Live Demo of Relativity and X1 Integration Creates Significant Buzz

Last week we hosted a webinar with Relativity and D4, which highlighted the very compelling integration of our X1 Data Insight and Collection solution with the Relativity platform, including RelativityOne.  This integration is important as it provides game-changing efficiencies in the eDiscovery process by accelerating speed to review, and enabling more intelligent decision making.

The webinar featured live demonstration showing X1 quickly collecting data across multiple custodians and seamlessly importing that data into RelativityOne in less than two minutes.

This tweet from D4 is representative of the public and private reactions we received:

D4 Tweet July 18 v3

With the ability to search and collect emails and documents across up to thousands of endpoints and network sources with industry-leading speed, X1 Insight and Collection revolutionizes enterprise eDiscovery. For example, X1 empowers legal and consulting teams to iterate their search parameters in real time before collection, providing a revolutionary true pre-collection early case assessment capability. Additionally, with its intelligent collection capability, X1 performs instantaneous data processing (culling, de-duplication, text and metadata extraction, etc) in a fully automated manner.

Webinar speaker and D4 Director Chad Jones reported on his blog post that “In a matter of a few minutes X1 collected, processed, uploaded and published data from 5 custodians into a Relativity One (Relativity’s cloud offering) workspace. This functionality, built into a collection tool, has a chance to revolutionize the current eDiscovery process by collapsing the many hand-offs built into the current EDRM into a few short steps managed by one or two people.”

Barry O’Melia, a senior product manager at Relativity, advised the webinar attendees that “when we were planning the webinar I said that I wanted us to do a live demo into an empty Relativity workspace, as it is unbelievable without seeing it with your own eyes.”

The X1 and Relativity integration addresses several pain points in the existing eDiscovery process. For one there, is currently an inability to quickly search across all unstructured data, meaning eDiscovery teams have to spend weeks or even months to collect data as required by other cumbersome solutions. Additionally, using ESI processing methods that involve appliances that are not integrated with the collection will significantly increase cost and time delays.

So in terms of the big picture, with this integration providing a complete platform for efficient data search, eDiscovery and review across the enterprise, organizations are going to save a lot of time, save a lot of money, and be able to make faster and better decisions. When you accelerate the speed to review and eliminate over collection, you are going to have much better early insight into your data and increase efficiencies on many levels.

View the on-demand webinar see first hand the capabilities of X1 and Relativity by clicking here.

Leave a comment

Filed under Uncategorized

Assessing GDPR 30 Days In: A Report from the Field

Enforcement of the EU General Data Protection Regulation (GDPR) began May 25, 2018, and this new development is significantly reshaping the information governance landscape for organizations worldwide that control, process or store the data of European residents. Yesterday, X1 hosted a live webinar featuring GDPR experts Jay Kramer, a partner at Lewis Brisbois in the firm’s cybersecurity and privacy group, and Marty Provin, executive vice president at Jordan Lawrence.

Kramer provided a “battlefield report” about what he is seeing from the field and hearing from his various clients, with three main observations:

  1. Many are still late to the game. Kramer noted that he has several clients contacting him well after the May 25 enforcement date to begin the process of GDPR compliance.
  1. GDPR compliance maps to best practices. Becoming GDPR ready is a good business decision because it establishes transparency, data privacy and security processes that companies should be doing anyway.
  1. Now that the law has gone into effect, organizations that have been proactive are quickly transitioning from readiness to operational compliance and enforcement. For instance, many organizations are finding themselves responding to data subject access requests.

Kramer also noted that while much focus has been on potential fines levied under GDPR, organizations need to be aware that individuals can file complaints with the supervisory authorities under article 77, or even bring their own private actions, citing article 82. These claims have already been brought in the form of class actions, and Kramer expressed concern that many more claims could be fanned by “privacy trolls” – similar in concept to “patent trolls” – or by disgruntled customers or ex-employees.

Marty Provin outlined the importance of information governance and data classification in support GDPR compliance, especially from a standpoint of the need to operationalize policies and procedures in order to identify non-compliant data throughout your organization, and properly respond to regulatory requirements and data subject access requests. Kramer seconded that point, noting that the GDPR requires that an organization have absolute knowledge of where all EU personal data is stored across the enterprise and be able to remove or minimize it when required.

This readiness is achieved through planning, data mapping, and data classification. Provin provided an informative overview of these processes, based upon his extensive experience implementing such best practices for his clients over the past 20 years. Marty observed that it is also important to have a solution like X1 Data Audit and Compliance to search and identify documents, emails and other records across your enterprise that are non-compliant with GDPR. Such a capability is essential to address both the proactive and reactive components of GDPR.

The final segment of the webinar included a live demonstration of a proactive data audit across numerous computers to find PII of EU data subjects. The second half of the demonstration illustrated an effective response to an actual data subject access request in the form of a request by an individual to have their data erased.

In addition to comprehensive search, the demo highlighted the ability of X1 to also report in a detailed fashion and then take action on identified data by migrating it or even delete in place, including within email containers.

A recording of this informative and timely webinar is available for viewing here.

 

 

Leave a comment

Filed under Best Practices, eDiscovery & Compliance, GDPR, Information Governance, Records Management, Uncategorized

X1 Announces Strategic Product Integration with Relativity

Today we are announcing some exciting news. Our X1 enterprise eDiscovery solution now integrates with Relativity, the industry leading e-discovery platform. X1 Insight & Collection, a component of the X1 Distributed Discovery platform, allows enterprises to search across and collect from up to thousands of custodians in hours, now with direct upload into Relativity, including RelativityOne, utilizing Relativity’s import APIs.

The X1 and Relativity integration addresses several pain points in the existing e-discovery process. For one, there is currently an inability to quickly search across all unstructured data, meaning users have to spend the weeks or even months that are required by other cumbersome solutions. Additionally, using ESI processing methods that involve appliances that are not integrated with the collection significantly increase cost and time delays. And with such an  inefficient process there is simply no way for attorneys and legal professionals to gain immediate visibility into data, often leaving them to wait weeks before they have a chance to assess the data, post- collection.

The X1/Relativity integration directly addresses these challenges. Among the substantial benefits of this integration is the dramatic increase in speed to review, flowing directly from the custodian into Relativity on-premise or into the cloud-based RelativityOne platform. And this integration significantly reduces or completely eliminates inefficient ESI processing. X1 will search, cull and de-duplicate data at the point of collection and now integrates with the Relativity ingestion API, rendering inefficient and expensive processing appliances obsolete.

Organizations will be given real time early case assessment within minutes of initial search instead of taking days and weeks for this insight.  All of this is achieved with a truly repeatable end-to-end process for enterprises. The combination of X1 and Relativity provides a full and complete e-discovery platform.

“Collecting enterprise ESI can be one of the most daunting parts of the e-discovery process,” said Drew Deitch, senior manager for strategic partnerships at Relativity. “We’re excited to bring X1 into the App Hub, where it will offer users another great way to access, search, process, and import enterprise data into Relativity.”

Finally, with this integration providing a complete platform for efficient data search, discovery and review across the enterprise, this also enables organizations to very effectively address numerous information governance use cases such as GDPR compliance, identifying and removing PII and conducting IP data audits.

To see X1 in action, we have a 7-minute demonstration video including this integration with Relativity available here.

Leave a comment

Filed under Best Practices, ECA, eDiscovery, eDiscovery & Compliance, Information Governance, Preservation & Collection, Uncategorized

Data Discovery “Is the Foundation of GDPR Compliance”

Recently, I attended a very informative Microsoft GDPR Summit in Redmond, Washington. Microsoft invited their key compliance partners to brief them on Microsoft’s strong support for GDPR compliance within their Office 365 ecosystem, and to engage them in their strategy. The summit featured a slate of legal, compliance and technology experts who provided compelling insight into the GDPR, including challenges and opportunities for organizations as the May 25 enforcement date approaches.

Enza Iannopollo, a featured keynote speaker from Forrester, is an industry analyst with a deep focus on information security, data privacy and GDPR compliance. She noted that per a recent Forrester security survey, only about 30 percent of organizations report GDPR readiness. In her talks with major organizations, Iannopollo sees a strong if not belated commitment as they scramble to achieve readiness ahead of May 18. In terms of what it takes to effectuate GDPR compliance, Iannopollo presented a slide which simply stated the following: “Data Discovery and classification are the foundation of GDPR compliance.” Iannopollo said this is because the GDPR effectively requires that an organization be able to identify and actually locate, with precision, personal data of EU data subjects across the organization.

The speakers identified both a proactive and reactive requirement of data discovery under the GDPR. Iannopollo commented that a robust data discovery capability is needed to produce an intelligent data map, to classify and actually remediate non-compliant data. This data audit process should done at the outset, and also routinely executed on a recurring basis.

For reactive capabilities, Microsoft deputy general counsel John Payseno noted in a separate session that once GDPR enforcement comes online on May 25, 2018, organizations will be required to respond to data subject requests (DSRs) from individual, or groups of, EU data subjects. The DSRs under the GDPR consist of requests for data erasure, data transfer, or a confirmation that data permissively kept is done so in a minimal fashion without excessive duplication or re-purposing outside of the granted consent. Payseno said that companies must be able to document and demonstrate compliance with these DSRs, in a manner generally akin to responding to a subpoena or other legal requirement.

So a clear takeaway from the Microsoft summit is that GDPR compliance requires the ability to demonstrate and prove that personal data is being protected, requiring data audit and discovery capabilities that allow companies to efficiently produce the documentation and other information necessary to respond to regulators and EU private citizen’s requests. As such, any GDPR compliance programs are ultimately hollow without consistent, operational execution and enforcement.

While Microsoft demonstrated their capabilities to conduct effective data discovery in their O365 cloud environment, they openly acknowledge a significant gap for addressing on-premise unstructured data. Effective GDPR compliance requires the ability to gain immediate visibility into unstructured distributed data across the enterprise, through the ability to search and report across several thousand endpoints and other unstructured data sources, and return results within minutes instead of weeks or months as is the case with traditional crawling tools.

X1 Distributed Discovery (X1DD) represents a unique approach, by enabling enterprises to quickly and easily search across multiple distributed endpoints and data servers for PII and other data from a central location.  Legal and compliance teams can easily perform unified complex searches across both unstructured content and metadata, obtaining statistical insight into the data in minutes, instead of days or weeks. With X1DD, organizations can also automatically migrate, collect, delete, or take other action on the data as a result of the search parameters.  Built on our award-winning and patented X1 Search technology, X1DD is the first product to offer true and massively scalable distributed searching that is executed in its entirety on the end-node computers for data audits across an organization. This game-changing capability vastly reduces costs while greatly mitigating risk and disruption to operations.

X1DD operates on-demand where your data currently resides — on desktops, laptops, servers, or even the Cloud — without disruption to business operations and without requiring extensive or complex hardware configurations. Beyond enterprise eDiscovery, GDPR and other information governance compliance functionality, X1DD includes the award-winning X1 Search, improving employee productivity while effectuating that all too illusive actual compliance with information governance programs, including GDPR.

Leave a comment

Filed under Best Practices, compliance, Corporations, Data Audit, GDPR, Hybrid Search, Information Governance, Uncategorized

Commonwealth vs. Mangel: Print Screen for Social Media Disallowed Again

In the recently published opinion of Commonwealth v. Mangel, 2018 Pa. Super. 57 (March 15, 2018) the Superior Court of Pennsylvania addressed the standard for admissibility of social media posts and ultimately disallowed into evidence a social media post presented by the prosecution as a simple screen shot. In Mangel, the State charged the defendant with aggravated assault and harassment and sought, in a pre-trial hearing, to introduce evidence of an image of bloody hands posted to Facebook, as well as messages allegedly authored by the defendant. The Facebook account at issue bore the defendant’s name, hometown and high school, which the prosecution argued was sufficient to authenticate the proffered evidence.

Both the trial court and the appellate court found that merely presenting evidence that the posts and messages came from a social media account bearing the Defendant’s name was not enough to allow the evidence in. Instead, the social media posts must be properly authenticated with direct or circumstantial evidence that corroborates the identity of the author. Such evidence may include testimony from the person who sent or received the communication or contextual clues in the communication tending to reveal the identity of the sender. The State’s computer forensics expert acknowledged that type of substantiation is the only way to determine with a reasonable degree of certainly that the actual user authored the communication in question given that social media accounts are easily hacked or falsified. Although this decision was rendered in the criminal context, its extension to civil admissibility also would be instructive.

The court, in its opinion, noted that  “authenticating social media evidence is to be evaluated on a case-by-case basis to determine whether or not there has been an adequate foundational showing of its relevance and authenticity,” and that “authentication of electronic communications, like documents, requires more than mere confirmation that the number or address belonged to a particular person. Circumstantial evidence, which tends to corroborate the identity of the sender, is required.” Metadata is a key form of circumstantial evidence, and the Mangel court noted the absence of two key metadata items: the date the post was created, and account ID:

“A thorough review of the Facebook posts and messages themselves raises specific issues. First, the evidence presented by the Commonwealth does not indicate the exact time the posts and messages were made. The incident which brought about the instant criminal charges occurred allegedly on June 26th, 2016, according to the Criminal Information. The lack of a date and timestamps raises a significant question regarding the connection of the posts and messages to the alleged incident on June 26th, 2016. Furthermore, the ‘Tyler Mangel who allegedly authored the Facebook posts and messages does not specifically reference himself in the incident on June 26th, 2016; rather, other individuals, many of them who are not directly involved in the instant criminal case, reference a “Tyler Mangel” in response to a post made and in subsequent conversations about an alleged assault.”

So with a solution like X1 Social Discovery, both the date of the post and the account ID would have been collected and preserved, which would have addressed these specific problems the court had with the Facebook evidence offered by the prosecution. By using print screen instead, the evidence was thrown out.

Mangel is yet another case illustrating that social media provides torrential amounts of evidence potentially relevant to litigation matters, with courts routinely facing proffers of data preserved from various social media websites. This evidence must be authenticated in all cases, and the authentication standard is no different for website data or social media evidence than for any other.

One of the many benefits of X1 Social Discovery is its ability to preserve and display all the available circumstantial evidence in order to present the best case possible for the authenticity of social media evidence collected with the software. This includes collecting all available metadata and generating a MD5 checksum or “hash value” of the preserved data for verification of the integrity of the evidence. It is important to collect and preserve social media posts and general web pages in a thorough manner with best-practices technology specifically designed for litigation purposes.  For instance, there are over twenty unique metadata fields associated with individual Facebook posts and messages. Any one of those entries, or a combination of them contrasted with other entries, can provide unique circumstantial evidence that can establish foundational proof of authorship.

Additionally, when an examiner merely relies on print screen, they also severely limit the scope and thoroughness of the social media and internet collection. Employing more automated means, such as X1 Social Discovery, enables the examiner to quickly collect entire web pages and publically available social media accounts, which can be hundreds of pages long. This allows the examiner to build a much stronger case for authentication by building timelines, drawing more connections between witnesses and their various posts, collecting more collaborating metadata, and a litany of other means to build a compelling circumstantial case to authenticate the social media or web page evidence in question.

When lawyers and their service providers rely on simple screen captures, printouts or even compliance archiving solutions that fail to collect and preserve all key metadata to admit social media into evidence, they run a significant risk of having key evidence in support of their case disallowed by the court. The prosecutors in Mangel just learned this lesson the hard way.

Leave a comment

Filed under Uncategorized