Lighthouse Blog

The March sessions of Legalweek took place recently, and as with the February sessions, the virtual event struck a chord that reverberated deep from within the heart of a (hopefully) receding pandemic. However, the discussions this time around focused much less on the logistics of working in a virtual environment and much more on getting back to the business of law. One theme, in particular, stood out from those discussions – the idea that legal professionals will need to have a grasp on the technology that is driving our new world forward, post-pandemic.In other words, the days when attorneys somewhat-braggingly painted a picture of themselves as Luddites holed up in cobwebbed libraries are quickly coming to an end. We live in an increasingly digital world – one where our professional communications are taking place almost exclusively on digital platforms. That means each of us (and our organizations and law firms) are generating more data than we know what to do with. That trend will only grow in the future, and attorneys that are unwilling to accept that fact may find themselves entombed within those dusty libraries.Fortunately, despite our reputation as being slow to adapt, legal professionals are actually an innovative, flexible bunch. Whether a matter requires us to develop expertise in a specific area of the medical field, learn more about a niche topic in the construction industry, or delve into some esoteric insurance provision – we dive in and become laymen experts so that we can effectively advocate for our clients and companies. Thus, there is no doubt that we can and will evolve in a post-pandemic world. However, if anyone out there is still on the fence, below are four key reasons why attorneys will need to become tech savvy, or at least knowledgeable enough to understand when to call in technical expertise.1. Technological Competence is Imposed by Ethics and Evidence RulesFirst and foremost, attorneys have an ethical duty (under ABA Model Rule 1.1) to “keep abreast of changes in the law and its practice, including the benefits and risk associated with relevant technology.” Thirty seven states have adopted this language within their own attorney ethics rules. Thus, just as we have a duty to continue our legal education each year to stay abreast of changes in law, we also have an ethical duty to continue to educate ourselves on the technology that is relevant to our practice.We also have a duty to preserve and produce relevant electronically stored information (ESI) (under both the Federal Rules of Civil Procedure (FRCP), as well as the ABA model ethics rules)[1] during civil litigation. To do so, attorneys must understand (or work with someone who understands) where their client’s or company’s relevant ESI evidence is, how to preserve it, how to collect it, and how to produce it. This means preserving and producing not only the documents themselves but also the metadata (i.e., the information about the data itself, including when it was generated and edited, who created it, etc.). This overall process grows more complicated with each passing year, as companies migrate to the unlimited storage opportunities of the Cloud and employees increasingly communicate through cloud-based collaboration platforms. Working within the Cloud has a myriad of benefits, but it can make it more difficult for attorneys to understand where their client’s or company’s relevant information might be stored, as well as harder to ensure metadata is preserved correctly.Together, these rules and obligations mean that whether we are practicing law within a firm or as in-house counsel at an organization, we have a duty to understand the basics of the technology our clients are using to communicate so that at the very least, we will know when to call in technical experts to meet the ethical and legal obligations we owe to those we counsel.2. Data Protection and Data Privacy is Becoming Increasingly ImportantThe data privacy landscape is becoming a tapestry of conflicting laws and regulations in which companies are currently navigating as best they can. Within the United States alone, there were a multitude of state and local laws regulating personal data that came into effect or were introduced in 2020. For companies that have a global footprint, the worldwide data protection landscape is even more complicated – from the invalidation of the EU-US privacy shield to new laws and modifications of data protection laws across the Americas and Asia Pacific countries. It will not be long before most companies, no matter their location, will need to ensure that they are abiding within the constructs of multiple jurisdictional data privacy laws.This means that attorneys who represent those companies will need to understand not only where personal data is located within the company, but also how the company is processing that data, how (and if) that data is being transmitted across borders, when (and if) it needs to be deleted, the process for effectively deleting it, etc., etc. To do so, attorneys must also have at least some understanding of the technology platforms their companies and clients are using, as well as how data is stored and transferred within those platforms, to ensure they are not advertently running afoul of data privacy laws.As far as data protection, attorneys need to understand how to proactively protect and safeguard their clients’ data. There have been multiple high-profile data breaches in the last few months,and law firms and companies that routinely house personal data are often the target of those breaches. Protecting client data requires attorneys to have a semblance of understanding of where client data is and how to protect it properly, including knowing when and how to hire experts who can best offer the right level of protection.3. Internal Compliance is Becoming More Technologically Complicated There has been a lot of interest recently in using artificial intelligence (AI) and analytics technology to monitor internal compliance within companies. This is in part due to the massive amount of data that compliance teams now need to comb through to detect inappropriate or illegal employee conduct. From monitoring departing employees to ensure they aren’t walking out the door with valuable trade secret information, to monitoring digital interactions to ensure a safe work environment for all employees – companies are looking to leverage advances in technology to more quickly and accurately spot irregularities and anomalies within company data that may indicate employee malfeasance.Not only will this type of monitoring require an understanding of analytics and AI technology, but it will also require grasping the intricacies of the company’s data infrastructure. Compliance and legal teams will need to understand the technology platforms in place within their organization, where employees are creating data within those platforms, as well as how employees interact with each other within them.4. The Ability to Explain Technology Makes Us Better AdvocatesFinally, it is important to note that the ability to understand and explain the technology we are using makes us better and more effective advocates. For example, within the eDiscovery space, it can be incredibly important for our clients’ budgets and case outcomes to attain court acceptance of AI and machine-learning technology that can drastically limit the volume of data requiring expensive and tedious human review. To do so, attorneys often must first be able to get buy-in from their own clients, who may not be well versed in eDiscovery technology. Once clients are on-board, attorneys must then educate courts and opposing counsel about the technology in order to gain approval and acceptance.In other words, to prove that the methods we want to use (whether those methods relate to document preservation and collection, data protection, compliance workflows, or eDiscovery reviews) are defensible and repeatable, attorneys must be able to explain the technology behind those methods. And as in all areas of law, the most successful attorneys are ones who can take a very complicated, technical subject and break it down in a way that clients, opposing counsel, judges, and juries can understand (or alternatively are knowledgeable enough about the technology to know when it is necessary to bring experts in to help make their case).Best Practices for Staying Abreast of TechnologyReach out to technology providers to ask for training and tips when needed. When evaluating providers, look for those that offer ongoing training and support.For attorneys working as in-house counsel, work to build healthy partnerships with compliance, IT, and data privacy teams. Being able to ask questions and learn from each other will help head off technology issues for your company.For attorneys working within law firms, work to understand your clients’ data infrastructure or layout. This may mean talking to their IT, legal, and compliance teams so that you can ensure you are up to date on changes and processes that affect your ability to advocate effectively for your client.Look for CLEs, trainings, and vendor offerings that are specific to the technology you and your clients use regularly. Remember that cloud-based technology, in particular, changes and updates often. It is important to stay on top of the most recent changes to ensure you can effectively advocate for your clients.Recognize when you need help. Attorneys don’t need to be technological wizards in order to practice law, however, you will need to know when to call in experts…and that will require a baseline understanding of the technology at issue.To discuss this topic more, feel free to connect with me at smoran@lighthouseglobal.com. [1] ABA Model Rule 3.4, FRCP 37(e) and FRCP 26)ai-and-analytics; ediscovery-review; data-privacy; information-governanceanalytics, data-privacy, information-governance, ediscovery-process, blog, law-firm, ai-and-analytics, ediscovery-review, data-privacy, information-governanceanalytics; data-privacy; information-governance; ediscovery-process; blog; law-firmsarah moran

The Schrems II decision invalidated the EU-US Privacy Shield – the umbrella regulation under which companies have been transferring data for the last half-decade. In earlier parts of this four-part series, we described the impact of the Schrems decision, discussed how companies should evaluate their risk in using cloud technologies, and took a deeper dive on M365 in light of Schrems II. In sum, if you are a global business that previously relied upon Standard Contractual Clauses (SCCs) to transfer data, there is no clear guidance on what to do currently.It is even murkier in a cloud environment because the location of the data is not as transparent. Fortunately, there are ways to undertake a risk assessment to determine whether to proceed with any new cloud implementations. In the case of Microsoft products, there is also additional support from Microsoft with changes in its standard contractual terms and features in the product to mitigate some risks. Even so, many companies are holding off making any changes because the legal landscape is evolving. In this final part, we opine on what the future may hold. We can expect in the first half of this year that the European Commission will finalise the amended SCCs. We can anticipate that the EDPB will also produce another draft of its recommendations concerning data transfers. We should see plenty of risk assessments taking place. Even for companies adopting a “wait and see” policy in terms of taking significant steps, those companies should still be looking at their data transfers and carrying out risk assessments to make sure they are as well placed as possible for the moment when the draft SCCs and EDPB guidance are finalised.It would not be a surprise to see Microsoft continue to expand and develop M365 so that it offers yet more services that could be used as technical measures to reduce the risk around data transfers. These changes would strengthen the position of any company doing business between Europe and the US using M365.We do not have a crystal ball, and like many of you, are eager to see what happens next in this space. We will continue to monitor and keep you up to date with developments and our thoughts. If you have any questions in the meantime, feel free to reach out to us at info@lighthouseglobal.com.data-privacy; microsoft-365; information-governance; chat-and-collaboration-datamicrosoft, cloud, data-privacy, blog, law-firm, data-privacy, microsoft-365, information-governance, chat-and-collaboration-datamicrosoft; cloud; data-privacy; blog; law-firmlighthouse

In our four-part blog series on Schrems II and its impacts, we have already given the state of data transfers in light of the Schrems II decision as well as some practical tips on how to conduct a risk assessment. In sum, the foundation upon which companies have transferred data overseas for the last half-decade was recently shaken. Companies are left with no good legal options for data transfer so, instead, they need to make calculated risk assessments based on business need and convenience versus compliance with an unknown and quickly changing legal landscape.For those companies who have chosen Microsoft as their cloud provider, Microsoft has taken additional steps to alleviate some of the risks. In addition, there are some specific supplementary measures companies can take in their Microsoft 365 (M365) environment to mitigate some risk. In this third part of our series, we will consider the position if you are analysing data transfers that take place using M365, Microsoft’s flagship software-as-a-service tool, which is in use by many entities operating within Europe.It is worth pointing out that Microsoft has responded quickly to the upheaval. The EDPB issued its supplementary measures on November 11th, 2020, and by November 19th, Microsoft issued a press release entitled “New Steps to Defend Your Data.” Microsoft explained it was strengthening the rights of its public sector and enterprise customers in relation to data by including an Additional Safeguards Addendum into standard contractual terms. That addendum would give contractual force to the new steps Microsoft laid out in terms of defending customers’ data, namely that Microsoft:will challenge every government request for public sector or enterprise data from any government where there is a lawful basis for doing so; andwill compensate a public-sector or enterprise-customer user if data is disclosed in response to a government request in violation of the GDPR.Microsoft pointed out that these commitments exceeded the EDPB’s recommendations (presumably referring to the contractual supplementary measures in the EDPB guidance). These changes have received a mixed response, but it is interesting to see that the data protection authorities within three of the German states (Baden -Württemberg, Bavaria, and Hesse) issued a joint opinion that this was a move in the right direction since it included significant improvements for the rights of European citizens and was a clear signal to other providers to follow suit.So at a macro level, Microsoft has taken very public steps. However, that does not remove the need to carry out the analysis set out by the EDPB or, in general, carry out a risk assessment to give you a thorough understanding of any risks associated with using M365. Here are some specific considerations to keep in mind:As to the first step of the EDPB recommendations, identifying your data transfers, it is our understanding that Microsoft will shortly be publishing more detailed data maps which will help.The Microsoft white paper on the necessary elements for monitoring, securing, and assessing cloud storage is a very helpful resource. An updated version of this is also expected shortly.As part of your assessment, you should review the Microsoft Online Services Data Protection Addendum, in particular, the Data Transfers and Location sections, and the amended terms arising from Microsoft’s recent press release.When carrying out your risk assessment or transfer impact assessment, you should consider carefully the extent to which M365 can be configured to reduce the amount of personal data leaving Europe. More specifically, there are six areas upon which you could focus: Multi-geo: With multi-geo, a company operating in Europe can choose to have its Exchange Online (i.e., email), its SharePoint Online, and its OneDrive for Business data stored, at rest, within Europe. Multi-geo reduces the amount of data that would be transferred to the US in comparison to having the geo (Microsoft’s word for the central hub where data is stored) within the US. This is probably the most significant step a company can take to reduce data transfers. Choosing whether or not to enable applications: Certain applications such as Sway, Microsoft’s newsletter application, will have their data stored in the US irrespective of whether a company chooses to have a multi-geo setup. A company might weigh the pros and cons of each application, which involves data being stored in the US, and decide that it could operate without that application.Configuration settings at an application level: There are many settings within M365 at an application level that will vary the amount of data being generated and processed. Assessing each application in turn and deciding the specific configuration within that application can make a significant difference to the amount of personal data being created, moved, or stored. For more details on how to evaluate this for the popular collaboration tool, Teams, you can review this write-up.Encryption: Explore encryption thoroughly and look to implement it, if practical, as an additional technical safeguard. There a number of good resources explaining how encryption operates and the options available to add additional encryption. Here is a good starting point for learning about Microsoft’s encryption options.Customer lockbox: If you configure M365 so that the number of data transfers is reduced to the bare minimum, one area where transfers might still be needed is when there is a need for remote access by Microsoft engineers to provide support. Customer lockbox allows you to give final and limited approval for such access, which you can do after carrying out a specific risk assessment.Audit logs: All significant events in M365 are audited so you should put in place a review of audit logs to support any risk assessments that you complete.It is also more than just good practice to put in place a retention policy within M365, it is essential to ensure that personal data is not being retained for longer than is necessary. Reducing the amount of personal data within an organisation reduces the risk of data breaches that could result in problems under the provisions of the GDPR. Microsoft is following the legal landscape closely so expect to see quick responses from them as things change. But what kinds of changes should companies expect and when? Read the final part of this blog series on what the future may hold.To discuss this topic further, please feel free to reach out to us at info@lighthouseglobal.com.data-privacy; microsoft-365; information-governancemicrosoft, cloud, data-privacy, blog, corporate-legal-ops, data-privacy, microsoft-365, information-governance,microsoft; cloud; data-privacy; blog; corporate-legal-opslighthouse

The Law & Candor podcast is back for season seven, with a special guest speaker twist! In celebration of Women’s History Month (March), this season features an all-female guest speaker lineup. Our esteemed guests will not only explore the hottest topics in legal tech, but also discuss how to champion the development and career growth of women within the space in each episode.Law & Candor co-hosts, Bill Mariano and Rob Hellewell, are back to help lead those discussions in six easily digestible episodes that cover a range of topics: from diversity within eDiscovery, to keeping up with M365 software updates, to a look at possible antitrust changes in a new presidential administration. Check out season seven's lineup below:Diversity and eDiscovery: How Diverse Hiring Practices Lead to a More Innovative Workforce Innovating the Legal Operations Model Efficiently and Defensibly Addressing Microsoft Teams Data Keeping Up with M365 Software Updates AI and Analytics for Corporations: Common Use Cases Antitrust Changes in a New Administration Listen now or bookmark individual episodes to listen to them later, and be sure to follow the latest updates on Law & Candor's Twitter. And if you want to catch up on past seasons or special editions, click here.For questions regarding this podcast and its content, please reach out to us at info@lighthouseglobal.com.diversity-equity-and-inclusionmicrosoft, ai-big-data, legal-ops, blog, antitrust, corporate-legal-ops, diversity-equity-and-inclusionmicrosoft; ai-big-data; legal-ops; blog; antitrust; corporate-legal-opslighthouse

Evolving analytics tools and methods can help expedite review.Analyze this! No, we’re not talking about the 1999 movie starring Robert DeNiro and Billy Crystal, but rather analytics mechanisms that many organizations are using today to streamline discovery. As these mechanisms become more sophisticated, it pays to keep abreast of the ways in which they can impact a review, including how data can be organized, visualized, identified and reduced.For example, conceptual clustering can identify groups of topics that might be clearly responsive or non-responsive. Communication visualization maps can identify communication patterns of key parties within a data collection And, of course, predictive coding can train a supervised machine learning algorithm to identify potentially responsive and non-responsive documents based on classifications of other documents.But there are other use cases for eDiscovery analytics many organizations aren’t taking advantage of that make eDiscovery workflows even more efficient and more cost effective. To improve the efficiency of eDiscovery workflows, organizations can now implement technology with the following analytics features.Email Threading and Near Duplicate IdentificationYou may have heard the famous phrase “Insanity is doing the same thing over and over again expecting a different result.” But, in document review, insanity is simply doing the same thing over and over again. De-duplication using hash values identifies documents that are exact duplicates in content and format, but there is considerable additional content within document collections that is also duplicated within documents that aren’t exact matches. Email conversation threads contain considerable duplicative information, but conversations between multiple people can branch off, so you can’t just assume that the last message for the thread contains the entire thread discussion.Documents converted to PDF may be identical in content but not format, so they have different hash values and are not “de-duped.” ESI collections often include multiple drafts of documents that have both duplicative and unique content. To avoid over-capture of duplicates and gain visibility into email branches, organizations can now employ advanced analytics that can help in the following ways:Utilize advanced algorithms to identify email thread relationships and individual emails in a thread with unique contentGroup similar documents with flexible near-duplicate identification to easily review and compare to determine whether the differences are significantIdentify exact content duplicates with only formatting differences that hash de-duplication would not catch.Name Normalization and Entity AnalysisWhat’s in a name? Potentially, a whole lot of options! If the sixth US president were alive today and sending emails, here are some ways that you might see him represented within the collection:John AdamsJohnny AdamsJohn Q. AdamsQ. AdamsQuincy AdamsAdams, JohnAdams, John Q.Adams, J.Q.Adams, J. Quincyjadams@xyzcorp.com/O=XYZCORP/OU=EXCHANGE ADMINISTRATIVE GROUP (FYDIBOHF23SPDLT)/CN=RECIPIENTS/CN=jadamsAdams@gmail.comAnd potentially more…That’s a lot of variation – just for one person! Case teams often waste significant time and energy sorting through the numerous variations of names and email addresses for individuals in a matter. Advanced analytics solutions can be used to automated name normalization algorithms to link different name variations and email addresses to a single individual, format those names uniformly and aggregate the normalized participants that appear across an entire email thread group. The result? Refined results that streamline processes such as privilege logging without the intensive manual cleanup typically associated with the process.Metadata AnalyticsAI-driven analytics applied to the metadata can streamline eDiscovery by:a) identifying mass email communications so that reviewers can focus on more likely responsive emails;b) filtering email signature images and other extraneous embedded objects; andc) remediating data populations with missing or incomplete metadata by auto-detecting and populating email metadata fields on inbound productions.Privilege AnalyticsAutomated categorization and classification powered by advanced analytics can also be applied to privilege review to weed out non-responsive and non-privileged material early and rapidly identify, elevate and prioritize potentially privileged information. Customizable rules to exclude disclaimers and boilerplate language can also improve the accuracy of that identification process by eliminating many false positives.As most privilege determinations involve considerations of nuance and context, human judgments are a necessary part of the process. Pre-built and customized linguistic models, name normalization and email thread identification can extend those automated privilege determinations more quickly through the collection, with automated identification of legal concepts, privilege actors and law firms and a reusable asset with consistent propagation of privilege designations across matters.And clean name normalization outputs, along with automated and customizable privilege reasons assigned to each document expedite privilege log creation, significantly decreasing the manual cleanup often associated with this time-consuming task.Personal Identifiable Information (PII) DetectionFinally, with all of the data privacy requirements associated with recent regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), identifying and protecting PII has become a requirement within every phase of the eDiscovery lifecycle. Using analytics and pattern matching through regular expressions (RegEx) to identify common format numbers such as passport IDs, social security numbers, drivers license numbers and credit card numbers, as well as identification of common form types that often contain PII (such as loan applications or IRS forms) will help flag those documents so that they can be adequately protected throughout the process.Newer, more advanced AI-driven analytics solutions go a step further by utilizing highly precise classifiers to model the way in which different forms of supported personal data appear in data populations. These automated solutions provide rapid identification of likely and potential PII, resulting in rapid insights and immediate access to the most relevant documents first.ConclusionYou may be using analytics to streamline parts of your eDiscovery process, but there are always new use cases being identified to leverage analytics to make your eDiscovery workflows more efficient. Even Analyze This had a sequel!For more information on ways H5 Matter Analytics® can assist your organization in creating efficiencies and expediting eDiscovery workflows, click here.ediscovery-reviewblog, -ediscovery, data-analytics, document-review, ediscovery-review, aiandanalyticsblog; ediscovery; data-analytics; document-reviewlighthouse

In part one of this series, we described the state of the EU-US Privacy Shield and the mechanisms global companies have relied upon to transfer data from their multiple locations. In short, a recent decision – Schrems II – invalidated the Privacy Shield and shook the foundation of Standard Contractual Clauses (SCCs). Companies are now left asking the question of how to respond.In this post, we will share our view on how to navigate forward. If your organization is not already highly reliant on cloud software, we recommend weighing the benefits and risks of making that move. As you assess your options, keep in mind that this move may come at a higher cost because of the need to do periodic risk assessments during this uncertain time. For those already in the Cloud, the motto here is “do everything that you reasonably can.” The position no company wants to find itself in is one of stasis. It is difficult to see such a position being looked upon favourably should regulators start to investigate how companies are responding to Schrems II and the consequences that go along with it.The touchstone is the EDPB guidance and its six-stage approach to assessing data transfers, which we recommend companies undertake:Identify your data transfers: It is an obvious first step, although in practice this could prove challenging. You’ll need to know all the scenarios where your data is moved to a non-European Economic Area (EEA) country (at the time of writing this article, the UK, although out of Europe, is still under the European umbrella until at least the 30th of June).Identify the data transfer mechanisms: You need to decide the grounds upon which the transfer is taking place, such as on the basis of an adequacy decision (this does not apply to the US), SCCs, or a specific derogation (such as consent).Assess the law in the third country: You need to assess “if there is anything in the law or practice of the third country that may impinge on the effectiveness of the appropriate safeguards of the transfer tools you are relying on, in the context of your specific transfer.” There is more guidance from the EDPB as to how the evaluation should be carried out (i.e., an independent oversight mechanism should exist). How effective or practical it is to suggest each company has to perform its own thorough legal assessment as the entire range of relevant legislation in any importing country is open to debate and might perhaps be considered further as these recommendations are refined.Adopt supplementary measures if necessary to level up protection of data transfers: The EDPB has published a non-exhaustive list of such measures, which essentially fall into one of three categories - technical (i.e., encryption), contractual (i.e., transparency), and organisational (i.e., involvement of a Data Protection Officer on all transfers). We’ll have a look at these measures in more detail below in relation to Microsoft 365.Adopt necessary procedural steps: If you have made changes to deliver the required level of protection, these need to be embedded into your operation (i.e.., by means of policy).Re-evaluate at appropriate intervals: This is not a job that can be completed and then left. It needs continual monitoring. There is no specific guideline as to what an appropriate interval is, but quarterly is probably a reasonable approach.Essentially this boils down to carrying out a risk assessment and taking steps to mitigate the risks that are uncovered. If your cloud strategy includes Microsoft 365, the next part of this blog series is a must-read. We will share what Microsoft has done in response to Schrems II as well as some specific configuration options that will influence steps 4 and 5, listed above. Bear in mind that these recommendations could change and you should watch the space. To continue the discussion or to ask questions, please feel free to reach out to us at info@lighthouseglobal.com.data-privacy; microsoft-365; information-governancemicrosoft, cloud, data-privacy, blog, corporate-legal-ops, data-privacy, microsoft-365, information-governance,microsoft; cloud; data-privacy; blog; corporate-legal-opslighthouse

In 2016, European companies doing business in the US were able to breathe a sigh of relief. The European Commission deemed the Privacy Shield to be an adequate privacy protection. For the next half a decade, this shield, as well as Standard Contractual Clauses (SCCs), created the foundation upon which most global businesses were able to manage the thousands of data transfers that occur in each of their business days.Everything changed in July 2020 when the Court of Justice of the European Union gave its seismic judgment in a case generally known as Schrems II. As we will see, the decision has a particular impact on any companies relying on, or moving to, a cloud computing strategy. Businesses have been left needing to make a risk decision with seemingly no ideal outcome. Some legal, privacy, and compliance teams may be advocating for staying away from a cloud approach in light of the decision. The business teams, however, are focused on the vast array of benefits that cloud software offers.So what is the right decision? Where does the law stand and how do you manage your business in this uncertain time? In this four-part blog series, we’ll explain the impact of Schrems II, provide practical tips for companies in the midst of making a cloud decision, give specific advice regarding companies who have, or are implementing, Microsoft’s cloud offering (M365), and offer our view as to the future.Schrems II and Its ImpactFirst, let;s look at the Schrems II decision. The background to the case is well worth exploring but for the sake of brevity and providing actionable information we’ll focus on the outcome and the consequences. The key outcomes impact the two primary ways in which most data transfers between Europe and the US:The EU-US Privacy Shield was invalidated with immediate effect.SCCs (the template contracts created by the EU Commission which are the most common way in which data is moved from the EU) were declared valid, but companies using SCCs could no longer just sign up and send. A company relying on SCCs would have to verify on a case-by-case basis that the personal data being transferred was adequately protected. This process is sometimes called a Transfer Impact Assessment, although the court did not coin that phrase. If the protection is inadequate, then additional safeguards could be needed.The consequences of the decision are still revealing themselves, but as things stand:The Privacy Shield (used by more than 5,000 mostly small-to-medium enterprises) has gone with no replacement in sight (although the Biden administration appears to recognise its importance with the rapid appointment of the experienced Christopher Hoff to oversee the process).There have been significant developments in relation to SCCs, additional safeguards, and transfer impact assessments:The US published a white paper to help organisations make the case that they should be able to send personal data to the US using approved transfer mechanisms.The European Data Protection Board (EDPB) published guidance on how to supplement transfer tools.The European Commission published draft replacement SCCs.The EDPB and the European Data Protection Supervisor adopted a joint opinion on the draft replacement SCCs requesting several amendments.There is not a clear timetable as to when the replacement SCCs or EDPB guidance (which has completed a period of publication consultation) will be finalised. The sooner the better because there seem to be inconsistencies between them. For example, the Schrems II judgment and draft replacement SCCs permit a risk assessment (i.e., it is possible to conclude that personal data might not be completely protected, but that the risk is so small that the parties can agree to proceed), whereas the EPDB recommendations seem to deal in black and white with no shades between (i.e., there is either adequate protection or there is not). It will be important to monitor which, if any, of these drafts moves and in which direction. Whether the SCCs are supported with a risk assessment or analysis along the lines of the EDPB recommendations (or perhaps both), going forward using SCCs may be rather cumbersome particularly in a cloud environment where the location and path of the data is not always crystal clear. Companies are therefore in something of a grey triangle, the sides of which are a judgment of the highest European Court, a draft replacement to the SCCs the Court reviewed in its judgment, and draft guidance about additional safeguards. In part two </span><span>of the series, we will offer companies some practical guidance on how to move forward in light of this grey triangle.To discuss this topic further, please feel free to reach out to us at info@lighthouseglobal.com.data-privacy; microsoft-365; information-governancemicrosoft, data-privacy, blog, privacy-shield, data-privacy, microsoft-365, information-governance,microsoft; data-privacy; blog; privacy-shieldlighthouse

A time-saving tool that consolidates different names for the same entity can make all the difference. One of the many challenges of electronic information and messaging rests in ascertaining the actual identity of the message creator or recipient. Even when only one name is associated with a specific document or communication, the identity journey may have only just begun.The many forms our monikers take as they weave in and out of the digital realm may hold no import for most exchanges, but they can be critical when it comes to eDiscovery and privilege review, where accurate identification of individuals and/or organizations is key.It’s difficult enough when common names are shared among many individuals (hello, John Smith?), but the compilation of our own singular name variations and aliases as they live in the realm of digital text and metadata make life no less complicated. In addition, the electronic format of names and email addresses as they appear in headers or other communications can also make a difference. Attempts to consolidate these variations when undertaking document review is painstaking and error-prone.Not metadata — people. Enter “name normalization.” Automated name normalization tools come to the rescue by isolating and consolidating information found in the top-level and sub-level email headers. Automated name normalization is designed to scan, identify, and associate the full set of name variants, aliases, and email addresses for any individual referenced in the data set, making it easier to review documents related to a particular individual during a responsive review.The mindset shift from email sender and recipient information as simply metadata to profiles of individuals is a subtle but compelling one, encouraging case teams and reviewers to consider people-centric ways to engage with data. This is especially helpful when it comes to identifying what may be—and just as importantly what is not—a potentially privileged communication.Early normalization of names can optimize the privilege workflow.When and how name normalization is done can make a big difference, especially when it comes to accelerating privilege review. Name normalization has historically been a process executed at the end of a review for the purpose of populating information into a privilege log or a names key. However, performing this analysis early in the workflow can be hugely beneficial.Normalizing names at the outset of review or during the pre-review stage as data is being processed enables a team to gain crucial intelligence about their data by identifying exactly who is included in the correspondence and what organizations they may be affiliated with. With a set of easy-to-decipher names to work with instead of a mix of full names, nicknames, initials without context, and other random information that may be even more confusing, reviewers don’t have to rely on guesswork to identify people of interest or those whose legally-affiliated or adversarial status may trigger (or break) a privilege call.Name normalization tools vary, and so do their benefits. Not all name normalization tools are created equal, so it is important to understand the features and benefits of the one being used. Ideally, the algorithm in use maximizes the display name and email address associations as well as the quality and legibility of normalized name values, with as little cleanup required as possible. Granular fielded output options, including top level and sub-header participants is also helpful, as are simple tools for categorizing normalized name entities based on their function, such as privilege actors (e.g., in-house counsel, outside counsel, legal agent) and privilege-breaking third parties (e.g., opposing counsel, government agencies). The ability to automatically identify and classify organizations as well as people (e.g., government agencies, educational institutions, etc.) is also a timesaver.Identification of privilege-breaking third parties is important: although some third parties are acting as agents of either the corporation or the law firms in ways that would not break privilege, others likely would. Knowing the difference can allow a team to triage their privilege review by either eliminating documents that include the privilege breakers from the review entirely, significantly reducing the potential privilege pile, or organizing the review with this likelihood in mind, helping to prevent any embarrassing privilege claims that could be rejected by the courts.Products with such features can provide better privilege identification than is currently the norm, resulting in less volume to manage for privilege log review work later on and curtailing the re-reviews that sometimes occur when new privilege actors or breakers come to light later in the workflow. This information enables a better understanding of any outside firms and attorneys that may not have been included in a list of initial privilege terms and assists in prioritizing the review of documents that include explicit or implied interaction with in-house or outside counsel.Other privilege review and logging optimizers. Other analytics features that can accelerate the privilege review process are coming on the scene as AI tools become more accepted for document review. Privilege Analytics from within Lighthouse Matter Analytics can help review teams with this challenging workflow, streamlining and prioritizing second pass review with pre-built classifiers to automate identification of law firms and legal concepts, tag and tier potentially privileged documents, detect privilege waivers, create privilege reasons, and much more.Interested in how Name Normalization works in Privilege Analytics? Let us show you!ediscovery-review; ai-and-analyticsblog, name-normalization, privilege-review, ediscovery-review, ai-and-analyticsblog; name-normalization; privilege-reviewlighthouse

Do you ever feel like you are spending your day firefighting and wish you could spend more time planning and executing all the great ideas you have? Do you wish the business came to you first to ask for input so they could be prepared rather than rushing in once the alarm bells are already ringing? You are not alone. These are common refrains heard from legal operations professionals. Here are some ways to change that and go from a tactical resource to a strategic partner.Make Time for Strategic PlanningEven if the majority of your role calls for real-time execution, you can still showcase your strategic side. First, make sure you are spending time thinking strategically. I would recommend blocking out time at least once a month to do this work. During each of your thinking sessions, focus on just one idea. If you have too many ideas, your sessions will not be as productive. If you have multiple ideas you need to work through simultaneously, do so in multiple sessions. Or, if you don’t have any ideas, identify a need or frustration in your department. You can focus on a broad need (i.e. how to organize the department most efficiently) or a more narrow need (i.e. how to understand the company’s legal spend). When choosing what to focus on, choose something that you would be comfortable sharing with someone else. This will ensure that you can demonstrate the great strategic thinking you have done. Once you have selected the need you are going to think about, divide your time into three parts. Spend the first part brainstorming around all of the details of the specific need. Identify the problem and the potential causes. You can also identify related problems. Jot down the impact of the issue with as much detail as possible.In the second third, brainstorm potential solutions. Jot down anything that comes to mind. If this is an issue you have already thought about, you may even be able to identify how long each solution might take and/or the potential associated cost. If you have this information, note it. If not, that is ok too. The focus of the first two-thirds of your time should be to let the ideas flow. In the last third of your time, organize your thoughts on the first two sections. I find it easiest to do my organizing in a presentation software like PowerPoint, Google Slides, or Canva. You can follow the below outline or check out more details in my prior blog on getting your ideas approved at your organization.Problem Statement – Identify the issue in 1-3 sentences.Impact Statement – Identify the impact of the issue. You want to quantify this in some way, although at the early stages you might just put a placeholder or blank in here.Cause(s) – Identify the top 3-5 causes of the problem.Potential Solutions – How much you put here will really vary, but try to at least get your top idea into writing.Next Steps – Identify the next steps. If you’re not sure here, leave this blank. When you have your first conversation (more on that below), you can add information here. If you are clear about what you want to do, spend time on this section. This is an area where you can make any asks you have.Once you have completed your strategic thinking time, decide whether you want to share this plan. You may not do so with each monthly idea but you should share at least two outputs of your strategic thinking each year if you want to demonstrate your strategic ability. When you are sharing, I recommend starting with your boss. If that feels too vulnerable, you may decide to share with a co-worker first, but you will want to go to your boss next. Make sure you make clear that the goal of the session is to get their feedback. During that presentation, ask for feedback on the idea, next steps, as well as who else’s input might be valuable. If things go well, you will likely go forward with presenting to others. If your boss feels like this idea is not viable at this time, make sure you ask if there are any other similar projects that you can get involved in? Note that it might feel like a letdown if your boss says this isn’t the right time for this project. Keep in mind, however, that your goal was to showcase your strategic thinking and you will have accomplished this goal by presenting. I would also be remiss if I didn’t mention the primary obstacles I hear from people who “want” to do such an exercise. I don’t have time. I hear you – this is not something that is necessarily part of your day job, and if you’re fighting fires, you’re likely at your maximum capacity. However, think of this as a career investment. If you want to get out of the firefighting mode, invest in this work even if it is outside of your typical work hours or job responsibilities. I can’t take on the solution I’m suggesting. You can always have this discussion with your boss. It may be that there are resources that can help you or perhaps someone else takes on driving the solution. Either way, you will be able to showcase your strategic thinking.I’m worried that I will damage my reputation because this isn’t part of “my job.” Each organization is different and values this type of work differently. I will say that if this is something you really enjoy and is important to you, and your organization or role doesn’t value this work, you should consider whether your passions align with your current role.How to Show Up as Strategic in Tactical SituationsIf you can’t take on the strategic thinking right now, or if you want to press fast forward on you being seen as a strategic resource, there are ways you can show up strategically in your day-to-day interactions. When someone comes to you with a specific request for action, pause and ask yourself these three questions:“why” are we doing this;“what” broader impact will this have; and“how” does this relate to other things going on inside the organization? Take the example of a lawyer coming to you holding their latest law firm bill – fuming! “I just heard that we are paying twice on our matter for Firm ABC than Jane is paying on her matter for similar Firm ABD. Firm ABC’s rates are ridiculous – please negotiate them down right away.” You could absolutely pick up the phone and call Firm ABC. Or, you could think about the above questions. In doing so, you may realize that we are due for an annual firm rate adjustment across all our firms and that this firm has a very specialized area of expertise. If you share with this lawyer that the department has an overall rate discussion coming up that would potentially impact all of their matters, rather than just this one, as well as positively impact other matters with this firm. You can share that your preference would be to not make a phone call now but instead work this into a broader more strategic conversation with the firm. This second response showcases how you are thinking about the bigger picture and longer-term consequences for the organization. It also shares with the lawyer that you have proactive measures that you are working on that positively impact their world.legal-operationslegal-ops, blog, legal-operations,legal-ops; bloglighthouse

The International Women’s Day (IWD) theme for 2021 is “choose to challenge.”What a fitting theme for a year when 5.4 million women lost their jobs and over 2.1 million women left the workforce, while the COVID-19 pandemic wreaked havoc, and social and racial inequity issues were raised to the forefront of the international consciousness. There was certainly no shortage of challenges for women to choose from this past year.However, the IWD initiative website elaborates on the “choose to challenge” theme by noting that “a challenged world is an alert world and from challenge comes change.” It is that idea that should really resonate with us, as we move past 2020 and into 2021. There have been many examples this year of women who have chosen to rise to the challenges presented in 2020 and by doing so, have created change for other women.In keeping with this theme, Lighthouse is featuring five such women in the legal and technology fields. Five women who have risen to the challenges presented this year and created change. Those five women are:Laura Ewing-Pearle, eDiscovery Project Manager at Baker Botts LLPJenya Moshkovich, Assistant General Counsel at GenentechGina M. Sansone, Counsel – Litigation Support at Axinn Veltrop & Harkrider LLPAmy Sellars, Director, Discovery Center of Excellence at Cardinal HealthRebecca Sipowicz, VP and Assistant General Counsel at Ocwen Financial CorporationWe had the honor of interviewing these inspirational women about the “choose to challenge theme” – including the stressors of 2020, how to empower other women, how to leverage innovation to shape a more gender-equal world, and how to address social justice issues. That discussion led to some powerful lessons on how to rise to our current challenges and create meaningful, lasting change.Empowering Women Durning a PandemicLike any societal change, empowering women starts small, at the individual level. We do not have to wait for some grand opportunity or postpone our effort until we have the time to volunteer – especially during a pandemic when our personal time may feel even more precious and many in-person volunteer opportunities have halted. Empowerment can happen by simply reaching out to the women around us – women we work with, women in our personal lives, and women within our own families.Laura Ewing-Pearle noted, “One principle to keep in mind is that women are not a monolithic bloc, and that empowering women usually means empowering the individual. A woman with twenty years’ experience in the legal world caring for aging parents has a different set of stressors and goals than a woman fresh out of school with a toddler, especially under the new Covid protocols…Seeing past “woman” to the individual brings us all closer to a more gender-equal world.”In our professional lives, empowering at the individual level can mean reaching out to our women co-workers, teammates, and those that may be on “lower rungs” of the corporate or law firm ladders and offering them a chance to sit down (virtually) for a cup of coffee to talk about their personal goals and challenges. This provides women a space to be heard and seen, first and foremost. It is from these conversations that the seeds of change are often planted.Rebecca Sipowicz stated, “During the summer I became responsible for co-oversight of our back-office team in India, which is approximately 25% female. For at least the past 10 years, the India team has not reported, directly or indirectly, to a woman. I have reached out on an individual level to these women to discuss their career goals and how we can work together to achieve them. I also started a monthly “catch-up” where, in this virtual environment, we can meet for 30 minutes to talk about work, life, and the state of the world. Through these conversations, I have not only gotten to know better my colleagues who are located off-shore but also have been able to share life experiences, such as how to take advantage of our remote work world while parenting and managing online school. The continued growth of this group of employees is one of my most important goals for 2021.”These conversations often help us learn not only about individual ambitions and challenges, but also may help us learn about unsung accomplishments and milestones that women often are less apt to tout about themselves within their own organizations and networks. In turn, this can provide an excellent opportunity to be a champion for those women, by calling out successes that would otherwise go unrecognized.Gina Sansone said, “I am a strong believer in being a vocal cheerleader for the women around me who may be less comfortable with promoting their strengths and accomplishments. Women often play multiple roles at work and at home that are not obvious to others and get overlooked because they tend to be less measurable in a traditional sense. These contributions are nonetheless valuable and crucial to an organization and the lives of others, and it’s really important to notice and appreciate them along the way.”Empowering at the individual level also means leading by example during these conversations. The stressors of the pandemic have changed our lives dramatically, both professionally and personally. It is unchartered territory for everyone, and studies are showing that women are shouldering the brunt of the burden at home – often juggling full-time virtual schooling with children while working full-time jobs or dealing with the bulk of household maintenance. Leading by example and being honest about ourselves and our own hurdles during our conversations can empower women to be honest about their own struggles and needs.Jenya Moshkovich stated, “[I empower other women by] being honest about my own challenges and creating and holding space for others to be their true, authentic selves with all the complexities and messiness that can bring. The line between our private lives and work is blurrier now than it has ever been and we have to let go of trying to pretend that we have it all together all the time because no one does, especially these days.”The example we set and the honesty with which we portray ourselves can especially be important for those closest to us – the people within our own families and homes.Rebecca Sipowicz mentioned, “…Having my children home from school for six months enabled my 11-year-old daughter to witness firsthand how involved my job is and to learn how difficult but rewarding it is to juggle parenting and a career. This is a valuable lesson for all children, not just girls.”Leveraging Innovation to Shape a More Gender Equal WorldIf the legal and technology industries have anything in common, it is that women have been historically under-represented in both spaces. Fortunately, technological innovation can help close the gender gap in both industries:Rebecca Sipowicz shared, “The pandemic really pushed all of corporate America to take steps that will help to advance gender equality in the workplace – namely the move from in-office to remote work. This unquestionably provides working mothers with more equal access to the workplace. Through the use of video software such as Zoom and Teams, and the ability to work around parenting responsibilities, fewer women should feel the pressure to leave the workforce in order to parent….This flexibility allows women to continue to contribute to the workforce and grow in their careers while caring for their families, without feeling like they are short-changing either side. This should enable women to continue to take on more prominent roles and push women throughout the world to request an equal seat at the table.”Technological innovation can also help people push their organizations and law firms to empower women and support equality. Many companies have seen how innovation and technology can help close the gender gap, and we can work within those systems to further those efforts.Gina Sansone said, “I really don’t know how we can begin to work toward a gender-equal world without leveraging innovation. To me, innovation means creating a dynamic work environment that encourages everyone to move forward, which could mean training and managing members of the same team differently. While consistency is important, recognizing differences, being flexible, and empowering people to think differently and not simply check a box are steps toward shaping a more gender-equal world.”Laura Ewing-Pearle added, “Encouraging and leveraging more on-line training certainly helps anybody juggling family and career to keep pace with new technology and change. I’m grateful that Baker Botts as a firm encourages everyone to create new, innovative ideas to improve business processes and culture.”Jenya Moshkovich mentioned, “I am very fortunate to work for a company that has started innovating in this space years ago and where I am in the position to benefit from these efforts. Since 2007, Genentech has more than doubled the percentage of female officers from 16 to 43% and today over half of our employees and over half of our directors are women. In our legal department, ALL of our VPs are women. Genentech’s efforts to move towards gender equality have included senior leadership commitments, programs to drive professional development and open up opportunities for career advancement, among others.”Going forward, it will be equally important to continue efforts to support changes in our industry. While we have come a long way and made considerable progress, it is still important to push companies and law firms to recognize equity gaps and encourage the use of innovation and technology to help close those gaps.Amy Sellars stated, “Corporate practices favor men, and Covid exacerbates this problem. Will companies acknowledge that women took on most of the additional burdens of children at home, education at home, of people at home all the time (more dishes, more cleaning, more cooking, less dry cleaning, and more laundry)?”Rebecca Sipowicz said, “It is up to all of us to make sure that the realization that flexibility can result in increased productivity and satisfaction continues long after the pandemic, allowing women (and men of course) to have the best of both worlds.”Addressing Social Justice and Equality Issues2020 was also a devastating year for people of color, as well as underrepresented and low-income communities. The tragic events throughout the year brought social inequality issues and systemic racism to the forefront of the conversation in many families, workplaces, and social circles. Many of the lessons learned in the fight for gender equality can also be applied to the fight for racial and social equality. For instance, just as empowering women can start at the individual level, the fight for social and racial equality can also start with small, individual acts.These acts can be as simple as personally working to educate ourselves on the work to be done, so that we can act on social justice issues in the most impactful way:Jenya Moshkovich said, “2020 was a difficult year in so many ways including the tragic deaths of George Floyd, Breonna Taylor, and Ahmaud Arbery and many incidents of xenophobic violence against Asian Americans. My personal focus has been on educating myself, speaking up for others, listening, and fostering belonging. And there is so much more that needs to be done.”Gina Sansone added, “The social issues raised in 2020 were unfortunately just a magnification of issues that have existed for a long time. It was a perfect storm of events that certainly made me and others face the thought patterns, inequalities, and general civil unrest that has been festering in our society. It is very easy to live in a bubble and lose sight. I think one of the most important things that happened was people stopped being quiet and just accepting. Change will not happen unless it is absolutely forced and we need to continue recognizing that the world is not equal.”Creating social justice change also can mean utilizing the education we do have about these issues, and working within our communities to help in any way possible – both at the individual level and on a broader scale:Amy Sellars stated, “My husband and I have always been passionate about voting rights and participate in get out the vote efforts. 2020 was a particularly important year for voting issues, as so many people were isolated and had even less access to register to vote or get to polls than normal. Working with the League of Women Voters, we did neighborhood registration drives, and we volunteered as non-partisan poll watchers. We also picked up Meals on Wheels shifts. All around the country, meal recipients who used to be fed at central locations were transitioned to home deliveries, and it has taken an army of volunteers in personal vehicles…We are also volunteering on the domestic crisis hotline.”We can also leverage the networks and programs put in place within forward-thinking organizations to help bring about social change. More and more law firms and organizations are working to help close the gender gap and fight racial and social inequity. Employees of those organizations are in a unique position to join those initiatives to make more of an impact:Laura Ewing-Pearle said, “While (Baker Botts) had resources in place prior to the events of last year, the firm has also increased efforts over the past twelve months to address social issues including greater outreach to diverse communities, and creating a significant pro bono partnership with Official Black Wall Street, among other major initiatives.”Rebecca Sipowicz added, “I am a member of the Ocwen Global Women’s Network (OGWN), which supports the attainment of Ocwen’s goals in diversity, inclusion, and talent development. I am also on the planning committee for the National Association of Women Lawyers (NAWL) mid-year meeting. NAWL’s mission is to empower women in the legal profession, while cultivating a diverse membership dedicated to equality, mutual support and collective success. Membership in and support of organizations such as NAWL and OGWN provide me with a platform to address the diversity and social issues that permeated 2020.”‍ConclusionThe lesson learned from these strong women during a year full of challenges is that seemingly “small” acts can have big impacts. Change starts with all of us, at an individual level, working to empower women and make impactful societal changes – one person, one organization, and one community at a time.Thank you to the five women who participated in our 2021 International Women's Day Campaign! Take a look at our 2020 and 2019 International Women's Day campaigns for more inspiring stories of women in our industry making bold moves to promote gender equality.For more information, please reach out to us at info@lighthouseglobal.com.diversity-equity-and-inclusionblog, diversity-equity-and-inclusion,bloglighthouse

Lighthouse Microsoft 365 (M365) experts, John Holliday and John Collins, recently teamed up with Reed Smith to present the M365 in 5 Foundation Series on Reed Smith’s Tech Law Talks podcast. The series dives into operational considerations when rolling out M365 tools related to governance, retention, eDiscovery, and data security across a broad range of applications, from Exchange and SharePoint to all things Microsoft Teams.Check out the lineup below and click the titles of each podcast to give them a listen.M365 in 5 – Part 1: Exchange Online – Not just a mailboxDiscover the enhanced functionality of EXO, including new data types and the potential for enhanced governance.M365 in 5 – Part 2: SharePoint Online – The new file-share environmentHear about the enhanced file share and collaboration functionality in SharePoint Online, including real-time collaboration, access controls, and opportunities to control retention and deletion.M365 in 5 – Part 3: OneDrive for Business – Protected personal collaborationLearn about OneDrive for Business and how organizations can use it for personal document storage, such as giving other users access to individual documents within an individual’s OneDrive and acting as the storage location for all Teams Chats.M365 in 5 – Part 4: Teams – An introduction to collaborationListen to an introduction to Teams and how it is transforming the way organizations are working and communicating.M365 in 5 – Part 5: Teams Chats – Modern communicationsUncover the enhanced functionality of M365’s new instant messaging platform, including persistent chats, modern attachments, expressive features, and priority messaging, which enhance communication but can bring increased eDiscovery or regulatory risks.M365 in 5 – Part 6: Teams Channels – The virtual collaboration workspaceHear how Teams Channels are changing not only the way organizations work and collaborate, but also key legal and risk considerations that should be contemplated.M365 in 5 – Part 7: Teams Audio/Video (A/V) ConferencingDive into the functionality and controls of audio/video conferencing capabilities, including the integration of chats, whiteboards, translation, and transcription services.The Tech Law Talks podcast hosts regular discussions about the legal and business issues around data protection, privacy and security; data risk management; intellectual property; social media; and other types of information technology. For more information regarding the show, follow the link here: https://reedsmithtech.podbean.com.If you have questions about how to develop and maintain legal and compliance programs around M365, reach out to us at info@lighthouseglobal.com.microsoft-365; information-governancemicrosoft, blog, microsoft-365, information-governancemicrosoft; bloglighthouse

Below is a copy of a featured article written by Kimberly Quan of Juniper Networks and John Del Piero of Lighthouse for Bloomberg Law.Whether it's Teams, Slack, Zendesk, GChat, ServiceNow, or similar solutions that have popped up in the market over the last few years, collaboration and workflow platforms have arrived. According to Bloomberg Law's 2020 Legal Technology Survey, collaboration tools are being used by 77% of in-house and 44% of law firm attorneys. These tools are even more widely used by workers outside of the legal field.With many companies planning to make remote working a permanent fixture, we can expect the existing collaboration tools to become even more entrenched and new competitors to arrive on the scene with similarly disruptive technologies.This will be a double-edged sword for compliance and in-house legal teams, who want to encourage technology that improves employee productivity, but are also wary of the potential information governance and eDiscovery risks arising because of these new data sources. This article explains the risks these tools can pose to organizations and provides a three-step approach to help mitigate those risks.Understand Litigation and Investigation RiskThe colloquial and informal nature of collaborative tools creates inherent risk to organizations, much like the move from formal memos to email did 20 years ago. Communications that once occurred orally in the office or over the phone are now written and tracked, logged, and potentially discoverable. However, a corporation's ability to retain, preserve, and collect these materials may be unknown or impossible, depending on the initial licensing structure the employee or the company has entered into or the fact that many new tools do not include features to support data retention, preservation, or collection.Government agencies and plaintiffs’ firms have an eye on these new applications and platforms and will ask specifically about how companies and even individual custodians use them during investigations and litigations. Rest assured that if a custodian indicates during an interview or deposition that she used the chat function in a tool like Teams or Slack, for example, to work on issues relevant to the litigation, opposing counsel will ask for those chat records in discovery. Organizations can mitigate the risk of falling down on their eDiscovery obligations because of the challenges posed bycollaboration tool data using this three-step approach:Designate personnel in information technology (IT) and legal departments to work together to vet platforms and providers.Develop clear policies that are regularly reviewed for necessary updates and communicated to the platform users.Ensure internal or external resources are in place to monitor the changes in the tools and manage associated retention, collection, and downstream eDiscovery issues.Each of these steps is outlined further below.Designate IT & Legal Personnel to Vet Platforms and Providers‍Workers, especially those in the tech industry, naturally want to be free to use whatever technology allows them to effectively collaborate on projects and quickly share information.However, many of these tools were not designed with legal or eDiscovery tasks in mind, and therefore can pose challenges around the retention, preservation and collection of the data they generate.Companies must carefully vet the business case for any new collaboration tool before it is deployed. This vetting process should entail much more than simply evaluating how well the tool or platform can facilitate communication and collaboration between workers. It also involves designating personnel from both legal and IT to work together to evaluate the eDiscovery and compliance risks a new tool may pose to an organization before it is deployed.The importance of having personnel from both legal and IT involved from the outset cannot be understated. These two teams have different sets of priorities and can evaluate eDiscovery risks from two different vantage points. Bringing them together to vet a new collaboration tool prior to deployment will help to ensure that all information governance and eDiscovery downstream effects are considered and that any risks taken are deliberate and understood by the organization in advance of deployment. This collaborative team can also ensure that preservation and discovery workflows are tested and in place before employees begin using the tool.Once established, this dedicated collaborative IT and legal team can continue to serve the organization by meeting regularly to stay abreast of any looming legal and compliance risks related to data generation. For example, this type of team can also evaluate the risks around planned organizational technology changes, such as cloud migrations, or develop workflows to deal with the ramifications of the near-constant stream of updates that roll out automatically for most cloud-based collaborative tools.Develop Clear Policies That Are Regularly Reviewed‍The number of collaborative platforms that exist in the market is ever evolving, and it is tempting for organizations to allow employees to use whatever tool makes their work the easiest. But, as shown above, allowing employees to use tools that have not been properly vetted can create substantial eDiscovery and compliance risks for the organization.Companies must develop clear policies around employee use of collaborative platforms in order to mitigate those risks. Organizations have different capabilities in restricting user access to these types of platforms. Historically, technology companies have embraced a culture where innovation is more important than limiting employees’ access to the latest technology. More regulated companies, like pharmaceuticals, financial services, and energy companies, have tended to create a more restrictive environment. One of the most successful approaches, no matter the environment or industry, is to establish policies that restrict implementation of new tools while still providing users an avenue to get a technology approved for corporate use after appropriate vetting.These policies should have clear language around the use of collaboration and messaging tools and should be frequently communicated to all employees. They should also be written using language that does not require updating every time anew tool or application is launched on the market. For instance, a policy that restricts the work-related use of a broad category of messaging tools, like ephemeral messaging applications, also known as self-destructing messaging applications, is more effective than a policy that restricts the use of a specific application, like Snapchat. The popularity of messaging tools can change every few months, quickly leading to outdated and ineffective policies if the right language is not used.Make sure employees not only understand the policy, but also understand why the policy is in place. Explain the security, compliance, and litigation-related risks certain types of applications pose to the organization and encourage employees to reach out with questions or before using a new type of technology.Further, as always with any policy, consider how to audit and police its compliance. Having a policy that isn't enforced issometimes worse than having no policy at all.Implement Resources to Manage Changes in Tools‍Most collaboration tools are cloud-based, meaning technology updates can roll out on a near-constant basis. Small updates and changes may roll out weekly, while large systemic updates may roll out less frequently but include hundreds of changes and updates. These changes may pose security, collection, and review challenges, and can leave legal teams unprepared to respond to preservation and production requests from government agencies or opposing counsel. In addition, this can make third-party tools on which companies currently rely for specific retention and collection methodologies obsolete overnight.For example, an update that changes the process for permissions and access to channels and chats on a collaborative platform like Teams may seem like a minor modification. However, if this type of update is rolled out without legal and IT team awareness, it may mean that employees who formerly didn't have access to a certain chat function may now be able to generate discoverable data without any mechanism for preservation or collection in place.The risks these updates pose mean that is imperative for organizations to have a framework in place to monitor and manage cloud-based updates and changes. How that framework looks will depend on the size of the organization and the expertise and resources it has on hand. Some organizations will have the resources to create a team solely dedicated to monitoring updates and evaluating the impact of those updates. Other organizations with limited internal access to the type of expertise required or those that cannot dedicate the resources required for this task may find that the best approach is to hire an external vendor that can perform this duty for the organization.When confronted with the need to collect, process, review, and produce data from collaboration tools due to an impending litigation or investigation, an organization may find it beneficial to partner with someone with the expertise to handle the challenges these types of tools present during those processes. Full-scale, cloud-based collaboration tools like Microsoft Teams and Slack are fantastic for workers because of their ability to combine almost every aspect of work into a single, integrated interface. Chat messaging, conference calling, calendar scheduling, and group document editing are all at your fingertips and interconnected within one application. However, this aspect is precisely why these tools can be difficult to collect, review, and produce from an eDiscovery perspective.With platforms like Teams, several underlying applications, such as chat, video calls, and calendars, are now tied together through a backend of databases and repositories. This makes a seemingly simple task like “produce by custodian” or “review a conversation thread” relatively difficult if you haven't prepared or are not equipped to do so. For example, in Teams communications such as chat or channel messages, when a user sends a file to another user, the document that is attached to the message is no longer the static, stand-alone file.Rather, it is a modern attachment, a link to the document that resides in the sender's OneDrive. This can beg questions as to which version was reviewed by whom and when it was reviewed. Careful consideration of versioning and all metadata and properties will be of the utmost importance during this process, and will require someone on board who understands the infrastructure and implications of those functions.The type of knowledge required to effectively handle collection and production of data generated by the specific tools an organization uses will be extremely important to the success of any litigation or investigation. Organizations can begin planning for success by proactively seeking out eDiscovery vendors and counsel that have experience and expertise handling the specific type of collaboration tools that the organization currently uses or is planning on deploying. Once selected, these external experts can be engaged early, prior to any litigation or investigation, to ensure that eDiscovery workflows are in place and tested long before any production deadlines.ConclusionCloud-based collaboration tools and platforms are here to stay. Their ability to allow employees to communicate and collaborate in real time while working in a remote environment is becoming increasingly important in today's world. However, these tools inherently present eDiscovery risks and challenges for which organizations must carefully prepare. This preparation includes properly vetting collaboration tools and platforms prior to deploying them, developing and enforcing clear internal policies around their use, monitoring all system updates and changes, and engaging eDiscovery experts early in the process.With proper planning, good collaboration between IT and legal teams and expert engagement, organizations can mitigate the eDiscovery risks posed by these tools while still allowing employees the ability to use the collaboration tools that enable them to achieve their best work.Reproduced with permission. Published March 2021. Copyright © 2021 The Bureau of National Affairs, Inc.800.372.1033. For further use, please contact permissions@bloombergindustry.com.chat-and-collaboration-data; ediscovery-review; microsoft-365emerging-data-sources, blog, corporate, chat-and-collaboration-data, ediscovery-review, microsoft-365,emerging-data-sources; blog; corporatebloomberg law

Big data can mean big problems in the ediscovery and compliance world – and those problems can be exponentially more complicated when personal data is involved. Sifting through terabytes of data to ensure that all personal information is identified and protected is becoming an increasingly more painstaking and costly process for attorneys today.Fortunately, advances in artificial intelligence (AI) and analytics technology are changing the landscape and enabling more efficient and accurate detection of personal information within data. Recently, I was fortunate enough to gather a panel of experts together to discuss how AI is enabling legal professionals in the ediscovery, information governance, and compliance arenas to identify personal protected information (PII) and personal health information (PHI) more quickly within large datasets. Below is a summary of our discussion, along with some helpful tips for leveraging AI to detect personal information.Current Methods of Personal Data Identification Similar to the slower adoption of AI and analytics to help with the protection of attorney-client privilege information (compared to the broader adoption of machine learning to identify matter relevant documents), the legal profession has also been slow to leverage technology to help identify and protect personal data. Thus, the identification of personal data remains a very manual and reactive process, where legal professionals review documents one-by-one on each new matter or investigation to find personal information that must be protected from disclosure.This process can be especially burdensome for pharmaceutical and healthcare industries, as there is often much more personal information within the data generated by those organizations, while the risk for failing to protect that information may be higher due to healthcare-specific patient privacy regulations like HIPAA.How Advances in AI Technology Can Improve Personal Data Identification There are a few ways in which AI has advanced over the last few years that make new technology much more effective at identifying personal data:Analyzing More Than Text: AI technology is now capable of analyzing more than just the simple text of a document. It can now also analyze patterns in metadata and other properties of documents, like participants, participant accounts, and domain names. This results in technology that is much more accurate and efficient at identifying data more likely to contain personal information.Leveraging Past Work Product: Newer technology can now also pull in and analyze the coding applied on previous reviews without disrupting workflows in the current matter. This can add incredible efficiency, as documents previously flagged or redacted for personal information can be quickly removed from personal information identification workflows, thus reducing the need for human review. The technology can also help further reduce the amount of attorney review needed at the outset of each matter, as it can use many examples of past work product to train the algorithms (rather than training a model from scratch based on review work in the current matter).Taking Context into Account: Newer technology can now also perform a more complicated analysis of text through algorithms that can better assess the context of a document. For example, advances in Natural Language Processing (NLP) and machine learning can now identify the context in which personal data is often communicated, which helps eliminate previously common false hits like mistakenly flagging phone numbers as social security numbers, etc.Benefits of Leveraging AI and Analytics when Detecting Sensitive DataArguably the biggest benefit to leveraging new AI and analytics technology to detect personal information is cost savings. The manual process of personal information identification is not only slower, but it can also be incredibly expensive. AI can significantly reduce the number of documents legal professionals would need to look through, sometimes by millions of documents. This can translate into millions of dollars in review savings because this work is often performed by legal professionals who are billed at an hourly rate.Not only can AI utilization save money on a specific matter, but it can also be used to analyze an entire legal portfolio so that legal professionals have an accurate sense of where (and how much) personal information resides within an organization’s data. This knowledge can be invaluable when crafting burden arguments for upcoming matters, as well as to better understand the potential costs for new matters (and thus help attorneys make more strategic case decisions).Another key benefit of leveraging AI technology is the accuracy with which this technology can now pinpoint personal data. Not only is human review much less efficient, but it can also lead to mistakes and missed information. This increases the risk for healthcare and pharmaceutical organizations especially, who may face severe penalties for inadvertently producing PHI or PII (particularly if that information ends up in the hands of malevolent actors). Conducting quality control (QC) with the assistance of AI can greatly increase the accuracy of human review and ensure that organizations are not inadvertently producing individuals’ personal information. Best Practices for Utilizing AI and Analytics to Identify Personal DataPrepare in Advance: AI technology should not be an afterthought. Before you are faced with a massive document production on a tight deadline, make sure you understand how AI and analytics tools work and how they can be leveraged for personal data identification. Have technology providers perform proof of concept (POC) analyses with the tools on your data and demonstrate exactly how the tools work. Performing POCs on your data is critical, as every provider’s technology demos well on generic data sets. Once you have settled on the tools you want to use within your organization, ensure your team is trained well and is ready to hit the ground running. This will also help ensure that the technology you choose fits with your internal systems and platforms.Take a Global Team Approach: Prior to leveraging AI and analytics, spend some time working with the right people to define what PII and PHI you have an obligation to identify, redact, or anonymize. Not all personal information will need to be located or redacted on every matter or in every jurisdiction, but defining that scope early will help you leverage the technology for the best use cases.Practice Information Governance: Make sure your organization is maintaining proper control of networks, keeping asset lists up to date, and tracking who the business and technical leads are for each type of asset. Also, make sure that document retention policies are enforced and that your organization is maintaining controls around unstructured data. In short, becoming a captain of your content and running a tight ship will make the entire process of identifying personal information much more efficient.Think Outside the Box: AI and analytics tools are incredibly versatile and can be useful in a myriad of different scenarios that require protecting personal information from disclosure. From data breach remediation to compliance matters, there is no shortage of circumstances that could benefit from the efficiency and accuracy that AI can provide. When analyzing a new AI tool, bring security, IT, and legal groups to the table so they can see the benefits and possibilities for their own teams. Also, investigate your legal spend and have other teams do the same. This will give you a sense of how much money you are currently spending on identifying personal information and what areas can benefit from AI efficiency the most.If you’re interested in learning more about how to leverage AI and analytic technology within your organization or law firm, please see my previous articles on how to build a business case for AI and win over AI naysayers within your organization.To discuss this topic more or to learn how we can help you make an apples-to-apples comparison, feel free to reach out to me at RHellewell@lighthouseglobal.com.data-privacy; ai-and-analyticsai-and-analytics, microsoft-365analytics; data-privacy; ai-big-data; bloglighthouse

Identifying attorney-client privilege is one of the most costly and time-consuming processes in eDiscovery. Since the dawn of the workplace email, responding to discovery requests has had legal teams spending countless hours painstakingly searching through millions of documents to pinpoint attorney-client and other privileged information in order to protect it from production to opposing parties. As technology has improved, legal professionals have gained more tools to help in this process, but inevitably, it still often entails costly human review of massive amounts of documents.What if there was a better way? Recently, I had the opportunity to gather a panel of eDiscovery experts to discuss how advances in AI and analytics technology now allow attorneys to identify privilege more efficiently and accurately than previously possible. Below, I have summarized our discussion and outlined how legal teams can leverage advanced AI technology to reinvent the model for detecting attorney-client privilege.Current Methods of Privilege Identification Result in Over IdentificationCurrently, the search for privileged information includes a hodgepodge of different technology and workflows. Unfortunately, none of them are a magic bullet and all have their own drawbacks. Some of these methods include:Privilege Search Terms: The foundational block of most privilege reviews involves using common privilege search terms (“legal,” “attorney,” etc.) and known attorney names to identify documents that may be privileged, and then having a review team painstakingly re-review those documents to see if they do, in fact, contain privileged information.‍Complex Queries or Scripts: This method builds on the search term method by weighting the potential privilege document population into ‘tiers’ for prioritized privilege review. It sometimes uses search term frequency to weigh the perceived risk that a document is privileged.‍Technology Assisted Review (TAR): The latest iteration of privilege identification methodologies involves using the TAR process to try to further rank potential privilege populations for prioritized review, allowing legal teams to cut off review once the statistical likelihood of a document containing privilege information reaches a certain percentage.Even applied together, all these methodologies are only just slightly more accurate than a basic privilege search term application. TAR, for example, may flag 1 out of every 4 documents as privilege, instead of the 1 out of every 5 typically identified by common privilege search term screens. This result means that review teams are still forced to re-review massive amounts of documents for privilege.The current methods tend to over-identify privilege for two very important reasons: (1) they rely on a “bag of words” approach to privilege classification, which removes all context from the communication; (2) they cannot leverage non-text document features, like metadata, to evaluate patterns within the documents that often provide key contextual insights indicating a privileged communication.How Can Advances in AI Technology Improve Privilege Identification MethodsAdvances in AI technology over the last two years can now make privilege classification more effective in a few different ways:Leveraging Past Work Product: Newer technology can pull in and analyze the privilege coding that was applied on previous reviews, without disrupting the current review process. This helps reduce the amount of attorney review needed from the start, as the analytics technology can use this past work product rather than training a model from scratch based on review work in the current matter. Often companies have tens or even hundreds of thousands of prior privilege calls sitting in inactive or archived databases that can be leveraged to train a privilege model. This approach additionally allows legal teams to immediately eliminate documents that were identified as privileged in previous reviews.Analyzing More Than Text: Newer technology is also more effective because it now can analyze more than just the simple text of a document. It can also analyze patterns in metadata and other properties of documents, like participants, participant accounts, and domain names. For example, documents with a large number of participants are much less likely to contain information protected by attorney-client privilege, and newer technology can immediately de-prioritize these documents as needing privilege review.Taking Context into Account: Newer technology also has the ability to perform a more complicated analysis of text through algorithms that can better assess the context of a document. For example, Natural Language Processing (NLP) can much more effectively understand context within documents than methods that focus more on simple term frequency. Analyzing for context is critical in identifying privilege, particularly when an attorney may just be generally discussing business issues vs. when an attorney is specifically providing legal advice.Benefits of Leveraging Advances in AI and Analytics in Privilege ReviewsLeveraging the advances in AI outlined above to identify privilege means that legal teams will have more confidence in the accuracy of their privilege screening and review process. This technology also makes it much easier to assemble privilege logs and apply privilege redactions, not only to increase efficiency and accuracy, but also because of the ability to better analyze metadata and context. This in turn helps with privilege log document descriptions and justifications and ensuring consistency. But, by far the biggest gain, is the ability to significantly reduce costly and time-intensive manual review and re-review required by legal teams using older search terms and TAR methodologies.ConclusionLeveraging advances in AI and analytics technology enables review teams to identify privileged information more accurately and efficiently. This in turn allows for a more consistent work product, more efficient reviews, and ultimately, lower eDiscovery costs.If you’re interested in learning more about AI and analytics advancements, check out my other articles on how this technology can also help detect personal information within large datasets, as well as how to build a business case for AI and win over AI naysayers within your organization.To discuss this topic more or to learn how we can help you make an apples-to-apples comparison, feel free to reach out to me at RHellewell@lighthouseglobal.com.ai-and-analytics; chat-and-collaboration-data; ediscovery-reviewprivilege, analytics, ai-big-data, blog, ai-and-analytics, chat-and-collaboration-data, ediscovery-review,privilege; analytics; ai-big-data; bloglighthouse

Recently, I had the opportunity to (virtually) attend the first three days of Legalweek, the premier conference for those in the legal tech industry. Obviously, this year’s event looked much different than past years, both in structure and in content. But as I listened to legal and technology experts talk about the current state of the industry, I was happily surprised that the message conveyed was not one of doom and gloom, as you might expect to hear during a pandemic year. Instead, a more inspiring theme has emerged for our industry - one of hope through innovation.Just as we, as individuals, have learned hard lessons during this unprecedented year and are now looking towards a brighter spring, the legal industry has learned valuable lessons about how to leverage technology and harness innovation to overcome the challenges this year has brought. From working remotely in scenarios that previously would have never seemed possible, to recognizing the vital role diversity plays in the future of our industry – this year has forced legal professionals to adapt quickly, utilize new technology, and listen more to some of our most innovative leaders.Below, I have highlighted the key takeaways from the first three days of Legalweek, as well as how to leverage the lessons learned throughout this year to bring about a brighter future for your organization or law firm.“Human + Machine” not “Human vs. Machine” Almost as soon as artificial intelligence (AI) technology started playing a role within the legal industry, people began debating whether machines could (or should) eventually replace lawyers. This debate often devolves into a simple “which is better: humans or machines” argument. However, if the last year has taught us anything, it is that the answers to social debates often require nuance and introspection, rather than a “hot take.” The truth is that AI can no longer be viewed as some futuristic option that is only utilized in certain types of eDiscovery matters; nor should it be fearfully viewed as having the potential to replace lawyers in some dystopian future. Rather, AI has become essential to the work of attorneys and ultimately will be necessary to help lawyers serve their clients effectively and efficiently.1Data volumes are exponentially growing year after year, so much so that soon, even the smallest internal investigation will involve too much data to be effectively reviewed by human eyes alone. AI and analytics tools are now necessary to prioritize, cull, and categorize data in most litigations for attorneys to efficiently find and review the information they need. Moreover, advancements in AI technology now enable attorneys to quickly identify categories of information that previously required expensive linear review (for example, leveraging AI to identify privilege, protected health information (PHI), or trade secret data).Aside from finding the needle in the haystack (or simply reducing the haystack), these tools can also help attorneys make better, more strategic counseling and business decisions. For example, AI can now be utilized to understand an organization’s entire legal portfolio better, which in turn, allows attorneys to make better scoping and burden arguments as well as craft more informed litigation and compliance strategies.Thus, the age-old debate of which is better (human or machine learning) is actually an outdated one. Instead, the future of the legal industry is one where attorneys and legal professionals harness advanced technology to serve their clients proficiently and effectively.Remote Working and Cloud-Based Tools Are Here to StayOf course, one of the biggest lessons the legal industry learned over the past year is how to effectively work remotely. Almost every organization and law firm across the world was forced to quickly pivot to a more remote workforce – and most have done so successfully, albeit while facing a host of new data challenges related to the move. However, as we approach the second year of the pandemic, it has become clear that many of these changes will not be temporary. In fact, the pandemic appears to have just been an accelerator for trends that were already underway prior to 2020. For example, many organizations were already taking steps to move to a more cloud-based data architecture. The pandemic just forced that transition to happen over a much shorter time frame to facilitate the move to a remote workforce.This means that organizations and law firms must utilize the lessons learned over the last year to remain successful in the future, as well as to overcome the new challenges raised by a more remote, cloud-based work environment. For example, many organizations implemented cloud-based collaboration tools like Zoom, Slack, Microsoft Teams, and Google Workspace to help employees collaborate remotely. However, legal and IT professionals quickly learned that while these types of tools are great for collaboration, many of them are not built with data security, information governance, or legal discovery in mind. The data generated by these tools is much different than traditional e-mail – both in content and in structure. For example, audible conversations that used to happen around the water cooler or in an impromptu in-person meeting are now happening over Zoom or Microsoft Teams, and thus may be potentially discoverable during an investigation or legal dispute. Moreover, the data that is generated by these tools is structured significantly differently than data coming from traditional e-mail (think of chat data, video data, and the dynamic “attachments” created by Teams). Thus, organizations must learn to put rules in place to help govern and manage these data sources from a compliance, data security, and legal perspective, while law firms must continue to learn how to collect, review, and produce this new type of data.It will also be of growing importance in the future to have legal and IT stakeholder collaboration within organizations, so that new tools can be properly vetted and data workflows can be put in place early. Additionally, organizations will need a plan in place to stay ahead of technology changes, especially if moving to a cloud-based environment where updates and changes can roll out weekly. Attorneys should also consider technology training to stay up-to-date and educated on the various technology platforms and tools their company or client uses, so that they may continue to provide effective representation.Information Governance is Essential to a Healthy Data StrategyRelated to the above, another key theme that emerged over the last year is that good information governance is now essential to a healthy company, and that it is equally important for attorneys representing organizations to understand how data is managed within that organization.The explosion of data volumes and sources, as well as the unlimited data storage capacity of the Cloud means that it is essential to have a strong and dynamic information governance strategy in place. In-house counsel should ensure that they know how to manage and protect their company’s data, including understanding what data is being created, where that data resides, and how to preserve and collect that data when required. This is important not only from an eDiscovery and compliance perspective but also from a data security and privacy perspective. As more jurisdictions across the world enact competing data privacy legislation, it is imperative for organizations to understand what personal data they may be storing and processing, as well as how to collect it and effectively purge it in the event of a request by a data subject.Also, as noted above, the burden to understand an organization’s data storage and preservation strategy does not fall solely on in-house counsel. Outside counsel must also ensure they understand their client’s organizational data to make effective burden, scoping, and strategy decisions during litigation.A Diverse Organization is a Stronger OrganizationFinally, another key theme that has emerged is around recognizing the increasing significance that diversity plays within the legal industry. This year has reinforced the importance of representation and diversity across every industry, as well as provided increased opportunities for education about how diversity within a workforce leads to a stronger, more innovative company. Organizational leaders are increasingly vocalizing the key role diversity plays when seeking services from law firms and legal technology providers. Specifically, many companies have implemented internal diversity initiatives like women leadership programs and employee-led diversity groups and are actively seeking out law firms and service providers that provide similar opportunities to their own employees. The key takeaway here is that organizations and law firms should continue to look for ways to weave diverse representation into the fabric of their businesses.ConclusionWhile this year was plagued by unprecedented challenges and obstacles, the lessons we learned about technology and innovation over the year will help organizations and law firms survive and thrive in the future.To discuss any of these topics more, please feel free to reach out to me at SMoran@lighthouseglobal.com.1 In fact, attorneys already have an ethical duty (imposed by the Rules of Professional Conduct) to understand and utilize existing technology in order to competently represent their clients.ai-and-analytics; ediscovery-review; legal-operationscloud, information-governance, ai-big-data, blog, ai-and-analytics, ediscovery-review, legal-operations,cloud; information-governance; ai-big-data; blogsarah moran

Cut-off scores, seed sets, training rounds, confidence levels – to the inexperienced, technology assisted review (TAR) can sound like a foreign language and can seem just as daunting. Even for those legal professionals who have had experience utilizing the traditional TAR 1.0 model, the process may seem too rigid to be useful for anything other than dealing with large data volumes with pressing deadlines (such as HSR Second Requests). However, TAR 2.0 models are not limited by the inflexible workflow imposed by the traditional model and require less upfront time investment to realize substantial benefits. In fact, TAR 2.0 workflows can be extremely flexible and helpful for myriad smaller matters and non-traditional projects, including everything from an initial case assessment and key document review to internal investigations and compliance reviews.A Brief History of TARTo understand the various ways that TAR 2.0 can be leveraged, it will be helpful to understand the evolution of the TAR model, including typical objections and drawbacks. Frequently referred to as predictive coding, TAR 1.0 was the first iteration of these processes. It follows a more structured workflow and is what many people think of when they think of TAR. First, a small team of subject-matter experts must train the system by reviewing control and training sets, wherein they tag documents based on their experience with and knowledge of the matter. The control set provides an initial overall estimated richness metric and establishes the baseline against which the iterative training rounds are measured. Through the training rounds, the machine develops the classification model. Once the model reaches stability, scores are applied to all the documents based on the likelihood of being relevant, with higher scores indicating a higher likelihood of relevance. Using statistical measures, a cutoff point or score is determined and validated, above which the desired measure of relevant documents will be included. The remaining documents below that score are deemed not relevant and will not require any additional review.Although the TAR 1.0 process can ultimately result in a large reduction in the number of documents requiring review, some elements of the workflow can be substantial drawbacks for certain projects. The classification model is most effectively developed from accurate and consistent coding decisions throughout the training rounds, so the team of subject-matter experts conducting the review are typically experienced attorneys who know the case well. These attorneys will likely have to review and code at least a few thousand documents, which can be expensive and time consuming. This training must also be completed before other portions of the document review, such as privilege or issue coding, can begin. Furthermore, if more documents are added to the review set after the model reaches stability (think, a refresh collection or late identified custodian) the team will need to resume the training rounds to bring the model back to stability for these newly introduced documents. For these reasons, the traditional TAR 1.0 model is somewhat inflexible and suited best for matters where the data is available upfront and not expected to change over time (i.e. no rolling collections) so that the large number of documents being excised from the more costly document review portion of the project will offset the upfront effort expended training the model.TAR 2.0, also referred to as continuous active learning (CAL), is a newer workflow (although it has been around for a number of years now) that provides more flexibility in its processes. Using CAL, the machine also learns as the documents are being reviewed, however, the initial classification model can be built with just a handful of coded documents. This means the review can begin as soon as any data is loaded into the database, and can be done by a traditional document review team right from the outset (i.e. there is no highly specialized “training” period). As the documents are reviewed, the classification model is continuously updated as are the scores assigned to each document. Documents can be added to the dataset on a rolling basis without having to restart any portion of the project. The new documents are simply incorporated into the developing model. These differences make TAR 2.0 well suited for a wider variety of cases and workflows than the traditional TAR 1.0 model.TAR 2.0 Workflow ExamplesOne of the most common TAR 2.0 workflows is a “prioritization review,” wherein the highest scoring documents are pushed to the front of the review. As the documents are reviewed the model is updated and the documents are rescored. This continuous loop allows for the most up-to-date model to identify what documents should be reviewed next, making for an efficient review process, with several benefits. The team will review the most likely relevant, and perhaps important, documents first. This can be especially helpful when there are short timeframes within which to begin producing documents. While all documents can certainly be reviewed, this workflow also provides the means to establish a cutoff point (similar to TAR 1.0) where no further review is necessary. In many cases, when the review reaches a point where few relevant documents are found, especially in comparison to the number of documents being reviewed, this point of diminishing returns signals the opportunity to cease further review. The prioritization review can also be very effective with incoming productions, allowing the system to identify the most relevant or useful documents.An alternative TAR 2.0 workflow is the “coverage” or “diverse” review model. In this model, rather than reviewing the highest scoring documents first, the review team focuses on the middle-scoring range documents. The point of a diverse review model is to focus on what the machine doesn’t know yet. Reviewing the middle range of documents further trains the system. In this way, a coverage TAR 2.0 review model provides the team with a wide variety of documents within the dataset. When using this workflow for reviews for productions, the goal is to end up with the documents separated between those likely relevant and those likely not relevant. This workflow is similar to the TAR 1.0 workflow as the desired outcome is to identify the relevant document set as quickly or directly as possible without reviewing all of the documents. To illustrate, a model will typically begin with a bell-shaped curve of the distribution of documents across the scoring spectrum. This workflow seeks to end with two distinct sets, where one is the relevant set and the other is the non-relevant set.These workflows can be extremely useful for initial case assessments, compliance reviews, and internal investigations, where the end goal of the review is not to quickly find and produce every relevant document. Rather, the review in these types of cases is focused on gathering as much relevant information as possible or finding a story within the dataset. Thus, these types of reviews are generally more fluid and can change significantly as the review team finds more information within the data. New information found by the review team may lead to more data collections or a change in custodians, which can significantly change the dataset over time (something TAR 2.0 can handle but TAR 1.0 cannot). And because the machine provides updated scoring as the team investigates and codes more documents, it can even provide the team with new investigational avenues and leads. A TAR 2.0 workflow works well because it gives the review team the freedom to investigate and gain knowledge about a wide variety of issues within the documents, while still ultimately resulting in data reduction.ConclusionThe above workflow examples illustrate that TAR does not have to be the rigid, complicated, and daunting workflow feared by many. Rather, TAR can be a highly adaptable and simple way to gain efficiency, improve end results, and certainly to reduce the volume of documents reviewed across a variety of use cases.It is my hope that I have at least piqued your interest in the TAR 2.0 workflow enough that you’ll think about how it might be beneficial to you when the next document review project lands on your desk.If you’re interested in discussing the topic further, please freely reach out to me at DBruno@lighthouseglobal.com.ai-and-analytics; ediscovery-reviewtar-predictive-coding, blog, ai-and-analytics, ediscovery-reviewtar-predictive-coding; blogdavid bruno