Rob Robinson | The ComplexDiscovery Blog

A technology blog highlighting data and legal discovery insight and intelligence.

    Activity Patterns for eDiscovery Mergers, Acquisitions, and Investments (2001-2017)

    Activity Patterns for eDiscovery Mergers, Acquisitions, and Investments (2001-2017)

    Since beginning to track the number of publicly highlighted merger, acquisition, and investment (M&A+I) events in the eDiscovery ecosystem, ComplexDiscovery has noted more than 300 M&A+I events between November 2001 and today. The following article highlights the pattern of these activities on an annual and monthly basis.

    Continue Reading

    An Abridged Look at the Business of eDiscovery: Mergers, Acquisitions, and Investments

    An Abridged Look at the Business of eDiscovery: Mergers, Acquisitions, and Investments

    The presented listing highlights key industry business moves by sharing the announcement date, acquired company, acquiring or investing company, and acquisition amount (if known) of significant eDiscovery-related mergers, acquisitions, and investments.

    Continue Reading

    A Running List: Top 100+ eDiscovery Providers

    A Running List: Top 100+ eDiscovery Providers

    Based on a compilation of research from analyst firms and industry expert reports in the electronic discovery arena, the following “Top 100+Provider” list provides a short listing that may be useful in the consideration of eDiscovery providers. This listing is taken primarily from eDiscovery provider mentions in selected key formal industry reports and surveys published between August 2011 and today.

    Continue Reading

    Validated Market Opportunities for 2017: SaaS-based Legal and Data Discovery Automation

    Validated Market Opportunities for 2017: SaaS-based Legal and Data Discovery Automation

    In 2017, the challenge for technology providers in the legal and data discovery spaces appears to be less about defining offering requirements and validating market needs and more about developing and delivering solutions that focus on specific tasks and processes that streamline the discovery of data and the conduct of eDiscovery.

    Continue Reading

    A Concise Framework for Discovery Automation

    A Concise Framework for Discovery Automation

    One of the biggest challenges facing information, business, and legal professionals is the ability to cohesively consider the elements of data discovery and legal discovery within a technology framework that is comprehensive enough to address critical discovery tasks throughout information and legal lifecycles yet concise enough to be realistically approached from an automation perspective.

    Continue Reading

    industry

    7 Legal Focuses for Marketing Following the GDPR

    Extract from article by Megan Miller

    In anticipation of the new EU Global Data Privacy Regulations set to take effect in May 2018, the legal industry has understandably focused on data security and legal risks and obligations. But GDPR also presents fundamental business challenges for marketing in the legal field and across all industries.

    GDPR has the potential to create a painful compliance experience for users, and contacts—sales channels, prospects, leads and customers—will feel it first. As stewards of personal data and the creation and nurturing of customer relationships, marketers are in a unique position to design GDPR-compliant interactions that preserve and even enhance a positive customer experience and increase loyalty.

    The role of marketing on a cross-functional GDPR transition team is to represent the customer in designing user-friendly processes that are GDPR compliant. This article will look at seven key areas of focus for marketing. For simplicity’s sake, we refer to individual contacts of all types simply as customers or data subjects.

    Additional Reading:

    Vendor Breaches and Their Implications for Employers

    Extract from article by Zoe Argento, Philip Gordon, and Andrew Epstein

    Before entrusting the vendor with personal information, the employer should execute a contract with the vendor that addresses the parties’ obligations and rights regarding personally identifiable information. At minimum, the vendor contract should stipulate that the vendor:

    • promptly notify the employer of a data breach and provide all the information necessary for the employer to provide notifications satisfying applicable law;
    • notify affected individuals under the direction of the employer;
    • mitigate the harmful effects of a data breach, including reimbursing the employer for all the employer’s reasonable costs that result from the vendor’s data breach;
    • indemnify the employer for all third-party claims arising out of the vendor’s data breach;
    • maintain insurance that covers data breach response costs and liability for data breaches; and
    • return or destroy an employer’s data at the end of the engagement.

    A contract covering data security is not only a recommended practice; some laws require companies to obtain a written agreement regarding data security from vendors.  For example, HIPAA requires that covered entities sign a contract with any “business associate” that handles protected health information on behalf of the covered entity. The HIPAA regulations explicitly require that the contract include a long list of data security provisions. The GDPR includes a similarly detailed list of provisions that EU employers must include in the contracts with vendors that process EU personal data on their behalf.

    Additional Reading:

    File Share Platforms and Business Risk

    Extract from article by Richard Lutkus and Corey Bieber

    The use of open file sharing platforms in business continues to increase in 2017; Dropbox alone has over 200,000 active business accounts. Unfortunately, the convenience of these platforms and the increase in use by businesses attracts the attention of hackers a well.  File sharing platforms and accounts have a high “hack value” — the overall value of the accounts on the dark web — due to the relative ease with which account can be obtained and the sensitivity of the information stored on these platforms. The risk associated with the use of file share platforms is twofold.  First, company supported file share is attractive to attackers because it is guaranteed to contain sensitive information.  Second, file share platforms available to employees outside of the company — e.g. the employee Google Drive account — may be used to store company information, but likely do not use the same security standards as those enforced by the company. Attacks on file share platforms are also very real.  In August of 2016 Dropbox forced users to reset their passwords based on a breach — 60 million account credentials compromised — that had been discovered but was executed four years earlier in 2012.

    Thus, it is important that businesses educate their employees on the risks of sharing information on these platforms and apply strict administrative and technical safeguards mitigate the risk of attack.

    Additional Reading:


    industry

    7 Legal Focuses for Marketing Following the GDPR
    7 Legal Focuses for Marketing Following the GDPR

    GDPR has the potential to create a painful compliance experience for users, and contacts—sales cha…

    More in industry

    Insight

    The Rise of Data Type Issues in eDiscovery: Six Issues That Impact eDiscovery Business Performance
    The Rise of Data Type Issues in eDiscovery: Six Issues That Impact eDiscovery Business Performance

    In the Summer of 2017, over 40% of respondents viewed data issues (data volumes and data types) as p…

    More in Insight

    Newsletters

    Five Great Reads on Information Governance and eDiscovery: From eDiscovery Expansion to Security and Sandwiches
    Five Great Reads on Information Governance and eDiscovery: From eDiscovery Expansion to Security and Sandwiches

    This edition of the newsletter highlights five key posts on information governance and electronic di…

    More in Newsletters