

I’ll wait.

Did you do it? It looks fine, right? All the language is there. The dates and times are in it, the “I’s” are dotted and the “T’s” are crossed. It must be good enough.

But how well is it really going to serve you in the event of a legal hold, and is it costing you money simply by its own inefficiency?

To help you better make that determination, we at RVM have compiled a thorough list of reasons why you may want to consider updating your policy, taking into consideration both the legal liabilities represented by the policy as well as its cost to your business operations.

Here are RVM’s TOP 5 REASONS TO REVISE YOUR DATA RETENTION POLICY.

You have retained data old enough to sit on your board and vote on a data retention policy.
Preserving records is important, and different agencies will have different reporting requirements. That said, making a determination about how long to retain your data and sticking to it will save a lot of headaches.

Determining who is responsible for managing a legal hold turns into a game of “not it!” among your leadership team.
Data may have many owners. But in the event of a legal hold or investigation, there’s no time for disorganization. Make the determination ahead of time who will take responsibility for coordinating a response.

Your data storage bills are bigger and more complicated than your quarterly tax statements.
You’re paying for all that data you’re storing. So why do you want to pay for data that you will never need?

“Where is our data?” is really more of a rhetorical question than one for which you have good answers.
Part of developing a record retention policy is identifying the locations of all the data – an important exercise that can ease the burden of collecting in the event of a legal hold.

The technology at the backbone of your policy, helping you maintain and organize your data is Microsoft Excel.
Excel is a great program, but responding to a legal hold or investigation is serious business, for which there are serious tools. The most efficient way to proceed is to utilize one of those tools.

Key Considerations Before Migrating to Office 365

Companies of all sizes are preparing for their transition to the cloud. Office 365 (O365) will likely be a foundational part of that transition, particularly for small- and medium-sized businesses.  The transition is certain: it’s no longer a question of if, but a matter of when businesses will do it.

For small- to medium-sized business, there are a number of things that must be considered, from internal processes to compliance. While the benefits of migrating to the cloud may be clear: lower operational costs, simplicity, scalability, redundancy, and easy mobile access – the risks are easily overlooked.  We’ve compiled a list of things to consider before making the big move to the cloud.

    1. Data Protection
      Office 365 ChecklistCompanies with highly sensitive data naturally have heightened security needs and would be wise to consider how comfortable they are with having all of their data stored on a public cloud server. While O365 is very secure – it maintains high standards for backup and encryption procedures – migrating entirely to the cloud is effectively entrusting your data to a third party. A solution partner like RVM can help your organization adopt best practices such as minimizing the identity information copied to the cloud, providing policy to block unauthorized access, and employing multifactor authentication and integrated device management. Industry standard security parameters are available and can be customized to fit your organization’s requirements. Depending on the complexity or simplicity of your environment, it may be recommended to look for a hybrid solution where some mailboxes remain on premises as others move to the cloud. This allows you to test as you migrate.
    2. Compliance
      Many businesses today are bound by compliance. While this may have prevented businesses from adopting the cloud in years past, it’s less of a hindrance now that the Financial Conduct Authority has approved cloud usage (including public cloud providers). That said, understanding your company’s compliance responsibilities should still be a consideration before migration.  These may affect your company’s use of document retention and  data export settings, should you need to demonstrate documentation in response to a subpoena or compliance investigation.  Your licensing package, volume of data, and software expertise impact how efficient or inefficient this endeavor can be.
    3. Litigation Readiness
      Often companies overlook the business need to be litigation ready. They look at solutions like O365 as a means to reduce their operational costs related to IT and forget that there may be an impact down the road, like when faced with an SEC subpoena or a civil litigation.  When implementing O365, companies need to  conduct analysis beyond email, and consider additional impacts such as email archive solutions, integration with other business systems, and how to functionally use it to accomplish data exports or other recovery tasks.  Companies often realize their inability to accomplish these things too late, when they are faced with subpoenas and document requests, and end of paying a lot of money to quickly fix what they already spent a lot of money to implement.
    4. Managing Accounts
      For small- or medium-sized businesses, finding a solution to automate the cumbersome process of setting up accounts across cloud apps is crucial to success. Tools that enable provisioning of users for all services can be difficult — especially if you have custom or legacy apps that require complex configuration – but often pay off, as provisioning is typically the easiest way to add new users into the Active Directory. There are a number of options for managing synchronization between Active Directory and O365, supporting third party applications and single sign-on, and providing multiple accounts for multiple applications.
    5. Licensing
      O365 licensing includes many options. Many users will require different levels of access, based on use case. A valuable asset of O365 is the ability to avail the right toolsets to the right users. The platform also enables administrators to track license consumption and availability, reducing costs and simplifying true-ups.
    6. Hands off – Patch Management & Control
      Moving to O365 means giving up control over elements such as the patch management process, software upgrades, and other administrative tasks that could previously be performed on premises. Many organizations use third party utilities to manage their internal servers (Microsoft Exchange, Lync/Skype and SharePoint), but utilities designed to be installed directly on a server won’t work with O365 – as the management is done through O365’s portal. One benefit of remote management is that Microsoft pushes out environment updates regularly, meaning that users will always be running the most recent tools.

Above all, there is no one right answer for all organizations. Each should take the time to consider all the factors mentioned above (and any others that are relevant to the company or industry) and weigh the pros and cons. Should your company elect to migrate to O365, it is critical that you do so strategically, and with consideration for the safety and security of your data. Hiring a company like RVM to oversee the migration can ensure a proper setup protecting your company from threats now and in the future.

The Challenges of “Deleted” Data

shutterstock_308641526Some applications such as Snapchat became famous for allowing users send 10-second picture messages that were “deleted forever” after being opened for 60 seconds. In theory, this feature offered the opportunity to go off the grid; to send controversial messages without the risk of getting caught. In reality, those messages, also known as electronically stored information (ESI), left metadata behind even after deletion. The “deleted” messages were not “deleted forever” but could in fact be recovered.

Nothing is really deleted. Wherever there is metadata, there is discoverable data.

In the context of litigation proceedings, Fed. R. Civ. P. 26(b)(1) permits discovery of ESI regarding any non-privileged matter that is relevant to any party’s claim or defense, and proportional to the needs of the case. A “deleted” picture message may therefore become source for contention, and a party who intentionally used an application to avoid creating evidence may be held accountable in a motion for spoliation sanctions.

The doctrine of spoliation refers to the improper destruction of evidence relevant to a case. How do judges determine whether the spoliation of evidence is sanctionable? They look at three factors:

  • There was a duty to preserve evidence;
  • The spoliation was negligent or deliberate; and
  • The spoliation prejudiced the other party’s ability to present its case.

Additionally, the amended Fed. R. Civ. P. 37(e) applies specifically to ESI spoliation. The rule states that spoliation of evidence is sanctionable if there was a duty to preserve evidence, the spoliation was negligent or deliberate, and the lost information cannot be restored or replaced through additional discovery.

What this means in practice is that deleted evidence may not automatically give rise to sanctions if the same data exists somewhere else. Some legal experts expressed concerns about over-preservation of ESI in response to Rule 37(e). However, efforts to restore lost ESI should be proportional to the importance of the ESI to the claims of defenses, thus removing the over-preservation burden on the parties.

As new methods of communication are developed, the universe of potentially discoverable ESI continues to expand. Whether data is transferred through falsely-proclaimed “auto-deleting” applications, social media, text messages, chat rooms, emails, and any other kind of application or device that creates metadata, proper information governance plays an essential part in litigation, not only to avoid evidence spoliation and sanctions, but to know where relevant data resides. As a result, litigation holds need to clearly explain that all electronically transmitted data may be subject to preservation and eDiscovery.

Wearable Technology: Hot Holiday Gift or eDiscovery Challenge?

woman with apple watchWill you buy a smartwatch this holiday season?

Wearable technology is the new black, and every player in the market is vying for top honors to be the next gadget for which customers will fight. While Santa will be placing a smartwatch under a lot of trees, eDiscovery professionals will be looking to see what new challenges will arise.

There are still some limitations in the abilities that these wearable devices have and will have, although they already present a challenge in eDiscovery. When information is shared among multiple items, such as a watch, a smartphone and a cloud, issues of preservation, privacy, and security arise. And what wearable technology can do now is enough to be used in a lawsuit. Fitbits, which track health related information, are being used as “witnesses” of an individual physical activity. A Fitbit has been used in a personal injury claim. The plaintiff was injured four years ago when she was a personal trainer, and her lawyers used her Fitbit data to show that her activity levels were lower than the baseline for someone of her age and profession to prove she deserved compensation. In another rape case, the Fitbit contradicted the statements of the victim by showing that at the time of the crime, she was awake and walking around, when she claimed she had been attacked while asleep.

All the metadata created by a wearable device is discoverable, and if it’s relevant to the matter at hand, then it’s evidence. And consumers might not be aware of this fact when they purchase a device. Wearable technology opens yet another door into a world that will slowly provide answers and best practices, case by case. Lawyers will have to be well-versed in the technology, and get assistance from eDiscovery experts if necessary. After all, smartwatches have been designed to provide much more than the time.

Are you ready for it?

What Every Legal Professional Should Know About eDiscovery

The legal industry first recognized electronic discovery (eDiscovery) in 2004, after the famous Zubulake decisions. The plaintiff, Laura Zubulake, filed suit against her former employer UBS Warburg, alleging gender discrimination. SDNY Judge Sheindlin’s rulings set the tone of what would soon follow with the amendment of the Federal Rules of Civil Procedure in 2006.

Federal Rule 34 (a) (1) (A) defines eDiscovery as “any designated documents or electronically stored information—including writings, drawings, graphs, charts, photographs, sound recordings, images, and other data or data compilations—stored in any medium from which information can be obtained … directly.” Since then, lawyers have been struggling with an entirely foreign world, feeling they needed to turn into geeks overnight just to keep up with the lingo, and the technical requirements. eDiscovery can be scary, especially when savvy litigators and various government agencies are extremely aggressive in taking control of discussions when making demands regarding electronically stored information (ESI). Many feel that eDiscovery is like opening Pandora’s Box. They don’t know what’s in it, how much is in it, and how expensive it will be.

Electronic Discovery Reference Model

http://www.edrm.net/

It’s a fact, eDiscovery isn’t going away. More and more information is being stored electronically and all of us need to be able to talk-the-talk and walk-the-walk at a fundamental level to be able to litigate effectively.

The Electronic Discovery Reference Model (EDRM) defines how electronic information is managed from the
inception to the resolution of the discovery phase.

By using computer assisted processes, and specific workflows, the goal of the EDRM is to reduce the amount of data the legal team must review before producing.

You should understand these three key phases:

  • Document preservation and collection: By definition, a legal hold is a process that an organization uses to preserve all forms of relevant information when litigation is reasonably anticipated. Work with your client to understand the scope of potentially responsive data.
  • Data processing and review: Once the data has been identified, and securely collected, the next step is to ingest it and load it to a review platform. Every document electronically created leaves a trace. The ingestion phase (processing) consists of analyzing the documents’ genome (metadata), by applying culling criteria (deduplication, date filters, keywords), in order to discard the junk, and only keep the worthy data for review.
  • Production: what the legal team has reviewed and deemed responsive, and not privileged, will be produced to the other side, usually in electronic format.

If you are unsure of a term, the Sedona Conference glossary is easily accessible at the following link.

Naturally, the questions of volume, cost and headcount will be paramount to the success of the entire process. In that regard, the role of the service provider is not only to assist with the technical aspects, but also to offer guidance every step of the way.

No question is a stupid question! Don’t guess what you don’t know. At the end of the day, what makes or breaks a case is partnership and collaboration between the client, law firm, and service provider to achieve top results.

RVM Launches Los Angeles Office

RVM Enterprises, Inc. has opened an office in Los Angeles, California.  A leader in the eDiscovery industry, RVM has been the preferred provider of eDiscovery services and data solutions to leading corporations and Am Law 100 firms for nearly two decades. RVM will provide its full range of services in the new state-of-the-art facility in Los Angeles.

RVM’s extraordinary growth has been recognized by many organizations. It has been ranked on the Inc. 500|5000 for 4 consecutive years and has been recognized by the WPO as one of the 50 fastest growing women-led businesses around the globe. A leader in technology, RVM has achieved Orange-level Relativity Best in Service recognition every year since 2010. Additionally, it was the first to achieve Equivio’s Partner STAR certification. Headquartered in New York, RVM has offices in Chicago, Cleveland and Los Angeles. RVM’s presence in Los Angeles will help serve the growing demands of its clients.

RVM’s services include Forensic Data Collection, Data Processing and Production, Data Hosting, Advanced Data Analytics, eDiscovery Strategic Consulting, Information Governance Consulting, Litigation Readiness, and Managed Document Review.

“As RVM continues grow, it will stand by its reputation of providing exemplary customer service within the eDiscovery industry,” said Vinnie Brunetti, CEO of RVM Enterprises, Inc. “The opening of the LA office has extended our reach to the West Coast and will enable RVM to consistently provide the first class level of service RVM clients have come to expect around the country.” Mr. Brunetti added, “RVM has been extremely successful with the expansion of its Structured Review division in New York and I’m happy that we can now bring that experience, value-add, and cost savings to our clients on the West Coast with our experienced staff and state-of-the-art review center and forensic lab.”

 

 

RVM Adds HIPAA Compliance to its Extensive List of Security Measures and Certifications

RVM is committed in its efforts to ensure the confidentiality, integrity and availability of all protected electronic information, and as such, RVM is pleased to announce the inclusion of HIPAA Compliance to its extensive list of security measures and certifications. As of January 02, 2015, RVM is able to provide attestation to HIPAA Compliance through both internal and third-party audit processes.

“By augmenting our existing Information Security Management System (ISMS) to incorporate safeguards for Protected Health Information (PHI) we ensure that our clients’ data is managed safely and in compliance with Federal Healthcare laws and regulations, specifically the 2013 HIPAA Omnibus Rule,” said Geoffrey Sherman, RVM’s Chief Technology Officer.

As law firms and healthcare providers strive to comply with the HIPAA Omnibus Rule they must ensure that their business associates meet or exceed the data safeguards required for dealing with protected health information (“PHI”). These safeguards are including but not limited to data privacy, security, and breach notification procedures specific to PHI. Failure to comply with HIPAA rules may result in civil penalties that can reach up to $25,000 for violations observed. It should also be noted that PHI privacy breaches are subject to penalties of up to $1.5 million where the timely reporting and breach management procedures in compliance with HIPAA regulations are not met.

About HIPAA

Health care privacy concerns are governed by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Clinical Health Act (“HITECH”) of 2009. This legislation was passed by Congress to encourage the development of a health information system through the establishment of standards and requirements for the electronic transmission of certain health information. It serves to improve efficiency and effectiveness of Medicare, Medicaid, and the health care system.  HIPAA places requirements on health care providers known as covered entities and business associates including requirements to comply with privacy, security, and transaction standards.  The Privacy Rule established under HIPAA is a set of national standards for the protection of certain health information.  The U.S. Department of Health and Human Services (“HHS”) issued the Privacy Rule to implement the requirements of HIPAA.  The purpose of the Privacy Rule is to establish standards which respect to the confidentiality of an individual’s health information or PHI by entities which are subject to HIPAA.  Within HHS, the Office for Civil Rights (“OCR”) has responsibility for implementing and enforcing the Privacy Rule with respect to compliance activities and civil money penalties.

About RVM

RVM provides data solutions and eDiscovery services to leading global financial institutions, corporations and Am Law 100 firms.  RVM is dedicated to innovation in technology to address the ever-changing business models in today’s legal and corporate environments. RVM is proud of receiving certification as a women’s business enterprise by the Women’s Business Enterprise National Council (WBENC).

RVM’s services include forensic data collection, data processing and production, data hosting, advanced data analytics, eDiscovery strategic consulting, information governance consulting, litigation readiness and managed document review.

Ultimately, RVM may from time to time have access to PHI by virtue of RVM’s data solution and or eDiscovery services to a health care provider or its business associate.