The Data Governance & Discovery Blog
Read about the latest strategies, trends and news.
Ad Techs and Transparency Issues take Center Stage for GDPR Enforcement Activity
In many ways, 2018 was a year of waiting. Waiting first for the General Data Protection Regulation (GDPR) to go into effect on May 25th. Then waiting again to see how regulators sought to investigate privacy complaints and enforce the new law. Now within the first two months of 2019, we’ve seen the beginnings of the anticipated uptick in European enforcement activity. And it is not a surprise to see the ad-tech space drawing most of that regulator attention.
In the last half of 2018, GDPR enforcement activity among data protection authorities across Europe saw a steady uptick and the trend will continue in 2019. Organizations in a broad range of industries received public reprimands, enforcement notices and fines. Violations ranged from data breaches, to lack of security practices and failure to obtain consumer consent to collect data.
Five Lessons Learned from Early GDPR Fines
Earlier this month, data protection authorities in Portugal doled out a €400,000 fine to a hospital for failure to apply appropriate access controls over digital patient data. This is one of the first penalties we’ve seen issued under GDPR since its enactment earlier this year. There are several interesting elements of this particular case, one of which is the fact that fines were imposed even though no data breach event occurred.
GDPR Compliance - The Unintended Consequences for Organisations
GDPR has made data protection a reality not only for heavily regulated industries but for all organisations. Once seen purely as a legislative burden, GDPR compliance is now providing organisations with a range of benefits.
Paris Calls for Cybersecurity Peace
This week, the President of France issued the Paris Call for Trust and Security in Cyberspace. The document is a cybersecurity pact seeking consortium of technology companies, governments and NGOs to improve the stability and safety of the internet. With its unveiling, the declaration touted support from some of the tech industry’s largest players and a handful of countries in Europe.
Are Data Subject Access Requests a Trick or a Treat?
It’s that time of year… no, not when bands of trick-or-treaters are traipsing up your walk, but when the ghoulish specters called data subject access requests (DSARs) are going to start flooding in.
Recommended Reading: $17 Million Settlement in US Privacy Suit
A California-based consumer electronics company has agreed to a $17 million settlement in a lawsuit that claimed the company installed data-tracking software on its internet-connected smart TVs without notifying customers, and then profited from the sale of the personally identifiable information to advertisers.
Recommended Reading: Examining Safeguards for Consumer Data Privacy
For those interested in the growing momentum around broader US data privacy protections, I wanted to flag a recent Senate hearing on “Examining Safeguards for Consumer Data Privacy.” On Wednesday, September 26, 2018 the Senate Committee on Commerce, Science, and Transportation met to examine consumer protection and privacy policies of top technology and communications firms.
Recommended Reading: Data Breach and Potential Class Action in UK
After a recent data breach, a law firm is threatening the company with a potential class action lawsuit, citing Article 82 of the U.K. Data Protection Act. Specifically, the law firm is citing the "right to compensation and liability" — which states, "Any person who has suffered material or non-material damage as a result of an infringement of this regulation shall have the right to receive compensation from the controller or processor for the damage suffered."
Latest iOS Update Makes Evidence Deletion Easier
In May, Apple released iOS 11.4, and with it, new features for storage and synchronization of Messages to iCloud. Our team has written before about the e-discovery and digital forensic investigations challenges that can arise when Apple updates operating system functionalities. The changes in 11.4 yet are another example of how this continually moving target can impact organizations that are required to preserve, collect and review data from Apple devices for legal, regulatory and investigative matters.
Regulatory Compliance as a Competitive Advantage
Next year, firms around the globe will be impacted by some of the world’s toughest new regulations and privacy requirements. Adapting to this new landscape was a key topic at The Lawyer's Managing Risk and Litigation conference.
iOS 11 Has a New Passcode Workaround. Here’s What Counsel Needs to Know.
For years, mobile devices have introduced a slew of new challenges into e-discovery and digital forensics investigations, from data encryption and proliferating hardware to rapidly changing third-party applications. Debates continue between law enforcement agencies and technology companies about mobile device encryption and whether criminal investigators should be given back-door access to suspects’ phones. Just last week the U.S. Deputy Attorney General spoke out against Apple on this very issue, saying law enforcement should have access to investigate the communications of the shooter in the recent tragic Texas shooting.
Q&A with Sandeep Jadav, FTI Technology’s new Managing Director for Asia
We recently appointed a new Managing Director to lead the Technology team in Asia. Sandeep Jadav is joining the tech team from Ernst & Young, and brings more than 17 years of experience in leading teams in forensic technology. We sat down with him to discuss his new role, how the field has evolved over the course of his career and his thoughts on emerging trends and challenges impacting corporations doing business in Asia.
Equifax Breach a Category 4 or 5 Attack, but By No Means Unique
Late last week, we learned that Equifax was breached via a simple web application weakness, and over 143 million consumers’ records were compromised. The bad (worse) news is that this story is not unique, and this is by no means the final chapter.
Advice From Counsel Featured in Security Technology Executive Magazine
With organizations increasingly challenged to support the modern workplace environment – mobile phones, remote employees, cloud collaboration sites, social media, IM platforms and chatrooms – while keeping this data secure and easily retrievable for legal or regulatory needs, we at FTI conducted the latest iteration of AFC to uncover how legal teams are handling the challenges.
How Counsel Can Leverage the Power of IG
While information governance is often thought about in the context of data security and IT efficiency, there is an equally important factor that deeply resonates with a corporation’s board and C-suite: reputational risk.
The legal industry is hungry for guidance on how to deal with the explosion in cloud-based applications and new data types that are creating headaches for organizations of all sizes. While the threat of big data has cast a shadow over IT and legal departments for several years, the real challenge is proving to be the variety of data, and it is quickly defeating traditional collection and review tools and strategies.
Part 2: The Evolution of Predictive Coding in Australia
Paul Hunter shares some comments on what lawyers in Australia need to keep in mind as predictive coding gains adoption in the region.
The Evolution of Predictive Coding in Australia
Phil Smith, a director in FTI Technology’s Melbourne, Australia office, is an expert advisor to clients looking to implement predictive coding. He shared some insights on how the technology is evolving in Australia and FTI’s efforts to help clients update strategies and streamline e-discovery reviews using technology that is still nascent in the region.
We Now Have an Instruction Manual for Data Security Programs
Target’s multistate settlement ($18.5MM) for their 2013 data breach is the strongest evidence yet that Data Governance and Security is impacting organizations in every vertical and geography.
Evaluating Network Permissions in Investigations
Jim Scarazzo explains how risk, IT, legal and compliance intersect across the many stages of investigation.
FTI Discusses Information Governance Enforcement in InformationWeek
Sean Kelly highlights steps IG teams can take to build enforcement into their policies from the outset.
A Lawyer’s Role in Office 365 Migration
O365 migration should be viewed as a critical business initiative that requires the involvement of the legal department as one of the primary decision makers every step of the way during a migration.
IG Engagement, Enablement and Change to Ensure Policies Aren’t Collecting Dust
Policy enforcement is a challenging task for most organizations – more so for those in regulated industries that have a highly complex legal and compliance profile.
Microsoft Office 365 Migration Considerations Discussed in Computer Business Review
With increasing adoption of Microsoft Office 365 (O365), analysts have indicated the migration process has arisen as an acute pain point from an information governance and e-discovery perspective.
ILTA Peer-to-Peer: Skills You Need To Summit the Mountain of Data Challenges
In a recent FTI Advice from Counsel study, 76 percent of respondents said that while they do have information governance programs in place, initiatives ranged across 30 different areas of focus. These included data security, budget transparency, efficient records retention, data analytics, compliance, risk prevention and optimizing data for litigation needs, and underscore the difficulty many legal teams have in focusing their IG efforts.
Understanding How Analytics and Linear Review Can Coexist
Despite increasing adoption of new technologies in the legal space, the vast majority of legal teams are still not implementing analytical tools in a way that can truly make a difference to alleviating their overall e-discovery burdens and growing expenses.
Best Practices for Mobile Device Collections
FTI Technology Managing Director Colleen Casey Voshell recently teamed up with colleague T. Sean Kelly to share some insights on dealing with mobile device data collection and e-discovery. Voshell and Kelly agree on the importance of counsel understanding policy issues, data privacy concerns and software limitations that come into play when dealing with mobile data.
FTI Shares Information Governance Philosophy in Cybersecurity Law & Strategy
One of the most meaningful elements of information governance is how it can drive the differentiation of data types and enable stronger security protocols around a corporation’s most sensitive data.
What Corporations Need to Know About Location Spoofing
FTI Technology’s digital forensics expert David Freskos shared some insights on current issues with location-based services, and what corporations need to consider in today’s landscape.
Lessons Learned in Canadian Competition Law
In a recent merger, a Canadian corporation was tasked with responding to the Competition Bureau’s request for supplementary information, known as a Supplementary Information Request (SIR), similar to Second Requests in the U.S. Working closely with the client and FTI’s team of experts, Tim Klinger, Managing Director at FTI Technology and the lead for the company’s practice in Canada, helped the client implement FTI’s Ringtail e-discovery software to review approximately 420 GB of data that was potentially relevant to the government’s request.
A Prescription that Works: Analytics for Healthcare Companies
In a recent article in New Jersey Law Journal, FTI Managing Director Colleen Casey Voshell wrote about how analytics tools can boost information governance initiatives for healthcare companies and other corporations in highly regulated industries. Because healthcare organizations must juggle the tasks of maintaining compliance with regulations, dealing with a high volume of litigation and securing sensitive data that contains customer and/or patient information, information governance and overall data management are becoming exceedingly difficult to navigate.
Whether unexpected or the result of an internal investigation, an enforcement action by the Securities and Exchange Commission (SEC) or Department of Justice (DOJ) can burden even a prepared organization and result in serious financial consequences. With the number of Foreign Corrupt Practices Act (FCPA) enforcement actions proliferating across industry types and organization sizes, and fines growing larger each year, it is increasingly important to execute investigations with speed and efficiency.
We’re pleased to announce that FTI Consulting is a top provider in 13 categories in the first-ever Best of Corporate Counsel survey. Corporate counsel voted in a range of categories across hundreds of software and services providers in the legal industry.
Sedona Working Group 6, Data Privacy Best Practices & Brexit
QA with Craig Earnshaw, Senior Managing Director, FTI Technology
Sophie Ross Discusses FTI’s Approach to Unlocking Foreign Language E-Discovery
Given the global nature of e-discovery today, the need to review documents in multiple languages is a challenge facing an increasing number of corporate legal teams. Even the most sophisticated legal departments, with fine-tuned e-discovery processes, still struggle with the review phase when non- English language documents are involved.
Multi-National E-Discovery During Privacy Shield Limbo
In October, the High Court of the European Union made a ruling that nullified the existing Data Safe Harbor agreement between the EU and the U.S., which since 2000, outlined rules allowing the transfer of protected data from Europe across our borders. The safe harbor agreement provided a way for U.S. companies to migrate personal data originating in the EU, to the U.S. for e-discovery and regulatory purposes, in a way that was consistent with the EU Data Protection Directive.
Understanding the Impact of Anti-Forensics Techniques
As a computer forensics investigator, FTI Consulting’s Bryan Lee examines evidence of corporate employees stealing data, embezzling company funds, committing fraud, and performing a wide range of other nefarious activities. In many of the cases Bryan has investigated, the employee attempts to cover their tracks using various methods such as deleting their internet history. Recently, there has been an upward trend in users altering their computer prior to performing their intended actions.
Monumental Ruling on Predictive Coding in the UK
By now you have probably heard about the February 16th ruling in the case Pyrrho Investments and MWB Business Exchange v. MWB Property and others by Master Matthews of English High Court. In the ruling, Master Matthews outlines many of today’s e-discovery (or ‘e-disclosure’) challenges for litigants – the growing mountain of data for any-sized litigant, and the shortcomings of keyword searches.
Legaltech New York (LTNY) 2016
We’re excited to discuss some of the biggest trends impacting the legal industry at Legaltech New York (LTNY) 2016. Learn more about our day one panels featuring noted industry thought leaders from the bench, corporations and law firms.
2015 Winds Down Following Record Awards Season
FTI had a busy year in 2015 on many fronts – from the launch of Information Governance and Compliance Services and Ringtail 8.5 to important work on landmark cases, thought leadership at industry events and awards recognitions. Our teams have worked diligently to improve every year in providing clients with meaningful product innovation, the most seasoned experts and overall best legal software and services in the industry.
Show themes reflect e-discovery’s evolution from a niche concern to an area intrinsically connected with the biggest problems facing law, business and government today.
Dynamo Q&A with Expert Witness Jim Scarazzo
On September 17 Judge Buch of the U.S. Tax Court made an important ruling in favor of predictive coding in the Dynamo Holdings Limited Partnership, Dynamo GP, Inc., tax matters partner, et al v. Commissioner of Internal Revenue case. This is the Tax Court’s first ever opinion regarding how to conduct e-discovery, and FTI’s own Jim Scarazzo served as an expert witness in court and was cited several times in the ruling. Here is a short Q&A with Jim about the case and his involvement.
Study Uncovers E-Discovery Trends In Asia
Economic globalization is driving an increasing amount of activity in Asia, taking U.S.-based multi-national corporations to the Far East and into highly charged legal and compliance environments. This, intersecting with regulatory activity stemming from the Foreign Corrupt Practices Act (FCPA) and UK Bribery Act is driving increased e-discovery in Asia.
Dealing with Big Email in E-Discovery
David Grant, a senior managing director at FTI Technology, recently contributed a two-part article to InsideCounsel on the issue of big email, and how corporate legal departments can address the many challenges that result from an e-discovery standpoint. In the article, David offers counsel an alternative to the standard comprehensive review process that is undertaken at the outset of most e-discovery matters.
Advice from Counsel | Part 3: The Emerging E-Discovery Playbook
The first two posts in this series highlighted some fascinating findings from our annual Advice from Counsel study, providing recommendations for the top corporate e-discovery ‘plays’ according to legal departments at Fortune 1000 corporations. Some of the top practices touched on included preservation and collection, when to utilize service providers, tackling the uncertain waters of predictive coding and leveraging data re-use. In addition to the five overarching ‘plays’, the survey respondents also weighed in on other pressing matters that are impacting e-discovery today, and will continue to do so in the near future.
Advice from Counsel | Part 2: The Emerging E-Discovery Playbook
In an earlier post we introduced some interesting findings from our annual Advice from Counsel study and highlighted some in-sourcing and outsourcing trends that corporations are exhibiting as part of their overall corporate e-discovery playbook. While the previous post discussed “plays” around collection and preservation, as well as guidelines for choosing service providers this post will focus on the smart plays around predictive coding and data re-use.
Advice from Counsel | Part 1: The Emerging E-Discovery Playbook
Is there an ideal corporate model for e-discovery? One that can evolve as new challenges emerge, but still provide budget certainty and process efficiency? These are among the questions we explored with Fortune 1000 inside counsel for our annual Advice from Counsel study conducted in partnership with legal technology expert Ari Kaplan. The results are now in and they show, attorneys across the board moving toward a corporate ‘playbook’ that will guide e-discovery in the coming years.
Advice from Counsel | Information Governance, Baseball, Plain White T’s
In early June, we invited in-house e-discovery professionals from D.C., Virginia and Maryland to the latest Advice from Counsel summit. It was an informative gathering with lively roundtable discussions amongst peers on interesting e-discovery topics such as: judges ordering the use of predictive coding, indexing data by concepts, the practicality of co-operation and disclosure of predictive coding to opposing counsel, whether it’s possible to conduct privilege reviews using predictive coding and even securing executive buy-in for “spring cleaning” data remediation projects.
Advice from Counsel | LegalTech Insights
FTI will soon announce the full results of our annual Advice from Counsel (AFC) study in partnership with legal technology expert Ari Kaplan. This will be the fifth year we have studied key challenges, habits and trends at Fortune 1000 corporate legal departments, and delved into discussions with these organization’s counsel and e-discovery experts to bring forth practical advice and insights to the industry.
Part 2: Beyond the hype – Common Use Cases for Predictive Coding
Part 1 of this post introduced some strategies for combining predictive coding with analytics technologies that were discussed on one of FTI’s LegalTech panels in February. Senior managing director Kathryn McCarthy moderated the discussion with Honorable Judge Andrew J. Peck, Jason Lichter from Pepper Hamilton and Eric Leiber of Toyota Motor Sales. In addition to covering case law around predictive coding, they offered three key use cases for when these technologies can best be applied together. In the earlier post, we summarized their recommendations for second requests. Here we discuss internal investigations and depositions.
Part 1: Beyond the Hype – Common Use Cases for Predictive Coding
Predictive coding is overhyped to the extent that while few legal teams consistently use it, the topic itself is practically passé. Yet in conversation corporate counsel and law firm attorneys express the need to cut through the hype and understand how to use and defend predictive coding.
Predictive Coding: Unanswered Questions?
Just one more week to Legal Tech New York and the panels are putting the finishing touches on presentation materials. Our 10:30 am session on Wednesday the 5th covers predictive coding from a different angle than most conference sessions. First, we’re fortunate to have distinguished legal professionals representing the bench, corporate in-house teams, as well as law firm counsel. Secondly, the focus will be on practical advice for using predictive coding for three common use cases – Second Requests, in-house investigations and litigation. And last but not least, the panel will discuss some of the unanswered questions as it relates to predictive coding. This includes the debate on whether or not to disclose the use of predictive coding, the role of keywords, and also knowing when predictive coding may not be well-suited for your case.
If you’ve ever been asked “what are the rules?” when it comes to collecting, processing or reviewing data overseas, or if you’ve ever asked that question, this is the LegalTech session for you. Our expert panel with diverse profiles – law firm, corporation, analyst firm – have all been asked at one time or another to quickly sum up the data privacy rules. How is China different than Brazil? What if employees sign consent forms upon hiring? How does the Snowden/NSA leaks change the game?
LegalTech New York Panelists Announced
You’ve heard the theoretical discussions on e-discovery – now learn the actionable steps to manage it in a faster, defensible, cost-effective and strategic manner. These practical, interactive sessions will focus on how inside counsel and law firms can utilize new technology and processes to take control of e-discovery.
The National Law Journal just published an article co-authored by Richard Kershaw of FTI Technology and Mike Vella of Jones Day, on the important topic of e-discovery in China. Both of these professionals have extensive experience managing matters from this region, and the article is a must-read for any legal team with offices in China. State-secrecy laws, the intersection of “BYOD” (bring your own device) and investigations, and other common scenarios are discussed.
Abe Lincoln Used Visualizations, Too
It’s easy to think that the world’s move towards more visual representations of data is relatively new. Think of the increased number of infographics in newspapers, GIFs on the web or even icons on your desktop. But in fact, did you know that the first infographic was invented in 1786? And that even Abe Lincoln appreciated how infographics were able to convey complex information in a simple manner?
Compliance Week West: Data-Intensive Investigations in an Age of Evolving Compliance Standards
FTI Technology experts speak at numerous events in any given year, and the audience is often comprised of counsel with e-discovery responsibilities. This Compliance Week West event in Menlo Park, California, was a nice opportunity for us to present to a different audience – compliance and risk officers – on a very important issue impacting both e-discovery and compliance professionals: data-intensive investigations.
What’s the cure for a BYOD headache? Our consultants are asked this almost daily. And of course, while there isn’t an easy answer to this question, the risks BYOD pose are very real (i.e. IP theft, etc.). As a follow-up to his ARMA 2013 panel on collection best practices, Technology’s Veeral Gosalia outlined some of the complications and best practices with BYOD and e-discovery in a Tech Target article this week.
Can Predictive Coding Provide Greater Information Governance? – ARMA 2013
These two terms – “predictive coding” and “information governance” – generate a lot of industry buzz but our most recent Advice from Counsel survey results indicate adoption is lagging. So this ARMA 2013 conference session was designed to provide ARMA attendees with practical knowledge of predictive coding and examples of how leading-edge companies are using it for more than just e-discovery.
How is Case Law Impacting Record Managers and Self-Collection? – ARMA 2013
As ARMA evolves into an organization focused on helping companies address information governance challenges, we were proud to participate in the ARMA 2013 conference with two stellar panels.
FCPA Investigations and Data Privacy
If you’re involved in FCPA investigations, or any type of cross-border discovery matter, take a minute to download survey results of 114 FCPA professionals. In it, respondents share their thoughts on key trends and best practices for matters ranging from FCPA, the U.K. Bribery Act, and whistleblower investigations.
Assessing Your Budget Transparency
How much do you spend on e-discovery each year? Or on each matter? If you don’t yet have a process in place to calculate e-discovery costs and measure ROI of your e-discovery program, you’re not alone.
KMWorld Names Ringtail as a "Trend Setting Product"
It’s always nice to receive industry recognition, especially for products and services that provide tangible benefits for clients. This year, KMWorld named the software as a service (SaaS) version of Ringtail as a trend-setting product.