Lighthouse Blog

We're excited to announce that season four of Law & Candor, the podcast wholly devoted to pursuing the legal technology revolution, is now available. Click the image below to binge season four now or keep scrolling for more details on the latest season. Co-hosts, Bill Mariano and Rob Hellewell, are back for season four of Law & Candor with six easily digestible episodes that cover a range of hot topics from cybersecurity to privilege tools. This dynamic duo, alongside industry experts, discuss the latest topics and trends within the eDiscovery, compliance, and information governance space as well as share key tips for you and your team to take away. Check out the latest season's lineup below:Emerging Data Sources: Get a Handle on eDiscovery for Collaboration Tools Myth Busters: The Managed Services Edition Legal Operations 101: Skills for SuccesseDiscovery Program Starter Pack: Uncover Key Ways to Build an Effective & Efficient eDiscovery ProgramManaging Cybersecurity in eDiscoveryTake the Mystery out of Machine Learning: Success Stories from Real-Life Examples and How Data Scientists Impact eDiscoveryEach episode is bingeable and available on your podcast platform of choice including Apple, Spotify, Stitcher, and Google. Follow the latest updates on Law & Candor by subscribing on the podcast home page and join in the conversation on Twitter. Catch up on past seasons by clicking the links below:‚ÄçSeason 1Season 2Season 3Special Edition: Impacts of COVID-19For questions regarding this podcast and its content, please reach out to us at info@lighthouseglobal.com.ediscovery-reviewcloud, cybersecurity, emerging-data-sources, cloud-security, tar-predictive-coding, ediscovery-process, legal-ops, managed-services, blog, ediscovery-review,cloud; cybersecurity; emerging-data-sources; cloud-security; tar-predictive-coding; ediscovery-process; legal-ops; managed-services; bloglighthouse

Below is a copy of a featured blog written by Debora Motyka Jones for CLOC's Legal Operations Blog.One of the most common complaints I hear from General Counsels and Chief Legal Officers is that they are not able to sit at a table full of their executive peers and provide metrics on how legal is impacting the core business. Sure, they are able to show their own department’s spending, tasks, and resource allocation. But wouldn’t it be nice to tell the business when revenue will hit? Or insights about what organizational behaviors are leading to inefficiency and, if changed, will impact spending. More specifically, as the legal operations team member responsible for metrics, wouldn’t it be great to share these key insights with your GC as well as your finance, sales, IT, and other department counterparts? Good news! Legal has this type of information, it is just a matter of identifying and mining it!Keeping metrics has become table stakes in today’s legal department and it often falls on the shoulders of legal operations to track and share those metrics. In fact, CLOC highlights business intelligence as a core competency for the legal operations function. Identifying metrics, cleansing those metrics, and putting them forth can be quite a lift, but once you have the right metrics in place, you are able to make data-driven decisions about how to staff your team, what external resources you need, and drive efficiencies. If you are still at the early stages of figuring out which metrics you should track for your department, there are many good resources out there including a checklist of potential metrics by Thompson Reuters, and a blog by CLOC on where to start. HBR also conducts a survey so you can see what other departments are seeing – this can be helpful for setting targets and/or seeing how you compare. When you analyze these and other resources, you will notice that many of the metrics are legal department centric. Though they are helpful for the department, they are not very meaningful when they are sitting around the table with executives doing strategic business planning for the business as a whole. So what types of metrics can legal provide in those settings and how do you capture them? There are many ways to go about this, but I have highlighted a few that can provide a robust discussion at the executive table.Leading Indicators of RevenueMost companies are reviewing the top line with some frequency and in many industries it is a challenge to predict the timing of that revenue. Given its position at the end of the sales cycle, in the contracting phase, legal has excellent access to information about revenue and the timing thereof. Here are the most common statistics your legal department can provide in that area:New Customer Acquisition: Number of Customer Contracts Signed this Month – Signing up paying customers is a direct tie to revenue and the legal department holds the keys to one of the last steps pre-revenue: contract signing. By identifying the type of contract that leads to revenue, the legal department is able to share with the business how many new customers are coming online. The metric is typically a raw number and can be compared against the number of contracts in a prior period. If not all customers who sign this contract lead to revenue, you will want to report (or at least know) the ratio of contracts to paying customers in order to give an accurate picture. Once you have been tracking this metric, you may want to take it a step further and identify and contracts that come earlier in the process. For example, in some companies, prospective clients sign NDAs earlier in the sales cycle. By reporting on the number of NDAs signed, you will start to see a ratio of the number of NDA to the number of MSAs and can give even earlier visibility into the customer acquisition pipeline.Expected New Customers: Contracts in Negotiation and Contract Negotiation Length – If your company has negotiated contracts then reporting on the number of contracts in negotiation can also help with revenue planning. Knowing the typical length of that negotiation will give an indication as to the timing of that revenue.Expected Revenue: Timing – The final piece of the revenue puzzle is when the above revenue will hit. You can work with the finance team to get the typical time between contract signing and revenue. This will often vary by contract size so layering in the contract size is helpful. If contract size if not available in the contract itself, that is likely information that sales keep so they can report that metrics if legal cannot.The two departments most interested in all three the above metrics are likely to be sales and finance but depending on the detail reported at the executive level, these may be executive-level metrics. If the above seems like a lot, know that many contract management tools and/or contract artificial intelligence tools can mine your contracts for the above information.Efficiency in Business OperationsLegal operations also has a unique ability to look back and reflect on the efficiency in some areas of business operations. More specifically, in the course of litigation and investigations, cross sections of the business are examined with hindsight and as we all know, hindsight is 20/20. Providing that look back information to the business can help in overall business efficiency. In addition, legal has access to payment clauses, in contracts, that can ensure efficiency in cash management. Here are some helpful statistics your legal department can provide on the state of legal operations.Early Payment Discount Usage: Number of Contracts with Early Payment and Percentage of Early Payment Discounts Used – When signing vendor contracts, there are often provisions allowing for discounts if certain terms – e.g. payment within a short timeframe, are met. Although this may be fresh on everyone’s mind at the time of negotiation, this often gets lost over time. Using current technologies, the legal operations team can identify these contracts and provide the number of contracts in which such provisions exist. You can then work with finance to determine how many of these provisions are being leveraged – e.g. is the business actually paying early and taking the percentage reduction. The savings for the business can be material by just providing visibility into this area.Data Storage: How Much Data to Keep – A common IT pain point is storage management and having to add servers in order to keep up with the business needs. With cloud technologies, IT often knows how much space they have allocated to each user’s mail or individual drives but what is unknown is how much data users are keeping on their machines or in collaborations tools and shared drives. With data collections for litigation or regulatory matters, the legal team has access to this information. This information can help IT understand its storage needs and put in place technologies to minimize storage per person thereby saving on storage costs.Business Intelligence from Active Matters – This one isn’t a specific metric. Instead, this is more focused on the business intelligence that comes out of the legal department’s unique position as a reviewer of sets of documents. In litigation or investigations, the legal department has access to a cross section of data that the business doesn’t pull together in the regular course of business. Technology is now advanced enough to be able to provide business insights from this data that can be shared with the business as a whole.Example #1: Artificial intelligence can be used to create compliance models that show correlations between expense reports, trade journals, and sales behavior to identify bad behaviors. Sharing these types of learnings from matters can open up discussions among executives as to which learnings deserve a deeper dive. As an aside, you could also imagine a scenario where this same logic can also be used inversely – when combined with revenue it could identify effective sales behaviors – although this is something that would be a bigger lift and I would expect the sales department to drive this type of work.Example #2: The amount of duplicative data is a common metric reported in litigations or investigations. Sharing this with your IT team can highlight an easy storage win and legal can help craft a plan of how to attack duplicative data thereby leading to lower storage costsI would be remiss if I didn’t mention that there are opportunities for the legal department in these metrics as well. By using these metrics, as well as the artificial intelligence mentioned above, legal operations can resource plan and drive savings within the legal department. For example, the number of NDAs and sales contracts can inform staffing. Technology can identify contracts or other documents that are repetitive and automate the handling of those documents. Within litigation and investigations, technology can identify objectively non-responsive data so that it does not need to be collected as well as identify sources that are lower risk which don’t require outside counsel review and previously collected data that can be re-used.I hope that with the above metrics, you’re able to participate in some great business discussions and show how your legal department is not only effective in its own right but how integral a unit it is to driving the core business.ai-and-analytics; legal-operationsreporting, legal-ops, blog, ai-and-analytics, legal-operationsreporting; legal-ops; bloglighthouse

In the modern age of legal technology, cybersecurity and eDiscovery are unquestionably intertwined. As cybersecurity threats escalate and bad actors find success with new methods and sophisticated tools to gain access to the ever-growing volumes and types of confidential electronic data, legal departments and law firms are getting hit daily by cybersecurity incidents and breaches, with many not even knowing when the incidents have occurred. The legal world, and eDiscovery in particular, are enticing targets, as matters typically involve huge volumes of sensitive information and data often resides across multiple providers who play a part in the collection, processing, hosting, review, and production of data.From a security perspective, corporations are constantly dealing with the data their employees create, and thus they typically maintain a solid system focused on maintenance, protection, back-ups, and defense of that data. This internal process is implemented using governance, risk, and compliance standards that run pretty well from the inside. But security gaps arise when that data becomes subject to a legal hold for litigation and that once well-protected data gets sent out to law firms and/or outside providers.So how can organizations feel confident they’re effectively evaluating the cybersecurity stability of their law firms, third parties, cloud providers, etc.? Do your providers have relevant security controls in place to ensure your data resides in a reasonably similar method as you would store the data yourself? Here are the top three tips for structuring an effective and comprehensive eDiscovery security evaluation and creating a strong relationship with your providers:Leverage Industry-Standard CertificationsAt the security evaluation stage, it’s critical to get to know your providers well and develop trusted relationships. The best way to first evaluate their overall security is to leverage industry-standard certifications. If the provider has access to and holds your data, they should be able to demonstrate that they’re ISO 27001 and SOC 2 certified as those have become the standard security environment protocol in the eDiscovery industry. Industry-standard questionnaires such as the SIG can also be used to validate a provider’s security structure. If a provider already has a completed and updated the SIG, this can be immediately accepted without needing to recreate the wheel and require another type of basic security assessment. This should serve as your baseline and will aid your risk assessments overall. It’s also important for organizations to audit, on an annual basis, those fundamental controls your providers have in place as the industry continues to focus deeper into all areas of each certification. The days of checking the standard audits off your list and being considered compliant are quickly becoming a thing of the past. With the increase in breaches, we are also seeing deeper and more thorough inspections beyond your own company and a shift to the provider space. So make sure you’re getting involved and staying involved with your suppliers. They are critical elements of your success and you need to treat them as such.Devise Security Questions That Go Beyond the BasicsIn addition to the standard certifications and questions the SIG and other general security audits give you, it’s also important to go beyond the basics and devise questions for your eDiscovery vendors that will uncover any existing gaps. Outside of questionnaires that simply ask for “yes” or “no” answers, consider doing regular audits with specific and focused questions. For example, ask your providers to discuss what different technologies they’re considering in the next 12 months or what new security certifications they’re planning to pursue. This ensures that you’re acting in a forward-thinking manner and developing better insight into your partners’ future development. To combat the growing cybersecurity threat, organizations need to remain one step ahead and devise questions to find forward-thinking suppliers rather than ones that just check the boxes. It’s also crucial to apply focused energy to the evolution of the organization and its suppliers. Take the time to have open dialogue and explore different solutions with the goal of prevention of threats. In today’s market, most organizations are still operating in a reactive state, meaning solutions are in place to detect malicious behaviors already inside your boundaries. Remember the clock always wins and prevention is the preferred way to stay ahead of attacks. Ask your technology providers the tough questions around ransomware and look to see what kinds of SLAs or guarantees they can offer. This is a great place to start to separate products and services by the maturity of their offering.Consider a Managed Services EnvironmentIn the most ideal of situations, a corporation would know in advance their list of trusted providers for investigations and litigation, and they would have a regular flow of communication with those providers that includes updates on standard certifications as well as regular audits including questions that go beyond the basics. Many times, this secure workflow can be best served by establishing a dedicated managed services environment that can support a more seamless and secure flow of data when a matter transitions to eDiscovery. Taking advantage of the dedicated services that come with a managed services environment, the corporation gets a technically skilled and more diverse talent base to draw from – one that becomes an extension of your team and treats the security of your data as if it were their own. Within that environment, law firms and document review lawyers all log into the same database and a partnership develops between all parties, creating a more secure environment. In addition, you’ll see cost savings by not having to invest in your own security infrastructure and separate cybersecurity personnel.Overall, vendor security is an integral part of an organization’s cybersecurity strategy. It’s imperative for corporations who transfer sensitive data out of their control to third parties to make sure that each and every supplier who handles the data meets all of the organization’s internal security requirements, as well as established regulatory requirements. This can be achieved by choosing providers who maintain industry-standard security certifications, performing regular audits outside of standard security questionnaires, and at the most secure level, by creating a managed services environment with your suppliers. data-privacy; ediscovery-reviewcybersecurity, cloud-security, ediscovery-process, blog, data-privacy, ediscovery-reviewcybersecurity; cloud-security; ediscovery-process; bloglighthouse

The current state of eDiscovery is complex, inefficient, and cost prohibitive as data types and volumes continue to explode without bounds. Organizations of all sizes are bogged down in enormous amounts of unresponsive and duplicative electronically stored information (ESI) that still make it to the review stage, persistently the most expensive phase of eDiscovery.Data is at the center of this conundrum and it presents itself in a number of forms including:Scale of Data - In the era of big data, the volume, or amount of data generated, is a significant issue for large-scale eDiscovery cases. By 2025, IDC predicts that 49 percent of the world’s stored data will reside in public cloud environments and worldwide data will grow 61 percent to 175 zettabytes.Different Forms of Data - While the volume of ESI is dramatically expanding, the diversity and variety are also greatly increasing, and a big piece of the challenge involved with managing big data is the varying kinds of data the world is now generating. Gone are the days in eDiscovery where the biggest challenge was processing and reviewing structured, computer-based data like email, spreadsheets, and documents.Analysis of Data - Contending with large amounts of data creates another significant issue around the velocity or speed of the data that’s generated, as well as the rate at which that data is processed for collection and analysis. The old approach is to put everything into a database and try to analyze it later. But, in the era of big data, the old ways are expensive and time-consuming, and the much smarter method is to analyze in real time as the data is generated.Uncertainty of Data - Of course, with data, whether it’s big or small, it must be accurate. If you’re regularly collecting, processing, and generally amassing large amounts of data, none of it will matter if your data is unreliable or untrustworthy. The quality of data to be analyzed must first be accurate and untainted.When you combine all of these aspects of data, it is clear that eDiscovery is actually a big data and analytics challenge!While big data and analytics has been historically considered too complex and elaborate, the good news is that massive progress has been made in these fields over the past decade. Access to the right people, process, and technology in the form of packaged platforms is more accessible than ever.Effective utilization of a robust and intelligent big data and analytics platforms enable organizations to revamp their inefficient and non-repeatable eDiscovery workflows by intelligently learning from past cases. A powerful big data and analytics tool utilizes artificial intelligence (AI) and machine learning to create customized data solutions by harvesting data from all of a client’s cases and ultimately creating a master knowledge base in one big data and analytics environment.In particular, the most effective big data and analytical technology solution should provide:Comprehensive Analysis – The ability to integrate disparate data sources into a single holistic view. This view gives you actionable insights, leading to better decision making and more favorable case outcomes.Insightful Access – Overall and detailed visibility into your data landscape in a manner that empowers your legal team to make data-driven decisions.Intelligent Learnings – The ability to learn as you go through a powerful analytics and machine learning platform that enables you to make sense of vast amounts of data on demand.One of the biggest mistakes organizations make in eDiscovery is forgoing big data and analytics to drive greater efficiency and cost savings. Most organizations hold enormous amounts of untapped knowledge currently locked away in archived or inactive matters. With big data and analytics platforms more accessible than ever, the opportunity to learn from the past to optimize the future is paramount.If you are interested in this topic or just love to talk about big data and analytics, feel free to reach out to me at KSobylak@lighthouseglobal.com.ai-and-analytics; ediscovery-reviewai-big-data, blog, ai-and-analytics, ediscovery-reviewai-big-data; blogkarl sobylak

Now more than ever, data security has become priority number one, especially in the context of litigation and eDiscovery. And as the worlds of eDiscovery, information governance, and cybersecurity continue to rapidly converge, cybersecurity incidents are alarmingly on the rise, showcasing all of the weaknesses in an organization’s information governance system. Addressing cybersecurity continues to be a top challenge in eDiscovery. Many are unsure if their own internal processes are safe, not to mention those of the vendors who manage their outsourced eDiscovery.So, how can you protect your ESI all the way from preservation and collection to review and production? In a Law and Candor podcast episode, special guest David Kessler, Head of Data and Information Risk at Norton Rose Fulbright US LLP, discussed with our hosts the diverse set of challenges that arise with data security at each stage of the EDRM. Most understand the right methods start with implementing the fundamentals of cybersecurity, but some have learned the hard way that you can’t fix a house built on a shaky foundation after a cybersecurity disaster strikes. With the protection of client ESI first and foremost top of mind, here are the some of the most pressing cybersecurity challenges in eDiscovery as well as actionable solutions.Cybersecurity Challenges in eDiscoveryThe intersection of information governance, eDiscovery, and data security: The nature of data has evolved such that eDiscovery and information governance naturally intersect with data privacy and security. We’ve learned that issues around data access are very similar to eDiscovery issues and the next challenge is learning how to operate the areas together cohesively. In addition, with the shift to scrutiny on privacy and what can be done with personal data, now we know almost all cases that involve ESI have tremendous privacy concerns.The important role eDiscovery plays in cybersecurity: No longer are the days where confidential data relevant to litigation is primarily found in email and simply on computers. Now, data is created and stored across a wide variety of mediums and the amount of data continues to grow at an exponential rate. For cybersecurity criminals, this is a gold mine of confidential data available to steal and access.The outstanding security gaps throughout the EDRM: Historically, we’ve been focused on the responding parties’ obligations to securely undertake discovery. The business process of eDiscovery is primarily about collecting, copying, and transferring data outside of an organization, which creates concerns about securing that information at every stage of the process. Both the responding and requesting parties need to find a way to collaboratively and cooperatively work together at the beginning of a case to ensure data is protected through the entire EDRM lifecycle.The weakest part of the cybersecurity chain is when you hand over sensitive data: How do we help clients make sure their data isn’t accidentally or intentionally taken from them during the eDiscovery process? Everyone from eDiscovery vendors to law firms has an obligation to shore up their security and organizations have a responsibility to thoroughly vet those partners as they hand over their most sensitive data. In the EDRM, attention has shifted to making sure cybersecurity protections span the entire EDRM and the last step that hasn’t received much attention is making sure the requesting party is taking the appropriate steps to secure the data once they receive it.Cybersecurity Solutions in eDiscoveryShore up cybersecurity contracts and repurpose existing security riders: When an organization engages law firms and eDiscovery vendors to handle discovery, it’s important they work closely with their data security IT team. These teams can help to repurpose some of the standard security riders from other contracts and use it to create new contracts with the appropriate protections in place.Establish comprehensive protective orders at the beginning of cases: With respect to the requesting party, who you will ultimately be producing the data to, ensure that early in the case you’ve negotiated a comprehensive protective order that includes reasonable and proportionate requirements for the protection of data. In that protection order (and a step that’s often forgotten), follow up and confirm the data you produced has been deleted after a case is over.Keep open lines of communication with law firms and eDiscovery vendors: Your discovery partners understand and have a significant stake in their security reputations. They have a strong motivation to work with you to execute risk assessments and other agreements that contain the necessary security provisions to ensure your data is safe at every step of the process. Also, include a breach notification order if data is accidentally lost or there’s an attack.Focus on things you can do to strengthen your productions: Think about the most efficient ways to reduce the number of copies involved in productions where appropriate. For example, use redaction as much as possible and consequently less copies of data. Don’t produce sensitive and irrelevant portions of data – redact it instead.Ultimately, most people have become acutely aware of the vulnerabilities that exist in data security as it travels through the EDRM, and as law firms and eDiscovery vendors become accustomed to deeper vetting, it’s at the production stage where the biggest security vulnerabilities seem to remain. To get ahead of all aspects of potential cybersecurity failures, the use of well-written protective orders will get you a long way. Requirements in protective orders can ensure all parties take reasonable steps to protect data from third-party hackers and unauthorized access, as well as include protections based on encryption, access controls, passwords, etc.data-privacy; information-governance; ediscovery-reviewcybersecurity, cloud-security, ediscovery-process, preservation-and-collection, blog, data-privacy, information-governance, ediscovery-review,cybersecurity; cloud-security; ediscovery-process; preservation-and-collection; bloglighthouse

Have you created, or were handed, a budget but you don’t know where to start? Or, have you managed a budget for a while but want some other perspectives on what to look for throughout the year? Well this is the post for you. As I mentioned in my prior post about creating budgets, I have managed budgets for a long time in legal, operations, and other departments, as well as gotten input on this topic from many peers. Below you will find five of my top tips.Align team goals with budget - The success of your budget increases if everyone is working toward the common goal of staying within that budget. As such, when creating your team goals as well as when creating an individual team member’s goals, they should all support what you have put in your budget. There are a number of ways to do this. First, you could put a specific goal – e.g., come within 5% of budget – in their personal goals. You could also tie a part of an employee’s bonus to the department meeting its budget. Second, you could make the goals a bit more indirect by having each employee have a goal around coming up with cost-savings measures. Finally, you could be even less direct by just ensuring that nobody has goals related to projects that do not have any budget and that all funded projects do have owners. I use all three of these concepts in combination to set up the department for budget success.Operationalize your budget review - Reviewing your spend (actuals) against your budget on a monthly basis is critical to being able to stay on budget. You should involve your team in these budget reviews. The agenda should include an update on the prior month’s spend, a discussion of anything unusual from the prior month, and a discussion about any expectations for the coming month. Be open during these discussions and encourage people to speak up. You want to foster a positive environment where people feel comfortable bringing up anything that will impact the budget. Every team member should understand how their work impacts the budget. Any team member heading up a particular project should understand the budget of that project and where they are vis-à-vis budget. Transparency of this information will allow people to make well-informed decisions.Constantly look for ways to get better – automation and different suppliers - Even if you are at or under budget, it is important to continuously look for ways to get more efficient with resources. This can be done in conjunction with monthly budget reviews as your team will likely have some great suggestions. There are three main questions I ask:What can be automated? What can be outsourced?Are there opportunities to get better pricing from any outsourced providers (including technology)?Of these three, I lean towards automation because of the dramatic cost savings over time, but also the additional benefits. Automation will typically have an initial cost to fund the development effort. However, that initial investment can eliminate certain resources for a long period, sometimes even bringing ongoing costs to $0. Automation also can provide information, such as auditing and data, that were not available with manual methods. For example, implementing an e-billing solution not only saves on the people cost for reviewing bills, but also gives better visibility into where the money is being spent, leading to new areas for savings.Always have a plan B and C - Things change as the year goes on – revenue may not come in as expected, there could be a global pandemic that impacts your business, or you could decide to fund a higher priority business item – and you may be asked to change or reduce your budget. This can be frustrating but you should be ready for unexpected changes. The first thing you can do to be ready is to know what you will cut first, second, and third, etc. When you have a prioritized list, you can respond to any budget cuts or freezes pretty quickly. Second, you should have alternative, cheaper ways to still move forward on your top legal department strategy or strategies. For example, instead of hiring a full-time employee to manage and implement your e-billing system, perhaps you can hire a temporary employee, consultant, or an intern to move you forward on the research and design phases. Also consider whether you can move forward with any projects in phases or by doing a scaled back proof of concept first. For example, you could procure fewer licenses of your e-billing system and implement it for only 10% of matters (e.g., litigations over $1M). Both of these moves will allow you to still advance your project, but for a lower cost. The proof of concept also has the added benefit of allowing you to demonstrate the value of the project to the business, thereby making any associated budget requests for a full-scale implementation easier to get approved.Communicate changes early - A budget is an estimate based on your knowledge at one point in time. It won’t be perfect and you will have to make changes. Make sure you understand the process to communicate those changes. As soon as you have knowledge of anything that will be significantly under or over budget, which you will likely get from your monthly budget review, make sure to communicate that. If it is something that will put you over budget, make sure to have the details about why the spend is necessary, what alternative options you have looked into, and what benefits will come to the business from this spend. The threshold for when to communicate these changes differs at each organization so be sure to work with your partners in the finance organization to understand what is expected at your organization.legal-operationsediscovery-process, legal-ops, blog, legal-operations,ediscovery-process; legal-ops; bloglighthouse

What is data reuse? There are many different flavors and not everyone thinks about it the same way. In the context of eDiscovery, subject-matter specific work product in the form of responsiveness or issue coding often comes to mind and is then immediately dismissed as untenable given that the definitions for these can change from matter to matter. This is just one tiny piece of what’s possible, however. We need to consider the entire EDRM from end to end. What else has already been done, and what can be gained from it?First, there’s the source data itself. The underlying electronically stored information (ESI) is foundational to the reuse of data as a whole. Many corporations deal with frequent litigation and investigations, and those matters often include the same or at least overlapping players, i.e. the “frequent flier” custodians. This means the same data is relevant to multiple matters, which means it can be reused. There’s the potential for a one-to-many relationship here. In other words, instead of starting from scratch with each new project by going back to the same sources to collect the same data, why not take stock of what has been collected already? Compare the previously collected inventory to what is required for each specific matter, and then return to the well for the difference as needed. It may be as simple as a “refresh” to capture a more recent date range, or, even better, there’s no new collection to be done at all.Next up is the processed data. Once it’s collected, a lot of time, effort, and money are spent transforming ESI into a more consumable format. Extracting and indexing the metadata such that it can easily be searched and reviewed in your platform of choice takes real effort. Considering the lift, utilizing data that has already undergone processing makes a lot of sense. Depending on volume, significant savings in terms of timeline and fees are often realized, and this is not a one-time thing. The same data often comes up over and over across multiple matters, compounding savings over time.Finally, after processing comes review, which is where reusing existing work product comes in. This isn’t limited to relevance calls, which may or may not consistently apply across matters. There’s limited application for the reuse of subject-matter specific work product as mentioned earlier. The real treasure trove is all the different types of static work product – the ones that remain the same across matters regardless of the relevance criteria – and there are so many! One valuable step that is often overlooked is the ability to dismiss portions of the data population upfront. Often there is some chunk of data that will simply never be of interest. These are the “junk” or “objectively non-relevant” files that can clog a review. For example, automatic notifications, spam advertisements, and other mass mailings can contribute a lot of volume and rarely have any chance of including relevant content. Also, think about redactions and what often drives them: PII, PHI, trade secret, IP, etc. These are a pain to deal with, so why force the need to do so repeatedly? And, what about privilege? Identifying it is one thing, and then there are the incredibly time intensive privilege log entries that follow. These don’t change, and the cost to handle them can be steep. On top of that, they are incredibly sensitive, so ensuring accuracy and consistency is key. That’s pretty difficult to accomplish from matter to matter if you rely on different reviewers starting over each time.At the end of the day, no one wants to waste time and effort on unnecessary tasks, especially considering how often intense deadlines loom right out of the gate. The key is understanding what has already been done that overlaps with the matter at hand and leveraging it accordingly. In other words, know what you have and use it to avoid performing the same task twice wherever possible.ai-and-analytics; ediscovery-reviewediscovery-process, data-re-use, blog, ai-and-analytics, ediscovery-reviewediscovery-process; data-re-use; bloglighthouse

Recently we took Lighthouse’s legal technology podcast series Law and Candor on the road and broadcast a special live edition to our audience straight from Legaltech. One episode focused on the issue that’s at the forefront of the eDiscovery and information governance world: data privacy compliance in the post-GDPR world. Our distinguished Law and Candor hosts spoke with special guest Kelly Clay, global eDiscovery counsel and head of information governance at GlaxoSmithKline (GSK), about the key challenges or “opportunities” that GDPR, CCPA, and other burgeoning laws around data privacy have presented, and subsequently how the associated risks have permanently shifted the legal landscape.With the two-year anniversary of GDPR’s first day of implementation right around the corner, it’s a perfect time to reflect on where we are now. Organizations around the world have become more comfortable with the idea that data governance, privacy, and security are more than just new challenges they are being forced to solve. Businesses are beginning to see the new opportunities that come from data privacy regulations as they realize the benefits that come from cross-functional stakeholders working together across all of their internal support functions.So what are organizations doing to get a handle on the information governance side of the house and ensure compliance in this post-GDPR era? Here are three steps to take on the road to continual compliance:Understand where your data resides. It might seem obvious, but the number one place to start (and some would argue the most important) is taking a detailed look at your data and understanding all of the different types your organization generates, and the various locations where it all resides. Many who have already embarked on this journey have found silos during the process and encountered complications in understanding the full extent of their data and where it is. Now’s the time to use the information you gather to create a detailed and comprehensive data map that can be easily and automatically updated as new locations and new data are constantly created.Focus on the general principles. It’s easy to get overwhelmed in the data mapping process, especially if you’re a large organization whose employees utilize many different communication methods and IT has traditionally employed disparate storage methods for that never-ending mountain of data. Once your data map is in place, take a step back and realize you can’t tackle every potential compliance issue at the same time. Instead, continue to focus on the overall general principles like understanding where the data is flowing from and where it’s going, whether it’s email, chats, or data in the Cloud.Change the narrative. Historically, Legal and IT have operated separately and handled data based on the nature of their specific job functions. For example, Legal views data and information through the lens of risk management, while IT has a different approach in how it views managing and archiving data within an enterprise. With GDPR, CCPA, and likely many more privacy regulations to come, organizations need to handle data differently and understand everyone is accountable and must work cross functionally. Key players from the technology group to the procurement team to the business strategy group must change their mindset and be mindful of how they deal with data while keeping legal risk at the forefront.Ultimately, the post-GDPR era is here to stay and organizations should treat these dramatic changes in how we view and handle data as an opportunity not a challenge. Getting a handle on how to create an effective compliance program is a team effort that requires everyone to get on the same page, and it’s particularly important to involve your key stakeholders early on in the process.More on this topic can be found in this article, How GDPR and DSARs are Driving a New, Proactive Approach to eDiscovery. data-privacy; information-governanceccpa, gdpr, cloud-security, blog, data-privacy, information-governanceccpa; gdpr; cloud-security; bloglighthouse