Lighthouse Blog

Standardizing your eDiscovery program can be a huge benefit to you and your team. With a well-rounded program, you are able to pressure test and layer in repeatable and trackable processes at each stage of the EDRM. This will result in a lower overall cost of eDiscovery and the ability to more accurately forecast spend from matter to matter. Your program will reduce risk, and increase quality, efficiency, and consistency. You will also have the advantage of program-wide metrics and analysis, leading to knowledge that will empower you to make better and more informed litigation and investigation decisions early on, which in turn leads to better outcomes and greater defensibility. Finally, with your program-wide data tracking you will be able to showcase true ROI and other key metrics. It sounds pretty good, right? So, why doesn’t everyone standardize their eDiscovery program? It can be a challenge. There are several hurdles that one may face when trying to socialize and drive the adoption of their program. For example, lack of alignment across key stakeholders and the challenges of trying to build a program while also managing the pressures of ongoing litigation deadlines. You may also have to invest more time and potentially more cost upfront, which can be a resourcing challenge, and you may have to redefine efficiency across multiple teams. Managing expectations across key stakeholders is critical to building a successful program. Change doesn’t happen overnight.How do you go about overcoming these challenges and standardizing your program? I’ve summarized some tips and best practices below for socializing, implementing, and getting your eDiscovery program to be accepted as the standard both within your organization and beyond.Getting StartedTo begin, build one thing at a time. It is important not to bite off more than you can chew. Start with one project, implement it, and carefully review the results. If it is successful, drive adoption internally, and once it is adopted you can get started on the next project or piece of the program. Be sure all of your key stakeholders are involved early on and set up weekly or even monthly strategy sessions with these stakeholders to ensure that everyone has a seat at the table and a voice in program development decisions. Finally, documentation is your single source of truth. Be sure to think about what you are documenting, where you are storing it, when it should be evaluated for updates, and how it will be circulated after these updates are made. More on driving a successful eDiscovery project can be found in this article, Staying on Pointe: Key Lessons eDiscovery Professionals can Learn from Ballet.Ensuring the Right AudienceAs I mentioned above, you need to be sure to involve all key stakeholders when driving the standardization of your eDiscovery program, but how do you make sure you have the right audience? It is different for everyone and will depend on your organization. Typically, I would recommend that you involve your legal operations and finance teams, as well as any other teams with eDiscovery stakeholders. Once you have these folks identified, set up that recurring strategy meeting.Showing ROIWhen it comes to showing ROI you want to be sure to pick what will make an impact within your company. Whether that be risk reduction, cost reduction, efficiency gains, or something else, you want to focus on what matters at your organization. This is where the documentation I mentioned above comes into play. Be sure you are tracking the metrics and results you would like to report on and format them in graphs, charts, and high-level stats that your key stakeholders can take away and share with their teams. Lean on your providers to help you pull metrics and come up with creative ways to display ROI across your program. It is also important to note that your ROI focus may shift over time, so be sure to remain flexible and check-in with leaders on a bi-annual or annual cadence.Socializing & Driving AdoptionSo, you know how to get started, who to involve, and how to show ROI, but how do you socialize and drive adoption? This is the hardest part and will require flexibility. It is important not to design and drop. You have to continue to reiterate the program and processes consistently. Document your processes, track your results, and make sure you build in a regular feedback loop. Ensure you have support from the right people. This can include your internal teams, outside counsel, vendor(s), etc., and can vary depending on your organization. Be open to feedback and revisions as they come along, document those updates, and share them out.To summarize, when looking to standardize and socialize your eDiscovery program, remember to:involve the right folks early on;build one thing at a time;document the processes;show meaningful ROI; andbe open to feedback - a successful program evolves!To discuss this topic further, please feel free to continue the discussion by emailing me at SBarsky-Harlan@lighthouseglobal.com.ediscovery-review; legal-operationsediscovery-process, blog, ediscovery-review, legal-operationsediscovery-process; blogsarah barsky harlan

In the eDiscovery space, we are always spotting new trends. Our industry has seen text messages, chat message platforms, websites, and various unstructured data sources become increasingly relevant during discovery. Over the past several years, we have started to see another new trend emerge - many of our clients are using Corporate G Suite rather than Office 365.The use of emerging technologies is part of everyday life for many companies in the space. However, we are beginning to see established biotech, healthcare, manufacturing, and retailers shift to G Suite, an area that was once almost exclusively dominated by on-prem Microsoft products. This transition introduces some new considerations around managing discovery. In this post, we talk about three impacts that G Suite data has on downstream eDiscovery workflows, and the need to factor these items into your discovery plan. Recipient Metadata: Gmail renders email header information in a unique format. While the last-in-time email in a given string will have all expected sender and recipient information (From, To, CC, BCC), all other previous messages exchanged in the email string will display only the sender information and will not display the recipient information. This is not a collection, processing, metadata, or threading issue. Rather, this relates to how Gmail stores and exports recipient information. This presents some unique document review challenges, as previous parts of the thread could include recipients that are not visible to the reviewer, and may include attorneys who have sent privileged communications. As a result, it is important to work closely with your project management team to create workflows related to Gmail. ‚ÄçLinks: Historically, we have all attached copies of documents (e.g. Word, Excel, and PowerPoint files) to an email during the normal course of business. Due to the emergence of technologies such as SharePoint and Google Drive, we now have the ability to send emails with embedded links that reference documents rather than attaching the document itself. When Gmail is exported from Google Vault, the documents referenced in links embedded throughout email exchanges are not exported. As a result, reviewers will encounter these links, but will be unable to readily view the corresponding document referenced in said link. At present, Google Vault does not allow for the mass search and export of these links. However, you do have the ability to manually pull documents referenced in these links. You should be mindful of this issue when drafting your ESI protocol, as opposing parties and regulators may request that your company retrieve these documents.‚ÄçExported Load File: Unlike a standard PST export, when you export a mailbox or set of documents from Google Vault, you have the ability to retrieve a corresponding load file that contains metadata captured in G Suite. Sometimes, the date-related metadata extracted during processing, will not align with dates exported from G Suite. There are a variety of legitimate reasons for this. You will need to determine if you want to produce the date metadata extracted from the processing platform, date values exported from Vault, or both.All of the above items are manageable when in-house legal teams, outside counsel, and eDiscovery vendors work together to proactively implement appropriate downstream eDiscovery workflows. If you have experience with G Suite data or thoughts on managing the discovery of G Suite data, please reach out to me at ashier@lighthouseglobal.com.chat-and-collaboration-data; information-governancechat-and-collaboration-data, information-governanceemerging-data-sources; g-suite; preservation-and-collection; blogalison shier

In the early days of electronic discovery, technologies that legal teams utilized were researched and procured by specialists independent of information technology teams. Getting IT, legal, compliance, records managers, and other stakeholders to come together to discuss and strategize as a team was almost impossible. The move to the Cloud is changing that dynamic, as corporations move to address data challenges including eDiscovery, information governance, data privacy, and cybersecurity, in a more holistic fashion. When a corporation leverages Microsoft 365 (M365), they have procured a technology that not only meets their data storage requirements but provides eDiscovery, privacy, data governance, and cybersecurity features as well.With the upside that a single platform can provide, there are also challenges including the continued growth in data and new data types that M365 presents. Most eDiscovery professionals are still working to understand how to leverage the functionality in M365 and how to incorporate it into their existing program. Teams usage, for example, has risen with the addition of 31 million new users in one month when the COVID-19 pandemic first hit. Based on that statistic, it is clear that Teams is new to many professionals and eDiscovery teams need to understand how to deal with Teams data in discovery.eDiscovery features in M365 vary based on licensing, but can include data culling, data processing, and even some high-level review. The functionality in no way is an end-to-end solution for discovery. It can achieve some basic needs and other technologies are still required to address limitations in the platform.M365 is also an incredibly dynamic program. It is a challenge to track modifications and updates to the system. Organizations need to invest in personnel to test their M365 environment proactively to identify potential issues that could occur in the discovery process, understand limitations, and capture benchmarking data on the time and effort certain tasks can take in the system. This information should be discussed with legal teams, as it can impact their discovery negotiations and should be considered for proportionality assessments. It’s vitally important to train internal and external legal teams on the capabilities and the limitations of the technologies.Keeping pace with M365 often requires multiple resources. Consider having a dedicated team to test the new tools and ensure any new updates get incorporated back into your workflows. Reach out to your peers at other organizations to learn from their experiences with the tool. Working with service providers who have deep expertise in the tool and the roadmap is extremely beneficial. Microsoft is open to receiving feedback on your experiences outside of simply support tickets. In fact, there is a formal design change request option available to M365 users. Contact your Microsoft representative to learn more about that alternative.When it comes to leveraging M365 for eDiscovery, keep these key takeaways in mind:The explosion of data, new technology, and cybersecurity risks have all led to a continual evolution of the M365 tool.Staying up to date with these continuous evolutions can be a challenge, be sure to (1) have dedicated resources to test new capabilities and report back; and (2) ensure these new updates get incorporated into training and workflow documentation.Train both your internal and external teams on your M365 needs.Collaborate with your various partners (i.e. providers, third-party vendors, outside counsel, etc.).To discuss this topic further, please feel free to continue the discussion by emailing me at PHunt@lighthouseglobal.com.microsoft-365; information-governance; chat-and-collaboration-data; legal-operationsmicrosoft, legal-ops, blog, microsoft-365, information-governance, chat-and-collaboration-data, legal-operationsmicrosoft; legal-ops; blogpaige hunt

Legal Operations is a relatively new field and one that is constantly evolving. With that comes lots of new challenges as well as lessons learned around building an effective Legal Operations department. Below are six key takeaways from a recent Illumination Webinar Series webinar, where legal operations veterans discussed common pitfalls in legal operations, how to avoid them, and best practices for the future.Legal Operations is an Evolving Field - Whether you define it as herding cats, the land of misfit toys, or the grey space in legal, one thing is certain - legal operations is a multi-disciplinary evolving field. If you use the membership numbers from the Corporate Legal Operations Consortium (CLOC) as a barometer of the growth of the profession, the increase of professionals is 1000% from 2016 to 2019. The work these professionals are doing varies from organization to organization. However, there are a few core areas that most legal operations departments focus on - ebilling, contract lifecycle management, vendor management, legal workflows, and legal department data and analytics.Change Management is One of the Biggest Challenges - Legal operations is a cross-functional department that is responsible for driving change in legal. As such, it is not a huge surprise that change management and the things that go along with that are big struggles for the function. Gaining executive support, getting enough funding, and identifying key stakeholders are all critical in the first stage of trying to make a change. Additionally, gaining adoption after a change is made can be a challenge as lawyers don’t tend to be early adopters.Understanding the Issue and Putting in Time at the Outset of a Project Can Help You Overcome Challenges - When considering what to solve for, make sure you understand the impact and pervasiveness of each and prioritize the most pervasive and impactful. Then, take the time to truly diagnose the problem. Don’t get distracted by the symptoms. Once you have identified the right problems, make sure you spend plenty of time clarifying all the specifications and understanding where the blockers may be. This will prevent missteps later and allow you to move quickly if you hit any roadblocks. Finally, make sure you get buy in along the way. This starts with buy in from your stakeholders on the specifications. Then, as you start to execute, share out your successes at each step and get stakeholder buy in on those successes. These steps will increase the success of any project you are leading.Knowing your Audience and your Data Can Really Help With Success in This Field – At the onset of any project, identify who you cheerleaders and naysayers are, that way you can identify the challenges that may arise. It is also wise to take a look at what is working and incorporate that into your future state so you don’t inadvertently break something that is going well. Make sure that you are leveraging relevant data to both identify the proposed improvements as well as to show them once achieved. And finally, to create supporters and build relationships across functions, you should look at ways to fill in the gaps in the legal department and offer support on projects. With these tips, your projects should be smoother to roll out.Analytics and AI are the Future - As in much of the world, artificial intelligence and business analytics are a big point of discussion in the legal operations space. This can be anything from analytics on top of a single existing platform all the way to cross-software AI to predict the outcome of litigation. Discussions about and the implementations of these tools are expected to continue in the next several years. Another exciting change for the field is the influx of new talent. As this is a new field, many of the current professionals transferred from another discipline. However, programs are being created to train for this area that will generate an influx of new talent that will move our profession forward. Finally, we expect more defined rules of engagement, both within legal operations but also with other departments in the company. This field is new so those rules have only recently started to form. That should solidify over the next several years.The Impacts of COVID-19 Should Not Drastically Change the Profession - Operationally, we were in a good situation given that legal operations is in the technology space. Departments were easily able to shift to work from home. Additionally, budgetary impacts have been different than any impacts that companies as a whole have felt.Legal operations has evolved significantly and will continue to change as the field matures. legal-operationslegal-ops, blog, legal-operations,legal-ops; bloglighthouse

What is the most frustrating thing when you have spent months overhauling and then launching a new contract lifecycle management (CLM) solution? Nobody using it! Or, more likely, a few people are using it but most people are hesitating to change their current processes and start using the new solution. I hear this frustration in contract management solutions as well as other large project implementations. As I sat down to think about this challenge, I read many articles about the best business practices to apply to avoid this. These articles focused on bringing business process management to this process, which is valuable, but even with those processes, your implementation could be left with very little adoption.Then I had a light bulb moment – why not pull from a discipline whose main focus is to resonate with its clients and users – product management. It wasn’t a far reach given my product management background and certification. Product managers do a lot of different things at different organizations but I think most people would agree that they play a key role in building and launching a successful product. More specifically, a product manager is tasked with knowing her or his customer base so well that he or she can speak for them and direct the development of a product into one that resonates with its users. A product that resonates with users is more highly adopted and therefore, typically seen as more successful. So what can we, in legal operations, learn from this field?1. Focus on what really matters to your users and potential usersStart by interviewing people who are directly involved with the contract management process as well as some people who are adjacent to the contract management process. Make sure to capture the views of people close to contracts (e.g. attorneys), as well as those who rely on the outputs of those contracts (e.g. finance and sales). Ask about each person’s main goal in contract management and what is preventing them from achieving that goal. Specific to CLM solutions, metadata can be critical to understand and map early, so I would recommend asking people what metadata they rely on when searching for contracts.[1]In these interviews, make sure you understand the impact of any contract management challenges raised in the interviews. You may hear a variety of complaints, but how many of those are frustrations that make the process inefficient versus just minor grumblings. When someone mentions an issue, you should always ask them to quantify, on a scale of 1-10, how big an impact that problem has in their daily life. You should also ask how pervasive the problem is, on a scale of 1-10, across their peers. This will allow you to more quickly identify the real issues that will be impactful to solve. For example, someone may be frustrated that they have to log in to a different technology to manage a contract workflow. Another person may be frustrated that they cannot tie together later revisions to contracts, such as renewals, pricing, or amendments. By asking for the impact during the interviews, you will likely learn that the technology switching challenge is a 2 out of 10 on the impact scale whereas the issue of the later revision is a 9 out of 10. You can prioritize solving for the latter and have tremendous business impact and avoid mistakes by other departments relying on outdated terms.2. Launch a beta solution for a handful of usersMost products have some sort of test user group that is able to provide feedback on releases early. Since you likely are not engineering your own CLM, I would recommend gathering a small group of “early adopters” to test your new CLM solution in three ways:First, you should map out your ideal state process. Bring this group together to talk through that ideal state and suggest any tweaks. Second, when you have narrowed your technology selection to one or two technologies, you can bring the group together to test those technologies. Finally, this group should be your first users of the final solution, the technology and process combined, once implemented.This may be self evident, but be sure to include yourself in the testing group. Often people feel like they are running the project so they should not participate in the feedback. However, given the deep immersion in the contract management process and your knowledge of the organization, your feedback is critical to shaping the right solution. 3. Use your personas in communicationsCommunicating about your solution is a critical step in any CLM solution. That communication is what gets users using the solution and what jump starts change. Making this communication effective can be daunting, but here is the product management formula. Start with the challenges that your users shared with you. When they see their voices reflected, they will immediately be interested in the message. Next, state in 1-2 sentences how you have solved the challenge. When people see that a challenge they have raised has been solved, it is highly likely that they will adopt the new solution. With this, you should have a 3 sentence “elevator pitch” that connects with your intended audience. If appropriate for your organization, you could also consider shortening those three sentences to a tagline that could be used within the legal department to give visibility to the project. A great example of a tagline was Apple’s iPod: “1,000 songs in your pocket.” This was a short statement showing how the product solved the problem. Something similar in the CLM space could be “your contracts, and revisions, in one place” or “automating the contracts that don’t need your attention.” 4. Check in on user satisfactionRemember that your job is not finished upon implementation. Continue to check in with your users to see how things are going. When checking in, the best thing to do is a survey so you can measure the response empirically. The most common question to ask in a customer satisfaction survey is how satisfied they are with the solution on a scale of 1-5. You can follow that up by asking what would improve their satisfaction. The survey can be helpful to understand how the solution is working as well as a way to gather areas of improvement. Before making any changes, however, I would recommend doing some interviews to understand the impact and pervasiveness of the issues so you can determine what changes are needed.[1] Typical fields include party name, party state, contract type, contract expiration date, notification period (to the extent different, next contract review date), contract amount (or at least a small/med/large designation), internal legal contact, department, limitation of liabilities, and early payment.legal-operationslegal-ops, blog, legal-operations,legal-ops; bloglighthouse

We're excited to announce that season four of Law & Candor, the podcast wholly devoted to pursuing the legal technology revolution, is now available. Click the image below to binge season four now or keep scrolling for more details on the latest season. Co-hosts, Bill Mariano and Rob Hellewell, are back for season four of Law & Candor with six easily digestible episodes that cover a range of hot topics from cybersecurity to privilege tools. This dynamic duo, alongside industry experts, discuss the latest topics and trends within the eDiscovery, compliance, and information governance space as well as share key tips for you and your team to take away. Check out the latest season's lineup below:Emerging Data Sources: Get a Handle on eDiscovery for Collaboration Tools Myth Busters: The Managed Services Edition Legal Operations 101: Skills for SuccesseDiscovery Program Starter Pack: Uncover Key Ways to Build an Effective & Efficient eDiscovery ProgramManaging Cybersecurity in eDiscoveryTake the Mystery out of Machine Learning: Success Stories from Real-Life Examples and How Data Scientists Impact eDiscoveryEach episode is bingeable and available on your podcast platform of choice including Apple, Spotify, Stitcher, and Google. Follow the latest updates on Law & Candor by subscribing on the podcast home page and join in the conversation on Twitter. Catch up on past seasons by clicking the links below:‚ÄçSeason 1Season 2Season 3Special Edition: Impacts of COVID-19For questions regarding this podcast and its content, please reach out to us at info@lighthouseglobal.com.ediscovery-reviewcloud, cybersecurity, emerging-data-sources, cloud-security, tar-predictive-coding, ediscovery-process, legal-ops, managed-services, blog, ediscovery-review,cloud; cybersecurity; emerging-data-sources; cloud-security; tar-predictive-coding; ediscovery-process; legal-ops; managed-services; bloglighthouse

Below is a copy of a featured blog written by Debora Motyka Jones for CLOC's Legal Operations Blog.One of the most common complaints I hear from General Counsels and Chief Legal Officers is that they are not able to sit at a table full of their executive peers and provide metrics on how legal is impacting the core business. Sure, they are able to show their own department’s spending, tasks, and resource allocation. But wouldn’t it be nice to tell the business when revenue will hit? Or insights about what organizational behaviors are leading to inefficiency and, if changed, will impact spending. More specifically, as the legal operations team member responsible for metrics, wouldn’t it be great to share these key insights with your GC as well as your finance, sales, IT, and other department counterparts? Good news! Legal has this type of information, it is just a matter of identifying and mining it!Keeping metrics has become table stakes in today’s legal department and it often falls on the shoulders of legal operations to track and share those metrics. In fact, CLOC highlights business intelligence as a core competency for the legal operations function. Identifying metrics, cleansing those metrics, and putting them forth can be quite a lift, but once you have the right metrics in place, you are able to make data-driven decisions about how to staff your team, what external resources you need, and drive efficiencies. If you are still at the early stages of figuring out which metrics you should track for your department, there are many good resources out there including a checklist of potential metrics by Thompson Reuters, and a blog by CLOC on where to start. HBR also conducts a survey so you can see what other departments are seeing – this can be helpful for setting targets and/or seeing how you compare. When you analyze these and other resources, you will notice that many of the metrics are legal department centric. Though they are helpful for the department, they are not very meaningful when they are sitting around the table with executives doing strategic business planning for the business as a whole. So what types of metrics can legal provide in those settings and how do you capture them? There are many ways to go about this, but I have highlighted a few that can provide a robust discussion at the executive table.Leading Indicators of RevenueMost companies are reviewing the top line with some frequency and in many industries it is a challenge to predict the timing of that revenue. Given its position at the end of the sales cycle, in the contracting phase, legal has excellent access to information about revenue and the timing thereof. Here are the most common statistics your legal department can provide in that area:New Customer Acquisition: Number of Customer Contracts Signed this Month – Signing up paying customers is a direct tie to revenue and the legal department holds the keys to one of the last steps pre-revenue: contract signing. By identifying the type of contract that leads to revenue, the legal department is able to share with the business how many new customers are coming online. The metric is typically a raw number and can be compared against the number of contracts in a prior period. If not all customers who sign this contract lead to revenue, you will want to report (or at least know) the ratio of contracts to paying customers in order to give an accurate picture. Once you have been tracking this metric, you may want to take it a step further and identify and contracts that come earlier in the process. For example, in some companies, prospective clients sign NDAs earlier in the sales cycle. By reporting on the number of NDAs signed, you will start to see a ratio of the number of NDA to the number of MSAs and can give even earlier visibility into the customer acquisition pipeline.Expected New Customers: Contracts in Negotiation and Contract Negotiation Length – If your company has negotiated contracts then reporting on the number of contracts in negotiation can also help with revenue planning. Knowing the typical length of that negotiation will give an indication as to the timing of that revenue.Expected Revenue: Timing – The final piece of the revenue puzzle is when the above revenue will hit. You can work with the finance team to get the typical time between contract signing and revenue. This will often vary by contract size so layering in the contract size is helpful. If contract size if not available in the contract itself, that is likely information that sales keep so they can report that metrics if legal cannot.The two departments most interested in all three the above metrics are likely to be sales and finance but depending on the detail reported at the executive level, these may be executive-level metrics. If the above seems like a lot, know that many contract management tools and/or contract artificial intelligence tools can mine your contracts for the above information.Efficiency in Business OperationsLegal operations also has a unique ability to look back and reflect on the efficiency in some areas of business operations. More specifically, in the course of litigation and investigations, cross sections of the business are examined with hindsight and as we all know, hindsight is 20/20. Providing that look back information to the business can help in overall business efficiency. In addition, legal has access to payment clauses, in contracts, that can ensure efficiency in cash management. Here are some helpful statistics your legal department can provide on the state of legal operations.Early Payment Discount Usage: Number of Contracts with Early Payment and Percentage of Early Payment Discounts Used – When signing vendor contracts, there are often provisions allowing for discounts if certain terms – e.g. payment within a short timeframe, are met. Although this may be fresh on everyone’s mind at the time of negotiation, this often gets lost over time. Using current technologies, the legal operations team can identify these contracts and provide the number of contracts in which such provisions exist. You can then work with finance to determine how many of these provisions are being leveraged – e.g. is the business actually paying early and taking the percentage reduction. The savings for the business can be material by just providing visibility into this area.Data Storage: How Much Data to Keep – A common IT pain point is storage management and having to add servers in order to keep up with the business needs. With cloud technologies, IT often knows how much space they have allocated to each user’s mail or individual drives but what is unknown is how much data users are keeping on their machines or in collaborations tools and shared drives. With data collections for litigation or regulatory matters, the legal team has access to this information. This information can help IT understand its storage needs and put in place technologies to minimize storage per person thereby saving on storage costs.Business Intelligence from Active Matters – This one isn’t a specific metric. Instead, this is more focused on the business intelligence that comes out of the legal department’s unique position as a reviewer of sets of documents. In litigation or investigations, the legal department has access to a cross section of data that the business doesn’t pull together in the regular course of business. Technology is now advanced enough to be able to provide business insights from this data that can be shared with the business as a whole.Example #1: Artificial intelligence can be used to create compliance models that show correlations between expense reports, trade journals, and sales behavior to identify bad behaviors. Sharing these types of learnings from matters can open up discussions among executives as to which learnings deserve a deeper dive. As an aside, you could also imagine a scenario where this same logic can also be used inversely – when combined with revenue it could identify effective sales behaviors – although this is something that would be a bigger lift and I would expect the sales department to drive this type of work.Example #2: The amount of duplicative data is a common metric reported in litigations or investigations. Sharing this with your IT team can highlight an easy storage win and legal can help craft a plan of how to attack duplicative data thereby leading to lower storage costsI would be remiss if I didn’t mention that there are opportunities for the legal department in these metrics as well. By using these metrics, as well as the artificial intelligence mentioned above, legal operations can resource plan and drive savings within the legal department. For example, the number of NDAs and sales contracts can inform staffing. Technology can identify contracts or other documents that are repetitive and automate the handling of those documents. Within litigation and investigations, technology can identify objectively non-responsive data so that it does not need to be collected as well as identify sources that are lower risk which don’t require outside counsel review and previously collected data that can be re-used.I hope that with the above metrics, you’re able to participate in some great business discussions and show how your legal department is not only effective in its own right but how integral a unit it is to driving the core business.ai-and-analytics; legal-operationsreporting, legal-ops, blog, ai-and-analytics, legal-operationsreporting; legal-ops; bloglighthouse

In the modern age of legal technology, cybersecurity and eDiscovery are unquestionably intertwined. As cybersecurity threats escalate and bad actors find success with new methods and sophisticated tools to gain access to the ever-growing volumes and types of confidential electronic data, legal departments and law firms are getting hit daily by cybersecurity incidents and breaches, with many not even knowing when the incidents have occurred. The legal world, and eDiscovery in particular, are enticing targets, as matters typically involve huge volumes of sensitive information and data often resides across multiple providers who play a part in the collection, processing, hosting, review, and production of data.From a security perspective, corporations are constantly dealing with the data their employees create, and thus they typically maintain a solid system focused on maintenance, protection, back-ups, and defense of that data. This internal process is implemented using governance, risk, and compliance standards that run pretty well from the inside. But security gaps arise when that data becomes subject to a legal hold for litigation and that once well-protected data gets sent out to law firms and/or outside providers.So how can organizations feel confident they’re effectively evaluating the cybersecurity stability of their law firms, third parties, cloud providers, etc.? Do your providers have relevant security controls in place to ensure your data resides in a reasonably similar method as you would store the data yourself? Here are the top three tips for structuring an effective and comprehensive eDiscovery security evaluation and creating a strong relationship with your providers:Leverage Industry-Standard CertificationsAt the security evaluation stage, it’s critical to get to know your providers well and develop trusted relationships. The best way to first evaluate their overall security is to leverage industry-standard certifications. If the provider has access to and holds your data, they should be able to demonstrate that they’re ISO 27001 and SOC 2 certified as those have become the standard security environment protocol in the eDiscovery industry. Industry-standard questionnaires such as the SIG can also be used to validate a provider’s security structure. If a provider already has a completed and updated the SIG, this can be immediately accepted without needing to recreate the wheel and require another type of basic security assessment. This should serve as your baseline and will aid your risk assessments overall. It’s also important for organizations to audit, on an annual basis, those fundamental controls your providers have in place as the industry continues to focus deeper into all areas of each certification. The days of checking the standard audits off your list and being considered compliant are quickly becoming a thing of the past. With the increase in breaches, we are also seeing deeper and more thorough inspections beyond your own company and a shift to the provider space. So make sure you’re getting involved and staying involved with your suppliers. They are critical elements of your success and you need to treat them as such.Devise Security Questions That Go Beyond the BasicsIn addition to the standard certifications and questions the SIG and other general security audits give you, it’s also important to go beyond the basics and devise questions for your eDiscovery vendors that will uncover any existing gaps. Outside of questionnaires that simply ask for “yes” or “no” answers, consider doing regular audits with specific and focused questions. For example, ask your providers to discuss what different technologies they’re considering in the next 12 months or what new security certifications they’re planning to pursue. This ensures that you’re acting in a forward-thinking manner and developing better insight into your partners’ future development. To combat the growing cybersecurity threat, organizations need to remain one step ahead and devise questions to find forward-thinking suppliers rather than ones that just check the boxes. It’s also crucial to apply focused energy to the evolution of the organization and its suppliers. Take the time to have open dialogue and explore different solutions with the goal of prevention of threats. In today’s market, most organizations are still operating in a reactive state, meaning solutions are in place to detect malicious behaviors already inside your boundaries. Remember the clock always wins and prevention is the preferred way to stay ahead of attacks. Ask your technology providers the tough questions around ransomware and look to see what kinds of SLAs or guarantees they can offer. This is a great place to start to separate products and services by the maturity of their offering.Consider a Managed Services EnvironmentIn the most ideal of situations, a corporation would know in advance their list of trusted providers for investigations and litigation, and they would have a regular flow of communication with those providers that includes updates on standard certifications as well as regular audits including questions that go beyond the basics. Many times, this secure workflow can be best served by establishing a dedicated managed services environment that can support a more seamless and secure flow of data when a matter transitions to eDiscovery. Taking advantage of the dedicated services that come with a managed services environment, the corporation gets a technically skilled and more diverse talent base to draw from – one that becomes an extension of your team and treats the security of your data as if it were their own. Within that environment, law firms and document review lawyers all log into the same database and a partnership develops between all parties, creating a more secure environment. In addition, you’ll see cost savings by not having to invest in your own security infrastructure and separate cybersecurity personnel.Overall, vendor security is an integral part of an organization’s cybersecurity strategy. It’s imperative for corporations who transfer sensitive data out of their control to third parties to make sure that each and every supplier who handles the data meets all of the organization’s internal security requirements, as well as established regulatory requirements. This can be achieved by choosing providers who maintain industry-standard security certifications, performing regular audits outside of standard security questionnaires, and at the most secure level, by creating a managed services environment with your suppliers. data-privacy; ediscovery-reviewcybersecurity, cloud-security, ediscovery-process, blog, data-privacy, ediscovery-reviewcybersecurity; cloud-security; ediscovery-process; bloglighthouse