I recently interviewed Brad Harris, VP of Product and Service Delivery at Hanzo. We covered so much with regard to eDiscovery trends that we couldn’t fit it all in a single blog post. Part One of my interview was published Monday, here is part two with Brad Harris.
In part two with Brad Harris, we discussed the challenges of big data, a shift toward the left of the EDRM model and addressing modern attachments.
Doug Austin: It’s generally accepted that data is doubling in the world about every 1.2 years and, as we’ve discussed, the variety of sources is growing as well. What can organizations do to effectively manage the enormous growth of data today in eDiscovery without blowing apart their budgets for doing so?
Brad Harris: Yes, indeed, the challenge is real. First of all, it’s crucial to know the applications in use within your ecosystem and identify where you retain that data – a data mapping exercise. Start by asking your custodians and your IT department about the applications that are being used, by whom, and how. And as I mentioned at the top of the interview about the risks of shadow IT. In the last 18 months, I think we’ve seen the rapid rollout of many different tools. So, there might be some surprising additions. Being aware of what exists would undoubtedly be a valuable starting point.
I always caution that eDiscovery suffers from a lot of waste and redundancy. With the kind of data volumes we’re dealing with everyday, we cannot afford wasteful processes. We must look for smarter ways to do things like preserving data in place. Slack’s new capability for Slack legal hold is brilliant and long needed. Now it’s possible to preserve content in place rather than collecting multiple copies of data. It’s such a time and cost saver to have tools that enable targeted and intelligent data collection. The other challenge that I’ve come to deal with the last few years with Slack is deciding whether I have to collect every message, every channel, every place someone’s interacted, or every message they’ve seen just because they’re a member of a channel.
Understanding how I can do more targeted collections, to be able to rapidly assess that information and accomplish more refined production exports is such an advantage when dealing with such high volumes of data. We now need to approach the world differently. Simple keyword culling, or file type culling doesn’t work in this world as well as it used to. So, as the data volume and the complexity of that data increases, we have to rethink how we approach discovery.
Doug Austin: It seems as though many eDiscovery companies are talking about a shift toward the left of the EDRM model. What does that mean to you, and how do you think that will impact eDiscovery workflows for organizations?
Brad Harris: We talked previously about some of the challenges that collaboration applications and modern tools bring to eDiscovery. Indeed, the volume of the data and the complexity of that data that’s being created and retained in various applications where collaboration is taking place. It’s not just like it was in the old days with email; now it’s tools like Slack and Teams, but also Atlassian, Trello, and other tools where there is a surging need to capture information defensibly. Legal teams and IT need to think more broadly about these rapidly-adopted modern applications and how to govern this data for risk reduction and to maintain some sense of control over the proliferation of data.
Legal and IT teams have many risk considerations with enterprise data management, including legal, privacy, security, process efficiency, and business value. A shift left to data governance is vital for effectively managing the legal response to litigation or an HR investigation. Understanding the business value of the data is critical so that organizations can develop governance policies that balance the risk-reward equation of this information.
As for ediscovery workflows, I mentioned previously, it’s essential to map your environment and understand which applications are in use within the organization, and for what purposes. Post pandemic, it’s imperative to know if any surprise additions were adopted in a rush to get remote employees productive. You can’t manage what you don’t know you have. Once you know your world, you can then assess how to preserve and then collect this data when necessary. Although Slack has been around for many years, only recently is it becoming common for requesting parties to include Slack when seeking business communications. We can no longer protest it as being a “no-go” for proportionality. Slack and other collaboration applications are where all the information is now. Courts will require the production of this information so long as it is relevant to the issue in question.
Doug Austin: Absolutely. We’re hearing more talk about “modern attachments” and how they are disrupting traditional workflows in eDiscovery. What should organizations do to address modern attachments as either a requesting or producing party in litigation?
Brad Harris: That’s an excellent question. I think that it has been a matter of debate for several years now. We’re starting to see it certainly in the world of email, where people have begun using modern attachments rather than attaching a file to the email and sending it out, especially for internal communications. In the world of collaboration apps like Slack and Teams, it’s very much the case that rather than attaching a document, people include a hyperlink to the document that’s stored in Google or OneDrive. Rather than distributing and copying that in Slack, they just copy the reference. First, I’d like to point out that this demonstrates how collaboration applications change how we work and communicate together. Sending a link to a document on which we all can collaborate is way more efficient. However, from an ediscovery perspective, it is way more complex. For example, it brings to light several questions. When you capture a Slack conversation for discovery, are you getting only the link to the doc or the document itself? Also, which version of the doc are you getting, the doc on that day or the most recent version, which may have undergone several changes since the conversation? These details may be necessary for the context of finding out who did what and when.
In the recent Nichols vs. Noom case in March, the court discussed whether the scope of production should include modern attachments. The court, in that case, did not order the defendant to redo their production. I found that to be a surprising outcome, and I think we’re going to find courts less and less willing to say those attached documents are not part of the communication and are not relevant to the scope of discovery. I think enterprises need to think about that and be ready to capture specific versions of linked documents.
At Hanzo, one of the things that we’ve created is a feature we refer to as “follow the link,” which says, if you see a link to a Google Doc in a Slack message, we now can recognize that it’s an attached or a referenced document. “Follow the link” will go out to Google, retrieve the linked file and store it along with that message. And just as importantly, we can retrieve the version of the document that existed at the point in time that it was posted. It’s great to do as part of your collection strategy, rather than trying to do so after the fact. You can imagine with the use of more and more modern attachments to say, “Ok, now we’ve got to go back to Google or OneDrive and find all those documents that were referenced in those messages that were relevant to the scope of discovery.” Such a nightmare. So it’s essential to have tools and processes that allow you to capture it at the moment.
Hope you enjoyed part two with Brad Harris! We’re not done yet! The third and final part of my interview with Brad Harris will be published on Friday.
So, what do you think? Please share any comments you might have or if you’d like to know more about a particular topic.
Disclosure: Hanzo is an Educational Partner and sponsor of eDiscovery Today
Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by my employer, my partners or my clients. eDiscovery Today is made available solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Today should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.