By: Kris Satkunas, LexisNexis CounselLink

With the legal industry buzzing about metrics and analytics, corporate legal professionals are eager to get their hands on more information. Rather than diving blindly into the data that is housed in their enterprise legal management solution, a better approach involves identifying, first and foremost, the questions that are most important to the legal department and digging for data to help answer those questions.Continue Reading Peeling the Onion: Six steps to optimize the data mining process

By: Sarah Sawyer, Inventus, LLC

The use of mobile devices in the workplace is an ever-evolving practice. When organizations first started taking advantage of increasing mobile technology, particularly cellphones and laptops, most implemented “company owned, personally enabled” (COPE) policies. The mobile device remained the property of the organization, and the employee used it primarily for work-related tasks. With COPE, the type and scope of mobile devices is restricted, affording the organization the ability to fully understand the technology of a limited number of devices, thus providing them with predictability when the data stored on those devices becomes discoverable.
Continue Reading The E-discovery implications of BYOD: Clear policies are a must when employees take control of mobile devices

By: Brian Kim, iDiscovery Solutions and Therese Craparo, Reed Smith LLP

Most experts agree that a sound information governance and data remediation program is vital to driving an organization’s business and reducing its risk profile. But how and why and when and with whom are all questions under active consideration. In this interview, Therese Craparo of Reed Smith and Brian Kim of iDiscovery Solutions give us their perspectives on the rapid evolution of information governance and how it is transforming the way in which organizations think about and manage data. Their remarks have been edited for length and style.

MCC: What is information governance and data remediation? Who should be involved in an organization’s information governance policy?

Craparo: I view information governance as the management of corporate information to facilitate business operations, manage risk, and ensure compliance with legal and regulatory obligations. It is essentially a corporate governance function for managing the most critical and valuable asset of a company – their data and information. Data remediation is part of the information governance process. To have good information governance, you need to make sure that you don’t keep data that you don’t need. Data remediation is the sensible disposal


Continue Reading After the Data Deluge: “Keep it all, keep it forever” won’t do any longer. As paradigms shift, information governance, including defensible data remediation, takes center stage

By: Jenny Le, FRONTEO, James A. Sherer, BakerHostetler and Amie Taal, Deutsche Bank AG

Two of the most insidious myths about cybersecurity are that most threats originate outside an organization – Russian hackers, for example – and that it is an IT problem. Amie Taal, a cybersecurity expert with Deutsche Bank, Jenny Le, who runs operations for e-discovery provider FRONTEO, and James A. Sherer, chair of BakerHostetler’s information governance practice, are determined to dispel those myths. Below, they discuss their recent white paper focused on insider threats and the cyber responsibilities of C-suite executives (“Increased C-Suite Recognition of Insider Threats Through Modern Technological and Strategic Mechanisms”). Their remarks have been edited for length and style.

MCC: There was a day when corporate executives could walk the factory floor to keep an eye out for people and process problems. In today’s knowledge economy, executives have limited visibility into employees’ day-to-day processes and tools. At the same time, government regulators and others are putting insider cybersecurity threats squarely on their radar. That seems like an impossible situation. How should C-suite executives deal with it?

Sherer: Let’s start with the metaphor of the factory floor. What can we do to recreate that kind


Continue Reading The Cyberthreat Within: As companies wake up to insider threats, C-suite executives are looking beyond IT for help

By Michael Stevens, AccessData
Keeping internal tech teams up to date on legal and compliance trends is a never-ending task for many corporate legal departments. But it remains an important one, as CIOs and CISOs developing technology plans for a company need to account for these requirements and more. Security threats, mobile employees and a changing regulatory climate can keep good general counsels awake at night. Along with their CIOs, GCs must look to update their technology and processes to steer the ship through these challenges in a rapidly changing information age environment.

How Secure Is Your Data?
There are many great lists that you would like to see your corporation listed on, but I will bet this isn’t one of them: Krebs on Security. How you interact with your CISO or CIO to manage your company’s security risks is crucial in keeping you off this dreaded list. You may think that you have everything locked down, but you are facing an indomitable foe every day – clever cybercriminals. Who is going to be responsible for handling the legal consequences in the aftermath of an incident? Just look in the mirror.

It is a heavy responsibility to keep customer, financial, intellectual property, personally identifiable and legal information safe from breach. Cisco’s Annual Security Report in 2016 said that 65 percent of organizations feel that they face a significant level of security risk. Additionally, Bomgar’s Vendor Vulnerability Report stated that 55 percent fear a breach resulting from vendor access will occur over the next year, while 20 percent believe the same will happen at any time after one year. A practical reminder – be sure your technical teams are requiring all vendors to adhere to the highest security standards and have a protocol to immediately inform you of any breach.

Creating a detailed map of all of the organization’s data repositories is critical. Unless the organization knows what it has, where it resides within the organization and who is responsible for the data, it cannot respond quickly or effectively to data loss. By creating a detailed data plan with your CIO, CISO and internal stakeholders, you can determine what types of information you have, where it lives and who has access to it inside and outside of your organization. If your organization doesn’t yet have an incident response (IR) plan, insist on it before you experience a cyber or other security breach. Part of that IR plan will outline what steps must be taken to rapidly investigate where and how the breach occurred; what data, if any, was compromised; if the breach is ongoing; and how to remediate it. This is where having a data map, including the locations of sensitive legal and matter, becomes critical.

BYOD: Your Recurring Nightmare
Continue Reading Are You and Your CIO in Sync?: Alignment on relevant industry trends significantly impacts IT’s capacity to satisfy a legal department’s needs

By: Rees Morrison

This article introduces a type of graph that shows multiple metrics of law departments on the same scale – probably a new graph for most readers – a parallel coordinate plot (PCP). We will explain the PCP1 using data from the General Counsel Metrics LLC benchmarking survey sponsored by Major, Lindsey & Africa.

To create the PCP for this article, we extracted data of law departments that participated one or more years over the past six years of the benchmark survey.  More specifically, the subset consists of U.S.-based companies in technology or telecommunications.  We then narrowed the group to companies that reported fiscal year revenue between $500 million and $5 billion.  The resulting 62 companies formed this article’s “tech” industry.

Establishing the tech law department data set is one step, but analyzing and presenting conclusions about its metrics is another.  One of the challenges of displaying benchmark data in graphs is organizing, on one chart, multiple metrics for each law department.  Making the challenge even harder is when the data comes in different scales such as single or double digits for head-count metrics, hundreds or thousands for patent records, millions for spend data, and billions
Continue Reading Tech and Telecomm Benchmarks with a PCP

By: Rees Morrison, Altman Weil Inc.

General counsel want to know about the legal department’s productivity, value and client engagement. Even better, they welcome ideas regarding how to improve those important attributes. The good news is that insightful clues to each of them are as close as the email inbox! General counsel who understand and interpret data about the email traffic sent by their lawyers to internal business clients and received by their lawyers from clients have tapped into a trove for analysis. This column sketches how to collect that email traffic and ways to analyze it.

Is It Legal?

As readers might be concerned about invasion of privacy, my assumption is that all email handled on a corporate server is owned by the corporation and can be studied by the corporation. Hence, there should be no expectation of privacy regarding the emails of lawyers or clients. Point two is that the email traffic to be examined would be stripped of any content other than names of lawyers and clients and dates. Point three is that the data source will only be messages between corporate clients and their in-house counsel. (Whether attorney-client privilege would be threatened is beyond
Continue Reading Email by the Numbers: Graphing a department’s email activity can yield crucial information on productivity and value

By: Rees Morrison

Articles, consultants and conferences repeatedly praise data as an antidote to misimpressions and a supplement to experience. Most general counsel agree and, in their own fashion, rely on the data their department generates. Why, however, do some law department managers oppose investments in metrics as aids to their decision-making? Law departments store troves of data about matters, costs, law firms, time allocations and more, yet sometimes it goes unused, unvalued or even unrecognized.

While writing a book about management metrics for lawyers, analyzing such metrics and creating charts to convey findings, it occurred to me that we boosters of data-based decision-making can advance many arguments in favor of it, give examples, appeal to logic and history, but sometimes we make little headway. So I started collecting what I project to be the legitimately held beliefs of those who oppose enlisting data for decisions. Let’s refer to those beliefs as “objections.”

As the number of objections grew, a taxonomy drawn from several disciplines differentiated and grouped them. Here are the six disciplines and a thumbnail definition that guided assigning objections to them.

Anthropology: tribal mores and the culture of a law firm

Biology: primal fears from
Continue Reading Just Say No to No: Be able to counter any objections to using data analytics in management decisions