Category Archives: Corporations

Three Key eDiscovery Preservation Lessons from Small v. University Medical Center

Small v. University Medical Center is a recent 123-page decision focused exclusively on issues and challenges related to preservation of electronically stored information in a large enterprise. Its an important ESI preservation case with some very instructive takeaways for organizations and their counsel.  In Small, Plaintiffs brought an employment wage & hour class action against University Medical Center of Southern Nevada (UMC). Such wage & hour employment matters invariably involve intensive eDiscovery, and this case was no exception. When it became evident that UMC was struggling mightily with their ESI preservation and collection obligations, the Nevada District Court appointed a special master, who proved to be tech-savvy with a solid understanding of eDiscovery issues.Case Law

In August 2014, the special master issued a report, finding that UMC’s destruction of relevant information “shock[ed] the conscious.” Among other things, the special master recommended that the court impose a terminating sanction in favor of the class action plaintiffs. The findings of the special master included the following:

  • UMC had no policy for issuing litigation holds, and no such hold was issued for at least the first eight months of this litigation.
  • UMC executives were unaware of their preservation duties, ignoring them altogether, or at best addressing them “in a hallway in passing.”
  • Relevant ESI from laptops, desktops and local drives were not preserved until some 18 months into this litigation.
  • ESI on file servers containing policies and procedures regarding meal breaks and compensation were not preserved.
  • These issues could have been avoided using best practices and if chain-of-custody paperwork had been completed.
  • All of UMC’s multiple ESI vendors repeatedly failed to follow best practices

After several years of considering and reviewing the special master’s detailed report and recommendations, the court finally issued its final discovery order last month. The court concurred with the special master’s findings, holding that UMC and its counsel failed to take reasonable efforts to identify, preserve, collect, and produce relevant information. The court imposed monetary sanctions against UMC, including the attorney fees and costs incurred by opposing counsel. Additionally, the court ordered that should the matter proceed to trial, the jury would be instructed that “the court has found UMC failed to comply with its legal duty to preserve discoverable information… and failed to comply with a number of the court’s orders,” and that “these failures resulted in the loss or destruction of some ESI relevant to the parties’ claims and defenses and responsive to plaintiffs’ discovery requests, and that the jury may consider these findings with all other evidence in the case for whatever value it deems appropriate.” Such adverse inference instructions are invariably highly impactful if not effectively dispositive in a jury trial.

There are three key takeaways from Small:

  1. UMC’s Main Failing was Lacking an Established Process

UMC’s challenges all centered on its complete lack of an existing process to address eDiscovery preservation. UMC and their counsel could not identify the locations of potentially relevant ESI because there was no data map. ESI was not timely preserved because no litigation hold process existed. And when the collection did finally occur under the special master’s order, it was highly reactive and very haphazard because UMC had no enterprise-capable collection capability.

When an organization does not have a systematic and repeatable process in place, the risks and costs associated with eDiscovery increase exponentially. Such a failure also puts outside counsel in a very difficult situation, as reflected by this statement from the Small Court: “One of the most astonishing assertions UMC made in its objection to the special master’s R & R is that UMC did not know what to preserve. UMC and its counsel had a legal duty to figure this out. Collection and preservation of ESI is often an iterative process between the attorney and the client.”

Some commentators have focused on the need to conduct custodian questionnaires, but a good process will obviate or at least reduce your reliance on often unreliable custodians to locate potentially relevant ESI.

  1. UMC Claims of Burden Did Not Help Their Cause

UMC tried arguing that it was too burdensome and costly for them to collect ESI from hundreds of custodians, claiming that it took IT six hours to merely search the email account of a single custodian. Here at X1, I wear a couple of hats, including compliance and eDiscovery counsel. In response to a recent GDPR audit, we searched dozens of our email accounts in seconds. This capability not only dramatically reduces our costs, but also our risk by allowing us to demonstrate diligent compliance.

In the eDiscovery context, the ability to quickly pinpoint potentially responsive data enables corporate counsel to better represent their client. For instance, they are then able to intelligently negotiate keywords and overall preservation scope with opposing counsel, instead of flying blind. Also, with their eDiscovery house in order, they can focus on more strategic priorities in the case, including pressing the adversary on their discovery compliance, with the confidence that your client does not live in a glass house.

Conversely, the Small opinion documents several meet and confer meetings and discovery hearings where UMC’s counsel was clearly at a significant disadvantage, and progressively lost credibility with the court because they didn’t know what they didn’t know.

  1. Retaining Computer Forensics Consultants Late in the Game Did Not Save the Day

Eventually UMC retained forensic collection consultants several months after the duty to preserve kicked in. This reflects an old school reactive, “drag the feet” approach some organizations still take, where they try to deflect preservation obligations and then, once opposing counsel or the court force the issue, scramble and retain forensic consultants to parachute in.  In this situation it was already too late, as much the data had already been spoliated. And because of the lack of a process, including a data map, the collection efforts were disjointed and a haphazard. The opinion also reflects that this reactive fire drill resulted in significant data over-collection at significant cost to UMC.

In sum, Small v. University Medical Center is a 123 page illustration of what often happens when an organization does not have a systematic eDiscovery process in place. An effective process is established through the right people, processes and technology, such as the capabilities of the X1 Distributed Discovery platform. A complete copy of the court opinion can be accessed here: Small v. University Medical Center

1 Comment

Filed under Best Practices, Case Law, compliance, Corporations, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, GDPR, Information Governance, Information Management, Preservation & Collection

Data Discovery “Is the Foundation of GDPR Compliance”

Recently, I attended a very informative Microsoft GDPR Summit in Redmond, Washington. Microsoft invited their key compliance partners to brief them on Microsoft’s strong support for GDPR compliance within their Office 365 ecosystem, and to engage them in their strategy. The summit featured a slate of legal, compliance and technology experts who provided compelling insight into the GDPR, including challenges and opportunities for organizations as the May 25 enforcement date approaches.

Enza Iannopollo, a featured keynote speaker from Forrester, is an industry analyst with a deep focus on information security, data privacy and GDPR compliance. She noted that per a recent Forrester security survey, only about 30 percent of organizations report GDPR readiness. In her talks with major organizations, Iannopollo sees a strong if not belated commitment as they scramble to achieve readiness ahead of May 18. In terms of what it takes to effectuate GDPR compliance, Iannopollo presented a slide which simply stated the following: “Data Discovery and classification are the foundation of GDPR compliance.” Iannopollo said this is because the GDPR effectively requires that an organization be able to identify and actually locate, with precision, personal data of EU data subjects across the organization.

The speakers identified both a proactive and reactive requirement of data discovery under the GDPR. Iannopollo commented that a robust data discovery capability is needed to produce an intelligent data map, to classify and actually remediate non-compliant data. This data audit process should done at the outset, and also routinely executed on a recurring basis.

For reactive capabilities, Microsoft deputy general counsel John Payseno noted in a separate session that once GDPR enforcement comes online on May 25, 2018, organizations will be required to respond to data subject requests (DSRs) from individual, or groups of, EU data subjects. The DSRs under the GDPR consist of requests for data erasure, data transfer, or a confirmation that data permissively kept is done so in a minimal fashion without excessive duplication or re-purposing outside of the granted consent. Payseno said that companies must be able to document and demonstrate compliance with these DSRs, in a manner generally akin to responding to a subpoena or other legal requirement.

So a clear takeaway from the Microsoft summit is that GDPR compliance requires the ability to demonstrate and prove that personal data is being protected, requiring data audit and discovery capabilities that allow companies to efficiently produce the documentation and other information necessary to respond to regulators and EU private citizen’s requests. As such, any GDPR compliance programs are ultimately hollow without consistent, operational execution and enforcement.

While Microsoft demonstrated their capabilities to conduct effective data discovery in their O365 cloud environment, they openly acknowledge a significant gap for addressing on-premise unstructured data. Effective GDPR compliance requires the ability to gain immediate visibility into unstructured distributed data across the enterprise, through the ability to search and report across several thousand endpoints and other unstructured data sources, and return results within minutes instead of weeks or months as is the case with traditional crawling tools.

X1 Distributed Discovery (X1DD) represents a unique approach, by enabling enterprises to quickly and easily search across multiple distributed endpoints and data servers for PII and other data from a central location.  Legal and compliance teams can easily perform unified complex searches across both unstructured content and metadata, obtaining statistical insight into the data in minutes, instead of days or weeks. With X1DD, organizations can also automatically migrate, collect, delete, or take other action on the data as a result of the search parameters.  Built on our award-winning and patented X1 Search technology, X1DD is the first product to offer true and massively scalable distributed searching that is executed in its entirety on the end-node computers for data audits across an organization. This game-changing capability vastly reduces costs while greatly mitigating risk and disruption to operations.

X1DD operates on-demand where your data currently resides — on desktops, laptops, servers, or even the Cloud — without disruption to business operations and without requiring extensive or complex hardware configurations. Beyond enterprise eDiscovery, GDPR and other information governance compliance functionality, X1DD includes the award-winning X1 Search, improving employee productivity while effectuating that all too illusive actual compliance with information governance programs, including GDPR.

Leave a comment

Filed under Best Practices, compliance, Corporations, Data Audit, GDPR, Hybrid Search, Information Governance, Uncategorized

True Enterprise-Wide eDiscovery Collection is Finally Here

My previous post discussed the inability of any software provider to solve a critical need by delivering a truly scalable eDiscovery preservation and collection solution that can search across thousands of enterprise endpoints in a short period of time. In the absence of such a “holy grail” solution, eDiscovery collection remains dominated by either unsupervised custodian self-collection or manual services, driving up costs while increasing risk and disruption to business operations.

So today, we at X1 are excited to announce the release of X1 Distributed Discovery. X1 Distributed Discovery (X1DD) enables enterprises to quickly and easily search across up to tens of thousands of distributed endpoints and data servers from a central location.  Legal and compliance teams can easily perform unified complex searches across both unstructured content and metadata, obtaining statistical insight into the data in minutes, and full results with completed collection in hours, instead of days or weeks. Built on our award-winning and patented X1 Search technology, X1DD is the first product to offer true and massively scalable distributed data discovery across an organization. X1DD replaces expensive, cumbersome and highly disruptive approaches to meet enterprise discovery, preservation, and collection needs.

x1dd_diagram

Enterprise eDiscovery collection remains a significant pain point, subjecting organizations to both substantial cost and risk. X1DD addresses this challenge by starting to show results from distributed data across global enterprises within minutes instead of today’s standard of weeks, and even months. This game-changing capability vastly reduces costs while greatly mitigating risk and disruption to operations.

Targeted and iterative end point search is a quantum leap in early data assessment, which is critical to legal counsel at the outset of any legal matter. However, under today’s industry standard, the legal team is typically kept in the dark for weeks, if not months, as the manual identification and collection process of distributed, unstructured data runs its expensive and inefficient course.  To illustrate the power and capabilities of X1DD, imagine being able to perform multiple detailed Boolean keyword phrase searches with metadata filters across the targeted end points of your global enterprise. The results start returning in minutes, with granular statistical data about the responsive documents and emails associated with specific custodians or groups of custodians.

Once the legal team is satisfied with a specific search string, after sufficient iteration, the data can then be collected by X1DD by simply hitting the “collect” button. The responsive data is “containerized” at each end point and automatically transmitted to a central location, where all data is seamlessly indexed and ready for further culling and first pass review. Importantly, all results are tied back to a specific custodian, with full chain of custody and preservation of all file metadata.

This effort described above — from iterative distributed search through collection, transmittal to a central location, and indexing of data from thousands of endpoints — can be accomplished in a single day. Using manual consulting services, the same project would require several weeks and hundreds of thousands of dollars in collection costs alone, not to mention significant disruption to business operations. Substantial costs associated with over-collection of data would mount as well.

X1DD operates on-demand where your data currently resides — on desktops, laptops, servers, or even the Cloud — without disruption to business operations and without requiring extensive or complex hardware configurations. Beyond enterprise eDiscovery and investigation functionality, organizations can offer employees the award-winning X1 Search, improving productivity while maintaining compliance.

X1DD will be featured in an April 19 webinar with eDiscovery expert Erik Laykin of Duff & Phelps. Watch a full briefing and technical demo of X1DD and find out for yourself why X1 Distributed Discovery is a game-changing solution. Or please contact us to arrange for a private demo.

Leave a comment

Filed under Best Practices, Corporations, Desktop Search, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, Information Governance, Information Management, Preservation & Collection, X1 Search 8

VMworld 2014 Hot Topics – VDI, Hybrid Cloud & Mobility

VMworldNext week, the VMworld conference kicks off and all of us at X1 are excited.  VMworld gives X1 the opportunity to introduce our newly-minted VMware Ready products – X1 Search 8, X1 Search 8 Virtual Edition, and X1 Rapid Discovery – to VMware users.  Perhaps more importantly, though, the conference is an opportunity to hear where the world is moving with regard to several hot topic areas:  VDI; hybrid cloud; and mobility.

Desktop virtualization promises many benefits: lower IT costs; streamlined administration of IT assets; and end-user flexibility in terms of accessing the desktop from anywhere.  Given the popularity of BYOD, the consumerization of IT, and the need for mobility to support telecommuting, VDI is becoming more and more important.  There look to be some compelling sessions at the show about customer successes using VDI that will show not only that the benefits of VDI are real, but also how others can learn from those successes to continue to drive VDI adoption.  At our booth, X1 will continue to remind folks building unified search into VDI requirements early on can optimize VDI deployments.  At the very least, this will help to ensure that end-users are more receptive to the virtual desktop and allow them to remain productive.  Getting end-users to buy in is often half the battle when deploying new technology.  When it comes to VDI environments, a good search solution must decouple the search UI from the indexing service.  Otherwise, indexing will require virtual desktop computing resources and cut into VDI cost savings.  The goal is to minimize the RAM usage and search client footprint on the virtual desktop.

Hybrid cloud is a combination of a private IT infrastructure and a public cloud.  The public and private cloud infrastructures then communicate over an encrypted connection and can port data and applications back and forth.  Hybrid cloud is hot because it delivers real benefits:  increased speed of access time and reduced latency because of an on-premise, private infrastructure that is accessible directly as opposed to through the internet; more flexibility to have on-premises infrastructure that can support the average workload and to leverage the public cloud when the workload exceeds the power of the private cloud component; and more flexibility in server designs that can lower the costs of storage.  X1 will detail to booth visitors how unified search of information no matter where it lives – cloud, on-premise, hybrid – can make hybrid cloud environments more user-friendly.  Products like X1 Rapid Discovery enable hybrid search that lets IT glean all the benefits of hybrid cloud while ensuring end-users are happy with their ability to find information.

Mobility is an important topic and complementary to both VDI and hybrid cloud.  VDI and hybrid cloud environments will enable business professionals to be mobile and productive.  One of the keys to productivity is fast, easy access to information – and that is exactly what X1 provides.  The architecture for X1 Search 8 Virtual Edition stands to enable better access to information on more and more devices.  We are excited for VMworld because it means the opportunity to meet further with the VMware Airwatch team and understand how X1 can continue to partner with VMware in new and innovative ways.

If you are going to be at VMworld, please come see X1 at Booth #2436.  We would be happy to show you our products and how they can complement existing or planned VMware investments.

Leave a comment

Filed under Corporations, Desktop Search, Enterprise Search, Hybrid Search, Uncategorized

As Desktop-as-a-Service Gains Traction, Do Not Overlook Productivity Search

by Barry Murphy

Oftentimes, federal government agency IT departments are technology early adopters because of mandates to cut costs and increase efficiencies and business agility. It is not surprising, then, to see FCW.com pointing out that agencies are embracing Virtual Desktop Infrastructure (VDI). Benefits of VDI include simpler and more automated systems administration, better control over security (always a big factor for government agencies), and lower costs for client-side support. Those “hard” benefits are only part of the story – VDI also enables worker mobility (especially important to the Department of Energy) and helps enable more “green IT.” Because VDI provides a zero client environment, it can reduce the required power consumption per desktop, thereby reducing the environmental impact of the agency’s IT systems. This is perhaps more of a soft benefit, but a necessary one nonetheless.

As the FCW article states, there are now two options for deploying VDI: on-premise and through the Cloud, as Desktop-as-a-service (DaaS). There are good market options in both directions, with on-premise providers like Citrix and VMWare, and DaaS providers such as Amazon (with its Workspaces offering) and the aforementioned VMWare (with its Horizon offering). Whichever direction an organization chooses for its VDI, it is critical to remember that business worker adoption and acceptance is the key to ROI. In my experience, one thing that scares business workers when moving to VDI is the potential loss of easy access to their information assets. With VDI, it is a best practice to turn off Windows indexing, and that can leave a business worker without the ability to search for his or her information.

DaaS

With VDI in the Cloud, the DaaS provider will want to manage virtual computing resources diligently – also meaning that desktop indexing will likely be turned off. And with government agencies increasingly storing information in the Cloud, it can make search of that data a challenge. There is an opportunity to ensure a better business worker transition in these environments – build in productivity search requirements up front. Business worker access to information is an important component of easing any kind of end-user angst when transitioning to a new desktop environment. Providing these workers with unified access to common information like email, files, and SharePoint will help with change management and user acceptance. And it is important to stress again – without the end-users, there is no ROI on these VDI projects. Therefore, the upfront productivity search requirements should include a search solution that supports VDI environments and that is deployable in the Cloud, like X1 Rapid Discovery.

The move is on to VDI in the federal government, and industries like financial services and professional services are also in the midst of VDI roll-outs. These early adopters will set the trend of many industries. If the early adopters require excellent business worker productivity search experiences, acceptance of these new technologies will be much smoother and more successful. And that is good for everyone – VDI vendors and customers.

Leave a comment

Filed under Best Practices, Cloud Data, Corporations, Desktop Search, Enterprise Search, IaaS, Information Access, Information Management, Records Management, Virtualized Environment