Year: 2012

Information Management Cost Reduction Strategies for Litigation

Bill Tolson Information Governance , , , , , ,

In these still questionable economic times, most legal departments are still looking for ways to reduce, or at least stop the growth, of their legal budgets. One of the most obvious targets for cost reduction in any legal department is the cost of responding to eDiscovery including the cost of finding all potentially responsive ESI, culling it down and then having in-house or external attorneys review it for relevance and privilege. Per a CGOC survey, the average GC spends approximately $3 million per discovery to gather and prepare information for opposing counsel in litigation.

Most organizations are looking for ways to reduce these growing costs of eDiscovery. The top four cost reduction strategies legal departments are considering are:

  • Bring more evidence analysis and do more ESI processing internally
  • Keep more of the review of ESI in house rather that utilize outside law firms
  • Look at off-shore review
  • Pressure external law firms for lower rates

I don’t believe these strategies address the real problem, the huge and growing amount of ESI.

Several eDiscovery experts have told me that the average eDiscovery matter can include between 2 and 3 GB of potentially responsive ESI per employee. Now, to put that in context, 1 GB of data can contain between 10,000 and 75,000 pages of content. Multiply that by 3 and you are potentially looking at between 30,000 and 225,000 pages of content that should be reviewed for relevancy and privilege per employee. Now consider that litigation and eDiscovery usually includes more than one employee…ranging from two to hundreds.

It seems to me the most straight forward and common sense way to reduce eDiscovery costs is to better manage the information that could be pulled into an eDiscovery matter, proactively.

To illustrate this proactive information management strategy for eDiscovery, we can look at the overused but still appropriate DuPont case study from several years ago.

DuPont re-looked at nine cases. They determined that they had reviewed a total of 75,450,000 pages of content in those nine cases. A total of 11,040,000 turned out to be responsive to the cases. DuPont also looked at the status of these 75 million pages of content to determine their status in their records management process. They found that approximately 50% of those 75 million pages of content were beyond their documented retention period and should have been destroyed and never reviewed for any of the 9 cases. They also calculated they spent $11, 961,000 reviewing this content. In other words, they spent &11.9 million reviewing documents that should not have existed if their records retention schedule and policy had been followed.

An information management program, besides capturing and making ESI available for use, includes the defensible deletion of ESI that has reached the end of its retention period and therefore is valueless to the organization.

Corporate counsel should be the biggest proponents of information governance in their organizations simply due to the fact that it affects their budgets directly.

Advertisement

Information Governance and Predictive Coding

Bill Tolson Uncategorized , , , , ,

Predictive coding, also known as computer assisted coding and technology assisted review, all refer to the act of using computers and software applications which use machine learning algorithms to enable a computer to learn from records presented it (usually from human attorneys) as to what types of content are potentially relevant to a given legal matter. After a sufficient number of examples are provided by the attorneys, the technology is given access to the entire potential corpus (records/data) to sort through and find records that, based on its “learning”, are potentially relevant to the case.

This automation can dramatically reduce costs due to the fact that computers, instead of attorneys conduct the first pass culling of potentially millions of records.

Predictive coding has several very predictable dependencies that need to be addressed to be accepted as a useful and dependable tool in the eDiscovery process. First, which documents/records are used and who chooses them to “train the system”? This training selection will almost always be conducted by attorneys involved with the case.

The second dependency revolves around the number of documents used for the training. How many training documents are needed to provide the needed sample size to enable a dependable process?

And most importantly, do the parties have access to all potentially relevant documents in the case to draw the training documents from? Remember, potentially relevant documents can be stored anywhere. For predictive coding, or any other eDiscovery process to be legally defensible, all existing case related documents need to be available. This requirement highlights the need for effective information management by all in a given organization.

As the courts adopt, or at least experiment with predictive coding, as Judge Peck did in Monique Da Silva Moore, et al., v. Publicis Groupe & MSL Group, Civ. No. 11-1279 (ALC)(AJP) (S.D.N.Y. February 24, 2012, an effective information management program will become key to he courts adopting this new technology.

The Facebook Timeline Button That Hides Your Past From Strangers’ Prying Eyes

Bill Tolson Uncategorized , ,

Over the next few weeks, Facebook Timeline becomes mandatory for everyone. Yes, that means you who been holding onto your old profile while standing very still in a dark digital corner hoping that Facebook might not notice you among its 800 million users. This will require a little privacy housekeeping thanks to Facebook’s surfacing old posts and photos you had forgotten about. Whether you’ve already switched to Timeline or will be ushered in against your will soon, there’s one very important button for those who want to optimize their privacy after the switch: The entire Forbes article can be viewed here

Your organization’s social media problem can’t be cured with antibiotics

Bill Tolson Information Governance, Social Media , , , , , , ,

You can’t control what employees do away from work on their own time and using their own equipment but companies do have a right to control their brand and that includes how they are represented by their employees on social media sites. For that reason, every organization should develop, implement and enforce a corporate-wide social media policy for all employees (because if you don’t enforce it, then do you really have a policy?).

Gary MacFadden was kind enough to pose a great question in response to my last blog posting titled “Did you hear the one about the Attorney who thought social media was a dating website for singles over 40?”. Gary pointed out that it would be helpful if I could give examples of a corporate social media policy (what it involved) and what the employee education process would be to make employees aware of the policy. With that in mind, here are some aspects of a corporate social media policy:

  1. A policy author with contact information in case employees have questions
  2. An effective date
  3. A definition of what social media is
  4. A description as to why this policy is being developed (for legal defense, brand protection etc)
  5. A description of  what social media sites the company officially participates in
  6. A listing of those employees approved to participate on those sites
    1. The fact that any and all approved social media participations will be done only from corporate infrastructure (this is to protect approved employees from discovery of their personal computers)
    2. A description of topics approved to be used
    3. A description of those topics not approved to be used
    4. A description of any approval authority process
    5. A description of what will happen to the employee if they don’t follow the approved process
  7. A direct statement that unapproved employees that make derogatory remarks about the organization, publish identifying information about clients, employees, or organization financials, talk about organization business or strategy etc. in any social media venue will be punished in the following manner…
  8. A description of how these policies will be audited and enforced

Once the policy is developed, it needs to be communicated to all employees and updated by legal representative on an annual basis. This education process could include steps like:

  1. A regularly updated company intranet site explaining the policy.
  2. A description and discussion of the policy in new employee orientation activities.
  3. A printed description of the policy which the employee signs and returns to the organization.
  4. An annual revisiting of the policy in department meetings.
  5. The publishing of an organization “hot line” to your corporate legal department for real-time questions.

On a related topic, for legal reasons you should be archiving all approved social media participations much like many companies now archive their email and instant message content.

This practice will seem rather draconian to many employees but in reality the organization needs to protect the brand and always have a proactive strategy for potential litigation.

A sampling of various organizations social media policies can be found here. I was particularly impressed withDell’s.

Frictionless eDiscovery; social media addicts beware…

Bill Tolson Information Governance, Social Media , , , , , , , ,

eDiscovery just got a lot easier…for opposing counsel.

Facebook’s new system to auto-share what you do around the web may catch many Facebook enthusiasts off guard. Even “power” users of Facebook will probably run into trouble with this “frictionless sharing” feature. Once it’s enabled on a site you won’t get any other warnings that you “tracks” are being broadcast to large numbers of people.  In fact, even those people who know exactly how this new feature works will need to be on guard against sharing some seriously embarrassing and or compromising updates.

For those not in the know, Facebook is making sharing even easier by automatically sharing what you’re doing on a growing community of Facebook-connected apps.

Huh? It could be the news articles you read online, the videos you watch, the photos you view, the music you listen to, or any other action within the site or app. In the future it could be the “stuff “you buy on-line or the profiles of people you view, or diseases you looked or the fact that you searched for information on the term “formaldehyde” on a specific day…

To be fair, currently,  you must explicitly authorize a site or app to share your information with Facebook. How this sharing mechanism works depends on the app. Authorizing the Washington Post or The Guardian Facebook apps allows you to read those news sites right within Facebook. The downside, however, is that everything you read is shared back to your friends via a timeline… This capability may also effect those news organizations which have jumped into this partnership opportunity. These news organizations may see a drop in views because potential readers will now have to first consider how viewing a particular story will affect their reputation; Do I really want to click on this story knowing my “friends” will know I viewed this?

A timeline… REALLY! Do your friends really need to know you viewed a website titled “BieberFever.Com” at 1:13 am last Thursday morning? Or that you read an article on setting up a Swiss bank account 57 minutes after you received notice of a pending lawsuit? Talk about making the opposing counsel’s job easier…every discovery request will automatically include Facebook accounts.

Another group that needs to be careful are employees. I can imagine an HR representative viewing an employee’s Facebook page to verify, via the employee’s timeline, they have been surfing the web for the last 17 days.

I have repeatedly warned friends that social media sites like Facebook are potentially dangerous in that what you (or an application) post to your social media site could be used against you by potential employers, current employers or attorneys. One question I suggest all social media addicts ask themselves before they post is; “Is this something I would feel comfortable showing up on the front page of the New York Times?”…Because someday it could.

EPIC Asks FTC to Investigate Facebook’s “Timeline”

Bill Tolson Social Media , , , ,

Last year I wrote two blogs titled Spoliation of the Facebook Timeline and Frictionless eDiscovery; social media addicts beware…

which discussed the potential privacy problems with the new Facebook Timeline feature. Yesterday the blog site: The ESI Ninja Blog posted a blog about further developments around privacy and the Timeline feature. The below content is from that blog:

EPIC Asks FTC to Investigate Facebook’s “Timeline”

Posted on January 10, 2012 at 6:44 pm by John M. Horan

When Mark Zuckerberg unveiled Facebook’s new Timeline feature at the company’s Sept. 22, 2011 f8 developer conference, he described it as “The story of your life . . . .  All the stuff from your life.”  According to a Sept. 22, 2011 Facebook Blog post,

The way your profile works today, 99% of the stories you share vanish. The only way to find the posts that matter is to click “Older Posts” at the bottom of the page. Again. And again.

. . .

With timeline [sic], now you have a home for all the great stories you’ve already shared. They don’t just vanish as you add new stuff.

The Timeline announcement came toward the end of an investigation by the Federal Trade Commission into Facebook’s privacy practices, culminating in the Commission’s Nov. 29, 2011 announcement that Facebook had agreed to settle FTC charges “that it deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public.”  In general outline, the FTC said, the proposed settlement

bars Facebook from making any further deceptive privacy claims, requires that the company get consumers’ approval before it changes the way it shares their data, and requires that it obtain periodic assessments of its privacy practices by independent, third-party auditors for the next 20 years.

Three days before the Dec. 30, 2011 close of the 30-day comment period on the proposed settlement, privacy rights organization Electronic Privacy Information Center (EPIC) urged the FTC to investigate whether Facebook’s new Timeline feature complies with the terms of the proposed settlement.  Echoing some of the concerns it raised in a Sept. 29, 2011 letter to the FTC regarding “frictionless sharing,” EPIC’s Dec. 27, 2011 letter to the FTC asked the Commission to: <the rest of the blog entry can be viewed here>

The ROI of Information Management

Bill Tolson Information Governance , , , , , , , , ,

Information, data, electronically stored information (ESI), records, documents, hard copy files, email, stuff—no matter what you call it; it’s all intellectual property that your organization pays individuals to produce, interpret, use and export to others. After people, it’s a company’s most valuable asset, and it has many CIOs, GCs and others responsible asking: What’s in that information; who controls it; and where is it stored?

In simplest terms, I believe that businesses exist to generate and use information to produce revenue and profit.  If you’re willing to go along with me and think of information in this way as a commodity, we must also ask: How much does it cost to generate all that information? And, what’s the return on investment (ROI) for all that information?

The vast majority of information in an organization is not managed, not indexed, not backed up and, as you probably know or could guess, is rarely–if ever–accessed. Consider for a minute all the data in your company that is not centrally managed and  not easily available. This data includes backup tapes, share drives, employee hard disks, external disks, USB drives, CDs, DVDs, email attachments  sent outside the organization and hardcopy documents hidden away in filing cabinets.

Here’s the bottom line: If your company can’t find information or  doesn’t know what it contains, it is of little value. In fact, it’s valueless.

Now consider the amount of money the average company spends on an annual basis for the production, use and storage of information. These expenditures span:

  • Employee salaries. Most employees are in one way or another hired to produce, digest and act on information.
  • Employee training and day-to-day help-desk support.
  • Computers for each employee
  • Software
  • Email boxes
  • Share drives, storage
  • Backup systems
  • IT employees for data infrastructure support

In one way or another, companies exist to create and utilize information. So… do you know where all your information is and what’s in it? What’s your organization’s true ROI on the production and consumption of your information in your entire organization? How much higher could it be if you had complete control if it?

As an example, I have approximately 14.5 GB of Word documents, PDFs, PowerPoint files, spreadsheets, and other types of files in different formats that I’ve either created or received from others. Until recently, I had 3.65 GB of emails in my email box both on the Exchange server and mirrored locally on my hard disk. Now that I have a 480 MB mailbox limit imposed on me, 3.45 GB of those emails are now on my local hard disk only.

How much real, valuable information is contained in the collective 18 GB on my laptop? The average number of pages of information contained in 1 GB is conservatively 10,000. So 18 GB of files equals approximately 180,000 pages of information for a single employee that is not easily accessible or searchable by my organization. Now also consider the millions of pages of hardcopy records existing in file cabinets, microfiche and long term storage all around the company.

The main question is this: What could my organization do with quick and intelligent access to all of its employees’ information?

The more efficient your organization is in managing and using information, the higher the revenue and hopefully profit per employee will be.

Organizations need to be able to “walk the fence” between not impeding the free flow of information generation and sharing, and having a way for the organization as a whole to  find and use that information. Intelligent access to all information generated by an organization is key to effective information management.

Organizations spend huge sums of money to generate information…why not get your money’s worth? This future capability is the essence of true information management and much higher ROIs for your organization.

Can you wipe your twitter ramblings, and should you?

Bill Tolson Information Governance, Social Media , , , , , , ,

In December of 2011, the Library of Congress and Twitter signed an agreement that will eventually make available every public Tweet ever sent as an archive to the Library of Congress.

While writing a blog post last week, I began  to wonder how long all my twitter postings would be available and who could look at them. For the fun of it, I went back through approximately 6 months of my old twitter postings, re-tweets and replies (yes you can do it, it’s relatively easy and you can look at anyone’s).

 I’ve been pretty good about keeping my twitter posts “business-like” and have steered away from personal stuff like “I just checked in to the Ramada Inn on route 11…can’t wait for the evening to begin!”, or “does anyone know how to setup an off-shore bank account?” or “those jerks over at Company ABC are a bunch of losers”.  But many tweeters aren’t so disciplined and have posted stuff that could come back to haunt them later. I could imagine a perspective employer reviewing a candidate’s twitter history or even worse an attorney conducting research for a case using the public twitter archives to create a timeline.

With that in mind, could you delete your twitter postings and should you? Twitter does allow you to delete specific tweets one at a time but as far as I can determine, Twitter does not give you the ability to delete your entire twitter history short of deactivating your account. From the Twitter website:

How To Delete a Tweet

If you’ve posted something that you’d rather take back, you can remove it easily. When you hover over your Tweet while viewing your home or profile page, you’ll see a few options appear below the message.

To delete one of your Twitter updates:

  1. 1.       Log in to Twitter.com
  2. 2.       Visit your Profile page
  3. 3.       Locate the Tweet you want to delete
  4. 4.       Hover your mouse over the message (as shown below), and click the “Delete” option that appears

Voila! Gone forever… almost. Deleted updates sometimes hang out in Twitter search. They will clear with time.

We do not provide a way to bulk delete Tweets. If you’re looking to get a “fresh start” on your Twitter account without losing your username, the best way to do this is to create a temporary account with a temporary username, and then switch the username between your current account and the temporary account. Please see our article on How to Change Your Username for more info. 

On December 30, 2011, CNET published a story titled “How to delete all your tweets” which highlighted a product called TwitWipe. TwitWipe is a free tool that allows you to delete ALL your past tweets in one fell swoop. This may be handy because you can clean out your twitter account and start fresh without changing your username and dumping all your hard won followers.

This is an interesting capability but I think the more important question is why would you use this drastic of a step? The four most obvious reasons one would want to delete all their twitter postings and start fresh would be:

1.       You went through an unfortunate period in your life that you would rather forget

2.       You were regularly conducting criminal activities through your Twitter account

3.       You are considering a run for the presidency

4.       For whatever reason, you don’t want your twitter postings archived and available at the Library of Congress

The ability to delete ESI can be dangerous if done at the wrong time, especially if civil litigation is anticipated. Deleting a single tweet or every tweet you have ever posted can be construed as destruction of evidence if those tweets could have been relevant in litigation. ESI, no matter its format or where it’s stored, is potentially evidence  and should be at least considered when protecting ESI for litigation hold. Attorneys on both sides need to include social media content like twitter postings in their eDiscovery plans and be sure to warn all custodians about deleting/editing  social media content once litigation is anticipated.