Lighthouse Blog

Below is a copy of a featured article written by Kimberly Quan of Juniper Networks and John Del Piero of Lighthouse for Bloomberg Law.Whether it's Teams, Slack, Zendesk, GChat, ServiceNow, or similar solutions that have popped up in the market over the last few years, collaboration and workflow platforms have arrived. According to Bloomberg Law's 2020 Legal Technology Survey, collaboration tools are being used by 77% of in-house and 44% of law firm attorneys. These tools are even more widely used by workers outside of the legal field.With many companies planning to make remote working a permanent fixture, we can expect the existing collaboration tools to become even more entrenched and new competitors to arrive on the scene with similarly disruptive technologies.This will be a double-edged sword for compliance and in-house legal teams, who want to encourage technology that improves employee productivity, but are also wary of the potential information governance and eDiscovery risks arising because of these new data sources. This article explains the risks these tools can pose to organizations and provides a three-step approach to help mitigate those risks.Understand Litigation and Investigation RiskThe colloquial and informal nature of collaborative tools creates inherent risk to organizations, much like the move from formal memos to email did 20 years ago. Communications that once occurred orally in the office or over the phone are now written and tracked, logged, and potentially discoverable. However, a corporation's ability to retain, preserve, and collect these materials may be unknown or impossible, depending on the initial licensing structure the employee or the company has entered into or the fact that many new tools do not include features to support data retention, preservation, or collection.Government agencies and plaintiffs’ firms have an eye on these new applications and platforms and will ask specifically about how companies and even individual custodians use them during investigations and litigations. Rest assured that if a custodian indicates during an interview or deposition that she used the chat function in a tool like Teams or Slack, for example, to work on issues relevant to the litigation, opposing counsel will ask for those chat records in discovery. Organizations can mitigate the risk of falling down on their eDiscovery obligations because of the challenges posed bycollaboration tool data using this three-step approach:Designate personnel in information technology (IT) and legal departments to work together to vet platforms and providers.Develop clear policies that are regularly reviewed for necessary updates and communicated to the platform users.Ensure internal or external resources are in place to monitor the changes in the tools and manage associated retention, collection, and downstream eDiscovery issues.Each of these steps is outlined further below.Designate IT & Legal Personnel to Vet Platforms and Providers‍Workers, especially those in the tech industry, naturally want to be free to use whatever technology allows them to effectively collaborate on projects and quickly share information.However, many of these tools were not designed with legal or eDiscovery tasks in mind, and therefore can pose challenges around the retention, preservation and collection of the data they generate.Companies must carefully vet the business case for any new collaboration tool before it is deployed. This vetting process should entail much more than simply evaluating how well the tool or platform can facilitate communication and collaboration between workers. It also involves designating personnel from both legal and IT to work together to evaluate the eDiscovery and compliance risks a new tool may pose to an organization before it is deployed.The importance of having personnel from both legal and IT involved from the outset cannot be understated. These two teams have different sets of priorities and can evaluate eDiscovery risks from two different vantage points. Bringing them together to vet a new collaboration tool prior to deployment will help to ensure that all information governance and eDiscovery downstream effects are considered and that any risks taken are deliberate and understood by the organization in advance of deployment. This collaborative team can also ensure that preservation and discovery workflows are tested and in place before employees begin using the tool.Once established, this dedicated collaborative IT and legal team can continue to serve the organization by meeting regularly to stay abreast of any looming legal and compliance risks related to data generation. For example, this type of team can also evaluate the risks around planned organizational technology changes, such as cloud migrations, or develop workflows to deal with the ramifications of the near-constant stream of updates that roll out automatically for most cloud-based collaborative tools.Develop Clear Policies That Are Regularly Reviewed‍The number of collaborative platforms that exist in the market is ever evolving, and it is tempting for organizations to allow employees to use whatever tool makes their work the easiest. But, as shown above, allowing employees to use tools that have not been properly vetted can create substantial eDiscovery and compliance risks for the organization.Companies must develop clear policies around employee use of collaborative platforms in order to mitigate those risks. Organizations have different capabilities in restricting user access to these types of platforms. Historically, technology companies have embraced a culture where innovation is more important than limiting employees’ access to the latest technology. More regulated companies, like pharmaceuticals, financial services, and energy companies, have tended to create a more restrictive environment. One of the most successful approaches, no matter the environment or industry, is to establish policies that restrict implementation of new tools while still providing users an avenue to get a technology approved for corporate use after appropriate vetting.These policies should have clear language around the use of collaboration and messaging tools and should be frequently communicated to all employees. They should also be written using language that does not require updating every time anew tool or application is launched on the market. For instance, a policy that restricts the work-related use of a broad category of messaging tools, like ephemeral messaging applications, also known as self-destructing messaging applications, is more effective than a policy that restricts the use of a specific application, like Snapchat. The popularity of messaging tools can change every few months, quickly leading to outdated and ineffective policies if the right language is not used.Make sure employees not only understand the policy, but also understand why the policy is in place. Explain the security, compliance, and litigation-related risks certain types of applications pose to the organization and encourage employees to reach out with questions or before using a new type of technology.Further, as always with any policy, consider how to audit and police its compliance. Having a policy that isn't enforced issometimes worse than having no policy at all.Implement Resources to Manage Changes in Tools‍Most collaboration tools are cloud-based, meaning technology updates can roll out on a near-constant basis. Small updates and changes may roll out weekly, while large systemic updates may roll out less frequently but include hundreds of changes and updates. These changes may pose security, collection, and review challenges, and can leave legal teams unprepared to respond to preservation and production requests from government agencies or opposing counsel. In addition, this can make third-party tools on which companies currently rely for specific retention and collection methodologies obsolete overnight.For example, an update that changes the process for permissions and access to channels and chats on a collaborative platform like Teams may seem like a minor modification. However, if this type of update is rolled out without legal and IT team awareness, it may mean that employees who formerly didn't have access to a certain chat function may now be able to generate discoverable data without any mechanism for preservation or collection in place.The risks these updates pose mean that is imperative for organizations to have a framework in place to monitor and manage cloud-based updates and changes. How that framework looks will depend on the size of the organization and the expertise and resources it has on hand. Some organizations will have the resources to create a team solely dedicated to monitoring updates and evaluating the impact of those updates. Other organizations with limited internal access to the type of expertise required or those that cannot dedicate the resources required for this task may find that the best approach is to hire an external vendor that can perform this duty for the organization.When confronted with the need to collect, process, review, and produce data from collaboration tools due to an impending litigation or investigation, an organization may find it beneficial to partner with someone with the expertise to handle the challenges these types of tools present during those processes. Full-scale, cloud-based collaboration tools like Microsoft Teams and Slack are fantastic for workers because of their ability to combine almost every aspect of work into a single, integrated interface. Chat messaging, conference calling, calendar scheduling, and group document editing are all at your fingertips and interconnected within one application. However, this aspect is precisely why these tools can be difficult to collect, review, and produce from an eDiscovery perspective.With platforms like Teams, several underlying applications, such as chat, video calls, and calendars, are now tied together through a backend of databases and repositories. This makes a seemingly simple task like “produce by custodian” or “review a conversation thread” relatively difficult if you haven't prepared or are not equipped to do so. For example, in Teams communications such as chat or channel messages, when a user sends a file to another user, the document that is attached to the message is no longer the static, stand-alone file.Rather, it is a modern attachment, a link to the document that resides in the sender's OneDrive. This can beg questions as to which version was reviewed by whom and when it was reviewed. Careful consideration of versioning and all metadata and properties will be of the utmost importance during this process, and will require someone on board who understands the infrastructure and implications of those functions.The type of knowledge required to effectively handle collection and production of data generated by the specific tools an organization uses will be extremely important to the success of any litigation or investigation. Organizations can begin planning for success by proactively seeking out eDiscovery vendors and counsel that have experience and expertise handling the specific type of collaboration tools that the organization currently uses or is planning on deploying. Once selected, these external experts can be engaged early, prior to any litigation or investigation, to ensure that eDiscovery workflows are in place and tested long before any production deadlines.ConclusionCloud-based collaboration tools and platforms are here to stay. Their ability to allow employees to communicate and collaborate in real time while working in a remote environment is becoming increasingly important in today's world. However, these tools inherently present eDiscovery risks and challenges for which organizations must carefully prepare. This preparation includes properly vetting collaboration tools and platforms prior to deploying them, developing and enforcing clear internal policies around their use, monitoring all system updates and changes, and engaging eDiscovery experts early in the process.With proper planning, good collaboration between IT and legal teams and expert engagement, organizations can mitigate the eDiscovery risks posed by these tools while still allowing employees the ability to use the collaboration tools that enable them to achieve their best work.Reproduced with permission. Published March 2021. Copyright © 2021 The Bureau of National Affairs, Inc.800.372.1033. For further use, please contact permissions@bloombergindustry.com.chat-and-collaboration-data; ediscovery-review; microsoft-365emerging-data-sources, blog, corporate, chat-and-collaboration-data, ediscovery-review, microsoft-365,emerging-data-sources; blog; corporatebloomberg law

Big data can mean big problems in the ediscovery and compliance world – and those problems can be exponentially more complicated when personal data is involved. Sifting through terabytes of data to ensure that all personal information is identified and protected is becoming an increasingly more painstaking and costly process for attorneys today.Fortunately, advances in artificial intelligence (AI) and analytics technology are changing the landscape and enabling more efficient and accurate detection of personal information within data. Recently, I was fortunate enough to gather a panel of experts together to discuss how AI is enabling legal professionals in the ediscovery, information governance, and compliance arenas to identify personal protected information (PII) and personal health information (PHI) more quickly within large datasets. Below is a summary of our discussion, along with some helpful tips for leveraging AI to detect personal information.Current Methods of Personal Data Identification Similar to the slower adoption of AI and analytics to help with the protection of attorney-client privilege information (compared to the broader adoption of machine learning to identify matter relevant documents), the legal profession has also been slow to leverage technology to help identify and protect personal data. Thus, the identification of personal data remains a very manual and reactive process, where legal professionals review documents one-by-one on each new matter or investigation to find personal information that must be protected from disclosure.This process can be especially burdensome for pharmaceutical and healthcare industries, as there is often much more personal information within the data generated by those organizations, while the risk for failing to protect that information may be higher due to healthcare-specific patient privacy regulations like HIPAA.How Advances in AI Technology Can Improve Personal Data Identification There are a few ways in which AI has advanced over the last few years that make new technology much more effective at identifying personal data:Analyzing More Than Text: AI technology is now capable of analyzing more than just the simple text of a document. It can now also analyze patterns in metadata and other properties of documents, like participants, participant accounts, and domain names. This results in technology that is much more accurate and efficient at identifying data more likely to contain personal information.Leveraging Past Work Product: Newer technology can now also pull in and analyze the coding applied on previous reviews without disrupting workflows in the current matter. This can add incredible efficiency, as documents previously flagged or redacted for personal information can be quickly removed from personal information identification workflows, thus reducing the need for human review. The technology can also help further reduce the amount of attorney review needed at the outset of each matter, as it can use many examples of past work product to train the algorithms (rather than training a model from scratch based on review work in the current matter).Taking Context into Account: Newer technology can now also perform a more complicated analysis of text through algorithms that can better assess the context of a document. For example, advances in Natural Language Processing (NLP) and machine learning can now identify the context in which personal data is often communicated, which helps eliminate previously common false hits like mistakenly flagging phone numbers as social security numbers, etc.Benefits of Leveraging AI and Analytics when Detecting Sensitive DataArguably the biggest benefit to leveraging new AI and analytics technology to detect personal information is cost savings. The manual process of personal information identification is not only slower, but it can also be incredibly expensive. AI can significantly reduce the number of documents legal professionals would need to look through, sometimes by millions of documents. This can translate into millions of dollars in review savings because this work is often performed by legal professionals who are billed at an hourly rate.Not only can AI utilization save money on a specific matter, but it can also be used to analyze an entire legal portfolio so that legal professionals have an accurate sense of where (and how much) personal information resides within an organization’s data. This knowledge can be invaluable when crafting burden arguments for upcoming matters, as well as to better understand the potential costs for new matters (and thus help attorneys make more strategic case decisions).Another key benefit of leveraging AI technology is the accuracy with which this technology can now pinpoint personal data. Not only is human review much less efficient, but it can also lead to mistakes and missed information. This increases the risk for healthcare and pharmaceutical organizations especially, who may face severe penalties for inadvertently producing PHI or PII (particularly if that information ends up in the hands of malevolent actors). Conducting quality control (QC) with the assistance of AI can greatly increase the accuracy of human review and ensure that organizations are not inadvertently producing individuals’ personal information. Best Practices for Utilizing AI and Analytics to Identify Personal DataPrepare in Advance: AI technology should not be an afterthought. Before you are faced with a massive document production on a tight deadline, make sure you understand how AI and analytics tools work and how they can be leveraged for personal data identification. Have technology providers perform proof of concept (POC) analyses with the tools on your data and demonstrate exactly how the tools work. Performing POCs on your data is critical, as every provider’s technology demos well on generic data sets. Once you have settled on the tools you want to use within your organization, ensure your team is trained well and is ready to hit the ground running. This will also help ensure that the technology you choose fits with your internal systems and platforms.Take a Global Team Approach: Prior to leveraging AI and analytics, spend some time working with the right people to define what PII and PHI you have an obligation to identify, redact, or anonymize. Not all personal information will need to be located or redacted on every matter or in every jurisdiction, but defining that scope early will help you leverage the technology for the best use cases.Practice Information Governance: Make sure your organization is maintaining proper control of networks, keeping asset lists up to date, and tracking who the business and technical leads are for each type of asset. Also, make sure that document retention policies are enforced and that your organization is maintaining controls around unstructured data. In short, becoming a captain of your content and running a tight ship will make the entire process of identifying personal information much more efficient.Think Outside the Box: AI and analytics tools are incredibly versatile and can be useful in a myriad of different scenarios that require protecting personal information from disclosure. From data breach remediation to compliance matters, there is no shortage of circumstances that could benefit from the efficiency and accuracy that AI can provide. When analyzing a new AI tool, bring security, IT, and legal groups to the table so they can see the benefits and possibilities for their own teams. Also, investigate your legal spend and have other teams do the same. This will give you a sense of how much money you are currently spending on identifying personal information and what areas can benefit from AI efficiency the most.If you’re interested in learning more about how to leverage AI and analytic technology within your organization or law firm, please see my previous articles on how to build a business case for AI and win over AI naysayers within your organization.To discuss this topic more or to learn how we can help you make an apples-to-apples comparison, feel free to reach out to me at RHellewell@lighthouseglobal.com.data-privacy; ai-and-analyticsai-and-analytics, microsoft-365analytics; data-privacy; ai-big-data; bloglighthouse

Identifying attorney-client privilege is one of the most costly and time-consuming processes in eDiscovery. Since the dawn of the workplace email, responding to discovery requests has had legal teams spending countless hours painstakingly searching through millions of documents to pinpoint attorney-client and other privileged information in order to protect it from production to opposing parties. As technology has improved, legal professionals have gained more tools to help in this process, but inevitably, it still often entails costly human review of massive amounts of documents.What if there was a better way? Recently, I had the opportunity to gather a panel of eDiscovery experts to discuss how advances in AI and analytics technology now allow attorneys to identify privilege more efficiently and accurately than previously possible. Below, I have summarized our discussion and outlined how legal teams can leverage advanced AI technology to reinvent the model for detecting attorney-client privilege.Current Methods of Privilege Identification Result in Over IdentificationCurrently, the search for privileged information includes a hodgepodge of different technology and workflows. Unfortunately, none of them are a magic bullet and all have their own drawbacks. Some of these methods include:Privilege Search Terms: The foundational block of most privilege reviews involves using common privilege search terms (“legal,” “attorney,” etc.) and known attorney names to identify documents that may be privileged, and then having a review team painstakingly re-review those documents to see if they do, in fact, contain privileged information.‍Complex Queries or Scripts: This method builds on the search term method by weighting the potential privilege document population into ‘tiers’ for prioritized privilege review. It sometimes uses search term frequency to weigh the perceived risk that a document is privileged.‍Technology Assisted Review (TAR): The latest iteration of privilege identification methodologies involves using the TAR process to try to further rank potential privilege populations for prioritized review, allowing legal teams to cut off review once the statistical likelihood of a document containing privilege information reaches a certain percentage.Even applied together, all these methodologies are only just slightly more accurate than a basic privilege search term application. TAR, for example, may flag 1 out of every 4 documents as privilege, instead of the 1 out of every 5 typically identified by common privilege search term screens. This result means that review teams are still forced to re-review massive amounts of documents for privilege.The current methods tend to over-identify privilege for two very important reasons: (1) they rely on a “bag of words” approach to privilege classification, which removes all context from the communication; (2) they cannot leverage non-text document features, like metadata, to evaluate patterns within the documents that often provide key contextual insights indicating a privileged communication.How Can Advances in AI Technology Improve Privilege Identification MethodsAdvances in AI technology over the last two years can now make privilege classification more effective in a few different ways:Leveraging Past Work Product: Newer technology can pull in and analyze the privilege coding that was applied on previous reviews, without disrupting the current review process. This helps reduce the amount of attorney review needed from the start, as the analytics technology can use this past work product rather than training a model from scratch based on review work in the current matter. Often companies have tens or even hundreds of thousands of prior privilege calls sitting in inactive or archived databases that can be leveraged to train a privilege model. This approach additionally allows legal teams to immediately eliminate documents that were identified as privileged in previous reviews.Analyzing More Than Text: Newer technology is also more effective because it now can analyze more than just the simple text of a document. It can also analyze patterns in metadata and other properties of documents, like participants, participant accounts, and domain names. For example, documents with a large number of participants are much less likely to contain information protected by attorney-client privilege, and newer technology can immediately de-prioritize these documents as needing privilege review.Taking Context into Account: Newer technology also has the ability to perform a more complicated analysis of text through algorithms that can better assess the context of a document. For example, Natural Language Processing (NLP) can much more effectively understand context within documents than methods that focus more on simple term frequency. Analyzing for context is critical in identifying privilege, particularly when an attorney may just be generally discussing business issues vs. when an attorney is specifically providing legal advice.Benefits of Leveraging Advances in AI and Analytics in Privilege ReviewsLeveraging the advances in AI outlined above to identify privilege means that legal teams will have more confidence in the accuracy of their privilege screening and review process. This technology also makes it much easier to assemble privilege logs and apply privilege redactions, not only to increase efficiency and accuracy, but also because of the ability to better analyze metadata and context. This in turn helps with privilege log document descriptions and justifications and ensuring consistency. But, by far the biggest gain, is the ability to significantly reduce costly and time-intensive manual review and re-review required by legal teams using older search terms and TAR methodologies.ConclusionLeveraging advances in AI and analytics technology enables review teams to identify privileged information more accurately and efficiently. This in turn allows for a more consistent work product, more efficient reviews, and ultimately, lower eDiscovery costs.If you’re interested in learning more about AI and analytics advancements, check out my other articles on how this technology can also help detect personal information within large datasets, as well as how to build a business case for AI and win over AI naysayers within your organization.To discuss this topic more or to learn how we can help you make an apples-to-apples comparison, feel free to reach out to me at RHellewell@lighthouseglobal.com.ai-and-analytics; chat-and-collaboration-data; ediscovery-reviewprivilege, analytics, ai-big-data, blog, ai-and-analytics, chat-and-collaboration-data, ediscovery-review,privilege; analytics; ai-big-data; bloglighthouse

Recently, I had the opportunity to (virtually) attend the first three days of Legalweek, the premier conference for those in the legal tech industry. Obviously, this year’s event looked much different than past years, both in structure and in content. But as I listened to legal and technology experts talk about the current state of the industry, I was happily surprised that the message conveyed was not one of doom and gloom, as you might expect to hear during a pandemic year. Instead, a more inspiring theme has emerged for our industry - one of hope through innovation.Just as we, as individuals, have learned hard lessons during this unprecedented year and are now looking towards a brighter spring, the legal industry has learned valuable lessons about how to leverage technology and harness innovation to overcome the challenges this year has brought. From working remotely in scenarios that previously would have never seemed possible, to recognizing the vital role diversity plays in the future of our industry – this year has forced legal professionals to adapt quickly, utilize new technology, and listen more to some of our most innovative leaders.Below, I have highlighted the key takeaways from the first three days of Legalweek, as well as how to leverage the lessons learned throughout this year to bring about a brighter future for your organization or law firm.“Human + Machine” not “Human vs. Machine” Almost as soon as artificial intelligence (AI) technology started playing a role within the legal industry, people began debating whether machines could (or should) eventually replace lawyers. This debate often devolves into a simple “which is better: humans or machines” argument. However, if the last year has taught us anything, it is that the answers to social debates often require nuance and introspection, rather than a “hot take.” The truth is that AI can no longer be viewed as some futuristic option that is only utilized in certain types of eDiscovery matters; nor should it be fearfully viewed as having the potential to replace lawyers in some dystopian future. Rather, AI has become essential to the work of attorneys and ultimately will be necessary to help lawyers serve their clients effectively and efficiently.1Data volumes are exponentially growing year after year, so much so that soon, even the smallest internal investigation will involve too much data to be effectively reviewed by human eyes alone. AI and analytics tools are now necessary to prioritize, cull, and categorize data in most litigations for attorneys to efficiently find and review the information they need. Moreover, advancements in AI technology now enable attorneys to quickly identify categories of information that previously required expensive linear review (for example, leveraging AI to identify privilege, protected health information (PHI), or trade secret data).Aside from finding the needle in the haystack (or simply reducing the haystack), these tools can also help attorneys make better, more strategic counseling and business decisions. For example, AI can now be utilized to understand an organization’s entire legal portfolio better, which in turn, allows attorneys to make better scoping and burden arguments as well as craft more informed litigation and compliance strategies.Thus, the age-old debate of which is better (human or machine learning) is actually an outdated one. Instead, the future of the legal industry is one where attorneys and legal professionals harness advanced technology to serve their clients proficiently and effectively.Remote Working and Cloud-Based Tools Are Here to StayOf course, one of the biggest lessons the legal industry learned over the past year is how to effectively work remotely. Almost every organization and law firm across the world was forced to quickly pivot to a more remote workforce – and most have done so successfully, albeit while facing a host of new data challenges related to the move. However, as we approach the second year of the pandemic, it has become clear that many of these changes will not be temporary. In fact, the pandemic appears to have just been an accelerator for trends that were already underway prior to 2020. For example, many organizations were already taking steps to move to a more cloud-based data architecture. The pandemic just forced that transition to happen over a much shorter time frame to facilitate the move to a remote workforce.This means that organizations and law firms must utilize the lessons learned over the last year to remain successful in the future, as well as to overcome the new challenges raised by a more remote, cloud-based work environment. For example, many organizations implemented cloud-based collaboration tools like Zoom, Slack, Microsoft Teams, and Google Workspace to help employees collaborate remotely. However, legal and IT professionals quickly learned that while these types of tools are great for collaboration, many of them are not built with data security, information governance, or legal discovery in mind. The data generated by these tools is much different than traditional e-mail – both in content and in structure. For example, audible conversations that used to happen around the water cooler or in an impromptu in-person meeting are now happening over Zoom or Microsoft Teams, and thus may be potentially discoverable during an investigation or legal dispute. Moreover, the data that is generated by these tools is structured significantly differently than data coming from traditional e-mail (think of chat data, video data, and the dynamic “attachments” created by Teams). Thus, organizations must learn to put rules in place to help govern and manage these data sources from a compliance, data security, and legal perspective, while law firms must continue to learn how to collect, review, and produce this new type of data.It will also be of growing importance in the future to have legal and IT stakeholder collaboration within organizations, so that new tools can be properly vetted and data workflows can be put in place early. Additionally, organizations will need a plan in place to stay ahead of technology changes, especially if moving to a cloud-based environment where updates and changes can roll out weekly. Attorneys should also consider technology training to stay up-to-date and educated on the various technology platforms and tools their company or client uses, so that they may continue to provide effective representation.Information Governance is Essential to a Healthy Data StrategyRelated to the above, another key theme that emerged over the last year is that good information governance is now essential to a healthy company, and that it is equally important for attorneys representing organizations to understand how data is managed within that organization.The explosion of data volumes and sources, as well as the unlimited data storage capacity of the Cloud means that it is essential to have a strong and dynamic information governance strategy in place. In-house counsel should ensure that they know how to manage and protect their company’s data, including understanding what data is being created, where that data resides, and how to preserve and collect that data when required. This is important not only from an eDiscovery and compliance perspective but also from a data security and privacy perspective. As more jurisdictions across the world enact competing data privacy legislation, it is imperative for organizations to understand what personal data they may be storing and processing, as well as how to collect it and effectively purge it in the event of a request by a data subject.Also, as noted above, the burden to understand an organization’s data storage and preservation strategy does not fall solely on in-house counsel. Outside counsel must also ensure they understand their client’s organizational data to make effective burden, scoping, and strategy decisions during litigation.A Diverse Organization is a Stronger OrganizationFinally, another key theme that has emerged is around recognizing the increasing significance that diversity plays within the legal industry. This year has reinforced the importance of representation and diversity across every industry, as well as provided increased opportunities for education about how diversity within a workforce leads to a stronger, more innovative company. Organizational leaders are increasingly vocalizing the key role diversity plays when seeking services from law firms and legal technology providers. Specifically, many companies have implemented internal diversity initiatives like women leadership programs and employee-led diversity groups and are actively seeking out law firms and service providers that provide similar opportunities to their own employees. The key takeaway here is that organizations and law firms should continue to look for ways to weave diverse representation into the fabric of their businesses.ConclusionWhile this year was plagued by unprecedented challenges and obstacles, the lessons we learned about technology and innovation over the year will help organizations and law firms survive and thrive in the future.To discuss any of these topics more, please feel free to reach out to me at SMoran@lighthouseglobal.com.1 In fact, attorneys already have an ethical duty (imposed by the Rules of Professional Conduct) to understand and utilize existing technology in order to competently represent their clients.ai-and-analytics; ediscovery-review; legal-operationscloud, information-governance, ai-big-data, blog, ai-and-analytics, ediscovery-review, legal-operations,cloud; information-governance; ai-big-data; blogsarah moran

Cut-off scores, seed sets, training rounds, confidence levels – to the inexperienced, technology assisted review (TAR) can sound like a foreign language and can seem just as daunting. Even for those legal professionals who have had experience utilizing the traditional TAR 1.0 model, the process may seem too rigid to be useful for anything other than dealing with large data volumes with pressing deadlines (such as HSR Second Requests). However, TAR 2.0 models are not limited by the inflexible workflow imposed by the traditional model and require less upfront time investment to realize substantial benefits. In fact, TAR 2.0 workflows can be extremely flexible and helpful for myriad smaller matters and non-traditional projects, including everything from an initial case assessment and key document review to internal investigations and compliance reviews.A Brief History of TARTo understand the various ways that TAR 2.0 can be leveraged, it will be helpful to understand the evolution of the TAR model, including typical objections and drawbacks. Frequently referred to as predictive coding, TAR 1.0 was the first iteration of these processes. It follows a more structured workflow and is what many people think of when they think of TAR. First, a small team of subject-matter experts must train the system by reviewing control and training sets, wherein they tag documents based on their experience with and knowledge of the matter. The control set provides an initial overall estimated richness metric and establishes the baseline against which the iterative training rounds are measured. Through the training rounds, the machine develops the classification model. Once the model reaches stability, scores are applied to all the documents based on the likelihood of being relevant, with higher scores indicating a higher likelihood of relevance. Using statistical measures, a cutoff point or score is determined and validated, above which the desired measure of relevant documents will be included. The remaining documents below that score are deemed not relevant and will not require any additional review.Although the TAR 1.0 process can ultimately result in a large reduction in the number of documents requiring review, some elements of the workflow can be substantial drawbacks for certain projects. The classification model is most effectively developed from accurate and consistent coding decisions throughout the training rounds, so the team of subject-matter experts conducting the review are typically experienced attorneys who know the case well. These attorneys will likely have to review and code at least a few thousand documents, which can be expensive and time consuming. This training must also be completed before other portions of the document review, such as privilege or issue coding, can begin. Furthermore, if more documents are added to the review set after the model reaches stability (think, a refresh collection or late identified custodian) the team will need to resume the training rounds to bring the model back to stability for these newly introduced documents. For these reasons, the traditional TAR 1.0 model is somewhat inflexible and suited best for matters where the data is available upfront and not expected to change over time (i.e. no rolling collections) so that the large number of documents being excised from the more costly document review portion of the project will offset the upfront effort expended training the model.TAR 2.0, also referred to as continuous active learning (CAL), is a newer workflow (although it has been around for a number of years now) that provides more flexibility in its processes. Using CAL, the machine also learns as the documents are being reviewed, however, the initial classification model can be built with just a handful of coded documents. This means the review can begin as soon as any data is loaded into the database, and can be done by a traditional document review team right from the outset (i.e. there is no highly specialized “training” period). As the documents are reviewed, the classification model is continuously updated as are the scores assigned to each document. Documents can be added to the dataset on a rolling basis without having to restart any portion of the project. The new documents are simply incorporated into the developing model. These differences make TAR 2.0 well suited for a wider variety of cases and workflows than the traditional TAR 1.0 model.TAR 2.0 Workflow ExamplesOne of the most common TAR 2.0 workflows is a “prioritization review,” wherein the highest scoring documents are pushed to the front of the review. As the documents are reviewed the model is updated and the documents are rescored. This continuous loop allows for the most up-to-date model to identify what documents should be reviewed next, making for an efficient review process, with several benefits. The team will review the most likely relevant, and perhaps important, documents first. This can be especially helpful when there are short timeframes within which to begin producing documents. While all documents can certainly be reviewed, this workflow also provides the means to establish a cutoff point (similar to TAR 1.0) where no further review is necessary. In many cases, when the review reaches a point where few relevant documents are found, especially in comparison to the number of documents being reviewed, this point of diminishing returns signals the opportunity to cease further review. The prioritization review can also be very effective with incoming productions, allowing the system to identify the most relevant or useful documents.An alternative TAR 2.0 workflow is the “coverage” or “diverse” review model. In this model, rather than reviewing the highest scoring documents first, the review team focuses on the middle-scoring range documents. The point of a diverse review model is to focus on what the machine doesn’t know yet. Reviewing the middle range of documents further trains the system. In this way, a coverage TAR 2.0 review model provides the team with a wide variety of documents within the dataset. When using this workflow for reviews for productions, the goal is to end up with the documents separated between those likely relevant and those likely not relevant. This workflow is similar to the TAR 1.0 workflow as the desired outcome is to identify the relevant document set as quickly or directly as possible without reviewing all of the documents. To illustrate, a model will typically begin with a bell-shaped curve of the distribution of documents across the scoring spectrum. This workflow seeks to end with two distinct sets, where one is the relevant set and the other is the non-relevant set.These workflows can be extremely useful for initial case assessments, compliance reviews, and internal investigations, where the end goal of the review is not to quickly find and produce every relevant document. Rather, the review in these types of cases is focused on gathering as much relevant information as possible or finding a story within the dataset. Thus, these types of reviews are generally more fluid and can change significantly as the review team finds more information within the data. New information found by the review team may lead to more data collections or a change in custodians, which can significantly change the dataset over time (something TAR 2.0 can handle but TAR 1.0 cannot). And because the machine provides updated scoring as the team investigates and codes more documents, it can even provide the team with new investigational avenues and leads. A TAR 2.0 workflow works well because it gives the review team the freedom to investigate and gain knowledge about a wide variety of issues within the documents, while still ultimately resulting in data reduction.ConclusionThe above workflow examples illustrate that TAR does not have to be the rigid, complicated, and daunting workflow feared by many. Rather, TAR can be a highly adaptable and simple way to gain efficiency, improve end results, and certainly to reduce the volume of documents reviewed across a variety of use cases.It is my hope that I have at least piqued your interest in the TAR 2.0 workflow enough that you’ll think about how it might be beneficial to you when the next document review project lands on your desk.If you’re interested in discussing the topic further, please freely reach out to me at DBruno@lighthouseglobal.com.ai-and-analytics; ediscovery-reviewtar-predictive-coding, blog, ai-and-analytics, ediscovery-reviewtar-predictive-coding; blogdavid bruno

Legal operations and process improvements can be tough if you are not speaking the same language. Does the following sound like something you would say? “I'm new to legal operations having come from a business background. Legal has a completely different mindset and even getting people to recognize that we have processes, let alone that we need to improve them, can be difficult. How do I speak to lawyers about process improvement?”If so, you’re in good company. This comment represents a theme I have heard at various legal operations conferences that I have attended. My background as a lawyer turned executive puts me in the position of speaking both lawyer and business professional. Here are some things that, in my experience, have been helpful for legal operations or business professionals entering the world of legal, to know.First, know that the need for a process is not a presumption. Often in the business world, there is general agreement that things should follow a process. That is not the same in legal. There isn’t a presumption for, or against, a process. It isn’t something that is thought about very much and since legal work is different for each matter (i.e. each contract is unique, each litigation is unique), there is a predisposition to thinking things should be done uniquely each time. This predisposition can be overcome but it does warrant an explanation, which is different from the status quo in the business realm.Second, recognize that many lawyers think in terms of risk and not just traditional financial ROI, as many business professionals are taught. For example, a change in a process can be seen as risky because it represents the unknown, so there may be hesitation to change despite a clear financial benefit. The way to overcome this is to consider and quantify the risks of any current process and changes to that process. Much in the way that you would traditionally quantify a financial ROI of anything you’re doing (or not doing), add in the risk factors and mitigations. Third, many lawyers like to see the world in steps from beginning to end – not with a whole bunch of uncertainty in the middle. So, laying things out in a detailed methodical way (e.g., how you will get from where you are now to the final result) will resonate with lawyers. If you do not know all the steps, at least showcasing what you have thought through or when you will have more details will be helpful in overcoming any skepticism.Finally, make sure you’re using a shared language. The meaning of words is very specific in the legal world. How a term has been defined in a contract can be the subject of an entire lawsuit and can make or break a business, so lawyers take definitions very seriously. Making sure everyone is on the same page with respect to the business language you are using can go a long way in avoiding unnecessary confusion. legal-operationslegal-ops, blog, legal-operations-legal-ops; bloglighthouse

Let’s begin by setting the stage. You’ve evaluated the ways a self-service, spectra eDiscovery solution could benefit your organization and determined the approach will help you boost workflow efficiency, free up internal resources, and reduce eDiscovery practice and technology costs. You’ve also researched how to ideally implement a solution and armed yourself with strategies to build a business case and overcome stakeholder objections that may arise.You’re now ready to move on to the next step in your organization’s self-service, spectra eDiscovery journey: selecting the right solution provider. When it comes to selecting a solution provider, one size does not fit all. Every organization has different eDiscovery needs—including yours—and those needs evolve. From how attorneys and eDiscovery teams are structured within the organization and their approach to investigations and litigations, to the types of data sources implicated in those matters and how those matters are budgeted—there’s a lot to be considered.The self-service, spectra solution you choose should be able to adapt to your changing needs and grow with your organization. Below, I’ve outlined four key considerations that will help you select a fitting self-service, spectra solution for your organization.1. Is the solution capable of scaling to handle any matter? ‍It’s important to select a self-service, spectra eDiscovery solution capable of efficiently handling any investigation or litigation that comes your way. A cloud-based solution can easily, swiftly scale to handle any data volume.You’ll also want to ensure your solution can handle the type of data your organization routinely encounters. For example, collecting, processing, and reviewing data generated by collaborative applications like Microsoft Teams may require special tools or workflows. The same can be said for data generated by chat messages or cellphone data. Before selecting a self-service, spectra solution, you’ll benefit from outlining the types of data your organization must handle and asking potential solution providers how their platform supports each.Additionally, you may be interested in the ability to move to a full-service model with your provider, should the need arise. With scalable service, your team will have access to reliable support if a matter become too challenging to manage in house. With a scalable solution bolstered by a flexible service model, your organization can bring on help as needed, without disruption. 2. Does the solution drive data reduction and review efficiency across the EDRM?‍Organizational data volumes are increasing year after year—meaning even small, discrete internal investigations can quickly balloon into hundreds of thousands of documents. Collecting, processing, analyzing, and producing large amounts of data can be costly, complicated, time consuming, and may open up your organization to legal risk if the right tools and workflows are not in place.Look for a self-service, spectra solution capable of managing data at scale, with the ability to actively help your organization reduce its data footprint. This means choosing a provider that can offer expert guidance around data reduction techniques and tools. Ask potential solution providers if they have resources to address the cost burden of data and mitigate risk through strategies like defensible data collections, effective search term selection, or crafting early case assessment (ECA), and technology assisted review (TAR) workflows.The provider should also be able to deliver technology engineered to reduce data resource draw, like processing that allows access to data faster, tools to cut down on hosted review data volume, and AI and analytics that provide the ability to re-use attorney work product across multiple matters. In short, seek a self-service, spectra solution that gives your organization the ability to defensibly and efficiently reduce the amount of costly human review across your organization’s portfolio. 3. Will the solutions’ pricing model align to your organization’s changing needs? Your organization’s budget requirements are unique and will likely change over time. Look for a solution provider that can change in accord and offer a variety of pricing models to fit your budgetary requirements. Ask prospective providers if they are able to design pricing around your organization’s expectations for utilization. Modern pricing models can be flexible yet predictable to prevent unexpected charges or overages, and ultimately align to your organization’s financial needs.4. Is the solution’s roadmap designed to take your organization into the future? When selecting a self-service, spectra solution it’s easy to focus on your current needs, but it’s equally important to consider what a self-service, spectra solution provider has planned for the future. If a vendor is not forward thinking, an organization may find itself being forced to used outdated technology that’s not able to take on new security challenges or process and review emerging data sources.Pursue a provider that demonstrates the ability to anticipate market trends and design solutions to address them. Ask potential providers to articulate where they see the market moving and what plans they have in place to update their technology and services to reflect what’s new. It can be helpful to question if a provider’s roadmap aligns to your organization’s direction. For example, if you know your company is planning to make a systematic change, like moving to a bring your own device (BYOD) policy or migrating to the cloud, you’ll want to confirm the self-service, spectra solution can support that change. Asking these types of questions before selecting a provider will guarantee the solution you choose will be able to grow with both your organization and the eDiscovery industry as a whole. With awareness and understanding of the true potential offered in a self-service, spectra solution, you can ultimately choose a provider that will help you level up your organization’s eDiscovery program. ediscovery-review; ai-and-analyticsself-service, spectra, blog, ediscovery-review, ai-and-analyticsself-service, spectra; bloglighthouse

When it comes to storing organizational data in the Cloud, a few phrases come to mind: the train has left the station; the ship has sailed; the horse is out of the barn, etc. No matter how you phrase it, the meaning is the same – the world is moving to the Cloud, with or without you. It is no longer an oncoming revolution. The revolution is here and your organization needs to prepare for dealing with data in the Cloud, if it hasn’t already. With that in mind, let’s talk cloud logistics – namely, security and cost.First up to the Plate – Cloud Security You might have heard the analogy circulating in technology forums recently that storing your data within the Cloud is akin to storing data on someone else’s hard drive. Unfortunately, from a security perspective, that’s not quite an accurate analogy (although life would be much easier if it were true).Don’t get me wrong - a significant benefit of moving to the Cloud is that it allows an organization to transfer much of the day-to-day security management to a technology company with the resources and expertise to handle that risk. Thus, if you are moving to a private cloud (i.e., renting data center space for your equipment), you can ease security concerns by ensuring that the hosting company maintains widely recognized security attestations/certifications and has a demonstrated commitment to data center security in accordance with strict vendor management risk processes. And of course, there’s always the reassurance when moving to a public cloud (Microsoft’s Azure or Amazon’s AWS) that you’re entrusting your data to companies with seemingly infinite security resources and expertise. That all certainly helps me sleep better at night.However, working within the Cloud still poses unique internal security challenges that will only amplify any of your existing security weaknesses if you’re not prepared for them. To put it another way: ISO certifications from cloud service providers cannot protect you from yourself. Risk, governance, and compliance teams will need to identify, plan for and adapt to internal security challenges. To do so, be sure to have a change management and review approval process in place (ideally before moving to the Cloud, but if not, as soon as possible once you’ve migrated). Also, ensure that your company has someone on hand (either through a vendor or within your IT staff) with the expertise needed to manage your internal cloud security who can stay abreast of all updates and changes.Next up – CostTo plan for a cloud migration, all stakeholders (including Legal Operations, Finance, DevOps, Security, and IT) should have a seat at the table and a plan in place for scaling up in the Cloud. Each team should understand the plan and process, as well as the role their team plays in controlling cost and risk for the company.Cloud Security and Costs Best PracticesTo plan for security risk in the Cloud, companies should ensure that:All cloud service providers are fully vetted, security certified, and have the requisite posture in place to fully protect your data.Company internal processes are evaluated for security risks and gaps. Have a change management and review approval process in place and ensure that you have the experts on hand to manage your cloud security practices and stay abreast of all updates and changes.To plan for costs, companies should ensure that:All stakeholders (including Legal Operations, Finance, DevOps, Security, and IT) collaborate and have a plan in place for scaling up within the Cloud when needed.Each team understands the plan and process, as well as the role their team plays in controlling cost and risk for the company.data-privacy; information-governancecloud-security, cloud-migration, blog, data-privacy, information-governancecloud-security; cloud-migration; blogmarcelino hoyla