5 data analytics myths debunked

Data Analytics

Perplexed by Data Analytics? Stuck on statistics? Then fear not, Philip O’Donnell, Forensic Data Analytics Consultant is here to guide you through the fascinating world of analytics, explaining complex concepts, tackling technical terms and showing the power of data in a series of business scenarios.
In his first blog, Philip will debunk some of the most prevalent myths surrounding data analytics. Over to you, Philip!

1) Once you have an analytics tool, anyone can be a data analyst

Father of Data Analytics, John Tukey, summed up the aim of analytics in typically succinct manner by stating,

“The greatest value of a picture is when it forces us to notice what we never expected to see.”

Put broadly, data analytics is a process to uncover hidden patterns, unknown correlations, market trends, customer preferences using mathematical and statistical techniques.

However, many people think data analytics is just a tool that turns data into graphs and that once you have this tool, anyone can analyse data. This is a little like saying that by owning a saw, you are a master carpenter!
To get the most out of data analytics, it is imperative that the right techniques as well the steps in the process must be understood and used in the right context to be truly effective in any investigation and if performed incorrectly can have misleading discoveries.

2) Data analytics is just for auditors

Where there are people, there is data and this data can be analysed and used to improve the way we operate. Music industry moguls use data analytics to measure listener responses to new music. This then helps them work out which genres, and new artists, are likely to bring them a hit.
Analytics is used by all spheres of society, from medical research and environmental studies to more obvious financial applications. Even Hollywood screenwriters have discovered that analytics can produce great success stories. In the Oscar-winning film Moneyball, a poorly performing baseball team hired a statistics expert to help them change their drafting procedures. By using statistics to help select players rather than traditional scouting methods, the team went onto have the longest winning streak in baseball history.

Analytics helps people in all industries make better, more informed decisions and deliver new innovative ways of thinking and doing business.

3) Data context doesn’t matter

The key component to performing any analytics is to understand the environment in which the client operates. Interpreting and advising on findings is a key aspect of the analytics process, so to really add value for clients, sector knowledge is vastly important. The most experienced data analysts need to understand the context of the data, especially in high profile legal investigations, banking cases, corporate compliance, financial analysis, and government projects. Clients looking to get the most out of their data will need to choose a provider who is able to harness industry knowledge and take a pragmatic approach to data science and analytics methodologies.

4) Analysing data can compromise the security and integrity of data estates

This myth does have some truth in that many inexperienced analysts do not understand the importance of a proper data extraction exercise. Direct extraction of raw data from core system is a key step in the analytics process and in the past, I have seen where incomplete and incorrect data extraction has caused data analytics investigation to be invalidated.
However, an experienced data analytics provider is rigorous in ensuring data extraction is performed correctly and is accountable in the chain of custody. Done properly, performing extraction ensures that the complete dataset and minimises the risk of an incomplete investigation. Extraction is performed in such a way that it does not compromise existing security of the data as well preserving the integrity of the system. Extraction can be performed on multiple data sources. These include relational databases, data warehouses as well legacy flat files and dynamic xml formats.

5) Analytics techniques don’t change

Data analytics is an incredibly dynamic discipline and new techniques are being developed all the time. A good analytics provider will always stay abreast of the latest trends and methods. So what is in store for 2016?

According to the International Analytics Institute the number one trend for analytics in 2016 will be that the distinction between cognitive analytics and automated analytics becomes blurred. Automated analytics is the changing of an airplane price or stock price based on the real-time analysis of factors such as customer demand or other market forces. Cognitive analytics is the inspired by how the human brain processes information, draws conclusions, and codifies instincts and experience into learning. Cognitive analytics uses machine learning techniques such as Neural Networks, Logistic Regression and historic data. By understanding the human decision making and learning process, data scientists can incorporate this knowledge into their models and achieve even more accurate and in-depth insights.

Click here to find out more information about our Data Analytics service.

Trends in Document Review: Phase II Investigations

Kroll Ontrack’s Document Review centre handles a real variety of projects, each one with unique requirements and for different purposes.  However, one trend we have noticed since opening last January is an increased number of clients requiring assistance in matters that stem from the mergers and acquisitions process. Pre- and post-merger audits and merger control RFIs from regulatory bodies such as the European Commission, the UK Competition and Markets Authority, the French Autorité de la concurrence, the German Bundeskartellamt as well as the US Department of Justice are just a few examples of incidences where ediscovery providers may be called upon for assistance.

Phase II is an in-depth analysis of the merger’s effects on competition and requires more time. It is opened when the case cannot be resolved in Phase I, i.e. when the Commission has concerns that the transaction could restrict competition in the internal market. A phase II investigation typically involves more extensive information gathering, including companies’ internal documents, extensive economic data, more detailed questionnaires to market participants, and/or site visits.

As mentioned in Kroll Ontrack’s landmark paper on the pressures faced by businesses from regulators, authorities such as the UK’s Competition and Markets Authority, European Commission and US Department of Justice are placing companies under increased scrutiny. As a result, corporations and their law firms are increasingly turning to the technology and specialist document review services offered by ediscovery providers to manage this data and reduce costs.

A recent Phase II request for information perhaps highlights why companies and their law firms are using managed document review services.  We were approached by a leading global law firm on behalf of their client, a FMCG supplier who had been subject to European Commission Phase II request for information and needed urgent document review services.

This case was particularly high priority as the client required highly-qualified review lawyers to start work within less than 24 hours at the weekend and had not contacted Kroll Ontrack until late on Friday afternoon.  However, despite this late notice, we were able to find the requested 7 lawyers to begin reviewing the next day.

Mid-way through the review, foreign language documents were discovered in the system. This could have represented a real set-back in terms of time needed for recruiting lawyers speaking the relevant languages. However, Kroll Ontrack’s pool of review lawyers are of such high calibre the existing team already contained several native and fluent speakers in those languages, despite language ability not being an initial criteria for selection.

In these circumstances, completing such a request in-house would have been incredibly difficult, not only from a technical standpoint but assembling, at short notice, qualified lawyers fluent in the unexpected languages.

Kroll Ontrack was able to provide a total of 42 review lawyers and conduct a privilege review of 19,000 documents and non-privileged review of 29,000 documents within 7 days.  Once the review was complete, the client was so impressed with our efficiency that 10 reviewers were retained in order to complete a redaction exercise.

 

This is not just any Christmas party, this is a Kroll Ontrack Christmas party…

The Honourable Society of the Inner Temple is famed for its rich legal history, art collection and its enviable array of alumni, including two former PMs, Chaucer (maybe), Baroness Butler-Sloss (of Diana inquest fame),  Sir Francis Drake (explorer) and even Gandhi, to name but a few. But this past week, the solemn surroundings of the Temple’s Main Hall were subject to a very different kind of ‘nonviolent civil disobedience’ in the form of the Kroll Ontrack Christmas Party with special comedy guests, This Is Your Trial.

For the uninitiated, This Is Your Trial is an improvised comedy show where professional comedians play the judge, clerk, prosecution and defence. Members of the audience are then given the opportunity to accuse their friends of crimes. The clerk then selects three cases with the remainder of the audience acting as jury to determine the accused’s fate, hopefully with hilarious results.

andrew partyFirst in the dock was our own esteemed Legal Technologies Director, Mr. Andrew Szczech, charged with the particularly grievous crime of ‘rapping at karaoke’.

An attempt to gain leniency by entering an early guilty plea was rejected by the court after it was pointed out that the evening was a lot more fun if we actually had a trial.

Despite wafer-thin evidence and an extremely unreliable witness, who may or may not have been in the unknown location where the incident is alleged to have taken place, Mr. Szczech was rightly found guilty and sentenced to pay a fine of 50 cents.jake party

The second despicable con was Mr. Jake McQuitty, a Partner at TLT solicitors. Mr. McQuitty was indicted with a) taking opera lessons, b) not being grumpy

about his clients and, most seriously of all, c) putting his children to bed! All these acts, in the eyes of his accuser, were not the normal activities of a Partner at a City law firm.

During the trial, it transpired that the dastardly Mr. McQuitty also played tennis to an above average standard and regularly chopped wood in his garden; all wholesome activities which the prosecution leapt on to prove his inherent abnormality. However, the defence cleverly pointed out that all of these details considered together likely rendered Mr. McQuitty a psychopath, just like everyone else in the room. The psychopathic jury agreed and let him walk free.

steph partyThe final defendant hauled before the Court was Kroll Ontrack Case Manager, Stephanie Painter, accused by Peter Susman QC of being ‘too nice’, his sworn evidence being cited as ‘just talk to her’. The Court quickly accepted that Stephanie was indeed ‘nice’, but the case revolved around the central issue of whether she was ‘too nice’. Steph didn’t help her case by admitting that if she stumbled upon an upturned tortoise she would ‘nicely’ turn it the correct way, rather than beat it to death with a rock – pretty nice of her! But ultimately her excellent defence counsel made a very compelling argument that there was indeed a limit to Ms. Painter’s niceness, and seemingly that limit could be found somewhere between allowing Jeremy Clarkson to enter the party but NOT Katie Hopkins or Hitler. This total disregard for the feelings of two of the most monstrous individuals of recent ages meant the jury vociferously and unanimously determined that Steph was indeed ‘nice’ but was not guilty of being ‘too nice’.

I must say, the comedy was absolutely brilliant. So good that I have actually googled their upcoming London dates to take some friends to see a show! All in all, another fantastic event, a huge thanks to all clients and prospective clients for joining us and we look forward to socialising with you again in 2016.

Kroll Ontrack expands local ediscovery capabilities in the Netherlands

Kroll Ontrack has responded to growing demand from Dutch law firms and companies for local support in international investigations and other legal matters faced by companies in the Netherlands by offering ediscovery services locally in the Netherlands.

We have provided data recovery services in the Netherlands for 8 years and ediscovery services remotely for 10 years and are now establishing a local team of ediscovery experts in Amsterdam. In addition to expanding our operation, we are also moving to new premises which are opening in November 2015 in South Amsterdam, located conveniently close to the heart of the Dutch legal and business district.

Law firms in the Netherlands are increasingly familiar with the benefits of ediscovery, especially where they are dealing with U.S. and U.K.-led litigation, regulatory investigations and other multi-jurisdictional matters. We believe that use of ediscovery technology will become commonplace and that there will be widespread adoption of the latest developments such as predictive coding technology, which automates the document review process and significantly reduces the cost of responding to requests for information.  This adoption of ediscovery technology can also extend into proactive initiatives whereby companies undertake audits of their systems to check for any wrongdoing.

Tim Phillips, Managing Director of Kroll Ontrack International Legal Technologies, said: “The new office in Amsterdam will house a larger, Dutch-speaking team of ediscovery and forensics professionals, giving our clients in the Netherlands access to the expertise they need in litigation and investigations on their doorstep. We are committed to building a long-term business that will employ local experts but that will be backed by the resources of the international leader in ediscovery technologies.”

Tina Shah, Legal Consultant, added: “It’s much easier for clients to call us in to help with regulatory or legal enquiries when we are just a few doors down the road rather than in a remote location.  The flight to leniency in competition matters means that time is often of the essence when investigations or dawn raids take place, so it pays to have an ediscovery partner that is already nearby and able to quickly come to your assistance. Additionally, clients will benefit from our world class data centres in London, Paris, Frankfurt and Tokyo as well as our valuable document review service.”

To celebrate the launch of the newly expanded office, we welcomed our Dutch clients to join us for festive cocktails and amazing views at Amsterdam’s unique Skylounge bar.

The view from the SkyLounge

The view from the SkyLounge

No more EU-US Safe Harbor. What are the implications for citizens and businesses?

Introduction

On 6th October 2015, the Court of Justice of the European Union declared in the case Maximillian Schrems v. Data Protection Commissioner (Case C-362/14) that the “Safe Harbor Agreement” between the EU and the US is invalid.

Until now, the so called “Safe Harbor Agreement” was an agreement signed in 2000 between the US Department of Commerce and the European Union that allowed US-based companies to transfer data from EU to the US and to thus comply with the EU Data Protection Directive of 1995. In 2000, the European Commission had declared that the US provides for adequate safeguards for data protection. The “Safe Harbor Agreement” consisted of data protection principles to which to which US undertakings may subscribe voluntarily. Up to date, 4400 companies transferred data to the US under the “Safe Harbor Agreement”.

The online version of the Court judgment is available online here and the press release of the Court of Justice concerning this case is available here.

What is the background of the case?

Maximillian Schrems, an Austrian citizen, has been a Facebook user since 2008. As is the case with other subscribers residing in the EU, some or all of the data provided by Mr Schrems to Facebook is transferred from Facebook’s Irish subsidiary to servers located in the United States, where it is processed. Mr Schrems lodged a complaint with the Irish supervisory authority (the Data Protection Commissioner), taking the view that, in the light of the revelations made in 2013 by Edward Snowden concerning the activities of the United States intelligence services (in particular the National Security Agency), the law and practice of the United States do not offer sufficient protection against surveillance by US public authorities of the data transferred to that country. The Irish authority rejected the complaint, on the ground, in particular, that in a decision of 26 July 2002 the European Commission considered that, under the ‘safe harbor’ scheme, the United States ensures an adequate level of protection of the personal data transferred.

Mr. Schrems appealed the decision of the Data Protection Commissioner before the Irish High Court. The Court decided to stay the proceedings and to refer questions to the European Court of Justice for a preliminary ruling.

The European Court of Justice ruled that the so-called “Safe Harbor Agreement” was invalid because it allowed US government authorities to gain routine access to Europeans’ online information. The court also explained leaks from Edward J. Snowden, the former contractor for the National Security Agency, made it clear that American intelligence agencies had almost unfettered access to the data, infringing on Europeans’ rights to privacy.

What are the next steps following this judgment?

The Court of Justice ruling is effective immediately and declares the current “Safe Harbor Agreement” invalid. This judgment has the consequence that the Irish supervisory authority is required to examine Mr Schrems’ complaint with all due diligence and, at the conclusion of its investigation, is to decide whether, pursuant to the EU Data Protection Directive, transfer of the data of Facebook’s European subscribers to the United States should be suspended on the ground that that country does not afford an adequate level of protection of personal data.

What are the practical implications of this judgment for US-based companies who used to transfer personal data from EU citizens to the US under the “Safe Harbor Agreement”?  

As we know, the recent Court of Justice judgment declared the “Safe Harbor Agreement” invalid. This means, under a strict interpretation, data transfers concerning personal data from EU citizens to the US cannot rely on the “Safe Harbor” anymore since it has been declared invalid.

Nevertheless, US-based companies should still be able to transfer data from EU citizens to the US by using alternative mechanisms such as standard contractual clauses, binding corporate rules (“BCR”) and derogations.  Standard contractual clauses are model clauses that have been issued by the European Commission and are designed to facilitate transfers of personal data from the European Economic Area (EEA) to third countries that are not designated to be ”adequate” for the processing of personal data by the European Commission. The model clauses  provide sufficient safeguards for the protection of the privacy of individuals.

“BCR” are internal rules such as a Code of Conduct adopted by multinational group of companies which define its global policy with regard to the international transfers of personal data within the same corporate group to entities located in countries which do not provide an adequate level of protection. To that extent, “BCR” ensure that all transfers are made within a group benefit from an adequate level of protection. Once approved under the EU cooperation procedure, “BCR” provide a sufficient level of protection to companies to obtain authorisation of transfers by national data protection authorities. It should be noted that the “BCR” do not provide a basis for transfers made outside the company group.

As to derogations, the EU Data protection rules include derogations under which personal data can be legitimately transferred to the US on the basis inter alia of[1]:

  • performance of a contract [e.g. If you book a hotel in the U.S., my personal data are transferred there in order to fulfil the contract];
  • Important public interest grounds [e.g. cooperation between authorities in the fight against fraud, cartels, etc.];
  • The vital interest of the data subject [e.g. it means in urgent life or death situations, personal data such as medical records can be transferred internationally in the person’s own interest];
  • Or if there is no other ground, the free and informed consent of the individual;

From a pragmatic standpoint, although there is no official “grace period” following the invalidity of the Safe Harbor, US-based companies that transfer personal data from EU citizens to the US cannot be expected to cease such transfers immediately since this would affect numerous business operations.

Frans Timmermans, the First Vice-President for the European Commission, who will be charged with carrying out the ruling, and Vera Jourová, EU Commissioner, tried to ease the concerns of companies. Their official press release is available here. They said businesses could still move European personal data to the United States through other mechanisms including standard contractual clauses, binding corporate rules (“BCR”) and derogations.

How will this judgment affect the ongoing discussions concerning the new Safe Harbor Agreement, the EU Data Protection Reform and the EU-US Umbrella Agreement for the law enforcement sector?

Frans Timmermans, the First Vice-President for the European Commission and Vera Jourová, EU Commissioner, explained that the European Commission has been in discussions with the US over the past two years to revise the existing Safe Harbor. Negotiations are still ongoing but the aim is “to step up discussions with the US towards a renewed and safe framework for the transfer of personal data across the Atlantic”.

As to the EU Data Protection Reform and the EU-US Umbrella Agreement for the law enforcement sector, they explained that both are well on track and will most likely be finalised this year. The Data Protection Reform which will see the passing of a new EU Regulation to replace the Data Protection Directive aims amongst other things to strengthen the powers of national data protection authorities, which have an essential role in upholding individuals’ rights to data protection. In their view, this is fully in line with the recent Schrems’ ruling.

The EU-US Umbrella agreement differs from the Safe Harbor. It does not itself enable data transfers. Rather, it sets high data protection standards in the area of police and criminal justice cooperation. They explain that the Umbrella agreement will improve the protection of personal data of Europeans in the U.S. as it will make sure that citizens will have recourse to judicial redress possibilities in the U.S. in case of privacy breaches, once the US Congress has adopted the respective draft Bill.

Finally, Mr. Timmermans and Ms. Jourová explained that the European Commission would work with national data protection authorities to ensure that the court’s decision (Schrems’ recent judgment) is carried out in a uniform fashion across the European Union. They concluded saying “As citizens need robust safeguards and businesses need legal certainty; the guidance should help avoid a patchwork of potentially contradicting decisions by the national data protection authorities and therefore provide predictability for citizens and businesses alike”.

What should companies do while the current legal situation is being clarified?

  While the new Safe Harbor Agreement is being discussed between the EU and the US and the EU Data Protection Reform is finalised, companies that used to transfer personal data from the EU to the US under the Safe Harbor Agreement should now use alternative mechanisms such as standard contractual clauses, binding corporate rules (“BCR”) and derogations described above.  We also suggest that companies seek guidance and approval from the respective national data protection authorities in the countries in which they have business operations.

In addition, if companies, for example, are in litigation in the EU that requires the services of an ediscovery provider or at least they need to process and host EU citizen’s personal data, we recommend that they opt for in-country solutions within the EU so as to comply with EU data protection regulations. In practice, this means for example, that if a German company has to collect data from their employees based in several locations in Germany with the assistance of an ediscovery provider, that data should be processed and hosted in a German data centre so as to comply with strict German and EU data protection regulations. The data should thus not leave the German borders. In our view, the Schrems’ recent judgment reinforces the need to use local solutions so that when data is processed and hosted to carry out electronic searches, data remains within the respective countries of the custodians concerned and above all remains within the EU. If data from the European custodians does have to leave the European Union and needs to be transferred to the US then it will have to be within the framework of the alternative mechanisms described above.

[1] For further derogations please refer to Article 26 of the Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

9 Reasons Why Lawyers Don’t Use Machine Learning on Review

Okay, so 9 isn’t a nice round number. I originally started with 5 which didn’t fully convey the message and although I didn’t quite make it to 10, I hope on reading this blog some of your hang ups around predictive coding ( or machine learning/technology assisted review/artificial intelligence, whatever you want to call it) are allayed.

One thing I am sure of is that many lawyers are missing a trick by failing to make use of some of the advanced forms of legal technology available today. We’ve been harping on, as an industry, about this subject for years and I feel like we, as providers, need to take the majority of the blame for not making it easy for clients to appreciate the value of adopting a new approach to legal review.

After all, lawyers’ clients are becoming more demanding in relation to fees, and information governance doesn’t seem to be keeping pace with the volumes of data generated so unless you want to spend extortionate amounts trawling through irrelevant data you need, at some point, to seek a different way.

  1. My client has to pay extra for this service

It is true that sometimes you have to pay for efficiency. However, that doesn’t mean that those prices must break the bank. We, along with a handful of other providers, have developed our own software with our own machine learning capabilities and these are all available within the usual processing charges. This technology therefore doesn’t have to cost any extra but it does depend on the review platform selected.

  1. I’m expected to hold back on a full scale review while a reviewer codes a sample set

I suspect this notion came about through hesitancy on the part of providers to trust the technology themselves and this went on to pervade the industry. Our recent experience with machine learning reinforces the opinion that you don’t have to set up your review team in a certain way to realise the benefits from the technology. Although ideally we’d like to apply the machine learning to a specific individual, that doesn’t preclude other reviewers from categorising documents concurrently while the system finds its feet.

  1. I don’t feel confident defending this review strategy under scrutiny

Confidence is born out of experience and while I concede that it’s more difficult to become comfortable with ‘black box’ technology than keyword filtering, for example, that’s a journey we’re here to help with. I should also make it clear that machine learning can be used in conjunction with any other filters you apply. Most clients who are converts to machine learning began this journey by simply using the system to prioritise documents. As the system learns from the decisions being made it will award percentage relevance figures to each document and will push documents up through batching to ensure reviewers are seeing the most relevant documents sooner. On the vast majority of the projects we work on the statistics (we’d update you regularly during a review) support the fact that relevancy rates increase rapidly after the first couple of days of coding and fall away gradually a few days into the review and will usually look something like this…

machine learning

  1. The computer intelligence may miss a hot document

I suppose this is an extension of the reservation above. Machine learning doesn’t need to be used to cull documents although this is often a consideration in the latter days of a review when you’re presented with review progress such as that above. There does not need to be any risk attached to using this approach. The more regularly you use prioritisation the more comfortable you’ll feel with the technology and it can then be trusted to run effective quality checks either of human reviewers or the remaining pool which you’re considering casting aside.

  1. I need to review all my documents in any case

But wouldn’t you prefer to strike upon those which are relevant earlier in the process?

  1. It’s too complex and I don’t trust the technology

It’s not necessary to understand the algorithms behind the technology, although we do have people who can go into this level of detail if needs be. From my perspective, I understand how the different machine learning offerings out there differ but I’d be more concerned about the results of the review as these should speak for themselves.

  1. I won’t be able to charge my client as many billable hours

Okay, I admit, a lawyer has never used this as an objection (at least without a wink of an eye and a wry smile) but there’s no harm in stirring a little controversy! Truthfully, in my experience, lawyers genuinely want to do what’s best for their client and it’s the lack of trust in the technology that prevents them from taking advantage of the cost savings which this technology can bring about.

  1. There’s no precedent for using the technology

First thing to say is that if you’re just using machine learning for prioritisation then a precedent isn’t needed. You’re still reviewing all the documents so you’re unimpeachable. The most recent decision relating to culling documents using the technology has taken place in the Irish Courts in the Irish Bank v Sean Quinn case. This use of predictive coding technology is a creeping inevitability and those early adopters will not only benefit from the experience but will also stand out through the lens of their client as being technology savvy and will attract more business as a result.

  1. I don’t have enough documents to justify its use

In line with the above reasoning, we routinely recommend and use machine learning to bring forward relevant documents on all projects above 10,000 documents. Although the power of the technology won’t be as acutely harnessed as it would be on a larger data set, you would still recognise benefits even with these relatively small document numbers.

 

New Frontiers in Ediscovery

We are very excited to be launching the inaugural edition of our report entitled: ‘New Frontiers: An Insight into the global expansion of ediscovery.’    The report contains a compendium of 15 articles focusing on how ediscovery is being carried out in various countries around the world.  We have also have included a series of feature articles examining:

  • how ediscovery technology is being used to detect cartels
  • what uses are being found for ediscovery technology in the financial services sector
  • the latest trends in computer forensics
  • new technologies in ediscovery.

Ediscovery has evolved from its origins as a legal procedure used primarily in the USA and UK in litigation matters. Kroll Ontrack’s global expansion over the past ten years has shown there is demand across Europe and Asia for ediscovery technology to search for and review electronic evidence, particularly for competition matters and internal investigations. Download the full report here >>

What does ediscovery look like in 2015?

We asked our global network of legal consultants to report in depth on the state of ediscovery in their respective countries, providing insight into global trends around ediscovery adoption, uses and advances in technology.

The New Frontiers report documents how ediscovery is becoming an important element of the business landscape, even for countries that do not have an obligation to provide ediscovery as part of their legal framework. The important drivers for these countries, including Germany, France, the Netherlands, China and Singapore are more likely to be related to increased scrutiny by regulators, the transparency and compliance agenda, the need to manage mountains of big data and the overriding requirement to reduce legal cost.

Tim Phillips, Managing Director of Kroll Ontrack International Legal Technologies, commented:

“As a leader in the global industry, we believe it is important to document these changes and to highlight ediscovery’s rapid growth as a problem-solver for everything from regulatory compliance to dealing with dawn raids, and from unbundling legal services to forensic investigations.”

The New Frontiers report is available in full here.

Volkswagen emissions scandal fuels wider investigations

Last week, we saw the news that Volkswagen is setting aside €6.5bn (£4.7bn) to cover costs of the rigged US car emissions tests scandal and faces potential fines estimated up to $18bn.The automotive sector is under fierce pressure from consumers and regulators. Regulatory authorities worldwide have launched over 100 investigations into the activities of car manufacturers and/or companies producing components used in car manufacture.

The importance of consumer confidence in the automotive industry remains so high that many spokespersons are calling for more investigations and the implications can be wide-ranging. Not only will automobile manufacturers themselves be at risk but investigations can also look into the activities of third parties and suppliers. Given the size of the industry, this represents a significant number of businesses placed under regulatory scrutiny.

What happens in an investigation?

Regulators will be looking for evidence of misconduct. In most cases, this evidence will be found within electronic and paper documents. Therefore, the first step in many investigations will be a dawn raid on a company’s premises where agents will seize electronic devices such as laptops, computers and phones as well as taking copies of data from servers and the Cloud. They may also take paper documents. The regulator will then examine this evidence as part of the investigation.

Be prepared

At this stage, companies involved in the automotive industry should consider their exposure to issues raised in the Volkswagen scandal (e.g.  methods of measuring fuel emissions) . Companies should also think in a wider context with regards to risk. For example, although a regulator may initially be investigating a specific issue, in this case regarding falsification of fuel emission reports, they will not turn a blind eye to other forms of misconduct. Investigations into one product or issue can unearth evidence of other issues which need to be investigated and potentially reported.

If a company thinks there is even a small risk of any kind of wrongdoing, we would advise taking precautionary measures sooner rather than later. As mentioned earlier, regulators may conduct an unannounced visit. They may also request the submission of large volumes of data with very short deadlines which can be very difficult to meet without expert help from a legal technology provider.

How can an ediscovery expert help?

Whether a company is proactively conducting an internal investigation or is undergoing a regulatory investigation, using an ediscovery provider can give an advantage by:

  1. Establishing what issues the company faces

Kroll Ontrack’s case managers and electronic evidence consultants are experts in assisting with regulatory investigations. Using advanced tools such as predictive coding, they can analyse emails, instant messages, and dozens of other types of office document. Any ‘hot documents’ or data custodians who are exhibiting suspicious behaviour can be quickly identified, allowing companies to take appropriate action in a timely manner.

  1. Identifying irregularities

Not all misconduct is uncovered in communications data such as email. Our structured data consultants are able to use analytics tools to examine financial, operational and transactional data to uncover irregularities that may otherwise be hiding behind big data.

  1. Collecting and preserving important evidence

Evidence is precious and inexpert handling can mean evidence is rejected in court (for example if original metadata was altered during collection). Kroll Ontrack’s digital forensics experts gather electronic evidence and materials in a forensically sound manner, ensuring all data collected is ready for use in an investigation.

We have data centres throughout the world and mobile solutions, meaning evidence can be stored securely and in accordance with data protection laws no matter where in the world it is located.

  1. Presenting project plans to the board, regulators or other relevant third parties

Consultancy is a key part of the service at Kroll Ontrack. Our legal consultants can provide advice and strategy to the board. We are also able to collaborate with regulators where necessary, often negotiating extensions to deadlines or a more favourable investigatory scope.

  1. Providing qualified lawyers and/or paralegals to conduct first level relevance reviews.

With tight deadlines and often specialist technical knowledge required, it can be difficult for law firms to assemble teams of document reviewers with the right skills to conduct document reviews. Kroll Ontrack retains a pool of high-calibre, multilingual document review lawyers with experience across all industrial sectors, ready to be deployed at very short notice.

 

 

Are we ready for the drone revolution?

In 2014, over ten thousand civilian drones were sold in the UK and future sales are predicted to increase rapidly. Despite recent legislation regarding privacy and aviation safety, there could still be unintended consequences should drones use become widespread, particularly around data theft and the use of data collected on drones as evidence in court.

Are drones secure?

As with any wireless device, drones can be commandeered or made uncontrollable by third parties. Data can be intercepted by third parties such as data thieves, authorities and hackers. According to white hat hacker Samy Kamkar, hijacking a drone is relatively simple. To prove his point, he adapted a Parrot AR drone, which is commonly used for taking aerial photographs and has video recording capability, and combined it with a Raspberry Pi system. By running his customised software, Kamkar was able to use his hacked drone to track down and control other Parrot drones.

Kamkar has since shared his software with the manufacturers so they can take steps to patch the security holes exploited but the exercise highlighted that drones are vulnerable and the data collected by a drone can be stolen. Until drone security develops and improves, commercial drone users should be cautious of collecting sensitive data via a drone.

Extracting evidence from drones

Should legal action result from the use of drones, for example, when data is stolen and a damages action follows or sensitive personal data is captured and penalties for breaching data protection law ensue, then the data captured by drones may need to be analysed and disclosed in legal proceedings

When faced with a drone a computer forensic expert called upon to extract data from it, would need to consider how the data is stored, whether or not it is encrypted and if it is hard to get to what other sources of the data can be tracked down. There is sometimes a lag between the release of a new device and the development of the tools able to access the data stored on them but often computer forensic experts are able to locate electronic evidence from new devices to support legal proceedings.

A changing legal climate

As drones grow in popularity, so too will the number of disputes regarding their use. Undoubtedly, drone guidelines, which are currently in their infancy, are likely to develop as the legislation evolves to encompass technological advancements. Any organisation, whose business can be affected by drones, whether positively or negatively, should make it a priority to keep abreast of legislation to best protect themselves from future legal action.

“Price Fixing,” she wrote…

Like any young Scottish girl growing up, my aspiration in life was to become Cabot Cove’s finest; J.B. Fletcher.  Played by the glorious and revered Angela Lansbury, J.B. Fletcher was a sharp minded, best-selling novelist who would always save the day by discovering who the ’real killer’ was.  Years of ’whodunnit’ episodes brought out my inner detective, itching to solve mysteries.

And so, we fast-forward to the present day where you will find me donning my my Jessica Fletcher hat  and 80s style blazer to help clients with their investigations.  More often than not clients are faced with vast volumes of data, a broad question to answer and quite frankly, no idea where to start. This is where I come in, large earrings and all, to help our clients quickly and efficiently their data and gather a data set. This data set is more often a starting point but such is the power of the technology (and wit of the detective!) that in some instances provides an answer.

So without any further ado, let us dive into the mysterious Case of the Chocolate Cartel.

How will our glamorous heroine help solve this case?

My client, a law firm, has been enlisted to investigate whether a  chocolate company has been liaising with their competitors with the purpose of fixing prices. The law firm has collected 15 custodians’ data and have 1.8million documents after processing and deduplication. Where do they start looking for clues when faced with such an intimidating amount of data?

Cartels live and die by conversation. Without communication between parties there can be no cartel and so logically uncovering a cartel will involve investigating the communications of employees of The Chocolate Company, particularly emails and meetings discussing prices. So what would Jessica Fletcher do in this situation? Both she and I would start by examining the communications, and no I don’t mean reading through 1 million emails.

Armed with the best technology on the market, we can run a report to show the Domains that exist within the ‘FROM’ field of the database. Within a couple of minutes we can establish if any of the custodians have emails from a competitor. If there are, alarms bells start ringing. We also look for private email domains (Hotmail, gmail, yahoo etc.) because private email addresses are often a sign that someone has been doing a lot of internet shopping, or something dodgy. If both competitor domains and private domains exist  Jessica Fletcher might say I don’t want to alarm you but something very sinister is going on here”.

Next step in the hunt for clues would be to run searches to isolate communications with those specific domains, and utilise visual analytics to get a good an idea of whether or not there is a mystery to solve, focusing particularly on answering the following questions:

Who was communicating with whom?

We will check whether or not there are external competitors talking with the employees of The Chocolate Company and if custodians forwarding emails to their private email addresses.

When are communications happening?

Building a timeline of communications is key to understanding the relevance of  communications and how they factor in the creation and maintenance of cartel activities.

What are employees saying?

Are the Chocolate Company employees negotiating a new employment or agreeing to align prices? Are they arranging unofficial meet-ups with competitors (golf sessions, dinners out or other places where it is possible to talk in confidence)? If this sort of communication is occurring, further investigation is definitely warranted.

By looking into these criteria, in a very short amount of time I can get a visual overview of the type of communications in the database, and enough of an insight to make an informed judgement as to whether or not there is a potential problem.

All that’s left to do to finally solve the case is to run targeted searches and provide focused results to my review team which will help them to understand the bigger picture and sequence of events.  This helps the Review Team navigate the data to find the evidence and unmask the true guilty party!

And that, my friends, concludes this episode of The Case of the Chocolate Cartel on this season of ‘“Price Fixing,” she wrote…’ – cue closing book and cheesy smile freeze frame!