Category Archives: Best Practices

February 3, 2021 · 10:12 AM

The Reddit Evidence Hotbed: Three Important Tips for Reddit Web Investigations

By John Patzakis and Ashley Aranega

Over the past two weeks, stock traders fueled by Reddit message boards have engaged in a classic short squeeze that could involve potentially illegal behavior. Financial crime investigators as well as corporate risk and eDiscovery teams are scouring Reddit to identify and preserve critical evidence. With the stakes high, such investigations must be performed consistent with best practices in order to properly preserve and analyze data within pressing time constraints. Here are three key tips to help investigators to be as complete and efficient as possible.

  1. Automated Web Capture with Native Format Collection is a Must

Financial investigations of this scope require the analysis of thousands if not tens of thousands of social media posts and web pages. Flat file screen grabs will not do the job because they cannot be collected at scale, readily searched, nor organized in a streamlined manner. An investigator must be able to capture a single thread expanded to include up to hundreds of comments per post or crawl an entire publicly available Reddit Account collecting up to thousands of posts by that user on an automated basis. Once captured, the data must be searched, analyzed, and tagged all in line. None of this is possible with a manual print screen effort.

  1. The Investigation Should Include Other Social Media Sources and Web Feeds

Here is a very notable Tweet from Elon Musk:

He is directing people to a Reddit board where speculative investors congregate and plan short squeeze activity. Musk’s ill-advised social media posts have gotten him into previous trouble with the SEC, and this Tweet could be pushing the envelope. It demonstrates why multiple web sources and social media accounts are essential to cross-reference and consolidate as evidence. Your social media investigation and analysis platform should enable you to search, sort, and analyze multiple social media accounts from different sources, all in the same interface. This again is impossible with screenshot based tools and workflows.

  1. Native and Granular Output is Critical

Securities fraud investigations often involve copious amounts of web-based evidence. It is extremely difficult to collect and analyze thousands of Reddit posts without the right technology. It is even more difficult to process and load those items into an attorney review platform if they are simple screenshots. Print screen as a social media evidence collection method only leads to higher costs for many reasons, namely because the resulting output is a truncated, unsearchable, flat image that fails to retain the all-important metadata. As a result, a substantial amount of secondary processing must be done to upload the social media images into a standard attorney review platform. The images must be run through OCR, the various requisite metadata fields must be manually entered, and the truncated screenshots reassembled into context, so they appear and read as they did in their original state. All this will typically cost thousands of dollars in additional processing fees.

Above is a screenshot of key Reddit evidence captured by and displayed in X1 Social Discovery. X1 Social can capture a single thread or crawl an entire Reddit account, collecting up to thousands of posts by individual users on an automated basis. Once captured by X1, the data can be effectively searched, tagged, and exported out to load file or in native format as well as PDF. X1 Social Discovery is the most comprehensive and efficient tool for Reddit collections. Tweets, Reddit posts, and other social media evidence can be exported in one fell swoop into the same deliverable. Simply put, for serious web-based securities investigations, there is no other option.

Leave a comment

Filed under Best Practices, eDiscovery, Preservation & Collection, Social Media Investigations, Social Media Metadata

January 27, 2021 · 10:28 AM

Architecting a New Paradigm in Legal Governance

By Michael Rasmussen

Editor’s note: Today we are featuring a guest blog post from Michael Rasmussen, the GRC Pundit & Analyst at GRC 20/20 Research, LLC.

Exponential growth and change in business strategy, risks, regulations, globalization, distributed operations, competitive velocity, technology, and business data encumbers organizations of all sizes. Gone are the years of simplicity in business operations.

Managing the complexity of business from a legal and privacy perspective, governing information that is pervasive throughout the organization, and keeping continuous business and legal change in sync is a significant challenge for boards, executives, as well as the legal professionals in the legal department. Organizations need an integrated strategy, process, information, and technology architecture to govern legal, meet legal commitments, and manage legal uncertainty and risk in a way that is efficient, effective, and agile and extends into the broader enterprise GRC architecture.

In my previous blog, Operationalizing GRC in Context of Legal & Privacy: The Last Mile of GRC, I began this discussion, and here I aim to expound on it further from a legal context.

Legal today is more than legal matters, actions, and contracts. Today’s legal organization has to respond to incident/breach reporting and notification laws in a timely and compliant manner, respond to Data Subject Access Requests (DSAR), harmonize and monitor retentions obligations, conduct eDiscovery, manage legal holds on data, and continuously monitor regulations and legislation and apply them to a business context.

In today’s global business environment, a broad spectrum of economic, political, social, legal, and regulatory changes are continually bombarding the organization. The organization continues to see exponential growth of regulatory requirements and legal obligations (often conflicting and overlapping) that must be met, which multiply as the organization expands global operations, products, and services. This requires an integrated approach to legal governance, risk management, and compliance (GRC) with a goal to reliably achieve objectives while addressing uncertainty and act with integrity.[1] This includes adherence to mandatory legal requirements and voluntary organizational values and the boundaries each organization establishes. The legal department, with responsibility for understanding matter management, issue identification, investigations, policy management, reporting and filing, legal risk, and the regulatory obligations faced by the organization, is a critical player in GRC (what is understood as Enterprise or Integrated GRC), as well as improving GRC within the legal function itself.

A successful legal management information architecture will be able to connect information across risk management and business systems. This requires a robust and adaptable legal information architecture that can model the complexity of legal information, discovery, transactions, interactions, relationship, cause and effect, and the analysis of information, which can integrate and manage a range of business systems and external data. Key to this information architecture is a clear data inventory and map of information that informs the organization of what data it has, who in the organization owns it, what regulatory retention obligations are attached to it, and what third parties have access to it. This is a fundamental requirement for applying process and effectively operationalizing an organization’s GRC activities, as detailed in the previous blog.

There can and should be an integrated technology architecture that extends GRC technology and operationalizes it in a legal and privacy context. This connects the fabric of the legal processes, information, discovery, and other technologies together across the organization. This is a hub of operationalizing GRC and requires that it be able to integrate and connect with a variety of other business systems, such as specialized legal discovery solutions and integrate with broader enterprise GRC technology.

The right technology architecture choice for an organization involves the integration of several components into a core enterprise GRC and Legal GRC architecture – which can facilitate the integration and correlation of legal information, discovery, analytics, and reporting. Organizations suffer when they take a myopic view of GRC technology that fails to connect all the dots and provide context to discovery, business analytics, objectives, and strategy in the real-time that a business operates in. 

Extending and operationalizing GRC processes and technology in context of legal and privacy enables the organization to use its resources wisely to prevent undesirable outcomes and maximize advantages while striving to achieve its objectives. A key focus is to provide legal assurance that processes are designed to mitigate the most significant legal issues and are operating as designed. Effective management of legal risk and exposure is critical to the board and executive management, who need a reliable way to provide assurance to stakeholders that the enterprise plans to both preserve and create value. Mature GRC enables the organization to weigh multiple inputs from both internal and external contexts and use a variety of methods to analyze legal risk and provide analytics and modeling.

[1] This is the OCEG definition of GRC.

Leave a comment

Filed under Best Practices, CaCPA, eDiscovery & Compliance, GDPR, Information Governance, Information Management, Uncategorized

December 22, 2020 · 11:14 AM

Operationalizing GRC in Context of Legal & Privacy: The Last Mile of GRC

By Michael Rasmussen

Editor’s note: Today we are featuring a guest blog post from Michael Rasmussen, the GRC Pundit & Analyst at GRC 20/20 Research, LLC.

At its core, GRC is the capability to reliably achieve objectives [GOVERNANCE], address uncertainty [RISK MANAGEMENT], and act with integrity [COMPLIANCE]. GRC is something organizations do, not something they purchase. They govern, they manage risk, and they comply with obligations. However, there is technology to enable GRC related processes, such as legal and privacy, to be more efficient, effective, and agile.

However, too often the focus on GRC technology is limited to the process management of forms, workflow, tasks, and reporting. These are critical and important elements, but the role of technology for GRC is so much broader to operationalize GRC activities that are labor intensive, particularly in the context of legal and privacy. Simply managing forms, workflow, and tasks are no longer enough. Organizations need to start thinking how they can integrate eDiscovery and data/information governance solutions within their core GRC architecture.

What is needed is the ability to search, find, monitor, interact, and control data throughout the business environment. GRC platforms are excellent at managing forms, workflow, tasks, analytics, and reporting. But behind the scenes there are still labor-intensive tasks or disconnected solutions that actually find, control, and assess the disposition of sensitive data in the enterprise. eDiscovery and information governance solutions have been disconnected and not strategically leveraged for GRC purposes. Together, the core GRC platform that integrates with eDiscovery and information governance technologies builds exponential economies in efficiency, effectiveness, and agility.

Specifically, an integrated GRC solution that weds the core GRC platform with eDiscovery and information governance technology delivers full value to an organization that:

  • Discovers the attributes and metadata of data no matter where it lives within the environment as a key component of GRC processes for legal and privacy compliance.
  • Enables 360° awareness to assessments by discovering the information needed to conduct and deliver assessments effectively into the core GRC platform.
  • Delivers a centralized console to interact with data/information and metadata of files on devices across the organization (such as network file shares, OneDrive, and Dropbox data).
  • Automates the ability to interact with downstream endpoints/systems to provide the ability to search the content of records for keywords and perform analysis using regular expressions and classifiers.
  • Controls data wherever it is with the ability to get to the data and analyze it from a centralized console.

An integrated approach that brings together the core GRC platform with eDiscovery and information governance technology enables the organization to discover, manage, monitor, and control data right from the central GRC platform console. It enables the organization to get centralized and accessible insight into where sensitive information is, how it is being used, and what can be done with it.

  • For example. Within the GRC platform I can initiate a search based on key words or patterns (e.g., social security number). The eDiscovery/information governance solution then finds where that information is throughout the enterprise and delivers a list of records back to the GRC platform for analysis and monitoring.

This enables an integrated GRC architecture that brings 360° contextual awareness into information across the enterprise. It delivers enhanced efficiency in time saved and money saved chasing information through disconnected solutions and processes, it provides greater effectiveness through insight and control of information and enables greater agility across a dynamic environment to be responsive to issues of information governance. Together, a GRC platform with eDiscovery/information governance capabilities enables and delivers more complete and accurate data governance and privacy assessments, integrated findings, with the ability to manage remediation tasks from one central place.

Leave a comment

Filed under Best Practices, CaCPA, Data Audit, eDiscovery & Compliance, GDPR, Information Governance, Information Management

December 9, 2020 · 10:44 AM

Traditional eDiscovery Processing is Now Obsolete

By John Patzakis

eDiscovery can be a very expensive process and time consuming when traditional methods are employed. With legacy processes, from the time ESI collection starts, it often takes weeks for the data to finally end up in review. Time is money, and this dramatically increases costs as well as risk.

ESI processing is a dedicated and often expensive step in the EDRM workflow. The majority of ESI processing consists of data culling and filtering, deduplication, text extraction, metadata preservation, and then staging the data for upload into a review platform, often in the form of a load (DAT) file.  Using ESI processing methods that involve on-premise hardware appliances that are not integrated with the collection process and do not integrate with review platforms like Relativity significantly increase cost and time delays. This means practitioners have to spend the often several weeks that are required by other cumbersome solutions through manual collections and multiple hand-offs.

However, the latest in collection technologies will now combine targeted collection with these processing steps that are performed “on the fly” and in the background so that the data is automatically collected, processed and uploaded into a review platform such as Relativity in one fell swoop.

The graphic below is an illustration contrasting the challenges associated with traditional eDiscovery processes, with the far more efficient new paradigm. When you engage in manual collection, and then manual on-premise hardware-based processing, and finally manual upload to review, you are extending the process by often weeks, you are dramatically increasing cost and risk with many manual data handoffs.

Providing a contrast to traditional methods, a recent Relativity webinar featured the integration of the X1 Distributed Discovery platform with its RelativityOne Collect solution. A live demonstration performed by Relativity Product Manager Greg Evans highlighted in real time how the integration dramatically improves the enterprise eDiscovery process by enabling a targeted and efficient search and collection process, with full and integrated ESI processing. Within minutes, data collected from endpoints with X1 is populated straight into a Relativity workspace, fully processed and ready for review, without any human interaction once the collection is started.

So in terms of the big picture, this X1/Relativity integration not only streamlines enterprise ESI collection, but it relegates ESI processing to a completely automated background function as an afterthought. That’s what disruption looks like.

A recording of the X1/Relativity integration webinar can be accessed here.

Leave a comment

Filed under Best Practices, collection, eDiscovery, Enterprise eDiscovery, ESI, Uncategorized

December 1, 2020 · 9:53 AM

Relativity Highlights Its X1 Integration for ESI Collection

By John Patzakis

Recently, Relativity hosted a live webinar featuring the integration of the X1 Distributed Discovery platform with its RelativityOne Collect solution. This X1/Relativity integration enables game-changing efficiencies in the eDiscovery process by accelerating speed to review, and providing an end-to-end process from identification through production. As stated by Relativity Chief Product Officer Chris Brown: “Our exciting new partnership with X1 highlights our continued commitment to providing a streamlined user experience from collection to production…RelativityOne users will be able to combine X1’s innovative endpoint technology with the performance of our SaaS platform, eliminating the cumbersome process of manual data hand-offs and allowing them to get to the pertinent data in their case – faster.”

The webinar featured a live demonstration showing X1 quickly collecting data across multiple custodians and seamlessly importing that data into RelativityOne in minutes. Relativity Collect currently supports Office 365 and Slack sources, and Relativity Product Manager Greg Evans noted that “this X1 integration will now enable Relativity Collect to also reach emails and files on laptops, servers,” and other network sources. The webinar outlined how the Relativity/X1 integration streamlines eDiscovery processes by collapsing the many hand-offs built into current EDRM workflows to provide greater speed and defensibility. Evans also said that new normal of web-enabled collections of remote custodians and data sources was a major driver for the Relativity/X1 alliance, as “remote collections now represent 90 percent of all eDiscovery collections happening right now.”

Adam Rogers, of Complete Discovery Source, a customer of both X1 and RelativityOne, highlighted a recent major multi-national litigation where the X1 and Relativity integration was critical to the success of the project. Adam noted that the effort would have taken about 30 days utilizing traditional methods, “but with this X1 and Relativity integration, we cut it down to 3 days, because with X1, we were able to index everything in-place, search, analyze and categorize that data right away, and then release that data to Relativity for review.”

The live demonstration performed by Greg Evans highlighted in real time how the integration improves the enterprise eDiscovery collection and ECA process by enabling a targeted and efficient search and collection process, with immediate pre-collection visibility into custodial data. X1 Distributed Discovery enhances the eDiscovery workflow with integrated culling and deduplication, thereby eliminating the need for expensive and cumbersome electronically stored information (ESI) processing tools. That way, the ESI can be populated straight into Relativity from an X1 collection.

The X1 and Relativity integration addresses several pain points in the existing eDiscovery process. For one, there is currently an inability to quickly and remotely search across and access distributed unstructured data in-place, meaning eDiscovery teams have to spend weeks or even months to collect data as required by other cumbersome solutions. Additionally, using ESI processing methods that involve appliances that are not integrated with the collection will significantly increase cost and time delays.

So in terms of the big picture, with this integration providing a complete platform for efficient data search, eDiscovery and review across the enterprise, organizations will save a lot of time, save a lot of money, and be able to make faster and better decisions. When you accelerate the speed to review and eliminate over-collection, you are going to have much better early insight into your data and increase efficiencies on many levels.

A recording of the X1/Relativity integration webinar can be accessed here.

Leave a comment

Filed under Best Practices, collection, ECA, eDiscovery, Enterprise eDiscovery, ESI