Insight into where e-discovery, information governance cybersecurity, and digital transformation are heading – who is doing what now or in the future, what works and what doesn’t, and what people wish they could do but can’t – gleaned from recent publications
ABOVE THE FOLD
Relativity Fest Oct. 20-23 – Join us this fall at Relativity Fest in Chicago where my colleagues and I will be speaking on four sessions:
BDO knows CCPA – BDO’s California Consumer Privacy Act resource page enables privacy executives to stay abreast of the impending regulation and learn about overarching privacy and governance considerations in one convenient location.
ELECTRONIC DISCOVERY
Legal hold series – Brad Harris of Zapproved has published a five-part series on legal hold practices:
Predictive coding survey results – Rob Robinson published the results of his twice-a-year survey of predictive coding technologies and protocols. There were 100 responses (39 law firms, 37 service or software providers, 12 consultancy, 6 corporation, 3 government, and 3 other). Some of the findings are:
- 86% have at least one primary predictive coding platform; 14 % have no primary platform.
- 86% use active learning; 51% use only one predictive coding technology and 48% use more than one; and 1% do not use any predictive coding technology.
- Rob groups predictive coding into three categories: TAR 1.0, TAR 2.0, and TAR 3.0. 66% use TAR 2.0 workflows, 13% use TAR 3.0, and 12% use TAR 1.0
CYBERSECURITY & DATA PRIVACY
DoD released draft Cybersecurity Maturity Model Certification – Susan B. Cassidy, Samantha Clark, Ryan Burnette, and Ian Brekke of Covington reported that the Department of Defense’s Office of the Assistant Secretary of Defense for Acquisition released Version 0.4 of its draft Cybersecurity Maturity Model Certification for public comment along with an overview briefing. Cassidy et al. also gave their own overview of the current CCMC framework and discussed open questions and issues for contractors.
Cybersecurity alarms continue to ring for law firms – As reported in ABA News, at the American Bar Association Annual Meeting last month the push continued to raise awareness among lawyers and law firms about cybersecurity threats and the need for attorneys and firms to take necessary steps before an attack.
ISO 27001 recommended for law firms – Joseph Lamport of PinHawk posted his interview of Greg Spicer, CRO at Braintrace, in which Greg discussed the growing importance of information security management and option law firms have to register under ISO 27001.
COPPA Rule comment period ends Oct. 23 – Timothy Tobin, Laurie Lai, Catherine Essig, and Marco Peraza of Hogan Lovells posted a reminder that the Federal Trade Commission is taking public comments on the Children’s Online Privacy Protection Rule (“COPPA Rule”), in particular the effectiveness of the 2013 amendments. Comments are due Oct. 23.
Recent changes to U.S. state data breach notification laws – Caleb Skeath and Brooke Kahn of Covington offered a round up of amendments made to state data breach notification laws over the past several months, looking at Arkansas (HB1943), Illinois (SB1624), Maine (LD 696), New Jersey (S52), New York (S5575B), Oregon (SB 684), Texas (HB 4390), Virginia (HB 2396), and Washington (HB 1071).
Recently enacted biometric privacy legislation – Thomas F. Zych, Steven G. Stransky, and Brian Doyle-Wenger of Thompson Hine gave an update on existing and recently enacted biometric privacy legislation.
Enhanced Illinois data breach notification requirements – Joseph J. Lazzarotti, Jason C. Gavejian, and Maya Atrakchi of Jackson Lewis wrote that the Illinois governor signed into law an amendment to Illinois’ Personal Information Protection Act, SB 1624. The amendment, which goes into effect on Jan. 1, 2020, requires that if a data collector is required to notify more than 500 Illinois residents of a single data breach, the data collection also must notify the Illinois Attorney General’s office.
New Maryland Insurance Administration reporting requirement – Patrick H. Haggerty of BakerHostetler reported that the Maryland Insurance Administration has issued Bulletin 19-14, which informs insurers, nonprofit health service plans, health maintenance organizations, managed care organizations, managed general agents, and third-party administrators of a new security breach reporting requirement effective Oct. 1.
BEC insurance filings outpace ransomware and data breach ones – Catalin Cimpanu of ZD Net reported that according to AIG last year business email compromise has become the dominant reason companies filed cyber-insurance claims in the EMEA region (Europe, the Middle East, and Asia), surpassing ransomware and data breaches.
CCPA –
GDPR –
Getting ready for Brazil’s new data protection law – Mauricio F. Paez, Artur L. Badra, Guillermo E. Larrea 0f Jones Day and José Eduardo Pieri of Barbosa, Müssnich, Aragão offered guidance on preparing for the Brazilian General Data Protection Law, which goes into effect in August 2020.
Turkey extended Data Controller registry registration deadline – Ekin Inal of Norton Rose Fulbright wrote that the Turkish Data Protection Authority announced that the registration requirement under Turkey’s data protection legislation has been postponed for some data controllers until the end of the year.
LEGAL TECHNOLOGY & DIGITAL TRANSFORMATION
On law firm transformation more generally – Anders Spile of Contractbook suggested that law firms need to move from a fortress mentality to an open ecosystem model, one that includes legal tech incubators and similar initiatives.
ISO 27001 for law firms – Joseph Lamport of PinHawk posted his interview of Greg Spicer, CRO at Braintrace, in which Greg discussed the growing importance of information security management and option law firms have to register under ISO 27001.
E-DISCOVERY CASE LAW
Recent e-discovery decisions
8/6/2019 – In a case of first impression, the North Carolina Court of Appeals “address[ed] the contours of eDiscovery within the context of North Carolina common and statutory law regarding the attorney-client privilege and work-product doctrine.” Defendants appealed an order setting forth a protocol that would allow plaintiffs’ discovery expert access to a school’s entire computer system prior to any opportunity for defendants to review and withhold documents that were potentially privileged or otherwise immune from discovery. The appellate court held that the trial court abused its discretion by compelling production through a protocol that would provide plaintiff’s agent with access to ESI in a way that would preclude reasonable efforts by defendants to avoid waiving any privilege, and vacated the protocol order. The appellate court identified several ways in which the trial court could resolve the discovery dispute in light of the court’s decision: (1) employ a special master or court-appointed independent expert; (2) provide defendants with some opportunity to review keyword search hits before production to plaintiffs; and (3) order that any documents produced under the protocol be treated as confidential and subject to a clawback without waiver of any privilege or work-product immunity. Crosmun v. Trustees of Fayetteville Technical Community College, No. COA18-1054 (N.C. App. Aug. 8, 2019).
8/7/2019 – U.S. District Judge Timothy Brooks granted plaintiff’s motion for relief regarding spoliation. Defendant, a deputy, used his personal cell phone to take photos of plaintiff and his injuries, pursuant to standard operating procedures at the time. The photos were used in the resulting investigation of the incident. Contrary to apparent usual practice, the photos were either never uploaded into the jail’s internal incident reporting system or were updated and then were subsequently misplaced or deleted. Either way, they were not produced during discovery. Plaintiff claimed the evidence was intentionally destroyed or make unavailable to him by defendant and requested an adverse inference instruction. The Court granted the motion for sanctions, based on defendant’s lack of candor in the discovery process and repeated failure to answer plaintiff’s discovery requests. Wilmoth v. Deputy Austin Murphy, No. 5:16-CV-5244 (W.D. Ark. Aug. 7, 2019).
8/14/2019 – U.S. Chief District Judge G. Murray Snow granted in part and denied in part plaintiff’s motion for sanctions. Plaintiff was arrested and brought an action alleging excessive force. Plaintiff sought spoliation sanctions, arguing that a non-party city allowed the automatic deletion of video footage automatically captured by the cameras in various officers’ vehicles and as a result violated a duty to preserve evidence. The Court found that there was evidence that the police units had recorded relevant footage whose loss would have prejudiced plaintiff; that the non-party city, which is paying for defendant’s legal representation and will indemnify him for any judgment entered against him, had a duty to preserve the footage but failed to do so; and that the spoliation can be imputed to defendant. The Court ordered that (1) the jury will hear evidence concerning the potential existence of video footage, (2) the jury will be instructed that it may consider that evidence, (3) the jury will be instructed that if it finds defendant intended to deprive plaintiff of use of the footage it may infer that the footage would have been favorable to plaintiff, but (4) declined to give the instruction requested by plaintiff as the question of intent will be submitted to the jury. Woods v. Scissons, No. CV-17-08038-PCT-GMS (D. Ariz. Aug. 14, 2019).
ANNOUNCEMENTS
ADDITIONAL ARTICLES
UPCOMING EVENTS
Conferences, webinars, and the like can provide insight into where e-discovery, information governance cybersecurity, and digital transformation are heading
9/12/2018-10/11/2019 EVENTS
--> Scroll to see full table data
Start |
End |
TZ |
Type |
Location |
Host |
Title |
9/12/19 8:30 AM |
9/13/19 2:30 PM |
CEST |
Conference |
Surrey, UK |
ALM |
Corporate Counsel Forum Europe |
9/12/19 9:30 AM |
9/12/19 3:00 PM |
ET |
Conference |
Columbus, OH |
ACEDS |
ACEDS Ohio Chapter: eDiscovery in Ohio – An Education Event for Litigators and Support Professionals |
9/12/19 2:00 PM |
9/12/19 3:00 PM |
ET |
Webinar |
|
Unilytics |
Data Storytelling in Tableau |
9/12/19 4:30 PM |
9/12/19 6:30 PM |
CT |
Meeting |
Dallas, TX |
ACEDS |
ACEDS Dallas Chapter: Back to School – Lessons on the EDRM |
9/15/19 9:00 AM |
9/17/19 9:00 PM |
PT |
Conference |
Huntington Beach, CA |
Nuix |
Nuix User Exchange |
9/16/19 10:00 AM |
9/16/19 11:00 AM |
ET |
Webinar |
|
Relativity |
What’s New in RelativityOne: Goatsbeard Release |
9/16/19 1:00 PM |
9/16/19 2:00 PM |
ET |
Webinar |
|
Husch Blackwell |
CCPA Update: Learn What Bills Passed the California Legislature |
9/17/19 8:00 AM |
9/19/19 3:30 PM |
CT |
Conference |
Chicago, IL |
Zapproved |
PREX 2019: Actionable Strategies for In-House Ediscovery |
9/18/19 |
9/19/19 |
CEST |
Conference |
Munich, Germany |
IAPP |
IAPP Data Protection Intensive: Deutschland 2019 |
9/18/19 8:30 AM |
9/19/19 1:00 PM |
ET |
Conference |
Montreal, Canada |
The Sedona Conference |
2019 Midyear Meeting of Working Group 11 |
9/18/19 10:00 AM |
9/18/19 12:00 PM |
ET |
Meeting |
Minneapolis, MN |
IAPP |
How Much PII is TMI? Designing for Privacy in a World of AI, IoT, and Big Data |
9/18/19 11:30 AM |
9/18/19 12:15 PM |
ET |
Webinar |
IAPP |
Concept Searching |
Digital Waste and Dumpster Diving – Driving Down the Costs |
9/18/19 1:00 PM |
9/18/19 2:00 PM |
ET |
Webinar |
|
ACEDS |
A New Approach for a Faster Document Review Workflow |
9/18/19 1:00 PM |
9/18/19 2:00 PM |
ET |
Webinar |
|
Valora Technologies |
Enriched Metadata Creation/Tagging |
9/18/19 1:00 PM |
9/18/19 2:15 PM |
ET |
Webinar |
|
CloudNine |
Thinking Like a Millennial in eDiscovery |
9/18/19 3:00 PM |
9/18/19 4:00 PM |
ET |
Webinar |
|
ZyLAB |
A Practical Approach to Redaction |
9/19/19 8:00 AM |
9/19/19 5:15 PM |
BST |
Conference |
London, UK |
The Masters Conference |
Disclosure Is Always Changing When It Comes To Privacy, Cybersecurity, And Artificial Intelligence. |
9/19/19 8:30 AM |
9/19/19 4:30 PM |
BST |
Conference |
London, UK |
Hogan Lovells |
All-Day Workshop: Privacy and Cybersecurity KnowledgeShare |
9/19/19 9:00 AM |
9/19/19 4:00 PM |
ET |
Conference |
New York, NY |
TetherView |
Cyber Security Summit 2019 |
9/19/19 11:30 AM |
9/19/19 9:00 PM |
ET |
Conference |
Boston, MA |
ACEDS |
ACEDS New England Chapter: E-Discovery Education Day – Legal Technology Education & Sunset Cruise |
9/19/19 1:00 PM |
9/19/19 6:30 PM |
ADT |
Conference |
Halifax, Canada |
Epiq |
Atlantic Coast Legal Innovation and Technology Roundtable |
9/19/19 2:00 PM |
9/19/19 3:00 PM |
ET |
Webinar |
|
ACC |
Preparing for the California Consumer Privacy Act: Lessons Learned So Far |
9/19/19 2:00 PM |
|
ET |
Webinar |
|
DATAVERSITY |
Stay Non-Invasive in Your Data Governance Approach |
9/19/19 6:00 PM |
9/20/19 5:30 PM |
CT |
Conference |
Minneapolis, MN |
CLEF |
Complex Litigation E-Discovery Forum |
9/23/19 |
9/25/25 |
PT |
Conference |
Las Vegas, NV |
IAPP |
Privacy. Security. Risk. 2019 |
9/23/19 8:30 AM |
9/24/19 12:45 PM |
CEST |
Conference |
Madrid, Spain |
ERA |
Investigating Web 2.0 |
9/24/19 |
9/25/19 |
CT |
Conference |
Houston, TX |
Today’s General Counsel |
The Exchange eDiscovery |
9/24/19 1:00 PM |
9/24/19 2:00 PM |
ET |
Webinar |
|
ACEDS |
The State of E-Discovery 2019 |
9/24/19 1:00 PM |
9/24/19 2:00 PM |
ET |
Webinar |
|
Above the Law |
Choosing the Right AI Practice Tools: Transactional and Litigation Use Cases |
9/24/19 2:00 PM |
9/24/19 3:00 PM |
ET |
Webinar |
|
ACC |
Driving Down the Cost of Ediscovery: a PREX Presentation |
9/24/19 4:00 PM |
9/24/19 5:00 PM |
BST |
Webinar |
|
ACEDS |
How Automating eDisclosure with Audio, Video & Native Document Translations Saves Time and Money |
9/25/19 |
|
CT |
Meeting |
Dallas, TX |
ACEDS |
*Save the Date* ACEDS Dallas Chapter Q3 Event |
9/25/19 7:45 AM |
9/26/19 3:30 PM |
ET |
Conference |
New York, NY |
Corporate Counsel |
General Counsel Conference 2019 |
9/25/19 11:00 AM |
|
ET |
Webinar |
|
Cellebrite |
Digital Data: Accessing the Latest iOS & Android Devices for Investigations |
9/25/19 12:00 PM |
9/25/19 1:00 PM |
ET |
Webinar |
|
ILTA |
Debunking the Top Ten Myths of Document Review |
9/25/19 1:00 PM |
|
ET |
Webinar |
|
XDD |
New Notifications: Updates on Social Media in eDiscovery |
9/25/19 3:00 PM |
9/25/19 4:00 PM |
ET |
Webinar |
|
ZyLAB |
A Practical Approach to Redaction |
9/26/2019 |
9/27/2019 |
ET |
Conference |
Washington, DC |
Duke Law Bolch Judicial Institute |
Developing GDPR Compliance Code and Implications for California Consumer Privacy Act Practices |
9/26/19 |
|
ET |
Conference |
New York, NY |
Consero |
Corporate Litigation & Investigations Executive Roundtable |
9/26/19 8:00 AM |
9/26/18 5:00 PM |
CT |
Conference |
Houston, TX |
WiE |
WiE Houston: Legal Technology Showcase & Conference |
9/26/19 8:30 AM |
|
BST |
Meeting |
Birmingham, UK |
Ankura |
The Future of Litigation: Innovation and Affordability |
9/26/19 2:00 PM |
9/26/19 3:00 PM |
ET |
Webinar |
|
ACC |
Emerging Trends and Hot Topics in eDiscovery |
9/26/19 2:00 PM |
|
ET |
Webinar |
|
DATAVERSITY |
Self Service BI & Analytics: Architecting for Collaboration |
9/26/19 5:30 PM |
9/27/19 4:15 PM |
ET |
Conference |
Detroit, MI |
ACEDS |
4th Annual ACEDS Detroit Symposium/Midwest eDiscovery Conference: “To eDiscovery and Beyond” |
9/29/19 |
9/26/19 |
CT |
Conference |
Chicago, IL |
Today’s General Counsel |
The Exchange Compliance and Ethics |
9/30/19 |
10/2/19 |
CT |
Conference |
San Antonio, TX |
Comexposium |
Techno Security & Digital Forensics Conference |
9/30/19 8:30 AM |
10/1/19 12:15 PM |
CEST |
Conference |
Zagreb, Croatia |
ERA |
Computer Forensics in Legal Proceedings |
10/2/19 8:00 AM |
10/2/19 4:45 PM |
ET |
Conference |
New York, NY |
Bloomberg Law |
In-House Forum East |
10/2/19 12:30 PM |
|
CEST |
Webinar |
|
University of St.Gallen |
Which business models may be subject to the GDPR in Switzerland? |
10/2/19 1:00 PM |
10/2/19 2:00 PM |
ET |
Webinar |
|
CCBJ |
Data Privacy Implications of Cloud-Based Social Collaboration Apps |
10/2/19 5:30 PM |
10/2/19 9:00 PM |
BST |
Meeting |
London, UK |
ACEDS |
ACEDS UK Chapter: Disclosure Pilot – 10 Months in |
10/3/19 1:00 PM |
10/3/19 2:00 PM |
ET |
Webinar |
|
Today’s General Counsel |
California’s New Privacy Law: Four Bet-The-Job Questions for GCs |
10/3/19 1:00 PM |
10/3/19 2:30 PM |
ET |
Webinar |
|
Strafford |
E-Discovery and Spoliation Issues: Litigation Pitfalls, Duty to Preserve, and Clawback Agreements |
10/8/19 2:00 PM |
|
ET |
Webinar |
|
DATAVERSITY |
Data Quality Success Stories |
10/9/19 7:00 AM |
10/9/19 4:30 PM |
CT |
Conference |
Minneapolis, MN |
Optiv |
OptivCon Minneapolis |
10/10/19 1:00 PM |
10/10/19 2:00 PM |
ET |
Webinar |
|
MER |
A Global Privacy Review |
10/10/19 1:30 PM |
|
ET |
Webinar |
|
ABA |
Construction & Data Privacy Regional CLE Program |
10/11/19 |
|
BST |
Conference |
London, UK |
Artificial Lawyer |
Legal Innovators |
--> Scroll to see full table data