Category Archives: eDiscovery & Compliance

Assessing GDPR 30 Days In: A Report from the Field

Enforcement of the EU General Data Protection Regulation (GDPR) began May 25, 2018, and this new development is significantly reshaping the information governance landscape for organizations worldwide that control, process or store the data of European residents. Yesterday, X1 hosted a live webinar featuring GDPR experts Jay Kramer, a partner at Lewis Brisbois in the firm’s cybersecurity and privacy group, and Marty Provin, executive vice president at Jordan Lawrence.

Kramer provided a “battlefield report” about what he is seeing from the field and hearing from his various clients, with three main observations:

  1. Many are still late to the game. Kramer noted that he has several clients contacting him well after the May 25 enforcement date to begin the process of GDPR compliance.
  1. GDPR compliance maps to best practices. Becoming GDPR ready is a good business decision because it establishes transparency, data privacy and security processes that companies should be doing anyway.
  1. Now that the law has gone into effect, organizations that have been proactive are quickly transitioning from readiness to operational compliance and enforcement. For instance, many organizations are finding themselves responding to data subject access requests.

Kramer also noted that while much focus has been on potential fines levied under GDPR, organizations need to be aware that individuals can file complaints with the supervisory authorities under article 77, or even bring their own private actions, citing article 82. These claims have already been brought in the form of class actions, and Kramer expressed concern that many more claims could be fanned by “privacy trolls” – similar in concept to “patent trolls” – or by disgruntled customers or ex-employees.

Marty Provin outlined the importance of information governance and data classification in support GDPR compliance, especially from a standpoint of the need to operationalize policies and procedures in order to identify non-compliant data throughout your organization, and properly respond to regulatory requirements and data subject access requests. Kramer seconded that point, noting that the GDPR requires that an organization have absolute knowledge of where all EU personal data is stored across the enterprise and be able to remove or minimize it when required.

This readiness is achieved through planning, data mapping, and data classification. Provin provided an informative overview of these processes, based upon his extensive experience implementing such best practices for his clients over the past 20 years. Marty observed that it is also important to have a solution like X1 Data Audit and Compliance to search and identify documents, emails and other records across your enterprise that are non-compliant with GDPR. Such a capability is essential to address both the proactive and reactive components of GDPR.

The final segment of the webinar included a live demonstration of a proactive data audit across numerous computers to find PII of EU data subjects. The second half of the demonstration illustrated an effective response to an actual data subject access request in the form of a request by an individual to have their data erased.

In addition to comprehensive search, the demo highlighted the ability of X1 to also report in a detailed fashion and then take action on identified data by migrating it or even delete in place, including within email containers.

A recording of this informative and timely webinar is available for viewing here.

 

 

Leave a comment

Filed under Best Practices, eDiscovery & Compliance, GDPR, Information Governance, Records Management, Uncategorized

X1 Announces Strategic Product Integration with Relativity

Today we are announcing some exciting news. Our X1 enterprise eDiscovery solution now integrates with Relativity, the industry leading e-discovery platform. X1 Insight & Collection, a component of the X1 Distributed Discovery platform, allows enterprises to search across and collect from up to thousands of custodians in hours, now with direct upload into Relativity, including RelativityOne, utilizing Relativity’s import APIs.

The X1 and Relativity integration addresses several pain points in the existing e-discovery process. For one, there is currently an inability to quickly search across all unstructured data, meaning users have to spend the weeks or even months that are required by other cumbersome solutions. Additionally, using ESI processing methods that involve appliances that are not integrated with the collection significantly increase cost and time delays. And with such an  inefficient process there is simply no way for attorneys and legal professionals to gain immediate visibility into data, often leaving them to wait weeks before they have a chance to assess the data, post- collection.

The X1/Relativity integration directly addresses these challenges. Among the substantial benefits of this integration is the dramatic increase in speed to review, flowing directly from the custodian into Relativity on-premise or into the cloud-based RelativityOne platform. And this integration significantly reduces or completely eliminates inefficient ESI processing. X1 will search, cull and de-duplicate data at the point of collection and now integrates with the Relativity ingestion API, rendering inefficient and expensive processing appliances obsolete.

Organizations will be given real time early case assessment within minutes of initial search instead of taking days and weeks for this insight.  All of this is achieved with a truly repeatable end-to-end process for enterprises. The combination of X1 and Relativity provides a full and complete e-discovery platform.

“Collecting enterprise ESI can be one of the most daunting parts of the e-discovery process,” said Drew Deitch, senior manager for strategic partnerships at Relativity. “We’re excited to bring X1 into the App Hub, where it will offer users another great way to access, search, process, and import enterprise data into Relativity.”

Finally, with this integration providing a complete platform for efficient data search, discovery and review across the enterprise, this also enables organizations to very effectively address numerous information governance use cases such as GDPR compliance, identifying and removing PII and conducting IP data audits.

To see X1 in action, we have a 7-minute demonstration video including this integration with Relativity available here.

Leave a comment

Filed under Best Practices, ECA, eDiscovery, eDiscovery & Compliance, Information Governance, Preservation & Collection, Uncategorized

eDiscovery Tech Can Effectively Address Key Cybersecurity Requirements

Organizations spent an estimated 122.45 billion USD in 2016 on cybersecurity defense solutions and services, in a never-ending effort to procure better firewalls, anti-malware tools, and intrusion detection and prevention systems to keep hackers out of their networks. However, recent industry studies clearly demonstrate that threats posed by insiders (whether through malice or negligent conduct) dwarf those from the outside.

In fact, industry experts assert that employees are inadvertently causing corporate data breaches and leaks daily. The Ponemon Institute recently surveyed hundreds of companies in its 2016 Cost of Data Breach Study.  Among 874 incidents, the survey revealed that 568 were caused by employee or contractor negligence; 191 by malicious insiders and only 85 incidents purely attributed to outsiders.

An insider is any individual who has authorized access to corporate networks, systems or data.  This may include employees, contractors, or others with permission to access an organizations’ systems. With the increased volume of data and increased sophistication and determination of attackers looking to exploit unwitting and even recruit malicious insiders, businesses are more susceptible to insider threats than ever before.

The most serious and often devastating cybersecurity incidents are usually related to “spear phishing” attacks, which are comprised of targeted and often highly customized electronic communications sent to specific individuals in a business that appear to come from a trusted individual or business. The targeted insider is often tricked into disclosing their passwords, providing highly sensitive information, or installing malware on their computer. These attacks tend to be successful because they are so customized and are designed to evade traditional cybersecurity defenses.

Much of the evidence and other indications of spear phishing and malicious insider incidents are not found in firewall logs and typically cannot be flagged or blocked by intrusion detection or intrusion prevention systems. Instead, much of that information is found in the emails and locally stored documents of end users spread throughout the enterprise. To detect, identify and effectively respond to insider threats, organizations need to be able to search across this data in an effective and scalable manner. Additionally, proactive search efforts can identify potential security violations such as misplaced sensitive IP, or personal customer data or even password “cheat sheets” stored in local documents.

To date, organizations have employed limited technical approaches to try and identify unstructured distributed data stored across the enterprise, enduring many struggles. For instance, forensic software agent-based crawling methods are commonly attempted but cause repeated high user computer resource utilization for each search initiated and network bandwidth limitations are being pushed to the limits rendering this approach ineffective. So being able to search and audit across at least several hundred distributed end points in a repeatable and quick fashion is effectively impossible under this approach.

What has always been needed is gaining immediate visibility into unstructured distributed data across the enterprise, through the ability to search and report across several thousand endpoints and other unstructured data sources, and return results within minutes instead of days or weeks. None of the traditional approaches come close to meeting this requirement. This requirement, however, can be met by the latest innovations in enterprise eDiscovery software.

X1 Distributed Discovery (X1DD) represents a unique approach, by enabling enterprises to quickly and easily search across multiple distributed endpoints from a central location.  Legal, cybersecurity, and compliance teams can easily perform unified complex searches across both unstructured content and metadata, obtaining statistical insight into the data in minutes, instead of days or weeks. With X1DD, organizations can proactively or reactively search for confidential data leakage and also keyword signatures of customized spear phishing attacks. Built on our award-winning and patented X1 Search technology, X1DD is the first product to offer true and massively scalable distributed searching that is executed in its entirety on the end-node computers for data audits across an organization. This game-changing capability vastly reduces costs and quickens response times while greatly mitigating risk and disruption to operations.

X1DD operates on-demand where your data currently resides — on desktops, laptops, servers, or even the Cloud — without disruption to business operations and without requiring extensive or complex hardware configurations.

Beyond providing enterprise eDiscovery and information governance functionality for an organization, employees benefit from having use of the award-winning X1 Search product to improve their productivity, with the added benefit of allowing the business to address the prevalent cybersecurity gap in addressing spear phishing attacks and other insider threats.

 

Leave a comment

Filed under compliance, Cybersecurity, eDiscovery, eDiscovery & Compliance

New Federal Rule of Evidence to Directly Impact Computer Forensics and eDiscovery Preservation Best Practices

At X1, an essential component of our mission is to develop and support exceptional technology for collecting electronic evidence to meet eDiscovery, investigative and compliance requirements. It is also our goal to keep you abreast of important developments in the industry that could ultimately impact collection strategies in the future and, consequently, your business.  To that end, we believe key new Federal Rules of Evidence will have a very significant impact on the practices of our customers and partners.

In a nutshell, the new development is a significant planned amendment to Federal Rule of Evidence 902 that will go into effect one year from now. This amendment, in the form of new subsection (14), is anticipated by the legal community to significantly impact eDiscovery and computer forensics software and its use by establishing that electronic data recovered “by a process of digfederalrulesofevidence-188x300_flat2ital identification” is to be self-authenticating, thereby not routinely necessitating the trial testimony of a forensic or technical expert where best practices are employed, as certified through a written affidavit by a “qualified person.” Notably, the accompanying official Advisory Committee notes specifically reference the importance of both generating “hash values” and verifying them post-collection as a means to meet this standard for self-authentication. This digital identification and verification process can only be achieved with purpose-built computer forensics or eDiscovery collection and preservation tools.

Rule 902, in its current form, enumerates a variety of documents that are presumed to be self-authenticating without other evidence of authenticity. These include public records and other government documents, notarized documents, newspapers and periodicals, and records kept in the ordinary course of business. New subpart (14) will now include electronic data collected via a process of digital identification as a key addition to this important rule.

Amended Rule 902, in pertinent part, reads as follows:

Rule 902. Evidence That Is Self-Authenticating
The following items of evidence are self-authenticating; they require no extrinsic evidence of authenticity in order to be admitted:
* * *
(14) Certified Data Copied from an Electronic Device, Storage Medium, or File.
Data copied from an electronic device, storage medium, or file, if authenticated by a process of digital identification, as shown by a certification of a qualified person that complies with the certification requirements of Rule 902(11) or (12).

The reference to the “certification requirements of Rule 902(11) or (12)” is a process by which a proponent seeking to introduce electronic data into evidence must present a certification in the form of a written affidavit that would be sufficient to establish authenticity were that information provided by a witness at trial. This affidavit must be provided by a “qualified person,” which generally would be a computer forensics, eDiscovery or information technology practitioner, who collected the evidence and can attest to the requisite process of digital identification utilized.

In applying Rule 902(14), the courts will heavily rely on the accompanying Judicial Conference Advisory Committee notes, which provide guidance and insight concerning the intent of the laws and how they should be applied. The Advisory Committee notes are published alongside the statute and are essentially considered an extension of the rule. The second paragraph of committee note to Rule 902(14) states, in its entirety, as follows:

“Today, data copied from electronic devices, storage media, and electronic files are ordinarily authenticated by ‘hash value.’ A hash value is a number that is often represented as a sequence of characters and is produced by an algorithm based upon the digital contents of a drive, medium, or file. If the hash values for the original and copy are different, then the copy is not identical to the original. If the hash values for the original and copy are the same, it is highly improbable that the original and copy are not identical. Thus, identical hash values for the original and copy reliably attest to the fact that they are exact duplicates. This amendment allows self-authentication by a certification of a qualified person that she checked the hash value of the proffered item and that it was identical to the original. The rule is flexible enough to allow certifications through processes other than comparison of hash value, including by other reliable means of identification provided by future technology.”

The Advisory Committee notes further state that Rule 902(14) is designed to streamline the admission of electronic evidence where its foundation is not at issue, while providing a notice procedure where “the parties can determine in advance of trial whether a real challenge to authenticity will be made, and can then plan accordingly.” While this rule provides that properly certified electronic data is now afforded a strong presumption of authenticity, the opponent may still lodge an objection, but the opponent now has the burden to overcome that presumption.  Additionally, the opponent remains free to object to admissibility on other grounds, such as relevance or hearsay.

Significant Impact Expected

While Rule 902(14) applies to the Federal Courts, the Rules of Evidence for most states either mirror or closely resemble the Federal Rules of Evidence, and it is thus expected that most if not all 50 states will soon adapt this amendment.

Rule 902(14) will most certainly and significantly impact computer forensics and eDiscovery practitioners by reinforcing best practices. The written certification required by Rule 902(14) must be provided by a “qualified person” who utilized best practices for the collection, preservation and verification of the digital evidence sought to be admitted. At the same time, this rule will in effect call into question electronic evidence collection methods that do not enable a defensible “digital identification” and verification process. In fact, the Advisory Committee notes specifically reference the importance of computer forensics experts, noting that a “challenge to the authenticity of electronic evidence may require technical information about the system or process at issue, including possibly retaining a forensic technical expert.”

In the eDiscovery context, I have previously highlighted the perils of both custodian self-collection for enterprise ESI collection and “print screen” methods for social media and website preservation. Rule 902(14) should provide the final nail in the coffin for those practices. For instance, if key social media evidence is collected through manual print screen, which is not a “process of digital identification” under Rule 902(14), then not only will the proponent of that evidence fail to take advantage of the efficiencies and cost-savings provided by the rule, they will also invite heightened scrutiny for not preserving the evidence utilizing best practices. The same is true for custodian self-collection in the enterprise. Many emails and other electronic documents preserved and disclosed by the producing party are often favorable to their case.  Without best practices utilized for enterprise data collection, such as with X1 Distributed Discovery, that information may not be deemed self-authenticating under this new rule.

In the law enforcement field, untrained patrol officers or field investigators are too often collecting electronic evidence in a manual and haphazard fashion, without utilizing the right tools that qualify as a “process of digital identification.” So for an example, if an untrained investigator collects a web page via the computer’s print screen process, that printout will not be deemed to be self-authenticating under Rule 902(14), and will face significant evidentiary hurdles compared to a properly collected web page via a solution such as X1 Social Discovery.

Also being added to Federal Rule of Evidence 902 is subpart (13), which provides that “a record generated by an electronic process or system that produces an accurate result” is similarly self-authenticating. This subpart will also have a beneficial impact on the computer forensics and eDiscovery field, but to a lesser degree than subpart (14). I will be addressing Rule 902(13) in a future post. The public comment period on amendments (13) and (14) is now closed and the Judicial Conference of the United States has issued its final approval. The amendments are currently under review by the US Supreme Court. If the Supreme Court approves these amendments as expected, they will become effective on December 1, 2017 absent Congressional intervention.

To learn more about this Rule 902(14) and other related topics, we’d like to invite you to watch this 45 minute webinar discussion led by David Cohen, Partner and Chair of Records & eDiscovery Group at Reed Smith LLP. The 45 minute webinar includes a Q&A following the discussion. We look forward to your participation.

Watch now > 

Leave a comment

Filed under Authentication, Best Practices, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, Information Governance, Social Media Investigations

Effective Information Governance Requires Effective Enterprise Technology

Information governance is the compilation of policies, processes, and controls enforced and executed with effective technology to manage electronically stored information throughout the enterprise. Leading IT industry research firm Gartner states that “the goal of information governance is to ensure compliance with laws and regulations, mitigate risks and protect the confidentiality of sensitive company and customer data.” A strong, proactive information governance strategy that strikes the balance between under-retention and over-retention of information can provide dramatic cost savings while significantly reducing risk.

However, while policies, procedures and documentation are important, information governance programs are ultimately hollow without consistent, operational execution and enforcement. CIOs and legal and compliance executives often aspire to implement information governance programs like defensible deletion, data migration, and data audits to detect risks and remediate non-compliance. However, without an actual and scalable technology platform to effectuate these goals, those aspirations remain just that. For instance, recent IDG research suggests that approximately 70% of information stored by companies is “dark data” that is in the form of unstructured, distributed data that can pose significant legal and operational risk and cost.

To date, organizations have employed limited technical approaches to try and execute on their information governance initiatives, enduring many struggles. For instance, software agent-based crawling methods are commonly attempted and can cause repeated high user computer resources utilization for each search initiated and network bandwidth limitations being pushed to the limits rendering the approach ineffective. So being able to search and audit across at least several hundred distributed end points in a repeatable and quick fashion is effectively impossible under this approach.

Another tactic attempted by some CIOs to attempt to address this daunting challenge is to periodically migrate disparate data from around the global enterprise into a central location. The execution of this strategy will still leave the end user’s computer needing to be scanned as there is never a moment when all users in the enterprise have just finished this process with no new data created. That means now that both the central repository and the end-points will need to be searched and increasing the complexity and management of the job. Boiling the ocean through data migration and centralization is extremely expensive, highly disruptive, and frankly unworkable as it never removes the need to conduct constant local computer searching, again through problematic crawling methods.

What has always been needed is gaining immediate visibility into unstructured distributed data across the enterprise, through the ability to search and report across several thousand endpoints and other unstructured data sources, and return results within minutes instead of days or weeks. None of the other approaches outlined above come close to meeting this requirement and in fact actually perpetuate information governance failures.

X1 Distributed Discovery (X1DD) represents a unique approach, by enabling enterprises to quickly and easily search across multiple distributed endpoints and data servers from a central location.  Legal and compliance teams can easily perform unified complex searches across both unstructured content and metadata, obtaining statistical insight into the data in minutes, instead of days or weeks. With X1DD, organizations can also automatically migrate, collect, or take other action on the data as a result of the search parameters.  Built on our award-winning and patented X1 Search technology, X1DD is the first product to offer true and massively scalable distributed searching that is executed in its entirety on the end-node computers for data audits across an organization. This game-changing capability vastly reduces costs while greatly mitigating risk and disruption to operations.

X1DD operates on-demand where your data currently resides — on desktops, laptops, servers, or even the Cloud — without disruption to business operations and without requiring extensive or complex hardware configurations. Beyond enterprise eDiscovery and information governance functionality, organizations offer employees at the same time, the award-winning X1 Search, improving productivity while effectuating that all too illusive actual compliance with information governance programs.

1 Comment

Filed under Best Practices, eDiscovery & Compliance, Information Governance, Information Management, Records Management, SharePoint, X1 Search 8