Following a special roundtable event in the Asia Pacific region, organised by information management specialist Nuix and e-law, Computerworld Malaysia asked visiting expert, Washington D.C. based Jason R Baron, who is Counsel in Information Governance and eDiscovery Group at Drinker Biddle & Reath LLP, for his views on how businesses and in-house counsel can better manage digital information to reduce risk, increase productivity and achieve more efficient and cost-effective responses to eDiscovery requests.
He is also Co-Chair of the Information Governance Initiative, a consortium of industry and thought leaders in the IG space, and previously served as the first appointed Director of Litigation at the U.S. National Archives and Records Administration, and prior to that as a trial attorney and senior counsel at the U.S. Department of Justice. He continues to serve on the Adjunct Faculty of the University of Maryland's College of Information Studies, where he teaches a graduate level seminar on eDiscovery.
Photo - Jason R. Baron, Counsel in Information Governance and eDiscovery Group, Drinker Biddle & Reath LLP, Washington D.C.
What are the latest developments in e-Discovery and Information Governance practices in the U.S and how do these affect businesses around the world?
The latest developments in e-Discovery certainly include a series of cases on predictive coding and analytics which have been handed down in the last two years since the landmark case of Da Silva Moore v. Publicus Groupe (S.D.N.Y. 2012). In Da Silva Moore, U.S. Federal Magistrate Judge Andrew Peck announced that in his court "predictive coding" - the use of machine learning techniques as an aid in e-discovery document review - would be viewed as acceptable. A dozen or so published cases since Judge Peck's decision have similarly recognised lawyers' use of predictive coding as a means of reducing the costs and burdens of discovery.
In the past year, some of us have been additionally highlighting how these same sort of smart algorithms can be used in the information governance space - as a means to do a smarter job of categorising and remediating data, and in a variety of business intelligence ways.
My predictions all concern how smart analytics will transform legal practice in the future, as expressed in the above article. For an overview of these latest developments, please see "Finding the Signal in the Noise: Information Governance, Analytics, and the Future of Legal Practice," a law review authored by Bennett Borden and myself in the Richmond Journal of Law and Technology (2014), available at www.jolt.richmond.edu
How is the global expansion of companies and the increasing use of overseas cloud storage impacting on the legal industry in terms of Information Governance and e-Discovery?
Let me talk about cloud issues first. Cloud storage is here to stay, but few institutions are applying optimal information governance practices when deploying cloud solutions. In other words, everyone wants to "jump" to the cloud in putting up data sets, including especially email, but what is needed is that the right team is in place advising on legal and information management issues before "the fix is in" in terms of buying into any particular cloud platform.
CIOs, CTOs, and other C-suite champions of cloud deployment need to spend serious amounts of time with lawyers, records professionals, and executives in key lines of business to map out how records and information management, and access considerations, will be met and embedded in a given cloud architecture.
It is of course more and more true that a global expansion of companies is taking place, raising novel and interesting cross-border issues, especially but not limited to considerations of conflicting privacy regimes.
We all are adjusting to this new paradigm, and the law is trying to keep up as best it can. For now, information governance considerations are being dealt with for the most part on a country by country basis, even in corporations with global reach.
However, data is getting bigger everywhere, and so there is a heightened need to consider how such issues as remediation, categorisation, and applying analytics generally, will play out with respect to data both in the cloud and around the globe.
Considering the massive growth in online data, does the use of automation technologies in Information Governance and eDiscovery make it easier or harder to track, organise, and detect manage data breaches?
I'd like to think that the kind of predictive analytics we are using in the eDiscovery space also has utility for tracking, organising and quickly detecting data breaches, especially given what I agree to be exponential growth in the amount of online data.
What may be important here to point out is that Cybersecurity experts haven't really viewed themselves to be in the "information governance" line of business, yet the C-suite really needs to consider cyber security and privacy not as separate operations but as part of a greater effort to get one's hands around all kinds of information management concerns, which include preservation and access issues as well.
Have legal requirements recently been introduced in the U.S around preserving electronically stored information in the event of a potential or pending litigation?
There is a current proposal in the U.S. to amend the Federal Rules of Civil Procedure to elevate and highlight issues regarding what constitutes a standard for the preservation of electronically stored information, and what kind of sanctions are appropriate for failing to do so.
The existing rules lawyers litigate civil cases vary between jurisdictions, and so the hope exists that what will come from the rules amendment process is some kind of national standard that will result in greater certainty for institutions of all types in what they need to do to act reasonably when faced with preservation issues.
Are organisations and lawyers currently able to meet these requirements? If not, what are the potential consequences?
This constitutes an area of some controversy in the U.S., with members of the plaintiffs' and the defense bar disagreeing on the extent to which "overpreservation" of electronically stored information constitutes a serious threat to the health of the judicial system.
I am on record on behalf of the Information Governance Initiative as expressing the view that technology is the answer to the overpreservation problem, rather than spending an inordinate amount of time wordsmithing the Federal Rules to accommodate this concern.
We need better means of e-record capture and archiving in the short term, and we need smarter ways to filter data so as to separate that which is worth preserving from lower value information for longer-term purposes. The consequences of preserving huge volumes of more data than a business needs seems to me to be obvious: aside from ongoing storage costs, there is a transactional cost in not being able to find what one is looking for, as it seems hidden in plain sight (somewhere in the growing e-haystack).
What are the advantages for the legal industry of introducing automated search methods/technologies ahead of a potential breach versus introducing them post-breach or relying on manual searches? Do you think there will be a standard method or code of practice for automated searches rolled out in the legal industry?
Independent of breach concerns, there is a huge upside to lawyers becoming more familiar with automated search methods and technologies.
First, using such technologies potentially contributes to large savings when parties are in the midst of complex litigation dealing with millions of documents (and maybe more).
Second, pre-breach, the use of smart analytics hold the potential to spot patterns or trends in data that could lead to identifying issues that might later ripen into litigation - leading to early assessments and early settlements if the data is used and analysed correctly. With respect to standard methods or practices for automated searches, there has been a movement recently towards talking about industry standards, including through the mechanism of the ISO.
However, in my view we are still a bit early in the eDiscovery and information governance space to warrant the introduction or imposition of standards that have any binding effect on anyone. I'm watching this space closely however and I urge readers to do so as well.