Thought Leader Interview with John Wilson of HaystackID, Part Three: eDiscovery Trends and Best Practices

I recently interviewed John Wilson, Chief Information Security Officer and President of Forensics for HaystackID, who has more than two decades of experience providing IT, eDiscovery and digital forensics consulting services.  We covered so much with regard to eDiscovery trends that we couldn’t fit it all in a single blog post.  Part One of my interview was published Monday and part two was published on Wednesday, here is the third and final part.

You’re a frequent participant on HaystackID’s education webcasts, what’s your observation on how competence in eDiscovery has evolved over the years and where it stands today?

That’s a really interesting one. I enjoy sharing and educating, so that’s something that I do keep a fairly close eye on. I would say, as a whole, the industry has evolved quite substantially. Back in the early days, there wasn’t a lot of experience to draw from, it was all learning by being in the pit and figuring out how to do it. In today’s world, there’s a lot of educational opportunities.  You have law schools with eDiscovery programs and you have paralegal programs that have eDiscovery programs.  The industry itself has programs – for example, our HaystackID educational webcasts.  So, there’s certainly a substantial growth in the amount of information available and we’re definitely in the information age. I think today’s eDiscovery consumer is certainly a lot more educated.


I remember back in 2010, years after the eDiscovery world was alive and robust, going to a client and having an initial consultation about a case.  The client at one point picks up a box of paper and says, “Here it is! I’ve got my eDiscovery”. I said, “Well, that’s not exactly eDiscovery, but we’ll get you there”.

I don’t encounter that anymore. People are used to dealing with digital data and eDiscovery and PDFs and TIFFs, and not even so much TIFFs anymore.

But there’s a much larger need for expertise across the universe. Where education needs to really expand now is more entity-based, getting the corporations to become more knowledgeable. The corporations have intelligent people with knowledge, but the “rank and file” hasn’t adopted the body of information into their workflows and processes. As I said, there are large litigious companies and organizations with people that have eDiscovery knowledge with best practices and workflows in place. But, the company body isn’t adopting the knowledge, so I think that’s where the industry needs to grow and continue to focus efforts in getting the organizations to be more intelligent about how they handle compliance and information governance, eDiscovery and how all that ties together.

What else are you working on that you would like our readers to know about?

Evidence Optix

Of course, I always like to talk about security. I think cybersecurity today is very important. Many companies have started to understand that as threats related to COVID-19 have exploded and bad actors have certainly exploited the COVID-19 situation as well.  Companies have had to make this quick adaptation to get their employees able to work remotely, so they may have cut corners on policies and procedures to enable them to do so, exposing them to additional risk. In addition to the normal risks of bad actors looking to infiltrate organizations, additional challenges such as “Zoom bombing” have targeted new behaviors related to COVID-19 where organizations had to adapt quickly to remote work and the remote situation.

It’s more important than ever to have a level of cybersecurity preparedness, following a framework to protect your organization.  There are numerous frameworks out there to choose from, but it’s important to follow some framework, put some protections into place and be more proactive than reactive.

In the cybersecurity world, the bad actors in the world or going to do their best to get in and they often will. The biggest weakness is the human factor – you’re only as strong as the weakest person in your organization, so it’s important to provide training and keep your personnel aware of your policies and what to be looking for. But, the bad actors are always going to be more targeted, they’re going to spend more effort in figuring out how to get in and they’ll often succeed. So, it’s really the detection phase that’s most important, knowing when something has happened and containing it, preventing it from getting across your whole network instead of just the one system that they were able to breach.

Identification and detection of the malicious activity is your best offense to help protect your network.  If you can detect when an anomaly occurs, then you can stop it from becoming an actual breach.  For example, if somebody is trying to authenticate from a geolocation that your organization doesn’t have employees, you can decide to block that stop any data from being able to transmit to and from there.

It’s really all about cybersecurity, being more intelligent and protective of the organization and adapting to the new standards in the COVID world.  Then, make sure you go back and document all of the exceptions that you made in order to accommodate remote workers.  Document those exceptions and incorporate them into your formal long-term policies to protect your organization.  So, my big focus is cybersecurity and trying to make sure that organizations are more aware, especially in the legal space, because the legal space is definitely a larger target. There’s more “meat on the bone” as far as the bad actors are concerned. They have a higher potential of getting to important information, so within the legal space, it becomes really important to make sure we’re protecting those assets to protecting the organizations themselves.

John, thanks for your time today and thanks for participating in the eDiscovery Today Thought Leader Interview Series!

So, what do you think?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Leave a Reply