Lighthouse Blog

Have you created, or were handed, a budget but you don’t know where to start? Or, have you managed a budget for a while but want some other perspectives on what to look for throughout the year? Well this is the post for you. As I mentioned in my prior post about creating budgets, I have managed budgets for a long time in legal, operations, and other departments, as well as gotten input on this topic from many peers. Below you will find five of my top tips.Align team goals with budget - The success of your budget increases if everyone is working toward the common goal of staying within that budget. As such, when creating your team goals as well as when creating an individual team member’s goals, they should all support what you have put in your budget. There are a number of ways to do this. First, you could put a specific goal – e.g., come within 5% of budget – in their personal goals. You could also tie a part of an employee’s bonus to the department meeting its budget. Second, you could make the goals a bit more indirect by having each employee have a goal around coming up with cost-savings measures. Finally, you could be even less direct by just ensuring that nobody has goals related to projects that do not have any budget and that all funded projects do have owners. I use all three of these concepts in combination to set up the department for budget success.Operationalize your budget review - Reviewing your spend (actuals) against your budget on a monthly basis is critical to being able to stay on budget. You should involve your team in these budget reviews. The agenda should include an update on the prior month’s spend, a discussion of anything unusual from the prior month, and a discussion about any expectations for the coming month. Be open during these discussions and encourage people to speak up. You want to foster a positive environment where people feel comfortable bringing up anything that will impact the budget. Every team member should understand how their work impacts the budget. Any team member heading up a particular project should understand the budget of that project and where they are vis-à-vis budget. Transparency of this information will allow people to make well-informed decisions.Constantly look for ways to get better – automation and different suppliers - Even if you are at or under budget, it is important to continuously look for ways to get more efficient with resources. This can be done in conjunction with monthly budget reviews as your team will likely have some great suggestions. There are three main questions I ask:What can be automated? What can be outsourced?Are there opportunities to get better pricing from any outsourced providers (including technology)?Of these three, I lean towards automation because of the dramatic cost savings over time, but also the additional benefits. Automation will typically have an initial cost to fund the development effort. However, that initial investment can eliminate certain resources for a long period, sometimes even bringing ongoing costs to $0. Automation also can provide information, such as auditing and data, that were not available with manual methods. For example, implementing an e-billing solution not only saves on the people cost for reviewing bills, but also gives better visibility into where the money is being spent, leading to new areas for savings.Always have a plan B and C - Things change as the year goes on – revenue may not come in as expected, there could be a global pandemic that impacts your business, or you could decide to fund a higher priority business item – and you may be asked to change or reduce your budget. This can be frustrating but you should be ready for unexpected changes. The first thing you can do to be ready is to know what you will cut first, second, and third, etc. When you have a prioritized list, you can respond to any budget cuts or freezes pretty quickly. Second, you should have alternative, cheaper ways to still move forward on your top legal department strategy or strategies. For example, instead of hiring a full-time employee to manage and implement your e-billing system, perhaps you can hire a temporary employee, consultant, or an intern to move you forward on the research and design phases. Also consider whether you can move forward with any projects in phases or by doing a scaled back proof of concept first. For example, you could procure fewer licenses of your e-billing system and implement it for only 10% of matters (e.g., litigations over $1M). Both of these moves will allow you to still advance your project, but for a lower cost. The proof of concept also has the added benefit of allowing you to demonstrate the value of the project to the business, thereby making any associated budget requests for a full-scale implementation easier to get approved.Communicate changes early - A budget is an estimate based on your knowledge at one point in time. It won’t be perfect and you will have to make changes. Make sure you understand the process to communicate those changes. As soon as you have knowledge of anything that will be significantly under or over budget, which you will likely get from your monthly budget review, make sure to communicate that. If it is something that will put you over budget, make sure to have the details about why the spend is necessary, what alternative options you have looked into, and what benefits will come to the business from this spend. The threshold for when to communicate these changes differs at each organization so be sure to work with your partners in the finance organization to understand what is expected at your organization.legal-operationsediscovery-process, legal-ops, blog, legal-operations,ediscovery-process; legal-ops; bloglighthouse

What is data reuse? There are many different flavors and not everyone thinks about it the same way. In the context of eDiscovery, subject-matter specific work product in the form of responsiveness or issue coding often comes to mind and is then immediately dismissed as untenable given that the definitions for these can change from matter to matter. This is just one tiny piece of what’s possible, however. We need to consider the entire EDRM from end to end. What else has already been done, and what can be gained from it?First, there’s the source data itself. The underlying electronically stored information (ESI) is foundational to the reuse of data as a whole. Many corporations deal with frequent litigation and investigations, and those matters often include the same or at least overlapping players, i.e. the “frequent flier” custodians. This means the same data is relevant to multiple matters, which means it can be reused. There’s the potential for a one-to-many relationship here. In other words, instead of starting from scratch with each new project by going back to the same sources to collect the same data, why not take stock of what has been collected already? Compare the previously collected inventory to what is required for each specific matter, and then return to the well for the difference as needed. It may be as simple as a “refresh” to capture a more recent date range, or, even better, there’s no new collection to be done at all.Next up is the processed data. Once it’s collected, a lot of time, effort, and money are spent transforming ESI into a more consumable format. Extracting and indexing the metadata such that it can easily be searched and reviewed in your platform of choice takes real effort. Considering the lift, utilizing data that has already undergone processing makes a lot of sense. Depending on volume, significant savings in terms of timeline and fees are often realized, and this is not a one-time thing. The same data often comes up over and over across multiple matters, compounding savings over time.Finally, after processing comes review, which is where reusing existing work product comes in. This isn’t limited to relevance calls, which may or may not consistently apply across matters. There’s limited application for the reuse of subject-matter specific work product as mentioned earlier. The real treasure trove is all the different types of static work product – the ones that remain the same across matters regardless of the relevance criteria – and there are so many! One valuable step that is often overlooked is the ability to dismiss portions of the data population upfront. Often there is some chunk of data that will simply never be of interest. These are the “junk” or “objectively non-relevant” files that can clog a review. For example, automatic notifications, spam advertisements, and other mass mailings can contribute a lot of volume and rarely have any chance of including relevant content. Also, think about redactions and what often drives them: PII, PHI, trade secret, IP, etc. These are a pain to deal with, so why force the need to do so repeatedly? And, what about privilege? Identifying it is one thing, and then there are the incredibly time intensive privilege log entries that follow. These don’t change, and the cost to handle them can be steep. On top of that, they are incredibly sensitive, so ensuring accuracy and consistency is key. That’s pretty difficult to accomplish from matter to matter if you rely on different reviewers starting over each time.At the end of the day, no one wants to waste time and effort on unnecessary tasks, especially considering how often intense deadlines loom right out of the gate. The key is understanding what has already been done that overlaps with the matter at hand and leveraging it accordingly. In other words, know what you have and use it to avoid performing the same task twice wherever possible.ai-and-analytics; ediscovery-reviewediscovery-process, data-re-use, blog, ai-and-analytics, ediscovery-reviewediscovery-process; data-re-use; bloglighthouse

Recently we took Lighthouse’s legal technology podcast series Law and Candor on the road and broadcast a special live edition to our audience straight from Legaltech. One episode focused on the issue that’s at the forefront of the eDiscovery and information governance world: data privacy compliance in the post-GDPR world. Our distinguished Law and Candor hosts spoke with special guest Kelly Clay, global eDiscovery counsel and head of information governance at GlaxoSmithKline (GSK), about the key challenges or “opportunities” that GDPR, CCPA, and other burgeoning laws around data privacy have presented, and subsequently how the associated risks have permanently shifted the legal landscape.With the two-year anniversary of GDPR’s first day of implementation right around the corner, it’s a perfect time to reflect on where we are now. Organizations around the world have become more comfortable with the idea that data governance, privacy, and security are more than just new challenges they are being forced to solve. Businesses are beginning to see the new opportunities that come from data privacy regulations as they realize the benefits that come from cross-functional stakeholders working together across all of their internal support functions.So what are organizations doing to get a handle on the information governance side of the house and ensure compliance in this post-GDPR era? Here are three steps to take on the road to continual compliance:Understand where your data resides. It might seem obvious, but the number one place to start (and some would argue the most important) is taking a detailed look at your data and understanding all of the different types your organization generates, and the various locations where it all resides. Many who have already embarked on this journey have found silos during the process and encountered complications in understanding the full extent of their data and where it is. Now’s the time to use the information you gather to create a detailed and comprehensive data map that can be easily and automatically updated as new locations and new data are constantly created.Focus on the general principles. It’s easy to get overwhelmed in the data mapping process, especially if you’re a large organization whose employees utilize many different communication methods and IT has traditionally employed disparate storage methods for that never-ending mountain of data. Once your data map is in place, take a step back and realize you can’t tackle every potential compliance issue at the same time. Instead, continue to focus on the overall general principles like understanding where the data is flowing from and where it’s going, whether it’s email, chats, or data in the Cloud.Change the narrative. Historically, Legal and IT have operated separately and handled data based on the nature of their specific job functions. For example, Legal views data and information through the lens of risk management, while IT has a different approach in how it views managing and archiving data within an enterprise. With GDPR, CCPA, and likely many more privacy regulations to come, organizations need to handle data differently and understand everyone is accountable and must work cross functionally. Key players from the technology group to the procurement team to the business strategy group must change their mindset and be mindful of how they deal with data while keeping legal risk at the forefront.Ultimately, the post-GDPR era is here to stay and organizations should treat these dramatic changes in how we view and handle data as an opportunity not a challenge. Getting a handle on how to create an effective compliance program is a team effort that requires everyone to get on the same page, and it’s particularly important to involve your key stakeholders early on in the process.More on this topic can be found in this article, How GDPR and DSARs are Driving a New, Proactive Approach to eDiscovery. data-privacy; information-governanceccpa, gdpr, cloud-security, blog, data-privacy, information-governanceccpa; gdpr; cloud-security; bloglighthouse

One of the unanticipated consequences of the COVID-19 pandemic and the ensuing shift of office employees being forced to work from home, is the impact on counsel who must continue to direct forensically defensible collections for eDiscovery, investigations, and regulatory response scenarios. As employees adjust to remote work, they are increasingly commingling personal data sources, home networks, and corporate data, which in turn creates a wealth of new data sources that will need to be collected as potentially-relevant ESI.In my recent webinar, I discussed this significant shift to the “new normal” of digital digital-forensics and how information governance policies and IT security practices should be proactively extended to remote employees, as well as ways to mitigate future complications around forensic collections that will now need to be almost exclusively remote. Here are a few of the most important aspects to consider on how working from home impacts digital digital-forensics, and practical workflow strategies for handling remote ESI collections.Working from Home: The Digital digital-forensics ImpactThere’s a behavioral impact that automatically comes with working entirely from home, with less delineation between the workday and home life, and subsequently more temptation to use your work laptop for personal reasons. This behavioral impact is also mirrored in the reverse scenario where personal devices become more convenient to use for work. Although we were already seeing quite a bit of intermingling of data pre-COVID-19, this habit is dramatically increasing as home has quickly become the only workplace and there hasn’t been time for organizations to adopt new IT policies to tackle these issues.With the advent of this new remote workplace era, data (mis)management will remain with us for future matters and there will be a permanent impact on collections going forward. Among the top adjustments that need to be made is custodian questionnaires must be enhanced to scrutinize whether any relevant work-related data or communications reside on the custodians’ home devices. The same scrutiny will need to be applied to personal data potentially residing on work laptops as the opportunities for this type of data intermingling or “contamination” will undoubtedly continue to increase.ESI Collections: Practical Workflow StrategiesEven though we’re currently not able to travel onsite to acquire device and data source evidence, we can continue collections by relying on sound and defensible forensic remote strategies that are already in place. Collections from the Cloud are status quo and conducted remotely by definition, but for other ESI sources, we will favor targeted and logical collections over full physical forensic images.For remote collections on premise at an office that’s closed, if there’s a skeleton IT crew in place, screen sharing can be utilized to mimic the exact scenario of a digital-forensics professional being onsite to help load a hard drive or provide access into a server. For custodians sitting at home, the same process can apply and technical guidance can be provided remotely. If shipping is a safety concern, data can be uploaded by secure encrypted file transfer protocol (FTP) using software that can resume broken uploads or by utilizing fast data transfer solutions such as Aspera. Whether figuring out a safe way to transport encrypted hard drives back and forth or using remote data transfer technology, we’ll need to plan for increased turnaround times due to varying upload speeds from home and/or decontamination procedures that are implemented for shipping protocols.Key TakeawaysAs company and personal custodian data commingling grows during COVID-19, a permanent shift is happening in digital digital-forensics and eDiscovery. From a legal standpoint, it’s settled that company-related communication on personal devices is subject to discovery, thus custodian interviews and other information-gathering techniques to identify the relevant scope of a collections effort must be enhanced. And although data preservation and evidence acquisition tasks may take longer to conduct when onsite collections is not an option, the technology is already in place to ensure forensically sound and defensible remote collections now and in the future.To discuss this topic further, please feel free to reach out to me at JBui@lighthouseglobal.com.digital-forensics; information-governancelegal-operations, digital-forensics, information-governancecloud; collections; cloud-security; bloglighthouse

The overall impacts of COVID-19 are widespread and still very uncertain. The Law & Candor podcast team wanted to come together with this special edition to reflect on the current impacts and how they are affecting those the legal space and beyond.In this special edition, co-hosts Bill Mariano and Rob Hellewell, are joined by Lighthouse’s CEO, Brian McManus, to discuss his take on the industry impacts of COVID-19. The group discusses shifts in company priorities, common themes being heard throughout the industry, as well as the downstream implications this pandemic could have on the legal space by answering the following key questions:What are key company priorities?What are current employee safety priorities and items to be aware of?What is the industry saying?What will be the lasting impact of COVID-19 on the legal space?In conclusion, they share top takeaways from the episode. If you are interested in listening, click here. To join the conversation on Twitter, click here.Catch up on past seasons by clicking the links below:‍Season 1Season 2Season 3For questions regarding this podcast and its content, please reach out to us at info@lighthouseglobal.com.ediscovery-reviewcloud, self-service, spectra, cloud-security, blog, ediscovery-review,cloud; self-service, spectra; cloud-security; bloglighthouse

A good discovery strategy goes beyond complying with production obligations. When preparing for discovery matters, law firms and legal corporate departments most often focus on developing a compliant and cost-effective responsive review capability with the appropriate expert personnel, technology, and workflows. After all, once in place, a tested responsive review capability can provide legal counsel the cost predictability, security, and control needed to focus on legal strategy early on in large litigation matters.Yet, while it is necessary to develop a reliable in-house or managed responsive review capability for document-intensive litigation, being ready for the demands of modern day discovery extends beyond complying with production obligations. Most notably, the work of fact-finding often continues well after production, and introduces its own unique complexities and opportunities requiring special tactical attention.Responsive review and finding key documents require different workflows. There is a substantive difference between identifying what is responsive for production versus honing in on the key information that ultimately decides a case or investigation. While responsive review focuses on compliance with negotiated and documented requests for production, targeted fact-finding focuses on legal hypothesis-testing and story development in an actively changing and open-ended context.As such, the mix of skills, technologies, and workflows required for responsive review does not necessarily extend beyond the production phase. Honing in on key documents and dispositive information buried in large data sets requires tactical agility and adaptation that efficient responsive review approaches limit by design in order to achieve production compliance at scale.Targeted fact-finding requires an iterative process and an expert team.A common need shared across fact-finding case teams is quick identification of key documents to help develop a robust and coherent fact-based narrative. Rather than casting a broad net to look for similarities among documents as you would do in a responsive review, fact-finding teams require an ability to sleuth through large data sets in order to identify key players, reveal hidden connections between them, and establish an overall picture and timeline of what happened.More specifically, rather than leveraging linear review workflows—even those optimized by technology-assisted review (TAR)—targeted fact-finding is best supported by iterative workflows in which attorneys and discovery experts deeply familiar with the case conduct tailored interrogations of the data to find the information that will best help with developing the case team’s understanding of the matter.Broaden the notion of discovery for better preparedness. Limiting discovery preparedness to achieving scalable responsive review gives short-shrift to developing a capacity for targeted fact-finding. Broadening the notion of discovery preparedness to include fact-finding means reassessing your discovery capabilities beyond production-oriented questions, such as what number of documents will require eyes-on review or what level of accuracy can be achieved. It makes sense to make more qualitative, legal expert-based assessments such as: Have we been able to uncover the full extent of the relevant fact pattern? How confident are we that we have connected the dots regarding who acted improperly and who had knowledge of it?To answer these sorts of questions, senior members of the litigation team need to be actively informed at a granular level regarding fact-finding approaches and outcomes. A robust and effective fact-finding function can provide a critical advantage in not only witness and trial preparation, but also in early case assessment, internal investigations, and government subpoenas, increasingly important discovery contexts to consider in light of increased regulatory, shareholder, and public scrutiny of corporate fraud and wrong-doing.For more on fact-finding, see: eDiscovery for Investigations: Different Goal, Different Approach. ediscovery-reviewblog, ediscovery-reviewbloglighthouse

Executive SummaryThe GDPR and Data Subject Access Requests (DSARs) are a key reason why companies are starting to focus their attention on information governance strategically, as opposed to simply reacting each time they get a request. With GDPR, companies have seen a significant increase in DSARs and the resulting requirement to look inwardly at their data landscape is timed perfectly with advances in cloud computing.Inconsistent NeedOver the last 20 years, I have assisted clients in responding to triggering events such as litigation and investigations by helping to identify where their data is and how to retrieve, preserve, and filter it for legal review. Rarely have those same clients been interested in proactively implementing information governance frameworks and policies without a consistent need to do so. A General Counsel once told me they face an investigation about as often as every Olympic cycle, so they don’t prioritise resources to prepare for such an infrequent event.The GDPR and associated DSAR obligations have provided exactly this motivation. However, this stick has combined with the carrot of cloud computing to provide the right mix of requirement and capability, not just to make compliance a token project stream within a company, but an enterprise-wide strategic initiative to focus on how data is generated, accessed, managed, and deleted. Common and Civil Law EnvironmentsThroughout my career, I have worked closely with companies in mainland Europe and the Middle East on cross-border litigation and investigations. In my experience, companies operating in civil law jurisdictions are not as familiar with the eDiscovery process as their common law counterparts unless they have faced regulatory scrutiny (such as companies in the financial services or technology industry). This is because they and their counsel do not face the same discovery obligations and thus have not traditionally focused on gathering evidence to produce to a court or third party. The result is inadequate retention procedures and disconnected strategies regarding data management.However, one thing all companies have in common is that using technology to make data management more efficient has become essential as data volumes grow. For example, DSAR responses may not be as ‘normal’ in mainland Europe as they are in the US or UK, but they have universally added motivation to those tasked with managing data within the company.Information Governance Buy-InNow that awareness has increased on the significant consequences of holding certain data longer than you need, senior leadership is prioritising (even at board level) how to effectively manage data within the company. This comes at a time when most companies have moved or are moving to the Cloud. According to Microsoft, “97% of Fortune 500 and 95% of Fortune 1000 companies have Office 365.” Notably, these companies are not moving to the Cloud for compliance or eDiscovery reasons, they are doing so for overall enterprise reasons including streamlining IT operations by moving off premise, giving employees access to modern workplace tools, and for security purposes. But as a bonus, when it comes to comprehensive cloud platforms such as Office 365, information governance, compliance, and eDiscovery tools are already included.Cloud Relevance for Legal TeamsNow that companies are shifting their focus to information governance, what can legal teams do to utilise the investment they’ve made in cloud computing? Since business efficiencies are important but not what legal is primarily concerned about, risk management is the key and to that end, data management is the order of the day. With increased GDPR penalties looming and cloud capabilities at their disposal, lawyers are now turning to the central pillars of information governance – document retention, categorisation, preservation, defensible deletion, identification, collection, and, depending on cloud maturity, data migration.For example, utilising functionality within Office 365, a company has a fighting chance to develop very effective and granular document retention policies that actually work and are dynamic (rather than a dusty document no one ever refers to). Categorising a document (or having it automatically categorised) when it is created, as well as determining, based on its content, when it will be deleted, is a very powerful capability. Setting email and chat message retention based on a defined policy is a significant achievement that goes a long way to limiting what data is kept and for how long.Not Just TechnologyAs GDPR and the Cloud have revolutionised information governance and provided the motivation and capability to address new and existing risks and inefficiencies, for these technology solutions to work in the long term, there needs to be a strong focus on people and processes. Change management has always been the Achilles heel of technology implementation and it is no different for Office 365 when it comes to effective information governance. First and foremost, understanding who in the company has responsibility for various processes needs to be determined. For example, who will respond to a DSAR? Who will create the data searches, preserve the data, and retrieve it for review? When it comes to labelling a document, what is the criteria for determining what qualifies as personal data? How does the technology assist in the decision making? How can a remediation exercise tie into an ongoing retention policy?Overall ComplianceIt is very hard for a multinational company to become 100% GDPR compliant. However, the Cloud offers significant capability for a company to take very reasonable and appropriate measures that go a long way. It’s better to be in the middle of the sheep pack than on the outside when the wolf is close and modern cloud technology allows companies to develop enterprise-wide frameworks to better manage their data. Let the regulators worry about companies with no demonstrable plans, not those who have made comprehensive changes to their data landscape. Even for companies that are not used to the fraught discovery world of US or even UK discovery, information governance has become a key priority due to GDPR and increasingly complex data environments that can now be managed in an effective and coordinated manner.More on this topic can be found in this article, Three Steps to Tackling Data Privacy Compliance Post GDPR. To discuss this article further, please feel free to reach out to me at MBrown@lighthouseglobal.com. data-privacycloud, gdpr, dsars, blog, data-privacy,cloud; gdpr; dsars; blogmichael brown

Season three of Law & Candor, the podcast wholly devoted to pursuing the legal technology revolution, is now available for your listening pleasure. Click the image below to binge season three now or keep scrolling for more details on the latest season. Law & Candor co-hosts, Bill Mariano and Rob Hellewell, have done it again. They have developed yet another riveting season of content by bringing on industry experts from AstraZeneca, Dentons, Dignity Health, Goulston & Storrs, GSK, and Lighthouse to discuss hot topics within the eDiscovery, compliance, and information governance space. Season three is filled with valuable takeaways, practical tips, and lots of banter along the way. See the season three episode lineup below:Tackling Big Data ChallengesData Privacy in a Post-GDPR World: Facing Regulators and Ensuring Compliance Through Rock-Solid Information Governance PracticeThe Future of On-Demand SaaS Software for Small Matters – A self-service, spectra Model StoryNew Efficiency Gains in TAR 2.0 and CMML RevealedHow Microsoft 365 and GDPR Are Driving a Proactive Approach to eDiscovery Across the GlobeeDiscovery Shark Tank - What’s Worth Your Investment in 2020?Each episode is bingeable and available on your podcast platform of choice including Apple, Spotify, Stitcher, and Google. Check them out now or bookmark them and listen later. Follow the latest updates on Law & Candor and join in the conversation on Twitter. Catch up on past seasons by clicking the links below:Season 1Season 2‍‍For questions regarding this podcast and its content, please reach out to us at info@lighthouseglobal.com.ediscovery-reviewmicrosoft, cloud, gdpr, self-service, spectra, data-privacy, ai-big-data, cloud-security, tar-predictive-coding, blog, ediscovery-review,microsoft; cloud; gdpr; self-service, spectra; data-privacy; ai-big-data; cloud-security; tar-predictive-coding; bloglighthouse