Thought Leader Trending: John Wilson with eDiscovery Today’s Doug Austin

Editor’s Note: Industry eDiscovery expert and commentator Doug Austin, as part of his Thought Leader Series published on his eDiscoveryToday.com blog, recently interviewed John Wilson, Chief Information Security Officer and President of Forensics for HaystackID. Doug is an established eDiscovery thought leader with over 30 years of experience providing eDiscovery best practices, legal technology consulting, and technical project management services to numerous commercial and government clients. Doug has also published a daily blog since 2010. Provided below is the full text of his recent three-part interview with HaystackID’s Wilson as shared on the daily blog, eDiscovery Today.

Thought Leader Interview with John Wilson of HaystackID: eDiscovery Trends and Best Practices

Overview

I recently interviewed John Wilson, Chief Information Security Officer and President of Forensics for HaystackID, who has more than two decades of experience providing IT, eDiscovery, and digital forensics consulting services.  We covered so much with regard to eDiscovery trends that we couldn’t fit it all in a single blog post.  Part one of my interview was published Monday (July 6) and part two was published on Wednesday (July 8), here is the third and final part (July 10).

Part One

Time for another thought leader interview on eDiscovery Today!  My latest interview was with an expert on digital forensics and eDiscovery who has been involved in IT and eDiscovery for over 20 years!

As Chief Information Security Officer and President of Forensics at HaystackIDJohn Wilson is a certified forensics examiner, licensed private investigator, and information technology veteran with more than two decades of experience working with the US Government and both public and private companies.  John provides expertise and expert witness services to help companies address various matters related to digital forensics and eDiscovery, including leading investigations, ensuring proper preservation of evidence items, and chain of custody. He develops processes, creates workflows, leads implementation projects as well as GDPR data mapping services for clients including major financial institutions, Fortune 100 companies, Am Law 100 law firms as well as many other organizations small and large. In addition, he provides expert witness services and consulting in matters of all sizes. His work spans some of the largest litigations and matters on record in the United States and many of the 39 countries where he has worked on cases.

John, you’ve been involved in information technology and eDiscovery for well over 20 years now. What’s your take on how the eDiscovery industry has evolved over the years?

From my perspective, the eDiscovery industry has evolved and it has been a cycle-driven nature. At the beginning, we had Z-Print which was really just a print screen functionality that gave you the ability to start converting electronic formats into this flat format that could be reviewed – originally TIFFs or JPEGs, eventually PDFs as well.  Z-Print was the initial standard, and Discovery Cracker followed it, and then LAW PreDiscovery followed that as the standard.  So, it was very cycle-driven. Usually, three to five-year cycles seem to have persisted through the eDiscovery world where we’ve gone from Z-Print and Discovery Cracker to LAW, then to Summation, then to Relativity, then to Technology Assisted Review (TAR).

I think we’re at the edge of the next cycle of eDiscovery, and I really think that’s going to be this whole concept of remote eDiscovery, which includes remote collections, remote review, and so forth.  Everything’s being pushed into the remote world due to the advent of the COVID-19 pandemic. There are big companies providing remote services in various portions of the EDRM life cycle, but it hadn’t become widespread before the pandemic. Companies have been fearful of it, just like they were during the days of Discovery Cracker and Z-Print. People weren’t sure that the products would get everything, they weren’t sure it would be reliable and they weren’t sure it would provide an accurate representation.

Very similarly, there are eDiscovery companies that have been doing good bits of remote work, but there hasn’t been any widespread adoption of it until the COVID-19 pandemic began.  Now, the rest of the world has discovered that these processes do actually work pretty well and they can help people achieve the goals they need to achieve without people having to meet and congregate together to get things done.  So, I think it’s a very cycle-driven evolution for eDiscovery. It has been since I’ve been involved in the mid-90s, and we weren’t even calling it eDiscovery or forensics back then, when it was still a fringe activity before it began to slowly evolve through these cycles.

You brought back memories with mentions of Z Print and Discovery Cracker. I worked with both back in the day, so I definitely remember those experiences.

Yes, they were good times. I remember having to work on a Z-Print production that took us 72 hours and worked day and night three days in order to achieve a desired goal, but it was the cutting-edge standard at the time.

Sure was. So, as CISO at HaystackID, I’m sure you noticed that California still proceeded with the enforcement of the California Consumer Privacy Act (CCPA) starting July 1, despite calls for it to delay it because of the pandemic. How well do you think organizations today are equipped to adhere to data privacy legislation such as the General Data Protection Regulation (GDPR) and CCPA?

That’s a great question, Doug. I don’t think the companies in today’s world are truly prepared for full enforcement of CCPA or GDPR. As GDPR has become more established since summer 2018, companies have implemented many policies and many mechanisms, but there hasn’t been firm enforcement of those policies. Certainly, there has been enforcement in some cases, but not at a mass scale.  And, whether you’re talking about CCPA, or the New York Stop Hacks and Improve Electronic Data Security Act (SHIELD) or even the currently proposed New York Privacy Act (NYPA), enforcement is the big question. For CCPA, California has said that they’re setting aside a substantive budget for this program for the state and they plan to fund that budget through enforcement. So, there’s certainly intent to enforce the CCPA and many companies have worked hard to implement the policies, but much of it has just been wordsmithing so far.

Companies have a policy and they post it to their website and make their users acknowledge it as they visit the website before they provide their info, but it’s forgotten after that. There’s been very little else done about it except for a few fringe players that do take it more seriously, perhaps because some of them may have been stung by a GDPR action. But, I really do feel that most organizations are not truly prepared for it. They’ve put out the privacy policy and the acceptable use policies on their websites, and maybe they’ve shared that with some other employees, and it’s in their vendor language when they engage with other vendors, but there’s very little real substantive action around it.

So, it’s going to be interesting to see the challenges unfold. How will California proceed with enforcement – especially in light of COVID-19 – and how will they actually investigate and enforce the policies?  It’s going to be rather difficult to do so, but many organizations today are definitely not equipped. They’ve done superficial things to appear to be ready for it, but in practice, I don’t think many are ready for it. We’re consulting with quite a few of our clients as they have GDPR and related privacy issues that come up.

Part Two

Since we talked about GDPR, it seems that eDiscovery practices and workflows are continuing to be adopted globally. What have you observed about that, and how is HaystackID addressing the increased global need for eDiscovery services?

Similar to the pace of GDPR adoption, eDiscovery practices have still been slow to be adopted by everybody.  Many larger organizations – especially those with a lot of litigation – have certainly implemented eDiscovery programs and practices and workflows to address their needs, but adoption is still trickling down into the mid-tier of the market, much less the smaller organizations in the market. I think the challenge that the larger organizations have is evolving those practices and workflows as eDiscovery continues to go through its cycles of evolution. It’s challenging to keep up with that evolution unless they engage with consultants and organizations, like HaystackID, that can help them continue to cycle their practices and workflows as well.

In our corporate consulting program, we help companies develop their eDiscovery practices and workflows. We help build the eDiscovery manual that lays out the framework and then we actually help with training and working the people through those workflows, so it’s an actual practical exercise versus just a paper exercise.

You’ve been a forensic examiner and consultant for a long time, and we’ve already discussed remote eDiscovery a little bit.  Even before the pandemic, we already started to see some eDiscovery collections performed remotely. How do you see collections being handled in the future, and how do you think the pandemic will affect collections in the future?

Yes, like we were discussing earlier, I think the adoption of remote collection will definitely accelerate. I think many organizations will discover and appreciate that they can complete their collections without people having to travel to collection sites. When you’re performing remote eDiscovery, you’ll have a remote consultant that’s driving the remote effort. They can only do so many things at once while connected and remote, using whatever specific hardware they have.  With on-site collections, we can scale a lot more and perform multiple tasks at once. So, there’s still certainly going to be cases for on-site work, but I think that a large portion of current workflows will shift towards remote work, as it’s been proven to work and people are seeing how effective and less disruptive it can be. Remote work isn’t always less disruptive, sometimes it takes more effort to make sure that Virtual Private Network (VPNs) are in place and security checkpoints are in place for connecting and the impact can be significant. But overall, I’m expecting that at least 50% of the work will remain remote and that’s just based on the numbers we’ve seen.

As you said, there was already some growth in remote collections as a lot of cloud-based email platforms have all been shifted to remote collection anyway. When the data is on cloud servers and you’re no longer on-premise at a client or at an organization, there’s no reason to do that in person because you’re connecting to the cloud anyway. Unless you have authorization or security schemas that prevent remote access, that is.

In addition to collections, are there any other ways that you think the pandemic will, ultimately, impact the legal profession and the eDiscovery industry in particular?

It’s been an interesting ride going through the COVID-19 world as companies had to adapt and adjust very rapidly to remote scenarios and people not able to be in the same room together, so review has been significantly impacted.  Many companies previously did a lot of onsite reviews.  HaystackID has been doing remote reviews for eight years. We’ve done hundreds and hundreds of cases through remote review, but many clients still insisted on physical review in a review center. I think that’s definitely going to change as companies have discovered the efficiencies and the cost-effectiveness of doing the remote reviews.  Not only cost-effectiveness, but you’re also getting better talent because you can pull from a wider market.  You’re also getting better expertise that’s available to assist with a matter. So, organizations are realizing that there are definite benefits to moving to remote review.

I think that’s going to be a very major impact on the legal industry.  We’ve already been doing some remote collection, remote review, and other remote eDiscovery work, but only a small percentage of the marketplace adopted it.  I think that that adoption level is going to go up substantially across the board as the organizations have started to realize the positive impacts of remote eDiscovery.

Certainly, remote reviews have the advantage of you’re not limited to a geographical area from where you can pull your reviewers from, so certainly, that makes a huge difference right there.

Absolutely. With review, you have a much larger talent pool to select from.  The top candidates that could work on your matter in a geo-market could mean you’re delving into the top 25% of that pool, but when you start expanding the geographic region to include most of the United States or other expanded jurisdiction, the candidates that are going to be selected for your project are the top 1% of the population that were available to work on it. You’re just getting a much higher talent pool.

Beyond that, one of the challenges in review has always been the subject matter experts and retaining the appropriate subject matter expert that can be sitting in an office in Boston or Chicago or LA or wherever.  When you conduct the review remotely, you’re now pulling your subject matter experts from a much larger pool as well. You’re getting truly substantive subject matter experts or language experts or whatever particular need you have, you just have a much larger pool to draw from.

Part Three

You’re a frequent participant on HaystackID’s education webcasts, what’s your observation on how competence in eDiscovery has evolved over the years and where it stands today?

That’s a really interesting one. I enjoy sharing and educating, so that’s something that I do keep a fairly close eye on. I would say, as a whole, the industry has evolved quite substantially. Back in the early days, there wasn’t a lot of experience to draw from, it was all learning by being in the pit and figuring out how to do it. In today’s world, there’s a lot of educational opportunities.  You have law schools with eDiscovery programs and you have paralegal programs that have eDiscovery programs.  The industry itself has programs – for example, our HaystackID educational webcasts.  So, there’s certainly a substantial growth in the amount of information available and we’re definitely in the information age. I think today’s eDiscovery consumer is certainly a lot more educated.

I remember back in 2010, years after the eDiscovery world was alive and robust, going to a client and having an initial consultation about a case.  The client at one point picks up a box of paper and says, “Here it is! I’ve got my eDiscovery”. I said, “Well, that’s not exactly eDiscovery, but we’ll get you there”.

I don’t encounter that anymore. People are used to dealing with digital data and eDiscovery and PDFs and TIFFs, and not even so much TIFFs anymore.

But there’s a much larger need for expertise across the universe. Where education needs to really expand now is more entity-based, getting the corporations to become more knowledgeable. The corporations have intelligent people with knowledge, but the “rank and file” hasn’t adopted the body of information into their workflows and processes. As I said, there are large litigious companies and organizations with people that have eDiscovery knowledge with best practices and workflows in place. But, the company body isn’t adopting the knowledge, so I think that’s where the industry needs to grow and continue to focus efforts in getting the organizations to be more intelligent about how they handle compliance and information governance, eDiscovery and how all that ties together.

What else are you working on that you would like our readers to know about?

Of course, I always like to talk about security. I think cybersecurity today is very important. Many companies have started to understand that as threats related to COVID-19 have exploded and bad actors have certainly exploited the COVID-19 situation as well.  Companies have had to make this quick adaptation to get their employees able to work remotely, so they may have cut corners on policies and procedures to enable them to do so, exposing them to additional risk. In addition to the normal risks of bad actors looking to infiltrate organizations, additional challenges such as “Zoom bombing” have targeted new behaviors related to COVID-19 where organizations had to adapt quickly to remote work and the remote situation.

It’s more important than ever to have a level of cybersecurity preparedness, following a framework to protect your organization.  There are numerous frameworks out there to choose from, but it’s important to follow some framework, put some protections into place, and be more proactive than reactive.

In the cybersecurity world, the bad actors in the world or going to do their best to get in and they often will. The biggest weakness is the human factor – you’re only as strong as the weakest person in your organization, so it’s important to provide training and keep your personnel aware of your policies and what to be looking for. But, the bad actors are always going to be more targeted, they’re going to spend more effort in figuring out how to get in and they’ll often succeed. So, it’s really the detection phase that’s most important, knowing when something has happened and containing it, preventing it from getting across your whole network instead of just the one system that they were able to breach.

Identification and detection of malicious activity is your best offense to help protect your network.  If you can detect when an anomaly occurs, then you can stop it from becoming an actual breach.  For example, if somebody is trying to authenticate from a geolocation that your organization doesn’t have employees, you can decide to block that stop any data from being able to transmit to and from there.

It’s really all about cybersecurity, being more intelligent and protective of the organization, and adapting to the new standards in the COVID world.  Then, make sure you go back and document all of the exceptions that you made in order to accommodate remote workers.  Document those exceptions and incorporate them into your formal long-term policies to protect your organization.  So, my big focus is cybersecurity and trying to make sure that organizations are more aware, especially in the legal space, because the legal space is definitely a larger target. There’s more “meat on the bone” as far as the bad actors are concerned. They have a higher potential of getting to important information, so within the legal space, it becomes really important to make sure we’re protecting those assets to protecting the organizations themselves.

John, thanks for your time today, and thanks for participating in the eDiscovery Today Thought Leader Interview Series!