Did I do any impact assessments? I probably did but nothing related to data protection or privacy. Did the solution cause any harm to anyone? I don’t think so. However, I remembered I spent a fair amount of time reflecting on the users of the tracing systems. The main users were those affected /impacted by the War and the administrators of the systems. Would any Data Protection Impact Assessments (DPIAs) and Privacy Impact Assessments (PIAs) method help me back in 1998?

As part of my PhD, I examined various DPIAs and PIAs and I can say I’m not any wiser in using those impact assessments method except that now I am aware of Data Protection, data privacy and Human Rights.

Right now, I’m reflecting on the contact tracing app after reading the article – The NHS Contact Tracing App: 11 key talking points –published by the BCS. I wonder whether any of the DPIAs or PIAs method has been used by the app designers. I suspect not.

What has been stated is that the review process is the most expansive aspect of edisc (i.e. expansive labor and time and voluminous document). So much so that predictive coding is now not only a tool used for the review process but also has become a topic of its own in the US courts. Is the review process also the most difficult of the edisc process? If you answer ‘yes’ or ‘no’, why do we need predictive coding?
Perhaps some answers (hopefully with relevant questions raised too) will appear in the new book Predictive Coding for Dummies book.

I wonder why there are no Dummies or Idiot’s Guide to the review process, instead one on predictive coding. I guess it is easier to write about a piece of tool/technique and not too easy to write on the review process or not profitable enough to do so.

Why five principles?

This principle – Privacy by design -  sounds great with the 3 words title which is rather arty and catchy like a company’s business motto.

The description – ‘New technical developments have to observe data privacy requirements at an early development stage, thus permitting the introduction of data protecting hardware and software’.

Only ‘new’ technical developments and at an ‘early’ development stage?

Just another play with words for my own amusement.

In terms of designing hardware and software for data privacy and/or protection, the play with words will not help software folks.

Does this mean that Cloud Computing is now passé?

To quote Paknad in the news at law.com: “There’s no easy button, there’s just complex and more complex buttons.”

Complex buttons leading to more sore fingers and eyes ( even with predictive coding! ).

Mmm… I guess the specialist will also read it, perhaps more drawn to the ‘multi-million dollar’ problem. There are still IT folks, even IT security folks (from my own recent exposure at a recent gathering) who are not aware of ediscovery and they are ‘specialist’ in their own fields and in terms of ediscovery they are amongst the ‘masses’.

From another fellow traveller to others, I feel that the ediscovery space has been over-sold or over-rated or even over-exaggerated by (ediscovery) specialists on the few multi-million dollar cases. What about those cases where ediscovery were also ‘the issue’? For me, I certainly would relish more facts or stories from cases whereby ediscovery is a ‘non-issue’. These stories may not be ‘hot hot’ for the press or the masses but from a problem solving angle, it may reveal stuff which even the specialist have not thought about.

For me, ediscovery is about solving problems or involve problem solving. Even in simple problem, there will be questions and answers. So even if ediscovery is a ‘non-issue’ (a simple problem?) what is/are the problem(s), questions and answers?

I guess asking questions or more constructively, knowing what questions to ask and who is/are around or available to ask are ‘issues’ in ediscovery. Hence, I like the post by Dave Healey, with lots of questions.

Finally, put someone you trust, who is diligent, and who is on the case, in charge of eDiscovery, and task them to actively monitor the process on a daily basis!

Who? – another issue in ediscovery!

Can we really distinguish and be able to categorise data into neat buckets (or cells, columns, rows, stacks etc.)? Answer depends on who is distinguishing the data and what the data represent for who. Lots of ‘who’ when it comes to dealing with the reality of data…

This blog was triggered after reading the article, The Fog over the Grimpen Mire: Cloud Computing and the Law, and the recent volcanic ashes quadmire affecting not only the travel industry but also announcement from the ICC on the non- force majeure of the rules of UCP 600 (article 36), URDG 458 (article 13) and URC 522 (article 15), I can’t help but wonder why documents are still needed. No wonder my online banking is never really ‘instant’ when it comes to international payment/transaction – electrons travel but not the paper/document ‘money’. Is ‘money’ real or an illusion? The ‘bucks’ have to stop somewhere and it seems paper is still king in the digital age.

Recently, I was fortunate to have the chance to spend a brief period in the CIETAC office in Beijing and have my first taste of Chinese arbitration-mediation hearing and the administrative work done by the excellent staff in the CIETAC, Beijing. Paper documentation dominants the way the Chinese conduct businesses and invariably paper document finds their way into the dispute resolution mechanism. I am told that the important stuff with document is the red stamp or the seal that shows or authenticate or prove that a piece of document is ‘real’. The seal representing a symbolic proof that the business or transaction is genuine and/or the document has been approved by some high authority or power. In essence the seal is a physical mark – like a signature and yet not quite like a signature more like a symbol recognisable by those who know where the line crosses i.e. the power to draw the line.

Perhaps the Service Level Agreements or the detailed contractual clauses serve as a reminder that the ‘bucks’ have to stop somewhere. The ‘somewhere’ is non categorisable as the ‘act of god’ means different things to different people. Is that why no one really read into the fine print (except those that wrote them?) until the ‘act of god’ becomes a reality to be reckoned with – like in the volcanic ash events?

In my previous work as analyst (system and business) whereby I have to categorise data or model data to fit into a particular business domain or process, I wish I have the luxury to be able to formulate the neat category as described in the article, The Fog over the Grimpen Mire: Cloud Computing and the Law. The author described an approach to the Easter egg business as:
“A cloud computing service that processes data for a small business will have access to four different types of data. First, there is data about the small business’ own customers. For example, the data for an Easter egg business might include a list of past Easter egg purchasers, and information about their purchases. Second there is account data about the small business itself, including its contact and payment details.
Third is data generated by the operation of the services (some of which, for example the internal state of applications, may not be accessible to the small business). Last there is activity data, which tracks when and for which applications the business’ account with the service provider is used.”

What I find interesting is whether such approach to data categorisation can be extended to any business, not only small business. In the context of cloud computing, the law is applicable not only to small business.

My first event was ‘Resolving Business Disputes in Today’s China’ in New York City (organised by the JurisConference). It was a great event, great lunch and interesting lunch debate. Although the event has nothing to do with edisclosure/ediscovery, one of the speaker/panellist did say ‘we avoid ediscovery’. Maybe resolving disputes in today’s China are being viewed as ‘resolving disputes being the same as doing businesses’. Doing businesses in these parts of the world are still steep in the traditional ways of using and/or maintaining ‘face’ or ‘guanxi’. If you have guanxi, then ethical (like arbitrator’s biases or impartiality or independence) or trust issues just do not surface or are naturally imposed in the guanxi relationships. (Hence, Med-Arb is a natural way for resolving disputes in the Far East).

However, there’s more than one party in a dispute and if one of them is not accustomed to guanxi then the game of ‘where to go or which seat or which institution or who has the leverage/assets/ power to turn the table?’ provides the dispute drama. The game is not whether we can find the evidence or whether we need the evidence. It is not a ‘truth seeking’ game. Is that why edisclosure/ediscovery is avoided?

So, my next hob nobbing (for want of a better term?) event is at The Hague. The event was ‘Weighing the Facts: Information Exchange and Presentation of Evidence in International Commercial and Investment Arbitration’.
Note that ‘edisclosure’ was not in the title but there was a topic ‘The Present and Future of Electronic Disclosure in International Arbitration. It was a great pity that only a handful of people were at the second day (half day session only). On the second day, there was a detailed ediscovery presentation. It would have been a great finishing highlight if all the speakers/panellists could gather together (collaboratively?) and share their consensus or divergence views or experiences.
In case anyone is wondering what about the IBA Rules of Evidence? What about it? From what I’ve heard – No changes required now and also in the foreseeable future. Nah! No e-evidence rules required.

Instead, it seems that privilege and ethical issues will become increasingly problematic in information exchange or disclosure in international arbitration. No amount of notes/guidelines/protocols/rules/laws will help cement or create a smooth level playing field for the international players and parties.

What have we got left then? Hob nobbing and/or guanxi? We all know what is hot tubbing. Hob nobbing may potentially create more conflicts of interests (ethical issues) unlike guanxi relationships whereby ‘beneficial rather than conflicting’ interests are at play. More food for exploration!

Well…the wheels of justice chuckle along crankily with or without ediscovery/edisclosure. Maybe the good old fashion hob nobbing and/or guanxi are the new unwritten protocols/rules/laws for e-evidence. Only time will tell…

Here is my (initial) comment posted at the legalprojectmanagement blog :
Ah! Interesting picture of the EPMF. My first question is why do we need a PM framework for ediscovery? What is/are missing from existing PM models/frameworks/methodologies?

I like Paul’s comment ‘the Project Manager may find herself also wearing the hat of Peace Maker’. Perhaps instead of PM for ediscovery, we introduce a new term PM for Peace Maker

Personally, I will opt for a light-weight methodology (based on my own experiences) for managing ediscovery activities. Since I am a non believer in any PM stuff for understanding and/or managing the dynamic interactions between the various stakeholders, I will just be ME and learn how I engage with others and take it from there.So understanding ME is the first step.

It would be great if we can prescribe a model to model the various ‘formed’ opinions/behaviours/perspectives of the people involved in the activities. These are the stuff which makes or breaks projects, right? I am not looking for such a model as human will trump model/process simply because we have model for this/that and for people to act on. Hence we have risk management to manage risks which we can identify and anything else not identifiable we say ‘Acts of God’ or human folly or ingenuity.

Thanks for sharing!
Cher

In my role as an IT manager or project manager, I will never say to my team ‘we must get along with so and so to build this system’ or ‘we should try to talk to each other’. Who relishes to be ‘told’ or talk to on what to do? Definitely not want that directed at/to me and so why do it to my fellow workmates/colleague? It’s simply counterproductive and easily generate towards an ‘I told you so’ culture which ultimately leads to ‘a blaming culture’. In a blaming culture, creating a meaningful or ‘good stuff’ outcomes gets circuited.

I have recently come across several articles/postings highlighting that ‘IT folks and lawyers are still not talking or failure to co-operate’ in ediscovery activities. This is the posting which got me to blog. BTW, a catchy title ‘Legal and IT Are Still Not Communicating’. The posting ended by stating that ‘Only dialog between legal and IT will change that’. (i.e. the respective responsibilities of legal and IT still are not being carried out by many because they don’t understand them). Understanding starts somewhere and dialog is great if both parties are willing to have a dialog. Even building bridges between IT folks and lawyers have surfaced elsewhere.

Let it be known that it is not that IT folks are not talking to lawyers; it is most likely that ‘the talk’ is directed from lawyers to IT folks. (I am assuming in most organizations, lawyers initiate or announce the litigation hold and other ediscovery requests to the IT department). IT folks are used to receiving requests from other departments (including lawyers). However what is unusual in ediscovery is that most IT folks (unless they are trained on ediscovery terms and have exposure to ediscovery activities or have been fully briefly beforehand by legal staff) will treat the request as an IT request rather than an ediscovery requests. It’s not that ‘we are not talking’, it’s more like ‘what are we talking about?’ and ‘how do we start to get to the ‘same starting page?’. Now, how to get both parties to turn ‘talking’ into meaningful dialogue?

Failure starts when both wants to start building bridges to bridge with each other and failed to recognize that the simplest bridge is defining a raft to get to a bridge. There is always a bridge somewhere already waiting for us, just finding a raft is the first hurdle.

Remember the story of building a bridge? Let’s start by learning to define a raft and not focus on building bridges as there’re already bridges (i.e. ediscovery models, tools/systems) waiting to be used.

Finding willing raft designers from both parties is probably the first hurdle

I wish I can trace my friends and ex-colleagues in Zurich so that we can re-visit and re-craft the tales in the light of recent changes in banking secrecy in Switzerland. According to the recent BBC news: “The Swiss government confirmed that in line with OECD rules, it would now respond to overseas requests for information in cases of suspected tax evasion, and not just tax fraud”. Indeed the secrets are getting out and perhaps the gold vaults will also soon be opened for inspection, if my friends’ stories are indeed real.

I love stories especially when they stretches my imagination or lack of imagination (shock, surprises?!) and touches on my real life experiences. Well..Imaging walking above gold vaults just underneath your feet and at the same time being harassed by youngsters begging for money or small change. ‘Are They A Changing’ too in this non-secretive age or rather in this age of no more small changes in times of depression? I do hope so…

I just opened an e-mail alerting me on ‘10 Steps to Manage E-Discovery Projects’. Ah! Something just don’t change ; more steps and guidelines and this time instructing (‘like it or not’ ?!) lawyers to become project managers. Now that is a mighty call.

Having glanced the 10 Steps, I have only one observation (with lots of other reasons which I will not list here as they’re my secrets) that is – Project managers are not ruled by 10 steps activities nor can the ediscovery activities be codified into neat steps.

Imagine (now this is not lack of imagination) a lawyer (with all due respect) having to obey the code of ethics and work product or privileges stuff and then ‘like it or not’ being called to act as a project manager. Performing and/or switching role does not mean roles and responsibilities are clear or executable. In fact the multi-roles may create more mayhem when what one needs in ediscovery are clear roles and responsibilities. Also, imagine what the IT department will think of the Legal department?! Conflict all round I should think.

So I thank Bob Dylan for the imagination to ‘get real’ (lawyer acting as lawyer and project manager?!) and at the same time to imagine the impossible possible (like the change in banking secrecy).