Trends in Document Review: Phase II Investigations


Kroll Ontrack’s Document Review centre handles a real variety of projects, each one with unique requirements and for different purposes.  However, one trend we have noticed since opening last January is an increased number of clients requiring assistance in matters that stem from the mergers and acquisitions process. Pre- and post-merger audits and merger control RFIs from regulatory bodies such as the European Commission, the UK Competition and Markets Authority, the French Autorité de la concurrence, the German Bundeskartellamt as well as the US Department of Justice are just a few examples of incidences where ediscovery providers may be called upon for assistance.

Phase II is an in-depth analysis of the merger’s effects on competition and requires more time. It is opened when the case cannot be resolved in Phase I, i.e. when the Commission has concerns that the transaction could restrict competition in the internal market. A phase II investigation typically involves more extensive information gathering, including companies’ internal documents, extensive economic data, more detailed questionnaires to market participants, and/or site visits.

As mentioned in Kroll Ontrack’s landmark paper on the pressures faced by businesses from regulators, authorities such as the UK’s Competition and Markets Authority, European Commission and US Department of Justice are placing companies under increased scrutiny. As a result, corporations and their law firms are increasingly turning to the technology and specialist document review services offered by ediscovery providers to manage this data and reduce costs.

A recent Phase II request for information perhaps highlights why companies and their law firms are using managed document review services.  We were approached by a leading global law firm on behalf of their client, a FMCG supplier who had been subject to European Commission Phase II request for information and needed urgent document review services.

This case was particularly high priority as the client required highly-qualified review lawyers to start work within less than 24 hours at the weekend and had not contacted Kroll Ontrack until late on Friday afternoon.  However, despite this late notice, we were able to find the requested 7 lawyers to begin reviewing the next day.

Mid-way through the review, foreign language documents were discovered in the system. This could have represented a real set-back in terms of time needed for recruiting lawyers speaking the relevant languages. However, Kroll Ontrack’s pool of review lawyers are of such high calibre the existing team already contained several native and fluent speakers in those languages, despite language ability not being an initial criteria for selection.

In these circumstances, completing such a request in-house would have been incredibly difficult, not only from a technical standpoint but assembling, at short notice, qualified lawyers fluent in the unexpected languages.

Kroll Ontrack was able to provide a total of 42 review lawyers and conduct a privilege review of 19,000 documents and non-privileged review of 29,000 documents within 7 days.  Once the review was complete, the client was so impressed with our efficiency that 10 reviewers were retained in order to complete a redaction exercise.


This is not just any Christmas party, this is a Kroll Ontrack Christmas party…

inner temple

The Honourable Society of the Inner Temple is famed for its rich legal history, art collection and its enviable array of alumni, including two former PMs, Chaucer (maybe), Baroness Butler-Sloss (of Diana inquest fame),  Sir Francis Drake (explorer) and even Gandhi, to name but a few. But this past week, the solemn surroundings of the Temple’s Main Hall were subject to a very different kind of ‘nonviolent civil disobedience’ in the form of the Kroll Ontrack Christmas Party with special comedy guests, This Is Your Trial.

For the uninitiated, This Is Your Trial is an improvised comedy show where professional comedians play the judge, clerk, prosecution and defence. Members of the audience are then given the opportunity to accuse their friends of crimes. The clerk then selects three cases with the remainder of the audience acting as jury to determine the accused’s fate, hopefully with hilarious results.

andrew partyFirst in the dock was our own esteemed Legal Technologies Director, Mr. Andrew Szczech, charged with the particularly grievous crime of ‘rapping at karaoke’.

An attempt to gain leniency by entering an early guilty plea was rejected by the court after it was pointed out that the evening was a lot more fun if we actually had a trial.

Despite wafer-thin evidence and an extremely unreliable witness, who may or may not have been in the unknown location where the incident is alleged to have taken place, Mr. Szczech was rightly found guilty and sentenced to pay a fine of 50 cents.jake party

The second despicable con was Mr. Jake McQuitty, a Partner at TLT solicitors. Mr. McQuitty was indicted with a) taking opera lessons, b) not being grumpy

about his clients and, most seriously of all, c) putting his children to bed! All these acts, in the eyes of his accuser, were not the normal activities of a Partner at a City law firm.

During the trial, it transpired that the dastardly Mr. McQuitty also played tennis to an above average standard and regularly chopped wood in his garden; all wholesome activities which the prosecution leapt on to prove his inherent abnormality. However, the defence cleverly pointed out that all of these details considered together likely rendered Mr. McQuitty a psychopath, just like everyone else in the room. The psychopathic jury agreed and let him walk free.

steph partyThe final defendant hauled before the Court was Kroll Ontrack Case Manager, Stephanie Painter, accused by Peter Susman QC of being ‘too nice’, his sworn evidence being cited as ‘just talk to her’. The Court quickly accepted that Stephanie was indeed ‘nice’, but the case revolved around the central issue of whether she was ‘too nice’. Steph didn’t help her case by admitting that if she stumbled upon an upturned tortoise she would ‘nicely’ turn it the correct way, rather than beat it to death with a rock – pretty nice of her! But ultimately her excellent defence counsel made a very compelling argument that there was indeed a limit to Ms. Painter’s niceness, and seemingly that limit could be found somewhere between allowing Jeremy Clarkson to enter the party but NOT Katie Hopkins or Hitler. This total disregard for the feelings of two of the most monstrous individuals of recent ages meant the jury vociferously and unanimously determined that Steph was indeed ‘nice’ but was not guilty of being ‘too nice’.

I must say, the comedy was absolutely brilliant. So good that I have actually googled their upcoming London dates to take some friends to see a show! All in all, another fantastic event, a huge thanks to all clients and prospective clients for joining us and we look forward to socialising with you again in 2016.

Kroll Ontrack expands local ediscovery capabilities in the Netherlands

Amsterdam Opening 014 (2)

Kroll Ontrack has responded to growing demand from Dutch law firms and companies for local support in international investigations and other legal matters faced by companies in the Netherlands by offering ediscovery services locally in the Netherlands.

We have provided data recovery services in the Netherlands for 8 years and ediscovery services remotely for 10 years and are now establishing a local team of ediscovery experts in Amsterdam. In addition to expanding our operation, we are also moving to new premises which are opening in November 2015 in South Amsterdam, located conveniently close to the heart of the Dutch legal and business district.

Law firms in the Netherlands are increasingly familiar with the benefits of ediscovery, especially where they are dealing with U.S. and U.K.-led litigation, regulatory investigations and other multi-jurisdictional matters. We believe that use of ediscovery technology will become commonplace and that there will be widespread adoption of the latest developments such as predictive coding technology, which automates the document review process and significantly reduces the cost of responding to requests for information.  This adoption of ediscovery technology can also extend into proactive initiatives whereby companies undertake audits of their systems to check for any wrongdoing.

Tim Phillips, Managing Director of Kroll Ontrack International Legal Technologies, said: “The new office in Amsterdam will house a larger, Dutch-speaking team of ediscovery and forensics professionals, giving our clients in the Netherlands access to the expertise they need in litigation and investigations on their doorstep. We are committed to building a long-term business that will employ local experts but that will be backed by the resources of the international leader in ediscovery technologies.”

Tina Shah, Legal Consultant, added: “It’s much easier for clients to call us in to help with regulatory or legal enquiries when we are just a few doors down the road rather than in a remote location.  The flight to leniency in competition matters means that time is often of the essence when investigations or dawn raids take place, so it pays to have an ediscovery partner that is already nearby and able to quickly come to your assistance. Additionally, clients will benefit from our world class data centres in London, Paris, Frankfurt and Tokyo as well as our valuable document review service.”

To celebrate the launch of the newly expanded office, we welcomed our Dutch clients to join us for festive cocktails and amazing views at Amsterdam’s unique Skylounge bar.

The view from the SkyLounge

The view from the SkyLounge

No more EU-US Safe Harbor. What are the implications for citizens and businesses?


On 6th October 2015, the Court of Justice of the European Union declared in the case Maximillian Schrems v. Data Protection Commissioner (Case C-362/14) that the “Safe Harbor Agreement” between the EU and the US is invalid.

Until now, the so called “Safe Harbor Agreement” was an agreement signed in 2000 between the US Department of Commerce and the European Union that allowed US-based companies to transfer data from EU to the US and to thus comply with the EU Data Protection Directive of 1995. In 2000, the European Commission had declared that the US provides for adequate safeguards for data protection. The “Safe Harbor Agreement” consisted of data protection principles to which to which US undertakings may subscribe voluntarily. Up to date, 4400 companies transferred data to the US under the “Safe Harbor Agreement”.

The online version of the Court judgment is available online here and the press release of the Court of Justice concerning this case is available here.

What is the background of the case?

Maximillian Schrems, an Austrian citizen, has been a Facebook user since 2008. As is the case with other subscribers residing in the EU, some or all of the data provided by Mr Schrems to Facebook is transferred from Facebook’s Irish subsidiary to servers located in the United States, where it is processed. Mr Schrems lodged a complaint with the Irish supervisory authority (the Data Protection Commissioner), taking the view that, in the light of the revelations made in 2013 by Edward Snowden concerning the activities of the United States intelligence services (in particular the National Security Agency), the law and practice of the United States do not offer sufficient protection against surveillance by US public authorities of the data transferred to that country. The Irish authority rejected the complaint, on the ground, in particular, that in a decision of 26 July 2002 the European Commission considered that, under the ‘safe harbor’ scheme, the United States ensures an adequate level of protection of the personal data transferred.

Mr. Schrems appealed the decision of the Data Protection Commissioner before the Irish High Court. The Court decided to stay the proceedings and to refer questions to the European Court of Justice for a preliminary ruling.

The European Court of Justice ruled that the so-called “Safe Harbor Agreement” was invalid because it allowed US government authorities to gain routine access to Europeans’ online information. The court also explained leaks from Edward J. Snowden, the former contractor for the National Security Agency, made it clear that American intelligence agencies had almost unfettered access to the data, infringing on Europeans’ rights to privacy.

What are the next steps following this judgment?

The Court of Justice ruling is effective immediately and declares the current “Safe Harbor Agreement” invalid. This judgment has the consequence that the Irish supervisory authority is required to examine Mr Schrems’ complaint with all due diligence and, at the conclusion of its investigation, is to decide whether, pursuant to the EU Data Protection Directive, transfer of the data of Facebook’s European subscribers to the United States should be suspended on the ground that that country does not afford an adequate level of protection of personal data.

What are the practical implications of this judgment for US-based companies who used to transfer personal data from EU citizens to the US under the “Safe Harbor Agreement”?  

As we know, the recent Court of Justice judgment declared the “Safe Harbor Agreement” invalid. This means, under a strict interpretation, data transfers concerning personal data from EU citizens to the US cannot rely on the “Safe Harbor” anymore since it has been declared invalid.

Nevertheless, US-based companies should still be able to transfer data from EU citizens to the US by using alternative mechanisms such as standard contractual clauses, binding corporate rules (“BCR”) and derogations.  Standard contractual clauses are model clauses that have been issued by the European Commission and are designed to facilitate transfers of personal data from the European Economic Area (EEA) to third countries that are not designated to be ”adequate” for the processing of personal data by the European Commission. The model clauses  provide sufficient safeguards for the protection of the privacy of individuals.

“BCR” are internal rules such as a Code of Conduct adopted by multinational group of companies which define its global policy with regard to the international transfers of personal data within the same corporate group to entities located in countries which do not provide an adequate level of protection. To that extent, “BCR” ensure that all transfers are made within a group benefit from an adequate level of protection. Once approved under the EU cooperation procedure, “BCR” provide a sufficient level of protection to companies to obtain authorisation of transfers by national data protection authorities. It should be noted that the “BCR” do not provide a basis for transfers made outside the company group.

As to derogations, the EU Data protection rules include derogations under which personal data can be legitimately transferred to the US on the basis inter alia of[1]:

  • performance of a contract [e.g. If you book a hotel in the U.S., my personal data are transferred there in order to fulfil the contract];
  • Important public interest grounds [e.g. cooperation between authorities in the fight against fraud, cartels, etc.];
  • The vital interest of the data subject [e.g. it means in urgent life or death situations, personal data such as medical records can be transferred internationally in the person’s own interest];
  • Or if there is no other ground, the free and informed consent of the individual;

From a pragmatic standpoint, although there is no official “grace period” following the invalidity of the Safe Harbor, US-based companies that transfer personal data from EU citizens to the US cannot be expected to cease such transfers immediately since this would affect numerous business operations.

Frans Timmermans, the First Vice-President for the European Commission, who will be charged with carrying out the ruling, and Vera Jourová, EU Commissioner, tried to ease the concerns of companies. Their official press release is available here. They said businesses could still move European personal data to the United States through other mechanisms including standard contractual clauses, binding corporate rules (“BCR”) and derogations.

How will this judgment affect the ongoing discussions concerning the new Safe Harbor Agreement, the EU Data Protection Reform and the EU-US Umbrella Agreement for the law enforcement sector?

Frans Timmermans, the First Vice-President for the European Commission and Vera Jourová, EU Commissioner, explained that the European Commission has been in discussions with the US over the past two years to revise the existing Safe Harbor. Negotiations are still ongoing but the aim is “to step up discussions with the US towards a renewed and safe framework for the transfer of personal data across the Atlantic”.

As to the EU Data Protection Reform and the EU-US Umbrella Agreement for the law enforcement sector, they explained that both are well on track and will most likely be finalised this year. The Data Protection Reform which will see the passing of a new EU Regulation to replace the Data Protection Directive aims amongst other things to strengthen the powers of national data protection authorities, which have an essential role in upholding individuals’ rights to data protection. In their view, this is fully in line with the recent Schrems’ ruling.

The EU-US Umbrella agreement differs from the Safe Harbor. It does not itself enable data transfers. Rather, it sets high data protection standards in the area of police and criminal justice cooperation. They explain that the Umbrella agreement will improve the protection of personal data of Europeans in the U.S. as it will make sure that citizens will have recourse to judicial redress possibilities in the U.S. in case of privacy breaches, once the US Congress has adopted the respective draft Bill.

Finally, Mr. Timmermans and Ms. Jourová explained that the European Commission would work with national data protection authorities to ensure that the court’s decision (Schrems’ recent judgment) is carried out in a uniform fashion across the European Union. They concluded saying “As citizens need robust safeguards and businesses need legal certainty; the guidance should help avoid a patchwork of potentially contradicting decisions by the national data protection authorities and therefore provide predictability for citizens and businesses alike”.

What should companies do while the current legal situation is being clarified?

  While the new Safe Harbor Agreement is being discussed between the EU and the US and the EU Data Protection Reform is finalised, companies that used to transfer personal data from the EU to the US under the Safe Harbor Agreement should now use alternative mechanisms such as standard contractual clauses, binding corporate rules (“BCR”) and derogations described above.  We also suggest that companies seek guidance and approval from the respective national data protection authorities in the countries in which they have business operations.

In addition, if companies, for example, are in litigation in the EU that requires the services of an ediscovery provider or at least they need to process and host EU citizen’s personal data, we recommend that they opt for in-country solutions within the EU so as to comply with EU data protection regulations. In practice, this means for example, that if a German company has to collect data from their employees based in several locations in Germany with the assistance of an ediscovery provider, that data should be processed and hosted in a German data centre so as to comply with strict German and EU data protection regulations. The data should thus not leave the German borders. In our view, the Schrems’ recent judgment reinforces the need to use local solutions so that when data is processed and hosted to carry out electronic searches, data remains within the respective countries of the custodians concerned and above all remains within the EU. If data from the European custodians does have to leave the European Union and needs to be transferred to the US then it will have to be within the framework of the alternative mechanisms described above.

[1] For further derogations please refer to Article 26 of the Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

9 Reasons Why Lawyers Don’t Use Machine Learning on Review

Okay, so 9 isn’t a nice round number. I originally started with 5 which didn’t fully convey the message and although I didn’t quite make it to 10, I hope on reading this blog some of your hang ups around predictive coding ( or machine learning/technology assisted review/artificial intelligence, whatever you want to call it) are allayed.

One thing I am sure of is that many lawyers are missing a trick by failing to make use of some of the advanced forms of legal technology available today. We’ve been harping on, as an industry, about this subject for years and I feel like we, as providers, need to take the majority of the blame for not making it easy for clients to appreciate the value of adopting a new approach to legal review.

After all, lawyers’ clients are becoming more demanding in relation to fees, and information governance doesn’t seem to be keeping pace with the volumes of data generated so unless you want to spend extortionate amounts trawling through irrelevant data you need, at some point, to seek a different way.

  1. My client has to pay extra for this service

It is true that sometimes you have to pay for efficiency. However, that doesn’t mean that those prices must break the bank. We, along with a handful of other providers, have developed our own software with our own machine learning capabilities and these are all available within the usual processing charges. This technology therefore doesn’t have to cost any extra but it does depend on the review platform selected.

  1. I’m expected to hold back on a full scale review while a reviewer codes a sample set

I suspect this notion came about through hesitancy on the part of providers to trust the technology themselves and this went on to pervade the industry. Our recent experience with machine learning reinforces the opinion that you don’t have to set up your review team in a certain way to realise the benefits from the technology. Although ideally we’d like to apply the machine learning to a specific individual, that doesn’t preclude other reviewers from categorising documents concurrently while the system finds its feet.

  1. I don’t feel confident defending this review strategy under scrutiny

Confidence is born out of experience and while I concede that it’s more difficult to become comfortable with ‘black box’ technology than keyword filtering, for example, that’s a journey we’re here to help with. I should also make it clear that machine learning can be used in conjunction with any other filters you apply. Most clients who are converts to machine learning began this journey by simply using the system to prioritise documents. As the system learns from the decisions being made it will award percentage relevance figures to each document and will push documents up through batching to ensure reviewers are seeing the most relevant documents sooner. On the vast majority of the projects we work on the statistics (we’d update you regularly during a review) support the fact that relevancy rates increase rapidly after the first couple of days of coding and fall away gradually a few days into the review and will usually look something like this…

machine learning

  1. The computer intelligence may miss a hot document

I suppose this is an extension of the reservation above. Machine learning doesn’t need to be used to cull documents although this is often a consideration in the latter days of a review when you’re presented with review progress such as that above. There does not need to be any risk attached to using this approach. The more regularly you use prioritisation the more comfortable you’ll feel with the technology and it can then be trusted to run effective quality checks either of human reviewers or the remaining pool which you’re considering casting aside.

  1. I need to review all my documents in any case

But wouldn’t you prefer to strike upon those which are relevant earlier in the process?

  1. It’s too complex and I don’t trust the technology

It’s not necessary to understand the algorithms behind the technology, although we do have people who can go into this level of detail if needs be. From my perspective, I understand how the different machine learning offerings out there differ but I’d be more concerned about the results of the review as these should speak for themselves.

  1. I won’t be able to charge my client as many billable hours

Okay, I admit, a lawyer has never used this as an objection (at least without a wink of an eye and a wry smile) but there’s no harm in stirring a little controversy! Truthfully, in my experience, lawyers genuinely want to do what’s best for their client and it’s the lack of trust in the technology that prevents them from taking advantage of the cost savings which this technology can bring about.

  1. There’s no precedent for using the technology

First thing to say is that if you’re just using machine learning for prioritisation then a precedent isn’t needed. You’re still reviewing all the documents so you’re unimpeachable. The most recent decision relating to culling documents using the technology has taken place in the Irish Courts in the Irish Bank v Sean Quinn case. This use of predictive coding technology is a creeping inevitability and those early adopters will not only benefit from the experience but will also stand out through the lens of their client as being technology savvy and will attract more business as a result.

  1. I don’t have enough documents to justify its use

In line with the above reasoning, we routinely recommend and use machine learning to bring forward relevant documents on all projects above 10,000 documents. Although the power of the technology won’t be as acutely harnessed as it would be on a larger data set, you would still recognise benefits even with these relatively small document numbers.


New Frontiers in Ediscovery


We are very excited to be launching the inaugural edition of our report entitled: ‘New Frontiers: An Insight into the global expansion of ediscovery.’    The report contains a compendium of 15 articles focusing on how ediscovery is being carried out in various countries around the world.  We have also have included a series of feature articles examining:

  • how ediscovery technology is being used to detect cartels
  • what uses are being found for ediscovery technology in the financial services sector
  • the latest trends in computer forensics
  • new technologies in ediscovery.

Ediscovery has evolved from its origins as a legal procedure used primarily in the USA and UK in litigation matters. Kroll Ontrack’s global expansion over the past ten years has shown there is demand across Europe and Asia for ediscovery technology to search for and review electronic evidence, particularly for competition matters and internal investigations. Download the full report here >>

What does ediscovery look like in 2015?

We asked our global network of legal consultants to report in depth on the state of ediscovery in their respective countries, providing insight into global trends around ediscovery adoption, uses and advances in technology.

The New Frontiers report documents how ediscovery is becoming an important element of the business landscape, even for countries that do not have an obligation to provide ediscovery as part of their legal framework. The important drivers for these countries, including Germany, France, the Netherlands, China and Singapore are more likely to be related to increased scrutiny by regulators, the transparency and compliance agenda, the need to manage mountains of big data and the overriding requirement to reduce legal cost.

Tim Phillips, Managing Director of Kroll Ontrack International Legal Technologies, commented:

“As a leader in the global industry, we believe it is important to document these changes and to highlight ediscovery’s rapid growth as a problem-solver for everything from regulatory compliance to dealing with dawn raids, and from unbundling legal services to forensic investigations.”

The New Frontiers report is available in full here.

Volkswagen emissions scandal fuels wider investigations


Last week, we saw the news that Volkswagen is setting aside €6.5bn (£4.7bn) to cover costs of the rigged US car emissions tests scandal and faces potential fines estimated up to $18bn.The automotive sector is under fierce pressure from consumers and regulators. Regulatory authorities worldwide have launched over 100 investigations into the activities of car manufacturers and/or companies producing components used in car manufacture.

The importance of consumer confidence in the automotive industry remains so high that many spokespersons are calling for more investigations and the implications can be wide-ranging. Not only will automobile manufacturers themselves be at risk but investigations can also look into the activities of third parties and suppliers. Given the size of the industry, this represents a significant number of businesses placed under regulatory scrutiny.

What happens in an investigation?

Regulators will be looking for evidence of misconduct. In most cases, this evidence will be found within electronic and paper documents. Therefore, the first step in many investigations will be a dawn raid on a company’s premises where agents will seize electronic devices such as laptops, computers and phones as well as taking copies of data from servers and the Cloud. They may also take paper documents. The regulator will then examine this evidence as part of the investigation.

Be prepared

At this stage, companies involved in the automotive industry should consider their exposure to issues raised in the Volkswagen scandal (e.g.  methods of measuring fuel emissions) . Companies should also think in a wider context with regards to risk. For example, although a regulator may initially be investigating a specific issue, in this case regarding falsification of fuel emission reports, they will not turn a blind eye to other forms of misconduct. Investigations into one product or issue can unearth evidence of other issues which need to be investigated and potentially reported.

If a company thinks there is even a small risk of any kind of wrongdoing, we would advise taking precautionary measures sooner rather than later. As mentioned earlier, regulators may conduct an unannounced visit. They may also request the submission of large volumes of data with very short deadlines which can be very difficult to meet without expert help from a legal technology provider.

How can an ediscovery expert help?

Whether a company is proactively conducting an internal investigation or is undergoing a regulatory investigation, using an ediscovery provider can give an advantage by:

  1. Establishing what issues the company faces

Kroll Ontrack’s case managers and electronic evidence consultants are experts in assisting with regulatory investigations. Using advanced tools such as predictive coding, they can analyse emails, instant messages, and dozens of other types of office document. Any ‘hot documents’ or data custodians who are exhibiting suspicious behaviour can be quickly identified, allowing companies to take appropriate action in a timely manner.

  1. Identifying irregularities

Not all misconduct is uncovered in communications data such as email. Our structured data consultants are able to use analytics tools to examine financial, operational and transactional data to uncover irregularities that may otherwise be hiding behind big data.

  1. Collecting and preserving important evidence

Evidence is precious and inexpert handling can mean evidence is rejected in court (for example if original metadata was altered during collection). Kroll Ontrack’s digital forensics experts gather electronic evidence and materials in a forensically sound manner, ensuring all data collected is ready for use in an investigation.

We have data centres throughout the world and mobile solutions, meaning evidence can be stored securely and in accordance with data protection laws no matter where in the world it is located.

  1. Presenting project plans to the board, regulators or other relevant third parties

Consultancy is a key part of the service at Kroll Ontrack. Our legal consultants can provide advice and strategy to the board. We are also able to collaborate with regulators where necessary, often negotiating extensions to deadlines or a more favourable investigatory scope.

  1. Providing qualified lawyers and/or paralegals to conduct first level relevance reviews.

With tight deadlines and often specialist technical knowledge required, it can be difficult for law firms to assemble teams of document reviewers with the right skills to conduct document reviews. Kroll Ontrack retains a pool of high-calibre, multilingual document review lawyers with experience across all industrial sectors, ready to be deployed at very short notice.



Are we ready for the drone revolution?


In 2014, over ten thousand civilian drones were sold in the UK and future sales are predicted to increase rapidly. Despite recent legislation regarding privacy and aviation safety, there could still be unintended consequences should drones use become widespread, particularly around data theft and the use of data collected on drones as evidence in court.

Are drones secure?

As with any wireless device, drones can be commandeered or made uncontrollable by third parties. Data can be intercepted by third parties such as data thieves, authorities and hackers. According to white hat hacker Samy Kamkar, hijacking a drone is relatively simple. To prove his point, he adapted a Parrot AR drone, which is commonly used for taking aerial photographs and has video recording capability, and combined it with a Raspberry Pi system. By running his customised software, Kamkar was able to use his hacked drone to track down and control other Parrot drones.

Kamkar has since shared his software with the manufacturers so they can take steps to patch the security holes exploited but the exercise highlighted that drones are vulnerable and the data collected by a drone can be stolen. Until drone security develops and improves, commercial drone users should be cautious of collecting sensitive data via a drone.

Extracting evidence from drones

Should legal action result from the use of drones, for example, when data is stolen and a damages action follows or sensitive personal data is captured and penalties for breaching data protection law ensue, then the data captured by drones may need to be analysed and disclosed in legal proceedings

When faced with a drone a computer forensic expert called upon to extract data from it, would need to consider how the data is stored, whether or not it is encrypted and if it is hard to get to what other sources of the data can be tracked down. There is sometimes a lag between the release of a new device and the development of the tools able to access the data stored on them but often computer forensic experts are able to locate electronic evidence from new devices to support legal proceedings.

A changing legal climate

As drones grow in popularity, so too will the number of disputes regarding their use. Undoubtedly, drone guidelines, which are currently in their infancy, are likely to develop as the legislation evolves to encompass technological advancements. Any organisation, whose business can be affected by drones, whether positively or negatively, should make it a priority to keep abreast of legislation to best protect themselves from future legal action.

“Price Fixing,” she wrote…

Price Fixing…She Wrote

Like any young Scottish girl growing up, my aspiration in life was to become Cabot Cove’s finest; J.B. Fletcher.  Played by the glorious and revered Angela Lansbury, J.B. Fletcher was a sharp minded, best-selling novelist who would always save the day by discovering who the ’real killer’ was.  Years of ’whodunnit’ episodes brought out my inner detective, itching to solve mysteries.

And so, we fast-forward to the present day where you will find me donning my my Jessica Fletcher hat  and 80s style blazer to help clients with their investigations.  More often than not clients are faced with vast volumes of data, a broad question to answer and quite frankly, no idea where to start. This is where I come in, large earrings and all, to help our clients quickly and efficiently their data and gather a data set. This data set is more often a starting point but such is the power of the technology (and wit of the detective!) that in some instances provides an answer.

So without any further ado, let us dive into the mysterious Case of the Chocolate Cartel.

How will our glamorous heroine help solve this case?

My client, a law firm, has been enlisted to investigate whether a  chocolate company has been liaising with their competitors with the purpose of fixing prices. The law firm has collected 15 custodians’ data and have 1.8million documents after processing and deduplication. Where do they start looking for clues when faced with such an intimidating amount of data?

Cartels live and die by conversation. Without communication between parties there can be no cartel and so logically uncovering a cartel will involve investigating the communications of employees of The Chocolate Company, particularly emails and meetings discussing prices. So what would Jessica Fletcher do in this situation? Both she and I would start by examining the communications, and no I don’t mean reading through 1 million emails.

Armed with the best technology on the market, we can run a report to show the Domains that exist within the ‘FROM’ field of the database. Within a couple of minutes we can establish if any of the custodians have emails from a competitor. If there are, alarms bells start ringing. We also look for private email domains (Hotmail, gmail, yahoo etc.) because private email addresses are often a sign that someone has been doing a lot of internet shopping, or something dodgy. If both competitor domains and private domains exist  Jessica Fletcher might say I don’t want to alarm you but something very sinister is going on here”.

Next step in the hunt for clues would be to run searches to isolate communications with those specific domains, and utilise visual analytics to get a good an idea of whether or not there is a mystery to solve, focusing particularly on answering the following questions:

Who was communicating with whom?

We will check whether or not there are external competitors talking with the employees of The Chocolate Company and if custodians forwarding emails to their private email addresses.

When are communications happening?

Building a timeline of communications is key to understanding the relevance of  communications and how they factor in the creation and maintenance of cartel activities.

What are employees saying?

Are the Chocolate Company employees negotiating a new employment or agreeing to align prices? Are they arranging unofficial meet-ups with competitors (golf sessions, dinners out or other places where it is possible to talk in confidence)? If this sort of communication is occurring, further investigation is definitely warranted.

By looking into these criteria, in a very short amount of time I can get a visual overview of the type of communications in the database, and enough of an insight to make an informed judgement as to whether or not there is a potential problem.

All that’s left to do to finally solve the case is to run targeted searches and provide focused results to my review team which will help them to understand the bigger picture and sequence of events.  This helps the Review Team navigate the data to find the evidence and unmask the true guilty party!

And that, my friends, concludes this episode of The Case of the Chocolate Cartel on this season of ‘“Price Fixing,” she wrote…’ – cue closing book and cheesy smile freeze frame!

Technology, big data and the regulatory arms race


In 2010, the then Office of Fair Trading (OFT) launched an investigation into a suspected price-fixing cartel between aviation giants, British Airways and Virgin Atlantic. The airlines were alleged to have conspired to fix fuel surcharge prices. However, the case collapsed following the discovery of 70,000 emails that had not been disclosed to the prosecution until the last minute due to a technical error.

The collapse of the case caused the OFT to be universally criticised, with commentators describing the investigation as a “fiasco” and the OFT exhibiting “incompetence on a monumental scale”.

Fast-forward four years and both the OFT and the Competition Commission (CC) have been dissolved and replaced by the Competition and Markets Authority. Thanks to the technological failings seen in cases such as the Virgin-British Airways price-fixing case, the two authorities may have created the impression that competition authorities lack technological prowess when it comes to investigations. Yet corporations hoping that this new authority will follow in the footsteps of its predecessors in the handling of electronic evidence should take heed; the CMA has a completely different approach .

How does the CMA differ from its predecessors?

More funding

The Treasury has granted funds which have allowed the CMA to invest further in the capacity it needs to increase the number of cartel cases it can pursue and the speed with which it can do so.

Increased quality and quantity of staff

According to Stephen Blake, Senior Director of the Cartels and Criminal Group at the CMA, the CMA has doubled the size of its Cartels and Criminal Group. In addition to doubling the size of that team, the CMA has also focused on building a team with the ability to work proactively and follow an intelligence-led investigation strategy. With this in mind, the CMA have hired a coterie of senior investigators and experienced intelligence officers.

Sophisticated technology

According to an experienced competition expert in London, “Enforcement authorities have learnt a lot over the past few years. They will have seen a change in the volume of documentation that needs to be collated and reviewed and this will have driven the change in approach which is now becoming apparent in their approach to information requests and general case management. The CMA has had the benefit of the hard lessons learned by the OFT, and will be far more engaged on this topic and cautious in planning how to manage an investigation, not just in terms of adhering to best practice but also in managing an investigation to criminal standards.”

To avoid repeating incident such as the Virgin-British Airways data mishandling, the CMA has adopted the same ediscovery and investigatory tools used by law firms and corporations undergoing scrutiny. In a dawn raid scenario, this means they are now able to process very large volumes of data quickly, scan entire corporate IT landscapes and drill down and forensically examine or analyse specific trails of evidence, in detail.

More collaboration

As part of the CMA’s commitment to implementing intelligence-led detection and enforcement strategies, leadership at the CMA has promised to foster closer partnerships with the police and other criminal enforcement agencies.

What will these changes mean for corporate compliance officers and in-house counsel?

The CMA has more funding, highly-trained and motivated staff and is actively pursuing investigations, as well as addressing the cases inherited from the OFT and CC. With the technological gap between authorities, law firms and companies now closed, the best way for corporations to prepare is to take a proactive approach to compliance. This can take the form of conducting regular internal investigations, streamlining and understanding data estates and for the ultimate in preparedness, arranging a mock dawn raid.