Notes on trends in e-discovery, data privacy, and the use of technology to enhance the practice of law

To filter by category, date, or entry, use the fields at the bottom of the page

Enhancing Practice07/02/2020Global Legal Tech Report has released reports covering Asia and New Zealand, wrote Bob Ambrogi of LawSites, following an earlier report on Australia and as part of a series of regional reports on legal tech worldwide that is to culminate in November.
E-Discovery07/02/2020G2, a tech marketplace that maintains reviews of business technology, has a section of their website dedicated to e-discovery software. G2 lists and ranks software providers - 108 so far - and scores them in a G2 Grid. As with all such complications, this set of materials should be used with care and caution, at most as one more tool to help guide a buying decision and not as a substitute for independent assessment and evaluation.
Additional Article
07/02/2020The 4 Keys to Mastering Data Privacy
Source: Legaltech news
Author: Rebecca Perry (Exterro)
Cybersecurity07/02/2020Verizon's 2020 Data Breach Investigations Report is available online and as a download. Weighing in at 119 pages, the report covers Verizon's analysis of 157,525 data breach incidents.
Additional Article
07/01/2020The Unique Path to e-Discovery: One Engineer's True Story
Source: Relativity
Author: Kristy Esparza
Cybersecurity07/01/2020Kenya Parrish-Dixon of Empire Technologies Risk Management Group offered four sets of recommendations for securing data when working remotely: Assets, Antivirus and Additional Protocols; Reboot, Reboot and Reboot Some More; Too Many Passwords; and Zoom and Teams (but Primarily Zoom).
07/01/2020Morae Global announced the acquisition of legal management consultancy Janders Dean, establishing a UK-based legal advisory practice group to complement the company's existing US-based advisory team.
Privacy07/01/2020More than 1/2 of technology companies' general counsel say that are unprepared for new privacy regulations, according to a survey by Ethyca and TechGC, reported Dan Clark of Legaltech news and The Global Legal Post.
06/30/2020The Sedona Conference announced publication of The Sedona Conference Cooperation Proclamation: Resources for the Judiciary, Third Edition (“Judicial Resources”), available for download. This is the first revision of the Judicial Resources since 2014.
Privacy06/30/2020CCPA revisions from March contain a "financial incentives" requirement, noted's Frank Ready in a Corporate Counsel article. The requirement prohibits businesses from offering a different price or service based on a consumer’s willingness to exchange personal data, unless that difference is “reasonably related to the value of the data”, wrote Ready. For more information, see an article, CCPA Enforcement on Track for July 1, 2020: Breaking Down the Latest Revisions to CCPA Proposed Regulations, posted on the Crowell & Moring website.
Privacy06/30/2020The European Commission has launched a public consultation on the revision of the Directive on Security of Network and Information Systems, reported Hunton Andrews Kurth. The review is needed, according the revision proposal, because "[d]espite progress made with the Directive on Security of Network and Information Systems, cybersecurity capabilities in the Member States remain unequal and the level of protection in the EU is insufficient."
E-Discovery06/30/2020E-discovery software is being used in the battle against COVID-19, reported Bob Ambrogi of LawSites. In one case, Maura Grossman and Gordon Cormack have been using their Continuous Active Learning TAR protocol to automate literature searches related to COVID-19. In another, Relativity has been contributing to an initiative by the White House Office of Science and Technology Policy to develop text- and data-mining techniques to help scientists search data for answers to high-priority questions about COVID-19.
06/30/2020OneTrust announced the acquisition of Integris Software, adding to its data discovery and classification capabilities.
06/23/2020ESI Analyst announced a channel partnership with SullivanStrickler, pursuant to which SullivanStrickler's computer forensics and disputes practice will deploy ESI Analyst's data analytics and investigation tools.
06/22/2020Data Subject Access Requests (DSARs) represent the most recent convergence of e-discovery and data privacy, as Doug Austin noted in a article where he outlined DSAR basics.
Privacy06/19/2020Uncertainly continues to be the most certain thing about the CCPA, according to a Legaltech New article by Frank Ready, where he reports that the data on which final regulations submitted by the California Attorney General's Office to the California Office of Administrative Law go into effect could be anytime between July 1 and October 1.
06/17/2020TrustArc announced the results of its 2020 Global Privacy BenchMark survey, for which it polled more than 1,500 respondents. Highlights include:
  • Respondents aren't ready to comply with CCPA.
  • They lack adequate technology tools to build privacy programs.
  • Working remotely is creating new privacy challenges.
  • Even as respondents expect revenues to decline due to COVID-19, the still plan on prioritizing privacy-related investments.
  • Privacy mandates are coming from the highest levels in organizations.
For a recap, see Frank Ready's Legaltech news article.
06/17/2020Onna announced it has raised $27M in Series B funding. For a discussion about Onna and what the funding means, see Richard Tromans' Artificial Lawyer article.
Enhancing Practice
06/16/2020In-house counsel feel they overspend on outside counsel and intend to reduce that spend, according to a report from In The House and based on 167 survey responses along with anecdotal observations. One way to reduce the spend? Increase efficiency by using technology, noted Dan Clark in a Corporate Counsel article about the report.
Enhancing Practice
06/16/2020Litera announced it acquired Bestpractix, an AI-powered contract drafting platform. For a look at the acquisition, go Richard Tromans' Artificial Lawyer article.
Enhancing Practice
06/16/2020Lex Machina announced it has introduced its COVID-19 Impact Analyzer App. The app provides data and analytics regarding:
  • New total case filings
  • New case filings by practice area
  • Findings, such as court-enforceable determinations
  • Complaints mentioning COVID-19 or related terms.
For additional information, see Victoria Hudgins' Legaltech news article.
E-Discovery06/12/2020For Microsoft 365 eDiscovery practical resources and an overview of M365 plans and licensing options, go to the ACEDS Blog article by Jennifer Knox (Consilio), Edward Lawrence (Consilio), Rahul Chhabra (Schulte Roth & Zabel), and Bruce Malter (Consilio).
Enhancing Practice
06/11/2020UnitedLex announced it acquired Paul Hasting's data science team and its technology services group, a possibility Paul Hastings says it foresaw when it launched that initiative six years ago.
Enhancing Practice
06/11/2020Eversheds Sutherland is formally rolling out its alternative legal services provider subsidiary, Konexo, in the United States, wrote Dan Packel in a Legaltech news article. Konexo offers legal, legal resourcing, corporate secretarial, human resources, and financial services.
Privacy06/10/2020In a pair of posts on the ACEDS site, Jason Velasco gave a quick overview of data access subject requests (DSARs): what a DSAR is and basic steps for responding to a DSAR request.
E-Discovery06/10/2020Cat Casey of DISCO started a recent LinkedIn discussion, "**HOW** did you become a legal tech guru??", with a set of questions and her initial set of luminaries that, at least count, has received 101 comments. If you want to see who has shaped whom in the e-discovery world, check out the discussion.
Enhancing Practice
06/10/2020In a Legaltech news article, Rhys Dipshan discussed six legal tech companies that received funding this spring:
  • Bodhala, a legal spend analytics platform: $10M
  • BRYTER, a no-code automation tool: $16M
  • Casetext, which recently launched automated legal brief writing software: $8.2M
  • Intelllex, a knowledge management company: $2.1M
  • LawGeex, a contract review platform: $20M
  • LexCheck, a contract review platform: $3M
Enhancing Practice
06/09/2020ACC announced its 2020 ACC Value Champions. The program, discussed in Dan Clark's American Lawyer article, highlights corporate law departments and their external partners that optimize legal services by embracing creative, data-driven solutions to streamline operations.
06/09/2020Seyfarth announced it launched Seyfarth Scout, "a one-click application service to remotely conduct digital forensic triage, employee investigations, and eDiscovery preservation of remote computers via the internet." For a short discussion about remote collection, go to Victoria Hudgins' Legaltech news article on the topic.
E-Discovery02/19/2020More from Legalweek –
Privacy02/14/2020Washington state senate passed privacy act – David Stauss, Malia Rogers, Bob Bowman, Megan Herr, and Erik Dullea of Husch Blackwell reported that for a second year the Washington state senate passed comprehensive consumer privacy legislation, the Washington Privacy Act. The legislation moves to the state house of representatives where it failed last year.
E-Discovery02/13/2020The Legalweek that was –
E-Discovery02/13/2020Predictive coding (aka TAR) –
Privacy02/12/2020Processing personal data through video devices – Diletta De Cicco and Charles-Albert Helleputte of Mayer Brown reported that On January 29, 2020, the European Data Protection Board (“EDPB”) released Guidelines 3/2019 on processing personal data through video devices (“Guidelines”). They also published “10 Commandments for Processing Personal Data Through Video Devices in the European Union”.
Privacy02/11/2020Proposed changes to proposed CCPA regulations – Glenn A. Brown, Lydia de la Torre, Elliot Golding, and Ann J. LaFrance of Squire Patton Boggs reported that on Feb. 7 the California AG announced changes to the CCPA proposed regulations.
Privacy02/11/2020Data privacy legislation introduced in Florida – Crystal B. Carswell of Hunton Andrews Kurth reported that the Florida legislature has introduced bills that would require companies operating online services in the state to inform Florida consumers whether they are collecting personal information and provide opt out capabilities.
Privacy02/10/2020Sedona Conference Incident Response Guide – Sharon Nelson of Sensei Enterprises reported that the 139-page Sedona Conference Incident Response Guide now is available.
E-Discovery02/03/2020E-discovery and Microsoft Teams and Yammer – Alym Rayani of Microsoft 365 recently announced that Microsoft has added several new capabilities in Microsoft 365 to help with managing e-discovery in Teams and Yammer: legal hold for Teams; Teams conversation reconstruction; eDiscovery for Yammer; a public preview of Advanced eDiscovery for Yammer; and previews of a customizable Advanced eDiscovery dashboard and tenant-level reports.
E-Discovery01/29/2020Legalweek overview – Doug Austin of CloudNine has published an overview of his take on the highlight’s of next week’s Legalweek.
Privacy01/29/2020IAPP US privacy law comparison tool – Mitchell Noordyke of Faegre Baker Daniels maintains a US State Comprehensive Privacy Law Comparison section on the IAPP website. The section tracks proposed and enacted comprehensive privacy bills from across the country.
Enhancing Practice01/29/2020Law department operations survey results – The results of the 2019 E-Discovery Sanctions Case Law Update are available.
E-Discovery01/24/2020New document production obligations go into effect in California civil matters – Elisa M. Cariño of Proskauer reported that effective Jan. 1, 2020, the California Code of Civil Procedure now requires “[a]ny documents or category of documents produced in response to a demand for inspection, copying, testing, or sampling shall be identified with the specific request number to which the documents respond.” Cal. Civ. Pro. § 2031.280(a). Cariño noted that the California Senate Judiciary Committee is of the view that the rule, which applies to all pending matters as well as new ones, “will provide more streamlined and responsive document production, if at the slight expense of the producing parties.” Experience suggests otherwise.
E-Discovery01/24/2020Active Learning activity – In an article about Relativity’s Active Learning TAR tool, the company’s Jacque Flaherty noted that since Relativity launched the capability in Dec. 2017, the tool as been used to make predictions on over 750 million documents.
E-Discovery01/23/2020Emoji law – Santa Clara University School of Law professor Eric Goldman published an update to his report on the number of cases referencing “emoji” or “emoticon” – 101 in 2019, nearly double the number from the year before.
Privacy01/23/2020Maryland – Analyzing the 2020 Maryland Right to Opt Out of Third-Party Disclosures Act, David Stauss, Erik Dullea, and Malia Rogers (Husch Blackwell)
Cybersecurity01/22/2020Cyberinsurance costs rising – Sharon Nelson of Sensei Enterprises noted a recent report from Insurance Journal that U.S. insurers are ramping up cyber-insurance rates by as much as 25% and trying to curb exposure to vulnerable customers after a surge of costly claims.
Privacy01/22/2020US retailers blocking European website visitors – David A. Zetoony reported that according to a recent study performed by his lawfirm, BCLP, 25% of Fortune 500 retailers had blocked their websites from being visited by European IP addresses – demonstrating the impact of the GDRP.
Privacy01/22/2020California – Proposed CCPA amendment would provide significant clarity to health care and life sciences companies, Alexis Cocco and Kimberly Gold (Reed Smith)
Privacy01/22/2020NIST Privacy Framework – Deborah George and Linn Foster Freedman of Robinson+Cole reported that the National Institute of Standards and Technology (NIST) released its first privacy framework tool (the “Privacy Framework”) on January 16, 2020.
Privacy01/20/2020Virginia – Analyzing the 2020 Virginia Privacy Act and Sale of Personal Data Act, David Stauss and Malia Rogers (Husch Blackwell) (Jan. 20).
Privacy01/20/2020GDPR data breach survey – DLA Piper published its 2020 GDPR Data Breach Survey results.
Enhancing Practice01/20/2020Five requirements for tech to improve access to justice – Bob Ambrogi of LawSites reported on a recent talk by outgoing Legal Services Corporation’s president James Sandman, in which he outlined the five requirements he believes are necessary if we are to realize the potential for technology to improve access to justice.
Privacy01/16/2020New version of Washington Privacy Act – Scott T. Lashway and Matthew M.K. Stein of Manatt reported that a new version of the proposed Washington Privacy Act, Senate Bill 6281, has been introduced in the Washington state Senate. The new version combines key features of the CCPA and the GDPR.
Privacy01/14/2020California – Q&A: How Amgen prepared for the CCPA, Alison O’Connell (Lexology)
Cybersecurity01/13/2020Medical devices – William RM Long, Francesca Blythe, and Josefine Sommer of Sidley wrote that in December 2019, the Medical Device Coordination Group (MDCG) published its guidance on cybersecurity for medical devices (the Guidance).
E-Discovery01/10/2020Judge Grimm on good faith in discovery – In an article published in the Winter 2020 issue of the ABA Litigation Journal, U.S. District Judge Paul Grimm argued that “much of the unpleasantness that characterizes discovery can be avoided by following both the letter and spirit of a single rule of civil procedure—one that has been part of the rules since 1983, yet seems to have been forgotten or overlooked by lawyers and judges. That rule is Federal Rule of Civil Procedure 26(g)…”
E-Discovery01/10/2020Bill Hamilton on the need for better use of social media in e-discovery – In another article in the same publication, University of Florida Levin College of Law professor Bill Hamilton implored lawyers and e-discovery software providers and vendors to pay closer attention to – and make better use of – the discovery of social media content.
Cybersecurity01/10/2020New data breach laws – Keisha M. McClellan, Melissa K. Ventrone of Clark Hill put together a list of seven data breach updates for 2020:
  • California: 1/1/2020 CCPA went into effect
  • Illinois: 1/1/2020 SB 1624 began requiring businesses to notify state AG of breaches involving more than 500 people
  • Oregon: 1/1/2020 SB 684, the Oregon Consumer Information Protection Act, expanded scope of data breach notification rules for vendors
  • Texas: 1/1/2020 HB 4390 required notice of breach to all affected parties within 60 days of determining a breach has occurred and for incidents involving 250 Texas residents or more requiring notice to state AG
  • Washington: 3/1/2020 HB 1071 will expand definition of personal information and reduce notification window New York: 3/21/2020 SHIELD Act data security requirements will take effect
  • Maine: 7/1/2020 LD 946, An Act to Protect the Privacy of Online Customer Information, will become enforceable
E-Discovery01/08/2020Sedona Conference Rule 45 commentary – The Sedona Conference has published a public comment version of its Commentary on Rule 45 Subpoenas to Non-Parties, Second Edition. Comments should be submitted by March 6.
Enhancing Practice01/08/2020TR 2020 Report on the State of the Legal Market – Thomson Reuters released its 22-page annual law firm report, prepared with Georgetown University Law Center and Peer Monitor. Perhaps tellingly, only at page 19 does the report begin to discuss expanded use of technology to improve legal work processes.
Privacy01/02/2020New Oregon data breach notification requirement – Colleen Theresa Brown and Clayton G. Northouse of Sidley reported that a unique new data breach notification law, the Oregon Consumer [Identity Theft] Information Protection Act, went into effective on Jan. 1. The law imposed a direct obligation on vendors to provide regulatory notice to the state as well as to provide notice to data owners within 10 days.
E-Discovery12/31/2019New Federal Rule of Criminal Procedure 16.1 – Brian T. Rafferty and Brandon C. Mumby of Polsinelli reported that on Dec. 1 the new Federal Rule of Criminal Procedure 16.1 went into effect. The rule, they wrote, “functions as a response to concerns regarding the manner and timing of the production of voluminous Electronically Stored Information (ESI) in complex cases.”
E-Discovery12/31/20192019 Litigation Trends Survey – Norton Rose Fulbright has published its 15th annual Litigation Trends Survey. Their top-level summary: “The 15th annual Litigation Trends Survey has identified two major trends that began impacting the industry more intensively in 2019 and are predicted to accelerate in 2020. More organizations than ever before anticipate dispute volume to rise in the year ahead, and they are putting in place preventative measures in order to manage the increased risk. Despite the increase in proactive risk mitigation, the findings show that companies are still underutilizing one of the most effective measures available – embedding lawyers in business operations.” Unlike in many years past, however, this year’s report makes no mention of e-discovery.
Enhancing Practice12/18/2019Transformation and acceleration of legal analytics – Patrick Flanagan and Michelle H. Dewey of BakerHostetler prepared a 24-page article, Where do we go from Here? Transformation and Acceleration of Legal Analytics in Practice, published in the Georgia State University Law Review, that evaluates current technologies and systems used to publish and analyze legal information from a researcher’s perspective.
Privacy12/11/2019GDPR changes proposed – Anna Oberschelp de Meneses, Ulrike Elteste, and Kristof Van Quathem of Covington reported that German Supervisory Authorities issued a report evaluating the implementation of the EU General Data Protection Regulation (“GDPR”) in Germany and recommending changes to the GDPR.
E-Discovery12/11/2019DLA Global Litigation Guide – DLA Piper has published it’s Global Litigation Guide12/22/2019. The Guide contains information about various aspects of civil litigation in 30 jurisdictions worldwide, include brief discussions of various jurisdictions’ discovery requirements.
Privacy12/11/2019Maryland data breach notification law amended – Joseph J. Lazzarotti and Maya Atrakchi of Jackson Lewis reported that with HB 1154 Maryland once again has amended its Personal Information Protection Act, enhancing requirements for businesses once they become aware of data security breaches.
Enhancing Practice12/10/2019Where judges are AI and verdicts come via chat app – Sharon Nelson of Sensei Enterprises wrote an intriguing piece about a novel approach China is pursuing to streamline case handing. Sharon reported that China’s Supreme People’s recently released a policy paper about the country’s first “cybercourt” where litigants appear by video chat while an AI judge prompts them to present their cases.
Privacy12/09/2019German authorities issued GDPR fining methodology guidelines – William RM Long, Kolja Stehl, Lauren Cuyvers, and Anna-Shari Melin of Sidley reported that the Association of German Data Protection Authorities issued guidelines setting a five-step GDPR fining methodology.
Enhancing Practice12/09/2019Winners of 202 ABA TECHSHOW Startup Alley Competition – Bob Ambrogi of LawSites reported the results of readers’ votes on which 15 legal technology startups will get to participate in the fourth annual Startup Alley at the ABA’s TECHSHOW conference, Feb. 26-29 in Chicago. Bob lists each of the winners along with a short description clearly provided by the winner.
Privacy12/06/2019CCPA rulemaking hearings – Alicia Baiardo, Anthony Le, Neelam Takhar, and Justin Yedor of McGuire Woods reported on the first and second hearings.
Enhancing Practice12/06/2019Survey on outside counsel guidelines – Caroline Hill of Legal IT Insider reported on the results of the 1st Annual Law Firm Leader Survey on Outside Counsel Guidelines, conducted by Bellefield Systems and the Association of Legal Administrators. In particular, Hill noted that “[t]he improvement firms most desire, however, is not more staff but better technology in order to comply with outside counsel guidelines (45.07%).”
Privacy12/05/2019CCPA rulemaking hearings – Aaron Burstein & Alysa Zeltzer Hutnik of Kelley Drye reported on the second of four public hearings held by the California Attorney General’s Office as part of the 45-day period for public comments on the proposed CCPA implementation regulations.
Privacy12/05/2019Potential proposed EU e-privacy regulation – Lisa Peets, Paul Maynard, and Sam Jungyun Choi of Covington reported that the EU’s new Commissioner for the Internal Market recently suggested a change of approach to the proposed e-Privacy Regulation may be necessary.
Enhancing Practice12/04/2019James I. Keane Memorial Award nominations still open – There still is time to submit a nomination for American Bar Association’s James I. Keane Memorial Award for Excellence in eLawyering. Jim was an early and ardent user and promoter of technology to support and enhance the practice of law. The purpose of the award is to give recognition to law offices that have developed legal service innovations that are delivered over the Internet. The focus of the award is on the innovative delivery of personal legal services, with special attention given to firms and entities that serve both moderate income individuals and the broad middle class.
Privacy12/03/2019EDPB adopted data protection guidelines – William RM Long and Lauren Cuyvers of Sidley reported that the European Data Protection Board (“EDPB”) adopted guidelines on the GDPR’s data protection by design and by default principle.
E-Discovery12/03/2019Reiterating the importance of social media in e-discovery – Chris Dale of the eDisclosure Information Project wrote his second post in recent weeks about the importance of social media in e-discovery.
Privacy12/03/2019Proposed New York Data Privacy Act – The Buckley law firm reported that the New York Senate’s Committee on Consumer Protection and Committee on Internet and Technology recently held a joint hearing which discussed the proposed New York Privacy Act, SB S5642.
Enhancing Practice12/02/2019Canadian federation adopted duty of technology competence – Bob Ambrogi of LawSites reported on an article by Amy Salyzyn published in Slaw, that the Federation of Law Societies of Canada has amended its Model Code of Professional Responsibility to include a duty of technology competence similar to ABA Model Rule of Professional Conduct 1.1, Comment 8. Amy Salyzyn’s article sets out and discusses the new commentary in the Code. The next step is for the individual provincial and territorial law societies to add it to their respective codes.
Enhancing Practice12/02/2019South Carolina makes it 38 – Bob also wrote that the Supreme Court of South Carolina has approved a package of amendments to the state’s Rules of Professional Conduct, based on the 2012 amendments to the ABA Model Rules of Professional Conduct and including a duty of technology competence, making it the 38th state to adopt the duty. To see a map and a full list, go to the Tech Competence page that Bob maintains.
Enhancing Practice12/02/2019The more things change – In yet another article, 5 Legal Technologies You Thought Were Dead But Aren’t, Bob noted that according to results in the 2019 ABA Legal Technology Survey Report, for all the technology advances lawyers have made some of us still at least have the option of turning to print materials (95%), CD-ROMs (6%), faxes (77%), BlackBerrys (1%), and WordPerfect (18%).
E-Discovery11/30/2019Curious about iOS forensics? – For a glimpse into the world of people who focus on iOS forensics, check out the post, Checkm8, Checkra1n and the new “golden age” for iOS Forensics, by Mattia Epifani of Zena Forensics.
Privacy11/29/2019New UK ICO special category data guidance – Dan Cooper, Gemma Nash, and Laura Richardson of Covington reported that the UK Information Commissioner’s Office (“ICO”) has published detailed guidance on the processing of special category data under the GDPF and the UK Data Protection Act 2018. Special category data includes genetic and biometric data as well as information about a person’s health, sex life, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs, and trade union membership.
Enhancing Practice11/28/2019ELTAcon19 report – Ivan Rasic published a detailed report on the recently-held European Legal Tech Association’s annual Congress in Madrid, ELTAcon19.
Privacy11/26/2019COPRA introduced – James Yoon of Covington reported that a group of Democratic senators has introduced a comprehensive privacy bill, the Consumer Online Privacy Rights Act (COPRA). As stated at the beginning of the bill, its purpose is “[t]o provide consumers with foundational data privacy rights, create strong oversight mechanisms, and establish meaningful enforcement.”
E-Discovery11/25/2019Mary Mack’s and Kaylee Walstad’s plans for EDRM – Chris Dale published a video interview of Mary Mack and Kaylee Walstad, in which they discuss EDRM and their plans for it.
E-Discovery11/22/2019On sanctions – Matthew Verga of XDD has put together a set of five articles on spoliation decisions since the Dec. 2015 amendments to the Federal Rules of Civil Procedure:
Privacy11/22/2019China encryption law passed – Hogan Lovells reported that the People’s Republic of China Encryption Law was passed on Oct. 26 and goes into effect on Jan. 1.
Privacy11/21/2019The Privacy, Data Protection and Cybersecurity Law Review, 6th Ed. – The sixth edition of The Privacy, Data Protection and Cybersecurity Law Review now is available, reported contributing firm Sidley.
E-Discovery11/21/2019On text messages – Melinda F. Levitt of Foley & Lardner prepared a detailed article on the discovery of text messages and the attendant threat to privacy.
Privacy11/20/2019CCPA – Responding to Requests to Delete – Morgan Lewis Practical Advice on Privacy: Guide to the CCPA Carla B. Oakley, Gregory T. Parks, W. Reece Hirsch, Mark L. Krotoski, and Gene K. Park (Morgan Lewis)
Privacy11/19/2019EDPR adopted GDPR territorial scope guidelines – Cynthia O’Donoghue and Daniel Millard of Reed Smith reported that the European Data Protection Board has adopted final guidelines on the territorial scope of the General Data Protection Regulation.
E-Discovery11/18/2019Amendments to New Jersey’s evidence rules – Abigail Luhn and Kaitlyn Stone of Drinker Biddle wrote that as a result of the increasing use of electronic discovery in litigation and the attendant high risk of inadvertent disclosures, the New Jersey Supreme Court has adopted proposed amendments to the New Jersey Rules of Evidence. The amendments change the substance of N.J.R.E. 530 (Waiver of Privilege by Contract or Previous Disclosure; Limitations); the substance of N.J.R.E. 608 (Evidence of Character for Truthfulness or Untruthfulness and Evidence of a Prior False Accusation); and the styling of 46 other Rules of Evidence. These amendments take effect on July 1, 2020.
Privacy11/18/2019CCPA – CCPA Uncertainty May Put Cloud Agreements Up in the Air, Frank Ready (Legaltech News)
Privacy11/18/2019New Jersey increasing focus on privacy and cybersecurity – Alysa Zeltzer Hutnik, Lauri Mazzuchetti, Paul A. Rosenthal, and Glenn Graham of Kelley Drye wrote that the New Jersey Attorney General’s Office recently emphasized how it is prioritizing its enforcement of privacy and cybersecurity issues.
Privacy11/16/2019CCPA – New Draft of California Privacy Ballot Initiative Released, Kate T. Spelman, David P. Saunders, and Effiong K. Dampha (Jenner & Block)
E-Discovery11/15/2019New e-discovery benchmarking report – Exterro, ACEDS, and In The House have published their 2019 In-House Benchmarking Report, in which they discuss conclusions drawn from a survey of in-house legal personnel about e-discovery, legal services, information governance, and data privacy.
E-Discovery11/14/2019E-Discovery Day activities – Dec. 4 is E-Discovery Day. Check the E-Discovery Day for webinars and other events. If the past is a guide, activities will continue to be added until day of.
Privacy11/12/2019Online Privacy Act of 2019 introduced – Gretchen A. Ramos & Jonathan H. Becker of Greenberg Traurig reported that on Nov. 5, California Congresswomen Anna G. Eshoo and Zoe Lofgren introduced the Online Privacy Act of 2019, H.R. 4978. The bill’s summary states that it is “To provide for individual rights relating to privacy of personal information, to establish privacy and security requirements for covered entities relating to personal information, and to establish an agency to be known as the United States Digital Privacy Agency to enforce such rights and requirements, and for other purposes.”
E-Discovery11/12/2019Text Analytics Forum highlights – Bill Dimm of Clustify gave highlights from the Nov. 6-7 Text Analytics Forum, now part of the KMWorld conference, as well as a link to most of the slides used at the forum.
Privacy11/12/2019CCPA goes nationwide? – Elizabeth Montalbano of Threatpost reported that Microsoft is extending the CCPA to all its users in the United States. That, she wrote, means that as a practical matter the California law will apply throughout the United States.
Privacy11/11/2019German DPA GDPR readiness audit results – Sven Schonhofen and Thomas Fischl summarized the findings of an audit that the Lower Saxony Data Protection Authority conducted of 50 large- and medium-sized organizations with respect to their implementation of GDPR requirements since June 2018. The DPAs report is available in German here.
Enhancing Practice11/07/2019ABA Survey: More Lawyers Using Cloud Computing in 2019 Than Ever Before, Nicole Black (MyCase): 58% of lawyers reported that they use cloud computing technology for work-related tasks.
E-Discovery11/06/2019The challenges of emoticons – Martin Nikel of Deloitte offered thoughts on the challenges arising from working with emoticons in investigations.
Privacy11/06/2019PII for GDPR and more – Marc Staimer of Dragon Slayer Consulting published an overview of PII compliance for GDPR and other data privacy laws and regulations.
Privacy11/06/20193rd annual EU Privacy Shield report released – Cynthia O’Donoghue and John O’Brien of Reed Smith reported that the European Commission has released its report on the third annual review of the functioning of the EU-US Privacy Shield. They concluded by noting that “on the whole, the Commission’s report confirms that the United States continues to provide an adequate level of protection for personal data transfers in the context of Privacy Shield. However, there are some gaps between the expectations of the Commission and U.S. authorities in terms of how Privacy Shield compliance can be achieved.”
Privacy11/06/2019Spanish data protection authority published the “Guide to Privacy by Design”, posted Santiago De Ampuero Castellanos of Hogan Lovells.
Privacy11/05/2019Interactive Advertising Bureau launched CCPA compliance framework – Jesse M. Brody of Manatt noted that the Interactive Advertising Bureau (IAB) and its affiliated standard-setting body, the IAB Technology Laboratory, have released a public comment draft CCPA compliance framework for publishers and technology companies.
Enhancing Practice11/05/2019Are Corporations Moving Their Data To The Cloud Or Not?, Mike Quartararo (ACEDS): No clear answer provided, but Mike seems to be tilting slightly towards yes.
E-Discovery11/04/2019Craig Ball’s processing primer – The ever-prolific Craig Ball is at it again, this time with a 55-page treatise on processing in e-discovery. (Thanks, by the way, for your re-imagining of the EDRM diagram.) Start with Craig’s post, then dive into the primer itself.
Privacy10/31/2019New privacy protections introduced in Illinois – Robert Fallah of Fisher Phillips wrote that Illinois has introduced new workplace privacy legislation, HB2557, governing the use of artificial intelligence during the job interview process.
Privacy10/29/2019Data protection and privacy commissioners meeting recap – Alan Charles Raul of Sidley offered observations from the 41st Annual International Conference of Data Protection and Privacy Commissioners, which took place on Oct. 23-24 in Albania.
E-Discovery10/21/2019Relativity Fest – If you missed the keynote for the 10th Relativity Fest and want to find out what was covered, go to the recap by Chris Brown of Relativity. You can watch the entire 1:29:50 video, read the highlights posted by Chris, and look at shorter clips about Relativity Collect and the Aero UI, and see screen captures of family review and production.
Privacy10/21/2019GDPR data breach trends – The Irish Data Protection Commission has published Data Breach Trends from the First Year of the GDPR, an overview of trends observed by the DPC over the first year of mandatory breach reporting introduced by the GDPR.
Privacy10/17/2019CCPA comments to CA AG due by 12/6 – In materials from a recent webinar, Hogan Lovells attorneys reminded us that comments about the California Attorney General’s proposed CCPA regulations are due by Dec. 6 at 5 pm ET. Also noted: four public hearings have been announced: Sacramento, Dec. 2; Los Angeles, Dec. 3; San Francisco, Dec. 4; and Fresno, Dec. 5.
Privacy10/16/2019Florida – Analyzing the 2020 Florida Consumer Data Privacy Act, David Stauss & Malia Rogers (Husch Blackwell)
Privacy10/16/2019California privacy ballot initiative – Perkins Coie reported that a new California ballot initiative, the California Privacy Rights and Enforcement Act of 2020, has been introduced. If it were to go into effect, starting Jan. 1, 2021, it would make the CCPA significantly stricter.
Privacy10/16/2019Draft CCPA regulations – The California Attorney General has published draft CCPA regulations, discussed in the following articles:
Enhancing Practice10/15/2019More movement toward nonlawyer ownership of legal practices – Bob Ambrogi of LawSites reported that an Arizona task force has called for fundamental changes in the regulation of legal services including eliminating the ban on nonlawyer ownership of legal practices. These recommendations are similar to those recently approved by the Utah Supreme Court as well as ones called for by a California task force.
Privacy10/14/2019Council of EU Member States released draft ePrivacy Regulation – Kristof Van Quathem of Covington reported that the Council of EU Member States has released a new draft version of the ePrivacy Regulation (“EPR”).
Privacy10/14/2019Countdown to CCPA #4: Governor Signs CCPA Amendment to Add Additional Exemptions, Catherine D. Meyer, Deborah S. Thoren-Peden, JiJi Park, and Daniel C. Wood (Pillsbury).
Privacy10/10/2019California Consumer Privacy Act FAQs for Covered Businesses, Joseph J. Lazzarotti and Jason C. Gavejian (Jackson Lewis).
Discovery10/09/2019New Michigan civil discovery rules to go into effect Jan 1 – As Zach Warren of Legaltech News reported, on Jan. 1, 2020, updated civil discovery rules will go into effect in Michigan. Information about the changes – the biggest in 30 years – are at, a website set up by the State Bar of Michigan. The site includes useful links to, among other things, the Michigan Supreme Court order detailing the changes; a 104-page Civil Discovery Guidebook prepared by the Bar, the Detroit Chapter of ACEDS, and attorneys at Dickinson Wright and Warner Norcross + Judd; and a 4-page overview prepared by Daniel Quick of Dickinson Wright.
E-Discovery10/09/2019The CLOUD Act – Attention is starting to focus on the Clarifying Lawful Overseas Use of Data Act (the CLOUD Act):
E-Discovery10/09/201930(b)(6) dos and don’ts – Tom O’Connor has prepared a set of six posts on the dos and don’ts of 30(b)(6) depositions:
Privacy10/09/2019NIST released Privacy Framework preliminary draft – Covington reported that the U.S. Department of Commerce’s National Institute of Standards and Technology has released a preliminary draft of the “NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management”. NIST will be taking public comments through Oct. 24.
Privacy10/09/2019CCPA –
Privacy10/09/2019GDPR –
E-Discovery10/07/2019Mike Quartararo and Ari Kaplan join ACEDS – As noted by Bob Ambrogi of LawSites, Stephen Fredette, the Chairman and CEO of BARBRI, announced that on Oct. 1 Mike Quartararo joined the organization as President of ACEDS and Professional Development and that Ari Kaplan will consult with the company to help build a new ACEDS Global Advisory Board and act as Chairperson for that group.
Privacy10/07/2019Maine and Nevada privacy laws – Sean Klammer of Porter Wright prepared an overview of Nevada’s privacy law, which became effective on Oct. 1, and Maine’s new Broadband Internet Access Service Customer Privacy act, which is scheduled to take effect on July 1, 2020.
Enhancing Practice10/07/20192019 ILTA Legal Tech Survey Executive Summary released – Sharon Nelson of Sensei Enterprises reported that the International Legal Technology Association has released an executive summary of its 2019 Technology Survey, which looks at what law firms are doing with technology. The full survey, to be released later this month, will be available to ILTA members for $500.
Enhancing Practice09/18/2019Michigan 37th state to adopt ethical duty of competence for lawyers – Bob Ambrogi of LawSites reported that the Michigan Supreme Court issued an order adopting a variation of Model Rule 1.1, Comment 8, of the American Bar Association’s Model Rules of Professional Conduct – making it the 37th state of adopt the ethical duty of competence for lawyers. The amendment takes effect on Jan. 1, 2020.
Privacy09/18/2019CCPA –
Privacy09/18/2019GDPR –
E-Discovery09/17/2019Missouri updated its e-discovery rules – Rachel Harris of Thompson Coburn wrote that the Missouri governor signed into law Senate Bill 223 which amended that state’s discovery rules to, among other things, attempt to bring the state’s e-discovery rules more in line with the Federal Rules of Civil Procedure.
E-Discovery09/17/2019New UF Law career path program – Mike Quartararo of eDPM Advisory Services reported that the University of Florida Levin College of Law eDiscovery Project, run by Bill Hamilton, has partnered with Consilio on a new summer internship program, offering graduates opportunities to learn the business of e-discovery.
Enhancing Practice09/16/2019$1.1 billion and counting – Bob Ambrogi of LawSites reported that legal tech investments this year already have surpassed $1.1 billion. By comparison, last year was the first time those investments reached $1 billion, and there are still 3 months left before year end. Included in the post is a list of this year’s investments.
E-Discovery09/14/2019Litigation Support Tip of the Night – Sean O’Shea of Patterson Belknap Webb & Tyler LLP has assigned himself a daunting goal, to post a new litigation support tip each night. He may not have managed to do this every single night, but his blog, Litigation Support Tip of the Night, contains over 1,000 tips going back to April 2015. For a recent example, check out his Sept. 14 post, Ringtail – Some cool features.
Privacy09/13/2019California first-in-nation IoT security law to go into effect Jan. 1 – Daniel Pepper of BakerHostetler discussed California’s Internet of Things security law, Security of Connected Devices (SB-327), which goes into effect on Jan. 1.
Enhancing Practice09/13/2019GCs place top priority on scaling up legal processes – Richard Tromans of Artificial Lawyer reported that according to a survey of 30 high tech growth company general counsel conducted by contract management software company Juro and the Wilson Sonsini law firm, scaling up legal processes inside the inhouse team is a top-three concern (87%), followed by tooling and technology (74%) and adding value to business (61%). Cutting costs was not a great priority, coming in at 13%.
Privacy09/12/2019NIST released draft privacy framework – Deborah George of Robinson+Cole wrote that the National Institute of Standards and Technology (NIST) has released a preliminary draft of its NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management (Privacy Framework). NIST is accepting public comments until 5 pm ET on Oct. 24.
Enhancing Practice09/12/2019Interested in entering the ABA TECHSHOW 2020’s Startup Alley? – If you are interested in submitting an entry to the ABA TECHSHOW 2020’s Startup Alley competition, go to Bob Ambrogi of LawSites’s post on the schedule for entering. Fifteen legal tech startups will be selected to exhibit in a special Startup Alley in the TECHSHOW exhibit hall. They also will face off in an opening-night pitch competition to be judged by conference attendees.
Enhancing Practice09/11/2019COLPM’s InnovAction Awards winners – Bob Ambrogi of LawSites reported that the College of Law Practice Management’s 2019 InnovAction Awards went to two organizations. Immigration law firm Siskind Susser won for, a series of apps the firm has spend more than three years building using Neota Logic’s AI-based expert system; the apps replicate legal analysis and automate routine and complex tasks and document generation. Suffolk University Law School won for its Legal Innovation and Technology Lab, a joint project between the school’s clinical programs and its LIT Institute.
Privacy09/11/2019CCPA –
Privacy09/11/2019GDPR –
Privacy09/11/2019Getting ready for Brazil’s new data protection law – Mauricio F. Paez, Artur L. Badra, Guillermo E. Larrea 0f Jones Day and José Eduardo Pieri of Barbosa, Müssnich, Aragão offered guidance on preparing for the Brazilian General Data Protection Law, which goes into effect in August 2020.
Privacy09/09/2019China issued new cybersecurity law to protect children – Wei-Chun (Lex) Kuo, Weina (Grace) Gao, and Cheng-Ling Chen of Latham & Watkins wrote that the Cyberspace Administration of China has released a new data privacy regulation related to children, the Provisions on Cyber Protection of Personal Information of Children, that will go into effect on Oct. 1.
Enhancing Practice09/09/2019On law firm transformation more generally – Anders Spile of Contractbook suggested that law firms need to move from a fortress mentality to an open ecosystem model, one that includes legal tech incubators and similar initiatives.
Privacy09/06/2019DoD released draft Cybersecurity Maturity Model Certification – Susan B. Cassidy, Samantha Clark, Ryan Burnette, and Ian Brekke of Covington reported that the Department of Defense’s Office of the Assistant Secretary of Defense for Acquisition released Version 0.4 of its draft Cybersecurity Maturity Model Certification for public comment along with an overview briefing. Cassidy et al. also gave their own overview of the current CCMC framework and discussed open questions and issues for contractors.
Privacy09/06/2019Turkey extended Data Controller registry registration deadline – Ekin Inal of Norton Rose Fulbright wrote that the Turkish Data Protection Authority announced that the registration requirement under Turkey’s data protection legislation has been postponed for some data controllers until the end of the year.
E-Discovery09/05/2019Predictive coding survey results – Rob Robinson published the results of his twice-a-year survey of predictive coding technologies and protocols. There were 100 responses (39 law firms, 37 service or software providers, 12 consultancy, 6 corporation, 3 government, and 3 other). Some of the findings are:
  • 86% have at least one primary predictive coding platform; 14 % have no primary platform.
  • 86% use active learning; 51% use only one predictive coding technology and 48% use more than one; and 1% do not use any predictive coding technology.
  • Rob groups predictive coding into three categories: TAR 1.0, TAR 2.0, and TAR 3.0. 66% use TAR 2.0 workflows, 13% use TAR 3.0, and 12% use TAR 1.0
Privacy09/05/2019COPPA Rule comment period ends Oct. 23 – Timothy Tobin, Laurie Lai, Catherine Essig, and Marco Peraza of Hogan Lovells posted a reminder that the Federal Trade Commission is taking public comments on the Children’s Online Privacy Protection Rule (“COPPA Rule”), in particular the effectiveness of the 2013 amendments. Comments are due Oct. 23.
Privacy09/05/2019Recently enacted biometric privacy legislation – Thomas F. Zych, Steven G. Stransky, and Brian Doyle-Wenger of Thompson Hine gave an update on existing and recently enacted biometric privacy legislation.
Privacy09/05/2019Enhanced Illinois data breach notification requirements – Joseph J. Lazzarotti, Jason C. Gavejian, and Maya Atrakchi of Jackson Lewis wrote that the Illinois governor signed into law an amendment to Illinois’ Personal Information Protection Act, SB 1624. The amendment, which goes into effect on Jan. 1, 2020, requires that if a data collector is required to notify more than 500 Illinois residents of a single data breach, the data collection also must notify the Illinois Attorney General’s office.
E-Discovery09/04/2019Legal hold series – Brad Harris of Zapproved has published a five-part series on legal hold practices:
Privacy09/04/2019New Maryland Insurance Administration reporting requirement – Patrick H. Haggerty of BakerHostetler reported that the Maryland Insurance Administration has issued Bulletin 19-14, which informs insurers, nonprofit health service plans, health maintenance organizations, managed care organizations, managed general agents, and third-party administrators of a new security breach reporting requirement effective Oct. 1.
E-Discovery09/04/2019ILTACON news –
Privacy09/04/2019CCPA –
Privacy09/04/2019Maine – Victoria E. Beckman and Melissa A. Kern of Frost Brown Todd put together an overview of Maine’s recently signed privacy law, An Act To Protect the Privacy of Online Customer Information (S.P. 275 – L.D. 946), discussing who must comply, who and what data are protected, how to comply, exceptions, and penalties.
Privacy09/04/2019New York’s SHIELD Act –
Privacy09/04/2019GDPR –
Privacy09/03/2019Recent changes to U.S. state data breach notification laws – Caleb Skeath and Brooke Kahn of Covington offered a round up of amendments made to state data breach notification laws over the past several months, looking at Arkansas (HB1943), Illinois (SB1624), Maine (LD 696), New Jersey (S52), New York (S5575B), Oregon (SB 684), Texas (HB 4390), Virginia (HB 2396), and Washington (HB 1071).
Privacy09/03/2019Nevada privacy policy statute amendments to take effect Oct. 1 – David Stauss of Husch Blackwell wrote a reminder that the amendments to Nevada’s privacy policy statute take effect on Oct. 1. This means, among other things, that entities subject to the statute should revise their online privacy policies by that date.
Privacy09/02/2019BEC insurance filings outpace ransomware and data breach ones – Catalin Cimpanu of ZD Net reported that according to AIG last year business email compromise has become the dominant reason companies filed cyber-insurance claims in the EMEA region (Europe, the Middle East, and Asia), surpassing ransomware and data breaches.
E-Discovery08/30/2019Which party pays for e-discovery costs? – Mark Berman of Ganfer Shore Leeds & Zauderer offered an overview of which parties are likely to have to pay for e-discovery costs, including non-party vendor costs and attorney fees, costs incurred by opposing parties to re-review productions not properly performed the first time, and the costs of court-approved experts.
E-Discovery08/30/2019Backing up iPhones without iTunes – In his most recent post, Craig Ball lamented the loss of iTunes as a means of preserving iPhone data and offered an alternative backup methodology.
Enhancing Practice08/29/2019Utah Supreme Court approves non-traditional legal services pilot – Bob Ambrogi of LawSites reported that the Utah Supreme Court voted unanimously to approve recommendations of the Utah Work Group on Regulatory Reform. The group’s recommendations proposed creation of a new structure for regulating legal services. The structure would allow for broad-based investment and participation in business entities that provide legal services, including non-lawyer investment in and ownership of these entities. The court anticipates issuing a press release providing further details.
E-Discovery08/28/2019On using TAR – In an ABA article, Jason Rubinstein and Meredith Neely of Gilbert LLP offered a short example of how they have been able to make effective use of TAR. In their example, “lead attorneys use keyword searching to identify documents that are most likely to be of relevance, code a representative sample of those documents, and feed those documents into a database that builds profiles for ‘relevant’ or ‘responsive’ versus ‘non-relevant’ or ‘non-responsive’ documents. The CAL application then stratifies (potentially millions of) un-reviewed documents based on those profiles, organizing the non-human reviewed documents from most to least likely to be of interest.”
E-Discovery08/28/2019Musings on the future of legal technology conferences – In a three-part series hosted by eDiscovery Daily Blog (part 1, part 2, and part 3), Tom O’Connor offered his throughs on the future of legal technology conferences.
E-Discovery08/28/2019News from ILTACON –
Privacy08/28/2019CCPA –
Privacy08/28/2019New York –
Enhancing Practice08/27/2019What GCs want from legal technology – Gina Passarella Cipriani and Zach Warren of Legaltech News wrote about why corporations don’t always adopt new legal technology. First, they note, there are too many poorly defined and largely undifferentiated options that don’t clearly address a problem in need of solving. Second, adoption and implementation can be too costly and confusing. Finally, corporate legal buyers typically are not in a rush to be the first at adopting something new.
Enhancing Practice08/27/2019Non-lawyer ownership of law firms coming to Utah? – Bob Ambrogi reported that a task force appointed by the Utah Supreme Court to study innovative approaches to increasing access to and affordability of legal services has issued a report, Narrowing the Access-to-Justice Gap by Reimagining Regulation, in which it proposes a regulatory structure that would include non-lawyer investment in and ownership of business entities that provide legal services.
E-Discovery08/26/2019Pro bono in e-discovery – Daniel L. Regard and Avani Patel wrote about the e-discovery pro bono program adopted by their company, iDS, which includes a budget, a formal approval and budgeting process, internal processes tied to employee goals and objectives, and public promotion of the program.
Privacy08/26/2019Illinois biometric information litigation – Steven P. Benenson of Porzio, Bromberg & Newman reported that a Ninth Circuit Court of Appeals panel has affirmed a California district court’s order permitting a class action against Facebook for allegedly using facial-recognition technology without users’ written consent or a data retention policy in violation of Illinois’ Biometric Information Privacy Act.
Privacy08/23/2019New Hampshire Insurance Data Security Law – Dorian Simmons of Alston & Bird wrote that New Hampshire recently passed its Insurance Data Security Law, based on the NAIC Insurance Data Security Model Law. Other states with similar laws include Alabama, Connecticut, Delaware, Michigan, Mississippi, Ohio, and South Carolina.
E-Discovery08/20/2019Third-party subpoenas and the duty to preserve – U.S. District Judge J. Michelle Childs and Ethan Bercot (Nelson Mullins) prepared an article published by the American Bar Association discussing third-party subpoenas and the duty to preserve. Their conclusion: companies generally have a duty to preserve data responsive to a third-party subpoena; and if the company determines that (a) the subpoena should not cause it to reasonably anticipate becoming a party in litigation and (b) there are not other independent obligations to preserve the data at issue, then the company likely will be able to limit the costs and disruptions involved in responding.
Privacy08/20/2019Bahrain’s data protection law – Natasha G. Kohne, Mazen Baddar, and Diana E. Schaffner of Akin Gump reported that Bahrain’s Personal Data Protection Law (Law No. (30) of 2018) took effect on Aug. 1.
Privacy08/20/2019Brazil’s general privacy law – Liisa Thomas of Sheppard Mullin wrote that Brazil’s general privacy law, the Lei Geral de Proteção de Dados Pessaoais, designed to be similar to the GDPR, is set to go into effect one year from now.
Privacy08/16/2019ISO 27001 recommended for law firms – Joseph Lamport of PinHawk posted his interview of Greg Spicer, CRO at Braintrace, in which Greg discussed the growing importance of information security management and option law firms have to register under ISO 27001.
E-Discovery08/15/2019Don’t remember the difference between AI, machine learning, and deep learning? – Igor Bobriakov of Data Science Central prepared a primer to explain the differences between artificial intelligence, machine learning (he outlined seven types), and deep learning.
E-Discovery08/13/2019CCPA –
E-Discovery08/13/2019GDPR –
Privacy08/10/2019Cybersecurity alarms continue to ring for law firms – As reported in ABA News, at the American Bar Association Annual Meeting last month the push continued to raise awareness among lawyers and law firms about cybersecurity threats and the need for attorneys and firms to take necessary steps before an attack.
Privacy08/09/2019GDPR – UK ICO Issues New Draft Data Sharing Code of Practice, William RM Long and Eleanor Dodding (Sidley)
E-Discovery08/09/2019NAIC Data Security Model Law – Joseph J. Lazzarotti of Jackson Lewis discussed the National Association of Insurance Commissioners’ Insurance Data Security Model Law and its implications. Adopted by the NAIC in 2017, the Model Law in intended to provide a benchmark for any cybersecurity program.
E-Discovery08/08/2019Cyber insurance coverage – Sharon Nelson of Sensei Enterprises noted that Lloyd’s of London has called for insurance policies to be explicit about cyber coverage. In Market Bulletin Ref. Y5258, Llyod’s stated that “Lloyd’s view is that it is in the best interests of customers, brokers and syndicates for all policies to be clear on whether coverage is provided for losses caused by a cyber event. This clarity should be provided by either excluding coverage or by providing affirmative coverage in the (re)insurance policy.” (Emphasis in original.)
E-Discovery08/07/2019Delaware insurance data security law – As reported by Riker Danzig, Delaware’s governor has signed the Insurance Data Security Act (House Bill 174), which is based on the NAIC Model Law.
E-Discovery08/07/2019Chinese draft guidelines on cross-border transfer of PI – Myles Seto and Sean Wang of Deacons reported that the Cyberspace Administration of China released for public comment a draft version of Measures for Security Assessment of Cross-border Transfer of Personal Information.
Privacy08/07/2019CCPA –
Privacy08/07/2019Data privacy and security legislation in states other than California – Kendall C. Burman, Rajesh De, Mickey Leibner, Lei Shen, Joshua M. Silverstein, David A. Simon, Jeffrey P. Taft, Howard W. Waltzman, and Lisa V. Zivkovic from Mayer Brown published a piece about efforts to pass stricter data privacy and security legislation in Nevada (SB 220), New York (the SHIELD Act, SB 5575; SB 5642; and SB S224), Maine (SP 275), North Dakota, Massachusetts (S.120), New Jersey (SB 2834), and Pennsylvania (HB 1049).
Privacy08/07/2019France: CNIL updated guidelines for cookies and other trackers – Olivier Haas, Evgenia Nosareva, and Hatziri Minaudier of Jones Day reported that CNIL, the French data protection authority, has released new guidelines on the use of cookies and other tracking technologies. Except in limited circumstances, trackers may not be deployed on smartphones, computers, and any other connected devices and when they are then clear information relating to the tracker’s purpose and implementation should be provided to the user.
Privacy08/07/2019UK: Comments sought on ICO draft data sharing code of practice – The UK’s Information Commissioner’s Office is seeking input on the draft update to its data sharing code of practice, first published in 2011. The ICO will be taking public feedback, via survey or email, until Sept 9.
E-Discovery08/06/2019New Hampshire insurance data security law – As reported in a Hunton Andrews Kurth post, New Hampshire’s governor has signed that state’s Insurance Data Security Law (SB 194). The law, effective Jan 1, 2020, requires insurers licensed in the state to put into place data security programs and report cybersecurity events.
Privacy08/06/2019Germany: HDPC concerned that Google voice assistant program violated GDPR – Theodore F. Claypoole and Dominic Dhil Panakal of Womble Bond Dickinson reported that the Hamburg Data Protection Commission (HDPC) has opened an administrative procedure to prohibit Google from carrying out evaluations of their voice assistant program by employees and third parties for a period of three months. They note that the HDPC believes temporary halting of Google’s voice recording evaluation process is necessary to allow sufficient time to determine whether there is effective protection of the rights and freedoms of those whose private conversations are being listening to, documented, and evaluated by third parties.
Privacy08/05/2019UK: GDPR certification is coming – Lisa Rix of Littler reported that later this year companies that show compliance with a particular “certification schemes” will be issued “certification” certificates, seals, or mark the companies will be able to display to demonstrate compliance. Note the quotations marks and future tense.
Privacy08/03/2019Germany: Internal recorded statements and notes are personal data that must be disclosed – Odia Kagan of Fox Rothschild reported that on July 26 the Higher Regional Court of Cologne Germany held that internal recorded statements, conversation notes or telephone notes constitute personal data and copies of them must be disclosed in response to data access requests.
Enhancing Practice08/02/2019Four big legal tech themes – Richard Tromans of Artificial Lawyer has pulled together what he sees as the four key themes that help make sense of what is happening in the realm of legal tech and law firm innovation: (1) Consolidation and Platformization; (2) Continued Proliferation of Legal Tech Companies; (3) Incubator/Accelerator Growth; and (4) More Than Law – Law Firms as Tech Producers.
E-Discovery08/01/2019ACEDS NY Chapter newsletter – The ACEDS NY Metro Chapter has published is first quarterly newsletter.
Privacy08/01/2019Cayman Islands Data Protection Law to take effect Sept. 30 – The Cayman Islands’ Data Protection Law, 2017 is currently scheduled to come into effect on Sept. 30, reported the Ogier law firm.
E-Discovery08/01/2019On the challenges of e-discovery training – Frank Ready of Corporate Counsel wrote about the challenges associated with training attorneys and staff about e-discovery, whether in detail or at a high level. For the article, Frank drew on discussions with Debbie Reynolds of Eimer Stahl, David Hasman of Bricker & Eckler, Joseph Tate of Cozen O’Connor, and me.
Privacy07/31/2019New York strengthened data breach protections for consumers – New York’s governor signed two bills meant to strengthen protections for consumers whose private information gets compromised in data breaches, reported the Buckley law firm: the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) (A5635B); and A2374, which requires consumer credit reporting agencies to offer identify theft prevention and mitigation services in the case of breaches of the agencies’ systems.
Enhancing Practice07/31/2019Guidance for validation of AI-based algorithms – Nathaniel M. Glasser, Adam S. Forman, and Matthew Savage Aibel of Epstein Becker & Green pointed out two sets of resources for employers using or contemplating using artificial intelligence algorithms in their employee selection processes: the Uniform Guidelines On Employee Selection Procedures, in particular Section 14: Technical standards for validity studies; and the recently updated Frequently Asked Questions from the U.S. Department of Labor’s Office of Federal Contract Compliance Programs, especially its Validation of Employee Selection Procedures FAQs.
Enhancing Practice07/31/2019Law firm project management – ILTA published the results of its 2019 project management survey, which looks at law firms. ILTA last conducted this survey in 2015 and, according to the survey’s summary, the results do not appear to differ significantly.
Privacy07/31/2019NYC moved to prohibit sharing location data – Womble Bond Dickinson reported that the New York City Counsel is considering legislation, Int 1632-2019, that would prohibit telecommunications carriers and mobile applications from sharing cellphone users’ geo-location data with third parties, when data is collected while mobile devices are in NYC.
Privacy07/31/2019CCPA –
E-Discovery07/30/20197-part e-discovery blog series – Brad Harris of Zapproved published a seven-part series on e-discovery, Driving Down the Cost of Ediscovery:
Privacy07/30/2019Adding a Facebook “Like” button to a website might make you a joint controller – Daniel Felz of Alston & Bird discussed the European Court of Justice’s decision in FashionID GmbH & Co. KG v. Verbraucherzentrale NRW, in which the ECJ found that websites integrating Facebook plugins are jointly responsible for the data collected by those plugins and sent to Facebook.
E-Discovery07/30/2019Advanced strategies for analyzing mobile data – Martha Louks of McDermott, Joe Sremack of BDO, and I published the third in our series on mobile device data. In Part 1, we discussed preserving and collecting mobile device data. In Part 2, we turned to the types of information you can expect to encounter with mobile devices and key considerations for analyzing, reviewing, and producing these types of data. In Part 3, we examine advanced strategies for analyzing device data and how you can apply those strategies to your cases.
E-Discovery07/29/2019On using supervised machine learning – Rasmus Mandøe Jensen and Christian Scott Uhlig of Pelsner examined the Danish Financial Supervisory Authority’s recently published guidelines on the use of supervised machine learning. Although the guidelines are meant for financial companies, the Pelsner attorneys’ analysis of them offers useful insights applicable to the use of TAR in litigation.
Privacy07/29/2019Security risks accompanying collaboration tools – Richard Walters of CensorNet warned that as law firms adopt digital collaborate tools to improve communications with their clients – as most of the top 100 law firms have done, according to a recent PwC report – the law firms should pay close attention to security risks attendant with the use of those tools.
Privacy07/29/2019OIPC (Ontario) annual privacy report – Ontario’s Information and Privacy Commissioner has released his 2018 Annual Report: Privacy and Accountability for a Digital Ontario. The 44-page report recommends initiatives to enhance access to information and protection of privacy in Ontario, including a call to modernize Ontario’s privacy laws to address risks posed by smart city technologies. For a summary, see the post written by Ruth Promislow and Katherine Rusk of Bennett Jones.
Privacy07/26/2019NY enacted SHIELD Act – Joseph Lazzarotti, Jason Gavejian, Damon Silver, Mary Costigan, and Maya Atrakchi of Jackson Lewis discussed highlights of the New York Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) recently signed into law.
E-Discovery07/25/2019When a phone goes missing – David Horrigan of Relativity, dug into Commonwealth v. Fowler, a case that turned not on the facts of an alleged July 2016 sexual assault but rather on a July 2019 court hearing about the whereabouts and contents of the allegedly assaulted person’s missing mobile phone. The key message: mobile device data matters.
E-Discovery07/25/2019Proportionality and privacy – Nicole Allen of Kilpatrick Townsend analyzed the interconnections between proportionality under FRCP 26(b)(1) and privacy and offered three lessons: privacy now is a proportionality limitation, legitimate privacy concerns will be recognized, and that the parties must cooperate.
Cybersecurity07/25/2019Cybersecurity Maturity Model Certification – Mary Beth Bosco and Eric Crusius of Holland & Knight reported on new cybersecurity standards, the Cybersecurity Maturity Model Certification (CMMC) standards, being promulgated by the U.S. Department of Defense’s Office of the Under Secretary of Defense for Acquisition and Sustainment’s new cybersecurity standards, the Cybersecurity Maturity Model Certification (CMMC) standards. They noted that compliance with this new set of security standards will be required for DoD contractors to compete for contracts. Details are at the CMMC website.
Privacy07/25/2019Cyber incident and breach trends report – The Internet Society’s Online Trust Alliance released their 2018 Cyber Incident & Breach Trends Report. Highlights of the 15-page document, as summarized by LLM, include the better (numbers of incidents, data breaches, and exposed records all are down), the worse (the impact of incidents was greatly on the rise), and the bad (even with the numbers down, there were 6,515 breaches, 5 billion exposed records, and 447 million sensitive records exposed).
Privacy07/24/2019Data breach costs – Jean Tomasco of Robinson+Cole, discussing the results the 76-page 2019 Cost of a Data Breach Report recently released by the Ponemon Institute and IBM Security, noted that health care organizations have the highest costs for data breaches – an average cost of $6.45 million per breach and $429 per record compromised.
E-Discovery07/24/2019Office 365 video series – Tom O’Connor of the Gulf Legal Tech Center and Rachi Messing of Microsoft are putting on a video series on the e-discovery features in Office 365. Each episode is a little under ½ hour long. Episodes so far, including the newest, Part 8, are:
Privacy07/24/2019CCPA –
Privacy07/24/2019NIST mobile device security publication – The National Institute of Standards and Technology (NIST) has published a draft version of Mobile Device Security Corporate-Owned Personally-Enabled (COPE), a 351-page practice guide that focuses on the challenge of securing mobile devices within an enterprise. The document is organized into three volumes:
  • Volume A: Executive Summary
  • Volume B: Approach, Architecture, and Security Characteristics – consisting of a summary; section on how to use the guide, approach, architecture, security characteristic analysis, and future build considerations; and eight glossaries
  • Volume C: How-to Guides – consisting of an introduction, nine product installation guides, and three appendices
Enhancing Practice07/24/2019CLOC survey results – CLOC has published a 26-page report with results and analysis of its 2019 State of the Industry survey. CLOC looked at information about corporate legal departments gathered from over 200 companies of various sizes in over 30 industries and 18 countries. The report covers legal expenditures, legal department headcount, technology and innovation, and law firm evaluations. Dan Clark of Legaltech News and Richard Tromans of Artificial Lawyer both reported on the results.
Enhancing Practice07/24/2019More activity on the contract front – From Richard Tromans of Artificial Lawyer:
Enhancing Practice07/24/2019LawFest 2019 presentations – Slides and videos from LawFest 2019, held in New Zealand last March, are available on line:
Privacy07/23/2019Board of directors’ cyber-risk oversight practices – Melissa Krasnow of VLP Law Group summarized the results of two National Association of Corporate Directors surveys on cyber-risk oversight practices performed by boards of directors, the 2018-2019 Public Company Governance Survey and the 2018–2019 Private Company Governance Survey (membership required to download). Of the 16 cyber-risk oversight practices performed by public and private boards of directors over the past year, the top three were: (1) reviewing the current approach to securing the most critical data assets against cyberattacks, (2) reviewing the approach to data privacy protections, and (3) communicating with management about types of cyber−risk information the board requires.
Privacy07/23/2019Draft EU guidelines on processing personal data through video devices – Ataikor Ngerebara, James Clark, and Patrick van Eecke of DLA Piper reported that the European Data Protection Board has published a draft version of Guidelines 3/2019 on processing of personal data through video devices. Comments on the draft are due by September 9.
Privacy07/23/2019CLOUD Act assessment – Kristof Van Quathem and Nicholas Shepherd of Covington wrote that the European Data Protection Board (“EDPB”) and the European Data Protection Supervisor (“EDPS”) recently issued a 10-page joint initial legal assessment of the impact of the U.S. Clarifying Overseas Use of Data Act (“CLOUD Act”) on the EU legal framework for protection of personal data.
E-Discovery07/23/2019Ethical e-discovery – In an ACEDS post, Peter Borella of Trustpoint discussed how lawyers retained in matters involving e-discovery meet their ethical obligations under the New York Rules of Professional Conduct.
Privacy07/23/2019Can anonymized data truly be anonymous? – Alex Hern of The Guardian reported that according to a recent study, successfully anonymizing data is practically impossible for any complex dataset. Researchers Luc Rocher, Julien M. Hendrickx, and Yves-Alexandre de Montjoye from Université catholique de Louvain and Imperial College London wrote, in the abstract to their Nature Communications article Estimating the success of re-identifications in incomplete datasets using generative models, that “Using our model, we find that 99.98% of Americans would be correctly re-identified in any dataset using 15 demographic attributes. Our results suggest that even heavily sampled anonymized datasets are unlikely to satisfy the modern standards for anonymization set forth by GDPR and seriously challenge the technical and legal adequacy of the de-identification release-and-forget model.”
Enhancing Practice07/23/2019New brief analysis tools – Bob Ambrogi of LawSites called attention in articles on his site and Above the Law to two new brief-analysis tools, Quick Check from Thomson Reuters, which Bob also looked at here, and Bloomberg Law’s forthcoming Brief Analyzer, which Bob discussed in an earlier post.
Privacy07/22/2019Dutch regulators addressed use of transaction data for marketing purposes – Chris Ewing, Tim Hickman, and Nathalie Colin of White & Case wrote that the Dutch Data Protection Authority sent the Dutch Banking Association a letter informing it that processing individuals’ transaction data for direct marketing purposes may not comply with the GDPR. Appended to the letter was guidance meant to help banks determine whether processing transaction data for direct marketing purposes would be compatible with the original propose for which the data had been collected.
Privacy07/18/2019New York SHIELD Act awaits governor’s signature – In the same Alert, Kramer Levin noted that New York’s Stop Hacks and Improve Electronic Data Security Handling (SHIELD) Act, which updates New York’s data breach laws, passed the state senate and assembly and awaits the governor’s signature.
Privacy07/17/2019New York Privacy Act presumed dead – On July 17 Alysa Zeltzer Hutnik and Lauren Myers of Kelley Drye reported that New York’s efforts to pass the New York Privacy Act, SB5642, have failed, leaving the CCPA as the only comprehensive privacy state statute. The next day, Kramer Levin published an Alert discussing the bill and stating that its future is unclear.
Privacy07/17/2019ePrivacy Regulation update – Melinda McLellan and Kyle Fath of BakerHostetler wrote that the Council of the European Union’s ePrivacy Regulation likely will not be implemented before late 2021, and discussed key concepts of the regulation up for debate and the subject of amendments. Adoption of the regulation, introduced in 2017 and originally slated to go into effect with the GDPR, may be delayed even further due to changes in oversight of the Council. According to the New York State Senate site, the bill is in committee, having been referred to Consumer Protection on May 9.
Privacy07/17/2019COPPA Rule comments sought – As Alysa Zeltzer Hutnik and Lauren Myers of Kelley Drye reported, the FTC announced on July 17 that it is seeking comment on the effectiveness of amendments the FTC made to the Children’s Online Privacy Protection Rule (COPPA Rule) in 2013 and whether additional changes are needed. The COPPA rule went into effect in 2000 to implement the Children’s Online Privacy Protection Act. The public comment period is open for 90 days after notice is published in the Federal Register.
Privacy07/17/2019Data security management in China – Xinlan Liu of Perkins Coie prepared an overview of the draft Measures for Data Security Management published for public comment in May by the Office of the Central Cyberspace Affairs of China (official Chinese version and unofficial English translation). These measures, along with other recent draft measures (including the Measures for Network Security Review, the Regulations for the Network Protection of Children’s Personal Information and the Measures for Safety Assessment on Cross-Border Transfer of Personal Information) would be the supporting documents of the Network Security Law.
Enhancing Practice07/16/2019Law firms in transition – As noted by Jim Gill of Ipro, Altman Weil has released an 80-page report on the results of its Law Firms in Transition 2019 survey. The report substantive sections are Market Forces, Productivity, Lawyer Staffing Strategies, Efficiency of Legal Service Delivery, Pricing Strategies, Law Firm Profitability, Practice Groups, Leading Change, Financial Performance, and Bonus Question.
Enhancing Practice07/16/2019AI regulation – Sharon Nelson of Sensei Enterprises noted that the Law Library of Congress released a report, Regulation of Artificial Intelligence in Selected Jurisdictions, that looks at AI regulation and policy in jurisdictions around the world.
E-Discovery07/12/2019July’s Notable Cases and Events in E-Discovery – From Sidley, summaries of People v. Spicer, 2019 IL App (3d) 170814 (Ill. App. Ct. Mar. 7, 2019), Shamrock-Shamrock, Inc. v. Remark, 2019 WL 1868175 (Fla. Dist. Ct. App. Apr. 26, 2019), Flynn v. FCA US LLC, 2019 WL 1746266 (S.D. Ill. April 18, 2019), and Franklin v. Ocwen Loan Servicing, LLC, 2019 WL 1130477 (N.D. Cal. Mar. 12, 2019).
E-Discovery07/10/2019Translating with AI – Elizabeth Beattie of Asian Legal Business reported that Hogan Lovells worked with Knovos to use AI to translate and scan Korean documents for a DOJ investigation, saving, according to the firm, 8,300 hours of review time.
E-Discovery07/10/2019Turning the e-discovery tables – James Beck of Reed Smith discussed implementation of a plaintiff-focused e-discovery strategy in the Taxotere MDL.
E-Discovery07/08/2019More on the challenges of emojis – Samantha Murphy Kelly of CNN wrote an article about the increasing appearance of emojis in court cases and the challenges they pose to judges, citing numbers from Santa Clara University law professor Eric Goldman (33 reported cases with emojis as evidence in 2017, 53 in 2018, and 50 in the first half of 2019). While there are more than 2,823 emojis set by the Unicode Consortium, courts have not yet developed guidelines on how they should be approached.
Enhancing Practice07/07/2019Law firm legal technology sanity check – Bob Ambrogi of LawSite, analyzing the results of the 2019 Aderant Business of Law and Legal Technology Survey, notes that the most effective tech tools are not the ones sucking up all the oxygen in the room – AI or blockchain, for example – but rather far more prosaic technologies such as document management and time and billing.
Privacy07/03/2019State “omnibus” privacy law comparison sheet – Baker McKenzie has published a comparison chart of new or proposed state privacy laws. The chart covers bills from California’s CCPA (SB 1121) and laws from Maine (LD 945 / SP 275), Nevada (SB 220), and Pennsylvania (HB 1049).
E-Discovery06/30/2019Egypt draft data protection law – Youssef Sallam of Al Tamimi & Company wrote that the Egyptian Cabinet of Ministers recently approved a draft data protection law, akin to the GDPR, which is being reviewed by the Parliament of Egypt.
E-Discovery06/27/2019Garter e-discovery solutions market guide summary – Exterro has made available a reprint of a 15-page summary of Gartner’s Market Guide for E-Discovery Solutions. A full version can be purchased from Gartner for $1,295. As I have noted in the past, these types of guides are best used to help develop a general understanding of the options available in the market and never should be used as the primary source of information for making decisions about which e-discovery software or services to buy.
E-Discovery05/14/2019Subpoenaing wearable technology data – In an ABA article, Meghan A. Rigney of Wiedner & McAuliffe offered advice on subpoenaing wearable technology data, in particular FitBit and Apple data.
E-Discovery11/12/2018Complex commercial litigation described – In e-discovery circles we frequently talk about “complex commercial litigation” but how many of us have a solid understanding of what that means? Ryan Frei and Ashley Peterson of McGuireWoods have prepared a primer that covers the basics and more.