Every year thousands of legal professionals descend upon New York City to attend Legaltech, one of the largest legal conferences held in the US. The conference’s purpose is to provide an in-depth look at current and future technological advancements in the marketplace, and provide a forum to discuss current hot topics in the legal industry. This year, there were over 10,000 registrants, 200 speakers, and 10 educational tracks, not to mention the multi-floored exhibition hall which showed off new and familiar offerings from vendors and software companies in the legal business.
If nothing else, Legaltech is a phenomenal opportunity to learn. The Legaltech organizers do a great job of bringing in both industry thought leaders and experts in the day-to-day work and policies familiar to those of us in the legal industry. It’s impossible to sit in on every session that may be relevant or interesting, but I did my best to hit several panels and keynotes each day. Below are my key takeaways on some of the hottest topics in the legal industry right now.
Regardless of what industry you are in, the cloud has been a hot topic for many years. These days, the discussions have moved from “What is the cloud?” to “Okay, we have this cloud thing, now what do we do?” That question is especially poignant for ediscovery professionals because professionals across the ediscovery spectrum are concerned with preserving and collecting data in the cloud, how to make their processes more efficient by leveraging cloud-based technologies, and funny enough, the question “What can I delete?” was asked repeatedly.
To these points, it all starts with understanding exactly where data resides and what redundancies are in place in case data is deleted or corrupted. Knowing where data is allows in-house counsel to appropriately apply legal holds and direct IT and third-party vendors to the data when collections are needed. To accomplish this, IT and legal can work in tandem, or bring in an outside consultant to create a document that maps all data sources to their place within the IT infrastructure. To ensure that this is an effective tool, a review of the data mapping should occur on a regular basis, especially as natural changes in infrastructure and storage occur.
Microsoft was at Legaltech in full force promoting Office365 and spreading the message about how it can satisfy ediscovery needs within organizations. And, if orange is the new black, Office 365 is the new cloud. Though, that’s a pretty terrible joke, with all of the benefits of Microsoft’s Office 365 platform comes all of the confusion that has been and still is centered around cloud technology. At Legaltech it was clear that many legal professionals were making the move from Office 2010 to Office 365, which underscores the fundamental misunderstanding of what Office 365 is and the role it plays in their organizations. Rather than simply being a suite of tools like previous Microsoft Office offerings, Office 365 is a cloud-based infrastructure where organizations can manage their entire IT offerings under one umbrella.
It was previously mentioned that it has become imperative that legal professionals know where the data resides so that they can ensure they are collecting all relevant data, and Microsoft has sought to address this issue by creating a one-stopshop for data storage and infrastructure needs. Ideally, an organization fully migrated to the cloud will be able to access an individual’s own saved work product, their email, and any team shares they may have. While this doesn’t account for every possible data source out there, it does consolidate the most commonly collected data sources into one platform. That platform can be accessed remotely, from any computer, anywhere in the world. It comes with a suite of ediscovery tools to make applying legal holds, collecting data, and prepping data for TAR significantly easier than it has been in the past.
While many of the discussions about Office 365 provided more understanding of what the platform actually is, the overwhelming message was that ediscovery decision makers do not know what to do with Office 365. In many cases, IT has forced it upon these people without having discussions with legal, and they don’t understand what cost savings it provides, if any. Most importantly, legal professionals repeatedly referenced the need for professionals within the industry that can help guide their organizations through migrating to Office 365 and updating their processes and procedures around this new platform.
With the abolishment of the EU’s Safe Harbor data transfer agreement with the US came the General Data Protection Regulation. The GDPR is the new guiding principle for data privacy laws within the EU and aims to protect all EU citizens from privacy and data breaches . The GDPR strengthens regulations surrounding the conditions for data collection consent and directs companies to provide clear, simple, and understandable forms for consent . It also increases the territorial scope of the law as it applies to all companies processing the personal data of data subjects residing in the EU . Most importantly, the penalties levied when the GDPR is breached can be up to an unprecedented 4% of annual global turnover or 20 million euros (whichever is greater). The GDPR does apply a tiered approach to levying fines, so lesser offenses are penalized at lesser amounts . However, it makes the distinction that both controllers and processors of the data are subject to GDPR enforcement. This distinction is especially important for ediscovery vendors, as they can be penalized for processing illegally collected data under the GDPR. Though this is just one of many worldwide data protection laws, it was the main focus of several Legaltech 2017 panel discussions, as it is set to be implemented in 2018.
Historically, data collections in the US have involved taking all possible data and narrowing down the potentially relevant data set through data, search, and custodian filters, as well as through technology assisted review (TAR). But, many panelists felt that the GDPR and other existing privacy laws (such as the 2015 amendments to the Federal Rules of Civil Procedure) will push the US towards discovery proportionality, where collecting data is handled in a targeted and narrow fashion. Though it could be argued the US was already headed in this direction (as data set sizes have increased, so has the need to limit total population size), the new laws may be the final push the US needed.
The GDPR also impacts information governance and can conflict with US legal obligations. The GDPR requires that EU data is disposed of once it is no longer needed for the specific reason it was collected, but US regulations may dictate that the data is kept for a certain time period after it has been used. This is especially true in the context of legal holds, which can be applied for both pending and anticipated litigation. Likely this part of the GDPR will be tested in court, once the GDPR is applied. There are also concerns that, because legal holds do not traditionally exist in the EU, employees may inadvertently delete relevant data.
These laws also have an impact on US litigation because if counsel was to try to make the claim that they can't meet the data requirements of a subpoena because data is within a jurisdiction with privacy laws and they can't collect it, the DOJ will consider counsel non-cooperative.
Technology Assisted Review
It is no surprise that TAR was a hot topic at Legaltech 2017. It is becoming more and more prevalent, especially as the technology and its associated risks are being understood by a broader legal audience. In the past, it was believed that TAR could only be used for very large data sets that contained “perfect” seed/control sets created by subject matter experts, you needed all data upfront and you would require a team with expert math skills . It was also believed that you could only train to find relevant and non-relevant documents. Most importantly, many attorneys have shied away from TAR because it has traditionally required disclosure, negotiation, and approval.
For the most part, continuous active learning has knocked down many of these barriers as there is no longer a need for “perfect” seed sets, or all data loaded upfront. Training can be conducted as data is loaded, and the results are, in essence, updated real time. Additionally, TAR has been proven effective with small and large matters and the use cases for TAR have expanded drastically. TAR is no longer just for large litigation matters, but as some examples provided throughout Legaltech, it can be used for early fact finding in a litigation, analyzing received productions, due diligence, internal compliance and regulatory response investigations, and even data security breach responses, public records requests, and political law analysis .
There is also case law precedence that makes the argument that TAR does not need to be disclosed, negotiated, or approved to be used in litigation. While this may not fly with the DOJ at this time, the courts seems to be moving in the direction of a more relaxed stance towards TAR.
Ultimately, TAR is trending towards becoming the standard operating procedure for ediscovery and other legal matters.
Legaltech 2017 in some ways brought up more questions than provided answers, but one thing is clear: the world of legal technology and ediscovery is rapidly changing with the ultimate aim to redefine how ediscovery is handled. If you have questions or would like to chat further, please feel free to contact me at email@example.com.
 Dipshan, Ricci. "The Storm on the Horizon: 4 Things to Know in Prepping for General Data Protection Regulation." Corporate Counsel. ALM, 06 Feb. 2017. Web. 09 Mar. 2017.
 Trunomi. "The Regulation." EU GDPR Portal. EU, 09 Mar. 217. Web. 9 Mar. 2017.
 Tourikis, Kiriaki, Ethan Ackerman, Dawson Horn, III, and Alexis Mitchell. "Enough Already! Predictive Coding Is for Every Matter." Legaltech 2017. New York, New York. 01 Feb. 2017. Lecture.