Lighthouse Blog

Like most cloud-based productivity platforms, Google offers solutions for both home and business environments. Free for personal use applications such as Gmail, Google Docs, and Google Drive deliver a rich set of communication and Office-like functionality that have near feature parity with their commercial corporate-focused G Suite counterparts. From the perspective of evidence acquisition in the civil arena, we find a significant number of organizations bypassing the conventional Microsoft stack in favor of G Suite. These organizations tend to operate in the technology space including biotech, electronics, engineering, and all flavors of “garage” startups.While cloud platforms enable a limitless world of collaboration and information storage, they also introduce an alternative set of metadata that can trip up seasoned examiners and eDiscovery practitioners. This can be particularly problematic for metadata dates. Historically, determining the date of a file that moved between computers is quite simple; however, arriving at the “best” date for any given piece of cloud evidence can be a subjective exercise and is limited to metadata exposed and potentially altered by the cloud platform. In the following post, I’ll dive into how this issue arises so that practitioners and analysts can use the most accurate evidence date for their eDiscovery needs. A “document” in Google Docs is simply a set of records and field values stored in a database. This departs from the traditional concept of a document being contained in a stand-alone file on your computer’s desktop. Currently, to be reviewed alongside traditional ESI, a Google Doc (ie, a spreadsheet or presentation) must be pulled from Google’s database, converted into a traditional document file, and downloaded for processing and review.Thus, the handling of dates can become an issue for documents within G Suite. If a Microsoft (MS) Excel document is created by a user on their laptop, uploaded to Google Drive, edited in place, and then later downloaded for eDiscovery purposes, what is the document’s date? A typical MS Office (Excel, Word, PowerPoint, etc) document has three dates assigned by the file system (think: my laptop’s hard drive): Created, Modified, and Accessed. It also has up to three dates “embedded” inside the file itself: Created, Modified, and Last Printed. What happens when the Excel file makes a round trip to Google and back? With so many dates to choose from, it’s tough to pick just one!Before the upload to Google Drive, here are the file system dates for our MS Excel document. Notice that the file system is telling us the document was created on June 30, 2020, at 11:33 AM.And here are the embedded “application” dates. Note that “Date last saved” is essentially a “modified” date, and this document has not yet been printed. By looking at the application-level dates, we can also tell that the file was actually created at 11:04 AM, and then copied to its present location at 11:33 AM.After uploading to Google Drive, Google will assign its own Created and Modified dates to the item. You’ll notice in the graphic below that Google’s displayed Modified date of June 30 at 1:36 PM matches the Modified date of the original file. So far so good! But, take a look at Google’s recording of the Created Date: it’s been set by Google to simply “11:23 AM” on the date of the upload action (July 10, 2020.) Notice also that Google indicates the document was created “with Google Drive Web.”Now, let’s make an edit to the Excel file. There are two ways to accomplish this in Google Drive: 1) you can edit the document “in place” using Google Docs without abandoning the original MS Excel format, or 2) you can do a “Save As” and convert the document into Google Sheets format. In this example, we are going to use method #1 and make a couple of edits to our MS Excel file. Google Docs immediately auto saves the file for us. Let’s look at the dates.After editing in Google Drive, but leaving as Excel format, you’ll notice in the graphic below that Google’s Modified date has been changed to the time of the edit. This makes sense. The Created date, which Google previously set to the time of upload, remains the same.Let’s assume that this record is needed for e discovery purposes, and it is downloaded from Google Drive to a forensic examiner’s machine to pass along to the case team. When the file reaches the machine, the creation of the new file results in the following file system date values. Notice that they’ve all been changed to the date/time of the download action!However, if we take a look inside the Excel file at the embedded “application” dates, we notice that we have a creation date of 6/30/2020 at 11:04 AM that has remained unaltered throughout this entire process. However, the “Date last saved” is reflective of the time of the download action. We may have expected this date to be set to 11:27 AM, which was the time at which the document was edited in Google Drive, but it is unfortunately altered by the download action. The image on the right shows the “Info” tab from MS Excel itself, which indicates a blank value for “Last Modified.”Using the same Excel file, I will now choose to “Save as Google Sheets”.You’ll notice that the creation and modification timestamps in the graphic below have been set to the time at which the MS Excel file was converted to a Google Sheet. Google also indicates the application that created the document was “Google Sheets.”I made a couple of edits to the file in Google Sheets and then right clicked to download it to my workstation. First, Google converts the file from Google Sheets format into MS Excel format.chat-and-collaboration-data; information-governancecloud, g-suite, blog, chat-and-collaboration-data, information-governancecloud; g-suite; blogjosh headley

It feels fitting that the summer of 2020 would bring us Schrems II. This surprising Court of Justice of the European Union (CJEU) decision wreaked havoc in late July by invalidating the EU - U.S. Privacy Shield and calling into question other mechanisms for transferring the personal data of EU citizens into the United States (and beyond) under the GDPR. Let’s take a deeper dive into that decision and what it means for companies that need to transfer EU citizens’ data into the U.S.Shrems HistorySchrems II is the second decision by the CJEU that is based on privacy complaints made against Facebook by Austrian privacy activist Max Schrems. Both cases stem from privacy concerns related to the U.S. National Security Agency (NSA)’s ability to access the personal data of EU citizens, famously disclosed by Edward Snowden in 2013.In the first Schrems decision in 2015, the CJEU invalidated the U.S. - EU Safe Harbor Framework (the predecessor to the EU - U.S. Privacy Shield) as a means to transfer personal data from the EU into the U.S., finding that the protections afforded by the Safe Harbor framework did not meet fundamental privacy rights guaranteed within the EU to EU citizens.In the aftermath of the first Schrems decision, the U.S. Department of Commerce and the EU Commission collaborated to implement the EU-U.S. Privacy Shield as a replacement to the Safe Harbor Framework, again allowing for a broader transfer mechanism of personal data into the U.S. compared to the alternatives (namely, “standard contractual clauses” (SCCs) and “binding corporate rules” (BCRs) – more on those below). Since its implementation in 2016, over 5,000 organizations have met the requirements administered by the International Trade Administration to join the Privacy Shield. Meeting those requirements can mean a large investment for organizations in overhauling their data privacy practices.That brings us to Schrems II, wherein Schrems brought a second complaint against Facebook, this time challenging the validity of SCCs as a mechanism to transfer personal data into the U.S. In Schrems II, he argued that the same privacy concerns related to the NSA’s ability to access EU citizens’ personal data under the Safe Harbor framework also applied to personal data transferred via an SCC. It should be noted here that around the same time, European privacy advocates also filed a challenge to the new EU-U.S. Privacy Shield with the European Court.Schrems II CJEU DecisionIn the Schrems II ruling in July, the CJEU ultimately decided to address both the EU-U.S. Privacy Shield and SCC issues.The Court upheld the validity of SCCs as a means to transfer personal data from the EU into the U.S. However, rather than carte blanche approval, the Court laid out obligations for both parties of an SCC and data protection supervisory authorities within the EU. Those obligations include:Entities that are transferring personal data of EU citizens into the U.S. must verify “on a case by case basis” that the protections afforded by the SCC can be met and that there is an “adequate level of protection” in the U.S. to protect the personal data of EU citizens.Entities that are receiving personal data of EU citizens in the U.S. have an obligation to notify the data exporter if they are unable to comply with the SCC for any reason.Data protection supervisory authorities within the EU have a mandatory obligation to evaluate not only the terms of the SCCs themselves, but also whether the data protections afforded by the U.S. legal system can meet those terms. If the SCC is found to be insufficient, the supervisory authority has an obligation to stop the transfer.This decision puts SCCs (and thereby BCRs) on shaky ground throughout the entire world, because the threshold set by the Court applies to any third country, not just the U.S. (see Questions 2 and 6 of the FAQ issued by the European Data Protection Board for more information on these points).However, the real kicker of Schrems II for U.S.-based companies with an international presence is that the CJEU completely invalidated the EU-U.S. Privacy Shield. The Court found that the U.S. does not provide sufficient protection of EU citizens’ personal data because of the access the U.S. government has to EU citizens’ personal data and because EU citizens have no means of redress against U.S. authorities should their privacy rights be violated.What Does Shrems II Mean for Companies that Need to Transfer Personal Data from the EU into the U.S.Companies that were relying on the Privacy Shield to transfer EU data into the U.S. should:Work to put individual SCCs or BCRs in place to achieve these transfers. There is no grace period during which a company can keep transferring data using the Privacy Shield mechanism, according to the European Data Protection Board (see Question 3 for more information).Continue to comply with all current Privacy Shield obligations. While the CJEU decision invalidates the Privacy Shield, it does not relieve current participant organizations of their obligations.Watch for further guidance from both the European Data Protection Board and the U.S. Department of Commerce (DOC). DOC and the European Commissioner for Justice issued a joint press release in early August, stating that they have initiated discussions to evaluate the potential for an enhanced EU-U.S. Privacy shield framework that would meet the requirements laid out by the CJEU.Companies that rely on SCCs or BCRs as a means to transfer personal data should: Conduct a risk assessment to determine whether those agreements and the recipient of the data in the U.S. can provide an adequate level of data protection, according to the European Data Protection Board (see Questions 5 and 6 for more information).Watch for further guidance from data protection authorities in relevant countries related to SCCs and BCRs in the wake of Schrems II. The transfer of personal data between countries is vital to the lifeblood of many companies, large and small. While Schrems II has thrown a wrench into the legality of those transfers… all is not lost. Stay tuned for updates from U.S. and EU authorities that may help ease the burden of this unexpected decision by the CJEU. Resources for More Information CJUE Schrems II full decision: http://curia.europa.eu/juris/document/document.jsf?text=&docid=228677&pageIndex=0&doclang=en&mode=lst&dir=&occ=first&part=1&cid=16606736CJEU press release on its Schrems II decision: https://curia.europa.eu/jcms/upload/docs/application/pdf/2020-07/cp200091en.pdfEU – U.S. Privacy Shield Program Schrems II FAQs: https://www.privacyshield.gov/article?id=EU-U-S-Privacy-Shield-Program-UpdateEuropean Data Protection Board Schrems II FAQs: https://edpb.europa.eu/our-work-tools/our-documents/ovrigt/frequently-asked-questions-judgment-court-justice-european-union_enS. Secretary of Commerce Wilbur Ross Statement on Schrems II ruling and the importance of EU-U.S. data flows: https://www.commerce.gov/news/press-releases/2020/07/us-secretary-commerce-wilbur-ross-statement-schrems-ii-ruling-andJoint press statement from the U.S. Secretary of Commerce and the European Commissioner regarding initiated discussions for a new privacy shield: https://www.commerce.gov/news/press-releases/2020/08/joint-press-statement-us-secretary-commerce-wilbur-ross-and-europeanUK’s Information Commissioner’s Office updated statement on the Schrems II decision: https://ico.org.uk/make-a-complaint/eu-us-privacy-shield/To discuss this topic further, please feel free to reach out to me at SMoran@lighthouseglobal.com. Or, take a look at other Worldwide Data Privacy Updates.data-privacycloud-security, blog, data-privacycloud-security; blogsarah moran

We are now past the midpoint of 2020, which means we are more than halfway through the first year of a brand new decade. This midway point is a great time to take a look at the hottest trends in the legal tech world and predict where those trends may lead us as we move further into the new decade.If we were evaluating future trends in legal tech during a normal year, there might be one or two uncertainties or prominent events from the first half of the year that we would need to take into account. Maybe a shift in global data safety laws or a change to the Federal Rules of Evidence. But, as I’m sure we’re all tired of reading, 2020 has not been a normal year (“the new normal”, “these uncertain times”, “these unprecedented events”, etc. etc. etc.). No matter how you phrase it, we can all agree that 2020 has been… unpredictable. Or to be a bit less understated: the first six months of 2020 have drastically changed how many corporations and law firms function on a day-to-day basis, and industry leaders are predicting that many of those changes will have a lasting effect. For example, a recent Gartner survey of company leaders from HR, legal and compliance, finance, and real estate industries showed that 82% of those responding plan to allow employees to continue working remotely in some capacity once employees are allowed back in the office, while close to half responded that they will allow employees to work remotely full time.So what does that mean for the legal tech industry? Well, while the world around us has changed dramatically due to the events of 2020, many of those changes actually dovetail quite nicely into where legal tech was already headed. In this article, we will look at the latest trends in legal tech and how 2020, in all its chaos, has affected those trends.SaaS self-service, spectra eDiscovery: The growing adoption of cloud services is leading us to a unique hybrid approach to managing eDiscovery programs: SaaS self-service, spectra eDiscovery solutions. This new subscription-based approach gives law firms and corporate legal teams the ability to take charge of their own fates by bringing their eDiscovery program in house, while leaving much of the security risks, costs, and IT burdens to a reputable, secure vendor that can house the data in a private cloud or within its own data centers. The benefit of controlling your own eDiscovery program in house are obvious. Legal teams would have the ability to control costs and access their data whenever and wherever they need to without the expense and hassle of having to go through a middle man. It would also give legal teams more control over their own costs, deadlines, and workflows, with the ability to fluidly scale up or down depending on case need. The self-service, spectra subscription approach is also unique in that it leaves the burden and risk of creating and managing an entire IT data storage infrastructure with the vendor. A security-minded vendor with SOC 2 and ISO 27001 security certifications can house data in a private cloud or their own data center, providing a completely secure environment without the overhead and risk of managing that data in house. A subscription service also may come with the reassurance that if a project or timeline becomes more burdensome than expected, the in-house team could easily pass off a workflow or entire project to the vendor seamlessly.In 2020, a SaaS self-service, spectra solution has the added benefit of being available in every location around the world, at any time. If a worldwide pandemic has taught us anything, it is that traveling to multiple locations throughout the world to set up data centers to handle the specific needs of a case or a client is no longer a feasible solution. Housing and accessing data in the Cloud does not require abiding by global travel restrictions or mandatory quarantines. A SaaS self-service, spectra model where data is stored in the Cloud allows for global expansion without concern for pandemics, natural disasters, or political uncertainty.Big Data Analytics: Big data analytics and technology assisted review (TAR) are certainly not new ideas to 2020. The technology and tools have existed for years and the legal industry has slowly been adopting them. (I say “slowly” in contrast to how fast these tools are developed and adopted in other areas outside of the legal field.) The need to find reliable ways to comb through massive amounts of data in the eDiscovery and compliance arenas will only grow, and we can expect that the technology will only continue to improve and become even more reliable.One could argue that the biggest hindrance to big data analytics in the legal world is not the advancement of the technology, but rather the ability and willingness of many lawyers and courts to adopt that technology as a defensible, necessary legal tool in the modern world of big data. The legal field is notoriously slow to adopt new technology. As a personal example, I clerked for a prominent, incredibly smart criminal defense attorney who still used carbon paper to make copies of important court filings. This occurred during the same year that the third season of Lost aired (or the same year that the first season of Madmen premiered - pick your reference. Either way, not that long ago). And every law firm is rife with stories of the old-school partner who holes up in the firm library (the existence of which could also be an example to my point, in and of itself) because she doesn’t believe in online legal research. While the practice of law is steeped in an awe-inspiring mix of tradition and history, it can also be frustratingly slow to expand on that tradition because it refuses to use a copier. Even Don Draper had a copier by the second season.However, if we can say one positive thing about 2020, it is that the last six months have pushed the legal world into the technological future more than any other time period to date. Almost every in-house counsel, law firm, and court across the globe has been forced to find a way to conduct its business in a completely remote environment. This means that judges, law firms, and in-house counsel are facing the reality that the legal world needs to rely on and adapt to technology in order to survive. One hopes that this new reality helps lead to a more robust adoption of technological advancement in the legal world in general, and hopefully, a shift away from the reactionary relationship the legal industry always seems to have with technology. Because data volumes will only continue to explode and there will come a time in the near future when it will not be defensible to tell a judge or a client that discovery may take years in order to allow time for a team of 200 contract attorneys to look at each individual document that hits on a search term. Analytics will eventually be a requirement for a defensible eDiscovery program, and 2020 may be the year that helps many in the legal field take a more proactive approach to its adoption.New sources of data (i.e. collaboration tools): Like big data analytics, online collaboration tools like Teams and Slack are not new to 2020, but this year has certainly helped push the use of these tools to the forefront of many companies’ day-to-day business. It seems like new collaboration tools arise every month and companies are increasingly pushing employees to utilize them. Organizations are realizing the value of these collaboration tools in a post-COVID environment, where online collaboration is not only preferable, but absolutely critical. Not to repeat some of 2020’s greatest memes, but I’m sure we’ve all seen the 2020 adage that this is the year that we all realized that not only could that meeting have been an email, that email could have been an instant message. Data actually proves that theory to be true. Microsoft for example, found that chat messages within Microsoft Teams meetings increased over 10x from March 1 to June 1.The widespread use of these types of tools, in turn, generates more and more unique data that needs to be accounted for during an eDiscovery or compliance event Going forward, organizations will need to ensure that they know which tools their employees or contractors are using, what data those tools generate, and how to defensibly collect, process, and review that data in the event of a lawsuit or investigation (or retain a vendor who can guide them through that process). Which brings us to our final 2020 trend…Continuous program update subscription services: Going hand-in-hand with the above, watch out for eDiscovery programs and solutions that can manage the continuous delivery of program updates on all of the applications and platforms that organizations use to effectively perform their work. Gone are the days when the same data collection or processing workflow could be used for years at a time and still be defensible. From iPhone iOS to Teams, systemic updates to work applications and platforms can now roll out on an almost weekly basis, and it is imperative that legal and compliance teams stay on top of those updates and adapt to them in order to ensure that company information remains secure and that any data generated can be defensibly collected and processed when needed. In 2020 and beyond, look for technologically advanced eDiscovery subscription services that give companies the ability to prepare for and stay ahead of the never-ending stream of software updates.To discuss this topic further, please feel free to reach out to me at SMoran@lighthouseglobal.com.ai-and-analytics; ediscovery-review; legal-operationscloud, ai-big-data, blog, ai-and-analytics, ediscovery-review, legal-operations,cloud; ai-big-data; blogsarah moran

Standardizing your eDiscovery program can be a huge benefit to you and your team. With a well-rounded program, you are able to pressure test and layer in repeatable and trackable processes at each stage of the EDRM. This will result in a lower overall cost of eDiscovery and the ability to more accurately forecast spend from matter to matter. Your program will reduce risk, and increase quality, efficiency, and consistency. You will also have the advantage of program-wide metrics and analysis, leading to knowledge that will empower you to make better and more informed litigation and investigation decisions early on, which in turn leads to better outcomes and greater defensibility. Finally, with your program-wide data tracking you will be able to showcase true ROI and other key metrics. It sounds pretty good, right? So, why doesn’t everyone standardize their eDiscovery program? It can be a challenge. There are several hurdles that one may face when trying to socialize and drive the adoption of their program. For example, lack of alignment across key stakeholders and the challenges of trying to build a program while also managing the pressures of ongoing litigation deadlines. You may also have to invest more time and potentially more cost upfront, which can be a resourcing challenge, and you may have to redefine efficiency across multiple teams. Managing expectations across key stakeholders is critical to building a successful program. Change doesn’t happen overnight.How do you go about overcoming these challenges and standardizing your program? I’ve summarized some tips and best practices below for socializing, implementing, and getting your eDiscovery program to be accepted as the standard both within your organization and beyond.Getting StartedTo begin, build one thing at a time. It is important not to bite off more than you can chew. Start with one project, implement it, and carefully review the results. If it is successful, drive adoption internally, and once it is adopted you can get started on the next project or piece of the program. Be sure all of your key stakeholders are involved early on and set up weekly or even monthly strategy sessions with these stakeholders to ensure that everyone has a seat at the table and a voice in program development decisions. Finally, documentation is your single source of truth. Be sure to think about what you are documenting, where you are storing it, when it should be evaluated for updates, and how it will be circulated after these updates are made. More on driving a successful eDiscovery project can be found in this article, Staying on Pointe: Key Lessons eDiscovery Professionals can Learn from Ballet.Ensuring the Right AudienceAs I mentioned above, you need to be sure to involve all key stakeholders when driving the standardization of your eDiscovery program, but how do you make sure you have the right audience? It is different for everyone and will depend on your organization. Typically, I would recommend that you involve your legal operations and finance teams, as well as any other teams with eDiscovery stakeholders. Once you have these folks identified, set up that recurring strategy meeting.Showing ROIWhen it comes to showing ROI you want to be sure to pick what will make an impact within your company. Whether that be risk reduction, cost reduction, efficiency gains, or something else, you want to focus on what matters at your organization. This is where the documentation I mentioned above comes into play. Be sure you are tracking the metrics and results you would like to report on and format them in graphs, charts, and high-level stats that your key stakeholders can take away and share with their teams. Lean on your providers to help you pull metrics and come up with creative ways to display ROI across your program. It is also important to note that your ROI focus may shift over time, so be sure to remain flexible and check-in with leaders on a bi-annual or annual cadence.Socializing & Driving AdoptionSo, you know how to get started, who to involve, and how to show ROI, but how do you socialize and drive adoption? This is the hardest part and will require flexibility. It is important not to design and drop. You have to continue to reiterate the program and processes consistently. Document your processes, track your results, and make sure you build in a regular feedback loop. Ensure you have support from the right people. This can include your internal teams, outside counsel, vendor(s), etc., and can vary depending on your organization. Be open to feedback and revisions as they come along, document those updates, and share them out.To summarize, when looking to standardize and socialize your eDiscovery program, remember to:involve the right folks early on;build one thing at a time;document the processes;show meaningful ROI; andbe open to feedback - a successful program evolves!To discuss this topic further, please feel free to continue the discussion by emailing me at SBarsky-Harlan@lighthouseglobal.com.ediscovery-review; legal-operationsediscovery-process, blog, ediscovery-review, legal-operationsediscovery-process; blogsarah barsky harlan

In the eDiscovery space, we are always spotting new trends. Our industry has seen text messages, chat message platforms, websites, and various unstructured data sources become increasingly relevant during discovery. Over the past several years, we have started to see another new trend emerge - many of our clients are using Corporate G Suite rather than Office 365.The use of emerging technologies is part of everyday life for many companies in the space. However, we are beginning to see established biotech, healthcare, manufacturing, and retailers shift to G Suite, an area that was once almost exclusively dominated by on-prem Microsoft products. This transition introduces some new considerations around managing discovery. In this post, we talk about three impacts that G Suite data has on downstream eDiscovery workflows, and the need to factor these items into your discovery plan. Recipient Metadata: Gmail renders email header information in a unique format. While the last-in-time email in a given string will have all expected sender and recipient information (From, To, CC, BCC), all other previous messages exchanged in the email string will display only the sender information and will not display the recipient information. This is not a collection, processing, metadata, or threading issue. Rather, this relates to how Gmail stores and exports recipient information. This presents some unique document review challenges, as previous parts of the thread could include recipients that are not visible to the reviewer, and may include attorneys who have sent privileged communications. As a result, it is important to work closely with your project management team to create workflows related to Gmail. ‚ÄçLinks: Historically, we have all attached copies of documents (e.g. Word, Excel, and PowerPoint files) to an email during the normal course of business. Due to the emergence of technologies such as SharePoint and Google Drive, we now have the ability to send emails with embedded links that reference documents rather than attaching the document itself. When Gmail is exported from Google Vault, the documents referenced in links embedded throughout email exchanges are not exported. As a result, reviewers will encounter these links, but will be unable to readily view the corresponding document referenced in said link. At present, Google Vault does not allow for the mass search and export of these links. However, you do have the ability to manually pull documents referenced in these links. You should be mindful of this issue when drafting your ESI protocol, as opposing parties and regulators may request that your company retrieve these documents.‚ÄçExported Load File: Unlike a standard PST export, when you export a mailbox or set of documents from Google Vault, you have the ability to retrieve a corresponding load file that contains metadata captured in G Suite. Sometimes, the date-related metadata extracted during processing, will not align with dates exported from G Suite. There are a variety of legitimate reasons for this. You will need to determine if you want to produce the date metadata extracted from the processing platform, date values exported from Vault, or both.All of the above items are manageable when in-house legal teams, outside counsel, and eDiscovery vendors work together to proactively implement appropriate downstream eDiscovery workflows. If you have experience with G Suite data or thoughts on managing the discovery of G Suite data, please reach out to me at ashier@lighthouseglobal.com.chat-and-collaboration-data; information-governancechat-and-collaboration-data, information-governanceemerging-data-sources; g-suite; preservation-and-collection; blogalison shier

In the early days of electronic discovery, technologies that legal teams utilized were researched and procured by specialists independent of information technology teams. Getting IT, legal, compliance, records managers, and other stakeholders to come together to discuss and strategize as a team was almost impossible. The move to the Cloud is changing that dynamic, as corporations move to address data challenges including eDiscovery, information governance, data privacy, and cybersecurity, in a more holistic fashion. When a corporation leverages Microsoft 365 (M365), they have procured a technology that not only meets their data storage requirements but provides eDiscovery, privacy, data governance, and cybersecurity features as well.With the upside that a single platform can provide, there are also challenges including the continued growth in data and new data types that M365 presents. Most eDiscovery professionals are still working to understand how to leverage the functionality in M365 and how to incorporate it into their existing program. Teams usage, for example, has risen with the addition of 31 million new users in one month when the COVID-19 pandemic first hit. Based on that statistic, it is clear that Teams is new to many professionals and eDiscovery teams need to understand how to deal with Teams data in discovery.eDiscovery features in M365 vary based on licensing, but can include data culling, data processing, and even some high-level review. The functionality in no way is an end-to-end solution for discovery. It can achieve some basic needs and other technologies are still required to address limitations in the platform.M365 is also an incredibly dynamic program. It is a challenge to track modifications and updates to the system. Organizations need to invest in personnel to test their M365 environment proactively to identify potential issues that could occur in the discovery process, understand limitations, and capture benchmarking data on the time and effort certain tasks can take in the system. This information should be discussed with legal teams, as it can impact their discovery negotiations and should be considered for proportionality assessments. It’s vitally important to train internal and external legal teams on the capabilities and the limitations of the technologies.Keeping pace with M365 often requires multiple resources. Consider having a dedicated team to test the new tools and ensure any new updates get incorporated back into your workflows. Reach out to your peers at other organizations to learn from their experiences with the tool. Working with service providers who have deep expertise in the tool and the roadmap is extremely beneficial. Microsoft is open to receiving feedback on your experiences outside of simply support tickets. In fact, there is a formal design change request option available to M365 users. Contact your Microsoft representative to learn more about that alternative.When it comes to leveraging M365 for eDiscovery, keep these key takeaways in mind:The explosion of data, new technology, and cybersecurity risks have all led to a continual evolution of the M365 tool.Staying up to date with these continuous evolutions can be a challenge, be sure to (1) have dedicated resources to test new capabilities and report back; and (2) ensure these new updates get incorporated into training and workflow documentation.Train both your internal and external teams on your M365 needs.Collaborate with your various partners (i.e. providers, third-party vendors, outside counsel, etc.).To discuss this topic further, please feel free to continue the discussion by emailing me at PHunt@lighthouseglobal.com.microsoft-365; information-governance; chat-and-collaboration-data; legal-operationsmicrosoft, legal-ops, blog, microsoft-365, information-governance, chat-and-collaboration-data, legal-operationsmicrosoft; legal-ops; blogpaige hunt

Legal Operations is a relatively new field and one that is constantly evolving. With that comes lots of new challenges as well as lessons learned around building an effective Legal Operations department. Below are six key takeaways from a recent Illumination Webinar Series webinar, where legal operations veterans discussed common pitfalls in legal operations, how to avoid them, and best practices for the future.Legal Operations is an Evolving Field - Whether you define it as herding cats, the land of misfit toys, or the grey space in legal, one thing is certain - legal operations is a multi-disciplinary evolving field. If you use the membership numbers from the Corporate Legal Operations Consortium (CLOC) as a barometer of the growth of the profession, the increase of professionals is 1000% from 2016 to 2019. The work these professionals are doing varies from organization to organization. However, there are a few core areas that most legal operations departments focus on - ebilling, contract lifecycle management, vendor management, legal workflows, and legal department data and analytics.Change Management is One of the Biggest Challenges - Legal operations is a cross-functional department that is responsible for driving change in legal. As such, it is not a huge surprise that change management and the things that go along with that are big struggles for the function. Gaining executive support, getting enough funding, and identifying key stakeholders are all critical in the first stage of trying to make a change. Additionally, gaining adoption after a change is made can be a challenge as lawyers don’t tend to be early adopters.Understanding the Issue and Putting in Time at the Outset of a Project Can Help You Overcome Challenges - When considering what to solve for, make sure you understand the impact and pervasiveness of each and prioritize the most pervasive and impactful. Then, take the time to truly diagnose the problem. Don’t get distracted by the symptoms. Once you have identified the right problems, make sure you spend plenty of time clarifying all the specifications and understanding where the blockers may be. This will prevent missteps later and allow you to move quickly if you hit any roadblocks. Finally, make sure you get buy in along the way. This starts with buy in from your stakeholders on the specifications. Then, as you start to execute, share out your successes at each step and get stakeholder buy in on those successes. These steps will increase the success of any project you are leading.Knowing your Audience and your Data Can Really Help With Success in This Field – At the onset of any project, identify who you cheerleaders and naysayers are, that way you can identify the challenges that may arise. It is also wise to take a look at what is working and incorporate that into your future state so you don’t inadvertently break something that is going well. Make sure that you are leveraging relevant data to both identify the proposed improvements as well as to show them once achieved. And finally, to create supporters and build relationships across functions, you should look at ways to fill in the gaps in the legal department and offer support on projects. With these tips, your projects should be smoother to roll out.Analytics and AI are the Future - As in much of the world, artificial intelligence and business analytics are a big point of discussion in the legal operations space. This can be anything from analytics on top of a single existing platform all the way to cross-software AI to predict the outcome of litigation. Discussions about and the implementations of these tools are expected to continue in the next several years. Another exciting change for the field is the influx of new talent. As this is a new field, many of the current professionals transferred from another discipline. However, programs are being created to train for this area that will generate an influx of new talent that will move our profession forward. Finally, we expect more defined rules of engagement, both within legal operations but also with other departments in the company. This field is new so those rules have only recently started to form. That should solidify over the next several years.The Impacts of COVID-19 Should Not Drastically Change the Profession - Operationally, we were in a good situation given that legal operations is in the technology space. Departments were easily able to shift to work from home. Additionally, budgetary impacts have been different than any impacts that companies as a whole have felt.Legal operations has evolved significantly and will continue to change as the field matures. legal-operationslegal-ops, blog, legal-operations,legal-ops; bloglighthouse

What is the most frustrating thing when you have spent months overhauling and then launching a new contract lifecycle management (CLM) solution? Nobody using it! Or, more likely, a few people are using it but most people are hesitating to change their current processes and start using the new solution. I hear this frustration in contract management solutions as well as other large project implementations. As I sat down to think about this challenge, I read many articles about the best business practices to apply to avoid this. These articles focused on bringing business process management to this process, which is valuable, but even with those processes, your implementation could be left with very little adoption.Then I had a light bulb moment – why not pull from a discipline whose main focus is to resonate with its clients and users – product management. It wasn’t a far reach given my product management background and certification. Product managers do a lot of different things at different organizations but I think most people would agree that they play a key role in building and launching a successful product. More specifically, a product manager is tasked with knowing her or his customer base so well that he or she can speak for them and direct the development of a product into one that resonates with its users. A product that resonates with users is more highly adopted and therefore, typically seen as more successful. So what can we, in legal operations, learn from this field?1. Focus on what really matters to your users and potential usersStart by interviewing people who are directly involved with the contract management process as well as some people who are adjacent to the contract management process. Make sure to capture the views of people close to contracts (e.g. attorneys), as well as those who rely on the outputs of those contracts (e.g. finance and sales). Ask about each person’s main goal in contract management and what is preventing them from achieving that goal. Specific to CLM solutions, metadata can be critical to understand and map early, so I would recommend asking people what metadata they rely on when searching for contracts.[1]In these interviews, make sure you understand the impact of any contract management challenges raised in the interviews. You may hear a variety of complaints, but how many of those are frustrations that make the process inefficient versus just minor grumblings. When someone mentions an issue, you should always ask them to quantify, on a scale of 1-10, how big an impact that problem has in their daily life. You should also ask how pervasive the problem is, on a scale of 1-10, across their peers. This will allow you to more quickly identify the real issues that will be impactful to solve. For example, someone may be frustrated that they have to log in to a different technology to manage a contract workflow. Another person may be frustrated that they cannot tie together later revisions to contracts, such as renewals, pricing, or amendments. By asking for the impact during the interviews, you will likely learn that the technology switching challenge is a 2 out of 10 on the impact scale whereas the issue of the later revision is a 9 out of 10. You can prioritize solving for the latter and have tremendous business impact and avoid mistakes by other departments relying on outdated terms.2. Launch a beta solution for a handful of usersMost products have some sort of test user group that is able to provide feedback on releases early. Since you likely are not engineering your own CLM, I would recommend gathering a small group of “early adopters” to test your new CLM solution in three ways:First, you should map out your ideal state process. Bring this group together to talk through that ideal state and suggest any tweaks. Second, when you have narrowed your technology selection to one or two technologies, you can bring the group together to test those technologies. Finally, this group should be your first users of the final solution, the technology and process combined, once implemented.This may be self evident, but be sure to include yourself in the testing group. Often people feel like they are running the project so they should not participate in the feedback. However, given the deep immersion in the contract management process and your knowledge of the organization, your feedback is critical to shaping the right solution. 3. Use your personas in communicationsCommunicating about your solution is a critical step in any CLM solution. That communication is what gets users using the solution and what jump starts change. Making this communication effective can be daunting, but here is the product management formula. Start with the challenges that your users shared with you. When they see their voices reflected, they will immediately be interested in the message. Next, state in 1-2 sentences how you have solved the challenge. When people see that a challenge they have raised has been solved, it is highly likely that they will adopt the new solution. With this, you should have a 3 sentence “elevator pitch” that connects with your intended audience. If appropriate for your organization, you could also consider shortening those three sentences to a tagline that could be used within the legal department to give visibility to the project. A great example of a tagline was Apple’s iPod: “1,000 songs in your pocket.” This was a short statement showing how the product solved the problem. Something similar in the CLM space could be “your contracts, and revisions, in one place” or “automating the contracts that don’t need your attention.” 4. Check in on user satisfactionRemember that your job is not finished upon implementation. Continue to check in with your users to see how things are going. When checking in, the best thing to do is a survey so you can measure the response empirically. The most common question to ask in a customer satisfaction survey is how satisfied they are with the solution on a scale of 1-5. You can follow that up by asking what would improve their satisfaction. The survey can be helpful to understand how the solution is working as well as a way to gather areas of improvement. Before making any changes, however, I would recommend doing some interviews to understand the impact and pervasiveness of the issues so you can determine what changes are needed.[1] Typical fields include party name, party state, contract type, contract expiration date, notification period (to the extent different, next contract review date), contract amount (or at least a small/med/large designation), internal legal contact, department, limitation of liabilities, and early payment.legal-operationslegal-ops, blog, legal-operations,legal-ops; bloglighthouse