Posts By :

Tom O'Connor

eDiscovery Project Management from Both Sides: eDiscovery Best Practices, Part Three

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.  He has also been a great addition to our webinar program, participating with me on several recent webinars.  Tom has also written several terrific informational overview series for CloudNine, including his most recent one, Preparing for Litigation Before it Happens, which we covered as a webcast on September 26.  Now, Tom has written another terrific overview regarding pre-litigation considerations titled eDiscovery Project Management from Both Sides that we’re happy to share on the eDiscovery Daily blog.  Enjoy! – Doug

Tom’s overview is split into four parts, so we’ll cover each part separately.  Part one was covered on Monday and part two was covered on Wednesday.  Here’s the third part.

The Lawyer’s Perspective to Project Management

What do lawyers think about this PM discussion? Do they think about it all? First let’s consider what they want from their ED project. Well that’s easy. They want to win their case.

And they want to adequately anticipate and minimize costs while they are winning. As Mike puts it “Clients expect not just cost predictability, but also cost containment.”

Mark Cohen, well known legal commentator and founder of legal delivery consultancy, Legal Mosaic, has been talking about this process for a number of years. In his article 7 Things Lawyers Should Know About Project Management, he defined Project Management as “the application of knowledge, skills and techniques to execute projects effectively and efficiently. It is considered a strategic competency for organizations, enabling them to tie project results to business goals — and thus, better compete in their markets. In its simplest form, Project Management defines the desired result, methodically structures the work into manageable pieces, and provides a framework of business and technology processes to achieve the result efficiently and economically.”

Mark also clearly differentiated PM from delivering a matter for a set price, which he felt was not only has a narrower definition than PM but also is a strategy not well suited to the many changes which often occur in an ESI project. These “unexpected turns”, as Mark calls them, a matter can take are better handled by a change order written into the PM Statement of Work/Engagement Letter.

Marks final thoughts were a nod to the global isolation of the US legal market in working with non-lawyers. He said: “Lawyers should familiarize themselves with project management skills because, without them, they may ultimately find non-lawyers taking charge of integrating and delivery their services, thereby reducing lawyers to a more marginal role in the overall process.”

Another consultant who has advocated PM for many years is Dennis Kennedy, a well-known legal tech commentator who recently retired as VP & Senior Counsel of Digital Payment and Labs at Master Card and is now an adjunct professor of law at Michigan State U School of Law. I clearly remember a 2010 podcast Dennis did with Tom Mighell on the Legal Talk Network called Lawyers as Project Managers, and remember thinking at the time that he was well ahead of the curve on the subject.

More recently, he was a member of a panel discussing PM published by Law Technology Today called Defining Legal Project Management.  In that discussion, Dennis, much like Mike Quartararo, felt that legal PM is based on general PM principles.

But Dennis went one step further saying:

“Lawyers tend to think that everything they do is unique and special. Other than existing in the legal context, I don’t see legal project management as being anything different than general project management.”

He did feel that trained PM managers were a plus because:

“most lawyers don’t learn project management techniques, the results can be hit or miss. You have to know your strengths and weaknesses. I’d want to hire a project manager. You might want to take on that role yourself. You need to take a hard and realistic look at yourself.”

Either way, he did feel that PM is:

“not a fad at all. I see it as a very important trend to watch. Certain clients will start to insist on lawyers using project management and other standard business workflow and process tools.”

He and his fellow panelists pointed to some excellent PM resources for lawyers including the Corporate Legal Operations Consortium, the ABA’s Law Practice Division Legal Project Management Interest Group, the Association of Corporate Counsel Legal Operations, Legal Marketing Association’s P3 Practice Innovation Conference, the True Value Partnering Institute, and the Law Vision Group LPM Roundtable.

We’ll publish Part 4 – Conclusion – next Monday.

So, what do you think?  How does your organization apply project management to your eDiscovery projects?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

eDiscovery Project Management from Both Sides: eDiscovery Best Practices, Part Two

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.  He has also been a great addition to our webinar program, participating with me on several recent webinars.  Tom has also written several terrific informational overview series for CloudNine, including his most recent one, Preparing for Litigation Before it Happens, which we covered as a webcast on September 26.  Now, Tom has written another terrific overview regarding pre-litigation considerations titled eDiscovery Project Management from Both Sides that we’re happy to share on the eDiscovery Daily blog.  Enjoy! – Doug

Tom’s overview is split into four parts, so we’ll cover each part separately.  Part one was covered on Monday.  Here’s the second part.

The Project Manager’s Perspective to Project Management

How do project managers define their role? Well Mike sets it out on his company website when he says:

Project management is the structured application of skill, knowledge, tools and techniques to organize activities and bring about a desired outcome that meets a project or business need. While this may seem abstract, it is really quite simple: In the business world, even in a professional service field like the legal industry, there are business needs or goals that an organization may have interest in achieving. Organizations engage the person with the right skills, knowledge and talent to achieve these objectives and manage the necessary work. That person is a project manager. Project managers use their industry experience, education and training to complete tasks and the overall project work. They understand the resources, tools and workflows necessary. They are able to interact with people and organizations to perform the actual work. But project management is not a single “thing” or practice. It is not a specific tool that one simply picks up and transposes over the work in a particular industry. Rather, it is an operational theory and series of practices; a way of thinking; a methodical, disciplined approach to outcome-oriented work. There are principles, defined practices, tools and techniques involved, but more than any one thing, project management is an organizational tool. It is a framework that facilitates efficiency, quality, cost, and risk containment. Project management in the context of legal support also involves leadership of people…

He then goes on to offer some useful definitions, including:

  • Project: A temporary, non-routine endeavor limited by scope, time, and cost that creates a unique product, service, or result.
  • Project management: The structured application of skill, knowledge, tools, and techniques to organize project activities designed to efficiently bring about a desired outcome.
  • Project manager: The person possessing the applicable skill, knowledge, and talent, who is assigned by an organization and responsible for actively managing the project.
  • Process: The discreet steps, actions, or operations one takes to achieve project objectives, the tools used, and an understanding of what each part of a project will look.

But perhaps most important is that Mike feels quite strongly that “eDiscovery PM comes only after you have a firm grounding in general project management principles. Those principles are ideally suited to a project which has repetitive and dependent tasks, a variety of people and organizations involved and the need to better manage scope, timing, and costs.” ( https://www.relativity.com/blog/the-anatomy-of-project-management/ , August 29, 2016).

Which of these principles can we use in eDiscovery?  I’d suggest the following points made by Mike as being the most critical:

  1. Cost: The ability to estimate, budget, and manage the costs of the project.
  2. Scope: What Mike calls “What does done look like?”
  3. Time: The Project Management Lifecycle to avoid missed deadlines and fragmented schedules which lead to added cost
  4. Tools & Techniques: What tools are required, including written protocols or best practices?
  5. Output: requirements during and at the conclusion of an ESI project

I should note that Mike goes into even more detail when discussing the Project Management Lifecycle. He breaks the lifecycle down into five Project Management Process Groups. He describes this as a framework which he describes in this graphic:

Mike also goes on to say that the lifecycle does not end here. Within each process group there are areas of responsibility that a project manager must focus on throughout a project.

Known as the Knowledge Areas, these are the core process elements in each of the five process groups:

  • Integration management
  • Human resource management
  • Scope management
  • Communication management
  • Time management
  • Risk management
  • Cost management
  • Procurement management
  • Quality management
  • Stakeholder management

All of these provide a framework for the project manager to estimate, budget, and manage a project. And these traditional project management methodologies work equally well in the e-discovery context. As Mike said in the blog post quoted above, “Doing things like planning, communicating, setting clear expectations, figuring out what ‘done’ looks like, [are] just a sensible means of approaching litigation and e-discovery in particular,”

We’ll publish Part 3 – The Lawyer’s Perspective to Project Management – on Friday.

So, what do you think?  How does your organization apply project management to your eDiscovery projects?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

eDiscovery Project Management from Both Sides: eDiscovery Best Practices

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.  He has also been a great addition to our webinar program, participating with me on several recent webinars.  Tom has also written several terrific informational overview series for CloudNine, including his most recent one, Preparing for Litigation Before it Happens, which we covered as a webcast on September 26.  Now, Tom has written another terrific overview regarding pre-litigation considerations titled eDiscovery Project Management from Both Sides that we’re happy to share on the eDiscovery Daily blog.  Enjoy! – Doug

Tom’s overview is split into four parts, so we’ll cover each part separately.  Here’s the first part.

Introduction

I’m going to show my age now and quote an old Joni Mitchell song:

I’ve looked at clouds from both sides now
From up and down and still somehow
It’s cloud’s illusions I recall
I really don’t know clouds at all

That’s how I feel about Project Management, which we’ll refer to as PM for the remainder of this article. PM has been a major topic at trade shows recently, especially when Mike Quartararo is speaking. Why?

Well first because Mike’s discussions on how to handle PM are thoughtful and comprehensive. He is a graduate of the State University of New York, after which he studied law for one year at the University of London. He is a certified Project Management Professional (PMP) and a Certified E-Discovery Specialist (CEDS).  And he was the Director of Litigation Support at Stroock & Stroock & Lavan LLP in New York for 10 years.  Now, Mike has his own consultancy practice at eDPM Advisory Services.

And perhaps most important, Mike has literally written the book on the subject. It is called Project Management in Electronic Discovery: An Introduction to Core Principles of Legal Project Management and Leadership In eDiscovery and is available on his web site, www.eDiscoveryPM.com (and also on Amazon here).

But after listening to Mike speak at the recent ILTACON18 conference, Doug Austin mentioned to me that it seemed there is another side to PM that is being ignored, that of the lawyer’s opinion on the subject.  Since discovery is the most time-consuming and expensive aspect of litigation, managing it effectively is always a concern of the lawyers but we seldom hear what they think of all the talk about PM. So, let’s look at the issue from both sides now.

We’ll explore the implementation of eDiscovery project management from both sides, as follows:

  1. The Project Manager’s Perspective to Project Management
  2. The Lawyer’s Perspective to Project Management
  3. Conclusion

We’ll publish Part 2 – The Project Manager’s Perspective to Project Management – on Wednesday.

So, what do you think?  How does your organization apply project management to your eDiscovery projects?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Preparing for Litigation Before it Happens: eDiscovery Best Practices, Part Seven

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.  He has also been a great addition to our webinar program, participating with me on several recent webinars.  Tom has also written several terrific informational overview series for CloudNine, including eDiscovery and the GDPR: Ready or Not, Here it Comes (which we covered as a webcast), Understanding eDiscovery in Criminal Cases (which we also covered as a webcast), ALSP – Not Just Your Daddy’s LPO, Why Is TAR Like a Bag of M&M’s?, eDiscovery for the Rest of Us (which we also covered as a webcast) and Litigate or Settle? Info You Need to Make Case Decisions (which is our next scheduled webcast on August 29th).  Now, Tom has written another terrific overview regarding pre-litigation considerations titled Preparing for Litigation Before it Happens that we’re happy to share on the eDiscovery Daily blog.  Enjoy! – Doug

Tom’s overview is split into seven(!) parts, so we’ll cover each part separately.  Parts one, two and three were published last week, part four was published Monday, part five was published Tuesday and part six was published yesterday.  Here’s the seventh and final part.

BTW, in addition to exhibiting at ILTACON in National Harbor, MD next week in booth 936, CloudNine will also host a happy hour on Tuesday, August 21 from 4:30 to 6:30pm ET at the National Harbor’s Public House (click here to register).  Come and get to know CloudNine, your provider for LAW PreDiscovery®, Concordance® and the CloudNine™ SaaS platform!  We want to see you!

Concluding Remarks

An IG strategy will depend entirely upon the business practice of your client and their various needs, including but not limited to proactive handling of eDiscovery matters for litigation.

ARMA suggests five main guidelines for building out the IG strategy that provide terrific guidance for any organization looking to implement or improve its IG program.  They are:

1) Think big but start small: A good data governance process has three components: people, process and technology. Start by identifying and hiring the right people, then define a process, and finish by sourcing the technology to get the job done.

2) Build a business case: I had a client tell me once, “anyone can tell me what my problem is, Tom. You suggest solutions.”  What are your goals? What are you trying to improve and how will the IG policy do it? Show an ROI to drive the change.

3) Metrics: You must be able to measure progress and display success to make your plan succeed. And since the plan will most likely take time to implement, use metrics to set milestones and measure progress.

4) Communicate: Regular and consistent communication is essential to show progress and correct problems that may arise during implementation.  Include not just team members but all people in the organization with an emphasis on key players.

5) Get buy in: The project must become part of the business not something with a beginning and end date.  You are making changes, not a product. Get buy in from everyone.

With an increased concentration on the two-fold concerns of privacy and security, IG has become more important than ever.  These five guidelines can help your organization more efficiently and cost-effectively manage its data, enabling it to accomplish its organizational IG goals.

So, what do you think?  Does your organization have a plan for preparing for litigation before it happens?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Preparing for Litigation Before it Happens: eDiscovery Best Practices, Part Six

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.  He has also been a great addition to our webinar program, participating with me on several recent webinars.  Tom has also written several terrific informational overview series for CloudNine, including eDiscovery and the GDPR: Ready or Not, Here it Comes (which we covered as a webcast), Understanding eDiscovery in Criminal Cases (which we also covered as a webcast), ALSP – Not Just Your Daddy’s LPO, Why Is TAR Like a Bag of M&M’s?, eDiscovery for the Rest of Us (which we also covered as a webcast) and Litigate or Settle? Info You Need to Make Case Decisions (which is our next scheduled webcast on August 29th).  Now, Tom has written another terrific overview regarding pre-litigation considerations titled Preparing for Litigation Before it Happens that we’re happy to share on the eDiscovery Daily blog.  Enjoy! – Doug

Tom’s overview is split into seven(!) parts, so we’ll cover each part separately.  Parts one, two and three were published last week, part four was published Monday and part five was published Tuesday.  Here’s the sixth part.

BTW, in addition to exhibiting at ILTACON in National Harbor, MD next week in booth 936, CloudNine will also host a happy hour on Tuesday, August 21 from 4:30 to 6:30pm ET at the National Harbor’s Public House (click here to register).  Come and get to know CloudNine, your provider for LAW PreDiscovery®, Concordance® and the CloudNine™ SaaS platform!  We want to see you!

One Reason Why IG is Not More Popular

I have developed one theory for why formal IG policies and software have not been used more widely. It is that the increased improvements in and use of technology to analyze data and find patterns in Big Data has preempted more widespread use of IG applications.

This is not a new phenomenon.  Knowledge Management pioneers were doing this type of development years. People like Ron Friedmann, Partner at Fireman & Co. and Peter Krakaur, Vice President of Legal Business Solutions at United Lex, were building home-grown systems at their firms (Ron at Wilmer Cutler Perkins in the early 90’s and Peter at Brobeck Phleger & Harrison came in the early 2000’s) to share, use and manage internal information.  These KM systems were the first multidisciplinary approach to achieving organizational objectives by making the best use of enterprise wide knowledge

Search engines were not unique but later came blazingly fast search engines like X1.  Using indexing across more than 500 filetypes, X1 allowed unified searching through their local data indices across multiple data types with a user-friendly interface.

Then came Google with it’s equally fast web-based searching. Google wanted to index all the information they were collecting and then present meaningful results to users. There was nothing on the market that would do that, so they built their own platform which eventually came to be the open source project Nuch. Hadoop was spun-off from that and Yahoo then helped develop Hadoop for enterprise applications.

Both Google and then Hadoop were designed to search large amounts of data that didn’t fit into tables and could benefit from analytical searching. Further, Hadoop was designed to run on a large number of machines that don’t share either memory or disks, so users could buy their own servers, link them together and run Hadoop on each one. The result is you can have organizational data on multiple separate servers and Hadoop is good at dealing with data spread across multiple servers.

So, as the data environment became one where early systems in limited domains were struggling to find distributed data, the need arose for this new generation of knowledge management solutions using semantic and linguistic capabilities that could provide system wide information access in a non-structured way.

Ralph Losey made the point best when he observed that AI-Enhanced Big Data Search Will Greatly Simplify Information Governance” (in this blog post here).  Why? Because as he put it,

In order to meet the basic goal of finding information, Information Governance focuses its efforts on the proper classification of information. Again, the idea was to make it simpler to find information by preserving some of it, the information you might need to access, and destroying the rest. That is where records classification comes in.

This creates a basic problem for Information Governance because the whole system is based on a notion that the best way to find valuable information is to destroy worthless information. Much of Information Governance is devoted to trying to determine what information is a valuable needle, and what is worthless chaff. This is because everyone knows that the more information you have, the harder it is for you to find the information you need. The idea is that too much information will cut you off. These maxims were true in the pre-AI-Enhanced Search days, but are, IMO, no longer true today, or, at least, will not be true in the next five to ten years, maybe sooner.

The interesting point is that Ralph said this in 2014.  That’s right. Four years ago.  So maybe the issue with lack of IG deployment is that were undergoing the same realization that Ralph articulated and were drifting away from IG programs into more analytics-based programs that they could build themselves.

As I pointed out above, business data can be regulated by hundreds if not thousands of federal, state and local laws which require different types of information to be preserved for different lengths of time. Information governance thus became a very complicated legal analysis problem and building an IG policy around this “records life-cycle” paradigm to reflect those requirements might have made sense in a paper world.

But Big Data in the ESI world is cheap to store and easy to search, especially with the new analytic algorithms and the new paradigm is what Ralph calls “Save and Search v. Classify and Delete.”  Ralph also likes to call all this new analytic power “AI.” I myself think that’s an underdefined and over used label but is the name really important? If I can use a newer analytical search product such as Brainspace or Heureka to effectively comb through massive amounts of corporate data and then see trends and links among users and data types I’m not sure that it matters what we call it.

To sum up, Ralph sees three big advances in the field of search analytics that are dictating the new alternatives to IG: Big Data, cheap parallel computing and better algorithms. All three of those combine to make IG systems less important as clients learn to adopt aggressive search strategies with new technology that allow them to find data for both corporate strategy and litigation avoidance.

We’ll publish Part 7 – Concluding Remarks – tomorrow.

So, what do you think?  Does your organization have a plan for preparing for litigation before it happens?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Preparing for Litigation Before it Happens: eDiscovery Best Practices, Part Five

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.  He has also been a great addition to our webinar program, participating with me on several recent webinars.  Tom has also written several terrific informational overview series for CloudNine, including eDiscovery and the GDPR: Ready or Not, Here it Comes (which we covered as a webcast), Understanding eDiscovery in Criminal Cases (which we also covered as a webcast), ALSP – Not Just Your Daddy’s LPO, Why Is TAR Like a Bag of M&M’s?, eDiscovery for the Rest of Us (which we also covered as a webcast) and Litigate or Settle? Info You Need to Make Case Decisions (which is our next scheduled webcast on August 29th).  Now, Tom has written another terrific overview regarding pre-litigation considerations titled Preparing for Litigation Before it Happens that we’re happy to share on the eDiscovery Daily blog.  Enjoy! – Doug

Tom’s overview is split into seven(!) parts, so we’ll cover each part separately.  Parts one, two and three were published last week and part four was published yesterday.  Here’s the fifth part.

BTW, in addition to exhibiting at ILTACON in National Harbor, MD next week in booth 936, CloudNine will also host a happy hour on Tuesday, August 21 from 4:30 to 6:30pm ET at the National Harbor’s Public House (click here to register).  Come and get to know CloudNine, your provider for LAW PreDiscovery®, Concordance® and the CloudNine™ SaaS platform!  We want to see you!

Basic Information Governance Solutions

One option, as mentioned above, is to design your own IG structure. An interesting option in that regard is that if you already use the Office 365 operating system, Microsoft has a Compliance Manager add on for Azure, Dynamics 365, and Office 365 Business and Enterprise subscribers operating in a public clouds infrastructure.

Compliance Manager allows an organization to build a custom process to manage all compliance activities from one place with three key capabilities:

  • Perform on-going risk assessments, now with Compliance Score

Compliance Manager is a cross-Microsoft Cloud services solution designed to help organizations meet complex compliance obligations, including the EU GDPR, ISO 27001, ISO 27018, NIST 800- 53, NIST 800- 171, and HIPAA[2].

  • Provides actionable insights from a certification/regulation view

Compliance Manager builds a connection between data protection capabilities and regulatory requirements, enabling users to know which technology solutions they can leverage to meet certain compliance obligations. One centralized view shows customer actions for each certification or regulatory control, and the specific actions recommended for each control. This includes step-by-step guidance through implementing internal controls and developing business processes for the organization.

  • Simplifies management of compliance activities with the capability to create multiple assessments for each standard and regulation

Compliance Manager enables assigning, tracking, and recording compliance activities to collaborate across teams and easily manage documents for creating audit reports.  This group functionality allows multiple assessments for any standard or regulation that is available in Compliance Manager by time, by teams, or by business units.

For example, you can create a GDPR assessment for the 2018 group and another one for the 2019 group. Similarly, you can create an ISO 27001 assessment for your business units located in the U.S. and another one for your business units located in Europe.

You can learn more about Compliance Manager in the white paper, Simplify your Compliance Journey with Service Trust Portal and Compliance Manager (downloadable here) or on the Compliance Manager support page.

A second method for creating an IG structure is to use the EDRM Information Governance Reference Model (IGRM).  As mentioned at the onset of this paper, IG was largely ignored when the EDRM started. That is not the case now as the updated EDRM wall poster diagram below illustrates.  

IGRM is one of 8 projects within the EDRM.net organization, and as such is specifically designed to help eDiscovery projects. While the well-known diagram of the EDRM illustrates a model for electronic discovery, the IGRM diagram (shown at the top of this blog post) illustrates a more detailed model for information management.

IGRM provides a framework for cross functional and executive dialogue and serves as a catalyst for defining a unified governance approach to information.  It is available to corporations, analyst firms, industry associations and other parties as a tool for communicating with and to organization stakeholders on responsibilities, processes and practices for information governance.

The IGRM diagram is a responsibility model rather than a document or case life cycle model and as such, can be used in a variety of industries and companies.  It helps to identify the stakeholders, define their respective “stake” in information, and highlights the intersection and dependence across these stakeholders.

The diagram was developed from multiple key inputs, including:

  • Interested parties with expertise in RIM, Discovery, and Information Management
  • Community effort
  • Series of bi-weekly sessions over more than 12 months
  • Socialized with more than 350 Compliance, Governance and Oversight Council (CGOC) corporate member practitioners in several CGOC meetings, and broadly distributed to over 750 CGOC member practitioners

The CGOC also issued a survey of corporate practitioners which showed:

  • 100% of respondents stating that defensible disposal was the purpose of information governance practice
  • Two-thirds of IT and one-half of RIM respondents said their current responsibility model for information governance didn’t work
  • 80% of respondents across legal, IT, and RIM said they had little or very weak linkage between legal obligations for information and records management and data management

You can link to the survey’s preliminary results here: http://www.cgoc.com/webinars/introduction-to-imrm

As you can see at the top of this blog post, the IGRM model has an outer ring of stakeholder groups including business users who need information to operate the organization, IT departments who must implement the mechanics of information management, and legal, risk, and regulatory departments who understand the organization’s duty to preserve information beyond its immediate business value.  In the center of the diagram is a workflow, or lifecycle diagram.  The information basics are distilled out, with the notable inclusion of “dispose” as the end state of information. Note the “information gates” in the middle, where information accumulates.

You can read more about how to use the IGRM model here.

Once comfortable with the components of the IGRM diagram, there are tools that provide the “next level” detail from the IGRM. One example is the CGOC’s process maturity model which outlines 13 key processes in eDiscovery and information management. Each process is described in terms of a maturity level from one to four – completely manual and ad hoc to greater degrees of process integration across functions and automation.

We’ll publish Part 6 – One Reason Why Information Governance is Not More Popular – on Thursday.

So, what do you think?  Does your organization have a plan for preparing for litigation before it happens?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Preparing for Litigation Before it Happens: eDiscovery Best Practices, Part Four

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.  He has also been a great addition to our webinar program, participating with me on several recent webinars.  Tom has also written several terrific informational overview series for CloudNine, including eDiscovery and the GDPR: Ready or Not, Here it Comes (which we covered as a webcast), Understanding eDiscovery in Criminal Cases (which we also covered as a webcast), ALSP – Not Just Your Daddy’s LPO, Why Is TAR Like a Bag of M&M’s?, eDiscovery for the Rest of Us (which we also covered as a webcast) and Litigate or Settle? Info You Need to Make Case Decisions (which is our next scheduled webcast on August 29th).  Now, Tom has written another terrific overview regarding pre-litigation considerations titled Preparing for Litigation Before it Happens that we’re happy to share on the eDiscovery Daily blog.  Enjoy! – Doug

Tom’s overview is split into seven(!) parts, so we’ll cover each part separately.  Part one was published last Monday, part two was published last Wednesday and part three was published last Friday.  Here’s the fourth part.

BTW, in addition to exhibiting at ILTACON in National Harbor, MD next week in booth 936, CloudNine will also host a happy hour on Tuesday, August 21 from 4:30 to 6:30pm ET at the National Harbor’s Public House (click here to register).  Come and get to know CloudNine, your provider for LAW PreDiscovery®, Concordance® and the CloudNine™ SaaS platform!  We want to see you!

Who Uses Information Governance?

The first problem with IG policies is that not everyone has one. A 2014 Rand study found that 44% of companies didn’t have any formal data governance policy and 22% of firms without a data policy had no plans to implement one.

This situation has not changed substantially since then.  In November 2017, data governance company erwin partnered with survey company UBM to ask business technology professionals at large organizations about their attitudes on data governance.

Their report was based on a survey of North American companies with more than 1,000 employees across more than 16 industries and included CIOs, CTOs, data center managers and directors, IT staff, and consultants. While the respondents agreed that IG is an important issue, nearly four in 10 of them said they do not have a separate budget for data governance and 46% do not have a formal strategy for it. So, while organizations continue to show awareness of the importance of data governance within their company, nearly half are not acting on that awareness.

The result of this inactivity? Inefficiency. According to the Thomson Reuters report, Cost of Compliance 2017, 32 percent of companies spend more than 4 hours per week creating and amending audit reports. Just audit reports. Imagine the time spent on other issues such as privacy or potential litigation.

SPECIFIC EXAMPLES

Statutes of Limitation

“Statute of limitations” or “limitation of action” are, of course, laws prescribing the time periods during which legal actions or lawsuits may be initiated. And once the statute of limitations time has passed, no future legal action may be brought related to the incident in question.

Once a legal action has commenced, either party may uncover relevant information which may be in the possession of the other party under the applicable rules of discovery. But if the statute of limitations has tolled, a business may delete relevant records and thus the SOL acts as a simple de facto IG policy.

Some types of matters may have special statutes of limitations. EG, most states specify that the statute of limitations related to personal injury begins at the time the actual injury occurs. Since this could be years after the product was brought to market, the manufacturer and/or distributor may be responsible for an extended period of time for product defects of various types.

Architects, engineers, and contractors may have similar concerns related to construction projects, although only in those locations where the construction occurred.  The requirements for those specific states need to be reviewed in detail before making an IG decision with regards to construction related records.

Records Retention

Typically, when asked about IG, attorneys will say it is a records retention policy. And traditionally, lawyers have advised their clients to “retain records forever in case they are sued”. As a result, the development of effective records retention programs has sometimes been thwarted based upon the mistaken belief that records must be kept for long periods in case they may be needed in litigation.

Records can often effectively be destroyed under an approved records retention program prior to the culmination of the statute of limitations period. When records have been destroyed prior to the start of litigation, they will not be available to the adverse party and so court rules prohibit record destruction while litigation or government investigation related to those records are imminent or pending.

The disadvantages then, of not having records that may be needed in litigation must also be balanced against the cost and inefficiencies associated with maintaining valueless records. Some questions related to these determinations include the following:

  • What are the chances of litigation?
  • In case of litigation, which party would have the burden of proof?
  • When does the statute of limitations take effect?

Regulations

Some statutes, such as those mentioned above, may result in extended liability for an organization since a legal action may be brought at any time. Think, for example, of a construction defect case, where the action may not arise until the defect becomes apparent and/or someone is injured. In addition, industry specific regulations in areas such as gaming or insurance can vary from state to state. An interesting example is an opinion by a member of the ARMA Board of Directors that new California Privacy Act is, in fact, a de facto American GDPR.  See https://www.arma.org/news/409199/

Healthcare Records

When it comes to IG standards for a specific profession, health care leads the way, under the guidance of the American Health Information Management Association (AHIMA).   AHIMA defines information governance as an “organization-wide framework for managing information throughout its lifecycle and for supporting the organization’s strategy, operations, regulatory, legal, risk, and environmental requirements.”

Their Information Governance Principles for Healthcare (IGPHC) provide a framework for healthcare organizations to enhance their ability to leverage information in order to achieve the organization’s goals and conduct their operations effectively while ensuring compliance with legal requirements and other duties and responsibilities.

IGPHC is a set of eight principles that are intended to inform an organization’s information governance strategy.  The eight principles, which incorporate the seven principles of ARMA mentioned above, are:

  • Accountability
  • Transparency
  • Integrity
  • Protection
  • Compliance
  • Availability
  • Retention
  • Disposition

They are described in great detail in the publication Evaluating the Information Governance Principles for Healthcare by Galina Datskovsky, PhD; Sofia Empel, PhD  and Ron Hedges, JD. (Ron of course is well known to people in the ESI arena as the former MJ from New Jersey and accomplished speaker and writer in the eDiscovery field.)

We’ll publish Part 5 – Basic Information Governance Solutions – tomorrow.

So, what do you think?  Does your organization have a plan for preparing for litigation before it happens?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Preparing for Litigation Before it Happens: eDiscovery Best Practices, Part Three

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.  He has also been a great addition to our webinar program, participating with me on several recent webinars.  Tom has also written several terrific informational overview series for CloudNine, including eDiscovery and the GDPR: Ready or Not, Here it Comes (which we covered as a webcast), Understanding eDiscovery in Criminal Cases (which we also covered as a webcast), ALSP – Not Just Your Daddy’s LPO, Why Is TAR Like a Bag of M&M’s?, eDiscovery for the Rest of Us (which we also covered as a webcast) and Litigate or Settle? Info You Need to Make Case Decisions (which is our next scheduled webcast on August 29th).  Now, Tom has written another terrific overview regarding pre-litigation considerations titled Preparing for Litigation Before it Happens that we’re happy to share on the eDiscovery Daily blog.  Enjoy! – Doug

Tom’s overview is split into seven(!) parts, so we’ll cover each part separately.  Part one was published on Monday and part two was published on Wednesday.  Here’s the third part.

BTW, in addition to exhibiting at ILTACON in National Harbor, MD later this month in booth 936, CloudNine will also host a happy hour on Tuesday, August 21 from 4:30 to 6:30pm ET at the National Harbor’s Public House (click here to register).  Come and get to know CloudNine, your provider for LAW PreDiscovery®, Concordance® and the CloudNine™ SaaS platform!  We want to see you!

General Principles for Information Governance

Assuming a company wanted to begin an IG initiative, are there any general principles to follow? The leading organization in this area is ARMA. Originally, ARMA was the acronym for the Association of Records Managers and Administrators. Over the years, the board of directors realized that records management had become a recognized and integral part of information governance, which is key to doing business. To reflect this change, they decided to discontinue using ARMA as an acronym and adopted “ARMA International” as a general descriptor of the association.

ARMA has 7 core principles it believes are the basis for any IG strategy. These Generally Accepted Recordkeeping Principles® (Principles) constitute a generally accepted global standard that identifies the critical hallmarks and a high-level framework of good practices for information governance – defined by ARMA International as a “strategic, cross-disciplinary framework composed of standards, processes, roles, and metrics that hold organizations and individuals accountable for the proper handling of information assets. Information governance helps organizations achieve business objectives, facilitates compliance with external requirements, and minimizes risk posed by sub-standard information-handling practices. Note: Information management is an essential building block of an information governance program.”

Published by ARMA International in 2009 and updated in 2017, the Principles are grounded in practical experience and based on extensive consideration and analysis of legal doctrine and information theory. They are meant to provide organizations with a standard of conduct for governing information and guidelines by which to judge that conduct and are, in fact, all contained with the eithht HIMA principles mentioned above.

Principle of Accountability: A senior executive (or a person of comparable authority) shall oversee the information governance program and delegate responsibility for information management to appropriate individuals.

Principle of Transparency: An organization’s business processes and activities, including its information governance program, shall be documented in an open and verifiable manner, and that documentation shall be available to all personnel and appropriate, interested parties.

Principle of Integrity: An information governance program shall be constructed so the information assets generated by or managed for the organization have a reasonable guarantee of authenticity and reliability.

Principle of Protection: An information governance program shall be constructed to ensure an appropriate level of protection to information assets that are private, confidential, privileged, secret, classified, essential to business continuity, or that otherwise require protection.

Principle of Compliance: An information governance program shall be constructed to comply with applicable laws, other binding authorities, and the organization’s policies. Principle of Availability: An organization shall maintain its information assets in a manner that ensures their timely, efficient, and accurate retrieval.

Principle of Retention: An organization shall maintain its information assets for an appropriate time, taking into account its legal, regulatory, fiscal, operational, and historical requirements.

Principle of Disposition: An organization shall provide secure and appropriate disposition for information assets no longer required to be maintained, in compliance with applicable laws and the organization’s policies.

We’ll publish Part 4 – Who Uses Information Governance? – next Monday.

So, what do you think?  Does your organization have a plan for preparing for litigation before it happens?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Preparing for Litigation Before it Happens: eDiscovery Best Practices, Part Two

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.  He has also been a great addition to our webinar program, participating with me on several recent webinars.  Tom has also written several terrific informational overview series for CloudNine, including eDiscovery and the GDPR: Ready or Not, Here it Comes (which we covered as a webcast), Understanding eDiscovery in Criminal Cases (which we also covered as a webcast), ALSP – Not Just Your Daddy’s LPO, Why Is TAR Like a Bag of M&M’s?, eDiscovery for the Rest of Us (which we also covered as a webcast) and Litigate or Settle? Info You Need to Make Case Decisions (which is our next scheduled webcast on August 29th).  Now, Tom has written another terrific overview regarding pre-litigation considerations titled Preparing for Litigation Before it Happens that we’re happy to share on the eDiscovery Daily blog.  Enjoy! – Doug

Tom’s overview is split into seven(!) parts, so we’ll cover each part separately.  Part one was published on Monday.  Here’s the second part.

BTW, in addition to exhibiting at ILTACON in National Harbor, MD later this month in booth 936, CloudNine will also host a happy hour on Tuesday, August 21 from 4:30 to 6:30pm ET at the National Harbor’s Public House (click here to register).  Come and get to know CloudNine, your provider for LAW PreDiscovery®, Concordance® and the CloudNine™ SaaS platform!  We want to see you!

What is Information Governance?

The most basic explanation, and one I have used for years, is that IG is the flip side of the ED coin. But before we define it, let’s take a look at what it is NOT.

Much like other discussions in other areas of eDiscovery, IG is not a product. It is, rather, a process that may incorporate several products depending upon the business type and their workflow.

Since IG is not a product, then it clearly cannot be a DMS.  Yet the most common response I received when I asked someone if they had an IG solution was, “yes, we use iManage/NetDocuments/Worldox”. A simple IG solution may include a Document Management System (DMS) product but the DMS itself is designed for the organization and search of only certain types of documents. It may have limitations on document types it can work with and almost always has a document size limit. Craig Bayer, the principal of legal document management firm Optiable, put it best when he said to me that “A DMS is not an enterprise data organization solution.”

And as a side note, for these same reasons and several others, the most important reason being that a DMS will change metadata when documents from outside the DMS are imported into it, a DMS is also not a good eDiscovery tool.  Again, it can be part of the ED workflow process but typically at the front end of that process. Thanks to Paul Unger, managing partner of the Columbus Ohio office of the Affinity Consulting Group for this tip.

So, now that we’ve discussed what is not IG, let’s talk about what it is.

IG, or as it’s also known data governance, is basically a set of rules and policies that have to do with a company’s data. These rules and policies can cover issues such as:

  • Security
  • Privacy
  • Data access
  • Data storage & maintenance
  • Data backup and/or disposal
  • Accountability for employees handling data

But the benefits of data governance don’t stop there. It can also help with:

  • Preventing isolated unregulated data storage
  • Making data accessible across the enterprise
  • Providing accurate, consistent data
  • Ensuring compliance with laws and regulations that govern data, such as the Sarbanes-Oxley Actor HIPAA

IG will also almost always involve some form of unstructured data, that is, information that either is not in a fielded form in databases or is annotated or otherwise semantically tagged in documents. Unstructured data is typically text-heavy but may contain other data such as dates and numbers. A 1998 Merrill Lynch study cited a rule of thumb that somewhere around 80-90% of all potentially usable business information may originate in unstructured form and this figure is still generally accepted as valid.

IG will always be proactive in dealing with corporate data, unlike eDiscovery which is reactive in nature But, because “data” can refer to so many different items, from email and word processing documents to A/V files and unique file types such as CAD drawing or x-rays, is it possible to have standardized best practices for all types of data usage or it is most likely that rules will be built for different business types?

In fact, different IG rules do exist for different professions and industries and some have their own data management tools. Examples include:

  • Health
  • Education
  • Business
  • Nursing
  • Manufacturing
  • Non-Profits

Other IG rules may spring up because they are imposed by entities outside the business. From something as simple as a statute of limitations to general records retention statutes or industry specific regulations and even statutory controls in areas such as privacy, external pressures on a company may force a need for a cohesive IG policy.

We’ll publish Part 3 – General Principles for Information Governance – on Friday.

So, what do you think?  Does your organization have a plan for preparing for litigation before it happens?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Preparing for Litigation Before it Happens: eDiscovery Best Practices

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.  He has also been a great addition to our webinar program, participating with me on several recent webinars.  Tom has also written several terrific informational overview series for CloudNine, including eDiscovery and the GDPR: Ready or Not, Here it Comes (which we covered as a webcast), Understanding eDiscovery in Criminal Cases (which we also covered as a webcast), ALSP – Not Just Your Daddy’s LPO, Why Is TAR Like a Bag of M&M’s?, eDiscovery for the Rest of Us (which we also covered as a webcast) and Litigate or Settle? Info You Need to Make Case Decisions (which is our next scheduled webcast on August 29th).  Now, Tom has written another terrific overview regarding pre-litigation considerations titled Preparing for Litigation Before it Happens that we’re happy to share on the eDiscovery Daily blog.  Enjoy! – Doug

Tom’s overview is split into seven(!) parts, so we’ll cover each part separately.  Here’s the first part.

BTW, in addition to exhibiting at ILTACON in National Harbor, MD later this month in booth 936, CloudNine will also host a happy hour on Tuesday, August 21 from 4:30 to 6:30pm ET at the National Harbor’s Public House (click here to register).  Come and get to know CloudNine, your provider for LAW PreDiscovery®, Concordance® and the CloudNine™ SaaS platform!  We want to see you!

Introduction

Information Governance (IG) has always been part of the eDiscovery landscape but not always a large part. Although it appears on one of the first Electronic Discovery Reference Model (EDRM) charts it was not discussed in any of the standards models and was typically not included in any detailed EDRM discussion.  Here is the early EDRM model chart from 2009 that became the initial standard – note how it wasn’t even called “Information Governance” back then, it was called “Information Management”.

IG was originally important for reducing the population of potentially responsive electronically stored information (ESI) that might be subject to litigation by helping organizations adopt best practices for keeping their information “house in order”.  But now with an increased concentration on the two-fold concerns of privacy and security, IG has become more important.  Good IG best practices and technologies can allow organizations to conduct data discovery on their organizations data, keep it secure, protect privacy and help lower potential litigation costs by archiving or disposing of records in a repeatable defensible manner.

We’ll explore the implementation of Information Governance best practices to help organizations better prepare for litigation before it happens, as follows:

  1. What is Information Governance?
  2. General Principles for Information Governance
  3. Who Uses Information Governance?
  4. Basic Information Governance Solutions
  5. One Reason Why Information Governance is Not More Popular
  6. Concluding Remarks

We’ll publish Part 2 – What is Information Governance? – on Wednesday.

So, what do you think?  Does your organization have a plan for preparing for litigation before it happens?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.