Webinars      Login/Register      Cart

InfoGovANZ

Information Governance Think Tank

eDiscovery

Legalweek NYC 2020 – The Down Under Perspective

by

New York City

Legalweek 2020 brought together thousands of legal professionals to discuss business, regulatory, technology and talent drivers impacting the industry. The week featured workshop boot camps, conferences, networking events and hundreds of technology exhibitors on the tradeshow floor.  There are three main conferences: Legaltech (the world’s longest running legal technology trade show), LegalCIO, and Legal Business Strategy.   Around the main conferences there are many other events, a few of these are highlighted below.  The following week The Sedona Conference’s International Working Group 6 annual program focusing on cross-border discovery and data privacy was held at the New York Law School.

AI and Privacy

This year’s Legalweek in New York City was dominated by the themes of AI, new and developing technologies and privacy.  The impact of privacy regulations, particularly the GDPR and the California Consumer Privacy Act (CCPA) is driving up compliance costs and also the cost of discovery in legal proceedings.  It is also leading to the development of eDiscovery technologies designed to identify protected information in order to redact or de-identify it in legal proceedings.

The AI bootcamp workshop included discussion about finding uniformity and standardisation of AI.  While many countries and professional associations are issuing AI and ethics guidelines, the challenge of standardisation and implementation need to be addressed.  From the legal perspective the challenges within AI, such as unconscious bias, are significant.  These require both guard rails and a diverse range of appropriately skilled personnel to be involved in data projects involving AI.  In several sessions, the importance of Ethics Councils for AI and Information Governance Councils to govern data and information were a feature of discussions.

LegalWeek AI & Privacy Presentation

Blockchain

One of the keynote presentations was by Bettina Warbug who is a blockchain researcher, entrepreneur, and co-author of the book, ‘Basics of Blockchain’. A political scientist by training, she has a deep passion for the intersection of politics and technology (you can view her TedX talk here -https://www.ted.com/speakers/bettina_warburg).  Bettina highlighted that in the future everything that can be done digitally will be reimagined on blockchain. This will extend reimagining of physical assets as digital twins on virtual machines.  Bettina explained that blockchain in transforming the economy will require machines moderated by both context and rules.  According to Bettina Warburg, the ways in which blockchain will impact the law include:

  • Code as law or machine arbitration. This includes smart contract languages, blockchain virtual machines, machine learning systems, and algorithms for machine based arbitration in autonomous software stack.
  • Compliance innovation where there will be real time compliance audits for any given stat to ensure regulatory requirements are observed, and smart assets that can automatically comply based on the stateful context and rules relevant to them.
  • eDiscovery and mutable records. Blockchain will provide new ways to comply with privacy regulatory developments, while also maintaining the benefits of a stateful and persistent network.

Impact of privacy laws on eDiscovery

The Judges Panel at Legalweek together with other sessions dealing with cross-border discovery highlighted the challenges of new privacy regulations for document production in litigation and regulatory investigations.  The takeaways from the Judge’s Panel and the 5th Annual Exterro + EDRM survey of some 260 U.S. Federal Judges are:

  • Judges want to see greater e-discovery participation from in-house legal teams.
  • New data privacy laws will make e-discovery more expensive.
  • Bad faith and poor communication are the leading causes of sanctions.  Parties are getting sanctioned for (mostly) intentional e-discovery misconduct.

There was an excellent panel discussion on strategies to overcome the conflict of laws in eDiscovery led by Daniel Meyers - Transperfect Legal Solutions, James Sherer – Baker Hostelier, Emily Fedeles - Colgate Palmolive and Katie Perekslis - Transperfect.  This panel discussed the challenges of irreconcilable priorities when managing data flows in legislation and investigations.  Discovery obligations often conflict with privacy regulations, blocking statues, bank secrecy laws and state secrecy laws.   The discussion included strategies to overcome the conflict of laws including implementing data minimisation as required by the GDPR, CCPA and Australia’s APPs, which is part of good information governance, as well as on site processing and reviewing of data.  Explanations were provided of the different technology tools that can be used to identify and redact personal data.

Key tips from this presentation included:

  • Think strategically from the outset. Early identification of discovery obstacles and issues allows a party to manage the discovery process more effectively.
  • If discoverable data is subject to foreign data protection laws, understand what exceptions may be available to enable transfer, and consider involving local counsel.
  • Assess what can be done abroad to minimise conflicts – this may include setting up a temporary cloud in the foreign jurisdiction, local data processing and/or review, and using technology to redact non-essential protected information to achieve compliance with foreign regulations and meet eDiscovery obligations

LegalWeek eDiscovery presentation

Another excellent session was on the impact of collaboration and the use of mobile devices with Robert Cruz, Jonathan Rudolph, Gregory Breeze all of Smarsh and Anthony Diana of Reed Smith.

The increasing use of platforms such as Slack, Microsoft Teams and Zoom presents challenges for both record retention and discovery.  The key for organisations is to understand the risks that these platforms present when confronted with a regulatory investigation or the need to preserve and produce data for discovery for legal proceedings.  Organisations can then evaluate these risks in order to weigh work and project collaboration convenience against regulatory compliance obligations, eDiscovery burdens, and archiving and perseveration challenges.

Emojis – communication

The increasing and accepted used of emojis in business contexts is giving rise to a new critical risk element in corporate communications.  In particular, it provides new challenges in the discovery process, to ensure that all relevant documents including emojis are identified and produced.  The session also discussed emerging technology that helps to target risky communications containing charged words and emojis.

A very interesting overview was provided of the leading cases where emojis had been considered in judgments.  The graph below shows the significant increase of emojis in court opinions in the US in the last few years.

LegalWeek emojis presentation

Information Governance

While a number of sessions were dedicated to the role of Information Governance, it was interesting to see how the continuing development of emerging technologies highlights the need for robust information governance.  As noted above, a significant driver is data minimisation as a result of recent and anticipated privacy regulations, including the GDPR and CCPA.  In the collaboration and mobile device session referred to above, the point was made that -

It all starts with Good Governance

The importance and role of an Information Governance Council or Committee was raised in a number of sessions dealing with technology challenges as well as in sessions where IG was front and centre.  The existence of a cross-functional committee which meets regularly and discusses use cases is key.  The Smarsh panel discussion emphasized that the focus needs to be on the entire organisation when evaluating use cases and not limited to isolated areas.  The increased awareness around data risk in relation to privacy laws, regulatory compliance and reputational considerations highlighted the need for enterprise-wide Information Governance.  This should include accountability measures and sanctions for those employees (including senior executives) who don’t follow policies and procedures.

Nick Inglis and Ann Snyder from ARMA gave a terrific presentation on ARMA’s IG model and the underlying work they are undertaking to build out the model to provide a comprehensive guide to members on Information Governance for 2020.

 

Ari Kaplan’s Legalweek 2020 podcast

You can also listen to leading legal industry analyst, Ari Kaplan’s podcast mixtape from a variety of over 25 legal industry leaders perspectives recorded during Legalweek 2020 at https://lnkd.in/dkANsJs.  From down under it includes Rod Vawdrey of Nuix, Tineke Mann of TIMG and Susan Bennett of InfoGovANZ.

Other events and networking

Legaltech is a great week as everyone is in the one place, all the leading experts, together with technology providers. Many are from all over the world, who all have perspectives of how legal technology is impacting the delivery of legal services. It is great to share experiences and discuss issues, while catching up with the latest technologies and trends.  There are many events both in and around Legalweek where you can catch up with colleagues and network with industry peers.  A few of these are highlighted below.

Commonwealth Brunch and Super Bowl

Our week kicked off with the traditional Sunday Commonwealth Brunch in the famous Tavern in the Park.  Special thanks to James MacGregor of Consilio LLC, Matthew Geaghan of Nuix, and Amit Pandit  of Apt Search & Selection for organising and continuing this great tradition started by our late dear friend Nigel Murray to start LegalWeek. Chris Dale was also missed - we wish him a speedy recovery and look forward to his return next year’s event.  This is our photo from last year – the lack of a photo from this year's brunch is attributed to my jet lag oversight!

 

The NFL Super Bowl took place on the Sunday night and many thanks to Jo Sherman – EDT  and Oscar Bleetstein who hosted a gathering at home complete with celebratory cake.  The Kansas City Chiefs won the Super Bowl defeating the San Francisco 49ers 31-20.

EDRM receptions

One of the highlights from Legalweek is the announcement of our affiliation with EDRM as an Industry Alliance Partner. Since 2005, EDRM has delivered leadership, standards, best practices, tools, guides and test datasets to improve best practices throughout the world, including its Electronic Discovery Reference Model (EDRM).  The photo below shows Judge Peck (ret) and Wendy Axelrod at the second EDRM cocktail reception – each of these events had over 300 people in attendance.

Consilio Reception - Rainbow Room

A highlight was attending iconic Rainbow Room for Consilio’s Legalweek event. Thanks to Mark Garnett of Consilio LLC (pictured below) and to James MacGregor and Matthew Geaghan for taking the photo below as well as their selfie.

Picture10
Picture11
Picture12

 The Sedona Conference WG6 at New York Law School

Legalweek was then followed by Sedona’s international WG6 annual program held at New York Law School.  But first, and in between conferences, there was Saturday night in Brooklyn with dinner at DUMBO with its stunning view of New York city skyline.

 

The Annual Sedona WG 6 meeting was held at New York Law School in Tribeca where Dean Anthony W. Crowell welcomed us.  A number of Sedona draft publications were considered at the meeting, including the APAC eDiscovery Overview paper, which has been in development over the past 18 months by the WG6 APAC committee.

The Judges panel below with their Hons. Michael M. Baylson, James C. Francis IV (ret.) and Kimberly C. Priest Johnson, moderated by Ken Withers, provided an update on cross-border discovery and disclosure case law.  I participated on the cross-border discovery and investigations and data protection laws updates panel, addressing recent significant developments in the APAC region with new privacy laws and regulations in a number of countries.  On this truly global panel, I was joined by Karyn Harty - McCann Fitzgerald (Dublin)who spoke on the hot topic of Brexit and the ensuing uncertainty of the UK’s position in relation to data transfers.  Dino Wilkinson - Clyde & Co (Abu Dhabi) outlined emerging data protection laws and considerations throughout the Middle East region, Jerami Kemnitz - Littler Mendelson (Minneapolis) - Littler Mendelson (Minneapolis) providing an in-house perspective.  The panel was moderated by Denise Backhouse, Littler Mendelson (New York).  Dialogue also centred on the differing impact of the GDPR in the various regions and the issue of harmonisation of global data protection laws.

 

In conclusion

The key takeaways for Legalweek 2020 included:

  • New ways of communicating and working (e.g. using Teams, Slack and emojis) present significant risks and challenges for organisations for record keeping obligations and eDiscovery.
  • Emerging and developing collaboration and communication technologies present challenges in discovery and document production processes and are driving up costs. However, new eDiscovery tools are being developed to address these issues.
  • Over-retention of data increases overall risks and costs, including privacy breaches and eDiscovery burdens.
  • Organisations need to be more proactive in implementing information governance to anticipate eDiscovery obligations and build in privacy by design and default. Technologies are developing to help meet compliance needs, including automated contract review applications.
  • Organisations need to have in place justifiable data retention and disposal policies, which are implemented and updated on a continuing basis.
  • It all starts with good governance - now more than ever, organisations need to implement robust enterprise-wide information governance to optimise the value of data as well as minimise the risks and costs.

Rapid developments in technology will continue to change the way in which legal services are provided and more significantly impact the way in which society functions.  The role of law and the responsibilities of professionals providing legal and technology services are more important than ever.  The opportunities to view the latest developments in technology and to hear and discuss trends as well as network makes for a great trip to New York City.

Special thanks to Denise Backhouse – Littler, Jo Sherman – EDT, Oscar Bleetstein, Taylor Hoffman – Swiss Re, Andrea D’Ambra and David Kessler from Norton Rose, Peter Baumann – Active Navigation, Wendy Axelrod, David Rohde – Epiq, Anthony W. Crowell – New York Law School, Ari Kaplan, Paul Muller, Matthew Geaghan, Enzo Liscotti, Simon Barnier and the team from Nuix, and Mark Garnett, James MacGregor and the team from Consilio LLC.

Author: Susan Bennett, Principal Sibenco Legal & Advisory, Co-founder InfoGovANZ

 

Social Media Perils in Litigation – InfoGovANZ

by

In this InfoGovANZ event, the implications and dangers of the widespread use of social media and apps were highlighted in their evidential value in investigations and litigation.  The importance of technical and forensic expertise in the discovery process was demonstrated by reference to particular cases and technology tools by Brett Webber, Principal, ConsilAD and Matthew Golab, Director of Legal Informatics and R&D at Gilbert + Tobin.  Susan Bennett, Executive Director InfoGovANZ and
Principal, Sibenco Legal & Advisory discussed the duties of technology competence and confidentiality, which extends to cybersecurity to protect client information and the implications of a recent High Court decision.

 

Social Media Perils

As Michael Tieu, posted on LinkedIn following the event, ‘[i]t was truly astounding to see how important it is to be wary of who, what, when and where you post on social media. Once the genie is out of the bottle, it’s nearly impossible to put it back inside. Information governance is as important as ever with the continuing incorporation of social media in our daily activities.’   Brett Webber who has worked on more than 2,000 matters involving social media discovery alone, took us through some of his cases to demonstrate how evidence can be gathered from social media including social media of other people.  As Brett says, ‘how social media is found and technically managed can determine winners and losers in cases.’  This requires technical expertise to find probative material and being able to show the meaning within data collections.

Brett discussed his experiences with social media and litigation answering with the questions, ‘what’s out there?’. The volume of relevant data in freely available the public domain is often counter-intuitively high.

Finding relevant data for litigation / discovery

Social media discovery frequently draws upon tools and techniques honed by Open Source Intelligence (“OSINT”) practitioners.  These techniques involve combining sources or data to form a coherent profile of a target or subject. In addition to finding sources of data authored by a party to litigation, it is normally productive to collect material posted “about” the subject (think of items posted by a third party which include a photo of a person, but without a tag or other element which can be controlled by the subject of the photograph). So even where people are cautious of their own online activity, relevant data are often posted by accounts outside of the subject’s possession, custody or control.

Searching for data using tags, hashtags or words is increasingly ineffective when social media includes pictures or videos without tags or text. Other search and analysis techniques such a location or social connection are required. These approaches require consideration of metadata.

Social media platforms are designed to share data not to keep it private. Social media account “privacy” controls or settings are unlikely to protect data in the long-term. The visibility of data in most social networks is dynamic, for example interactions with other users through an item being liked, commented upon, reposted serve to increase the public visibility of any posted item.

Breach data such as the Paradise Papers and Ashley Maddison are increasingly being indexed and made searchable. Even if the breach data contents are not suitable or useable as evidence, the very existence of such data which is connected to a targeted individual can be informative. For example, it can show interests and hobbies (e.g. online dating) interactions with businesses, real-world activities, ownership of an account or connection to third parties or a place.

Data linking or “pivoting” techniques increasingly benefit from access to commercial data sources such as government land and property or licensing information.  Consideration of these sources with social media data can often provide deep insights.

Collecting OSINT as Evidence

Forensic tools offer particular advantages for litigation-related matters.  Speed, rigour,  completeness and the ability to demonstrate compliant collection methods are all important considerations.  The importance of this is increasingly reflected in emerging bodies of legislation and rules such as the US’ Federal Rule of Evidence 902 (14).

When providing evidence, it is very important to be able to show understanding of the “back story” (context) in the matter and how the information will be used.  If any of that would need to be defended in Court and it may be prudent to engage a forensic expert to assist with a defensible collection.

Social media publication methods continue to change very quickly, necessitating a broad portfolio of data search and collection approaches. Examples of changes and the needed adaptation of collection methods include Facebook’s anti-scraping controls, Instagram and LinkedIn’s Application Programming Interface (“API”) restrictions and an increasingly relevant set of social media data which is not accessible from either web-browsers or APIs but which can only be accessed using mobile devices.  Some of these changes have been reactions to highly publicised matters such as the exposure of Cambridge Analytica’s methods.

Methods of data collection commonly used include:

1. APIs or data feeds from social or other databases.

2. Web-scraping.

3. Commercial data aggregators.

4. Mobile devices (physical or virtual).

Sound forensic methods should show how any data was accessed, how it appeared in its original context and that the resultant data collection hasn’t been tampered with or altered in any way.  Attendant metadata should also be collected and able to be explained – showing the relationship of data, sequence of messages and originating author.

Compelled discovery

Most of the discussion above relates to investigation aka informal discovery.  The identification of accounts and ability to demonstrate relevance and that more data can be collected at reasonable cost are often strong supports for discovery applications where the non-public elements of social media accounts are sought.  For this and for law enforcement liaison requests, forensic methods which identify account details such as a number rather than a name enable efficient and precise collection.

The Sedona Primer on Social Media also addresses the limitations of self-produced data such as Facebook’s Your Data.

An eDiscovery Perspective – Social Media is different to email

Although metadata is quite important in typical eDiscovery which involves emails and documents, social media metadata from the social media platform can be as important as the actual content of a message. For example, in typical eDiscovery, when an email is sent, you have some rudimentary metadata including:

Date and time sent; sender; recipient; subject; content of message

Social media typically has much more extensive metadata. For example, you may take a photo with your phone camera which has the location (GPS coordinates) added to the photo. You then share the photo on social media – some of the social media systems may strip the metadata and/or dynamically reduce the size of the file, however they may also store your location when you uploaded the photo to the social media platform, while also tracking every interaction that is subsequently made with your photo – i.e. who looked at it and when, who commented or otherwise annotated (i.e. likes). In some social media forensics tools, it’s possible to access this deep metadata and so you can then build a graph or who, when and where. Whereas going back to an email, you will rarely know the where, and once you have sent the message you can’t really determine who read it or interacted with it.

Data preservation and spoliation

Spoliation in Australia is surprisingly common. ConsilAD’s experience in Australia is that where data has been produced in procedural fairness disclosures and no explicit communication of the data being relevant for prospective litigation or investigation is provided, it is all too common for data to be altered or deleted at source. By contrast our experience in US indicates an almost universal recognition of the obligation to preserve data. A key benefit from discovery using forensic tools is the ability to show the extent of spoliation e.g. to demonstrate the deletion of data by comparison or juxtaposition of available data with the original forensic collection.

Key takeaways:

1. More is out there than most people expect.

2. Just because you don’t operate a social media account, it doesn’t mean that social media will be bereft of content about you.

3. Leaked and breach data sources and the interaction of online friends transforms data from private to public in many cases. Finders keepers?

4. Privacy obligations for collecting social data might reasonably be considered as triggered when targeted collections are initiated.  This means securing the data, logging it and being able to show provenance and lawful collection.

5. Forensic tools speed up data collection and allow data to be shown in its original context, which can be helpful where the meaning or value of data might be contested.

6. There is a requirement to preserve documents once litigation is reasonably anticipated.  Ensuring clients are appropriately advised and organisations issue document/data preservation notices, referred to as ‘legal holds’ is critical to avoid spoliation.

Forensic data collection methods and technology offer effectiveness and efficiency benefits that amateur efforts do not. For lawyers they are required deliver legal services competently and diligently – this includes technology competence particularly for the discovery process in litigation and securing client’s information.

Duty of Technology Competence

The duty of technology competence for lawyers is set out in the American Bar Association Model rule 1.1 as follows:

            To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.

The Model Rules have now been adopted in 36 US States. Susan discussed some of the recent US cases dealing with discovery issues and directions for adverse inferences relating to evidence unavailability, particularly in relation to social media, and/or failures in the document production process leading to sanctions.  The ABA’s Model Rules are also referred to in the Australian Law Council’s Cyber Precedent, which says;

  • To be a competent lawyer, you need to understand the value of the information that you are dealing with.

  • Failing to properly protect your client’s information that has been entrusted to you could cast doubt on your ability to properly manage your practice.

  • As legal practices operate more in the digital realm the issues of cyber security will play a more prominent role. It is important to keep up-to-date with the current risks and the current security measures.

Susan also discussed the implications of the recent High Court decision in Glenore International AG & Ors  v Commission of Taxation of the Commonwealth of Australia & Ors S256/2018.  In this case, Glenmore’s documents were part of the ‘Paradise Papers’ that entered the public domain arising from the cyberattack on the Bermudan law firm Appelby and stolen from its electronic management system.   The High Court in dismissing Glencore’s proceedings, held that legal professional privilege is not an actionable legal right capable of sounding in injunctive relief.  The implication of this decision will be regulators seeking to rely on documents in the public domain as a result of a data breach, which otherwise may have been privileged and not required to be produced.  The High Court observed that once privileged communications have been disclosed, resort must be had to the equitable doctrine of breach of confidence for protection respecting that use of material.

Susan pointed out that the Glencore decision was distinguished from the High Court’s decision in  Expense Reduction Analysts Group Pty Ltd v Armstrong Strategic Management and Marketing Pty Limited where there had been inadvertent disclosure of 13 privileged documents by the appellants’ law firm to the respondents’ law firm.  In that case, the High Court relied on the Court’s roles in the supervision of the process of discovery to permit a party to correct a mistake to deal with inadvertent disclosure of discovered documents.  The High Court also noted the ethical duty under Rule 31 of the Australian Solicitors Conduct Rules, which deals with the duty of a lawyer to return material, which is known or reasonably suspected to be confidential, where a lawyer is aware that is disclosure was inadvertent.

The key takeaways are that the duties of technology competence and confidentiality include:

·       properly securing and protecting client information, including ensuring appropriate contractual protections with technology and cloud suppliers;

·       ensuring appropriate technology and expertise in investigations and litigation to ensure relevant data is retained, identified and collected efficiently.

The rapid changes in technology, widespread and growing use of social media and apps requires lawyers and eDiscovery professionals to continually keep up to date with changes in technology.  It highlights the critical importance of sound information governance to secure and protect client data and information.

Brett Webber, Principal, ConsilAD

Susan Bennett, Executive Director InfoGovANZ and Principal, Sibenco Legal & Advisory

 

LegalTech 2019 – an Australian and New Zealand Perspective

by

In the last week of January 2019, we joined an estimated 8,000 others in the legal technology community in New York for LegalTech.  For the past three years it has been part of the larger Legalweek, which includes a myriad of concurrent events including LegalCIO, LegalMarketing, Business of Law Forum, and Legal Diversity & Talent Management.

Commonwealth Brunch

Our week kicked off on a blue-sky morning with the Commonwealth Brunch in the famous Tavern in the Park.  The Brunch is a tradition initiated by our late dear friend Nigel Murray.  Nigel had been attending LegalTech for some 20 years and enjoyed bringing people together, particularly those travelling from the UK, Australia, New Zealand, Canada and India.  Nigel was one of the UK pioneers in the eDiscovery and Legaltech industry and well known in the international eDiscovery community, including being the key note speaker for LawFest NZ in 2015.  Thanks to Chris Dale for the toast to Nigel and friendship, and to Craig Ball for the photo. Special thanks to James MacGregor of Consilio LLC, Matthew Geaghan of Nuix, and Amit Pandit  of Apt Search & Selection for organising and continuing this great tradition to start LegalWeek.

Themes – AI, dark data, privacy, emerging technologies

Each year there are usually trends that dominate the event. In the past we have seen the dominance of Big Data, Cloud, Cyber to Predictive Coding, with eDiscovery still being a key focus.

To highlight the trends, Jobst Elster / InsideLegal.com produced a word cloud based on the event agenda (shown below). It is fascinating to see the evolution of themes over the years as the article also provides word clouds from previous events.  You can see the evolution here https://insidelegal.typepad.com/files/2019/01/inside-legalweek-2019-legaltech-agenda-word-cloud-nine-years-and-counting.html.

 

 

The biggest takeaway is how much is changing, and how quickly.

The insights presented are common challenges and opportunities that can be applied to the delivery of legal services the world over. Many speakers highlighted the opportunities and necessity to innovate and embrace technology for today and the future.

There was considerable discussion around the importance of and emergence of greater collaboration. There are now more opportunities for collaboration between – legal departments, law firms, alternative legal service providers (ALSPs) and legaltech companies.

There was plenty of talk around AI, together of what is true AI and not simply automation.

Privacy was also a focus, particularly the impact of the GDPR and the new Californian Consumer Privacy Law which will come into force on 1 January 2020.

Keynotes

US Attorney-Generals on leadership and change

There was the fascinating ‘fireside chat’ with Alberto Gonzales, 80th Attorney General of the United States (2005-2007) and Loretta Lynch, 83rd Attorney General of the United States (2015-2017), as they explored Leadership in the Profession of Law and How It is Changing. They provided some great insights of their journey, together with the trends and evolution of the legal industry.  They highlighted the important of preparation, hard work and the role of mentors in their lives.

 

 

The Attorney-Generals both reinforced the importance of technology in practicing law today with AG Lynch reinforcing “you don’t want every lawyer to be the IT guy, but it is important for firms to make lawyers comfortable with technology”.

The Attorney-Generals discussed the challenge and priority of cybersecurity for government – it is the thing that keeps enforcement agencies awake at night – as well as for the legal profession and their clients.  The rapid changes in technology and the need to protect IP and industries, including agriculture for food security were also highlighted.

The important of privacy and the need for law enforcement to be able to access data in criminal investigations was also discussed.  While the Apple case arising out of San Bernardino was a flash point in the tension between security and privacy, it is clear that the discussion and debate needs to continue.

Brian Kuhn, Founder and Global Leader of IBM Watson Legal

One of the other excellent sessions was the keynote by Brian Kuhn, the Founder and Global Leader of IBM Watson Legal. Brian explored Legal Innovation at Work: Demystifying AI for the Business and Practice of Law, with some great learnings about how the profession can adapt and thrive in a changing market. He reinforced how technological progress is exponential and probably provided one of the best takeaways from the event –

The world has never changed so fast

It will never be this slow again

He also reminded us that AI is dependent on accurate data and that trust is a key issue.

Seeing the technology

The exhibit floor is still a must, even though it still can be overwhelming!

Again, we got to see some exciting new technologies and new releases. It is not solely about what is happening now, but more importantly what is on the road-maps. There were less exhibitors than in past years. This is hardly surprising as the legal innovation and technology market is a very competitive with many excellent events these days, together with evolving ways to gather information, than simply attending in person.

Still, if you provide legal tech you are at Legal tech – in some form or another!

Other events and networking

There are many concurrent events that take place in Legalweek, where you can hear from experts from around the world together with technology and professional service providers.

Susan attended the CDS Corporate Counsel Roundtable NYC 2019 and participated on the Data Privacy panel which focused on the latest privacy developments, particularly the impact of the GDPR globally and the new Californian Consumer Privacy Law – this session was facilitated by Chris Dale from the UK.  Another interesting and interactive session was the Judges panel with retired Judges Francis, Hedges and Mass.  The Judges panel was facilitated by Robert Levvy (ExxonMobil) and Robert Owen (Eversheds Sutherland) and discussed key takeaways from 2018 cases and expectations and trends for 2019.

Another highlight was the Annual Judges Panel and the Practical and Ethical considerations for Social Media Discovery hosted by Driven Inc which took place in the iconic Rainbow Room in the Rockerfeller Center.     The Judges Panel included Judges Rodriguez, Aaron, Laporte, Wettre and Peck (ret.)  – the attendees voted on case studies which led to a very interactive discussion and interesting insights from the judges.  The slide below shows how the attendees voted on a preservation, third party clouds and mobile devices case study where a legal hold had been issued and steps taken to preserve data, but 12 months later the General Counsel becomes aware that highly relevant data has been deleted.

Legalweek which takes place in the depths of New York’s winter, enabled us to experience our first polar vortex. While it was extremely cold, the sunset from the Rainbow Room for the EY LegalTech 2019 reception was spectacular.

Legaltech is a great week as everyone is in the one place, all the leading experts, together with technology providers. Many are from all over the world, who all have perspectives of how legaltech is (or isn’t) impacting the delivery of legal services. The event is a great platform to share experiences and discuss issues, while catching up with the latest technologies and trends.

The greatest value in legal week continues to be the networking opportunities.

There are great opportunities to meet new people and also catch up with old friends.

Below is a photo of InfoGovANZ supporter Active Navigation’s dinner at the American Cut Steakhouse – where it was great to catch up with Peter, Rich and the team.

 

 

Special thanks to Denise Backhouse – Littler, Taylor Hoffman – Swiss Re, Peter Baumann – Active Navigation, Jo Sherman – EDT, Phil Favro – Driven Inc, Eric Schwarz – EY, Warren Kruse – Consilio, Bill Belt – CDS Legal, Wendy Axelrod, Bryn Bowen – Schulte Roth, Rich Kessler – KPMG, David Rohde – Epiq, Anthony Crowell – New York Law School, Julia Miller – Columbia Law School.

Susan Bennett, Principal Sibenco Legal & Advisory, Co-founder InfoGovANZ

Andrew King, Founder & Strategic Advisor, E-Discovery Consulting, Advisory Board member InfoGovANZ

 

How eDiscovery is managing the challenge of what constitutes Personal Information

by

 

The terms Personal Information or Personal Data have been increasing in usage for a while, and with the recent focus on the European GDPR, and the Australian NDB (Notifiable Data Breaches).  This article considers these definitions from the perspective of document production in litigation and regulatory investigations – the process of eDiscovery.

In eDiscovery we are used to redacting sensitive information – most typically legally privileged or commercially sensitive information.  However, prior to the commencement of the Royal Commission into the Financial Services Industry (FSRC) the volume of documents requiring redaction was fairly modest in most matters. This certainly changed with the FSRC, as all documents that are tendered at a public hearing are required to have contact information and customer names redacted. This has resulted in significant efforts in reviewing all documents that are going to be tendered to ensure that the documents have been adequately redacted.

What is Personal Information?

The Office of the Australian Information Commission sets out a very helpful guide on What is personal information. Types of personal information listed are:

  • sensitive information (including information or opinions about an individuals racial or ethnic origin;

  • political opinion;

  • religious beliefs;

  • sexual orientation;

  • criminal record;

  • health information;

  • credit information;

  • employee record; and

  • tax file number.

Under common examples, there are further definitions as:

Information about a person’s private or family life:

  • a person’s name;

  • signature;

  • home address;

  • email address;

  • telephone number;

  • date of birth;

  • medical records;

  • bank account details; and

  • employment details

Information about a person’s working habits and practices:

  • a person’s employment details:

    • work address and contact details;

    • salary;

    • job title; and

    • work practices as well as other business information such as if a sole trader has taken out a loan

Commentary or opinion about a person:

  • a referee’s comments about a job applicant’s career;

  • performance;

  • attitudes and aptitudes;

  • an opinion about an individual’s attributes that is based on other information about them, such as an opinion formed about an individual’s gender and ethnicity, based on information such as their name or their appearance. This will be personal information about the individual even if it is not correct.

Information or opinion inferred about an individual from their activities, such as their tastes and preferences from online purchases they have made using a credit card, or from their web browsing history.

The Royal Commission into the Financial Services Industry has a practice guideline (PG4 Contact Information and customer names in documents to be tendered), which includes Personal Information such as:

  • direct telephone numbers;

  • email addresses;

  • residential addresses; and

  • signatures.

What is Personal Data?

Under the EU General Data Protection Regulation (GDRP) the definition of Personal Data includes  any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.  Personal data that has been de-identified, encrypted or pseudonymised but can be used to re-identify a person remains personal data and falls within the scope of the law. Personal data that has been rendered anonymous in such a way that the individual is not or no longer identifiable is no longer considered personal data. For data to be truly anonymised, the anonymisation must be irreversible.

The GDPR protects personal data regardless of the technology used for processing that data – it’s technology neutral and applies to both automated and manual processing, provided the data is organised in accordance with pre-defined criteria (for example alphabetical order). It also doesn’t matter how the data is stored – in an IT system, through video surveillance, or on paper; in all cases, personal data is subject to the protection requirements set out in the GDPR.

Examples of personal data

  • a name and surname;

  • a home address;

  • an email address such as name.surname@company.com;

  • an identification card number;

  • location data (for example the location data function on a mobile phone);

  • an Internet Protocol (IP) address;

  • a cookie ID;

  • the advertising identifier of your phone;

  • data held by a hospital or doctor, which could be a symbol that uniquely identifies a person.

Challenges for eDiscovery

With the increase in forms of AI and other automation in eDiscovery systems, there are some great tools with which we can identify personal information.   For simple data where there are patterns , it is relatively easy for an eDiscovery practitioner to automatically identify and redact personal information such as:

  • patterns of numbers like credit cards and ACNs

  • common textual strings like email addresses

In both of these examples a regular expression can be used that is designed to look for patterns of numbers: 4[0-9]{12}(?:[0-9]{3})?; or

for email addresses: ([a-zA-Z0-9_\-\.]+)@([a-zA-Z0-9_\-\.]+)\.([a-zA-Z]{2,5})

What can we do about it?

There are interesting developments in the dominant eDiscovery platforms with automatic ‘search and redact’, as well as ways to utilise keyword hit highlighting for key terms.

As you can see from the definitions above, personal information is a lot more complex than these simple patterns and a lot more subjective which would require significant levels of human oversight against both automated identification and redaction, and for the more subjective things such as medical records, commentary against a persons’ career performance.

Matthew Golab, Head of Legal Informatics, Gilbert +Tobin, InfoGovANZ Advisory Board Member

 

AI and the Law – the future is here

by

Artificial intelligence (AI) is already making significant inroads to the practice of law and producing efficiencies and cost savings.  This article looks at how AI is being utilised in different parts of legal practice and the transformation of legal practice that is already underway in the delivery of legal services from litigation through to contract management and Chatbots.

Litigation & eDiscovery

The production of documents has traditionally been a very expensive part of the litigation process.  The development of eDiscovery software tools to identify, retrieve, process, filter and search provides significant costs savings in the litigation process.  These cost savings are even more significant with latest software tools and right expertise are utilised.  The latest developments in the eDiscovery industry include the use of AI technology.

Early forms of AI were built into the globally dominant eDiscovery platforms.  For the past 10 years these platforms enabled document clustering and concept extraction and over time increasingly sophisticated visualisations were included. These features were then expanded to include a ‘find similar’ function (against a document, a phrase, a sentence). About 3-4 years ago, predictive coding engines as well as sampling functions were introduced to the platforms. Predictive coding is typically referred to as technology assisted review or TAR.   The use of TAR have been accepted by courts in various jurisdictions  – firstly with several US cases, then in early 2016 in the UK with the High Court Phrrho Investments Ltd v MWB Property LTD case [2016] EWHC 256 (Cth), and finally in December 2016 in Australia in a decision of the Supreme Court of Victoria (McConnell Dowell Constructors (Aust) Pty Ltd v Santam Ltd & Ors (No 1) [2016] VSC 734), and orders in a Federal Court of Australia matter (Money Max Int v QBE Insurance, VID513/2015) relating to the TAR algorithms used and methodology in the training and validation.  In January 2017 the Supreme Court of Victoria issued a revised practice note, which included a TAR protocol (Practice Note SC GEN 5 Guidelines for the Use of Technology).

The AI tools in eDiscovery have become more important as the size of the pool of potentially relevant documents has steadily increased. A typical run-of-the-mill commercial litigation matter in 2017 is broadly starting with between 1-2 million documents and so by necessity a variety of filtering techniques are employed to reduce this including utilising the clustering and other AI tools as set out below.  The filtering techniques enable the costs of eDiscovery to be minimised, notwithstanding that the volume of data held by organisations is increasing.

Sampling

Sampling is a tool that is extensively used for the selection of documents for training/coding. It involves selecting a sample size (a % of corpus or a set number) and then the sampling system selects a document set that is a statistical representation of the larger corpus. By using small sample sizes (e.g. 100 documents) and multiple samples (i.e if you have 5 lawyers create 5 samples of 100 relevant documents to the issues in dispute) you can use the coding made against these 500 documents to provide an indication of relevancy of the larger corpus.  The more documents that are reviewed the greater the precision of the prediction system.

Technology Assisted Review – TAR

TAR can be used in many ways in large scale document review. The principle is that lawyers code a set of documents, and the TAR system the uses the lawyer coding to predict the % of relevance of similar yet uncoded documents. The TAR system also presents a set of coding anomalies where the lawyer’s coding is contradictory on similar documents. In some circumstances, you can use this mechanism to complete a production where you are producing documents that have not been reviewed. In this circumstance, you would then have TAR protocols in place with the other parties where you are agreeing to the size of the sample or training set that is coded, the % of recall and the % of precision.

Other ways of using TAR include using it as a way of prioritising or ranking the review. The same principle is applied where you commence the review via sampling and then schedule a regular (i.e. hourly) update of the training/coding and then the prediction percentage of relevance is recalculated. This can be a very effective way of ensuring consistency of coding decisions amongst a review team.

TAR is also a very useful way of helping senior lawyers conduct second round review and ensuring that all privileged or highly sensitive documents have been correctly identified and coded. Depending upon the TAR engine, you can also have many different TAR models running concurrently – for example you may have a TAR model for privilege which is using the privilege coding field, however it is running against the non-responsive document set.

Other features that can be very helpful to organisations include:

  • entity extraction (person, organisation, location, currency, date/time, number); and
  • search mechanisms to find patterns for Personally Identifiable Information (PII) such as -Medicare (or social security) numbers, credit card numbers, phone numbers, email addresses (note that a lot of these are strings of numbers.

It is important to note, that generally these techniques only apply to text and not numbers.  While these tools are very effective for emails, documents and to some extent presentations, they are not as effective for spreadsheets and drawings/plans/maps.

AI – differences between eDiscovery & Contract Management

While eDiscovery is a new industry and that has grown to a $10 billion per annum global industry, there is now a significant revolution underway focusing on AI for contract management and due diligence in merger and acquisition legal work.  The major difference in the use of AI is that in contract management the AI system is focused on identifying similar clauses from a bank of pre-trained clauses. In contrast, the eDiscovery systems typically don’t utilise pre-training, as each litigation matter requires the creation of a seed set of documents relevant to the issues in that particular dispute.

AI in Contract Management

Over the past 5 years there has been a legal technology focus in developing AI based platforms that focus on large scale contract review for due diligence and which can also be used for contract management. There are now many technology providers competing in this market. While there are globally dominant providers there are also many promising and innovative start-ups.

Earlier this year it was reported that JP Morgan Chase & Co have developed a program called COIN for Contract Intelligence which interprets commercial-loan agreements, that had previously taken 360,000 hours of lawyers’ time annually.  It was reported that the ‘software reviews documents in seconds, is less error-prone and never asks for time off’.

The way in which AI is being developed to extract value for organisations to enable improved performance including financial performance directly to the bottom line is explained below.

AI extracting value

As the JP Morgan Chase & Co example illustrates, these AI platforms are designed to identify clauses or standard agreements and generally come pre-trained with a bank of clauses or standard agreements that can be automatically generated at significantly reduced cost and applied to the particular deal.  As an agreement is generated by the AI system, it is utilising machine learning to automatically extract the relevant clauses to the particular situation. In addition, most of these platforms also have a custom clause feature where each client (the bulk of their clients are typically law firms) train their own specific banks of clauses.

A major benefit of AI in contracts is that risks can be minimised by the automatic auditing which ensures contracts are standardised – this is important in particularly large organisations operating across different regions or globally.   Other ways in which value is extracted is by, for example, improved and automatic auditing of contracts – such as billing and contract renewals – ensuring that maximum dollars are extracted in accordance with the contract.

Dashboards and visualisations

In addition to clause banks, the contract AI systems also have dashboards and visualisation mechanisms that enable insights into the corpus at a glance. For example, you are able to see which documents contain a clause, or more importantly which documents omit a clause, as well as other insights such as entity extraction (person, organisation, location, currency, date/time, numbers).

In some instances where the corpus is largely standard contracts that have little variance from the standard, you are able to use these insights very effectively because the review of the standard and then sample similar copies can be significantly expedited.

Clustering of similar contracts

Another feature is the ability to navigate a set of documents via clusters of similar documents. The similarity of these clusters are influenced by the clauses contained within the documents. Clustering can be used as a way to quickly navigate between a corpus, and this feature coupled with the dashboards and other visualisations enables you to rapidly gain insights into the contracts prior to actually reviewing the contracts.

Identification of non-standard and anomalous clauses and associated risk identification

Another very useful function is to have the capability to identify non-standard clauses, or clauses that have a significant variance, as well as the ability to train the system on the risk associated with variance on a standard clause.  This can be important flag as to any potential risks or issues or a beneficial change that should be made to future AI generated contracts.

Auto-routing of contracts to SMEs

These systems also have the capability to quickly and efficiently route or allocate documents to subject matter experts (SMEs). For example, having the ability to route real estate leases to real estate experts based upon the clauses identified in the document.

Automated report generation

As the lawyers review the document and the associated clauses that have been identified, they also make annotations and comments against the document. These can then be automatically exported and presented to clients with minimal editing.

Contract management systems

These systems and techniques can also be used for augmenting contract management systems. Key differences would be scale – in typical due diligence you are looking at a selection of key contracts, whereas these systems can be utilised to give insights across all the contracts. If these systems are used within an organisation, in theory there would be a lot less variance in the pool of template or standard contracts, which enables greater focus on fine tuning the organisation’s bank of standard clauses, which in turn would result in higher accuracy and efficiency.

Other features of AI in contracts include:

  • auto identification of legislation / jurisdiction and location
  • auto identification of parties
  • entity extraction (currency / numbers)
  • key dates
  • key clauses
  • identification of non-standard and anomalous clauses/contracts and associated risk identification

Chat bots

Over the past 12 months, there has been some interesting developments with Chat bots entering the legal area. A chat bot is a chatter robot, which is a type of conversational agent.  It is a computer program designed to simulate a conversation with human users through textual or auditory methods.    A chat bot is typically suited for simple question and answers – i.e. Frequently Asked Questions (FAQ), where there is a set amount of answers on topics.  The bot will analyse a question and attempt to provide an answer on the related topic. Chat bots require considerable training so that the system is able to match the question text against its training set for a relevant topic.

The more powerful chat bots are AI powered where they can readily understand free text (called Natural Language Processing (NLP) or Natural Language Understanding (NLU). These can be applied in many different scenarios – and it is easy for foresee the societal benefits they could bring, for example, to community legal aid centres where they are able to help triage and quantify basic legal questions, such as tenancy issues, managing debt issues etc.

The next frontier is the expansion to speech – i.e. Apple Siri, Alphabet Ok Google, Microsoft Cortana, Amazon Alexa.

A very interesting and arguably the most well-known use of the Chat bots is the ‘Do not Pay’ (www.donotpay.co.uk) bot which had astonishing success in the UK.  In its first 21 months, it took on 250,000 cases relating to parking tickets and won 160,000 (a success rate of 64%) – worth over USD$4 million in parking tickets.    Over the past 3 months, the service has expanded for refugees applying for asylum in the US, the UK and in Canada.

Following the recent Equifax data breach in September 2017, which is reported to have exposed personal information of nearly half the U.S population, about 143 million people,  the author of the Do Not Pay chatbot (Joshua Browder) has launched a chatbot designed to help people make a claim against Equifax for up to $25,000– click here to view.

The development in Chat bots highlight the many innovative uses of AI in the legal industry across the spectrum – from start-ups, incumbent technology companies, law firms, as well as the increasing trend for in-house counsel deploying solutions internally. As the existing technology systems evolve and new systems emerge, we will continue to see the transformation and convergence of technology and the law, which will improve efficiency and deliver cost savings to consumers.

Matthew Golab
Gilbert + Tobin

 

The Governance of Things – eDiscovery in Australia and New Zealand

by

ediscovery aus nz

eDiscovery is the production of relevant documents that parties to litigation or an inquiry are required to produce to either a Court, Royal Commission, Commission of Inquiry or to a government regulator. The eDiscovery industry is a global industry reflecting the enormous growth in information and the specialised technology which has developed to meet that challenge. While eDiscovery is a specialist area of legal technology the challenge of document production extends well beyond in-house legal departments and requires the assistance of IT departments and records management.

Download Now