New Data Types in the App Age

1. Develop Defensible Policies

The combination of today's new technical diversity alongside workplace changes — including a mobile workforce, lines blurring between professional data “owned” by a company or an individual, and the fact that many users don't know how to maintain multiple communication identities/accounts — are creating a concerning lack of corporate control over company data. Users can move, share or delete data, and collection tools can't keep pace with new applications, leaving legal teams across the globe playing catch up. Building a defensible information governance infrastructure is a critical starting point.

Foremost, a corporation needs to have a comprehensive acceptable use policy in place that specifically addresses social media, mobile device and networking application use. The policy must account for third-party applications that may store or host the organization's information, and should be aligned with the company's overall risk tolerance. Policy expectations and limitations on app usage need to be attainable, and not be viewed by the end-users as a roadblock to conducting business.

Policy development also requires cross-functional collaboration with stakeholders from teams including IT, compliance, procurement and business leadership, among others to ensure needs are aligned and existing policies are considered. The IG team should oversee random audits on app usage and data access to determine if certain applications or sources should be restricted. Doing so ensures that new apps can be vetted and approved or restricted by the legal team before they are used within the enterprise.

2. Build a Holistic Approach

We communicate on many different platforms every day. It is not uncommon to discuss a topic in email, then have a phone call and later follow up with a text, all in one conversation. So it is important to have the ability to take the underlying data from all of those sources and view it in the context in which it was created. Gaining this type of awareness of the landscape is only one part of the puzzle. From there, a path forward must be created through a holistic approach involving the right people and technology. Without an experienced technical team that can navigate the APIs of various applications and understand how they work, legal teams will wind up at a dead end. Experts in these areas can manage proper authentication and security measures and leverage metadata to efficiently move the e-discovery process forward.

Technology comes into play with standardizing data across platforms, and mining that data for key facts. For unstructured content such as emails and traditional documents, legal teams need to understand additional information related to that content, such as the people, timeframes and other topics involved. Advanced analytics that encourage the data to speak for itself go a long way toward establishing clarity and identifying important information. Legal teams must select platforms that handle the volume and variety of data, support security protocols and enable re-use of results and coding decisions from previous matters.

3. Establish Repeatable Processes

The most important step in addressing new data type challenges is creating a standardized and predictable process for collecting critical information. An established workflow allows the legal team to quickly take action when an issue arises, regardless of the size of the matter or how the internal data universe has evolved. From a technical perspective, it is important to rely on the people side of the equation to stay up to date on API changes for the applications being used across the organization, conduct quality testing, ensure defensible collection and to manage any technical limitations of various apps. Building metrics into the collection process makes it easier to track how the process is working and how it can be reused.

The fact that corporations are just beginning to understand the new normal of data was clearly illustrated for us during a recent matter with a large corporation. After working with the legal team and CIO exhaustively to identify myriad discoverable data sources, one custodian asked if the company's G Suite pilot had been examined. Surprisingly, because it was far enough outside the company's normal information ecosystem, none of the internal stakeholders had identified it. Ultimately, we uncovered that 30 key custodians were using the pilot, and some of the data within it was discoverable and not duplicated in other data sources.

This example provides a stark illustration of how much the corporate data environment has evolved. The creation and use of data are the lifeblood of corporations, and require fluid collection and review processes that can grow and change alongside the landscape. While many in the legal and compliance world continue to be overwhelmed by app culture, there is an opportunity to leverage all of the knowledge that resides within those repositories and begin to establish greater control.

*****
Tim Anderson is a managing director in the FTI Technology segment based in San Francisco. He has over 15 years' experience in legal technology as an application development manager, programmer, systems integrator and consultant. JR Jenkins is a managing director at FTI Consulting, and leads Product Marketing for the Technology segment.

Today's knowledge workers create information at a breathtaking rate. Email, documents, video, audio, chats and collaboration platforms are all part of the standard kit for today's mobile workforce. And while the threat of “big data” — massive amounts of data inside an organization — has cast a shadow over IT and legal departments for several years, the real challenge can often be the variety. It's why we believe the real challenge is less about “big data” and more about “new data types” — that quickly defeat traditional collection and review tools and strategies.

It would be challenging enough if organizations only had to get their digital hands and policies around the more common enterprise applications, such as Microsoft's Office 365 (with 70 million monthly active users and growing) and G Suite from Google (adopted by more than 60% of the Fortune 500). But it is the explosion in cloud-based applications that creates the biggest headaches — and greatest vulnerabilities — for today's IT teams. Whether Slack, Trello, Box, Dropbox or Evernote, potentially discoverable data is being produced and stored in a dizzying array of applications. And the next “big-thing” app — that no one has heard of, but everyone will be using in six months — is just getting started today.

The reality is that this next “big thing” app is guaranteed to create problems for corporate legal and compliance teams just like last year's is doing today. When e-discovery kicks off for an investigation or litigation, it is now more difficult to assemble the new data with “old” data from traditional email and corporate data stores. Effective e-discovery requires the ability to easily and quickly gather all forms of data to understand the bigger picture. As organizations grow more global, mobile and collaborative, more critical interactions are taking place in these new channels. To address these issues, a corporation can take three important steps.

1. Develop Defensible Policies

The combination of today's new technical diversity alongside workplace changes — including a mobile workforce, lines blurring between professional data “owned” by a company or an individual, and the fact that many users don't know how to maintain multiple communication identities/accounts — are creating a concerning lack of corporate control over company data. Users can move, share or delete data, and collection tools can't keep pace with new applications, leaving legal teams across the globe playing catch up. Building a defensible information governance infrastructure is a critical starting point.

Foremost, a corporation needs to have a comprehensive acceptable use policy in place that specifically addresses social media, mobile device and networking application use. The policy must account for third-party applications that may store or host the organization's information, and should be aligned with the company's overall risk tolerance. Policy expectations and limitations on app usage need to be attainable, and not be viewed by the end-users as a roadblock to conducting business.

Policy development also requires cross-functional collaboration with stakeholders from teams including IT, compliance, procurement and business leadership, among others to ensure needs are aligned and existing policies are considered. The IG team should oversee random audits on app usage and data access to determine if certain applications or sources should be restricted. Doing so ensures that new apps can be vetted and approved or restricted by the legal team before they are used within the enterprise.

2. Build a Holistic Approach

We communicate on many different platforms every day. It is not uncommon to discuss a topic in email, then have a phone call and later follow up with a text, all in one conversation. So it is important to have the ability to take the underlying data from all of those sources and view it in the context in which it was created. Gaining this type of awareness of the landscape is only one part of the puzzle. From there, a path forward must be created through a holistic approach involving the right people and technology. Without an experienced technical team that can navigate the APIs of various applications and understand how they work, legal teams will wind up at a dead end. Experts in these areas can manage proper authentication and security measures and leverage metadata to efficiently move the e-discovery process forward.

Technology comes into play with standardizing data across platforms, and mining that data for key facts. For unstructured content such as emails and traditional documents, legal teams need to understand additional information related to that content, such as the people, timeframes and other topics involved. Advanced analytics that encourage the data to speak for itself go a long way toward establishing clarity and identifying important information. Legal teams must select platforms that handle the volume and variety of data, support security protocols and enable re-use of results and coding decisions from previous matters.

3. Establish Repeatable Processes

The most important step in addressing new data type challenges is creating a standardized and predictable process for collecting critical information. An established workflow allows the legal team to quickly take action when an issue arises, regardless of the size of the matter or how the internal data universe has evolved. From a technical perspective, it is important to rely on the people side of the equation to stay up to date on API changes for the applications being used across the organization, conduct quality testing, ensure defensible collection and to manage any technical limitations of various apps. Building metrics into the collection process makes it easier to track how the process is working and how it can be reused.

The fact that corporations are just beginning to understand the new normal of data was clearly illustrated for us during a recent matter with a large corporation. After working with the legal team and CIO exhaustively to identify myriad discoverable data sources, one custodian asked if the company's G Suite pilot had been examined. Surprisingly, because it was far enough outside the company's normal information ecosystem, none of the internal stakeholders had identified it. Ultimately, we uncovered that 30 key custodians were using the pilot, and some of the data within it was discoverable and not duplicated in other data sources.

This example provides a stark illustration of how much the corporate data environment has evolved. The creation and use of data are the lifeblood of corporations, and require fluid collection and review processes that can grow and change alongside the landscape. While many in the legal and compliance world continue to be overwhelmed by app culture, there is an opportunity to leverage all of the knowledge that resides within those repositories and begin to establish greater control.

*****
Tim Anderson is a managing director in the FTI Technology segment based in San Francisco. He has over 15 years' experience in legal technology as an application development manager, programmer, systems integrator and consultant. JR Jenkins is a managing director at FTI Consulting, and leads Product Marketing for the Technology segment.