The Hills Are Alive With the Sound of E-Discovery???

By Cary J. Calderone, Esquire

Still available on Amazon!

It is the Christmas season.  Those of us involved in DRED Law wish you and yours the happiest of holiday seasons.  Along with many of the more important traditions that occur, this time of year brings television repeats of classic movies like The Sound of Music.  For the past few years, I could not help but think of e-discovery while watching parts of this movie.  Now, I am not obsessed with e-discovery and data law. I promise you.  However, a few scenes from the movie explain in most vivid detail just why the EU has a very different attitude and set of rules towards email and other information that may reveal a user's personal identification.  So, this post is for all of you who are not aware, or, are uncertain as to why the EU Data Protection Act is far more strict and penal in attempting to protect personal privacy at work.  Let's see if these bits of dialogue from the movie validate my point and perhaps give you an idea of who, is to blame.  Take, for example:

Rolf to Lissel when delivering a telegram for Captain Von Trapp- “We make it our business to know everything about everyone.”  

Or, dialogue from Heir Zeller-“You were sent a telegram which you did not answer.  A telegram from Admiral Von Schreiber of the navy of the 3rd Reich.”
Captain Von Trapp “I was under the impression Heir Zeller that the contents of telegrams in Austria are private!  At least the Austria I know.”

The reasons should now be clear.  Once we in America understand the origins of the EU Data Protection Act, it will be easier to put in the systems and policies  necessary to better comply with the rules.  We will follow-up this holiday post in the new year with a more detailed explanation of the EU Data Privacy rules courtesy of a terrific breakout session run by Amor Esteban and William Kellermann.    Until then, if you are frustrated and angry with the challenge of navigating US Data rules and EU Rules at the same time, take heart.  You are not alone.  We can all just blame the Nazis...

Happy Holidays

Churchill Club Presents The Big Data Effect

Copyright © 2011  Cary J. Calderone

Is Big Data being over-hyped?  "I certainly hope not" was Ping Li's heartfelt response to moderator Michael Chui's question to the panel (bios below).  Li's firm,  Accel Partners, made a splash in the news recently by announcing the creation of a 100 million dollar fund for investments in Big Data.   The Churchill Club panel members each gave their own interpretations of the Big Data Effect. They emphasized that Big Data was not just about  the volume of data, but how it could be researched, extracted, and analyzed.

Big Data-Not Just Big Storage Or It May Be A Big Headache

Copyright © 2011 Cary J. Calderone Esq.

Time to give the busy professional's definition of the latest technology buzz phrase, "Big Data."  In brief, it is about being able to process and mine very large amounts of data (even petabytes) for business intelligence.  Big Data indexing and database technologies, like Hadoop and NoSQL allow for distributed processing that previously was impossible with standard table-based relationship databases.  However, too many short-term thinkers will try to implement a Big Data strategy by doing nothing more than keeping everything they can and figuring it out later.  This approach is fraught with Big danger.

CEO Bans Email-Maybe Email Really Is Dead

Atos Headquarters Location at Lago Maggiore

A few weeks back I pointed out to DredLaw readers ways that new technology would be superior to email. (Link to article)  Now here is a European company, Atos, that is banning employees from using email to communicate with fellow employees (Link to article) and for precisely the same reasons mentioned.  They will be using new collaborative tools and instant and video messaging as alternatives.  While I applaud the effort, they will have to be very careful with their data retention and privacy programs.

The C-Level Nightmare-Do You Know What You Do Not Know?

Copyright ©  Cary J. Calderone 2011

Is this your CEO, CTO, or, General Counsel?

This post goes out to all those C-Levels who have not approved pro-active information management and DRED work because, "they can just search and find what they need when they have to."  For almost any attorney or e-discovery professional with experience, this cavalier attitude causes a  LOL moment.   We also call this approach, "head in the sand," or sometimes, "ignorance is bliss...until it's not."   After the 9-11  attacks, when the Department of Homeland Security was created, I remember Secretary of Defense, Donald Rumsfeld, speaking about 3 things: 1)  What you know as fact,  2)  What you do not know but can research and discover and, 3)  What you do not know, you do not know.  C-Levels who think they will just find what they need, when they have not tested their approach under the threat of pending litigation, are in the last category.  They do not know, what they do not know.   Not convinced?  Then please consider these items:

Coming to a Law School Near You- eDiscovery Class 101

Professor Rick Marcus

Copyright © 2011 Cary J. Calderone

A few weeks ago, I had the pleasure of attending a Hastings College of the Law alum event where Diane Gibson, a prominent San Francisco litigator with Squire Sanders et al., and UC Hastings Professor Rick Marcus, presented, E-Discovery and Preservation.  There was some good DRED news.  For an alumnae event, this was very well attended.  There were over 100 people who showed up because they were interested in learning about E-Discovery.  The bad news was that when Professor Marcus, a principal drafter of the 2006 E-Discovery amendments to the Federal rules, polled the audience to find out who had heard of FRE 502 (critical for protecting privileged material from accidental disclosure) only myself and three others raised their hands.  Scary!  During the lecture and the Q&A afterword, we heard about many of the interesting E-Discovery and preservation issues, and what the Advisory Committee is considering for future amendments, but for me, the most important item was that Professor Marcus will, for the first time, be teaching Hasting's E-Discovery class in the spring of 2012.

New Facebook Privacy Settings-Are You Now A Publisher Or A Public Figure?

Copyright © 2011 Cary J. Calderone

This calls for a quick overview of Libel Law 101.   A publisher has standards for accuracy or else they can be sued for defamation and other things (see Description at Student Press Law Center).  There are things you can do to limit your exposure to legal action, by following certain protocols and guidelines.  For example, you have heard the phrase, "the truth is an absolute defense."  This may save you from a legal action for libel.   But, unfortunately, sometimes publishing the "truth" can expose you to other legal claims, like invasion of privacy.  This is especially so when the items published are, in fact, true, and perhaps, a tad unsavory.  However, there may be a defense for that too, if you happen to publish these unsavory truths about a public figure.   Public figures are pretty much considered fair game, or, at least at a level where even if you publish something about them, even with some non-truths or inaccuracies, you will be held to a more lenient standard.   At this point you may be a bit confused by this area of law and are thinking that you would never consider yourself a publisher anyway?  You don't even have a blog.   So why worry?  No reason, unless you happen to be on Facebook or another Social Media site and have a lot of friends, followers, or the newly created category of "Subscribers."

"ISSA: Emails Prove Holder Knew" and Other DRED Headlines

Sometimes a headline can be a DRED story in and of itself.  Today, while browsing the internet, I saw a headline that said "Issa: Emails Prove Holder Told About Fast And Furious."   I could not help noticing how frequently we see those two words, emails and prove, together in a headline?   By Googling "emails prove" it came up with 45,900 results.  The list included story headlines with names like, Eric Holder, President Obama, Sarah Palin, Mark Zuckerberg and British Petroleum-and that was just on the first page of results.  Do you still think it is acceptable to treat your email as non-records, non-information, and, nonchalantly?

E-Discovery-Shall we do it ourselves or outsource? The answer is, Yes

Copyright © 2011 Cary J. Calderone

Sometimes customers and prospects can ask me difficult questions.  The question on whether to in-source or outsource E-Discovery is an easy question.  The answer is, Yes.  There is no company, or law firm, no matter how large or small, that should do all or none of their E-Discovery themselves.  Where should you draw the line between the two?  Now, that is a more challenging question.  Here are three factors to consider when deciding:

Social Media Governance-5 Reasons New Technology Applications Are Better Than Email

Copyright © 2011 Cary J. Calderone

DredLaw readers know I have mentioned the trend towards using "New Technology" like social media and social enterprise applications, in business.  Rypple and Yammer were developed for business use and even Twitter, Facebook, LinkedIn, and Google Plus, are a common consideration for any company looking to market on the internet.  Companies are using social style Wikis to manage internal projects.  To be sure, I have warned readers about the need to have policies and procedures as a safeguard so their companies can use these New Technology applications in accordance with good data management and DRED practices.  But, this post will focus on some of the positives and comparative benefits of using these newer applications.  Yes, there are still potential pitfalls to social applications in business.  However, when compared to old email policies and practices, social-style applications have the potential to be a tremendous improvement to your organization's computer communications practices, and here are 5 reasons why:

eDiscovery Retreat-Laura Zubulake-Lessons from THE plaintiff

by Cary J. Calderone

One highlight at the Carmel eDiscovery Retreat, was hearing from THE plaintiff Laura Zubulake.  Zubulake v. UBS Warburg LLC., 217 F.R.D. 309(S.D.N.Y. 2003) is a seminal case and is the foundation for many other discovery decisions and even modifications to discovery procedure rules.  Rules were modified so they could be better applied to electronic media and computers.  Now I have to admit, I was like many attorneys who assumed that some very smart lawyers had recognized the value in searching defendant UBS's emails for evidence of wrongdoing.  But, that is not how it happened.  Laura was actually the one who insisted her attorneys demand production of emails because she KNEW the defendant had not done a reasonable job in producing the relevant materials in their possession or control.  The end result?  A $29.2 million dollar jury verdict in her favor.  As Laura noted, Electronically Stored Information (ESI) and email in particular, is "like DNA evidence for trials!"

Carmel Valley eDiscovery Retreat-Great debut!

Nearby Asilomar Beach

When Chris La Cour invited me to attend the inaugural Carmel Valley eDiscovery Retreat I was a little hesitant to accept.  I have attended many legal technology, legal education, and eDiscovery shows, both as a speaker and blogger, so I expected an inaugural event to be, well, not very good.  I was wrong.  This event ran as smoothly as any conference I have ever attended.  The panels of legal and judicial speakers were top notch, up to date, and the setting was spectacular.   There were no problems with audio, acoustics, or scheduling.  The event was well-attended but there was ample comfortable seating and spacious meeting areas to interact with other attendees.  I am not alone in my praise.  I heard quite a few other attendees lauding the venue and agenda.  Some of the speakers really shared some valuable eDiscovery lessons.  Here are just a few of the comments:

Facebook is now totally Ryppled! And, what that may mean for future eDiscovery

Copyright 2011 Cary J. Calderone

A few weeks after commenting on Facebook's latest big lawsuit and the email evidence involved, I mentioned how a product like Rypple, may effect a company's data retention practices (link to post).  Now that Facebook has announced they are using Rypple, I cannot help but wonder how future discovery requests in a lawsuit may have to differentiate between a "Like" designation and a "Thumbs Up" or, a Smiley Face?  You can just imagine a cross-examination in court:  "Isn't it true Mr. Boss, on this project you gave the former Disgruntled Employee, not one, but TWO Smiley Faces and a Thumbs Up!!!"   "Let's bring up the digital display so the jury can see the Smiley Faces."   Will the evidence of Smiley Faces be in native or some other format?  Do we care?  We should, and here's why.

The ROI of eDiscovery? Why not just calculate the ROI of a good night's sleep

I have seen so many articles that attempt to sell the purchase of large eDiscovery tools with a Return On Investment analysis. The resulting magic formula always shows just how much money a customer can save in an average legal matter. And yet the ROI cannot be very compelling. With the exception of one General Counsel of an international enterprise software provider (kudos Kim), I have never been hired by a company that had not already been “tagged” in a litigation matter for big bucks. And, by tagged, I mean that they were sanctioned for discovery failures or, they realized they could not collect their data to mount a defense and had to settle the case. So, my argument is, it may be more effective and productive to calculate the ROI of a good night's sleep. Let me explain.

Social Network Applications Coming To Your Business-Will there be a Rypple effect?

Here's a scoop. Companies like Rypple are making “Facebook-style” applications to be used in your business. The Wall Street Journal Digital Edition has an excellent article by Dr. Terri Griffith on this phenomenon. ( full article) With over 600 million users on Facebook and LinkedIn combined, people around the globe now understand the power of status updates, and sharing comments, pictures, and videos, instantly online. Social business applications use an underlying philosophy of open and easy information exchange and are applying it to personnel matters, project management, and collaborative learning and team innovation. I mentioned these new social-style tools recently in a DRED meeting with a CEO, a corporate counsel, and 3 department managers who were in charge of data compliance, and the response was unanimous...”UGH!” How could they possibly manage all this data? But it doesn't have to be so bad and in fact, if implemented properly, these social business tools may actually improve the way your company manages your electronically stored information.

Need More Justification to Update Your Data Retention Policies? Here are a few benefits, on the side...

An article on today's San Francisco Chronicle's website, SFGate.com, covers a computer mishap with the Division of Emergency Services. When their main computer system lost internet connectivity this past New Years, they discovered they could not switch over to a backup system because...(drum roll please)...no one had the password to get in. Only one person knew the password, and they were not on duty! Now why is this related to DREDLaw? Because in every company, as a part of the usual DREDLaw Assessment process, we have uncovered problems and potential problems related to Information Management and Governance.

Did You Keep or Delete Those Emails? Mark Zuckerberg of Facebook has to be wondering

Very interesting new allegations in a lawsuit against Mark Zuckerberg, the founder (or at least a founder) of Facebook. (article here) Allegedly, new emails introduced show that Paul Ceglia may have been promised 50% ownership of Facebook. The emails being introduced as new evidence are from 2003. Could you defend or prove a claim from that many years ago? Not sure? Well, then my suggestion would be to avoid taking the approach that email can just be deleted quickly. In fact, quit thinking of email as simply email. IF you have not already done so, it is time to realize that your email may be a contract, a modification, or some other written legal instrument.

What Arnold Palmer and Jack Nicklaus Can Teach Us About eDiscovery

Tweet

by Cary J. Calderone   

It's Masters week. As every golf fan knows, it is the first major tournament of the year and for even the casual golfer, a reason to watch some golf on television and daydream about hitting the links soon. As I watched Arnold Palmer and Jack Nicklaus hit the ceremonial "first tee shots" to start the tournament I recognized a golden opporunity to push for you and your organization to improve your company, and specifically, your eDiscovery response capabilities. The inspiration came to me when I realized that the pre-shot routines of these two golf legends were the same as when I watched them as a young child about forty years ago. Can thinking about this really help you promote better DRED in your organization? Absolutely! And here is why.

Who are you talking to? Who's your geek....

by Cary J. Calderone

For this post, we will once again look at differences between attorneys and IT people and describe those times when a technology consultant might be more help than your lawyer. As DredLaw readers have learned, on legal points, your lawyer is the final word. But, when it comes to organizing and managing your computer data, is your legal department or law firm the best source of advice? Although I have a unique background with both law and technology experience, most lawyers do not. As one frustrated attorney told me, "They do not teach computers in law school." At a recent Legal Roundtable a speaker started to rave about a "new" product, Index Engines, (covered here) that could really help pull relevant e-discovery from backup tapes, without having to restore the entire tape. Sounds great but, "new?" I mentioned it on this blog in the summer...of 2008, almost 3 years ago. It is not even "newish" technology. When I mentioned this to the speaker he claimed, "It is new technology to this crowd."

The Hype About Cloud Computing is Wrong! John Hagel Explains Waves of Disruption at Cloud Connect

Tweet

by Cary J. Calderone

This week was my first time visiting the Cloud Connect event in Silicon Valley. The event offered a great selection of tracks and speakers. Some speakers came from established companies that are trying to be leaders in the Cloud (Microsoft, Amazon), and others came from new Cloud companies.   Opinions and projections were delivered in a variety of formats. For example, unlike typical single-speaker Keynotes, Tuesday included 10 different speakers, most of whom gave quick 10-minute presentations.   The Wednesday Cloud Industry Summit presentation by John Hagel (another bio), one of the most respected technology thought leaders in the history of Silicon Valley, had no PowerPoint slides, and lasted only 20 minutes.   But that was plenty of time for Mr. Hagel to explain the disruptive nature of the Cloud and to make his most important point.  He believes the current "hype" about the Cloud is wrong.   "We have underestimated the impact!"

Location and Privacy. Say what you do and do what you say

Tweet
by Cary J. Calderone

I had the pleasure of attending an event sponsored by the Churchill Club on Location and Privacy, Where Are We Headed? The panel members (listed below) represented a diverse group of very knowledgeable people connected to privacy law. They ranged from attorneys and privacy officers working for location based social networking companies, to a representative from the FTC concerned with regulating the players. After listening to the very interesting discussion can I provide a quick summary of the law for you? Not really. This is because the law is in flux and not very settled. Here is a video of part of the discussion on finding a balance between usefulness and safety.
Even the FTC has requested comments on its Proposed Framework for Businesses and Policymakers because they realize they may need more information to determine how technology can help or hurt their efforts to inform and protect consumers. With constant innovations to location-based technology, it will be even more challenging, but there are things you can do to be better prepared.

Legal Tech 2011: An Overview

by Cary J. Calderone

I am tempted to summarize this show and call it, "the year of the canceled flight."  Having to return from an airport because your flight has been canceled due to snow is an inconvenience anyone who travels hates.   Having it happen twice during the same business trip?  Priceless!   I cannot blame my bad luck with snowstorms on Legal Tech, but I will add another big plus in the pros column for attending Virtual Legal Tech and those conferences that are closer to home, like Legal Tech West.  In spite of my bad luck with travel the show did not seem to suffer an attendance drop and had quite a few interesting items.  Here are a few:

Interesting panels

Proactive Information Governance to Reduce the Pain of eDiscovery

A Game Show:  Top Concerns of the General Counsel
Cloud, SharePoint and Social Media:  Discovery on the Next Data Frontier
Toys and Tools:  How the Latest Technology is Changing How Lawyers Lawyer
Plenary Session:  A View from the Bench


In future posts I will share details of some of the great lessons taught during these panels.

Product Shouts
Autonomy-After spending 30 minutes looking at updates to the product I walked away more impressed than ever and I believe I understand one of the main reasons they have been selling so well.  There is almost always a trade-off with software.  Either you get powerful and feature-rich or, you get easy to use.  This product is an end-to-end eDiscovery solution and yet it feels as though anybody with a basic understanding of what they want to do, and 5 minutes to learn some basic things, can use it and be productive.  The User Interface (UI) is incredibly straight-forward and easy to follow.  It puts a lot of information in front of a General Counsel, or legal assistant, and gives them a fantastic way to perform early case assessments or other parts of the EDRM.
The other product that impressed me was Bloomberg Vault.  They have data management and retention functionality built in to their cloud solution.  This kind of functionality was an afterthought with many cloud providers who just offered space and perhaps an email application.  It never made any sense to me that so many Cloud providers offered storage or applications without much, if any, additional data management capabilities or compliance tools.   It seems like a big plus to help justify moving your data to the clouds.  As a newcomer to this space, they are using their background in the highly regulated financial arena, and the extra attention to staying compliant by managing electronic information, and offer this same capability to non-financial customers.   I like what they say:

Bloomberg Vault features for e-discovery, records retention, and legal hold allow companies to manage retention with customized policies, as well as support e-discovery processes quickly and cost-effectively. They also ensure a traceable chain-of-custody, and help avoid inadvertent deletion of potentially responsive data."   

My Favorite Keynote
Michael Rogers-A Look at the Law: 2020: A Radical Perspective on how Technology will Shape the Legal Industry 10 years from Now. Will you be Ready?   Just like in 2010, where I went in wondering if futurist Malcolm Gladwell would make any critical observations on the law and technology, and was amazed, I was very happy I attended the Michael Rogers talk.  Hint, hint-look at how WebMD.com and other health web portals have changed medical diagnosis and understanding.   Social knowledge transfer will play a significant role in the legal profession.  

My last comment is that if you did not attend, you would not believe just how much "eDiscovery" dominated at Legal Tech.  A quick review of the exhibitors and panel sessions should leave no doubt that eDiscovery is what people think is important.  The market has spoken and the vendors have responded.  There were more eDiscovery service and product vendors than any other and by a wide margin.  This is good news for you and your DRED projects as the products have matured and there is a much better understanding of how to be prepared for litigation in this age of electronic data.   The downside is that I don't get to see as many new and interesting products.

More Legal Tech 2011 posts to follow...

Up In the Cloud and the Risk from the Other Guy's Mistakes

by Cary J. Calderone

Today I listened to Dr.Herbert Thompson speak about Security and Privacy Issues in the Cloud and one of his points really hit home. One of the factors to consider when weighing your move to the Cloud is the data security on your network versus the data security of your Cloud provider. Frequently, the Cloud provider's dedicated team and latest technology will be much better than anything your company could afford to employ. However, there is another real security threat to your Cloud computing.  What about the other guy?  If another Cloudy in your Cloud gets hacked, can it affect your service?  Yes, and here is why.


In prior posts, we discussed potential slowdowns that occur when your fellow Cloudys over-burden your Cloud.  I have witnessed Cloud slowdown first-hand simply because the Cloud provider was uploading the data for a new customer.  Now, what if that new customer gets hacked with something like a DOS (denial of service) attack?  In a DOS attack a virus causes the network server to keep cycling on the virus-chosen activities, like sending and receiving fake emails.   The virus replicates and grows and continues the process until the server slows down and/or crashes.   In the past, when another company got hacked, it probably did not affect your company network.   However, if the unfortunate hack victim is on your Cloud, it may very well affect you and your network.

This is great example of a not-so-obvious risk to consider when selecting a provider for your move to the Cloud.  Do they have provisioning controls?  Do they have bandwidth vulnerability?  In short, can they protect you from the other guy's mistakes?