Preservation orders and the rules on Electronically Stored Information (ESI) are complex areas for policy makers and also IT folks. Some of these issues I have raised in my article and also briefly during my talk at BCS in November 2011. Both these are available on this page.

Personally I find the term, ESI a confusing term in the context of electronic discovery/disclosure (edisc). In edisc it is not only the digital/electronic information in storage that the rules/laws are addressing. The word ‘stored’ implies storage media/medium/devices and the data in storage is ‘at rest’. Hard to imagine that emails are ESI. In my talk I stated that edisc folks tend to address edisc by talking about discoverable media/medium/devices which is not the case in edisc. So now the proposed FRCP is addressing ‘discoverable information’ instead of just ESI.

For information, the electronic discovery database is maintained by K&L Gates and here’s the blurb:

“Electronic Discovery Case Database  K&L Gates maintains and continually updates a database containing over 900 electronic discovery cases collected from state and federal jurisdictions around the United States.  This database is searchable by keyword, as well as by any combination of 28 different case attributes, e.g., on-site inspection, allegations of spoliation, motion for a preservation order, etc.  Each search will produce a list of relevant cases, including a brief description of the nature and disposition of each case, the electronic evidence involved and a link to a more detailed case summary if available.”

In the world of IT and wearing my project manager hat on, ediscovery/edisclosure is another ‘activity’ to add to the list of items to consider. In the past (before ediscovery/edisclosure is coined) and in projects I have been involved in, I will do ‘cultural sensitivity’ sensing and ‘who is who’ and ‘who knows what or their role etc’ (the word coined is stakeholder analysis). I have held workshops (e.g. internet banking projects) whereby lawyers were invited as ‘key stakeholders’ and IT people were doing ‘who knows what’. Guess what were the outcomes? Lawyers may know a lot but they generally don’t want to reveal or share ‘openly’ in a workshop. If they do reveal or share, there will be more meetings with several paper memo type exchanges.

What can be done to improve collaboration between lawyers and IT people?  Before attempting collaboration, both teams need to sense ‘who is who’ (not only the IT people) and whether they can deal with whatever the outcomes and learn to accept whatever the consequences.  (fear of being open?) I don’t know any rule books or processes to do this. It’s beyond reckoning… Like some people just can’t ride a bike no matter how many books they have read or seen. This is just my sudden reckoning!

I like the word, protodigital. I would like it better if this word can be a mantra for lawyers and IT folks to get to know ‘who is who’ to reach to ‘who knows what’.

The article titled ‘The Big Data Dump’. Great title for an article that touches on pretty much the reality of life from technology, business and from the kids to the big boys to the Supreme Court.

Well the  ‘dumping’ also extended to changing the law (American Civil Law) or some new rules. Ms Love Kourlis’s quoted in the article : ‘Judges in civil cases, she says, need more power to assess and define the appropriate amount of information that can be sought in each case. Civil cases ought to require both sides to disclose what information they have, as in criminal cases, thus ending the game of hide-and-seek that makes both parties ask for more, for fear of missing something. And shifting lawyers away from being paid by the hour (see article) would mean that they no longer had an incentive to add to the process.’

So what next?

Just the same old content i.e. the US stuff on the FRCP, e-mails, retention policy, technological tools for search and guides etc.

Flip through the nice charts and the articles and go straight to pages 20-21. Spot anything interesting? BTW you can also download a pdf version, how cool… Also the reader is reminded on IBM on every page.

The acronym, CYA caught my attention…

Seems that CYA is recognised as ‘simple human nature’ and when it comes down to saving their e-mails, employee can use ‘CYA’  argument against their employer.

Gosh, I guess one has to find new ways of dealing with e-discovery. So besides the charts and the step by step good practice guides, one can also use ‘CYA’ to save yourself and your e-mails. Would be interesting to see if there will be ‘CYA’ related e-discovery cases.

The above legal article also mentioned the Text Retrieval Conference (TREC) 2006 study which was also examined by Will Uppington in the article, Better Search for E-Discovery, March 11th, 2008

What I find interesting in Will Uppington’s article is the finding; ‘One of the best ways to get better search queries is to commit human resources to improving them, by putting a “human-in-the-loop” while performing searches’.

Reading in between these two ‘search themed’ titles, one from the legal side and the other from a technical perspective, highlighted the contrasting findings and interpretation on the TREC 2006 study

What else can we say/talk about the ‘human-in-the loop’, the ‘virtuous cycle of iterative feedback’ & “interactive” search methodology?

Well such phrases/concepts are not new. What is new is that the ‘human actions’ aspects are creeping (awareness?) into the ediscovery space. Other knowledge researchers outside the ediscovery domain have been busily coming up with phrases/concepts such as the ‘concept searching’ methodologies. Reality (or inertia adoption) testing of such newer technologies are clearly not well understood (too good to be true?) by the courts and practitioners.

On human actions and computer programs, a beautiful quote comes from my friend, Roger C: “While computer programs can write other computer programs, they can’t write the first program”.

To that I will add: An expert is only effective in the human-in-the-loop search if the expert is also an expert in the codes

If you’re curious on how a Solution Provider ‘makes sense in plain English of the FRCP, scan the posted white paper.

I cannot comment on the MessageOne solution as I have not used or been exposed to the product.

However in the white paper there is a statement ‘Data is never lost, and companies have robust search and retrieval functionality to meet the legal and compliance challenges facing all industries, today.’

‘Data is NEVER lost’? This is a myth with or without an archive system.

It’s so easy to forget that once e-mail is sent /delivered (a copy may reside on your sent folder/archive), the information/data is also OUT of reach of the sender. Another food for though – how to make sense of the clawback agreements for e-mails?

Last week I went to the infosecurity Europe event in London as I was attracted by the keynotes titles and the interactive theatre. Besides returning home with three different caps/hats, one even has a battery attached to it (stress balls seems to be out of fashion for the security nerds and herd, which is good for me because I love hats), I also found that security is no longer confined to ‘security policies’ or even ‘communications policies’. Information security is an industry itself even though having a secured information system/network is still a myth.

On the panel discussion: ‘Which is more important – Compliance, Security or Operability?’, the question then is Compliance or Operability?. ‘Compliance’ is compliance with an array of rules/regulations/standards and no debates there and since ‘Operability’ (the intended meaning here is that the system is functional/operable/available) is also one interesting ‘ilities’ (others are ‘traceability and trackability’) for ediscovery; I was hoping to hear more debates on ‘operability’. No debates whatsoever on operability, instead couple of enlightening questions were raised around ‘information asset’. Ah! back to security in terms of protecting assets. Questions raised are ‘How to identify information assets including assets in the ‘cloud’? ‘How to put information asset at appropriate risks to achieve maximum value?’ These questions are also relevant for ediscovery. Worth pointing out that asset identification is one key activity of risks management. How many organisations perform risks management on a regular or even a sporadic basis? How many organisations have security policies or communications policies in place? In place or not, policies are considered ‘given’ if organisation is not to be burdened with ediscovery.

Interestingly, the shift seems to be on the monitoring of systems/networks/e-mails etc (any conceivable ESI ) otherwise also referred to as ‘vulnerability management’ (replacing risk management?).

Monitoring of electronic communications was recently reported in the article, ‘E-Discovery Keeps an Eye on the Job’ by A. Michael Weber New York Law Journal April 25, 2008. Here, the assets (also potential sources of ESI) are not just e-mails but also physical assets. Now imagine working in an organisation whereby such assets are ‘classified as company secrets’?! Mmm I wonder what Bruce Schneier will write after ‘Beyond Fear’. I have not read the book, just what’s on http://www.schneier.com/book-beyondfear.html. How about ‘Beyond Reason’?

Before I get too carried away, back to the infosecurity show…

A striking reminder comes from the chair of ‘The Hacker’s Panel’ (which I also attended out of curiosity as I was attracted by the lack of disclosure on the topic which said ‘ for legal reasons the panellists will not be revealed) was the old adage, ‘you can’t control what you can’t measure’. The theatre (non interactive, capacity 100-200) was pretty full. I remembered having to queue to enter.

So the reminder further re-inforced that information security is a myth. Can’t measure, can’t control. Can’t measure because no (reliable/operable?) information is available on cybercrime. Some mumbling on human factors, change behaviour, ‘hacker’ mindset gaps all revealing that security is not just related to policies, codes, printers, e-mails or networks.

Also a good reminder for ediscovery/disclosure

Just recently my friend, Martin (another ex-student of QM) pointed out another article in the International Journal of Arbitration, Mediation and Dispute Management, Vol 74, Number 1, February 2008 issue, the title; ‘Confronting the Matrix:Do the IBA Rules Require Amendment to Deal with the Challenges Posed by Electronically Stored Information? by Nicholas Tse and Natasha Peter.

As expected, the answer is a simple ‘yes, the IBA Rules require amendment’ (like the 1st article). The solutions though are not so simple. For me, the solutions are not within the IBA Rules. That’s another story.

Although the second article provided guidance from the English and US amendments and strategies for dealing with problems posed by ESI, the challenges posed by ESI for arbitrators and parties are still in the making or rather unconfronted.

Can one confront the Matrix and maintain a ‘flexible’ IBA Rules?

Maybe there will also be a publication from the Spring Conference (March event):
THE SECOND ANNUAL PROGRAM ON GETTING AHEAD
OF THE eDISCOVERY CURVE: STRATEGIES TO REDUCE
COSTS & MEET JUDICIAL EXPECTATIONS