INTRODUCTION
Using solutions powered by artificial intelligence (AI) to assist with document review is now an accepted practice in the legal community. With the overwhelming amount of data to review for a case or investigation, practitioners continue to look for defensible ways to reduce datasets. The use of analytics such as continuous active learning, concept analysis, clustering and solutions that can detect similar documents are becoming increasingly necessary.

Portable AI models are now the new tool on the scene that can help with not only review for discovery, but also so much more. The use cases are growing, the technology is more powerful than ever.

In recent years there has been a noticeable shift from hesitation around using emerging technologies to embracing them to improve efficiency. To remain innovative, it is imperative to watch tech trends and explore partnerships with providers that can guide where portable models are most beneficial. Even though more organisations want to use new tools, there are grey areas around function and ROI considerations for portable AI models that teams must understand.

THE AI EVOLUTION
Most legal professionals and review teams now accept that they need to use automated tools to get through the documents for a case or investigation. With more data generated daily, manual review is impossible and will not offer the full story in reasonable timeframes or the constraints of budgets.

Advanced technologies powered by AI have offered a mechanism for speedy and accurate reviews that pull out the most important documents to review. It started with technology assisted review (TAR) tools, which automatically categorise and rank documents based on an initial training set. Then came continuous active learning (CAL) which allowed reviewers to review data on a rolling basis and does not need the creation of seed sets. Legal teams then found ways to use AI tools for other purposes such as early case assessment (ECA), contract analytics, and to identify key custodians and search terms to use.

Now, portable models are the next level TAR tool. Portable models are trained on data from prior or related datasets. Prior insights from the portable model are then used to jumpstart new reviews. This drops the need to create and train a new model every time a similar matter or question arises. There are generally two ways that teams are using these tools. Both options offer ways to repurpose past work product across multiple matters. One way is to apply an established pre-trained model to identify language in datasets on repeat topics such as privileged content or insulting behaviour. Innovative service providers in this space are building up libraries of more generalised models to offer to their clients. Another option is a bespoke model, which organisations train to pinpoint issues or answer questions unique to themselves. This is a more customised option that offers client-specific value and be a competitive advantage over others.

COMPELLING BENEFITS
Portable models truly elevate predictive capabilities for review teams. These tools offer a range of benefits and create opportunities to permanently transform processes. Here are four major advantages:

• Speedier reviews: Teams can identify relevant documents earlier in the review process. Portable models can analyse the entire corpus of documents to identify patterns and pinpoint documents responsive to topics of interest. While this benefit is also available with other TAR technology, the models can target specific recurring topics without the need to train a new model for each matter.

• Long term cost savings: Although there is an upfront investment to build custom model libraries or obtain pre-built models the cost savings will materialise over time. These models can narrow datasets resulting in fewer documents for manual review. Portable models can also assist in traditionally costly discovery tasks such as privilege review or ECA.

• Tech layering: Portable models can be layered with other solutions to get more accurate results. There is also the ability to run multiple models in parallel on the same dataset. For example, a litigation team could run models to detect privilege and harassing language simultaneously to pinpoint the hot documents in an employment case. Having this information pre-discovery assists evaluating early settlement opportunities.

• Consistency: Using model libraries results in more consistent work product across matters and legal teams. This is especially true for internally built model libraries, as they will be more customised to the organisation. Options for these bespoke models include fine-tuning pre-built base models to fit the specific environment, building models based on their prior activities, and creating models from scratch.

USE CASES
Due to portable models being such a recent innovation the use cases for portable models is not widespread. Portable AI models can apply in many situations both related to legal processes and other business needs. We’ve highlighted three use cases below:

Legal
There are several instances where portable models can aid legal teams. The most obvious is to cull datasets for review. That being said portable models have broader applications in the eDiscovery process. Portable models can be used for early case assessment, settlement evaluation, aid in coming up with search terms, identify custodians and for litigation risk analysis.

Here are two illustrations of how teams can apply AI models, one in the traditional review sense and the other in a more unique way for litigation analysis.

• Employment: In a sexual harassment case, teams can apply portable models on communication data to pinpoint sexually explicit themes, concepts, and language. The portable models can also detect comments on appearance, bullying, discrimination, harassment, and/or threatening behaviour. This can help parties jumpstart review by identifying key actors and witnesses early on.

• Deposition Preparation: large matters, portable models can help predict possible testimony and case issues. Customised pre-built models can help teams with strategic decisions such as when to settle, who to drop from a case, and who to call as a witness.

Compliance
Portable models aid compliance in several ways, such as filtering irrelevant data during investigations, meeting regulatory deadlines, demonstrating legal compliance, and can even be used for DSAR compliance. Models assign sentiment scores to detect fraudulent behaviour, prioritise evidence hotspots and reduce compliance risk. For instance, a model focused on kickbacks or insider trading can reveal fraudulent patterns by identifying custodians using specific words or phrases.

Another “out of the box” use case for compliance is to monitor employee behaviour. This can be particularly useful in the financial industry where organisations must ensure that employees are acting appropriately and not promising their clients unattainable returns.

Cyber
Incident response plans are crucial for cybersecurity teams as data breaches become more common. These plans map out what to do in case of a breach Including identification and review of exfiltrated data and notification of impacted individuals. In these phases portable models can identify sensitive data, determine where that data exists and who to notify. This enables faster and more efficient response times reducing the impacts of data breaches.

PREDICTED TRENDS
Monitoring market trends is crucial for staying competitive. It’s important to evaluate current and future needs and stay informed about developing technology and how they can be used. This enables organisations to demonstrate ROI to leadership and adjust strategic direction. Two predicted trends in portable models are discussed below.

First, adoption will increase over the next few years. However, it could take longer for organisations not prioritising digital transformation as they may have difficulties harnessing their own data and getting buy-in from leadership. Organisations prioritising transformation will have higher success rates in adopting AI tools as they will have the necessary processes and data in place. These organisations are also likely having partnerships with innovative service providers to leverage off to help them pinpoint specific use cases to maximise ongoing use of AI.

Second, the topic of portable models will make it to the courts. The use of emerging technologies – particularly those using AI has been a trending topic for years. As data volumes get bigger there will be a bigger push to make production more proportional. Portable models among other technology will have a key role to play in making the discovery process more efficient and cost-effective.

Lawyers must not forget they have ethical obligations to understand the benefits and risks of emerging technologies. They should be aware of the basic features of up-and-coming technology, to prove value to internal stakeholders, other parts of the enterprise, and clients. Continuing education and awareness are necessary to fulfill this ethical obligation. Education such as those at legal conferences have started to address this need which is a step in the right direction in increasing awareness and adoption of AI.

CONCLUSION
Portable AI models are the new tech tools to watch. The use cases and maturity will only continue to expand as more organisations become aware of how these models work and what benefits they can offer to legal and other departments. Now is the time to monitor new industry and court developments, evaluate investment opportunities with providers offering pre-built or bespoke models, and discuss potential use cases with leadership teams.

To download the pdf of this paper please click here

As businesses continue to globalize, so does the demand for global data in litigations, regulatory matters, and internal investigations. When thinking about eDiscovery from a global perspective, one size does not necessarily fit all. Organizations must consider what specific challenges they will face in tackling global eDiscovery or eDisclosure, which includes balancing the demands of local jurisdictions and rule of law against the desire for uniform process, which technology suits their case best, and what business processes need to be created. Below we speak to the challenges and considerations organizations may want to contemplate when handling a matter that has data located around the globe.

The Challenges of International eDiscovery

Some major challenges for organizations when the scope of a project exceeds U.S. borders are:

Costs – the ability to maintain data centers, infrastructure, and/or licensing in regions globally where volumes are smaller and pre-trial discovery is not commonplace is difficult. This is exacerbated when considering the prospect of maintaining defensible offsite disaster recovery.
Culture and business context – rationalizing the need and use of eDiscovery/eDisclosure and electronic data use with local team members can be challenging in locations that have differing legal systems and data privacy expectations compared to the U.S.
Resources – given the cultural challenges and the decreased demand for eDiscovery outside the U.S., justifying dedicated headcount to handle eDiscovery can be difficult. Moreover, although perhaps necessary to implement and maintain a solution in country, justifying the expenditure for local staff when workload and demand may be sporadic or less than full time is a tricky proposition, particularly when considering local labor laws that may prohibit part time employment and make change of staff difficult.
Risk – ensuring global cross-border eDiscovery does not violate any data protection or privacy laws within the countries of origin is no easy task. The world of data privacy and electronic data use is an ever-evolving minefield of regulation and control, differing from country to country. Keeping up with the latest developments and obligations is a fulltime job and one fraught with risk if not done properly or with the requisite attention and focus.

The Solution

Organizations can establish an eDiscovery managed services program with a global eDiscovery services provider to limit risk, cost, and headaches. A well-orchestrated program can:

Help mitigate costs and alleviate the need for your organization to incur capex expenses by providing a global footprint of data centers and technology solutions that you can utilize without the time and investment required to establish and maintain your own solution.
Provide in country resources native to those regions who can help manage the cultural and linguistic divides. Because the service provider is operating on a larger scale they can provide resources and experts to match your needs even when those needs are not fulltime.
Provide the resources to tackle both small and large-scale eDiscovery/eDisclosure projects as well as meet demanding deadlines while alleviating you of the HR and administrative burden of hiring and funding staff employees you may or may not need on a fulltime basis.
Mitigate risk by providing expertise and intellectual capital to ensure data resides within borders and your activities comply with local data use laws and regulation if required.

Considerations for Choosing the Right Discovery Provider

When seeking a managed service provider to support your global discovery needs, your organization should be looking for a provider whose footprint mirrors your own. Below are factors to consider when conducting due diligence into providers:

How long have they been offering eDiscovery services?
In what regions, countries, and cities does the provider have offices and staff? Be sure to look at this carefully as some providers may have offices or technology in each location, but not staff. If having boots on the ground is important, be sure to clarify this prior to engaging a partner.
What is number of staff in each office?
What is the breakdown of staff by roles (i.e., sales, customer service or technical)?
In what regions, countries, and cities are their data centers located?
Do these data centers utilize a public or private cloud?
Do they offer offsite, in country disaster recovery?
What processing, hosting, and analytic technologies are offered in each data center, and are those technologies consistent across their locations? Ensuring a consistent global tech stack will help ensure you can apply the same processes and procedures globally, increasing the defensibility of your operation and mitigating risk.
What is the daily processing through-put in each data center?
What capabilities does the provider have to standup new data centers if needed based on client demand?
Do they provide a follow-the-sun support model, and if they do, is it that offering based on in-country resources for each location?

As you evaluate potential eDiscovery managed service partners, you should research your previous global eDiscovery needs, understanding what went right and what went wrong. Your organization should define its specific goals and any challenges the business has faced in dealing with global discovery. The provider and the solution they offer should be customized to meet your specific needs, alleviate pain points, minimize cost, and maximize process efficiency.

Where a provider has boots on the ground can go a long way to ensuring success when dealing with global eDiscovery, especially when it is being driven by U.S. litigation or regulatory matters. Understanding the cultural differences that affect global discovery and electronic data use in areas of etiquette and communication can help overcome business-related problems and misunderstanding surrounding eDiscovery with foreign colleagues.

In looking at the software solutions being offered, look for providers that offer multiple processing, hosting, and analytic platforms, and offer those same options across their global platform Multi-platforms will allow for a broader range of file types that can be processed, which is more often a relevant conversation when working in non-U.S. markets where there are tools and data sources that can be commonplace in the local market, but yet not typically encountered in the U.S. Simply working with off-the-shelf platforms could prohibit the ability to process new and emerging files types, especially when they are being used outside the U.S. Providers who offer proprietary solutions will have greater flexibility in adapting their software to accommodate new file types faster than larger industry software providers. Hosting and analytic platforms should be intuitive and allow for customizable workflows. Having a provider that offers multiple platforms will allow for workflows that can be tailored to your organization’s unique needs while remaining defensible. Similarly, make sure the tool stack can handle the local languages relevant to your work and location.

Your managed service provider should be working with its internal compliance department as well as in-country experts to maintain a global cross-border data protection and privacy program that is built to ensure compliance with multiple international privacy regulations. These processes will ensure that the right contractual vehicles and protections are in place in accordance with applicable local regulatory requirements.

Conclusion

Establishing a successful global eDiscovery program will require partnering with a managed service provider whom you view as a trusted advisor and an expert in not only eDiscovery and eDisclosure, but in data privacy. This partner should have a vested interest in helping its clients solve complex discovery issues and achieving project goals while always looking out for its client’s best interests in the global context. Your provider should be committed to providing consistent, high caliber project management and solution design throughout the project life cycle, whether the delivery is limited to one region or whether it is a cross-border matter requiring a follow-the-sun model where its experts synchronize seamless delivery and communication.

In a recent article in Harvard Business Review, researchers showed that 78% of transformations fail finding that “people are the catalysts of successful transformation.” To move beyond working in silos, incremental improvement, and isolated innovation - to achieve transformation – it’s important to have a structured process to engage leadership in setting objectives and guiding transformational change.

Prepare by engaging the right people in setting objectives

The first order of business is to identify key stakeholders. Beyond the General Counsel’s leadership team, there are leaders in other functions who could be either blockers or champions. Putting aside beliefs that IT won’t help (“never have”) or Procurement doesn’t “get” Legal (“never will”) and engaging key people in each department could forestall roadblocks down the road. While Legal may own the project or technology, there are few instances where other enterprise teams (e.g., finance, sales, AP, IT, etc.) are not also stakeholders in the lifecycles those systems manage.

Engage this group in enumerating objectives. Being clear about the relative importance of goals such as cutting cost, improving quality, driving efficiency, or scaling up becomes particularly important when prioritising among competing desires, and later when making course corrections due to unanticipated challenges or opportunities. Focus on how to support corporate strategy, leverage enterprise strengths, and harmonise how the legal department functions to gain visibility and control, enabling further evolution to meet business needs.

Stage 1: Fact-Gathering

Methodically collect information about the department’s current state, focusing on how technology, processes, organisational dynamics, and operations management enable (or impede) effective legal service delivery and continuous improvement. Go beyond the legal department and include the viewpoints of IT, Procurement, Finance and impacted Business Units.

Employ an array of tactics to gather information. Surveys, focus groups and interviews are useful to elicit qualitative information. And gathering objective (empirical) data may be difficult but should not be omitted. Short-term time studies yield insights about what work is being done by whom and how long key tasks require. Estimates of performance attributes such as cycle time are better than no baseline data. A useful outcome of this fact-gathering stage is an inventory of available metrics, and a list of missing data points.

news You fact-gathering should result in finding on the following aspects of the legal department:

Processes. Unearth opportunities to standardise and increase efficiency.
Technology. Audit coverage, effectiveness, adoption and integration.
Organisation. Examine structure, operational leadership, adequacy of staffing and optimisation of internal resources.
Operations. Explore tech support, performance management practices, and project and process management skills sets.

Stage 2: Assessing the Current State & Identifying Opportunities

Rigor and structure set up the next stages. The description of the current state installs the framework and context for describing the desired future state and planning the path forward. Methodically analyse and articulate findings for each category using a rubric, such as the classic Strengths, Weaknesses, Opportunities, Threats (SWOT).

Then engage the key stakeholders in brainstorming. The output is a list of potential improvement initiatives in each overarching category, and analyses that will set up the next stage - aligning around priorities. Include a concise articulation of considerations for each one, such as:

“Return” – impact, benefits expected
“Investment” – estimated cost, level of effort (e.g. low, medium, high)
Additional Considerations – e.g. cross-functional and/or new/rotational staff support needed, market-specific elements, challenges, etc.

Don’t whittle yet, that’s what the Prioritisation stage is for – thereby engaging stakeholders and developing acceptance of what is, and is not, being pursued (hint: not everyone’s pet project will make it onto the roadmap).

Stage 3: Aligning Around Priorities

Here again, structure and process are critical. Use an Effort / Impact matrix and put potential initiatives into quadrants, separating the “low hanging fruit” (high impact, low effort) from high impact/effort initiatives that may not bear fruit for a couple of years. Design a scoring system around objectives and the key stakeholders’ key considerations

The outcome of the prioritisation process is a clear appreciation of what initiatives the organization should pursue, and importantly, alignment among the key stakeholders. Allowing stakeholders to persuade each other to adjust scores is a healthy component of a process that results in consensus – and decisions that will ultimately be accepted and supported.

Stage 4: Designing the Roadmap and Project Governance Plan

Transforming legal operations requires executive sponsors providing guidance, program managers orchestrating workstreams, sufficient and appropriate resources for each project, good visibility into progress, and strong two-way channels of communication.

Workstreams and Resources. Ensure a diversity of skills sets and experience. Don’t try to make do by asking more of top performers. Transformation can’t be accomplished by lawyers leading the effort “off the side of the desk.” Hire or augment dedicated legal operations staff, borrow from other enterprise functions, harness vendor support when implementing new technology, and/or engage consultants.

Sequence and Pace. Sequence for early wins to gain traction, and foster long-term, resilient transformation through overlapping workstreams, each led by a team that meets regularly to focus on the objectives, processes and milestones. Include a change management team to pace activities, giving the organisation time to catch its collective before demanding attention for the next big process shift.

Governance and Visibility. Establish a clear hierarchy, with an executive sponsor to provide guidance, obtain proper resourcing, remove barriers and above-all, ensure the transformation achieves its stated objectives. The Steering Committee provides tactical oversight and coordination, utilising dashboards to ensure transparency about capacity and progress against clearly defined project milestones and metrics.

Communications. At every stage on the transformation journey, confirm understanding, acceptance, and adoption of the desired changes. Some specific suggestions:

Tailor communications to different populations to ensure that employees know what is expected, why (addressing “what’s in it for me?”), and how they can contribute to the initiative’s success.
Employ a variety of forums: town halls, intranet, small group meetings, and events where teams can highlight how they are supporting and benefiting from recent changes.
Ensure two-way communications. Gather feedback, ascertain acceptance, uncover and address resistance.
Celebrate milestones and successes along the way.

A comprehensive transformation with sound leadership and smart change management will build esprit de corps – which will come in handy when it’s time for Transformation 2.0. To gain further insights into legal transformation and its successful implementation, download the full PracticeView™ Guide: A Methodology for Legal Transformation Guide.

news

The term “risk” gets tossed around constantly in the corporate world. But who is responsible for defining and managing risk? This answer is not black and white, as risk type and appetite will look different for every organization. What should be a universal practice is ensuring that all departments understand the enterprise’s risk types.

Keeping risk conversations and processes within silos can be dangerous and result in noncompliance. This is particularly important with cybersecurity, as threat actors can penetrate any part of the business. With new attack methods emerging and trends changing frequently, all departments must be aware of what cyber risk the organization has assumed and their respective roles in managing such risk. This requires an effort not to silo risk and have everyone work together to achieve compliance with established frameworks and regulatory constraints.

Interplay Between Risk Appetite and Compliance

Risk can come in many different forms such as reputation, cybersecurity, privacy, financial, legal, personnel, and operations. Compliance risk intertwines with all of these categories. For example, failure to protect sensitive consumer information can result in violation of a privacy regulation or lead to a data breach placing liability on the organization. While each team will be the main actors in defining and managing their own risks, a collaborative approach will help organizations maintain a successful and mature risk management program. Each executive has different perspectives that help reach a balance while still advancing business goals.

Risk appetite refers to what risk level the organization is comfortable undertaking. This can vary depending on the type, company culture, and changing business goals. Factors that can influence decisions on cyber risk appetite include, trending attack methods, type of data the organization collects and stores, industry, geographical location, and the C-Suite’s risk tolerance. Even with mature security controls, cyberattacks can happen. When an incident occurs within risk appetite, it is easier to respond as the organization has already accepted it as a possibility and will have incident response protocols in place. This makes it extremely important for the CISO to work with the C-suite and legal to determine the organization’s risk tolerance and communicate this across the enterprise.

Importance of Monitoring Cyber Trends

When it comes to cybersecurity, risk appetite and management efforts can change frequently as new threats emerge. This is an area where breaking the silo mentality is extremely important, as everyone in the enterprise handles data and therefore has responsibility to protect it. Staying on top of new attack methods, competitor compromises, and other cyber data is crucial to receive a real-time view of risk. For example, the Identity Theft Resource Centre’s “First Half 2022 Data Breach Analysis” report deemed cyberattacks as the most prevalent threat vector ahead of system errors, human mistakes, physical attacks, and supply chain breaks. The top trending cyberattacks are currently phishing, ransomware, and malware. Keeping up to date with periodic reports and comparing trends from year to year or even quarter to quarter can feed into cybersecurity risk strategy.

Understanding the most prevalent risks is important to detect where vulnerabilities exist and the likelihood a certain threat could materialize for a particular organization. This will influence decisions about cyber risk appetite, incident response plans, and necessary controls. There is no way to guarantee that everyone is operating within the organization’s defined risk tolerance without enhanced transparency and collaboration with other departments, including legal. Periodic assessments and enterprise-wide communication on changing protocols relating to cyber risk is a crucial component of risk management efforts. When preparing such assessments, do not forget to account for compliance requirements as what the organization takes on will need to fall within applicable regulatory, client, and internal obligations. While this can be a lot to process, using risk as a way to talk across the silos will help each unit understand what is tolerated and applicable responsibilities to stay compliant.

Best Practices

When – not if – a cyber incident occurs, compliance with response protocols is not the only thing that comes into play. Other obligations apply relating to breach notification, privacy regulations, privilege, contracts, and more. It is crucial to have processes in place to maintain compliance and mitigate an incident. Everyone needs to receive training and direction on any cyber controls and electronic preferences the organization has decided fit within their comfort level. Risk management gaps generally stem from lack of communication – whether it be the absence of a comprehensive global framework or unbroken silos.

To mitigate risk and ensure everyone is operating within the appropriate risk parameters, look for tools and systems that work across the organization as opposed to one specific unit. This can include software that can automatically detects compliance violations, automated information governance tools, secure data sharing applications, and more. Legal and other key actors should have a seat at the table for discussions with the cyber team to discuss how cyber threats match up with risk tolerance and which tools can create a compliant work environment. This should happen yearly, at minimum, to maintain an effective risk management program.

news

Performing an early case assessment (ECA) to help make better litigation strategy decisions is not a new or novel concept. However, with the rise in technology, this process has evolved and become increasingly more valuable to litigation teams. Attention to case insights comes after a team identifies, preserves, and collects electronically stored information (ESI) about potential matters. This includes litigation, internal investigations, and regulatory events. Oftentimes, clients want answers early about vital case components like whether there is merit, which individuals or entities could be potential witnesses or hold relevant information, when parties were aware of the key issues, and more. The answers to these questions pave the path for how things move forward. Organizations can rely on experts in discovery, data, and analytics to utilize their skills and deploy advanced technology to rapidly analyze data for these types of vital case insights. This allows teams to provide answers to client questions, make informed decisions at a critical point in the matter about how to proceed, and tailor strategies accordingly.

The case insights process is less intensive than the full search and review that comes later in litigation for eDiscovery, but still relies on skilled analysts and artificial intelligence (AI) to identify early valuable insights, vital facts, and hot documents at the start of a discovery effort. The result is a deep analysis report containing key fact and behavior patterns that can help shape the team’s game plan for the case and make decisions on whether to settle, dismiss, file a dispositive motion, or proceed to trial. Being able to make decisions at a very early stage in litigation, backed by reliable data, without spending a lot of money is a game changer. Current economic downturn makes this benefit especially useful. Early case insights aids in improved ECA capabilities so that organizations can make more informed, smarter decisions on how to utilize limited resources and avoid costs. Choosing a vendor with a team of discovery experts that use advanced tools, techniques, workflow, and processes is key to getting the best insights early in a matter.

Ways early case insights can offer litigation teams valuable benefits relating to resource management and case strategy.

Case insights shed light on irrelevant documents, which reduces the overall volume of documents hosted and data that teams need to review during discovery. This cost-saving benefit will help teams manage resources better during the case tenure. Experts can also identify patterns or gaps in collected data so the team can anticipate what additional documents it will need to request, custodians that should have been identified, key actors not initially considered that may be helpful witnesses, and data patterns to address during depositions or trial.

Larger cases inevitably take up more resources and are expensive. Being able to gather case insights early on can significantly reduce these costs. For example, case insights could lead a team to find a document that would greatly undermine their position at trial and increases risk. That information could push that party to settle early on as a way to avoid a mound of costs and a negative outcome.

As the legal industry knows, advanced technologies work quickly and can produce results way faster than manual review. Finding key documents hidden in large datasets will help teams make strategic decisions sooner and develop fact narratives faster. This lines up counsel to have a highly effective and productive meet and confer based on key case facts. Being able to isolate hot documents early on also helps organizations make decisions about the best way to proceed with a case and gauge the chance of success on strategy moves, like filing a motion for summary judgment or settling. Knowing the facts and which documents are helpful or hurtful to a party’s case sheds light on what arguments, key conflicts, and case recommendations to focus on when talking to opposing counsel early on in a matter or before an important motion.

Having case insights provides a head start for TAR and document review activities that come later on in the case, as the document pool will be reduced and case strategy is more focused. Having a smooth handoff for eDiscovery processes saves litigation teams time and money and helps streamline the case, as there should be less room for surprises and objections.

Just like in years past, the ECA process will provide litigation teams with key facts, pinpoint data anomalies, and give organizations a better outlook on case costs. However, with the advanced techniques available today and a more knowledgeable pool of experts, this can all be done faster and more efficiently. Gathering case insights allows litigation teams to have a better understanding of their ESI, spend more time on risk and assessment, avoid future roadblocks, reduce eDiscovery costs, and make superior fact-based informed decisions on how to proceed with a matter.

news

The world is powered by data and technology. With all the focus and new legislation on data privacy, organizations need to keep governance at the forefront when reconciling the use of emerging technologies with compliance and privacy considerations. One area where this becomes particularly important is when organizations utilize platforms, solutions, and other technologies powered by artificial intelligence (AI) for business purposes. Some examples include creditors automating decisions on consumer approvals or employers using AI technology to assist with hiring determinations. The question becomes what framework should be placed around these processes and how can organizations implement some level of governance to avoid violations under laws like the EU’s General Data Protection Regulation (GDPR), Singapore, Malaysia, and Thailand’s Personal Data Protection Act (PDPA), Korea’s Personal Information Protection Act (PIPA), or China’s Personal Information Security Specification or overall data mismanagement that can result in a myriad of other issues?

Keep reading for help on how to answer these big questions.

Getting a Better Grasp on AI

In order to make smarter governance decisions, the first step is expanding knowledge about how AI operates. While it is not necessary to be an algorithm expert, it is important to understand that this technology has the potential to bank an extremely large amount of consumer data that, in turn, can trigger various compliance obligations. Organizations using AI for business functions already understand the basics: this machine learning technology utilizes trained algorithms that grow to detect trends and automate a variety of human tasks. However, to improve AI governance, there needs to be a larger focus on the data that AI systems rely upon to make inferences. Where does this information come from? What are the collection and storage protocols? Are the resulting patterns accurate? Most importantly, what is happening with sensitive consumer data? These are all questions to evaluate to minimize the chance that AI usage runs afoul of legal obligations, especially those rooted in privacy. Having a handle on this aspect of AI will also contribute to stronger information governance practices. When an organization better understands the tools it deploys in the regular course of business, there is more insight into what data they collect and store. This will strengthen information governance, bring unknown obligations to the surface, and lessen the risk of noncompliant behavior.

Data Governance

As organizations navigate through the digital age and data boom, governance should be a top concern. When dealing with AI technology, there needs to be a greater level of accountability and transparency. Organizations can look to their general data privacy framework and expand it to consider unique AI challenges. Pay close attention to compliance obligations under privacy laws and determine how AI fits into that. One definite issue to address is that there could be a bunch of private consumer data living on a company server simply because an algorithm made an inference. If this data is accurate, then there is the concern of failing to obtain consumer consent (which violates the GDPR and other new privacy laws). If that data is inaccurate, then according to these laws consumers should be able to challenge the inferences made about them.

So, how can organizations remedy this moving forward? There needs to be a mixture of preventative measures and auditing deployed. As touched on above, the first step is setting a specific framework around privacy and AI to provide guidelines on how to handle collected consumer data and the resulting inferences. Proper responses – like whether to delete and retain data or provide consumer notification – will be situation dependent. Take the example of a company using AI to help with recruiting and hiring new talent. A process like this has the potential to acquire tons of sensitive data and make inferences about why someone is suitable or unqualified for a certain position. Including a data retention timeline or notification to potential applicants that a profile will be generated could be two key components of an AI privacy framework and help spark the creation of information policies for all people within the organization using these solutions to follow. In general, self-reporting can address several consumer privacy issues that AI usage poses for organizations.

Next, there needs to be some level of governance around what is done with sensitive data. One option is creating GDPR-type protocols that grant consumers the right to delete data collected by these solutions and to challenge inaccurate inferences that AI makes about them. Using the recruiting example, say some bad data is fed into the solution that then renders the individual unqualified for the job. Allowing potential applicants access to this information or the right to request human review are ways to uphold the principle of accuracy. It also allows a level of screening while still keeping the advantages of using AI for a task, like cutting down on the time it takes to completely manually review a project. Other suggestions for AI governance include conducting internal audits, creating steering committees, appointing individuals to review AI ethics within the organization, periodic check-ins with employees to ensure they are following AI privacy policies and protocols, updated education on new technologies or changing compliance obligations, performing risk assessments, and clearly defining objectives in AI project plans.

What is Next for Data Privacy and AI?

Data privacy is always evolving, especially as new technologies emerge and integrate into the business world. With AI governance, there will undoubtedly be challenges and a learning curve. A major obstacle to anticipate when creating AI governance plans is what to do when an organization collects data because they think it might be valuable to eventually run through an AI solution. This is where the AI black box dilemma occurs since it is unknown whether this data will present an advantageous business opportunity until is it actually run through the program. Another challenge could be harmonizing the GDPR’s push for data minimization with AI’s reliance on big data. While challenges like this pose potential conflicts, creating committees to test out solutions like self-reporting and increased transparency will help carve out path for better AI governance and increase the effectiveness of AI oversight as we all navigate the digital era.

What are AI Models and How Can Review Teams Leverage These Tools?

Utilizing Managed Services to Establish Global eDiscovery Processes

A Methodology for Legal Transformation: Assessing, Aligning & Advancing Your Department

Prepare by engaging the right people in setting objectives

Stage 1: Fact-Gathering

Stage 2: Assessing the Current State & Identifying Opportunities

Stage 3: Aligning Around Priorities

Stage 4: Designing the Roadmap and Project Governance Plan

How Thinking Outside Silos Helps Risk Management and Cyber Threat Response

Using Case Insights to Improve Litigation Strategy and Manage Costs

Is the AI Revolution Creating Information Governance Problems?

Subscribe to our newsletter