Advanced Encryption and VTL Features Give Organizations New Impetus to Use the Dell DR Series as their “One Stop Shop” Backup Target

To simplify their backup environments, organizations desire backup solutions that essentially function as “one-stop shops” to satisfy their multiple backup requirements. To succeed in this role, they should provide needed software, offer NAS and virtual tape library (VTL) interfaces, scale to high capacities and deliver advanced encryption capabilities to secure backup data. By Dell introducing advanced encryption and VTL options into its latest DR 3.2 OS software release for its DR Series, it delivers this “one-stop shop” experience that organizations want to implement in their backup infrastructure.

The More Backup Changes, the More It Stays the Same

Deduplicating backup appliances have replaced tape as a backup target in many organizations. By accelerating backups and restores, increasing backup success rates and making disk-based backup economical, these appliances have fundamentally transformed backup.

Yet their introduction does not always change the underlying backup processes. Backup jobs may still occur daily; are configured as differential, incremental or full; and, are managed centrally. The only real change is using disk in lieu of tape as a target.

Even once in place, many organizations still move backup data to tape for long term data retention and/or offsite disaster recovery. Further, organizations in the finance, government and healthcare sectors typically encrypt data such as SEC Rule 17a-4 specifies or the 2003 HIPAA Security Rules and more recent 2009 HITECH Act strongly encourage.

Continued Relevance of Encryption and VTLs in Enterprises

This continued widespread use of tape as a final resting place for backup data leads organizations to keep current backup processes in place. While they want to use deduplicating backup appliances, they simply want to swap out existing tape libraries for these solutions. This has given rise to the need for deduplicating backup appliances to emulate physical tape libraries as virtual tape libraries (VTLs).

A VTL requires minimal to no changes to existing backup-to-tape processes nor does it require many changes to how the backup data is managed after backup. The backup software now backs up data to the VTL’s virtual tape drives where the data is stored on virtual tape cartridges. Storing data this way facilitates its movement from virtual to real or physical tape cartridges and enables the backup software to track its location regardless of where it resides.

VTLs also accelerate backups. They give organizations more flexibility to keep data on existing SANs which negates the need to send data over corporate LANs where it has to contend with other network traffic. SAN protocols also better support the movement of larger block sizes of data which are used during backup.

Finally, VTLs free backup from the constraints of physical tape libraries. Creating new tape drives and tape cartridges on a VTL may be done with the click of a button. In this way organizations may quickly create multiple new backup targets to facilitate scheduling multiple, concurrent backup jobs.

Encrypting backup data is also of greater concern to organizations as data breaches occur both inside and outside of corporate firewalls. This behooves organizations to encrypt backup data in the most secure manner regardless if the data resides on disk or tape.

Advanced Encryption and VTL Functionality Central to Dell DR Series 3.2 OS Release

Advanced encryption capabilities and VTL functionality are two new features central to Dell’s 3.2 operating system (OS) release for its DR Series of deduplicating backup appliances. The 3.2 OS release provides organizations a key advantage over competitive solutions as Dell makes all of its software features available without requiring additional licensing fees. This applies to both new DR Series appliances as well as existing Dell DR Series appliances which may be upgraded to this release to gain full access to these features at no extra cost.

The 3.2 OS release’s advanced encryption capabilities use the FIPS 140-2 compliant 256-bit Advanced Encryption Standard (AES) standard to encrypt data. By encrypting data that conforms to this standard ensures that it is acceptable to federal agencies in both Canada and the United States. This also means that organizations who are in these countries and need to comply with their regulations are typically, by extension, in compliance when they use the DR Series to encrypt their backup data.

The 3.2 OS release implements this advanced encryption capability by encrypting data after its inline deduplication of the backup data is complete. In this way, each DR Series appliance running the 3.2 OS release deduplicates backup data as it is ingested to achieve the highest possible deduplication ratio as encrypting data prior to deduplication negatively impacts deduplication’s effectiveness. Encrypting the data after it is deduplicated also reduces the amount of overhead associated with encryption since there is less data to encrypt while keeping the overhead associated with the encryption on the DR Series appliance. In cases where existing DR4100s are upgraded to the 3.2 OS release, encryption may be done post-process on those data volumes that have previously been stored unencrypted in the DR4100’s storage repository.

The VTL functionality that is part of the 3.2 OS release includes options to present a VTL interface on either corporate LANs or SANs. If connected to a corporate LAN, the NDMP protocol is used to send data to the DR Series while, if it is connected to a corporate SAN, the iSCSI protocol is used.

Every DR Series appliance running the 3.2 OS release may be configured to present up to four (4) containers that each operate as separate VTLs. Each of these individual VTL containers may emulate one (1) StorageTek STK L700 tape library or an OEM version of the STK L700; up to ten (10) IBM ULT3580-TD4 tape drives; and, up to 10,000 tape cartridges that may each range in size from 10GB to 800GB.

As each individual VTL container on the DR Series appears as an STK L700 library to backup software, the backup software manages the VTL in the same way it does a physical tape library: it copies the data residing on virtual tape cartridges to physical tape cartridges and back again, if necessary. With this functionality available on leading enterprise backup software products such as Dell NetVault, CommVault Simpana, EMC Networker, IBM TSM, Microsoft Data Protection Manager (iSCSI only), Symantec Backup Exec and Symantec NetBackup, each of these can recognize and manage the Dell DR Series VTL as a physical STK L700 tape library, carry forward existing tape copy processes, implement new ones if required, and manage where copies of tape cartridges—physical or virtual—reside.

Dell’s 3.2 OS Release Gives Organizations New Impetus to Make Dell DR Series Their “One Stop Shop” Backup Target

All size organizations want to consolidate and simplify their backup environments and using a common deduplicating backup appliance platform is one excellent way to do so. Dell’s 3.2 OS release for its DR Series gives organizations new impetus to start down that path. The introduction of advanced encryption and VTL features along with the introduction of 6TB HDDs on expansion shelves for the DR6000 and the availability of Rapid NFS/Rapid CIFS protocol accelerators for the DR4100 provide the additional motivation that organizations need to non-disruptively introduce and use the DR Series in this broader role to improve their backup environments even as they keep existing backup processes in place.




Facebook, SharePoint, Box and Outside In Top List of Supported Products by eDiscovery Software Providers

DCIG expects to unveil its DCIG 2012 Early Case Assessment (ECA) Buyer’s Guide in Q2CY12. As prior Buyer’s Guides have done, it puts at the fingertips of organizations a Buyer’s Guide that provides them with a comprehensive list of ECA software that can assist them in this all-important buying decision while removing much of the mystery around how ECA are configured and which ones are suitable for which purposes.

This DCIG 2012 Early Case Assessment Buyer’s Guide accomplishes the following objectives:

  • Provides an objective, third party evaluation of ECA software products and scores their features from an end user’s viewpoint
  • Includes recommendations on how to best use this Buyer’s Guide
  • Scores and ranks the features on each product based upon the criteria that matter most to end users so they can quickly know which product are the most appropriate for them to use and under what conditions
  • Provides data sheets for 29 products from 24 different software providers so end users can do quick comparisons of the features that are supported and not supported by each product
  • Provides insight into which features in the product will result in improved identification and evaluation
  • Provide insights into what features the product offers to optimize their operating environment
  • Gives any organization the ability to request competitive bids from different providers of software that are “apples-to-apples” comparisons

As an added benefit this blog provides a sneak peek into the results of the software provider survey and assessment. Using DCIG’s new online survey system we have identified key products supported and used by software providers.

It has always been smart to think before you speak, but social media systems require us to think before write. In fact, some say that adult career aspirations can be made or broken based on what a teenager or college student writes on their Facebook or Twitter account. The aspirations can be halted because of the increased scrutiny by civil, criminal, organizational and corporate investigations in to what is being written.  

Increased investigation has led to an increase in eDiscovery support for social media by software providers. DCIG research indicates 40% of the surveyed software providers for eDiscovery/ECA products support Twitter and Facebook. Software providers who do not have product support, offer services to identify, preserve and collect from social media. 

Figure 1: Search and identification of ESI from social media sources

eDiscovery social media sourcesHowever, investigations for civil and criminal do not stop at public facing social media accounts. Our judicial circuits are requesting access to personal cloud file sharing accounts. Cloud file sharing accounts extend beyond those provided by an employer to personal cloud file sharing accounts.

In response to this changing environment, software providers have expanded their product capability to support cloud file shares. DCIG research indicates Box is the highest priority when it comes to eDiscovery/ECA investigation support.

Figure 2: Search and identification of ESI from public cloud file shares

 eDiscovery cloud file sharesDCIG research and upcoming Buyer’s Guide for ECA extends deeper into software provider capabilities related to search, management, operating environment, user interface and their end users support. eDiscovery buyers can be assured that DCIG evaluated enterprise criteria as well.

Software providers act according to a changing landscape in enterprise collaboration.  They have voted with their product support by placing Microsoft SharePoint on equal footing with EMC/Documentum in terms of ECA support.

Figure 3: Search and identification of ESI from Content Management Systems

 eDiscovery content management systemsIn addition to supporting commercial software, several software providers indicated support for two Apache projects:

  • Apache Chemistry – Apache Chemistry provides open source implementations of the Content Management Interoperability Services (CMIS) specification.
  • Apache Tika – toolkit detects and extracts metadata and structured text content from various documents using existing parser libraries.

For example, when software providers were how they supported different file types, e.g. txt, xls, mp3, rtf, epub, etc, many responded “with third party tools.” Supporting a third party product for various document types enables a software developer to focus on the eDiscovery and Early Case Assessment workflows.

Figure 4: Search and identification of file types

 eDiscovery search and identify file typesThe upcoming DCIG Buyer’s Guide for Early Case Assessment software will be groundbreaking. Some buyers and sellers may not agree with DCIG’s weighting and rankings. However, everyone will agree having over 300 features of 29 software products identified as supported and NOT supported will be very beneficial.




Four Prerequisites for eDiscovery/Early Case Assessment Products

Companies who execute Information Governance plans are looking for eDiscovery products supporting Early Case Assessment (ECA).  ECA is a combination of search, workflow management, information processing, and multilingual user interfaces. ECA requires a cohesive set of technology, business and data science stakeholders to select products.

ECA is powerful business process, but identifying ECA products is a beleaguering task.  ECA mashes together eDiscovery and technology requirements.  The “mashing of requirements” creates a broad matrix of products and functionality. Without question, eDiscovery has significantly evolved within the last few years.

DCIG and eDiscovery Solutions Group (eDSG) are developing an inaugural Buyer’s Guide in 2012 on eDiscovery/Early Case Assessment.  DCIG has chosen to partner with eDSG because eDSG is a well known international thought leader and Information Management Consulting firm that specialize in Information Governance and eDiscovery in the Cloud with Global 2000 Stakeholders, Technology Vendors and Service Providers.

eDSG is combining its Information Governance and eDiscovery expertise with DCIG’s well-honed Buyer’s Guide business process.  The result is a Buyer’s Guide that will weigh, score, and rank capabilities and features on multiple eDiscovery/Early Case Assessment products. The products are given classifications of Basic, Good, Excellent, Recommended and Best-in-Class.

We expect the inaugural 2012 eDiscovery/Early Case Assessment Buyer’s Guide to cover 30-40 products and their companies.  As we assess the inclusion of companies and products for the Buyer’s Guide, we expect their capabilities will be categorized in to eight (8) project areas made popular by the Electronic Discovery Reference Model.  Those eight (8) areas are:

  • Identification
  • Preservation
  • Collection
  • Processing
  • Analysis
  • Review
  • Production
  • Trial

However, assessing products based solely on EDRM isn’t common among buyers of eDiscovery/Early Case Assessment products.  Buyers are benchmarking products using five (5) functional areas.  The functional areas include:

  • Management – this is defined as capabilities that support preservation, processing, production, etc within EDRM.  Buyers require a specific type content deduplication when purchasing an eDiscovery/Early Case Assessment.  Deduplication examples include deduplicate in single matters, deduplicate across multiple matters, near deduplicate in single matters, near deduplicate across matters, etc.  Recently, Google were left wondering about their eDiscovery/Early Case Assessment software management capability as it didn’t support or detect near duplicates.
  • Search – this is defined by simple and advanced search and search management functions.  Buyers require search support for archiving systems such as Symantec Enterprise Vault, HP Integrated Archive Platform, Autonomy Message Manager or EAS, IBM Common Store, EMC SourceOne, Microsoft Exchange Archive 2010 as well as mainstream content management and networking equipment. Buyers also require advanced search capabilities for social discovery, e.g. Box, Dropbox, LinkedIn, Evernote, etc.  However, buyer needs extend beyond content sources to semantic and heuristic search capabilities such as clustering, natural language retrieval, relevance ranking, etc.
  • Operating environment – this is defined as a combination of technologies and services required for eDiscovery/Early Case Assessment software to operate.  Buyers require a specific implementation model which may consist of one or more of the following On-Premises Software, On-Premises Appliance, SaaS via Vendor Datacenter, SaaS via 3rd Pary Datacenter, requiring installation services, user installable, requiring expansion services, user expandable, etc.
  • User interface – this is defined as technologies that directly impact user operational efficiency.  Buyers require capabilities that support cost and time projection based on electronically stored information (ESI) their teams have identified. In addition, basic document manipulation that is legally defensible such as Auto best fit documents, zoom, rotate, annotate, redact. local print with and without overlays etc. Recently, buyers of eDiscovery/Early Case Assessment have suggested legacy user interfaces, those more than a few years old, are negatively impacting their user productivity, thus recent user interface designs are a plus when rating this section.
  • Support – this is defined as offerings that make the product more usable, dependable and efficient.  Buyers of eDiscovery/Early Case Assessment require training for end users such as Live Online, Recorded Online or Live Classroom.  In addition, support that goes beyond traditional 24x7x365 or 8x7x365, to include 4 hour onsite engineer or 24 hour onsite trial support.  Moreover, buyers are also distinguishing products by evaluating online knowledge base, software development kits and social networks.

DCIG and eDSG intend to consider all eight (8) EDRM project areas and five (5) functional areas as listed above.  The Buyer’s Guide will identify an overall winner and a handful of recommended products.  However, not all companies will be included.  DCIG and eDSG have prerequisites for inclusion.

Over the last few years requirements for eDiscovery and Early Case Assessment have evolved.  Those vendors who have evolved and fulfill prerequisites will be included.  We are considering the following as a demarcation point for our inaugural 2012 eDiscovery/Early Case Assessment Buyer’s Guide:

  1. The ability to utilize sophisticated search across an entire enterprise network and industry standard archiving platforms to identify, categorize, analyze and report on potential evidence without the requirement to preserve or collect.
  2. Integration with other eDiscovery technologies such as legal hold, workflow management and document management as may be required to provide a complete end-to-end solution for the entire eDiscovery lifecycle.
  3. Native support for unpacking and flattening of all standard file types, e.g. ZIP, MSG, without the need to move ESI to a third party processing technology.
  4. Updated, extensible, customizable user interface that supports Unicode, e.g. Japanese, Chinese, etc

Based on those prerequisites, DCIG and eDSG have identified specific products for inclusion in the inaugural 2012 eDiscovery/Early Case Assessment Buyer’s Guide including, but not limited to:

Autonomy EMC/SourceONE Exterro
Gallivan and O’Melia (GGO)/Digital WarRoom Guidance Software IE Discovery
Kroll Ontrack Inc. NUIX OrcaTec
Recommind StoredIQ Symantec/Clearwell
Venio Systems WorkProducts X1 Discovery

DCIG and eDSG understand the complexity involved in identifying, assessing, evaluating and then proceeding with a subset of eDiscovery/Early Case Assessment products.  We expect our inaugural 2012 eDiscovery/Early Case Assessment Buyer’s Guide to be complete and ready for use in February of 2012.  Please note, the prerequisites are not yet finalized.

There are at least one or two other prerequisites that DCIG and eDSG is considering for inclusion in the inaugural 2012 eDiscovery/Early Case Assessment Buyer’s Guide.  So as DCIG and eDSG do this research and prepares its inaugural eDiscovery/Early Case Assessment Buyer’s Guide, DCIG and eDSG will seek to identify those eDiscovery/Early Case Assessment vendors that minimally meet the four prerequisites and then see how they stack up against one another.




Redact-It Brings Secure Black Outs to Electronically Stored Documents

Before storing documents electronically gained acceptance in the enterprise, retrieving documents meant parsing file cabinets and retrieving paper forms. And when it came time to share that information with the public without revealing classified information, it usually meant copying the original document and then pulling out a black marker that was used to cross out sensitive information on the copy, followed by more copying until the underlying text could no longer be seen. So while in the last decade most companies have scrapped file cabinets in favor of document images, more companies keep the black marker handy than they would probably like to admit.

It is only natural that companies would want to share their electronically stored documents outside of the organization with third parties. However a familiar problem has emerged: how to hide information from public view that could be harmful to the business or to customers if exposed without a handy-dandy marker to make those changes. Informative Graphics recent announcement of Redact-It now allows companies to mark out sensitive areas on documents and securely share these images without the fear of exposing sensitive information. 

The prevalence of regulations such as PCI-DSS (Payment Card Industry Data Security Standards), FTC Red Flag Rules, FRCP (Federal Rules of Civil Procedure) and HIPAA, just to name a few, make the liabilities associated with exposing any sensitive information on electronic documents untenable for most companies. Informative Graphics understands this and makes the security of digital images and compliance a top priority. 

Although redacting information on digital images is not new technology, what is new is Informative Graphics approach to this problem. Redact-It offers several improvements over current technologies:

Eliminates Search Risk of Redacted Information. Currently redaction involves drawing black polygons over information. Unfortunately this presents a security risk as it allows the underlying information to be searched and revealed even though it is supposed to be redacted. Redact-It makes a copy of the document and removes the underlying information as part of its redaction process to making the information unsearchable. This approach secures the information from unauthorized exposure.

Allows Retrieval of Redacted Information. Making a redacted copy allows you to revert back to the original document if needed. An original copy is also still available to those who have viewing rights to all of the document’s information.

Per Document or Template Based Redaction/ No longer do you have to redact information on a per document basis.  Instead, templates can be created with predefined redacted areas that allow for automatic redaction of bulk images when scanned. 

Multiple Vendor and eDiscovery Integration. Redact-It integrates with large imaging companies such as EMC Documentum, Interwoven, and Open Text as well as Microsoft SharePoint.  This integration allows for partial or template based redaction of information from document imaging market leaders. Redact-It also helps in eDiscovery processes by providing redacted information when complying with FRCP procedures. Redact-It can take a “peek through” approach to legal documents allowing redaction of everything in a document and only allowing peeks at the information necessary to meet your FRCP obligations. 

When dealing with personally identifiable information within digital images, there are numerous risks. Mitigating these risks through Informative Graphics unique approach to security and compliance through true redaction and verifiable audit trails allows you to meet the heavy burden of regulation.  Information redaction is not exactly sexy and redacting information within digital images is definitely not new technology. However Informative Graphics approach is not just a rehash of old technology and it certainly goes well beyond using black markers by providing a more sophisticated solution that addresses a growing problem in this age of electronically stored documents.




Bringing eDiscovery inside the firewall, DiscoverReady’s eDiscovery vision

Synopsis Part 1: Electronic Discovery: Legal counsel’s mood and can we handle blogs and wikis?

Synopsis Part 2: Educating IT and Legal on legal risk management

Synopsis Part 3: Determining when to dispose of data and reducing review costs
Synopsis Part 4: Bringing eDiscovery inside the firewall, DiscoveryReady’s eDiscovery vision

Electronic
data discovery interview –  James “Jim” K. Wagner Jr., CEO and Co-Founder, DiscoverReady LLC, (Part 4 of 4)

Jim Wagner is a co-founder of DiscoverReady LLC, a national provider of
integrated discovery management services, and is a frequent public
speaker on best practices for effectively gathering and reviewing
electronic discovery.  Jim is responsible for many of DiscoverReady’s
strategic initiatives, including the development of its
industry-leading PrivBank™ application and its progressive i-Decision™
process. (more)

By Joshua Konkle writing for dcig.com
www.dcig.com

Joshua Konkle: In your experience, what are the pitfalls that enterprises have yet to encounter when bringing eDiscovery inside their firewall?

Jim Wagner: Depending on the organization’s state of eDiscovery acceptance, the pitfalls vary.  For those businesses that have brought eDiscovery behind the firewall, they have already encountered several challenges.  Let these serve as a warning list to newcomers:

  • You are in the eDiscovery business– can you offer 24/7 support? 
  • How do you handle uptime during network maintenance?
  • Can your system and service team accommodate late night productions for tomorrow’s court date? 
  • Do you have a help desk and/or rapid response system?  Are you able to grant third parties secure, limited access to your internal network, i.e. creating secure network identification to shepherd this process?
  • Are you capable of handling broad-based enterprise legal holds and accommodate storage requirements of eDiscovery systems?

For organizations that are involved in behind the firewall eDiscovery systems we expect to see more challenges, such as:

  • We’ve seen several rulings and press related to poor collection practices, but very little coverage of failures by enterprises as full service providers (collection through review and production).  As more and more enterprises assume the role of full service provider, it’s likely that we will start to see rulings on this front as well.
  • “Behind the firewall” can be inefficient for outside counsel, thus poor service and/or technology selections can result in more hourly fees for the client.
  • Patience in choosing technology is required at this juncture in the eDiscovery cycle.  There are some very good choices in terms of existing technologies; however, some of the new technology entrants, with good teams and solid communities, may offer even greater strategic value in terms of higher level analytics and great range of functionality.  Market consolidation is also creating more complex and integrated discovery players.  For an example in this area, consider Iron Mountain’s acquisition of Stratify.
  • Data leaks and breaches of corporate data – legal data is higher value and a more critical target for privacy breaches.
  • Finally, knowing if your team has selected the right application will depend on the ongoing assessment of your legal business process.  Organizations must track their ROI to justify the continued investment in their eDiscovery infrastructure and the team required to manage it.

Joshua Konkle: What is your company’s vision for dealing with escalating costs in review datasets for large cases?

Jim Wagner: Management of the eDiscovery review process is our core service offering and it is why we started the company–to provide defensible, strategic and cost-effective review to corporate counsel.  Our recommended solution is fixed cost review (with project pricing based upon the number of documents to be reviewed).

This is delivered by marrying efficient resources, high-speed review applications and proactive project and process management.  We also use higher level strategies, such as our Dynamic Data Analysis™ (a blending of statistical, conceptual and legal analysis), to both identify relevant documents as quickly and cost-effectively as possible, and to simultaneously reduce the total amount of data required to be reviewed.

Our business model is not based on managing a single case.  We look to work with companies on an ongoing, tactical and strategic basis.  Since we work on multiple cases, our clients’ ROI is a based on the savings they can achieve in enhancement of the eDiscovery process over the long term.

If
you would like to communicate with Jim directly, she can be reached at
info(at)discoverready.com or by calling DiscoverReady at 1 212 699 3960.

www.dcig.com publishes interviews with legal professionals; click here for more eDiscovery interviews.




Mary Mack talks legal, technology and risk management through education

Synopsis Part 1: Data mapping helps you answer “How long do I have to keep my data, really?”
Synopsis Part 2: Mary Mack talks legal, technology and risk management through education

Electronic
data discovery interview –  Mary Mack, Corporate Technology Counsel, Fios, Inc, (Part 2 of 3)

As Corporate Technology Counsel for Fios, she has more than 20 years
experience delivering enterprise-wide electronic discovery, managed
services and software projects with legal and IT departments in
publicly held companies. Mary is a hands-on strategic advisor to
counsel for some of the largest products liability class actions,
government investigations and intellectual property disputes. Clients
include the largest law firms, pharmaceutical companies and insurance
companies in the world.

A member of the Illinois Bar, ACCA and the ABA’s Section on Litigation,
Mary received her J.D. from Northwestern University School of Law
(1982) and a B.A. from LeMoyne College in Syracuse, NY. She holds
certifications in Computer Forensics and Computer Telephony. (more)

By Joshua Konkle writing for dcig.com
www.dcig.com

Joshua Konkle: How do you educate the IT people on important legal concepts?

Mary Mack: First of all, I have a BLOG, Sound Evidence, and welcome everyone to view it on soundevidence.discoveryresources.org. Fios publishes articles, works with industry partners like DCIG, provides training at multiple levels (legal and legal technology) and speaks at industry conferences. Most importantly, we get on the phone with clients and prospects to help them better understand their electronic discovery issues and questions.

In addition, we work with our clients to facilitate a close working relationship between IT and legal. For example, we have experienced several situations where IT made a buying decision but didn’t consider the legal requirements. IT had worked with all of the other business units to gather requirements. Because legal was not consulted, issues around legal holds, preservation and metadata were missed. Legal may be viewed as a reactive group, but to manage risk, IT must understand the legal requirements for retiring, migrating or deploying new systems to minimize impact on litigation.

For IT professionals who see no reason to treat evidence any differently than any other data, I practice a simple chain of custody exercise. I have them simply “move” files from one physical disk to another. Many people interpret data movement like they would move a chair; however, when you move Electronically Stored Information (ESI) from one physical device to another, it moves a representation of the original item. Critical things like data ownership, group security, created date and many other pieces of metadata (data about data) are changed when the data is “moved.”  This minor issue can become a major legal risk when authenticating chain of custody in court.

Try explaining that key spreadsheet that shows you valued your subprime portfolio correctly is authentic, particularly since it lists last week as the “create” date. This simple exercise has encouraged many IT departments to adopt what we call an “empowered collection” protocol, using tools in a very specific way, coupled with great documentation, for ensuring chain of custody.

Joshua Konkle: How do you educate legal counsel on IT?

Mary Mack: One of the areas we educate clients on is in the application of technology for electronic discovery. New technology can be wonderful. It can also cause disaster. Companies will buy tools to reduce their review costs and exposure around discovery, particularly in the areas of early case assessment, collection, preservation and case management. The disaster comes from a lack of assessment and planning as to how these technologies will impact scale, chain of custody and legal workflow, specifically on active litigation. Fios generally recommends customer who are buying new technology to pilot these applications on low profile and low risk cases. Yet, we hear that many companies are buying these tools in an effort to save money and use them on the larger cases immediately.

System testing should be done on copies of previous case data. Do not test or evaluate on original evidence – forensically collected or otherwise. For example, several years ago we received a call from a potential client who had received about a terabyte of native evidence from an opposing counsel. We quoted them a price, $10,000 hypothetically, to image the evidence (back in the day when TB images were pretty rare). They thought the fee was too high. So they used an off-the-shelf search solution, DTSearch, to analyze the evidence. When we inquired about their forensic copy and how they were managing chain of custody and authenticity so they could introduce what they found into evidence, they simply replied “No, we didn’t make a copy, we are using the original.”


Synopsis Part 3: What is the mood of legal counsel as it relates to legal risk management?

If
you would like to communicate with Mary directly, she can be reached at
info(at)fiosinc.com or by calling Fios at 1 877 700 3467.

www.dcig.com publishes interviews with legal professionals; click here for more eDiscovery interviews, grab the news feed and new for April 2008 we are offering updates via email, including a monthly electronic discovery newsletter starting in May.




Data mapping helps you answer “How long do I have to keep my data, really?”

Synopsis Part 1: Data mapping helps you answer “How long do I have to keep my data, really?”
Synopsis Part 2: Mary Mack talks legal, technology and risk management through education

Electronic
data discovery interview –  Mary Mack, Corporate Technology Counsel, Fios, Inc, (Part 1 of 3)

As Corporate Technology Counsel for Fios, she has more than 20 years
experience delivering enterprise-wide electronic discovery, managed
services and software projects with legal and IT departments in
publicly held companies. Mary is a hands-on strategic advisor to
counsel for some of the largest products liability class actions,
government investigations and intellectual property disputes. Clients
include the largest law firms, pharmaceutical companies and insurance
companies in the world.

A member of the Illinois Bar, ACCA and the ABA’s Section on Litigation,
Mary received her J.D. from Northwestern University School of Law
(1982) and a B.A. from LeMoyne College in Syracuse, NY. She holds
certifications in Computer Forensics and Computer Telephony. (more)

By Joshua Konkle writing for dcig.com
www.dcig.com

Joshua Konkle: One of the most frequently asked questions by CIOs and others worried about the cost of data management is “how long do I have to keep my data, really?”  What do you say when you get asked that question?

Mary Mack: Unfortunately, the best answer is “it depends.”  Each company’s business challenges are unique, but the challenge of policy required by the courts or government regulatory agencies is not. Data retention and disposition are workflows designed around business processes. The process of identifying what groups, people, documents and issues are at most at risk and tracking that through a formal data mapping process is something that Fios helps clients with on a regular basis, proactively or for a particular 26(f).

This process enables IT and legal to put boundaries on documents created by groups, but stored outside of content management or traditional document management and workflow products. After data is mapped and under management control, companies can institute (and lift) defensible legal holds according to their litigation portfolio.

Joshua Konkle: There appears to be some gap between what legal teams require to support eDiscovery and the capabilities available today in data management technology. What advice do you have as a vendor trying to assist their clients in addressing litigation readiness and review costs challenges?

Mary Mack: You must address people, process and technology as a whole, like a project triangle. If you take away from one, you must give to the other. Customers want predictability in their processes and technology.

In terms of people and process, electronic discovery presents an unusual challenge in that IT is constantly trying to narrow the focus for predictable actions and operations. Legal is traditionally trying to widen the scope or expand it to ensure nothing is missed. For example, an attorney will ask multiple questions to get to a single point:

  • What is your first name?
  • What is your last name?
  • What year were you born?
  • What month were you born?
  • How old are you?

When these two groups meet, the language and focus is decidedly different. Fios consultants use skills of communication and collaboration to bridge this gap. This has been the focus of Fios since our inception nearly a decade ago. We pioneered the concept of litigation readiness in 2003, well before the amendments to the Federal Rules were in place, and have built an entire portfolio of discovery planning services to help both IT and legal prepare for discovery challenges. For example, in the data mapping process, we help them focus on eDiscovery as a business process that incorporates:

  • Physical & digital data
  • Business use of the data
  • Physical locations where the data is stored
  • Litigation portfolio and high-risk issues
  • Retention policies and data governance practices

Our goal is to support our clients’ legal business process management challenges. And yes, there are too many gaps in the eDiscovery process for technology today to deliver the “easy” button solution. But technology advancements have made great strides, and so have the people using it. It’s the process that’s the hidden secret to success.

If
you would like to communicate with Mary directly, she can be reached at
info(at)fiosinc.com or by calling Fios at 1 877 700 3467.

www.dcig.com publishes interviews with legal professionals; click here for more eDiscovery interviews, grab the news feed and new for April 2008 we are offering updates via email, including a monthly electronic discovery newsletter starting in May.




Electronic Discovery behind the firewall and AXS-One vision, will it be 20/20?

Synopsis Part 1: AXS-One agrees Spitzer and financials drove email archiving, what’s next for blogs and wikis?
Synopsis Part 2: AXS-One is educating legal on IT, but CIOs and IT must fend for themselves
Synopsis Part 3: Electronic Discovery behind the firewall and AXS-One vision, will it be 20/20?

Electronic
data discovery interview –  William “Bill” Lyons, Chairman and Chief Executive Officer, AXS-One®, (Part 3 of 3)

Bill
Lyons joins AXS-One after serving as chief executive in several high
growth software companies for large enterprise markets. In his last
assignment, he served as President and CEO of Caminus Corporation, a
publicly traded software company, providing mid and back office
software applications to the global energy industry before it was sold
to SunGard Data Systems. Previously, Mr. Lyons served as Chief
Executive Officer of numerous software companies in both the public and
private marketplace including Ashton-Tate, ParcPlace Systems, Finjan
Software and NeuVis. Prior to his software executive positions, Lyons
spent 18 years at the IBM Company in various sales and marketing roles
culminating as Vice President Software/ General Manager PC
Merchandising.

By Joshua Konkle writing for dcig.com
www.dcig.com

Joshua Konkle: What is driving the need for in house eDiscovery platforms?

Bill Lyons: eDiscovery review costs are driving legal budgets higher.  Traditional vendors, like Kroll Ontrack, have made significant revenue gains on very large margins by going over the same custodian data multiple times.  Businesses realize the same custodians are involved in multiple cases.  It is relatively simple to identify the cost savings if the data was managed once, in-house, with a self-service eDiscovery system.

For example, we have partnered with RenewData to recover customer data from tapes to an online disk based eDiscovery system.  We partner with RenewData to build historical archives of tape data for our clients.  This enables them to find and manage custodian data using workflow and retention management solutions, in a self-service manner.
 

Joshua Konkle: In your experience, what are the pitfalls that enterprises have yet to encounter bringing eDiscovery inside their firewall?

Bill Lyons: Our experience shows organizations bringing or wanting to bring parts of the eDiscovery process (certainly the early case assessment work) in house. The problems we see organizations encountering are logistical and expert resource issues.

Our anecdotal research shows IT in many organizations is not well prepared to handle this new business technology process.  If they attempt to build an eDiscovery system vs implementing simple tools, IT will be stretched too thin.  Further, our clients determine early on that making IT responsible for a lot of eDiscovery tasks is sub-optimal.  As I stated earlier, General Counsel (GC) want true self-service tools to address false positives, chain of custody and above all else – false negatives.  By false negatives, I mean finding something that shows they were in the right, but in fact were in the wrong.

For example, we recently had a medium sized manufacturing firm, about 5000 employees, come to us to help address records compliance and archiving.  The company’s GC wanted more than early case assessment, but their IT group wasn’t equipped to handle the demands of legal holds and case management.  Through requests like that, we continue to validate the current need for Software as a Service (SaaS) record compliance and for years to come.

In companies where eDiscovery is a challenge, the first answer is to start looking at the data earlier in the litigation process.  This is being called Early Case Assessment (ECA), Our clients realize that ECA is a great way to reduce eDiscovery costs.  We have delivered ECA, but we can also share the burden of proof.  To do both, with limited resources and reduced logistical risk we recommend they use a SaaS solution.  For example, Morgan Stanley’s uses SaaS record compliance.  Using our SaaS or on-premise systems ensures companies can manage their legal risk versus reacting to it.

Joshua Konkle: What is your companies’ vision for dealing with escalating costs in review datasets for large cases?

Bill Lyons: As CEO I’m happy to say my sales, engineering and operations teams are executing against our shared vision. AXS-One latest functionality includes a very sought after Case Manager module.  It is providing our customers with a true self-service discovery and review capability.  If I may indulge a bit on my team’s hard work; the Case Manager enables our customers to:

  • Conduct initial searches themselves
  • Review and modify the results of the searches
  • Add dispositions to the searched results
  • Package the search for additional review by outside counsel/other 3rd party

If
you would like to communicate with him directly, he can be reached at
info(at)axs-one.com or by calling AXS-One at 1 201 935-3400.

www.dcig.com publishes interviews with legal professionals; click here for more eDiscovery interviews or sign up for the feed.




AXS-One is educating legal on IT, but CIOs and IT must fend for themselves

Synopsis Part 1: AXS-One agrees Spitzer and financials drove email archiving, what’s next for blogs and wikis?
Synopsis Part 2: AXS-One is educating legal on IT, but CIOs and IT must fend for themselves
Synopsis Part 3: Electronic Discovery behind the firewall and AXS-One vision, will it be 20/20?

Electronic
data discovery interview –  William “Bill” Lyons, Chairman and Chief Executive Officer, AXS-One®, (Part 2 of 3)

Bill
Lyons joins AXS-One after serving as chief executive in several high
growth software companies for large enterprise markets. In his last
assignment, he served as President and CEO of Caminus Corporation, a
publicly traded software company, providing mid and back office
software applications to the global energy industry before it was sold
to SunGard Data Systems. Previously, Mr. Lyons served as Chief
Executive Officer of numerous software companies in both the public and
private marketplace including Ashton-Tate, ParcPlace Systems, Finjan
Software and NeuVis. Prior to his software executive positions, Lyons
spent 18 years at the IBM Company in various sales and marketing roles
culminating as Vice President Software/ General Manager PC
Merchandising.

By Joshua Konkle writing for dcig.com
www.dcig.com

Joshua Konkle: How do you educate the IT people on important legal concepts?

Bill Lyons: AXS-One is a software company and we don’t try to pretend to be lawyers!  We have sufficient experience in-house to be able to educate on key concepts and direct GC to appropriate organizations (such as consultants with whom we have ongoing relationships) where they can get more information, as necessary.  Most importantly, we encourage prospects to talk with existing customers on the issues. During 2007, this has been a regular topic for discussion during our customer advisory board meetings, for instance.

Joshua Konkle: How do you educate legal counsel on Technology?

Bill Lyons: In the same way that we have been advising Compliance Officers on IT issues for more than 15 years, we have developed extensive domain expertise to advise GC on IT issues. 
We encourage prospects to talk with our existing customers on the issues.  Moreover,  my marketing teams just completed two major events with General Counsel , one in the US and one in Australia.  Both events were well attended, but the US event covered a broad range of legal topics.  I was happy to learn from that AXS-One was the 2nd most requested vendor at those events. Both Australian and US attendees made it clear that legal counsel is focused and looking for solutions now.

Practically speaking, we have a couple of customers who have appointed specific appointments to manage communications between IT and legal groups.

Joshua Konkle: One of the most frequently asked questions by CIO’s and others worried about the cost of data management is “how long do I have to keep my data, really?”  What do you say when you get asked that question?

Bill Lyons: We can help is the first thing I say.  We have been providing record compliance solutions for many years.  In all cases, we discuss the need to plan for secure destruction and work with customers on implementing appropriate technology to manage the retention, disposition, preservation and destruction of data.

The appropriate technology comes in the form of defining business documents by way of business process evaluation.  Axs-One system incorporates business process management (BPM) application and uses that to support data definitions for retention and disposition.  In addition, we have a legal hold capability that is integrated into legal search.  For example, a customer searches for data during a certain time frame.  That search can be put on hold, regardless of the data retention requires.  The system also supports tracking physical records, such as a paper and boxed records.

If
you would like to communicate with him directly, he can be reached at
info(at)axs-one.com or by calling AXS-One at 1 201 935-3400.

www.dcig.com publishes interviews with legal professionals; click here for more eDiscovery interviews or sign up for the feed.




AXS-One agrees Spitzer and financials drove email archiving, what’s next for blogs and wikis?

Synopsis Part 1: AXS-One agrees Spitzer and financials drove email archiving, what’s next for blogs and wikis?
Synopsis Part 2: AXS-One is educating legal on IT, but CIOs and IT must fend for themselves
Synopsis Part 3: Electronic Discovery behind the firewall and AXS-One vision, will it be 20/20?

Electronic
data discovery interview –  William “Bill” Lyons, Chairman and Chief Executive Officer, AXS-One®, (Part 1 of 3)

Bill Lyons joins AXS-One after serving as chief executive in several high growth software companies for large enterprise markets. In his last assignment, he served as President and CEO of Caminus Corporation, a publicly traded software company, providing mid and back office software applications to the global energy industry before it was sold to SunGard Data Systems. Previously, Mr. Lyons served as Chief Executive Officer of numerous software companies in both the public and private marketplace including Ashton-Tate, ParcPlace Systems, Finjan Software and NeuVis. Prior to his software executive positions, Lyons spent 18 years at the IBM Company in various sales and marketing roles culminating as Vice President Software/ General Manager PC Merchandising.

By Joshua Konkle writing for dcig.com
www.dcig.com

Joshua Konkle: What is the mood of legal counsel out there?

Bill Lyons: They are buying solutions for their challenges in 2008.  2007 was a “tire kicking” year, where we experienced many General Counsels and IT departments evaluating products and asking questions.  There was a lot of self-education, largely brought forward by the Federal Rules for Civil Procedure (FRCP).

Prior to 2007 the drivers for archiving were two fold 1) operational efficiencies and 2) SEC 17a4.  The latter required financial services companies to maintain a record of every email sent and received from the company.  These two issues drove the systems to retain and manage data, largely email initial.  The early success of products from KVS, Inc, now Symantec, are clear examples of people buying for specific applications.

2007 was a year of calm in the early email archiving business.  Our business picked up as prospects started asking hard questions about record compliance searches that included with legal hold and chain of custody, as well as retention management.  Our customers excel at resolve retention and disposition challenges by working through our “game plan workshop.”  It is a proven strategy for driving cross-team discussions and achieving consensus.

Joshua Konkle: There appears to be some gap between what legal teams require to support eDiscovery and the capabilities available today in data management technology.  What advice do you have as a vendor trying to assist their clients in addressing litigation readiness and review costs challenges?

Bill Lyons: Our advice is for prospects to ask very specific questions and spend time on a proof of concept to ensure the required functionality actually exists. The following is a short list:

•    What are the ESI types handled by the platform?
•    How does the product handle retention and disposition?
•    How does preservation/legal hold work within the application?
•    Are the correct level of search and case management available?
•    How does the search, retrieval, preservation marking, etc perform?

We recommend that these questions be answered by a legal technology team that includes the General Counsel (GC).  In our experience, GC is looking for self-service capabilities.  The self-service platform shoud enable them to search the archive directly, as well as complete the first round of document review, via a unified interface.  This type of early search, aka early case assessment, is the number one way to reduce review costs and eDiscovery budgets. Finally, GCs must ensure that there is a chain of custody validation available for all data.

Joshua Konkle: How are you dealing with the forensic collection of Enterprise Blogs and Wikis?

Bill Lyons: To date, this has been a topic of discussion, versus a product pre-requisite. It is still not clear what specific data from Web 2.0 needs to be archived.  Once this decision is made, AXS-One can, with its current product, handle these data types. 

Not only are some customers looking at Web 2.0 objects but they are looking at it from a broader perspective of defining what “communication” means.  Must they archive WebEx sessions?  What about other collaboration data such as VoIP (CDR/IPDR), fax, etc.?

Read Part 2, AXS-One is educating legal on IT, but CIOs and IT must fend for themselves

If
you would like to communicate with him directly, he can be reached at info(at)axs-one.com or by calling AXS-One at 1 201 935-3400.

www.dcig.com publishes interviews with legal professionals; click here for more eDiscovery interviews or sign up for the feed.




Managing legal risk using early case assessment to reduce reviewed documents

Synopsis Part 1: Legal and business issues IT must know when choosing an early case assessment tool
Synopsis Part 2: Managing legal risk using early case assessment to reduce reviewed documents

Electronic
data discovery interview –  Gregory “Greg” Buckles, eDiscovery business process consultant, Reason-ed, LLC, (Part 2 of 2)

Gregory
Buckles is an independent corporate consultant specializing in
discovery technology and process solutions. He has 19 years experience
in discovery and litigation including police forensics, law firm,
vendor, corporate and software development. He is an active participant
in the Sedona Conference and EDRM projects.

By Joshua Konkle writing for dcig.com
www.dcig.com

Joshua Konkle: I’ve discussed in-house early case assessment (ECA) with a few vendors.  A common response is risk associated in the review process.  Risk ensues when during the review an attorney needs more data from the source data set for review purposes, thus requiring the company to revisit the ECA system for more data.  I was told in most cases it happens 70% of the time.  What are you thoughts on that review data risk?

Greg Buckles: I would agree with that 70% of the time reviews require more data from the source, in fact, it is probably higher.  The reason the source data needs to be recalled during review is based on a simple fact – “the review phase is the FIRST time a qualified reviewer has looked at the data qualitatively, i.e. custodians, concepts, context etc.”

Waiting until the data is in a review system to evaluate it is causing companies thousands if not millions annually.  Those dollars would be much better spent as pennies, which is the cost of ECA tools in terms of review budgets.  The goal’s are simple 1) reduce data sets going into review 2) improve data review during collection.

Companies can reduce the amount of data being re-requested during review if they evaluated data ahead of review.  If a company desires to reduce the amount of money spent on review they must implement on-premise ECA tools and use them to review data.

Joshua Konkle: In your experience, what is happening today?  Aren’t companies doing early cases assessment through interviews etc?

Greg Buckles: Companies are doing early case assessment.  Often times it is a very simple approach.  For example, an attorney working for the company will ask an employee for their opinion on the issue and to submit all documents and email related to the cases or issue.  Individual perception and memory impact these responses.  Then, when an end-user delivers data it is typically only what they have received and what they have filed.  However, there are thousands or more emails and documents in their sent items.  These little things are unintentionally overlooked by employees.

To overcome these challenges companies need tools that analyze the known relevant data. They don’t need complicated preservation and legal hold; they just need to start looking at the data earlier in the process.  For example, a recent client used the Axis Deduplicator to deduplicate PST files.  , Since the reduced the size, they reduced the cost of an ECA tool.  In this example, the client used Attenex Snapshot reports to get a dashboard view of the custodians and concepts.  The intuitive interfaces enable a focused view to find the critical facts and criteria needed to decide strategy and arm the client for the meet-and-confer.

Joshua Konkle: In your experience, what are the pitfalls that enterprises have yet to encounter bringing eDiscovery inside their firewall?

Greg Buckles: The primary issue is defining which parts of the process to in-source and the thresholds for using outside assistance.   The costs and effort associated with an average discovery must be evaluated.  Then a company can design a legal risk management system in line with their needs and expected budgets.  A gap analysis for both cost and effort will ensure the economics of the system are in the company’s best interests.  By economics, I mean avoiding spending more money than they are saving.  A good start would be to purchase or test ECA tools.

If
you would like to communicate with him directly, he can be reached at
greg(at)reason-ed.com or by calling Reason-eD, LLC at 1 713 530 3416.

www.dcig.com publishes interviews with legal professionals; click here for more eDiscovery interviews or sign up for the feed.




Educating Legal and IT on eDiscovery and policy challenges

Synopsis Part 2: Educating Legal and IT on eDiscovery and policy challenges
Synopsis Part 1: Intelligent collection for eDiscovery processing at $4/gigabyte

Electronic
data discovery Interview – Steve d’Alencon is the VP of Product Marketing at Kazeon, Inc.  (Part 1 of 2) (Part 2 of 2)

Steve
is responsible for leading go-to-market programs for Kazeon, including
solution definition, demand generation, public and analyst relations
and marketing communications. He is a product management and marketing
executive with more than 20 years of experience at top enterprise
software and high technology companies, including running his own
marketing consultancy in Silicon Valley.

Prior to Kazeon, Steve
was vice president of product management and marketing at GoRemote
Internet Communications, a NASDAQ public company that was acquired by
iPass, and vice president of marketing for the Oracle Application
Server Division where he launched the Oracle Application Server and
attained a top 3 market position while helping to double division
revenue. Mr. d’Alencon studied Electrical Engineering and Computer
Science at Drexel University and completed the Stanford Advanced
Management College.

By Joshua Konkle writing for dcig.com
www.dcig.com

Joshua Konkle: In your work with corporate legal counsel how do you help them synchronize their policies and their IT, what is the mood of legal counsel out there?

Steve D’Alencon:  Most of the eDiscovery work today is done tactically to address a pressing, reactive matter (subpoena, internal investigation, compliance request).  Some forward-thinkers are beginning to look holistically at the eDiscovery process with a proactive, “legal risk management” mindset, which requires a different policy approach.

When considering policies, it is important to have a specific, quantifiable and measurable team goal for policy creation.  We have seen the most success in synchronizing corporate legal and general counsel (GC) teams with IT teams when a “Legal Liaison” or IT eDiscovery Support Team roles are created.  These individuals can be IT employees with a legal degree or a technically minded paralegal who have a good understanding of the legal work flow and process.

Further complicating matters, the FRCP amendments intended to clarify the eDiscovery process.  However, this has left people scratching their heads.  The reason may lie in the fact that the amendments don’t specifically state how one should go about fulfilling them.

The process of identification, collection, initial processing, review and analysis has historically been done by outside service providers.  Arguably, due to costs and efficiencies, the efficiencies of using service providers have been unrealized in firms with regular litigation and complex IT infrastructure.  At Kazeon we see policy being driven by reducing costs for collection and review.  The eDiscovery processes are clearly becoming an in-house mandate, in so doing adds additional confusion for retention and disposition policy making.

Joshua Konkle: How do you educate the IT people on important legal concepts?

Steve D’Alencon: There is no silver bullet to educating IT people on important legal concepts. One option is having a 3rd party legal expert or an IT-oriented eDiscovery expert conduct a class or tutorial. Typically, this would include a discussion on basic legal concepts, the FRCP amendments, the time line and work flow implied by the amendments, best practice examples of policies/rules used in industry and some case law citing successful defenses and notable losses as it relates to technology processes.

Joshua Konkle: How do you educate legal counsel on IT?

Steve D’Alencon: Educating legal counsel on IT or technical products/concepts is not as hard as it may sound.  IT and legal are not familiar with their respective jobs, process and daily activities.  Therefore, the approach is similar in conducting some sort of class or tutorial on important IT concepts and the various best practices.  This would include a discussion on ESI, content and metadata, storage technologies, how technology can accomplish different types of legal holds, what different types of technology are useful for reactive vs. proactive eDiscovery activities, etc.

If
you would like to communicate with him directly, he can be reached at
www.kazeon.com or by calling Kazeon toll free at 1 800 KAZEON1 (1 800 583 9661).

www.dcig.com publishes weekly interviews with legal professionals; click here for more eDiscovery interviews or sign up for the feed.




What IT and Legal need to know for better Electronic Data Discovery

Synopsis Part 1: What IT and Legal need to know to improve Electronic Data Discovery processes

Electronic Data Discovery Interview – John Ashley, EVP of Electronic Evidence in First Advantage’s Investigative and Litigation Support Services (NASDAQ:FADV) segment (Part 1 of 2)

Mr. Ashley is a former British Detective who has been investigating computer crime since 1989.  Specific case work includes illegal pornography, business accounting fraud, terrorism and murder.  More recently John has worked closely with many technologies, including all of the prominent email platforms.

By Joshua Konkle writing for dcig.com
www.dcig.com

Interviewers Note:  John has a great history of electronic data discovery and forensics, dating back to 1989 where he worked at Great Manchester Police Obscene Publications Unit as the first police officer in the UK to investigate computer pornography .  While there he investigated all other forms of technical crime involving computers, such as: hacking, cracking, virus writing, phreaking, mobile phone cloning and credit card duplication.  It was interesting to see he was involved in phone phreaking a term we don’t see much of anymore.

His CV is thirteen (13) pages of history related to forensics within the burgeoning technology industry.  Some notable company cases included Quantum (NYSE:QTM), JDS Uniphase (NASDAQ:JDSU), a unique case involving Back Orifice 2000, as well as Sumitomo Corporation $2.6 billion copper fraud.  It would take several blog entries just to talk about John, but he is a candid gentleman with a wealth of knowledge and great sense of humor.

Joshua Konkle: In your work with corporate legal counsel how do you help them synchronize their policies and their IT, what is the mood of legal counsel out there?

John Ashley: We generally get involved when litigation has commenced.  The first thing we look at are the corporate record retention policies.  Typically they are comprehensive, but corporate enforcement is limited and not good enough.  My experience is that companies are better off not having a policy, than to have a loosely enforced policy.  A good policy is only as good as the enforcement.  I stress enforcement of policies, which exposes disconnects between what legal wants and what technology can do.

Joshua Konkle: How do you educate the IT people on important legal concepts?

John Ashley: It is important that IT understands Federal Rule 30(b)(6). This rule is the corporate deposition process used to depose corporate witnesses, including the technical staff regarding corporate policy, enforcement and controls.  Understanding this and being prepared for it is the most critical aspect of litigation for an IT staff member.  The people being deposed are supposed to be able to answer questions about the corporate technical environment.  First Advantage does assist their clients’ IT people with 30(b)(6) preparedness.

Today’s products are focused on issues pre-litigation; collection, preservation, pre-processing and information management, whereas four years ago they were not.  Products have traditionally been designed to manage business information and litigation processes.  They did not offer auditing, tracking and legal hold capabilities that are now possible.

Joshua Konkle: How do you educate legal counsel on IT?

John Ashley: Most legal counsel tend not to have the time or the training to understand the technology.  Legal has needs related to litigation and only make requests, expecting IT to find the tools to address it.  However, take tapes for example, Legal will believe it’s very simple to retrieve ten custodians’ email over a period of six months.  With the data on the tapes there are multiple issues: 1) Indexing 2) tape format 3) backup software version 4) hardware platform that can complicate the retrieval.  We need legal to understand storage like they understand paper, post-it notes, written signatures, etc.

Part 2 of dcig.com interview with Mr. John Ashley will appear later this month as “Litigation readiness using proactive intelligent collection and preservation

If you would like to communicate with him directly, he can be reached at First Advantage Sterling, VA offices, 703 230 3000.

DCIG, Inc publishes weekly interviews with legal professionals; click here for more eDiscovery interviews or sign up for the feed.




Sorting Out How Records Retention and Discovery Rules Apply to Real IT Could Take Another 8 to 10 Years

Synopsis Part 2:  Sorting Out How Records Retention and Discovery Rules Apply to Real IT Could Take Another 8 to 10 Years

eDiscovery Spotlight: Interview with Johnnie M. Jackson, Jr, former VP
and General Counsel for Olin Corporation and currently Lead Director of
the Advisory Board for ESI Strategies, New York, NY (Part 2 of 3, Part 1 of 3)

By K.E.H. Polanski writing for dcig.com
www.dcig.com

Kelly:  When we last talked, you stated that it is important that the General Counsel (GC) and the CIO need to talk to each other and work together on weighing records retention cost against company risk.  Why does this seem to be so hard in most organizations?

Johnnie:  It is also important to understand that the GC and the CIO have very different views of the world – they don’t always understand that, and that can lead to miscommunications and problems really understanding the other’s needs.  CIOs come from the point of view that they need to keep the systems going 24/7 and they are very sensitive to costs and demands on manpower.  A GC may have a totally different point of view; for example, “we have a legal problem, here’s what I want, do it.”  For them, information systems are a tool and understanding the tool is not all that important.  The GC either gets what he or she wants or not, and they don’t care how. The reality is, however, if each spent just a little more time trying to understand the others needs and what could go wrong, so many problems that do pop up could be avoided.

Let me give you an example of what I mean.  An IT professional thinks in terms of 1’s and 0’s, on or off, black or white.  To Legal Counsel, in contrast, there are no absolutes.  This person is going to say words like reasonable, best effort and good faith.  None of which translates easily into IT activity.  A GC is very used to gray areas.  And from an IT professional’s point of view, someone from the GC’s office only shows up when there is trouble so they are already on the defensive.  GCs also have the weight in a company to force action.  All of which raises the blood pressure of those in the IT department, and none of which breeds open communication. Both sides are usually frustrated.  Both sides are trying, and are well intentioned, but they just don’t always speak the same language. They need to have more lunches so they can get to know how each other thinks.
 
Kelly:  What’s the point of view of the courts in all of this?

Johnnie:  I think Judges are in the position of trying to learn about eDiscovery just as practicing lawyers are trying to learn.  They are still sorting it all out and are applying the traditional standards of what is reasonable – they are doing the best they can.  What is important is that the standards are evolving.  I would guess that it’s going to take another 8 to 10 years to sort it all out.

Kelly:  So how do people work all this out?  What would you advise?

Johnnie:  The good news in all of this is that GCs and CIOs really are talking more.   My advice to CIOs and GCs and those who work for them is to set the tone within your organizations.  Take a step back, figure out how you want to run your business, and work together from there to determine how you need to manage your records.  Determine what makes business sense for YOUR organization.  CIOs need to take the time to understand what the legal department needs, for example, when it requests a legal hold and legal needs to understand how the IT systems work at least to the point of knowing how the legal hold will be managed from the IT perspective and where the problems – such as automatic tape rotation and deletions –  could defeat the intent of the legal hold.

Part 3 and 3 of DCIGs interview with Mr. JM “Johnnie” Jackson will appear later this month.

If you would like to communicate with him directly, he can be reached at jjackson (at) esistrategies.net or in his Stamford, CT office at 203-353-9493.

DCIG, Inc publishes weekly interviews with legal professionals; click here for more eDiscovery interviews or sign up for the feed.

Bitnami