The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/411912
WWW.ILTANET.ORG 61 EXAMPLES OF BIG DATA Many common applications found in law firms contain big data and, therefore, risk. E-discovery applications are a great first example. The typical e-discovery case involves large volumes of unstructured data, which is replicated many times as the data progresses through the various stages of litigation. The result is not only many copies of client data that the firm might not be able to track but the temptation to retain client data beyond the normal retention for the sake of efficiency. Big data has spawned a world of new methods for managing and mining data sets. The rise of computer-assisted review using predictive technology is an early example of such a method, with most major tools utilizing some sort of distributed computing architecture. However, as the size of data sets increases and the structure decreases, big data analytics will have major implications on the world of e-discovery. It is entirely possible that search analysts with skills in designing defensible big data analyses and processing scripts will replace project managers who can design review strategies in the future. Will this kind of job expose firms to new liabilities? Will firms have the tools to track what kinds of sensitive information exist in these data sets, so they can be appropriately protected or destroyed? Data sets involved in the production of legal bills provide another big data example. While some firms have found a wealth of information about their legal workflows in this data, the potential downside is that corporate clients are using the same data, aggregated from many law firms, to provide the same insight for a very different purpose. Specifically, there are several big data billing aggregators that use information from e-billing to create a view into the "normal" costs of legal services and, as an added value, provide advice on how to get the best deal on legal services. Clients are using these services to craft more sophisticated alternative fee arrangements. Disposing of client information poses an insidious risk in law firms, especially when done inadequately or incompletely. This is an especially thorny issue because many law firm clients are big, sophisticated organizations in heavily regulated areas such as banking and finance, pharma, and health care. These clients often have well-developed and mandated document security and retention policies. These clients might require that a firm honor their policies through outside counsel guidelines or other agreements. This can prove difficult if the firm does not know all the places where data are located, and, with big data, a firm might not have the tools (or the tools might not yet exist) to dispose of a single client's data which is part of a larger, aggregated data set. Many of these clients struggle to enforce their own retention policies, but that does not reduce the embarrassment or liability for a firm that remains in possession of material which the client has (correctly) disposed of, and which could now be within the scope of a litigation hold. RESPONDING TO THE RISKS What should a law firm's strategies be as big data gets bigger and risks get riskier? Starting with basic policies is important, with an emphasis on creating solid processes for tracking client data as it enters the firm, managing it as it moves through its useful life and assuring its eventual disposition. A nice source for building such processes is the series of reports published by the Law Firm Information Governance Symposium over the last few years. Make sure internal resources are empowered to enact such processes and that clients are informed about, and agree to, any disposition terms. If the firm is tracking data, it can also classify the data based on sensitivity. This means the firm can restrict access to sensitive data to those who need it. For many existing data sources in law firms, traditional security and tracking tools provide adequate measures. The difficult problem is in applying tracking processes to big data tools, but technologies are under development, such as Apache's Accumulo, to deal with the unique security problems in big data management. USING BIG DATA FOR RISK MITIGATION Big data brings risks, but it can also be a friend to information governance (IG), most obviously within the area of information security. Gartner has estimated that by 2016, 25 percent of large global companies will use big data for at least one security or fraud detection function. Why? One of the most daunting problems in security is analyzing and correlating the overwhelming amount of events logged in a typical environment in order to detect possible signs of intrusion. One company, HP, estimated that it generates about 12 million events per second! While the typical law firm will generate far fewer events, the problem is the same: Most off- the-shelf tools cannot deeply analyze and correlate the needed amount of data in a timely fashion or with meaningful results. Even worse, Gartner reports that hackers are adjusting to better fraud prevention by greatly shortening the time of so-called advanced persistent threats, eliminating drawn-out reconnaissance processes, as reported by the Cloud Security Alliance in "Big Data Analytics for Security Intelligence." Prototypes of security tools are being developed and tested. Beehive, a tool developed by RSA, allows a human analyst to detect potential advanced persistent threats and other hard-to-detect potential incidents by reporting events that indicate suspicious About the Authors Bryn Bowen, CRM is the Principal Consultant at Greenheart Consulting Partners LLC. Bryn is also the President of the ARMA Metro NYC chapter and was formerly the director of records information management at Greenberg Traurig LLP. There he established a global information governance and records management program and re-engineered the NBI conflicts program. Bryn can be contacted at bryn@greenheartllc.com and on Twitter at @brynguy.