Lighthouse Blog

Big data sets are the “new normal” of discovery and bring with them six sinister large data set challenges, as recently detailed in my colleague Nick’s article. These challenges range from classics like overly broad privileged screens, to newer risks in ensuring sensitive information (such as personally identifiable information (PII) or proprietary information such as source code) does not inadvertently make its way into the hands of opposing parties or government regulators. While these challenges may seem insurmountable due to ever-increasing data volumes (and also tend to keep discovery program managers and counsel up at night) there are new solutions that can help mitigate these risks and optimize workflows.As I previously wrote, eDiscovery is actually a big data challenge. Advances in AI and machine learning, when applied to eDiscovery big data, can help mitigate and reduce these sinister risks by breaking down the silos of individual cases, learning from a wealth of prior case data, and then transferring these learnings to new cases. Having the capability to analyze and understand large data sets at scale combined with state-of-the-art methods provides a number of benefits, five of which I have outlined below.Pinpointing Sensitive Information - Advances in deep learning and natural language processing has now made pinpointing sensitive content achievable. A company’s most confidential content could be laying in plain sight within their electronic data and yet be completely undetected. Imagine a spreadsheet listing customers, dates of birth, and social security numbers attached to an email between sales reps. What if you are a technology company and two developers are emailing each other snippets of your company’s source code? Now that digital medium is the dominant form of communication within workplaces, situations like this are becoming ever-present and it is very challenging for review teams to effectively identify and triage this content. To solve this challenge, advanced analytics can learn from massive amounts of publically available and computer-generated data and then fine tuned to specific data sets using a recent breakthrough innovation in natural language processing (NLP) called “transfer learning.” In addition, at the core of big data is the capability to process text at scale. Combining these two techniques enables precise algorithms to evaluate massive amounts of discovery data, pinpoint sensitive data elements, and elevate them to review teams for a targeted review workflow.Prioritizing the Right Documents - Advanced analytics can learn both key trends and deep insights about your documents and review criteria. A normal search term based approach to identify potentially responsive or privileged content provides a binary output. Documents either hit on a search term or they do not. Document review workflows are predicated on this concept, often leading to suboptimal review workflows that both over-identify documents that are out of scope and miss documents that should be reviewed. Advanced analytics provide a range of outcomes that enable review teams to create targeted workflow streams tailored to the risk at hand. Descriptive analysis on data can generate human interpretable rules that help organize documents, such as “all documents with more than X number of recipients is never privileged” or “99.9% of the time, documents coming from the following domains are never responsive”. Deep learning-based classifiers, again using transfer learning, can generalize language on open source content and then fine-tune models to specific review data sets. Having a combination of analytics, both descriptive and predictive, provides a range of options and gives review teams the ability to prioritize the right content, rather than just the next random document. Review teams can now concentrate on the most important material while deprioritizing the less important content for a later effort.Achieving Work-Product Consistency - Big data and advanced analytics approaches can ensure the same document or similar documents are treated consistently across cases. Corporations regularly collect, process, and review the same data across cases over and over again, even when cases are not related. Keeping document treatment consistent across these matters can obviously be extremely important when dealing with privilege content – but is also important when it comes to responsiveness across related cases, such as a multi-district litigation. With the standard approach, cases are in siloes without any connectivity between them to enable consistent approaches. A big data approach enables connectivity between cases using hub-and-spoke techniques to communicate and transit learnings and work-product between cases. Work product from other cases, such as coding calls, redactions, and even production information can be utilized to inform workflows on the next case. For big data, activities like this are table stakes.Mitigating Risk - What do all of these approaches have in common? At its core, big data and analytics is an engine for mitigating risk. Having the ability to pinpoint sensitive data, prioritize what you look at, and ensure consistency across your cases is a no-brainer. This all may sound like a big change, but in reality, it’s pretty seamless to implement. Instead of simply batching out documents that hit on an outdated privilege screen for privilege review, review managers can instead use a combination of analytics and fine-tuned privilege screen hits. Review then occurs from there largely as it does today, just with the right analytics to inform reviewers with the context needed to make the best decision.Reducing Cost - The other side of the coin is cost savings. Every case has a different cost and risk profile and advanced analytics should provide a range of options to support your decision making process on where to set the lever. Do you really need to review each of these categories in full, or would an alternative scenario based on sampling high-volume and low-risk documents be a more cost-effective and defensible approach? The point is that having a better and more holistic view of your data provides an opportunity to make these data-driven decisions to reduce costs.One key tip to remember - you do not need to try to implement this all at once! Start by identifying a key area where you want to make improvements, determine how you can measure the current performance of the process, then apply some of these methods and measure the results. Innovation is about getting a win in order to perpetuate the next.If you are interested in this topic or just love to talk about big data and analytics, feel free to reach out to me at KSobylak@lighthouseglobal.com.ai-and-analyticsdigital-forensics, ai-and-analyticsanalytics; ai-big-data; data-re-use; blogkarl sobylak

Legal department automation may be top of mind for you like several other legal operations professionals, however, you might be dependent on IT or engineering resources to be able to execute. Or perhaps you are struggling with change management and not able to implement something new. You are not alone. These were the top two blockers to building out an efficient process within legal departments as shared by recent CLOC conference attendees. The good news is that off-the-shelf technologies have advanced to the point where you may not need any time from those resources and may be able to manage automation without needing to change user behavior. With “no code” automation, you can execute end-to-end automation for your legal operations department, yourself!What is “No Code” Automation?As recently highlighted in Forbes magazine, “no-code platforms feature prebuilt drag-and-drop activities and tasks that facilitate integration at the business user level.” This is not “low code” automation that has been around for decades. Low code refers to using existing code, whether from open source or from other internal development, to lower the need to create new code. Low code allows you to build faster but still requires the knowledge of code. In “no code,” however, you do not need to have an understanding of coding. What this really means is that no code platforms are so user-friendly that even a lawyer, or legal operations professional, can create automated actions…I know because I am a lawyer that has successfully done this!But, How Does this Apply in Legal Operations?The short answer is that it lets you, the legal operations professional, automate workflows with little external help. There are some legal departments already taking advantage of this technology. At a recent CLOC conference, Google shared how they had leveraged “no code” automation to remove the change management process for ethics and compliance in the code of conduct, conflict of interest, and anti-bribery and corruption areas. With respect to outside counsel management, Google was similarly able to remove IT/engineering dependencies for conflict waiver approvals, outside counsel engagements, and matter creation. For more details, watch Google describe their no-code automation use cases.Google’s workflow automation is impressive and more mature than those of us who are just starting, so I wanted to share a simple example. A commonplace challenge for smaller legal teams is to manage tasks – ensuring all legal requests are captured and assigned to someone on the legal team. Many teams are dealing with dozens, or hundreds, of emails and it can be cumbersome to look through those to determine who is working on what. Inevitably some of those requests get missed. It is also challenging to then later report on legal requests – e.g., what types of requests the legal team receives daily, how long they take to resolve, and how many requests each person can work on. A “no code” platform can help. For example, you can connect your email to a shared Excel spreadsheet that captures all legal tasks. You would do this by creating a process that has the tool log each email sent to a certain address (e.g. legal@insertconame.com) on an Excel spreadsheet in a shared location (e.g. LegalTasks.xls). You would “map” parts of the email to columns in the spreadsheet. For example, you would want to capture the sender, the date, the time, the subject, and the body. You can even ask users who are sending requests into that email to put the type of request in the subject line. Your legal team can then check the shared spreadsheet daily and “check out” tasks by putting their initials in another column. Once complete, they would also mark that on the spreadsheet. Capturing all this information will allow you to see who is working on what, ensure that all requests are being worked on, and use pivot reporting on all legal tasks later on. Although this is a really simple use case with basic tools, it is also one that takes only a few minutes to set up and can measurably improve organization among legal team members.You can use “no code” automation in most areas of legal operations department automation. Some of the most common things to automate with “no code” are as follows:Legal ApprovalsDocument GenerationsEvidence CollectionTracking of Policy AcceptanceMany “no code” companies work with legal departments, so they may have experience with legal operations use cases. Be sure to ask how they have seen their technologies deployed in other legal departments.Can I Really Do This Without Other Departments?About 90% of the work can be done by you or your team, and in some cases, even 100%. However, sometimes connecting the tools or even installing the software has to be done by your IT and development teams. This is particularly true if you are connecting to proprietary software or have a complex infrastructure. This 10% of work required by these teams, however, is much smaller than if you were asking for those resources to create the automations from scratch. In addition, you often do not have to change user behavior so change management is removed as a blocker.I encourage you to explore using “no code” automation in your legal department. Once you start, you’ll be glad you tried. I would be excited to hear your experiences with “no code” in legal operations. If you are using it, drop me a line at djones@lighthouseglobal.com and tell me how.legal-operations; ediscovery-reviewediscovery-process, legal-ops, blog, legal-operations, ediscovery-reviewediscovery-process; legal-ops; bloglighthouse

Collectively, we have sent an average of 306.4 billion emails each day in 2020. Add to that 23 billion text messages and other messaging apps, and you get roughly 41 million messages sent every minute[1]. Not surprisingly, there have been at least one or two articles written about expanding data volumes and the corresponding impact on discovery. I’ve also seen the occasional post discussing how the methods by which we communicate are changing and how “apps that weren’t built with discovery in mind” are now complicating our daily lives. I figured there is room for at least one more big data post. Here I’ll outline some of the specific challenges we’ll continue to face in our “new normal,” all while teasing what I’m sure will be a much more interesting post that gets into the solutions that will address these challenges.Without further delay, here are six challenges we face when working with large data sets and some insights into how we can address these through data re-use, AI, and big data analytics:Sensitive PII / SHI - The combination of expanding data volumes, data sources, and increasing regulation covering the transmission and production of sensitive personally identifiable information (PII) and sensitive health information (SHI) presents several unique challenges. Organizations must be able to quickly respond to Data Subject Access Requests (DSARs), which require that they be able to efficiently locate and identify data sources that contain this information. When responding to regulatory activity or producing in the course of litigation, the redaction of this content is often required. For example, DOJ second requests require the redaction of non-responsive sensitive PII and/or SHI prior to production. For years, we have relied on solutions based on Regular Expressions (RegEx) to identify this content. While useful, these solutions provide somewhat limited accuracy. With improvements in AI and big data analytics come new approaches to identifying sensitive content, both at the source and further downstream during the discovery process. These improvements will establish a foundation for increased accuracy, as well as the potential for proactively identifying sensitive information as opposed to looking for it reactively.Proprietary Information - As our society becomes more technologically enabled, we’re experiencing a proliferation of solutions that impact every part of our life. It seems everything nowadays is collecting data in some fashion with the promise of improving some quality of life aspect. This, combined with the expanding ways in which we communicate means that proprietary information, like source code, may be transmitted in a multitude of ways. Further, proprietary formulas, client contacts, customer lists, and other categories of trade secrets must be closely safeguarded. Just as we have to be vigilant in protecting sensitive personal and health information from inadvertent discloser, organizations need to protect their proprietary information as well. Some of the same techniques we’re going to see leveraged to combat the inadvertent disclosure of sensitive personal and health information can be leveraged to identify source code within document populations and ensure that it is handled and secured appropriately.Privilege - Every discovery effort is first aimed at identifying information relevant to the matter at hand, and second to ensure that no privileged information is inadvertently produced. That is… not new information. As we’ve seen the rise in predictive analytics, and, for those that have adopted it, a substantial rise in efficiency and positive impact on discovery costs, the identification of privileged content has remained largely an effort centered on search terms and manual review. This has started to change in recent years as solutions become available that promise a similar output to TAR-based responsiveness workflows. The challenge with privilege is that the identification process relies more heavily on “who” is communicating than “what” is being communicated. The primary TAR solutions on the market are text-based classification engines that focus on the substantive portion of conversations (i.e. the “what” portion of the above statement). Improvments in big data analytics mean we can evaluate document properties beyond text to ensure the “who” component is weighted appropriately in the predictive engine. This, combined with the potential for data re-use supported through big data solutions, promises to substantially increase our ability to accurately identify privileged, and not privileged, content.Responsiveness - Predictive coding and continuous active learning are going to be major innovations in the electronic discovery industry…would have been a catchy lead-in five years ago. They’re here, they have been here, and adoption continues to increase, yet it’s still not at the point where it should be, in my opinion. TAR-based solutions are amazing for their capacity to streamline review and to materially impact the manual effort required to parse data sets. Traditionally, however, existing solutions leverage a single algorithm that evaluates only the text of documents. Additionally, for the most part, we re-create the wheel on every matter. We create a new classifier, review documents, train the algorithm, rinse, and repeat. Inherent in this process is the requirement that we evaluate a broad data set - so even items that have a slim to no chance of being relevant are included as part of the process. But there’s more we can be doing on that front. Increases in AI and big data capabilities mean that we have access to more tools than we did five years ago. These solutions are foundational for enabling a world in which we continue to leverage learning from previous matters on each new future matter. Because we now have the ability to evaluate a document comprehensively, we can predict with high accuracy populations that should be subject to TAR-based workflows and those that should simply be sampled and set aside.Key Docs - Variations of the following phrase have been uttered time and again by numerous people (most often those paying discovery bills or allocating resources to the cause), “I’m going to spend a huge amount of time and money to parse through millions of documents to find the 10-20 that I need to make my case.” They’re not wrong. The challenge here is that what is deemed “key” or “hot” in one matter for an organization may not be similar to that which falls into the same category on another. Current TAR-based solutions that focus exclusively on text lay the foundation for honing in on key documents across engagements involving similar subject matter. Big data solutions, on the other hand, offer the capacity to learn over time and to develop classifiers, based on more than just text, that can be repurposed at the organizational and, potentially, industry level.Risk - Whether related to sensitive, proprietary, or privileged information, every discovery effort utilizes risk-mitigation strategies in some capacity. This, quite obviously, extends to source data with increasing emphasis on comprehensive records management, data loss prevention, and threat management strategies. Improvements in our ability to accurately identify and classify these categories during discovery can have a positive impact on left-side EDRM functional areas as well. Organizations are not only challenged with identifying this content through the course of discovery, but also in understanding where it resides at the source and ensuring that they have appropriate mechanisms to identify, collect and secure it. Advances in AI and big data analytics will enable more comprehensive discovery programs that leverage the identification of these data types downstream to improve upstream processes.As I alluded to above, these big data challenges can be addressed with the use of AI, analytics, data reuse, and more. Now that I have summarized some of the challenges many of you are already tasked with dealing with on a day-to-day basis, you can learn more about actual solutions to these challenges. Check out my colleague’s write up on how AI and analytics can help you gain a holistic view of your data.To discuss this topic more or to ask questions, feel free to reach out to me at NSchreiner@lighthouseglobal.com.[1] Metrics courtesy of Statistachat-and-collaboration-data; ai-and-analyticsprivilege, analytics, ai-big-data, data-re-use, phi, pii, blog, chat-and-collaboration-data, ai-and-analyticsprivilege; analytics; ai-big-data; data-re-use; phi; pii; blognick schreiner

Long gone are days when the majority of discovery records were kept in paper format. Documents, invoices, and other related evidence needed to be scanned and printed in the tens (if not hundreds) of thousands. Today, a huge number of discovery efforts (internal or external) revolve around digital content. Ergo, this article will highlight the collection of digital evidence and how to best prepare your case when it comes to preservation and collections as well as processing and filtering.But, before we get into that, one of the core factors to keep in mind here is time, which will always be there irrespective of what we have at hand. It is especially complicated if multiple parties are involved, such as vendors, multiple data locations, outside counsels, reviewers, and more. For the purposes of this blog, I have divided everything into the following actionable groups - preservation and collection as well as processing and filtering.Preservation and CollectionIn an investigation or litigation there could be a number of custodians involved, for example, people who have or had access to data. Whenever there are more than a handful of custodians the location may vary. It is imperative to consider where and what methods to use for data collection. Sometimes an in-person collection is more feasible than a remote collection. Other times, a remote collection is the preferred method for all those concerned. A concise questionnaire along with answers too frequently asked questions is the best approach to educate the custodian. Any consultative service provider must ensure samples are readily available to distribute that will facilitate the collection efforts.Irrespective of how large the collection is, or how many custodians there are, it is best to have a designated coordinator. This will make the communication throughout the project manageable. They can arrange the local technicians for remote collections and ship and track the equipment.The exponential growth in technology presents new challenges in terms of where the data can reside. An average person, in today’s world, can have a plethora of potential devices. Desktops and laptops are not the only media where data can be stored. Mobile devices like phones and tablets, accessories such as smartwatches, the IoT (everything connected to the internet), cars, doorbells, locks, lights…you name it. Each item presents a new challenge and must be considered when scoping the project.User-generated data is routinely stored and shared on the Cloud using a variety of platforms. From something as ancient as email servers to “new” rudimentary storage locations, such as OneDrive, Google Drive, Dropbox, and Box.com. Others include collaborative applications, such as SharePoint, Confluence, and the like.Corporate environments also heavily rely on some sort of common exchange medium like Slack, Microsoft Teams, and email servers. These applications also present their own set of challenges. We have to consider, not just what and how to collect, but equally important is how to present the data collected from these new venues.The amount of data collected for any litigation can be overwhelming. It is imperative to have a scope defined based on the need. Be warned, there are some caveats to setting limitations beforehand, and it will vary based on what the filters are. The most common and widely acceptable limitation is a date range. In most situations, a period is known and it helps to set these parameters ahead of time. In doing so, only the obvious date metadata will be used to filter the contents. For example, in the case of emails, you are limited to either the sent or received date. The attachment's metadata will be ignored completely. Each cloud storage presents its own challenges when it comes to dates.Data can be pre-filtered with keywords that are relevant to the matter at hand. It can greatly reduce the amount of data collected. However, it is solely dependent on indexing capabilities of the host, which could be non-existent. The graphical contents and other non-indexable items could be excluded unintentionally, even if they are relevant.The least favored type of filter among the digital-forensics community is a targeted collection, where the user is allowed to guide where data is stored and only those targeted locations are preserved. This may not be cost effective, however, it can restrict the amount of data being collected. This scope should always be expected to be challenged by other parties and may require a redo.Processing and FilteringOnce the data collected goes through the processing engine the contents get fully exposed. This allows the most thorough, consistent, and repetitive filtering of data. In this stage, filtering relies on the application vetted by the vendor and accompanied by a process that is tested, proven, and updated (when needed).The most common filtering in eDiscovery matters is de-NIST-ing, which excludes the known “system” files from the population. Alternatively, an inclusion filter can be applied, which only pushes forward contents that typically a user would have created, such as office documents, emails, graphic files, etc. In most cases, both de-NIST-ing and inclusion filters are applied.Once the data is sent through the meat grinder (the core processing engine) further culling can be done. At this stage, the content is fully indexed and extensive searches and filters will help limit the data population even further to a more manageable quantity. The processing engine will mark potentially corrupt items, which are likely irrelevant. It will also identify and remove any duplicate items from all collected media from the entire matter data population. Experts can then apply relevant keyword searches on the final product and select the population that will be reviewed and potentially produced.I hope this article has shed some light on how to best prepare your case when it comes to preservation and collections as well as processing and filtering. To discuss this topic further, please feel free to reach out to me at MMir@lighthouseglobal.com.digital-forensics; information-governance; chat-and-collaboration-datacollections, ediscovery-process, preservation-and-collection, processing, blog, digital-forensics, information-governance, chat-and-collaboration-data,collections; ediscovery-process; preservation-and-collection; processing; blogmahmood mir

However you view a DSAR, for any entity who receives one, they are time consuming to complete and disproportionately expensive to fulfill. Combined with the increasing manner in which they are being weaponized, companies are often missing opportunities to mitigate the negative effects of DSARs by not migrating data to the Cloud.Existing cloud solutions, such as M365 and Google Workplace (formerly known as G-Suite) allow administrators to,for example, set data retention policies, ensuring that data cannot routinely be deleted before a certain date, or that a decision is made as to when data should be deleted. Equally, legal hold functionality can ensure that data cannot be deleted at all. It is not uncommon for companies to discover that when they migrate to the Cloud all data is by default set to be on permanent legal hold. Whilst this may be required for some market sectors, it is worth re-assessing any existing legal hold policy regularly to prevent data volumes from ballooning out of control.Such functionality is invaluable in retaining data, but can have adverse effects in responding to DSARs, as it allows legacy or stale data to be included in any search of documents and inevitably inflates costs. Using built-in eDiscovery tools to search and filter data in place in combination with a data retention policy managed by multiple stakeholders (such as Legal, HR, IT, and Compliance) can mitigate the volumes of potentially responsive data, having a significant impact on downstream costs of fulfilling a DSAR.Typically, many key internal stakeholders are frequently unaware of the functionality available to their organization. This can help to mitigate costs, such as Advanced eDiscovery (AED) in Microsoft 365, or Google Vault in Google Workspace. Using AED, a user can quickly identify relevant data sources, from mailboxes, OneDrive, Teams, Skype, and other online data sources, apply filters such as date range and keywords, and establish the potential number of documents for review within in minutes. Compare this to those who have on-premise solutions, where they are wholly dependent on an internal IT resource, or even the individual data custodians, to identify all of the data sources, confirm with HR / Legal that they should be collected, and then either apply search criteria or export the data in its entirety to an external provider to be processed. This process can take days, if not weeks, when the clock is ticking to provide a response in 30 days. By leveraging cloud technology, it is possible to identify data sources and search in place in a fraction of the time it takes for on-premise data.Many cloud platforms include functionality, which means that when data is required for a DSAR, it can now be searched, filtered, and, crucially, reviewed in place. If required, redactions can be performed prior to any data being exported externally. Subject to the level of license held, additional functionality, such as advanced indexing or conceptual searching, can also be deployed, allowing for further filtering of data and thus reducing data volumes for review or export.The technology also allows for rapid identification of multiple data types including:Stale dataSensitive data types (financial information/ PII)Customer-specific dataSuspicious / unusual activitiesBy using the inbuilt functionality to minimize the impact of such data types as part of an Information Governance / Records Management program, there can be significant changes and improvements made elsewhere, including data retention policies, data loss prevention, and improved understanding of how data is routinely used and managed in general day-to-day business. This, in turn, has significant time and cost benefits when required to search for data, whether for a DSAR, investigation, or a litigation exercise. Subject to the agreement with the cloud service provider, this may also have benefits in reducing the overall volume and cost of data hosted.With a sufficiently robust internal protocol in place, likely data sources can be identified and mapped. Now, when a DSAR request is received, an established process exists to rapidly search and cull potential cloud-based data sources, including using tools such as Labels or Sensitivity Type to exclude data from the review pool, and efficiently respond to any such request.Migrating to the Cloud may seem daunting, but the benefits are there and can be best maximized when all stakeholders work together, across multiple teams and departments. DSARs do not have to be the burden they are today. Using tools readily available in the Cloud might also significantly reduce the burdens and costs of DSARs.To discuss this topic further, please feel free to reach out to me at MBicknell@lighthouseglobal.com.data-privacy; ediscovery-review; information-governance; microsoft-365cloud, dsars, cloud-services, blog, data-privacy, ediscovery-review, information-governance, microsoft-365cloud; dsars; cloud-services; blogmatt bicknell

self-service, spectra as a topic has grown significantly in the recent past. With data proliferating at astronomical amounts year over year it makes sense that corporations and firms are wanting increasing control over this process and its cost. Utilizing a self-service, spectra eDiscovery tool is helpful if you want control over your queue as well as your hosted footprint. It is beneficial if your team has an interest and the capability of doing your own ECA. Additionally, self-service, spectra options are useful as they provide insight into specific reporting that you may or may not be currently receiving.Initially, the self-service, spectra model was introduced to serve part of the market that didn’t require such robust, traditional full eDiscovery services for every matter. Tech-savvy corporations and firms with smaller matters were delighted to have the option to do the work themselves. Over time there have been multiple instances in which a small matter scales unexpectedly and must be dealt with quickly, in an all hands on deck approach, to meet the necessary deadlines. In these instances, it’s beneficial to have the ability to utilize a full-service team. When these situations arise it’s critical to have clean handoffs and ensure a database will transfer well.Moreover, we have seen major strides in the self-service, spectra space regarding the capabilities of data size thresholds. self-service, spectra options can now handle multiple terabytes, so it’s not just a “small matter” solution anymore. This gives internal teams incredible leverage and accessibility not previously experienced.self-service, spectra considerations and recommendationsIt’s important to understand the instances in which a company should utilize a self-service, spectra model or solution. Thus, I recommend laying out a protocol. Put a process in place ahead of time so that the next small internal investigation that gets too large too quickly has an action plan that gets to the best solution fast. Before doing this, it’s important to understand your team’s capabilities. How many people are on your team? What are their roles? Where are their strengths? What is their collective bandwidth? Are you staffed for 24/7 support or second requests or are you not?Next, it’s time to evaluate what part of the process is most beneficial to outsource. Who do you call for any eDiscovery related need? Do you have a current service provider? If so, are they doing a good job? Are they giving you a one-size-fits-all solution (small or large), or are they meeting you where you are and acting as a true partner? Are they going the extra mile to customize that process for you? It’s important to continually audit service providers.Think back to past examples. How prepared has your team and/or service provider been in various scenarios? For instance, if an investigation is turning into a government investigation, do you want your team pushing the buttons and becoming an expert witness, or do you have a neutral third party to hand that responsibility off to?After the evaluation portion, it’s time to memorialize the process through a playbook, so that everyone has clear guidelines regardless of which litigator or paralegal internally is working on the case. What could sometimes be a complicated situation can be broken down into simple rules. If you have a current protocol or playbook, ensure your team understands it. Outline various circumstances when the team would utilize self service or full service, so everyone is on the same page.For more on this topic, check out the interview on the Law & Candor podcast on scaling your eDiscovery program from self service to full service. ediscovery-reviewcloud, self-service, spectra, cloud-services, blog, ediscovery-review,cloud; self-service, spectra; cloud-services; bloglighthouse

Have you ever had this scenario – multiple team members from different groups come to you frustrated because the working relationship between their groups is “broken?” Legal is saying they aren’t getting what they need, IT says they are providing what’s asked, and finance doesn’t understand why we are paying our outside vendor for something that the internal IT and legal teams are “supposed to do.” You are responsible for process improvement among these groups so the questions and frustration lands on your desk! This is a common issue. So common, in fact, that this was a big part of a recent Legal Operators webinar I attended. The good news is that the solution may be simple.Often times, the issue revolves around language and how different departments are using the words differently. Let’s explore the above scenario a bit further. The legal team member says they asked IT to gather all data from a certain “custodian.” The IT team took that to mean all “user-created data” on the network from one certain employee, so that is what they provided. They didn’t, however, gather the items on the person’s desktop nor did they gather records that the person created in third-party systems such as the HR and sales systems that the company uses. The legal team, therefore, asked the outside vendor to collect the “missing” data and that vendor sent a bill for their services. Finance is now wondering why we are paying for collecting data when we have an IT team that does that. The issue is that different teams have slightly different interpretations of the request. Although this scenario is eDiscovery specific, this can happen in any interaction between departments. As legal operations is often responsible for process improvement as well as the way legal functions with other departments, the professionals in that group find themselves trying to navigate the terminology. To prevent such misunderstandings in the future, you can proactively solve this problem through a dictionary.Creating a dictionary can be really simple. It is something I have seen one person start on their own just by jotting down words they hear from different groups. From there, you can share that document and ask people to add to it. If you already have a dictionary of your company acronyms, you can either add to it or you can create a specific “data dictionary” for the purposes of legal and IT working together. Another option is to create a simple word document for a single use at the outset of a project. Which solution you select will vary based on the need you are trying to solve. Here are some considerations when you are building out your dictionary.What is the goal of the data dictionary? Most commonly I have seen the goal to be to improve the working relationship of specific teams long term. However, you may have a specific project (e.g., creation of a data map or implementation of Microsoft 365) that would benefit from a project-specific dictionary.Where should it live? This will depend on the goal, but make sure you choose a system that is easy to access for everyone and that doesn’t have a high administrative burden. Choosing a system that the teams are using for other purposes in their daily work will increase the chances of people leveraging this dictionary.Who will keep it updated? This is ideally a group effort with one accountable person who will make any final decisions on the definitions and own updating in the future. There will be an initial effort to populate many terms and you may want a committee of 2 or 3 people to edit definitions. After this initial effort, you can allow access to everyone to edit the document or you can have representatives from each team. The former allows the document to be a living, breathing document and encourages updating, however, may require more frequent oversight by the master administrator. The latter allows each group to have its own oversight but increases the burden of updating. Whichever method you choose, the ultimate owner of the dictionary should review it quarterly to ensure it is staying up to date.Who will have access? I recommend broader access over more limited access, especially for the main groups involved. The more people understand each other’s vocabulary, the easier it is for teams to work together. However, you should consider your company’s access policies when making this decision.What should it include? All department-specific business terms. It is often hard to remember what vernacular in your department is specific to your department as you are so steeped in that language. One easy way to identify these terms is to assign a “listener” from another department in each cross-functional meeting you have for a period. For example, for the next 3 weeks, in each meeting that involves another department, ask one person from that other department to write down any words they hear that are not commonly used in their department. This will give you a good starting point for the dictionary.Note that. although I am talking about a cross-functional effort in the above, this dictionary can also be leveraged within a department. I have found it very effective to create a legal ops dictionary that includes terms from all other departments that you pick up in your work with those other departments. This can still help your goal of resolving confusion and will allow you to get to a common understanding quickly as you are then better equipped with the language that will make your ask clear to the other team.legal-operationsediscovery-process, legal-ops, blog, legal-operations,ediscovery-process; legal-ops; bloglighthouse

Recently, I had the pleasure of appearing as a guest on Season 5, Episode 1 of the Law & Candor podcast, hosted by Lighthouse’s Rob Hellewell and Bill Mariano. The three of us discussed cloud migrations and how that process can provide a real opportunity for an organization to transform its approach to information governance. Below is a summary of our conversation, including best practices for organizations that are ready to take on this digital and cultural cloud transformation process.Because it is difficult to wrap your head around the idea of a cloud transformation, it can be helpful to visualize the individual processes involved on a much smaller scale. Imagine you are simply preparing to upgrade to a new computer. Over the years, you have developed bad habits around how you store data on your old computer, in part because the tools on that computer have become outdated. Now that you’re upgrading, you have the opportunity to evaluate your old stored data to identify what is worth moving to your new computer. You also have the opportunity to re-evaluate your data storage practice as a whole and come up with a more efficient plan that utilizes the advanced tools on your new computer. Similarly, the cloud migration process is the best opportunity an organization has to reassess what data should be migrated, how employees interact with that data, and how that data flows through the organization before building a brand new paradigm in the Cloud.You can think of this new paradigm as the organization’s information architecture. Just like a physical architecture where the architect designs a physical space for things, an organization’s information architecture is the infrastructure wherein the organization’s data will reside. To create this architecture effectively, you first must analyze how data flows throughout the company. To visualize this process, imagine the flow of information as a content pipeline: you’ve got a pile of papers and files on your desk that you want to assess, retain what is useful to you, and then pass on to the next person down the pipe. First, you would identify the files you no longer need and discard those. Next, you would identify what files you need for your work and put those aside for yourself. Then you would pass the remaining pile down to the next person in the pipeline, who has a different role in the organization (say, accountant). The accountant will pull out the files that are relevant to their accounting work, and pass the files down to the next person (say, a lawyer). The lawyer performs the same exercise for files that are relevant to their legal role, and so on until all the files have a “home.”In this way, information architecture is about clearly defining roles (accounting role, legal role, etc.) and how those roles interact with data, so that there is a place in the pipeline for the data they utilize. This allows information to flow down the pipeline and end up where it belongs. Note how different this system is from the old information governance model, where organizations would try to classify information by what it was in order to determine where it should be stored. In this new paradigm, we try to classify information by how it is used – because the same piece of content can be used in multiple ways (a vendor contract, for example, can be useful to both legal and accountant roles). The trick to structuring this new architecture is to place data where it is the most useful. Going hand-in-hand with the creation of a new information architecture, cloud migrations can (and should) also be an opportunity for a business culture transformation. Employees may have to re-wire themselves to work within this new digital environment and change the way they interact with data. This cultural transformation can be kicked off by gathering all the key players together and having a conversation about how each currently interacts with data. I often recommend conducting a multi-day workshop where every stakeholder shares what data they use, how they use it, and how they store it. For example, an accountant may explain that when he works on a vendor contract, he pulls the financial information from it and saves it under a different title in a specific location. A lawyer then may explain that when she works on the same vendor contract, she reviews and edits the contract language, and saves it under a different title to a different location. This collaborative conversation is necessary because, without it, no one in the organization would be able to see the full picture of how information moves through the organization. But equally important, what emerges from this kind of workshop is the seeds of culture transformation: a greater awareness from every individual about the role they play in the overall flow of information throughout the company and the importance of their role in the information governance of the organization. Best Practices for Organizations: Involve someone from every relevant role in the organization in the transformation process (i.e. everyone who interacts with data). If you involve frontline workers, the entire organization can embrace the idea that the cloud migration process will be a complete business culture transformation.Once all key players are involved, begin the conversation about how each role interacts with data. This step is key not only for the business cultural transformation, but also for the organization to understand the importance of doing the architecture work.These best practices can help organizations leverage their cloud migration process to achieve an efficient and effective information governance program. To discuss this topic further, please feel free to reach out to me at JHolliday@lighthouseglobal.com. information-governancemicrosoft-365, legal-operationscloud; information-governance; cloud-migration; bloglighthouse