Microsoft Office 365 is Disrupting the eDiscovery Industry in a Major and Permanent Fashion

The adoption of cloud-based Microsoft Office 365 (“O365”) within enterprises is growing exponentially. According to a 2016 Gartner survey, 78 percent of enterprises use or plan to use Office 365, up from 64 percent in mid-2014. O365 includes built-in eDiscovery tools in the Security and Compliance Center at an additional cost. Many, but not all, 0365 customers are utilizing the internal eDiscovery module, to which Microsoft is dedicating a lot of effort and resources in order to provide a go-to solution for the eDiscovery of all information located within 0365. o365-logoBased upon my assessment through product demos and discussions with industry colleagues, I believe Microsoft will achieve this goal relatively soon for data housed within its 0365 platform. The Equivio eDiscovery team that transitioned over to Microsoft in a 2015 acquisition is very dedicated to this effort and they know what they are doing.

But as I see it, the O365 revolution presents two major takeaways for the rest of the eDiscovery software and services industry. The first major point comes down to simple architecture. Most eDiscovery tools operate by making bulk copies of data associated with individual custodians, and then permanently migrate that data to their processing and/or review platform. This workflow applies to all non-Microsoft email archiving platforms, appliance-based processing platforms, and hosted review platforms. As far as email archiving, a third-party email archive solution requires the complete and redundant duplication, migration and storage of copies of all emails already located in O365. This is counter-productive to the very purpose of a cloud-based 0365 investment. We have already seen non-Microsoft email archiving solutions on the decline in terms of market share, and with MS Exchange archiving becoming much more robust, we will only see that trend accelerate.

eDiscovery processing tools and review platforms are also fighting directly against the O365 tide.  This is especially true for processing appliances (whether physical or virtual), which address O365 collections through bulk copy and export of all of the target custodians’ data from O365 and into their appliance, where the data is then re-indexed. Such an effort is costly, time consuming, and inefficient. But the main problem is that clients who are investing in O365 do not want to see all their data routinely exported out of its native environment every time there is an eDiscovery or compliance investigation. Organizations are fine with a very narrow data set of relevant ESI leaving O365 after it has been reviewed and is ready to be produced in a litigation or regulatory matter. What they do not want is a mass export of terabytes of data because eDiscovery and processing tools need to broadly ingest that data in their platform in order to begin the indexing, culling and searching process. For these reasons, most eDiscovery software and compliance archiving tools do not play well with O365, and that will prove to be a significant problem for those developers and the service providers who utilize those tools for their processes.

The second major O365 consideration is that organizations, especially larger enterprises, rarely house all or even most of their data within 0365, with hybrid cloud and on-premise environments being the norm. The 0365 eDiscovery tools can only address what is contained within 0365. Any on-premise data, including on-premise Microsoft sources (SharePoint, Exchange and Office docs on File Shares) cannot be readily consolidated by 0365, and neither can data from other cloud sources such as Google Drive, Box, Dropbox and AWS. And of course, desktops, whether physical or virtual, are critical to eDiscovery collections and are also not supported by the O365 eDiscovery tools, with Microsoft indicating that they do not have any plans to soon address all these non-O365 data sources in a unified fashion.

So eDiscovery software providers need to have a good process to perform unified search and collection of non-O365 sources and to consolidate those results with responsive O365 data. This process should be efficient and not simply involve mass export of data out of O365 to achieve such data consolidation.

X1 Distributed Discovery (X1DD) is uniquely suited to complement and support O365 with an effective and defensible process and has distinct advantages over other eDiscovery tools that solely rely on permanently migrating ESI out of O365. X1DD enables organizations to perform targeted search and collection of the ESI of up to thousands of endpoints, as well as O365 and other sources, all in a unified fashion. The search results are returned in minutes, not weeks, and thus can be highly granular and iterative, based upon multiple keywords, date ranges, file types, or other parameters. Using X1DD, O365 data sources are searched in place in a very targeted and efficient manner, and all results can be consolidated into Microsoft’s Equivio review platform or another review platform such as Relativity. This approach typically reduces the eDiscovery collection and processing costs by at least one order of magnitude (90%). For a demonstration or briefing on X1 Distributed Discovery, please contact us.

Leave a comment

Filed under Uncategorized, Cloud Data, eDiscovery, compliance

The Three Categories of eDiscovery Spoliation Sanctions

My last post discussed the important new Sedona Conference guidance, The Sedona Principles, Third Edition: Best Practices, Recommendations & Principles for Addressing Electronic Document Production. The revised principles are compelling, providing important direction to lawyers and eDiscovery practitioners alike. The Sedona Principles often make their way into court opinions and thus inform eDiscovery case law. In my view, the most interesting component of the updated Sedona Principles is its stance against full disk imaging for routine eDiscovery preservation, labeling the practice as unnecessary and unduly burdensome. Full disk imaging is still very widely used (some attorneys would say abused) for eDiscovery collection, which is an issue I highlighted at length last year on this blog.

The Sedona commentary brings into focus the judges’ rationale when issuing sanctions for failure to properly preserve ESI. Specifically, what types of conduct resulting in the destruction of ESI do the courts actually impose penalties for? I have been monitoring the caselaw involving failure to preserve ESI sanctions for over 15 years, and such cases fall under three general categories.

The first and most obvious category involves intentional conduct to delete or otherwise destroy potentially relevant ESI. There are many examples of such cases, including Sekisui Am. Corp. v. Hart, 2013 WL 4116322 (S.D.N.Y. Aug. 15, 2013), and Rimkus Consulting Group, Inc. v. Cammarata, 688 F. Supp. 2d 598 (S.D. Tex. 2010).

The second category involves situations where there is no process in place and the organization asserts little or no effort to preserve ESI. In a recent example, a magistrate judge imposed spoliation sanctions where the Plaintiff made no effort to preserve their emails — even after it sent a letter to the defendant threatening litigation. (Matthew Enter., Inc. v. Chrysler Grp. LLC, 2016 WL 2957133 (N.D. Cal. May 23, 2016). The court, finding that the defendant suffered substantial prejudice by the loss of potentially relevant ESI, imposed severe evidentiary sanctions under Rule 37(e)(1), including allowing the defense to use the fact of spoliation to rebut testimony from the plaintiff’s witnesses. The court also awarded reasonable attorneys fees incurred by the defendant in bringing the motion. See also, Internmatch v. Nxtbigthing, LLC, 2016 WL 491483 (N.D. Cal. Feb. 8, 2016), where a U.S. District Court imposed similar sanctions based upon the corporate defendant’s suspect preservation efforts.

The final category involves situations where an organization does have a palpable ESI preservation process, but one that perilously relies on custodian self-collection. In a recent illustrative case, a company found themselves on the wrong end of a $3 million sanctions penalty for spoliation of evidence. The case illustrates that establishing a litigation hold and notifying the custodians is just the first step. Effective monitoring and diligent compliance with the litigation hold is essential to avoid punitive sanctions. GN Netcom, Inc. v. Plantronics, Inc., No. 12-1318-LPS, 2016 U.S. Dist. LEXIS 93299 (D. Del. July 12, 2016). Even with effective monitoring, severe defensibility concerns plague custodian self-collection, with several courts disapproving of the practice due to poor compliance, metadata alteration, and inconsistency of results. See Geen v. Blitz, 2011 WL 806011, (E.D. Tex. Mar. 1, 2011), Nat’l Day Laborer Org. v. U.S. Immigration and Customs Enforcement Agency, 2012 WL 2878130 (S.D.N.Y. July 13, 2012).

So those are the three general categories for ESI preservation sanctions. But here is the question that the new Sedona commentary indirectly raises: Are there any cases out there where a court sanctions a party who; one, had a sound and reasonable ESI preservation process in place, and two, reasonably followed and executed that process in good faith, but were sanctioned anyway because that one document or email slipped through the cracks, which theoretically could have been prevented by employing full disk imaging as a routine practice? I believe this is an important question because some organizations and/or their outside counsel cite this concern as justification for full disk imaging across multitudes of custodians as a routine (but very expensive and burdensome) eDiscovery preservation practice. This still occurs even with the 2015 amendments to the Federal Rules of Civil Procedure, specifically FRCP 26(b)(1), which requires the application of proportionality to all aspects of eDiscovery, including collection and preservation.

I am unaware of any such case described in the previous paragraph. But if anyone is, please let me know in the comments below!

 

Leave a comment

Filed under eDiscovery

Updated Sedona Principles Disfavor Forensic Imaging and Over-collection for Routine eDiscovery Preservation

Last week The Sedona Conference (“TSC”) published revisions for public comment to its very influential Sedona Principles:  The Sedona Principles, Third Edition: Best Practices, Recommendations & Principles for Addressing Electronic Document Production. Per the TSC, the update wasOLYMPUS DIGITAL CAMERA “necessitated by an even greater explosion in the volume and diversity of forms of electronically stored information, the constant evolution of technology applied to eDiscovery, and by further amendments to the Federal Rules of Civil Procedure” as well as by many years of experience in e-discovery.  Public comments are invited through June 30, 2017.

The third edition of the Sedona Principles are a must-read. They are well written, providing excellent and important guidance to lawyers and eDiscovery practitioners alike. The drafters do not shy away on taking some strong stands on important eDiscovery issues, such as the over-use of forensic disk imaging for eDiscovery preservations. While full disk images may be warranted in some limited situations, the expense and burden associated with the practice can be quite extensive, particularly in matters that involve multiple custodians. The Sedona Commentary correctly notes: “Civil litigation should not be approached as if information systems were crime scenes that justify forensic investigation at every opportunity to identify and preserve every detail.”

Section 8c of the newly revised Commentary is dedicated to forensic imaging, stating that: “Forensic data collection requires intrusive access to desktop, server, laptop, or other hard drives or media storage devices.”  While noting the practice is acceptable in some limited circumstances, “making a forensic copy of computers is only the first step of an expensive, complex, and difficult process of data analysis . . . it should not be required unless circumstances specifically warrant the additional cost and burden and there is no less burdensome option available.”

The commentators are absolutely correct here. It is established law that the duty to preserve evidence, including ESI, extends only to relevant information.  The vast majority of ESI on a full disk image will typically constitute irrelevant information. As stated by one court, “imaging a hard drive results in the production of massive amounts of irrelevant, and perhaps privileged, information.” Deipenhorst v. City of Battle Creek, 2006 WL 1851243 (W.D.Mich. June 30, 2006) at *3.  In noting that the “imaging of computer hard drives is an expensive process, and adds to the burden of litigation for both parties.”

This disfavoring of forensic imaging in the revised Sedona Principles also stems from the increased emphasis of proportionality under new Federal Rule of Civil Procedure 26(b)(1). In fact, of the 14 enumerated principles in this third edition, 12 of them address preservation in whole or in part. The over-arching theme is that ESI preservation efforts should be reasonable, proportionate, and targeted to only relevant information, as opposed to being overly broad and unduly burdensome.

In regard to forensic collection, courts do require that ESI be collected in a forensically sound manner, which does not mean a full forensic disk image is required, but generally does entail that metadata is not altered and a documented chain of custody is maintained. More advanced enterprise class technology can accomplish remote searches across multitudes of custodians that are narrowly tailored to collect only potentially relevant information while preserving metadata at the same time. This process is better, faster and dramatically less expensive than manual disk imaging.

In fact, The Sedona principles do outline such an alternative to forensic disk imaging: “Automated or computer-assisted collection involves using computerized processes to collect ESI meeting certain criteria, such as search terms, file and message dates, or folder locations. Automated collection can be integrated with an overall electronic data archiving or retention system, or it can be implemented using technology specifically designated to retrieve information on a case-by-case basis.”

This language maps directly to the capabilities of  X1 Distributed Discovery (X1DD), which enables parties to perform targeted search and collection of the ESI of up to thousands of endpoints over the internal network without disrupting operations. The search results are returned in minutes, not weeks, and thus can be highly granular and iterative, based upon multiple keywords, date ranges, file types, or other parameters. This approach typically reduces the eDiscovery collection and processing costs by at least one order of magnitude (90%). This method is sound from an evidentiary standpoint as the collected data is preserved in its native file format with its metadata intact. X1DD features a solid chain of custody and robust logging, tracking and reporting.

And in line with the concepts outlined in the revised Sedona Commentary, X1DD provides a repeatable, verifiable and documented process for the requisite defensibility. For a demonstration or briefing on X1 Distributed Discovery, please contact us.

Leave a comment

Filed under eDiscovery

Key to Improving Predictive Coding Results: Effective ECA

Predictive Coding, when correctly employed, can significantly reduce legal review costs with generally more accurate results than other traditional legal review processes. However, the benefits associated with predictive coding are often undercut by the over-collection and over-inclusion of Electronically Stored Information (ESI) into the predictive coding process. This is problematic for two reasons.

The first reason is obvious, the more data introduced into the process, the higher the cost and burden. Some practitioners believe it is necessary to over-collect and subsequently over-include ESI to allow the predictive coding process to sort everything out. Many service providers charge by volume, so there can be economic incentives that conflict with what is best for the end-client. In some cases, the significant cost savings realized through predictive coding are erased by eDiscovery costs associated with overly aggressive ESI inclusion on the front end.

The second reason why ESI over-inclusion is detrimental is less obvious, and in fact counter intuitive to many. Some discovery practitioners believe as much data as possible needs to be put through the predictive coding process in order to “better train” the machine learning algorithms. However this is contrary to what is actually true. The predictive coding process is much more effective when the initial set of data has a higher richness (also referred to as “prevalence”) ratio. In other words, the higher the rate of responsive data in the initial data set, the better. It has always been understood that document culling is very important to successful, economical document review, and that includes predictive coding.

Robert Keeling, a senior partner at Sidley Austin and the co-chair of the firm’s eDiscovery Task Force, is a widely recognized legal expert in the areas of predictive coding and technology assisted review.  At Legal Tech New York earlier this year, he presented at an Emerging Technology Session: “Predictive Coding: Deconstructing the Secret Sauce,” where he and his colleagues reported on a comprehensive study of various technical parameters that affect the outcome of a predictive coding effort.  According to Robert, the study revealed many important findings, one of them being that a data set with a relatively high richness ratio prior to being ingested into the predictive coding process was an important success factor.

To be sure, the volume of ESI is growing exponentially and will only continue to do so. The costs associated with collecting, processing, reviewing, and producing documents in litigation are the source of considerable pain for litigants. The only way to reduce that pain to its minimum is to use all tools available in all appropriate circumstances within the bounds of reasonableness and proportionality to control the volumes of data that enter the discovery pipeline, including predictive coding.

Ideally, an effective early case assessment (ECA) capability can enable counsel to set reasonable discovery limits and ultimately process, host, review and produce less ESI.  Counsel can further use ECA to gather key information, develop a litigation budget, and better manage litigation deadlines. ECA also can foster cooperation and proportionality in discovery by informing the parties early in the process about where relevant ESI is located and what ESI is significant to the case. And with such benefits also comes a much more improved predictive coding process.

X1 Distributed Discovery (X1DD) uniquely fulfills this requirement with its ability to perform pre-collection early case assessment, instead of ECA after the costly, time consuming and disruptive collection phase, thereby providing a game-changing new approach to the traditional eDiscovery model.  X1DD enables enterprises to quickly and easily search across thousands of distributed endpoints from a central location.  This allows organizations to easily perform unified complex searches across content, metadata, or both and obtain full results in minutes, enabling true pre-collection ECA with live keyword analysis and distributed processing and collection in parallel at the custodian level. To be sure, this dramatically shortens the identification/collection process by weeks if not months, curtails processing and review costs from not over-collecting data, and provides confidence to the legal team with a highly transparent, consistent and systemized process. And now we know of another key benefit of an effective ECA process: much more accurate predictive coding.

Leave a comment

Filed under ECA, eDiscovery

ILTA eDiscovery Survey Reflects Increased Social Media Discovery

The International Legal Technology Association recently published a very informative and comprehensive law firm eDiscovery practice survey “2016 Litigation and Practice Support Technology Survey.” ILTA received responses from 204 different law firms — small, medium and large — on a variety of subjects, including eDiscovery practice trends and software tool usage.  The survey reveals three key takeaways regarding social media and website discovery.

The first clear takeaway is that social media discovery is clearly increasing among law firms and in the field in general. 77 percent of responding law firms reported conducting social media discovery in 2016, a 12 percent increase over 2015. Additionally, the responding firms reported a higher average volume of cases involving social media evidence, with a 23 percent increase in firms handling at least 4 matters per year involving social media evidence. (See Survey at pg. 23)

In terms of identified software solution usage, the survey establishes that X1 Social Discovery is the clear leader in the web and social media capture category among purpose-built tools used by law firms. 24 percent of all law firms rely on X1 Social Discovery on either an in-sourced or outsourced basis. The survey also reflects that X1 Social is the number one process used by eDiscovery service providers, by far surpassing the next common process of screen capturing. This is consistent with our own internal data, reflecting the industry’s standardization of social media evidence collection by the sheer volume of customers that have adopted X1 Social Discovery. Nearly 200 law firms and 500 eDiscovery services firms have at least one paid license of X1 Social Discovery. So while X1 Social Discovery is very popular with law firms, it is even more widely used by eDiscovery service providers.

ILTA survey2

Utilization of X1 Social also registered in the separate category of webmail collections.

The final takeaway is that the practice of using screen captures with general IT tools like Adobe and Snagit is still commonly employed by practitioners at law firms, but is virtually non-existent amongst service providers, who typically are on the forefront of adapting best practices. Screen capturing is neither effective nor defensible. It is ineffective because the results are very narrow and incomplete, and the process is very labor intensive resulting in much higher costs to the client than using best practices. (See Stallings v. City of Johnston, 2014 WL 2061669 (S.D. Ill. May 19, 2014), law firm spent full week screen capturing contents of Facebook account — which amounted to over 500 printed pages — manually rearranging them, and then redacting at a cost of tens of thousands of dollars).

In addition, simple screen captures are not defensible, with several courts disallowing or otherwise calling into question social media evidence presented in the form of a screen shot image. This scrutiny will only increase with Federal Rule of Evidence 902(14) coming into effect later this year. I have previously addressed Rule 902(14) at length on this blog, but in a nutshell, screen captures are not Rule 902(14) compliant, while best practices technology like X1 Social Discovery have the critical ability to collect all available metadata and generate a MD5 checksum, or “hash value,” of the preserved data for verification of the integrity of the evidence. The generation of hash values is a key component for meeting the requirements of FRE 902(14).

The ILTA Litigation Practice survey results can be accessed here. For more information about how to conduct effective social medial investigations, please contact us, or request a free demo version of X1 Social Discovery.

Leave a comment

Filed under eDiscovery, Social Media Investigations