Category Archives: eDiscovery

CaCPA Compliance Requires Effective Investigation and eDiscovery Capabilities

By John Patzakis

The California Consumer Protection Act, (CaCPA ), which will be in full force on January 1, 2020,  promises to profoundly impact major US and global organizations, requiring the overhaul of their data audit, investigation and information governance processes. The CaCPA requires that an organization have absolute knowledge of where all personal data of California residents is stored across the enterprise, and be able to remove it when required. Many organization with a global reach will be under obligations to comply with both the GDPR and CaCPA, providing ample requirement justification to bolster their compliance efforts.

CCPA Image

According to data security and privacy attorney Patrick Burke, who was recently a senior New York State Financial Regular overseeing cybersecurity compliance before heading up the data privacy law practice at Phillips Nizer, CaCPA compliance effectively requires a robust digital investigation capability. Burke, speaking in a webinar earlier this month, noted that under the “CaCPA, California residents can request that all data an enterprise holds on them be identified and also be removed. Organizations will be required to establish a capability to respond to such requests. Actual demonstrated compliance will require the ability to search across all data sources in the enterprise for data, including distributed unstructured data located on desktops and file servers.” Burke further noted that organizations must be prepared to produce “electronic evidence to the California AG, which must determine whether there was a violation of CaCPA…as well as evidence of non-violation (for private rights of action) and of a ‘cure’ to the violation.”

The CaCPA contains similar provisions as the GDPR, which both specify processes and capabilities organizations must have in place to ensure the personal data of EU and California residents is secure, accessible, and can be identified upon request. These common requirements, enumerated below, can only be complied with through an effective enterprise eDiscovery search capability:

  • Data minimization: Under both the CaCPA and the GDPR, enterprises should only collect and retain as little personal data on California residents EU subjects as possible. As an example, Patrick Burke, who routinely advises his legal clients on these regulations, notes that unauthorized “data stashes” maintained by employees on their distributed unstructured data sources is a key problem, requiring companies to search all endpoints to identify information including European phone numbers, European email address domains and other personal identifiable information.
  • Enforcement of right to be forgotten: An individual’s personal data must be identified and deleted on request.
  • Effective incident response: If there is a compromise of personal data, an organization must have the ability to perform enterprise-wide data searches to determine and report on the extent of such breaches and resulting data compromise within seventy-two (72) hours under the GDPR. There are less stringent, but similar CaCPA requirements.
  • Accountability: Log and provide audit trails for all personal data identification requests and remedial actions.
  • Enterprise-wide data audit: Identify the presence of personal data in all data locations and delete unneeded copies of personal data.

Overall, a core requirement of both CaCPA and GDPR compliance is the ability to demonstrate and prove that personal data is being protected, requiring information governance capabilities that allow companies to efficiently produce the documentation and other information necessary to respond to auditors’ requests. Many consultants and other advisors are helping companies establish privacy compliance programs, and are documenting policies and procedures that are being put in place.

However, while policies, procedures and documentation are important, such compliance programs are ultimately hollow without consistent, operational execution and enforcement. CIOs and legal and compliance executives often aspire to implement information governance programs like defensible deletion and data audits to detect risks and remediate non-compliance. However, without an actual and scalable technology platform to effectuate these goals, those aspirations remain just that. For instance, recent IDG research suggests that approximately 70% of information stored by companies is “dark data” that is in the form of unstructured, distributed data that can pose significant legal and operational risks.

To achieve GDPR and CaCPA compliance, organizations must ensure that explicit policies and procedures are in place for handling personal information, and just as important, the ability to prove that those policies and procedures are being followed and operationally enforced. What has always been needed is gaining immediate visibility into unstructured distributed data across the enterprise, through the ability to search and report across several thousand endpoints and other unstructured data sources, and return results within minutes instead of days or weeks. The need for such an operational capability provided by best practices technology is further heightened by the urgency of CaCPA and GDPR compliance.

A link to the recording of the recent webinar “Effective Incident Response Under GDPR and CaCPA”, is available here.

 

Leave a comment

Filed under CaCPA, compliance, Data Audit, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, GDPR, Records Management, Uncategorized

Relativity Product Team Highlights Compelling X1 Integration for ESI Collection

By John Patzakis

Recently we hosted a webinar with Relativity highlighting the very compelling integration of our X1 Distributed Discovery platform with the RelativityOne Collect solution. This X1/Relativity integration enables game-changing efficiencies in the eDiscovery process by accelerating speed to review, and providing an end-to-end process from identification through production.  As stated by Relativity Chief Product Officer Chris Brown: “Our exciting new partnership with X1 highlights our continued commitment to providing a streamlined user experience from collection to production…RelativityOne users will be able to combine X1’s innovative endpoint technology with the performance of our SaaS platform, eliminating the cumbersome process of manual data hand-offs and allowing them to get to the pertinent data in their case – faster.”

blog-relativity-collect-v3

The webinar featured a live demonstration showing X1 quickly collecting data across multiple custodians and seamlessly importing that data into RelativityOne in less than two minutes. Relativity Collect currently supports Office 365 and Slack sources, and this X1 integration will now enable Relativity Collect to also reach emails and files on laptops and file servers. Relativity Senior Product Manager Barry O’Melia commented that the integration with X1 will “greatly streamline eDiscovery process by collapsing the many hand-offs built into current EDRM workflows to provide greater speed and defensibility.”

ComplianceDS President Marc Zamsky, a customer of both X1 and Relativity, recently commented that the “ability to collect directly from custodian laptops and desktops into a RelativityOne workspace without impacting custodians is a game-changer,” which will “reduce collection times from weeks to hours so that attorneys can quickly begin reviewing and analyzing ESI in RelativityOne.”

The live demonstration performed by O’Melia highlighted in real time how the integration improves the enterprise eDiscovery collection and ECA process by enabling a targeted and efficient search and collection process, with immediate pre-collection visibility into custodial data. X1 Distributed Discovery enhances the eDiscovery workflow with integrated culling and deduplication, thereby eliminating the need for expensive and cumbersome electronically stored information (ESI) processing tools. That way, the ESI can be populated straight into Relativity from an X1 collection.

The X1 and Relativity integration addresses several pain points in the existing eDiscovery process. For one, there is currently an inability to quickly search across and access distributed unstructured data in-place, meaning eDiscovery teams have to spend weeks or even months to collect data as required by other cumbersome solutions. Additionally, using ESI processing methods that involve appliances that are not integrated with the collection will significantly increase cost and time delays.

So in terms of the big picture, with this integration providing a complete platform for efficient data search, eDiscovery and review across the enterprise, organizations will save a lot of time, save a lot of money, and be able to make faster and better decisions. When you accelerate the speed to review and eliminate over-collection, you are going to have much better early insight into your data and increase efficiencies on many levels.

A recording of the X1/Relativity integration webinar can be accessed here.

With the ability to search and collect emails and documents across up to thousands of endpoints and network sources with industry-leading speed, X1 Distributed Discovery revolutionizes enterprise eDiscovery. For example, X1 empowers legal and consulting teams to iterate their search parameters in real time before collection, providing a revolutionary true pre-collection early case assessment capability. Additionally, with its intelligent collection capability, X1 performs instantaneous data processing (culling, de-duplication, text and metadata extraction, etc) in a fully automated manner.

And with the integration with Relativity, the X1 platform is even more compelling. As Marc Zamsky exclaimed “My clients are going to love this!”

Leave a comment

Filed under collection, eDiscovery, Preservation & Collection, SaaS, Uncategorized

How Case Teams Can Streamline Collections with X1 in RelativityOne

Editor’s’ Note: This article originally appeared on The Relativity Blog. It is reprinted here in full with permission. 

by Sam Bock on November 07, 2019

Our September 2019 release for RelativityOne debuted some game-changing functionality in the platform. Collect for RelativityOne enables fast, secure, and defensible collections right within the cloud, allowing RelativityOne users to pull data directly from Microsoft Office 365 without ever leaving the platform or Azure.

One of our developer partners—X1joined up with us on building this functionality, bringing their patented technology into Collect to help simplify traditionally complex workflows.

To get a better picture of just what Collect and X1 Distributed Discovery are capable of now that they’ve teamed up, we sat down with X1 Executive Chairman and Chief Legal Officer John Patzakis. Check out the most impactful takeaways from our conversation, and sign up for X1’s upcoming webinar to learn more.

Sam: What makes collection challenging for today’s legal teams?

John: Traditional e-discovery collection methods consist of either unsupervised custodian self-collection or manual services, driving up costs while increasing risk and disruption to business operations. On the other end of the spectrum, endpoint forensic imaging is burdensome, expensive, and not legally required for civil litigation discovery. Additionally, these manual and disjointed efforts are not technically integrated with Relativity, thus requiring multiple hand-offs, which increases risk, expense, and cumbersome project management efforts.

How does your team think creatively to tackle those challenges in the interest of conducting faster, more defensible collections for your customers?

We tackle collection from the enterprise and also enable significant scalability. X1 Distributed Discovery enables enterprises and their service providers to search, assess, and analyze electronically stored information (ESI) across hundreds or even thousands of custodians, enterprise-wide, where the data resides and before collection, with direct upload into Relativity. Instead of the expensive and disruptive “image then stage then process then load into review workspace” process, X1 Distributed Discovery allows for access to ESI where it sits within hours.

What sorts of variables exist in today’s collection workflows, and how does your team accommodate for those differences?

One of the biggest challenges with modern enterprise ESI collection comes from remote employees who only log into the network intermittently. Most network-enabled collection tools require custodians to be on the domain in order to work. However, X1 is architected to feature SSL security certificates—creating secure tunnels that enable collection from custodians wherever they are, including on WiFi in a Starbucks or on a plane.

Another key challenge is email collection. Traditional workflows often require collecting an entire PST email container or Exchange email account back to a central location for processing, identification, and preservation of potentially responsive email messages. This approach involves the transferring and processing of large files, which takes a lot of time, before even beginning to identify individually responsive email messages. Our solution eliminates the need to transfer entire email containers by allowing the identification and collection of individual messages in place on a custodian’s computer.

How is Collect for RelativityOne built to manage modern collections more effectively?

Collect integrates the X1 Distributed Discovery architecture to leverage patented search technology that indexes Microsoft Office 365 data directly on the laptop, desktop, or file server, allowing e-discovery, investigatory, or forensic professionals to globally query thousands of individual endpoints simultaneously. Individual emails and files can be identified by keyword, dates, and other metadata content without having to first retrieve the entire PST or ZIP across the network.

Collecting enterprise ESI can be one of the most daunting parts of the e-discovery process, and X1’s technical integration with RelativityOne seeks to make it less intimidating. The software helps streamline the e-discovery workflow by eliminating expensive and cumbersome processing steps and dramatically increasing speed to review. Collect for RelativityOne provides legal teams with a solution that compresses project timeframes; reduces risk by integrating collection with the rest of Relativity’s suite of features for review and analysis; and creating a repeatable process that helps reduce overall efforts and costs that might otherwise be spent outside of the platform. Additionally, the tight integration between X1’s technology and Relativity provides a unified chain of custody for optimal defensibility.

In short, we’re excited to see how this functionality, built into Relativity’s collection tool, can help revolutionize the current e-discovery process by collapsing the many hand-offs involved in the EDRM into a few short steps manageable by one or two people.

What tips and best practices would you share with a team conducting complex collections? How can they set themselves up for success from the start?

When collecting data, plan your collection criteria carefully. Focus on granular search criteria including file types, data ranges, and other key metadata in addition to detailed Boolean search terms to help your team strategically reduce collection volumes.

Sam Bock is a member of the marketing team at Relativity, and serves as editor of The Relativity Blog.

Leave a comment

Filed under collection, Corporations, eDiscovery, Enterprise eDiscovery, Uncategorized