Category Archives: eDiscovery & Compliance

Dark Data is an Unmet Cyber Security Challenge

By John Patzakis

Enterprises today are creating and storing massive volumes of unstructured, data distributed across the enterprise at a very fast pace. IT experts refer to this data type as “dark data.” Research advisory firm Gartner defines dark data as “the information assets organizations collect, process and store during regular business activities, but generally fail to use for other purposes.” according to Rahul Telang, professor of information systems at Carnegie Mellon University, “[o]ver 90% of the data in business is dark data.”

Dark data exists due to organizational silos and a highly distributed and mobile workforce, a trend that proliferated during the COVID pandemic and has now solidified as the new normal. As a result, there is a proliferation of unmanaged data stored in file shares, laptops, unarchived email accounts, shared cloud drives such as OneDrive and Dropbox and many other repositories. According to Anthony Juliano, CTO of Landmark Ventures, “dark data is exploding rapidly with the dissolution of the perimeter; it’s a largely unaddressed risk vector. A vast majority of the CIOs and CISOs I speak with are now prioritizing solving this problem not only going forward, but also backwards – and it’s not easy.”

Cyber security platforms generally have a good handle on perimeter integrity, encryption, and other key priorities such as zero day network attacks and malware. However, while these measures are clearly important, distributed dark data is largely a blind spot for cybersecurity tech, and as such organizations have very little visibility into the content of such data. GDPR, CCPA and other recent privacy regulatory requirements add increased urgency to this challenge.

CISOs and legal and compliance executives often aspire to implement information governance and security programs like defensible deletion, data migration, and data audits across their unstructured data to detect risks and remediate non-compliance. However, without an actual and scalable technology platform to effectuate these goals, those aspirations remain just that.

One tactic attempted by some CIOs to attempt to address this daunting challenge is to periodically migrate disparate data from around the global enterprise into a central location, such as an archiving platform. But boiling the ocean through data migration and centralization is extremely expensive, highly disruptive, and frankly unworkable for numerous reasons. While such a concept may seem like a good idea when drawn up on the whiteboard, originations quickly learn that you cannot just migrate hundreds of terabytes of distributed dark data to an archive, mainly due to network bandwidth and other logistical constraints, as well as the reality that you are merely copying and duplicating the data being migrated, which actually makes the situation worse.

Another tactic is data loss prevention (DLP). Again, this approach is thwarted by the new normal of a distributed, global workforce. Additionally, DLP tools are traditionally hampered by an inability to have deep content insight to unstructured data, resulting in false positives, inaccurate classification and unacceptable disruption to employee and business workflows.

What has always been needed is gaining immediate visibility into unstructured distributed data across the enterprise in-place, through the ability to search and report across several thousand endpoints, file shares and other unstructured data sources, and return results within minutes instead of days or weeks. None of the other approaches outlined above come close to meeting this requirement and in fact actually perpetuate information security and governance failures.

Born and bred to address global eDiscovery challenges, X1 Enterprise platform (X1E) represents a unique approach to dark data, by enabling enterprises to quickly and easily search across multiple distributed endpoints and data servers in place through a true distributed, parallelized computing architecture. Legal, security and compliance teams can easily perform unified complex searches across both unstructured content and metadata, obtaining statistical insight into the data in minutes, instead of days or weeks. With X1E, organizations can also automatically migrate, collect, or take other action on the data as a result of the search parameters. Built on our award-winning and patented X1 Search technology, X1E is the first product to offer true and massively scalable distributed searching that is executed in its entirety on the end-node computers for data audits across an organization. This game-changing capability vastly reduces costs while greatly mitigating risk and disruption to operations.

Leave a comment

Filed under CaCPA, Cyber security, eDiscovery & Compliance, GDPR, Information Governance, Information Management

eDiscovery Services Are Undergoing a Major Transformation

By John Patzakis

Recent research from industry analyst Greg Buckles at the eDiscovery Journal highlights soaring valuations for eDiscovery tech firms.  For the first time in the history of the industry, multiple eDiscovery tech firms have gone public in a single year, and by my count, there are at least seven tech “Unicorns” (a company with at least a billion dollar valuation) in the space. Relativity leads the way with at least a $3.6 billion valuation based upon their latest financing.

Yet while technology-based providers are seeing escalating valuations, valuations and M&A activity for pure services firms are conversely softening. This is because tech automation is finally catching up to this space. Traditional eDiscovery services typically involve manual collection, followed by manual on-premise hardware-based processing, and finally manual upload to review. These inefficiencies extend projects by often weeks while dramatically increasing cost and risk with many manual data handoffs. However, the first half of the EDRM involving collection and processing are now far more automated than they were even a few years ago. For instance, the one aspect of eDiscovery tech that is actually seeing decreasing usage and revenues are standalone processing appliances. This is because these tools are dependent upon the efficient manual services model prior to ingestion and also post import.

However, the latest in eDiscovery collection technologies will now combine targeted collection with previously manual processing steps that are performed “on the fly” and in the background so that the data is automatically collected, processed and uploaded into a review platform such as Relativity in one fell swoop. Better yet, processing is now free with RelativityOne. The automation Relativity is engineering, including with their integration with X1, along with innovations by other review platforms, is rendering traditional eDiscovery processing tech obsolete, along with manual collection and processing services. The purchasers of eDiscovery services and software have clearly noticed and are demanding adaptation from vendors.  

So how can services firms adapt to the inevitable? Here are few strategies:

First, services firms should move upstream to focus on information governance and privacy consulting. The new generation of eDiscovery technology enables convergence with privacy (i.e. GDPR compliance) information security and many other information governance use cases. This convergence requires high-end strategic consulting to bring these processes together and operationalize them. This also enables services firms to develop direct and ongoing relationships with corporate law departments, IT and other key corporate stakeholders.

Second, data analytics consulting, which is already a prominent offering by many firms, is ripe for further expansion. This is because analytics for eDiscovery is becoming more advanced and user friendly, and thus is able to be applied across the eDiscovery workflow, including pre-collection analytics and information governance.

Third, services firms should find ways to develop or otherwise acquire their own differentiating tech or establish meaningful partnerships with tech platform providers. These partnerships should entail more than merely using the software, but the development of proprietary workflows or even technical integrations that enable unique service offerings.

At the end of the day, eDiscovery is a technical process that is subject to technology disruption just like any other technology-based services industry. eDiscovery services firms that not only adapt to but embrace this change as a strategic opportunity will be the ones who prosper the most.

Leave a comment

Filed under Best Practices, eDiscovery, eDiscovery & Compliance, GDPR, Information Governance, Preservation & Collection, Uncategorized

On TAP: Targeted, Automated, and Proportional Collection for Modern e-Discovery

By John Patzakis

Proportionality is now the hottest legal issue in the area of eDiscovery, with the largest number of eDiscovery-related cases in the past year addressing the subject. eDiscovery attorney Kelly Twigger leads a team who produced an excellent analysis of 2020 case law, noting “a big jump to 889 in 2020” of cases addressing proportionality, “which represented nearly a third (31%) of all (eDiscovery) case law decisions last year.” The report notes that “[p]roportionality arguments have become a weapon in arguing scope of discovery and the sharp rise in disputes has illustrated the need for more systematic and standardized approaches to assessing proportionality in cases today.” 

Proportionality-based eDiscovery is a goal that all judges and corporate attorneys want to attain. Under Federal Rule of Civil Procedure 26(b)(1), parties may discover any non-privileged material that is relevant to any party’s claim or defense and proportional to the needs of the case. Lawyers that take full advantage of the proportionality rule can greatly reduce cost, time and risk associated with otherwise inefficient eDiscovery.

Proportionality is getting a further boost as George Washington University Law School is developing an important proportionality benefit-and-burden model that provides a practical structure for assessing claims of proportionality. The model features a heat map mechanism to identify relevant custodians and data sources to enable a more objective application of proportionality, thereby facilitating negotiations and better informing the bench.

The GW Law model is much needed, as while there is keen awareness of proportionality in the legal community, attaining the benefits requires the ability to operationalize workflows as far upstream in the eDiscovery process as possible. For instance, when you’re engaging in data over-collection, which in turn runs up of a lot of human time and processing costs, the ship has largely sailed before you are able to perform early case assessments and data relevancy analysis, as much of the discovery costs have already been incurred at that point. The case law and the Federal Rules provide that the duty to preserve only applies to potentially relevant information, but unless you have the right operational processes in place, you’re losing out on the ability to attain the benefits of proportionality.

An example of a process that effectively applies proportionality on an operational basis would be an iterative exercise to identify relevant custodians, their data sources, applicable data ranges, file types and agreed upon keywords, following the process outlined in  McMaster v. Kohl’s Dep’t Stores, Inc., No. 18-13875 (E.D. Mich. July 24, 2020), and collect only the data that is responsive to this specific criteria. The latest enterprise collection tech from Relativity and X1 enable such detailed and proportional criteria to be applied in-place, at the point of collection. This reduces the data volume funnel by as much as 98 percent from over-collection models, yet with increased transparency and compliance. In other words, a collection process that targeted, automated and proportional, instead of one that is overbroad and manual.

To learn more about these concepts, please tune in on April 13, where attorney David Horrigan of Relativity and Mandi Ross of Prism Litigation Technology will be leading a webinar to discuss the legal and operational considerations and benefits of proportionality. The webinar will also feature a live exercise performing a pre-collection proportionality analysis on remote employee data. You can register here.

Leave a comment

Filed under Best Practices, Case Law, ECA, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, ESI, law firm, Preservation & Collection, proportionality

Meeting Modern Discovery Demands with RelativityOne Collect and X1

By John Patzakis

As we’ve all heard time and again, 2020 was a transformative year—and in our space, it has had a huge impact and really changed the way people work.

With widespread teams, evolving data types, growing data volumes, and deadlines getting shorter—well, the entire e-discovery process has the potential to spiral out of control.

But not for those who are well prepared to meet these modern challenges.

Here at X1, we’ve been working hard on giving modern organizations the technology they need to get data identified, collected, and ingested with maximum effectiveness for years. Now, with X1 integrated into RelativityOne via RelativityOne Collect, users of the industry-leading SaaS e-discovery platform can accomplish this in more targeted and faster ways than ever before.

Let’s take a look at what this integration means, and why it offers non-negotiable capabilities to today’s legal teams.

A Remote Workforce

Work from home has rapidly accelerated and will likely not dramatically reverse in the foreseeable future. Many of us will continue to work remotely for months to come—or perhaps permanently.

These trends were already ramping up, but 2020 hammered the accelerator on telecommuting and remote working. According to Global Workplace Analytics, before the COVID-19 pandemic, just 3.6 percent of US workers worked from home multiple days a week. That number is now estimated at 25-30 percent.

This may be a boon for work-life balance, but it poses big complications for data collection in response to litigation and investigations. Historically, this process has required disk imaging or other methods that often prompted collections to be performed in person. In a shared office, that might be easy to accomplish (in fact, it might be too easy, resulting in vast over-collections of data in many cases). But with everyone working from home and confronted by concerns about social distancing, travel restrictions, and possible quarantines, it quickly became untenable last year.

Thanks to those circumstances and the increased use of the cloud for data storage, demand for web-enabled collections is up—by a lot.

RelativityOne Collect gives legal teams the ability to index and search on data in place, analyze the contents of a data source, and categorize data quickly to identify what warrants collection and what can be eliminated—all before it’s pulled from the source and brought into a workspace, and from anywhere. Previously, RelativityOne Collect was able to directly connect with Office 365 and Slack sources to perform these remote collections; with the integration of X1’s innovative endpoint technology, Collect can now gather data from additional sources like email and files on laptops, servers, or network locations.

Then, the targeted data is seamlessly imported into Relativity—no extra processing, downloads, uploads, or risky data hand-offs required.

This means a streamlined process that can be performed from anywhere, on multiple custodians at a time, and across many of the most common data sources. Forward-thinking teams are saying goodbye to cumbersome and expensive ESI collection and processing tools in favor of this bright new world.

Proportional Data Decisions

Another trend that began to take hold over the last decade is the move toward targeted collections. Gone are the days when full disk imaging was standard practice. Today’s sources are far too densely packed with data to assume everything needs to be captured for every matter. Over-collecting means not just increased costs for data storage on your matters, but huge amounts of time wasted on reviewing unnecessary documents—and all of this adds up to proportionality violations.

The courts agree: Complete disk imaging is by and large unwarranted in civil litigation. (In particular, see Diepenhorst v. City of Battle Creek.)

Instead, what is needed is a middle ground approach in the form of a targeted, automated, and remote collection that provides documentation for defensibility and an emphasis on speed to review.

With traditional processes, there is an inability to quickly and remotely search across and access distributed unstructured data in-place. e-Discovery teams may end up spending weeks or more collecting data, with traditional workflows taking as long as 30 days to complete before data is available for review.

In addition to putting deadlines and case strategy efforts in jeopardy, these delays can increase the risk of errors and security vulnerabilities as data is moved between systems and team members rush to get things done. With X1 endpoint collections integrated into Collect, data can be accessed, searched upon, culled, and ingested directly into your review workspace with no go-betweens required—so your targeted data sets are defensible and in good hands from start to finish. Oh, and that 30 days is cut down to mere hours.

This enables much needed efficiencies in the e-discovery process in the face of growing data volumes, widespread teams and data sources, and diversified data types, because you can target which data you bring into your workspace before it’s published (and have detailed reports on those decisions to back up your final collection). You’ll see benefits not just in greater speed to review, but also greater speed in review, because you’ve eliminated a lot of inefficiencies from the get-go. Plus, you’re protecting potentially privileged or secret information that doesn’t need to be pulled into a project in the first place.

Process Democratization

Finally, there’s a third evolving trend in the collection space. For a long time, there has been a perception that doing collections is difficult, and requires a lot of specialized training or certifications. With the proliferation of the cloud and new data sources, however, this has started to shift. Most e-discovery cases do not require collection by a certified forensics examiner, especially since not every drive needs to be imaged. Instead, as the industry has moved more toward targeted collections, the accessibility of the process has greatly improved.

Additionally, today’s legal teams are under great pressure to do more with less—less money, less time, and less help. As a result, they need to be empowered to perform some collections themselves even if they don’t have that highest degree of training and expertise. Fortunately, cases using targeted e-discovery collections and collections from cloud sources don’t generally require such extensive training.

When organizations are given the tools to do some of this work internally, they can save forensic resources for when they’re truly needed (on really hairy or dicey matters).

RelativityOne Collect’s easy-to-use interface lets any individual perform those type of targeted e-discovery and cloud collections with minimal training. And as a growing number of organizations are experiencing a greater need to remotely collect from computer endpoints as well, Relativity and X1 have partnered to build an integration to help in-house teams do that, too. 

So, while numerous courts have held that custodian self-collection is simply not defensible, capable and well-equipped legal teams can and do collect data from custodians in a defensible and secure manner. Then, those same team members can take what they’ve learned from this at-a-glance view of the origins of their data sets, and bring that knowledge to the rest of the e-discovery or investigation project.

The result is streamlined, end-to-end e-discovery in a single, secure, and easy-to-use platform.

And we will be demonstrating this integration live on our February 24 joint webinar with Relativity: “RelativityOne Collect and X1: Streamlining the Global Collection Process.” Please join us by registering here.

This blog post is also prominently featured on the Relativity blog site here.

Leave a comment

Filed under eDiscovery & Compliance, Enterprise eDiscovery, Information Management, law firm, Preservation & Collection

Architecting a New Paradigm in Legal Governance

By Michael Rasmussen

Editor’s note: Today we are featuring a guest blog post from Michael Rasmussen, the GRC Pundit & Analyst at GRC 20/20 Research, LLC.

Exponential growth and change in business strategy, risks, regulations, globalization, distributed operations, competitive velocity, technology, and business data encumbers organizations of all sizes. Gone are the years of simplicity in business operations.

Managing the complexity of business from a legal and privacy perspective, governing information that is pervasive throughout the organization, and keeping continuous business and legal change in sync is a significant challenge for boards, executives, as well as the legal professionals in the legal department. Organizations need an integrated strategy, process, information, and technology architecture to govern legal, meet legal commitments, and manage legal uncertainty and risk in a way that is efficient, effective, and agile and extends into the broader enterprise GRC architecture.

In my previous blog, Operationalizing GRC in Context of Legal & Privacy: The Last Mile of GRC, I began this discussion, and here I aim to expound on it further from a legal context.

Legal today is more than legal matters, actions, and contracts. Today’s legal organization has to respond to incident/breach reporting and notification laws in a timely and compliant manner, respond to Data Subject Access Requests (DSAR), harmonize and monitor retentions obligations, conduct eDiscovery, manage legal holds on data, and continuously monitor regulations and legislation and apply them to a business context.

In today’s global business environment, a broad spectrum of economic, political, social, legal, and regulatory changes are continually bombarding the organization. The organization continues to see exponential growth of regulatory requirements and legal obligations (often conflicting and overlapping) that must be met, which multiply as the organization expands global operations, products, and services. This requires an integrated approach to legal governance, risk management, and compliance (GRC) with a goal to reliably achieve objectives while addressing uncertainty and act with integrity.[1] This includes adherence to mandatory legal requirements and voluntary organizational values and the boundaries each organization establishes. The legal department, with responsibility for understanding matter management, issue identification, investigations, policy management, reporting and filing, legal risk, and the regulatory obligations faced by the organization, is a critical player in GRC (what is understood as Enterprise or Integrated GRC), as well as improving GRC within the legal function itself.

A successful legal management information architecture will be able to connect information across risk management and business systems. This requires a robust and adaptable legal information architecture that can model the complexity of legal information, discovery, transactions, interactions, relationship, cause and effect, and the analysis of information, which can integrate and manage a range of business systems and external data. Key to this information architecture is a clear data inventory and map of information that informs the organization of what data it has, who in the organization owns it, what regulatory retention obligations are attached to it, and what third parties have access to it. This is a fundamental requirement for applying process and effectively operationalizing an organization’s GRC activities, as detailed in the previous blog.

There can and should be an integrated technology architecture that extends GRC technology and operationalizes it in a legal and privacy context. This connects the fabric of the legal processes, information, discovery, and other technologies together across the organization. This is a hub of operationalizing GRC and requires that it be able to integrate and connect with a variety of other business systems, such as specialized legal discovery solutions and integrate with broader enterprise GRC technology.

The right technology architecture choice for an organization involves the integration of several components into a core enterprise GRC and Legal GRC architecture – which can facilitate the integration and correlation of legal information, discovery, analytics, and reporting. Organizations suffer when they take a myopic view of GRC technology that fails to connect all the dots and provide context to discovery, business analytics, objectives, and strategy in the real-time that a business operates in. 

Extending and operationalizing GRC processes and technology in context of legal and privacy enables the organization to use its resources wisely to prevent undesirable outcomes and maximize advantages while striving to achieve its objectives. A key focus is to provide legal assurance that processes are designed to mitigate the most significant legal issues and are operating as designed. Effective management of legal risk and exposure is critical to the board and executive management, who need a reliable way to provide assurance to stakeholders that the enterprise plans to both preserve and create value. Mature GRC enables the organization to weigh multiple inputs from both internal and external contexts and use a variety of methods to analyze legal risk and provide analytics and modeling.


[1] This is the OCEG definition of GRC.

Leave a comment

Filed under Best Practices, CaCPA, eDiscovery & Compliance, GDPR, Information Governance, Information Management, Uncategorized