Data protection, TAR and data security dominate my corner of Legaltech

I have already written short holding post about Legaltech (Not yet my Legaltech report) which includes links to posts by others. This article focuses on my own small corner of this vast event. Oh, and yes, I know it was called Legalweek this year.


I wrote before I went (see Off to Legaltech New York for the eleventh time) with a general survey of “Legaltechs I have known” and with mention of some of the things I planned to do. There were new things this year – Bob Ambrogi wrote about them here; like him, I cannot say that the changes made a great difference to my own experience.

Legaltech is a big target and people like to moan, but when you break down the complaints each year most of them appear to be of little substance (one must distinguish between a mere moan and an adverse but nevertheless constructive suggestion). Footfall was down in the exhibit halls, said some, but if this is explained by a charging policy which kept away the “tyre-kickers” whose primary purpose is to scoop up goodies from the booths, then that means more space for those who are there for serious purposes. There is a certain type of marketing person who is fanatical about head counts, as if mere numbers were an indicator of success. The pool of potential buyers relative to attendance headcounts is pretty small and it is better, surely, to have space to focus on those who matter.

Similarly, there is usually much complaining about the timing and location – why, people ask, do we have to go to cold, damp New York at the beginning of February? For myself, I can’t think of anywhere more convenient for a show which aims to attract Asian, Australian and European audiences as well as American ones. Not Las Vegas again, please. Nor one of those warm south-eastern venues which involve three flight changes. The beginning of February has the merit that the show competes with nothing else. It was neither cold nor wet in New York this year which muted the complaints on that score.

It suited me. But then it always did, for one who wants to meet a lot of people and catch up with the ideas which are inhaled almost subliminally by being at the biggest Discovery show on earth.

Data protection, privacy, cross-border discovery and Brexit

I put these first because they were the subjects which came up most frequently, and not just because I hail from the EU or because these were covered in my own sessions. When I first went to Legaltech, 11 years ago, the constraints of EU data protection laws were just something Americans kicked against, tiresome rules which stood between honest US lawyers just doing their job and the data they needed. People would back me into a corner and wag their fingers at me as if I was personally responsible for the EU data protection regime and the difficulties it caused. There has been a steady increase in understanding of the real issues over the years, together with a more considered approach to managing the problem.

Now, with the General Data Protection Regulation on the near horizon, the Microsoft Dublin case (and now the similar case against Google), the transition from Safe Harbour to the Privacy Shield, and the fallout from the NSA / Snowden revelations, dealing with protected personal data is top of the agenda for many companies.

It came up in the Corporate Counsel Roundtable in which I participated on Monday, and it formed a substantial part of the discussions on the kCura panel New frontiers for international eDiscovery on which I was a panel member (there is more about this below).

Consilio dominated the formal session agenda on this subject, with a three-part track such as one might expect from a company with a strong presence in the main jurisdictions affected by growing privacy constraints. In three sessions, Ben Rusch, Drew Macaulay and Michael Becker covered the new laws affecting cross-border discovery, the use of technology to comply with cross-border data privacy rules, and the issues raised by multilingual data sets in global investigations.

Data protection and privacy recurred as one of the subjects covered in our kCura panel which, as moderator Steve Couling put it, took a “Phileas Fogg eDiscovery around the world in 60 minutes” approach.


Steve Couling, David Horrigan, Karyn Harty, Davin Teo, Chris Dale
More pictures of the kCura International Panel here

The EU was represented by me and by Karyn Harty of McCann FitzGerald, the latter’s presence representing the potential significance of Ireland as the UK prepares to throw itself off the Brexit cliff; Davin Teo of Alvarez & Marsal in Hong Kong brought us the view from the Asia-Pacific region; David Horrigan of kCura represented the US. I quoted from my interview with Patrick Burke of Seyfarth Shaw who, when asked where his clients saw the GDPR pressure, said that they just wanted to “keep doing business”.

These are difficult subjects full of uncertainty even before Brexit and the possibly changing relationship between the US and the rest of the world (I premised both my sessions on two assumptions which have not seemed necessary before – that we would still all be here by May 2018 and that the US would continue to trade with the rest of the world).

We have moved over the years from Americans merely railing at data protection restrictions to a climate in which we can have serious discussions about the development of policies, the improvement of understanding, and the skills and technology needed to tackle the issues. One of the subjects which came up on our judicial panel at the Corporate Counsel Roundtable was the extent to which US judges are willing to take note of foreign restraints. That won’t happen in every court, but a properly articulated argument, based on knowledge of the laws and on the use of the technology which was the subject of Michael Becker’s Consilio panel, can improve the odds of a successful outcome.

Information governance

There is increasing awareness that the ability to identify your data and, specifically, data which may contain personally identifiable information, is critical to corporate readiness for the GDPR. For this reason, the GDPR may prove to be the Trojan Horse which brings information governance into corporations. Anecdotally, companies are doing relatively well with the policy side of GDPR preparation; there is little evidence yet that they are actually dealing with the data. In my yet-to-be-published interview with him, David Wallack of NightOwl Discovery made the point that companies which purport to advise others on this subject need to get their own houses in order first.

Technology-assisted review

One of the people I interviewed at Legaltech was careful to draw a distinction between predictive coding and technology-assisted review. He was right to do so (strictly, predictive coding is a specialist sub-set of of a wide range of functions embraced by TAR) and I did the same in my review of TAR on the kCura panel.

In truth, I don’t much care what you call it as long as you see a few demos and inform yourself about what it is, what it does, what it costs and what it can save when you face otherwise insuperable volumes of data while under the cosh of a budget or the constraints of proportionality (even US lawyers have discovered proportionality, though they still agonise over its conflict with the comforting certainty of bright lines). I took us on a quick tour of TAR court decisions around the world, ending with the two Australian cases and the Australian practice note which I wrote about here.

Asked to condense my views into a single proposition, I said that all common law jurisdictions can learn from the others; the ball is passed from the US to Ireland to England and Wales to Australia, and if we can just kill off that daft assertion that “the US is two years ahead of the rest of the world” in eDiscovery, we can all do it better; if the rest of us don’t much like the overall US approach to discovery, we certainly appreciate the leadership of some of its judges and the great US technology which has developed to meet the challenges.

Data security

The subject of data security turns up everywhere, and rightly. It is the primary concern of IT and legal, for once bringing together two corporate departments which have managed to ignore each other for years. There is, accordingly, budget for data security, relegating even eDiscovery readiness as a concern for US (and other) corporations.

The GDPR brings new and rigourous protection and reporting requirements, together with a much wider definition of “breach” than in the US. How can you realistically report on a data breach in 72 hours (or at all) if you do not know what data you hold, where personal data is lurking and therefore what you have lost?

This is all good governance and compliance stuff anyway and we are, perhaps, seeing an extension from considerations of risk to more positive reasons for identifying and managing data. Security fears may prove to be the catalyst for all those things loosely grouped under the heading “information governance” for which there has hitherto been no perceived ROI.

The benefits extend into discovery – if you have disposed of stuff which is either unnecessary or whose retention offends the GDPR (such as personal information collected for a purpose which has expired) then you have less data to trawl for discovery purposes. If my motto last year was RTFR (Read the F* Rules) then this year’s is perhaps KLC (Keep Less Crap).

Provider updates

I try and avoid demos at LegalTech, on the grounds that I can have those at my desk any time, and because demo time should be spent on possible buyers not on me. I made an exception for Brainspace, software which everyone is talking about but which I had not seen. It was well worth the time.

I like to catch up with what companies are doing beyond the desktop with companies who give me senior people to talk to. Conduent, now separated from Xerox, gave an interesting presentation on the combination of inherited business, services, technology and revenue with the new agility afforded by its independence. I had an interesting hour with OpenText about the successful marrying of the large OpenText enterprise client base with Recommind’s technology. I had a meeting (as I always do at Legaltech) with FTI who brought me up to date with Ringtail developments, with the new User Enablement Portal and with a market in which cyber risk is bringing together the motive and the budget for information governance policies and action. Having written in my pre-Legaltech article about the thrusting new companies pushing into the eDisclosure software market, I spent some time with Everlaw.

Making movies

In previous years I have made appointments to film interviews and then my son Will and I have toted equipment around looking for somewhere to do the filming. It has worked but it is pretty wearing and a bit arbitrary, especially when the precious time of others has to be considered.

This year we took a hotel suite and set up green screens, lights and cameras there so we could get people in and out quickly. I did the interviews, while Will dealt with the lights and cameras; he is even now ploughing through Gigabytes of video and audio data to make interim versions for approval. The green screens mean we can add images, colours or whatever is right for the context.


About to interview Hal Marcus of OpenText

This was one of those occasions when I blessed my BA Executive Card and its weight allowance.



The social side of Legaltech

For many years, Nigel Murray has run a successful Commonwealth Brunch on the Sunday before Legaltech. Nigel was unable to attend this year, and Amit Pandit of APT Search took up the baton at short notice, organising brunch for non-US visitors to Legaltech.

Dinners provide the best form of entertainment at Legaltech – you can sit down (itself a relief), the food is usually very good, and the invitation lists include the brightest and best of the eDiscovery influencers. A dinner organised by Ricoh (owners of Commonwealth Legal in Canada), the kCura speakers’ dinner, and an informal “stragglers dinner” organised by Jonathan Maas for those left behind on Thursday night, gave the opportunity for proper conversation which is missing from the rush of the day.

I am no great enthusiast for parties because, though billed as occasions for networking and catching up with people, they almost always take place in rooms with bare walls and hard floors; put a band in the corner and it becomes almost impossible to hear anybody speak, which rather undermines the perceived purpose. Perhaps I’m just a an old grouch with defective hearing – everyone else seems to enjoy them.

I am glad, though, that I went to the Nuix party at the Tavern on the Green. Nuix CTO Stephen Stewart paid a warmly-received tribute to former CEO Eddie Sheehy and former Head of Marketing, Carolyn Betts, aka Mrs Eddie Sheehy. Neota Logic’s party was so packed that there was a queue to get in, leaving me wondering if the predictive analytics in their Reasoning Engine might be used to estimate how many will turn up – it seems to be relevant in almost every other aspect of legal processes. Even as we queued, Neota Logic was creating an app for lawyers helping people affected by the travel ban at airports, simultaneously an impressively fast application of technology and a good cause. Conduent had easily the best venue, and a guest list to match, at the top of the London Hotel. The parties given by Jo Sherman and EDT are legendary.

Best, as always, were the unplanned, impromptu meetings, the people you bump into in corridors, in bars or when crossing the road, people you know well, people you briefly met once before, people you know by name but have never met, total strangers who once attended a panel you spoke on, read a blog post you wrote or heard you on a webinar. One of the features of eDiscovery and its related subjects is that so many of its players are agreeable people. That is not a reason on its own for crossing the Atlantic every February, but it adds a layer to the commercial and subject-matter motives for going to Legaltech.


About Chris Dale

I have been an English solicitor since 1980. I run the e-Disclosure Information Project which collects and comments on information about electronic disclosure / eDiscovery and related subjects in the UK, the US, AsiaPac and elsewhere
This entry was posted in Alvarez & Marsal, Brainspace, Brexit, Conduent, Consilio, Cross-border eDiscovery, Cyber security, Data privacy, Data Protection, Data Security, Discovery, eDisclosure, eDiscovery, Everlaw, GDPR, Information Governance, KCura, LegalTech, Neota Logic, NightOwl Discovery, Nuix, OpenText, Predictive Coding, Recommind, Technology Assisted Review. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s