“33% of Fortune 100 Organizations will experience an information crisis by 2017.” – Gartner, an information technology research and advisory firm
Recently, data breaches have become one of the most serious threats to companies worldwide, and as more corporate infrastructure moves online, studies suggest that the rising number of data breaches will cost 2.1 trillion dollars globally by 2019. Because of this, a new market of data breach practice groups has emerged to assist with e-discovery, information governance, data security, and preparation for high-risk technological emergencies. In light of this, what should your law firm or company do to prepare for one of these potentially imminent situations?
In this episode of Digital Detectives, Sharon Nelson and John Simek interview Martin Tully, co-chair of Akerman LLP’s Data Law Practice, about why his firm decided to implement a data breach law group, how data security fits in with current e-discovery and information governance practices, and what every company should include in an incident response plan.
“Data Law”: e-discovery, information governance, and data security consulting
Increased client demand for legal technology services
Strategic partnerships between legal and technical professionals
Company interests: preparation for data loss, litigation, and government inquiry
How to proceed during “the upchuck hour”
Reasons for the increase in data breaches
Who and what should be involved in the incident response plan
Simulated data breach exercises
A lack of data security in many law firms
Martin T. Tully is a partner with the Chicago office of Akerman LLP. He is veteran trial lawyer with more than two decades of experience representing domestic and multinational companies in a variety of complex commercial litigation matters. As the co-chair of Akerman’s Data Law Practice, Martin also focuses on keeping clients ahead of the curve regarding the developing law, technology and best practices related to e-discovery, information governance and data security.
Michael Fricklas is executive vice-president, general counsel, and secretary of Viacom Inc., a powerhouse in the digital content industry. Viacom, a global mass media company, owns Paramount Pictures, Nickelodeon, MTV, Spike, Comedy Central, Channel 5 in the UK, and hundreds of other cable television networks. Because of the massive amount of media content it owns (mostly tv shows and movies), Viacom has been at the center of copyright issues involving YouTube/Google. Additionally, as a large corporation with many departments and outsourced legal work, cybersecurity and cyber attacks have become immensely important recently.
In this episode of In-House Legal, Randy Milch interviews Michael Fricklas about his path to becoming general counsel of Viacom, his specific interest in technology law, and what it’s like to be general counsel in a company owned by lawyers. Fricklas also discusses the copyright infringement lawsuit between Viacom and YouTube, how he managed the corporation’s public reputation during that time, and what he predicts for the future of cybersecurity in law firms and corporate legal departments. Tune in for an inside look at how the digital age has influenced the job of general counsel.
Michael Fricklas has served in senior management of Viacom’s legal department since 1993 and has been general counsel and secretary, Viacom’s most senior legal position, since 1998. He has been deeply involved in the legal issues surrounding the digitization of content and, most recently, has become involved in cyber-security issues.
The public and private sectors are equally struggling with cyber security issues. Despite the development of innovative problem-solving technologies and systems, many small, medium, and large companies are still at great risk of a cyber attack. The government cannot regulate these attacks without proper access to business information and the private sector needs government aggregation of widespread data. What is the true value of information sharing and how can cyber insurance greatly assist in this process of creating better cyber security?
In this episode of In-House Legal, Randy Milch interviews Peter Beshar, executive vice president and general counsel of Marsh & McLennan, about his path to becoming general counsel and how businesses should approach the issue of cyber security. Beshar started at Marsh & McLennan immediately after a civil action was filed against them by Attorney General Eliot Spitzer in 2004. He discusses how he dealt with being a new general counsel at a business in crisis. With stocks down, ratings down, and clients, banks, and employees upset, he learned to be relentlessly positive and to make strong decisions. General counsel and in-house lawyers alike can benefit from his knowledge and experience.
After the break, Beshar discusses cyber security risks and how they affect the private and public sectors. He explains Enterprise Risk Management (ERM): technological innovations coupled with cyber insurance which drives and modifies people’s behavior. Additionally, he says, the government should interact with private businesses to share cyber threat indicators and provide widespread information about preventing cyber attacks. The issue of cyber risks is incredibly prevalent in businesses of any size today, and it is important that we create long-lasting systems for preventative measures.
Peter Beshar is the executive vice president and general counsel of Marsh & McLennan Companies, Inc. He has a wealth of experience as a public servant, as a prominent big law firm litigator, and as general counsel for a global enterprise. Beshar is widely known for his experience with cyber risk insurance.
Joe Looby recently released his documentary The Decade of Discovery about the United States versus Philip Morris tobacco lawsuit in the early 2000s and email e-discovery issues. The film also discusses the emergence of the Sedona Conference as a think tank and forum for discussion about cooperation in e-discovery. Many prominent federal judges were interviewed about the issues with open government and record keeping. Also in the documentary, Jason R. Baron, Esq. talks about open government, record keeping at the White House, and how the e-discovery issues played out in the lawsuit. We are beginning to wonder, in this world of big data, how are we dealing with information governance, specifically within issues of open government and data security?
In this episode of Digital Detectives, Sharon Nelson and John Simek interview Jason Baron about information governance, dark data, open government, and his role in The Decade of Discovery. Baron talks about the increasing amount of electronic data affecting the Freedom of Information Act (FOIA) and the discussion e-discovery experts need to have about providing public access to government records. There is a mandate, he explains, that after 2019, all federal agencies must provide all of their permanent records to the archives in electronic or digital form. Because of this, systems and sophisticated softwares will be required to properly filter and provide access to the data. Baron also discusses information governance as a whole, including privacy, security, discovery, and management, and the need for a Chief Information Governance Officer (CIGO) going into the future. He concludes by praising Richard Braman, a leader in the e-discovery industry, for founding the Sedona Conference and creating the Cooperation Proclamation.
Jason R. Baron, Esq. serves as Of Counsel at Drinker Biddle Reath LLP in their Information Governance and eDiscovery Group in Washington DC. He is Co-Chair of the Information Governance Initiative, is currently Chair-elect of the DC Bar Litigation Section E-Discovery Committee, and is an adjunct faculty member at the University of Maryland. His 34 years of public service include serving as a trial lawyer and senior counsel at the US Department of Justice and as the first Director of Litigation at the US National Archives and Records Administration. An internationally recognized speaker and writer on the subject of electronic records, Mr. Baron has been recognized by The American Lawyer magazine as a “trailblazer” in e-discovery in its August 2013 issue of “The Top 50 Big Law Innovators of the Past 50 Years.” He was the 2013 recipient of the Federal Bar Association’s Justice Tom C. Clark Outstanding Government Lawyer award.
In November of 2014, hackers infiltrated Sony’s computer network lifting terabytes of corporate data, human resources information, internal intel, films, corporate emails, and other valuable information. This led the corporate world to question how protected we really are from cyber attacks. In the 1990’s, the only computer issue was viruses, but the attack vectors have since changed. Companies and individuals are now subject to spear phishing, spyware attacks, malware, drive-by downloads, and browsers. What steps are now necessary to keep hackers from accessing your valuable data? And on a separate but equally interesting subject for lawyers, who really was behind the Sony attack?
In this episode of Digital Detectives, hosts Sharon Nelson and John Simek analyze the progression of data security over time, look into data loss prevention steps, and consider each potential suspect of the Sony hack. Nelson describes the internet security suites that have been developed to include protection from all different types of attacks. However, she explains, these security systems are unlikely to keep out a sophisticated and determined hacker who is specifically targeting a corporation, law firm, or individual. The newer systems simply try to detect the infiltration and respond to it, observing what data is compromised and trying to identify the hacker. Simek explains several systems that are being used for security including data loss prevention, intrusion detection, and Security Information and Event Management (SIEM) products which correlate data to figure out what’s normal.
Nelson and Simek then go on to analyze why Sony was attacked and who may have done it. The hosts explain security blogger Bruce Schneier’s theories on the suspects ranging from an official North Korean military operation to a disgruntled ex-employee. Listen to the podcast to hear the hosts’ strong case for who they think the hacker was. Nelson also reviews Sony’s reaction to the security attack. Stay tuned until the end for the NSA’s rumored ability to create a cyber defense system and the international implications of an automated cyber attack response.
On the coattails of presidential support and possible regulations from the Federal Communications Commission, Net Neutrality makes its way back into public debate. Proponents claim it will keep the internet a level playing field while opponents believe the opposite. One side worries about oppressive corporations while the other is concerned about oppressive government. Not surprisingly, opinions for or against tend to follow political party lines. On this episode of Lawyer 2 Lawyer, host J. Craig Williams interviews Chris Fedeli from Judicial Watch and Professor Jonathan Askin from Brooklyn Law School. Together they discuss the meaning of net neutrality, the pros and cons of regulating, and what it takes to keep the internet innovative. Tune in to hear about free market principles, consumer protection, and data packet discrimination.
Chris Fedeli is a senior attorney with Judicial Watch where he has litigated multiple cases in state and federal courts concerning election integrity, ballot initiatives and referendums, and government transparency. Prior to joining Judicial Watch, Fedeli was a senior associate at Davis Wright Tremaine in Washington D.C., where he represented clients in communications law litigation and regulatory proceedings. In 2009, the ABA’s Communications Lawyer published Fedeli’s article criticizing the FCC for its net neutrality regulations, which have since been overturned twice by the DC Circuit.
Professor Jonathan Askin is a professor at Brooklyn Law School where he teaches technology, telecommunications, and entrepreneurial law and policy. He is also the Founder of the Brooklyn Law Incubator & Policy Clinic, which represents internet, new media, communications and other tech entrepreneurs on business development, policy advocacy, and law reform. During the 2008 Presidential Election, Askin chaired the Internet Governance Working Group for the 2008 Obama Presidential Campaign.
When an organization or business suddenly finds itself in the middle of a civil litigation case, it is often overwhelmed with discovery requests. Most companies don’t have the tools or processes in place to deal with collection and data preservation and encounter expensive and time-consuming issues when responding to requests for information. What is a legal hold, would your organization be able to initiate a defensible legal hold, and when can data be confidently deleted again? It is very important to understand the discovery process and implement and enforce effective systems for data preservation now in order to reduce future costs of potential litigation.
In this episode of ESI Report, Michelle Lang interviews experienced e-discovery expert Cathleen Peterson about why data preservation is crucial to the discovery process, how to create a defensible legal hold, how to take account for emerging technologies, and when it is ok to delete data. Peterson explains that the fundamental challenge of data preservation is balancing the burden and the benefit. Failure to preserve means trying to recreate access to the data, an incredibly expensive and time-consuming process that raises questions about the effectiveness of the council or credibility of the client. Alternatively, well-preserved data can facilitate a well-managed litigation, control costs, result in an outcome that serves the client, and create the least disruptive litigation flow. A legal hold, Peterson explains, involves giving all potential parties who may have relevant evidence notice that litigation is in existence or anticipated. This includes employees, third parties, the IT department, or any person who may have accessed the information. She discusses how organizations need to implement a data governance system, enforce it across the organization, and update it yearly to account for changes in technology. Once the case is dismissed, the legal hold should be formally lifted and the data deleted so that future cases are not complicated by old data.
Peterson is a senior vice president at Kroll Ontrack, where she leads the consulting and advanced review services teams. She was the Legal Director at Orrick, Herrington & Sutcliffe and councel at WilmerHale. Cathleen has deep experience in all-things ediscovery, including records management, collection and preservation strategies, technology assisted review, and regulatory compliance.
“A cyber attack on the World Trade Center would be 10 times more financially damaging than the 2001 attack.” Data breaches like the ones at Target, JP Morgan, and Home Depot have recently been all over the news and are usually organized by hackers working towards financial gain. But there is cyber war happening with military and political objectives with potentially far more damaging results. Cyber terrorists and militaries have already developed technologies that are able to hack into important data systems, destroy critical infrastructure, and take down crucial things like power grids and financial systems. If this does not scare you, you should know that there are almost no direct laws that deal with the ramifications of cyber attacks, the contractors who built the failing technology, or innocent bystanders.
On this episode of Digital Detectives, Sharon Nelson and John Simek interview cybersecurity expert David Bodenheimer about the effects of cyber attacks, whether they are likely to proliferate, the connection between the private sector and government defense, and the legal risks to contractors and bystanders. Bodenheimer first explains how economic cyber crimes are different than cyber war, and gives some examples like the US cyber security threat in 2009, the 2007 cyberattacks on Estonia, and Stuxnet, a computer worm that destroyed many control systems in Iranian nuclear plants. He explains that there is a global cyber race and, in a few years, no self-respecting military will be without cyber attack capabilities. Unfortunately, there are no international treaties or laws that directly govern cyber weapons and war. Bodenheimer also discusses US laws that federal agencies and contractors could face to account for damages. These could include the DHS SAFETY Act, Public Law 85-804, and various legislative proposals, but there is no clean fit.
David Bodenheimer is a Government Contracts partner and litigator heading Crowell & Moring’s Homeland Security practice. David has 32 years of experience in doing business with the government. He has represented Fortune 500 companies in cyber disputes with federal agencies, advised on security compliance and cloud standards, and handled a broad spectrum of cybersecurity and privacy issues in the public sector.
Discovery, as all lawyers know, is the process of collecting and exchanging information about the court case to prepare for the trial. Traditionally, this was done by many lawyers over countless billable hours in which every page of potential evidence was examined for important information. Because of this, the more information existed in reference to a case, the more expensive the case was. As technology developed, law firms began using computers to do keyword searches and conceptual searches. Unfortunately, there were problems including picking the right keywords or concepts, misspelled words, how to structure the items, and that these searches only yielded 20% of important data. Recently, technology has advanced to predictive coding, or teaching a computer program to think like a lawyer would. But how cost effective and practical is predictive coding, and how well does it actually work?
In this episode of The Digital Detectives, Sharon Nelson and John Simekdiscuss the evolution of technology and case discovery, how predictive coding works and is priced, and examples of cases that have involved predictive coding. Simek first explains the importance of culling, or filtering out unimportant data sets through DeNISTing, deduping, or filtering by dates. He then explains predictive coding in its simplicity: to feed a computer program information based on discovery attorneys have already done until the computer can accurately predict which information is important. Simek and Nelson then go on to examine the prices vendors charge for the predictive coding process and in which cases it might be profitable for the law firm or client. There is a steep, expensive learning curve involved; many mid-sized law firms probably will not profit and even very large cases only save an average of 15% using predictive coding. However, Nelson explains, predictive coding is the future of discovery, so it is important for lawyers to pay attention to when the benefits outweigh the costs.
Nelson concludes the podcast by giving examples of when predictive coding has already appeared in court cases. The landmark case was Da Silva Moore v. Publicis Groupe, in which Magistrate Judge Andrew Peck allowed predictive coding to be used as long as the defense and prosecution agree to its use, there are a large volume of documents, it is the superior technology, it is more cost effective, and it is transparent and defensible. Inevitably, the conclusion is that it is not for the judge to micromanage the discovery process.
There has recently been an increase in virtualization of law practices and the rate at which firms are beginning to adopt internet-based technology solutions. There are significant advantages attached to those programs including mobility, flexibility, ease of installation and management, and decreased setup cost. But most lawyers don’t know what a virtual office entails, are wary of trusting a remote server, or worry about the security of working through a browser. What is virtualization, how does it apply to law firms, and why should lawyers be adopting this new technology now?
On this episode of The Legal Toolkit, Jared Correia interviews AbacusLaw CEO Alessandra Lezama about cloud-based case management systems and why lawyers should virtualize their firms. Lezama explains the difference between desktop as a service (DaaS) and software as a service (SaaS), the benefits of virtualization, and how to choose a company to help with this process. The encrypted remote servers should have geographic redundancy, regular and thorough security audits, and have local data centers. Lezama points out that lawyers are hesitant towards virtualization due to anxiety of the unknown or lack of time, resources, or knowledge but they must adopt new technology as a matter of ethical compliance. Because there are so many intricacies to this process, many lawyers do not know where to start. Lezama encourages attorneys to invest time, perform due diligence, and seek a good partner to help guide the process. In the long run, the relief of IT burden will more than pay off.
Alessandra Lezama is the chief executive officer of Abacus, a legal technology solution company that designs, installs, and manages virtual practice systems. Before joining Abacus, she was chairman of the board and chief executive officer of two Blackthorn Investment Fund companies, chief operating officer and CEO at American Internet Services, and has held key leadership roles in sales, marketing, and operations for Comsat International.