Thought Leader Trending: Michael Sarlo with eDiscovery Today’s Doug Austin

Editor’s Note: Industry eDiscovery expert and commentator Doug Austin, as part of his Thought Leader Series, published on his blog, recently interviewed Michael Sarlo, Partner and Senior Executive Vice President of eDiscovery and Digital Forensics for HaystackID. Doug is an established eDiscovery thought leader with over 30 years of experience providing eDiscovery best practices, legal technology consulting, and technical project management services to numerous commercial and government clients. Doug has also published a daily blog since 2010. Provided below is the full text of his recent three-part interview with HaystackID’s Sarlo as shared on the daily blog, eDiscovery Today.

Thought Leader Interview with Michael Sarlo of HaystackID: eDiscovery Trends and Best Practices

I recently interviewed Michael Sarlo, Partner and Senior Executive Vice President of eDiscovery of Digital Forensics for HaystackID, who is an expert in cross-border matters and EU data privacy concerns, as well as a certified and highly credentialed forensic examiner.  We covered so much with regard to eDiscovery trends that we couldn’t fit it all in a single blog post. Part one of my interview was published last Wednesday (August 12, 2020) and part two was published last Friday (August 14, 2020), and here is the third and final part (August 17, 2020).

Part One

Time for another thought leader interview on eDiscovery Today!  My latest interview was with an expert in cross-border matters and EU data privacy concerns, who’s also a certified and highly credentialed forensic examiner!

As Partner and Senior Executive Vice President of eDiscovery and Digital Forensics at HaystackIDMichael Sarlo facilitates all operations related to electronic discovery, digital forensics, and litigation strategy both in the US and abroad while working on highly complex forensic and eDiscovery projects. Michael is fluent in a wide variety of digital forensic early case assessment, eDiscovery processing, and hosting technologies, in addition to the IT infrastructure associated with deploying and administering such tools. He’s also a very frequent speaker on digital forensic best practices, GDPR issues, ESI treatment methodologies, and cost containment strategies for working with massive volumes of data. Additionally, Michael is an expert witness and holds certifications in a variety of areas to include, but not limited to, Cellebrite, EnCase, BlackLight.  He’s also a Relativity Certified Administrator.

Mike, as VP of eDiscovery and Digital Forensics at HaystackID, I’m sure you’ve seen some changes regarding how eDiscovery is conducted since the pandemic began. What are your observations regarding those changes and the working environments that so many of us have been thrust into?

As an eDiscovery service provider, we’ve been lucky to be particularly resilient as it relates to adapting our business to our clients’ needs as they shift to more of a remote office environment, and what we’ve noticed that we were already very used to working remotely. As an eDiscovery vendor who’s been “in the weeds” as a project manager and operations person, we’ve already adapted to managing a large workload through remote work. But, we’ve noticed that many of our clients have struggled a lot with issues associated with their infrastructure, such as their capabilities to log in remotely, receiving a hard drive remotely, and even getting a production out.  In the past, the litigation support role has been required to be in the office three days a week at a minimum, and often five days a week, and firms are usually asked to have an open door at all times. That has been the culture of being a support staff in law firms, so remote work has caused major changes there.  Certainly, individuals are looking to show more value than ever, so I’ve noticed that the hours have become longer. We’re doing more work in a single day, and often even starting new matters and having early scoping discussions with both our corporate clients and their outside counsel late at night, where those types of calls would normally happen during the day. So, the general workday has increased in length, as have the quantity of execution points that need to be handled in a single day.

However, I do think it is balancing a bit now, and people have adapted to working from home. Improvements with the technology have helped with that. Before, there were general infrastructure issues and issues with video conferencing and conducting screen shares, but that’s improved a lot, so that our clients can work from home in a more collaborative manner.  From an eDiscovery standpoint, for us, it’s all about challenges such as getting physical data in and out of the data center, so we always have an eye towards continuing to streamlining that process for client engagements through careful planning.

Yes, it certainly has been interesting how the work/life balance has changed, especially, or accelerated during the pandemic. So, how else do you think that the pandemic will ultimately impact the legal profession and the eDiscovery industry, and what do you think the landscape in our industry looks like 12 months from now?

I think that remote work is here to stay for some time, but I also think that people will eventually want to go back into the office and see their colleagues and have a space where they can work. From a process standpoint, digital forensics, where I spend a lot of my time in working on investigations, has become more challenging. There are more complex data collection and review challenges with new data types to handle that we’re seeing as a result of the pandemic, as we’ve shifted to more web-based collaboration tools. Data from collaboration apps like Slack is now commonplace, as is data from cell phones, which wasn’t the case as recently as five years ago. Standard practice has changed over the past four or five years and, now, this data is potentially relevant in every single case.

We’ve been very successful at HaystackID in offering a secure remote workforce to our end clients, whether they are corporations or law firms.  We were already a leader in secure remote review and, at least for large scale matters, we were able to work with IT departments to be able to conduct remote eDiscovery effectively. If you’re in an investigation, you often need to be able to collect data and process it and review it all on the same day — especially when you’ve got a regulator breathing down your neck – in many cases, that type of scale and capacity can only be offered with a true integration between a vendor like HaystackID and a corporation into their enterprise. Now, there’s a need to deploy those integrations for much smaller scale projects, so that we can maintain social distancing.  There are certain efficiencies to that, but there are deficiencies as well, in that your custodians are in more diverse locations with many different schedules, so scheduling is more burdensome. You’re trying to get more data on a custodian by custodian basis, and some data repositories aren’t great for remote collection, such as Android phones and tablets, or feature phone chipsets.

So, we’ve had to balance on-site collections (where we pick up, sanitize and return in any of our labs across the country) against more of these remote collection workflows. In addition, because of so much remote work, organizations are moving away from legacy archive systems into next-gen archive systems, which are more cloud-based. They’re monitoring and saving a lot of data types that used to be more ephemeral in nature, so we’ve seen better compliance with better data retention. That leads to bigger data volumes, forcing people to streamline some processes and become more agile in others and HaystackID is trying to lead innovation in those processes in many different domains right now.

Part Two

You’ve already touched a little bit on discovery of non-traditional data sources.  What other observations do you have regarding them and what advice do you have for our readers regarding addressing those ESI sources?

With non-traditional data sources, we talk a lot about data collection, but the biggest issue may be presenting it in a form that could be used in a deposition or in a courtroom that represents what it looked like when originally displayed through your web browser. 95% of non-traditional data types are web-based, or at least web-based in nature. Where we’re really innovating now is the review of that data and new mechanisms to be able to identify potential responsive data earlier.  We’re working with a lot of these data types using cutting edge analytic workflows, more from a structured analytics standpoint, leveraging high-level data analysis at the outset. Not only being able to find the important data more quickly but also to massage these data types into different types of analytics platforms, so they can be reviewed in context and acted on normally. I think that’s the next-gen phase of where we’re going in eDiscovery.

You also spoke a little bit about what you’re doing with corporations and corporations are facing more challenges than ever with regard to the pandemic.  And those certainly extend to discovery as well. HaystackID has a very established corporate consulting practice. What advice are you and HaystackID giving your corporate clients with regard to how to address those challenges?

The challenges are robust for our corporate clients and the current pandemic health issues are chief among them.  Those certainly include potential risks for liability with regard to congregation of employees, having to respond to shifting guidance from the Center for Disease Control (CDC) and/or state and local governments regarding ability to congregate and also the political elements of whether people should be congregating. These are definitely challenges for some of our larger corporate clients who have large workforces.  Asking people to come to the office to turn over their computer for an investigation was already a difficult discussion and even more so in the time of social distancing.

With all of these health risks to consider, we’re working with corporations to deploy contingency plans that heavily rely on technology, which includes consolidating the reach of data points around archive systems or agents and also putting policies in place that prevent the proliferation of data to sources that might be harder for us to collect in the event of an incident.

Mike, people generally think about eDiscovery is associated with litigation, but I see it more and more tied to other activities such as investigations, especially as they relate to FTC and DOJ investigations and Second Requests. What are your thoughts about that and what is HaystackID doing to address challenges in that area?

I would say about 90% of my practice is what I would call an enforcement and regulatory response. It’s much different than a typical litigation. As you move up in your “weight class” as an eDiscovery vendor, you start to see a lot more of these and it’s also based on your capabilities from a global scale, which we’ve really focused on expanding over the past five years. One recent challenge here is that regulators, because of the pandemic, gave lawyers and their clients the impression that they would offer leniency on timing agreements, then suddenly started to put the pressure on again to keep the investigation process moving swiftly, which has led to confusion. The regulators were getting bored sitting at home too, but are definitely back to work now.

Investigations often break the paradigm of traditional operational models. While your typical litigation can sometimes be chaotic, you still have a good sense of what’s required and what the milestones are and the timing for those milestones. Investigations are a lot more unpredictable in terms of what to expect and the timing for it all, especially in Foreign Corrupt Practices Act (FCPA) and anti-trust investigations. We start with an expectation of scope, but if you’re doing your job and you’re uncovering evidence in the investigation, that scope can dramatically scale and change. As a result, you need experienced and adaptable teams that are often your most seasoned people with experience managing across the enterprise to meet rapidly shifting deadlines.

From a Second Request standpoint, we’re seeing bigger and bigger Second Requests. I personally oversaw over ten Second Requests last year, which is about 15% of all of the Second Requests being conducted. And, we’re continuing to see even more this year. The sizes of the deals are much bigger. In this economic climate, a lot of companies have cash on the sidelines and they’re looking to take advantage of certain synergies, so we’re seeing larger deals come out as people look to clean up balance sheets. We’re also seeing the more of these alternative data types that we’ve been discussing that need to be reviewed and produced, so we have proprietary workflows that allow us to push those short message formats and alternative data types through our Technology Assisted Review (TAR) process for Second Requests.  As with litigations, it’s just as important to create an efficient TAR workflow for Second Requests. For matters that have as many as 50+ custodians on the Second Request side, managing that volume of data within a TAR workflow is critical to avoid spending as much as four times what we would spend on a purely human review.

HaystackID has done a lot of work there to streamline that process. In addition, just having a battle plan and a playbook that brings together all of our directors and our heads of certain departments and puts them into really active oversight roles on these matters helps ensure their success.  Because the risks are incredibly high, so we do everything we can to make sure they go as well as possible.

Part Three

Intellectual property (IP) is another area where it seems like activity is increasing in both cases and investigations. How have you seen that trend develop with HaystackID’s clients and what are you doing to assist clients in those areas?

Digital forensics in the private sector, in addition to data collection, is often associated with trade secrets matters in IP litigation. These are often going much more hand-in-hand and we’re seeing an increase in IP litigation in the traditional sense that also has a trade secrets component.  We’re taking holistic approaches to understanding the data, analyzing various data exfiltration points over time to be able to illustrate for our legal clients how a bill became a law, so to speak, when looking at a file and how it exited their organization or entered into their organization. Making that as simple as possible for the attorneys, taking out some of the technical jargon and giving them very clear evidence they can use, whether in motion practice, depositions, or other events is just based off our experience doing many of these types of investigations.

We have a dedicated team that can focus on departed employee investigations, to determine if the employee takes data with them when they leave the company.  That investigative work falls into our trade secrets and enforcement practice as well and we work with a lot of different corporations on IP issues.

Once again, you’re dealing with very complex data types as you get into different technology companies. We do a lot of source code reviews for some of the really big tech companies, and source code is often the big “crown jewel” of the case. The ability for HaystackID’s technical bench and our web team (that also overlaps more of our source code review team) to extract those data points in a format that’s relevant to what’s in scope for review and understanding what’s a draft versus a final version and things like that for IP litigation have enabled our clients to benefit considerably.

You’re also a frequent participant on HaystackID’s educational webcasts. What are your observations on how confidence in eDiscovery has evolved over the years and where it stands today?

I’ll talk about law firms and corporations separately. Law firms have reorganized themselves where I feel like their top people are really the ones who are communicating with their clients and vendors. We’ve seen competency go up there and that’s great, because it benefits us as well when discussions about problems are shorter.  Though we’re always happy to explain things and educate people. But I am seeing more talent out there in the workforce and certainly people who are staying cutting edge are self-educating, as there’s a lot of educational opportunities out there. I think you’re always thrust into things that are a little bit outside of your batting class, if you’re working at the right place, and a lot of my clients have done that and I’ve seen them really grow there. In addition to our educational webcast series, we also do one to two-day in-person digital forensics training that isn’t really sales pitched, they’re more operational, which I think has been incredibly valuable to my clients, and helped them address where they’re struggling.

On the corporate side, if they have an eDiscovery department, we typically see they are more advanced. They often graduated out of a vendor and went into a law firm and then graduated out of there into a corporation. A lot of these corporations that have an eDiscovery department, they’re spending a lot on eDiscovery, so they’re looking for that talent to mitigate those expenses while reducing risk. I think we’re pretty mature there.

We have a lot of clients through our corporate consulting program that still have challenges and need help, though.  It’s great to be able to work with very competent people, but there are cases when an organization is looking to implement an eDiscovery department.  We’re happy to help out there as well, be it from a consulting standpoint all the way to a fully integrated solution where we function in that vein.

What else are you working on that you would like our readers to know about?

I think we really have become much more comfortable with pushing our clients to allow us to work with them on a strategy standpoint and getting a better understanding of the matter goals, so that we can more consultative.  We’re getting better types of information out of their eDiscovery collections, more data about the documents rather than the documents themselves. Our data analytics and data science teams have been quite busy, which all plays into our “casting a net” approach around responsiveness. We spend most of our time with all these new age data types to drive value for our clients.

And I keep harping on the new age data types because, as an eDiscovery vendor, we recognize that a lot of our clients have their own capacity. Especially during a pandemic, they’ve been asked to keep work in-house.  But, they still have to send a lot of work to vendors of our size and scale when there are alternative data types or when the case is simply moving too fast. That’s why we’re so focused on it.  We’re providing more structured analytics, gathering data points from call records with actual documents and with tweets and Slack and Teams’ chats.

Giving our end clients a timeline around activities to enable them to have informed discussions that are based on facts about their data early on with regulators has been absolutely critical to reducing their spend and risk and enabling them to focus legal efforts on the actual issues within various matters, rather than just drifting through a sea of unresponsive materials just for the sake of hitting a checkbox. We have examples and work products and reports that really put us into a new class as far as our consulting capabilities and clients are coming back over and over again for that offering.

Mike, thanks for your time today and thanks for participating in the eDiscovery Today Thought Leader Interview Series!

Additional Reading

+ Thought Leader Trending: John Wilson with eDiscovery Today’s Doug Austin
+ Thought Leader Trending: Ashish Prasad with eDiscovery Today’s Doug Austin