Archive for the ‘facebook’ Category

Policy vs. Privacy: Striking the Right Balance Between Organization Interests and Employee Privacy

Friday, March 9th, 2012

The lines between professional and personal lives are being further blurred every day. With the proliferation of smart phones, the growth of the virtual workplace and the demands of business extending into all hours of the day, employees now routinely mix business with pleasure by commingling such matters on their work and personal devices. This trend is sure to increase, particularly with “bring your own device” policies now finding their way into companies.

This sometimes awkward marriage of personal and professional issues raises the critical question of how organizations can respect the privacy rights of their employees while also protecting their trade secrets and other confidential/proprietary information. The ability to properly navigate these murky waters under the broader umbrella of information governance may be the difference between a successful business and a litigation-riddled enterprise.

Take, for instance, a recent lawsuit that claimed the Food and Drug Administration (FDA) unlawfully spied on the personal email accounts of nine of its employee scientists and doctors. In that litigation, the FDA is alleged to have monitored email messages those employees sent to Congress and the Office of Inspector of General for the Department of Health & Human Services. In the emails at issue, the scientists and doctors scrutinized the effectiveness of certain medical devices the FDA was about to approve for use on patients.

While the FDA’s email policy clearly delineates that employee communications made from government devices may be monitored or recorded, the FDA may have intercepted employees’ user IDs and passwords and accessed messages they sent from their home computers and personal smart phones. Not only would such conduct potentially violate the Electronic Communications Privacy Act (ECPA), it might also conceivably run afoul of the Whistleblower Protection Act.

The FDA spying allegations have also resulted in a congressional inquiry into the email monitoring policies of all federal agencies throughout the executive branch. Congress is now requesting that the Office of Management and Budget (OMB) produce the following information about agency email monitoring policies:

  • Whether a policy distinguishes between work and personal email
  • Whether user IDs and passwords can be obtained for personal email accounts and, if so, whether safeguards are deployed to prevent misappropriation
  • Whether a policy defines what constitutes protected whistleblower communications

The congressional inquiry surrounding agency email practices provides a valuable measuring stick for how private sector organizations are addressing related issues. For example, does an organization have an acceptable use policy that addresses employee privacy rights? Having such a policy in place is particularly critical given that employees use company-issued smart phones to send out work emails, take photographs and post content to personal social networking pages. If such a policy exists now, query whether it is enforced, what the mechanisms exist for doing so and whether or not such enforcement is transparent to the employees.  Compliance is just as important as issuing the policy in the first place.

Another critical inquiry is whether an organization has an audit/oversight process to prevent the type of abuses that allegedly occurred at the FDA. Such a process is essential for organizations on multiple levels. First, as Congress made clear in its letter to the OMB, monitoring communications that employees make from their personal devices violates the ECPA. It could also interfere with internal company whistleblower processes. And to the extent adverse employment action is taken against an employee-turned-whistleblower, the organization could be liable for violations of the False Claims Act or the Dodd-Frank Wall Street Reform and Consumer Protection Act.

A related aspect to these issues concerns whether an organization can obtain work communications sent from employee personal devices. For example, financial services companies must typically retain communications with investors for at least three years. Has the organization addressed this document retention issue while respecting employee privacy rights in their own smart phones and tablet computers?

If an organization does not have such policies or protections in place, it should not panic and rush off to get policies drafted without thinking ahead. Instead, it should address these issues through an intelligent information governance plan. Such a plan will typically address issues surrounding information security, employee privacy, data retention and eDiscovery within the larger context of industry regulations, business demands and employee productivity. That plan will also include budget allocations to support the acquisition and deployment of technology tools to support written policies on these and other issues.  Addressed in this context, organizations will more likely strike the right balance between their interests and their employees’ privacy and thereby avoid a host of unpleasant outcomes.

The Social Media Rubik’s Cube: FINRA Solved it First, Are Non-Regulated Industries Next?

Wednesday, January 25th, 2012

It’s no surprise that the first industry to be heavily regulated regarding social media use was the financial services industry. The predominant factor that drove regulators to address the viral qualities of social media was the fiduciary nature of investing that accompanies securities, coupled with the potential detrimental financial impact these offerings could have on investors.

Although there is no explicit language in FINRA’s Regulatory Notices 10-06 (January 2010) or 11-30 (August 2011) requiring archival, the record keeping component of the notices necessitate social media archiving in most cases due to the sheer volume of data produced on social media sites. Melanie Kalemba, Vice President of Business Development at SocialWare in Austin, Texas states:

“Our clients in the financial industry have led the way, they have paved the road for other industries, making social media usage less daunting. Best practices for monitoring third-party content, record keeping responsibilities, and compliance programs are available and developed for other industries to learn from. The template is made.”

eDiscovery and Privacy Implications. Privacy laws are an important aspect of social media use that impact discoverability. Discovery and privacy represent layers of the Rubik’s cube in the ever-changing and complex social media environment. No longer are social media cases only personal injury suits or HR incidents, although those are plentiful. For example, in Largent v. Reed the court ruled that information posted by a party on their personal Facebook page was discoverable and ordered the plaintiff to provide user name and password to enable the production of the information. In granting the motion to compel the Defendant’s login credentials, Judge Walsh acknowledged that Facebook has privacy settings, and that users must take “affirmative steps” to keep their information private. However, his ruling determined that no social media privacy privilege exists: “No court has recognized such a privilege, and neither will we.” He further reiterated his ruling by adding, “[o]nly the uninitiated or foolish could believe that Facebook is an online lockbox of secrets.”

Then there are the new cases emerging over social media account ownership which affect privacy and discoverability. In the recently filed Phonedog v. Kravitz, 11-03474 (N.D. Cal.; Nov. 8, 2011), the lines between the “professional” versus the “private” user are becoming increasingly blurred. This case also raises questions about proprietary client lists, valuations on followers, and trade secrets  – all of which are further complicated when there is no social media policy in place. The financial services industry has been successful in implementing effective social media policies along with technology to comply with agency mandates – not only because they were forced to by regulation, but because they have developed best practices that essentially incorporate social media into their document retention policies and information governance infrastructures.

Regulatory Framework. Adding another Rubik’s layer are the multitude of regulatory and compliance issues that many industries face. The most active and vocal regulators for guidance in the US on social media have been FINRA, the SEC and the FTC. FINRA initiated guidance to the financial services industry, and earlier this month the SEC issued their alert. The SEC’s exam alert to registered investment advisers issued on January 4, 2012 was not meant to be a comprehensive summary for compliance related to the use of social media. Instead, it lays out staff observations of three major categories: third party content, record keeping and compliance – expounding on FINRA’s notice.

Last year the FTC issued an extremely well done Preliminary FTC Staff Report on Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers.  Three main components are central to the report. The first is a call for all companies to build privacy and security mechanisms into new products – considering the possible negative ramifications at the outset, avoiding social media and privacy issues as an afterthought. The FTC has cleverly coined the notion, “Privacy by Design.” Second, “Just-In-Time” is a concept about notice and encourages companies to communicate with the public in a simple way that prompts them to make informed decisions about their data in terms that are clear and that require an affirmative action (i.e., checking a box). Finally, the FTC calls for greater transparency around data collection, use and retention. The FTC asserts that consumers have a right to know what kind of data companies collect, and should have access to the sensitivity and intended use of that data. The FTC’s report is intended to inform policymakers, including Congress, as they legislate on privacy – and to motivate companies to self-regulate and develop best practices. 

David Shonka, Principal Deputy General Counsel at the FTC in Washington, D.C., warns, “There is a real tension between the situations where a company needs to collect data about a transaction versus the liabilities associated with keeping unneeded data due to privacy concerns. Generally, archiving everything is a mistake.” Shonka arguably reinforces the case for instituting an intelligent archive, whether a company is regulated or not;  an archive that is selective about what it ingests based on content, and that has an appropriate deletion cycle applied to defined data types/content according to a policy. This will ensure expiry of private consumer information in a timely manner, but retains the benefits of retrieval for a defined period if necessary.

The Non-Regulated Use Case­. When will comprehensive social media policies, retention and monitoring become more prevalent in the non-regulated sectors? In the case of FINRA and the SEC, regulations were issued to the financial industry. In the case of the FTC, guidance had been given to companies regarding how to avoid false advertisement and protect consumer privacy. The two are not dissimilar in effect. Both require a social media policy, monitoring, auditing, technology, and training. While there is no clear mandate to archive social media if you are in a non-regulated industry, this can’t be too far away. This is evidenced by companies that have already implemented social media monitoring systems for reasons like brand promotion/protection, or healthcare companies that deal with highly sensitive information. If social media is replacing email, and social media is essentially another form of electronic evidence, why would social media not be part of the integral document retention/expiry procedures within an organization?

Content-based monitoring and archiving is possible with technology available today, as the financial sector has demonstrated. Debbi Corej, who is a compliance expert for the financial sector and has successfully implemented an intensive social media program, says it perfectly: “How do you get to yes? Yes you can use social media, but in a compliant way.” The answer can be found at LegalTech New YorkJanuary 30 @ 2:00pm.

ECPA, 4th Amendment, and FOIA: A Trident of Laws Collide on the 25th Birthday of the Electronic Communications Privacy Act

Wednesday, November 2nd, 2011

Google has publicly released the number of U.S. Government requests it had for email productions in the six months preceding December 31, 2009.  They have had to comply with 94% of these 4,601 requests.  Granted, many of these requests were search warrants or subpoenas, but many were not.  Now take 4,601 and multiply it by at least 3 for other social media sources for Facebook, LinkedIn, and Twitter.  The number is big – and so is the concern over how this information is being obtained.

What has becoming increasingly common (and alarming at the same time) is the way this electronically stored information (ESI) is being obtained from third party service providers by the U.S. Government. Some of these requests were actually secret court orders; it is unclear how many of the matters were criminal or civil.  Many of these service providers (Sonic, Google, Microsoft, etc.) are challenging these requests and most often losing. They are losing on two fronts:  1) they are not allowed to inform the data owner about the requests, nor the subsequent production of the emails, and 2) they are forced to actually produce the information.  For example, the U.S. Government obtained one of these secret orders to get WikiLeaks volunteer Jacob Applebaum’s email contact list of the people he has corresponded with over the past two years.  Both Google and Sonic.net were ordered to turn over information and Sonic challenged  the order and lost.  This has forced technology companies to band together to lobby Congress to require search warrants in digital investigations.

There are three primary laws operating at this pivotal intersection that affect the discovery of ESI that resides with third party service providers, and these laws are in a car wreck with no ambulance in sight.  First, there is the antiquated Federal Law, the Electronic Communications Privacy Act of 1986, over which there is much debate at present.  To put the datedness of the ECPA in perspective, it was written before the internet.  This law is the basis that allows the government to secretly obtain information from email and cell phones without a search warrant. Not having a search warrant is in direct conflict with the U.S. Constitution’s 4th Amendment protection against unreasonable searches and seizures.  In the secret order scenario, the creator of data is denied their right to know about the search and seizure (as they would if their homes were being searched, for example) as it is transpiring with the third party.

Where a secret order has been issued and emails have been obtained from a third party service provider, we see the courts treating email much differently than traditional mail and telephone lines.  However, the intent of the law was to give electronic communications the same protections that mail and phone calls have enjoyed for some time. Understandably, the law did not anticipate the advent of the technology we have today.  This is the first collision, and the reason the wheels have gone off the car, since the standard under the ECPA sets a lower bar for email than that of the former two modes of communication.  The government must only show “reasonable grounds” that the records would be “relevant and material” to an investigation, criminal or civil, compared to the other higher standard.

The third law in this collision is the Freedom of Information Act (FOIA).  While certain exceptions and allowances are made for national security and in criminal investigations, these secret orders are not able to be seen by the person whose information has been requested.  Additionally, the public wants to see these requests and these orders, especially if they have no chance of fighting them.  What remains to be seen is what our rights are under FOIA to see these orders, either as a party or a non-related individual to the investigation as a matter of public record.  U.S. Senator Patrick Leahy, (D-VT), the author of the ECPA, acknowledged in no uncertain terms that the law is “significantly outdated and outpaced by rapid changes in technology.”   He has since introduced a bill with many changes that third party service providers have lobbied for to bring the ECPA up to date. The irony of this situation is that the law was intended to provide the same protections for all modes of communication, but in fact makes it easier for the government to request information without the author even knowing.

This is one of the most important issues now facing individuals and the government in the discovery of ESI during investigations and litigation.  A third party service provider of cloud offerings is really no different than a utility company, and the same paradigm can exist as it does with the U.S. Postal Service and the telephone companies when looking to discover this information under the Fourth Amendment, where a warrant is required. The law looks to be changing to reflect this and FOIA should allow the public to access these orders.  Amendments to the Act have been introduced by Senator Leahy, and we can look forward to the common sense changes he proposes that are necessary.  The American people don’t like secrets. Lawyers, get ready to embrace the revisions into your practice by reading up on the changes as they will impact your practices significantly in the near future.

Social Media and eDiscovery: New Kid on the Block, but the Same Story

Friday, September 30th, 2011

In the eDiscovery universe, hot trends and evolving technologies tend to capture the attention of the legal community.  Discoverable data sources have been the focus in the courtroom for quite some time, and just like the “popular kids” from high school, email has held the crown of eDiscovery darling.  Not surprisingly, the more time end-users spend in a specific medium (on Facebook, for example), the more likely data will be created – and as that data multiplies, it has the potential to become compelling in discovery.  It seems that many U.S. organizations are electing to allow social media use at work and for work, rather than blocking access.  For obvious reasons, granting this access is culturally desirable, but from an eDiscovery perspective social media use introduces new complications.  However, don’t be mystified.  There is nothing that new here.

Recently, Symantec issued the findings of its second annual Information Retention and eDiscovery Survey, which examined how enterprises are coping with the tsunami of electronically stored information.  Having lost some popularity, email came in third place (58%) to files/documents (67%) and database/application data (61%) when respondents were asked what type of documents were most commonly part of an eDiscovery request.  The new kid on the block for data sources is social media, reported by 41% of those surveyed.  Social media is in essence no different than any other data type in the eDiscovery process, it’s just the newest.  Said another way; social media is the new email.

Of course, it’s no longer news to proclaim that communications from social networking sites are discoverable.  What is newsworthy is the question of how to effectively store, manage and discover these communications which come in such varying forms, making the logistics of doing so for social media different than for traditional mediums.  Like email, social media is used by everyone (ubiquitous), is viral (fast), has mixed uses (professional and personal) and there is a lot of it (high volume).  Unlike email, social media comes in many different forms (Facebook, LinkedIn, Twitter, etc.), is not controlled within an organization’s firewalls (custody, possession and control issues), and has more complex requirements within the information governance lifecycle (technology is needed to ingest social media into an archive).

The two main areas to examine in relation to social media use and an organization’s policies are: 1) the legal issues that apply specifically to the organization, and 2) the logistical and technical requirements for preservation and collection.  Essentially, what is the organization’s policy surrounding social media use, and how can the information be accessed if need be? Luckily, technology exists that is nimble enough to be able to ingest social media and archive it in accordance with an organization’s policy, should one exist.  Organizations that have recognized social media as the newest kid on the block have, ideally: developed a social media policy, purchased (or deployed) collection and retention technology, and instituted training for their employees.  They have also integrated social media into their information governance strategy and document retention policy. Remember, not all organizations will have to archive social media, but all should address social media with a policy and training.

Other organizations have not accepted social media as part of the evolutionary process of eDiscovery.  They proceed at their own peril – as did the organizations that did not control their email some ten years ago!

These organizations will be in crisis when they need to collect social media for litigation and will most likely have a large lesson in damage control, as well as an equally large bill.  They will be uneducated, ill-prepared and overwhelmed about how to discover social media.  Without a policy, they will have to over collect by default, which will drive up the costs for collection and possibly for downstream review.  Given that the aforementioned survey found nearly half of the respondents did not have an information retention policy in place, and of this group, only 30% were discussing how to do so, it is likely that many of these organizations do not yet have a social media policy either.

With this background in mind, organizations should evaluate which laws and regulations apply to their organization, develop a policy and train their employees on that policy.  Plus ça change, plus c’est la même chose.

For more information about how IT and Legal can manage the impact of social media on their organization and to learn how archiving social media can be accomplished, please join this webcast from Symantec.

Email Isn’t eDiscovery Top Dog Any Longer, Recent Survey Finds

Sunday, September 18th, 2011

Symantec today issued the findings of its second annual Information Retention and eDiscovery Survey, which examined how enterprises are coping with the tsunami of electronically stored information (ESI) that we see expanding by the minute.  Perhaps counter intuitively, the survey of legal and IT personnel at 2,000 enterprises found that email is no longer the primary source of ESI companies produced in response to eDiscovery requests.  In fact, email came in third place (58%) to files/documents (67%) and database/application data (61%).  Marking a departure from the landscape as recently as a few years ago, the survey reveals that email does not axiomatically equal eDiscovery any longer.

Some may react incredulously to these results. For instance, noted eDiscovery expert Ralph Losey continues to stress the paramount importance of email: “In the world of employment litigation it is all about email and attachments and other informal communications. That is not to say databases aren’t also sometimes important. They can be, especially in class actions. But, the focus of eDiscovery remains squarely on email.”   While it’s hard to argue with Ralph, the real takeaway should be less about the relative descent of email’s importance, and more about the ascendency of other data types (including social media), which now have an unquestioned seat at the table.

The primary ramification is that organizations need to prepare for eDiscovery and governmental inquires by casting a wider ESI net, including social media, cloud data, instant messaging and structured data systems.  Forward-thinking companies should map out where all ESI resides company-wide so that these important sources do not go unrecognized.  Once these sources of potentially responsive ESI are accounted for, the right eDiscovery tools need to be deployed so that these disparate types of ESI can be defensibly collected and processed for review in a singular, efficient and auditable environment.

The survey also found that companies which employ best practices such as implementing information retention plans, automating the enforcement of legal holds and leveraging archiving tools instead of relying on backups, fare dramatically better when it comes to responding to eDiscovery requests. Companies in the survey with good information governance hygiene were:

  • 81% more likely to have a formal retention plan in place
  • 63% more likely to automate legal holds
  • 50% more likely to use a formal archiving tool

These top-tier companies in the survey were able to respond much faster and more successfully to an eDiscovery request, often suffering fewer negative consequences:

  • 78% less likely to be sanctioned
  • 47% less likely to lead to a compromised legal position
  • 45% less likely to disclose too much information

This last bullet (disclosing too much information) has a number of negative ramifications beyond just giving the opposition more ammo than is strictly necessary.  Since much of the eDiscovery process is volume-based, particularly the eyes-on review component, every extra gigabyte of produced information costs the organization in both seen and unseen ways.  Some have estimated that it costs between $3-5 a document for manual attorney review – and at 50,000 pages to a gigabyte, these data-related expenses can really add up quickly.

On the other side of the coin, there were those companies with bad information governance hygiene.  While this isn’t terribly surprising, it is shocking to see how many entities fail to connect the dots between information governance and risk reduction.  Despite the numerous risks, the survey found nearly half of the respondents did not have an information retention plan in place, and of this group, only 30% were discussing how to do so.  Most shockingly, 14% appear to be ostriches with their heads in the sand and have no plans to implement any retention plan whatsoever.  When asked why folks weren’t taking action, respondents indicated lack of need (41%), too costly (38%), nobody has been chartered with that responsibility (27%), don’t have time (26%) and lack of expertise (21%) as top reasons.  While I get the cost issue, particularly in these tough economic times, it’s bewildering to think that so many companies feel immune from the requirements of having even a basic retention plan.

As the saying goes, “You don’t need to be a weatherman to tell which way the wind blows.”  And, the winds of change are upon us.  Treating eDiscovery as a repeatable business process isn’t a Herculean task, but it is one that cannot be accomplished without good information governance hygiene and the profound recognition that email isn’t the only game in town.

For more information regarding good records management hygiene, check out this informative video blog and Contoural article.

Two Surveys Confirm Social Media in eDiscovery Has Reached Tipping Point

Tuesday, August 2nd, 2011

As the saying goes, “I’ve seen the future and the future is now.”  This was my first reaction after analyzing two recent surveys regarding social media and eDiscovery.  The first one was from Clearwell (now a part of Symantec) and the Enterprise Strategy Group, entitled: “Trends in E-Discovery: Cloud and Collection.”  Beyond examining cloud issues it also queried respondents about the growing impact of social media on electronic discovery.  While many of the responses struck me as intuitive, I was taken by the fact that we seem to have crossed over the chasm of social media to the point that this content simply cannot be ignored any longer.  For ages, and perhaps some still today, email was the 800 pound gorilla in the eDiscovery context, often to the dangerous exclusion of other forms of electronically stored information (ESI).

But, in 2011 we’ve now reached the tipping point – with 58 percent of respondents of the ESG survey expecting to manage social media applications as part of eDiscovery, more than double the 27 percent who did so in 2010.  That’s not only a massive increase in one year, but it also moves social media from a fringe element to a mainstream source of ESI.  When asked what types of social media applications would be the most relevant for eDiscovery, 79 percent of survey respondents named Facebook, followed by Twitter (64 percent) and LinkedIn (55 percent).

Similarly (and coincidentally), Applied Research and Symantec (who just acquired Clearwell) queried 1,225 senior enterprise IT professionals around the world in a Social Media Flash Poll.  In one of the main findings, the Flash Poll found that social media is extremely ubiquitous in the enterprise environment, with 45 percent of respondents using it for personal uses and 42 percent using it for business reasons.  Rating highly were a number of disparate social media devices including blogs, multimedia sharing, business forums and, of course, social networking – both personal (e.g., Facebook) and business (e.g., LinkedIn).

The impact on eDiscovery, while somewhat obvious, is nevertheless a significant challenge for many enterprises.

Initially, the increased use of social media intrinsically means that email isn’t likely to be the sole source of responsive information pertaining to a lawsuit (or governmental inquiry).  While this hasn’t really been the case for a while, it’s time for the attorneys scoping eDiscovery matters to face facts and abandon old school notions that email axiomatically equals eDiscovery.  For good or ill, our world of potentially responsive ESI simply isn’t that homogenous.

The Flash Poll also honed in on how this increased use of social media is impacting IT professionals.  While information governance concepts (compliance with regulations and retention polices – both at 45 percent) rated higher on their risk index, the management of eDiscovery was still a significant (and growing) concern at 37 percent.  And, while IT folks are increasingly concerned, it’s safe to say that their attorney counterparts (who have a heightened sense of risk profiling) are even more worried about the impact of social media on the already complex eDiscovery process.

So, what can be done in the face of this changing eDiscovery landscape that used to be dominated by email?  First and foremost, it’s imperative to understand your unique regulatory and legal requirements.  This facilitates the mapping of new social media technologies and content to the requisite policies that address data mapping and the retention of social media content, either in a proactive sense (i.e., archiving) or in a reactive sense (i.e., litigation hold).

As Glenn Close frighteningly said in her 1987 thriller, Fatal Attraction, “I will not be ignored.”  That warning fits the entire social media genre as it relates to eDiscovery in 2011.  And, just like ignoring Glenn Close, failing to pay proper attention to social media is done at significant peril to both IT professionals and attorneys alike.

Clearwell’s New eDiscovery World Revolutionizes End-to-End E-Discovery

Friday, April 1st, 2011

At Clearwell, we’re constantly ruminating on innovative ways to help make our customers’ e-discovery process more efficient. Given the astronomical growth of social gaming, we began asking ourselves, “How can we harness the power and passion of millions of social gamers for the greater good?”

Questions like this really get our engineers cooking, and what they came back with is, to steal a word from one of our most popular product launches a year ago, simply “magical”.

Starting today, Clearwell’s eDiscovery World leverages the red-hot consumer social gaming trend to provide dramatic and previously unattainable increases in e-discovery technology training and productivity. In fact, the promise of eDiscovery World is so great that we have added social gaming as a core part of our product architecture across all Clearwell modules, from legal hold through production.

And we’re not stopping there. We believe that strategic social gaming delivers such powerful benefits to a best practices e-discovery process, that we’ve proposed modifying the EDRM diagram to account for this critical new requirement for truly end-to-end discovery.

Prior to today, unstructured obsession with social gaming has actually been an obstacle keeping end-to-end e-discovery from becoming a reality in many organizations. Interviews conducted across law firms, service providers, and every major enterprise vertical indicate that the time spent protecting crops from withering and urban blight from descending upon virtual cities has left insufficient hours with which to implement next-generation electronic discovery technology. As a result, legal costs have continued to rise and the risk of sanctions has grown substantially. One Director of E-Discovery at a Fortune 100 company, when grilled about his organization’s failure to implement a robust legal hold process, pleaded, “Can you spare some Facebook credits so I can buy a chicken?”

Now, Clearwell has turned this challenge into a tremendous opportunity. In eDiscovery World, we provide an alternative to traditional social gaming that allows users to perform end-to-end e-discovery in a virtual environment – first in training mode to gain e-discovery process knowledge and experience, and then working with live documents and high-stakes cases. All stages of the e-discovery process are functional in the eDiscovery World environment, which is backed by a robust cloud computing platform able to support the largest and most complex cases. Best of all, in addition to the substantial productivity gains our beta customers have already achieved, many have even found their employees clamoring to forego significant portions of their salaries in order to earn precious Facebook credits, thus delivering dramatic cost savings for the organization.

eDiscovery World is truly a win-win, and we couldn’t be more excited about it. Enjoy!

Open Platforms in E-Discovery

Wednesday, June 13th, 2007

Most large companies face a dilemma. Should they open up their products and invite others to build features on them, creating a “platform” or ecosystem around themselves? Or would that be inviting the proverbial fox into the hen-house, meaning they should instead prevent others from integrating with their product or leveraging it to create add-on functionality?

In the internet world, there is no doubt about the answer: throw open the doors via easy-to-use APIs (“application programming interfaces”) and let a thousand flowers bloom. That’s what FaceBook did a couple of weeks back with their announcement of the FaceBook Platform, and it has already led to hundreds of new applications for their users. It is what Skype did so effectively, creating a mini-industry around themselves of voicemail, skins, ring-tones, and more. Even eBay, which has jealously guarded its feedback ratings and has habitually crushed smaller companies in its cross-hairs, is embracing the open platform mantra, announcing this week that third-party companies can build features that work with eBay in new ways.

By contrast, telecom companies live in a world of closed standards. Even in the wireless industry, which is arguably the most competitive part of the telecom world, the carriers (Cingular, T-Mobile, Verizon, etc.) exact a heavy toll on any application trying to reach their handsets. As friends in the industry tell me, “There’s a reason why there has never been a billion dollar mobile application company.”

In e-discovery, the large technology vendors like EMC, HP, Symantec, and ZANTAZ face the same choice. Their email archiving products store huge amounts of data. Should they let 3rd party e-discovery software analyze that data, giving their customers more choice? Or should they slam the door shut, and try to force customers to use their own proprietary e-discovery applications?

The answer, it seems, depends on what they want to be when they grow up. As the market leader, Symantec is confident enough to open its archive (Enterprise Vault) to 3rd party applications while offering customers its own Discovery Accelerator for litigations holds and some document review. Similarly, perhaps because of its powerful brand, HP focuses on storage optimization with HP RISS and partners with e-discovery software, often with huge savings for its customers. On the other side of the coin, smaller companies like ZANTAZ and Mimosa see themselves as e-discovery companies: they seek to leverage their storage products to get customers to also buy their e-discovery applications.

In the long-run, my feeling is that any archive of any stature will have to adopt open standards. Customers will demand it, and (unlike telecom companies) the archive vendors do not have the market power to resist. Over time, they will also come to appreciate (as HP and Symantec do now) that enabling 3rd party applications to analyze the data they store is to their advantage, since it creates a powerful, additional incentive to store more information in the archive.

What Web 2.0 Applications Can Teach Enterprise Software

Sunday, June 3rd, 2007

The other day, I came across the fascinating statistic that over 50% of products returned every year to stores across America have absolutely nothing wrong with them. Apparently, consumers used them for an average of 20 minutes and then gave up, because they were too complicated.

At this point, most customers of traditional enterprise software could be forgiven for thinking: “I wish I could do that.” Enterprise applications are notoriously feature-laden, complicated to use, and difficult to install. They make their users feel stupid, by presenting them with complex pictures that look like amoeba or toolbars with 150 different options. Why does enterprise software seek to punish its customers in this way?

Partly, because customers ask for it. Whether they are buying a dishwasher or an accounting application, people habitually over-estimate their ability to figure out how a complicated product works and, as a result, pay more for features that they never use. Partly, it’s because enterprise software is designed by engineers who think everyone is as technically proficient as they are, and by marketing people who view every additional feature as a new selling point.

By contrast, Web 2.0 applications such as FaceBook, Flickr, StumbleUpon, or Meebo are incredibly easy use. Even an idiot who has never seen these applications before can use them without an instruction manual or a training course. You could say that’s because they are trivially simple applications. But I think it’s primarily because, if they were not so easy to use, people would simply click away and try something else – i.e., they would die.

That to me is the real lesson that Web 2.0 apps can teach enterprise software: make something that is easy to use, easy for someone to install, and easy for them to evaluate. Get people addicted to your application because it’s so good (the average FaceBook user spends 4+ hours a day on the site). No doubt, this is harder to do with enterprise applications because they are inherently more complex. But figure out a way to hide the complexity, packaging all the functionality users need into a design that’s easy to use. This is a key characteristic of e-discovery software applications; it’s the genius of salesforce.com’s CRM application and Apple’s iPod; and, it needs to be a core skill of any company creating enterprise applications today.