eDiscovery Leaders Live: Seth Eichenholtz of Mastercard
Seth Eichenholtz, Head of eDiscovery and Head of Insider Threat Risk Management at Mastercard, joins George Socha, Senior Vice President of Brand Awareness at Reveal, as part of a special ACEDS #eDiscoveryLeadersLive series broadcast from ILTACON 2022.
Seth Eichenholtz is head of both eDiscovery and the Insider Threat programs at Mastercard. On the eDiscovery front, he has oversight of the preservation, collection, processing, and production of data for litigation, investigations, and regulatory matters. As part of Mastercard’s Corporate Security Investigations group, he is also integral to managing internal investigations, incident/breach response, and related cross border data transfers for those matters. Prior to joining MasterCard in 2016, Seth spent over five years as Vice President, eDiscovery Manager for Swiss Re where he focused on managing all facets of eDiscovery for matters that encompassed claims-based disputes, litigation, regulatory and investigative matters for all Swiss Re entities globally. Seth started his career as a tax attorney with PricewaterhouseCoopers and has extensive litigation and investigation experience managing and providing computer forensic and eDiscovery services since 2000.
Throughout our discussion, Seth brought to bear perspectives from both the eDiscovery and the insider threat sides of his job. He talked about privacy – the on-again, off-again nature of the attention paid to it, the changing nature of what we consider privacy to be, and how privacy may be addressed in the corporate setting. Seth talked about what he wants from counsel, both for privacy and for insider threats. He then turned to Microsoft’s M365, both the eDiscovery and the security sides of the offerings. Finally, Seth offered best practices when it comes to collaboration tools and the data they generate.
- [3:12] The importance of privacy to both eDiscovery and insider threats.
- [5:12] A shift to focusing on customer data while still needing pay attention to worker information.
- [7:00] Waxing and waning levels of interest in privacy.
- [7:28] Ongoing uncertainty about what privacy actions to take.
- [7:48] How old privacy truths are no longer accurate.
- [8:22] Privacy as a human versus consumer right?
- [9:52] Looking for privacy trends and building playbooks for them.
- [10:38] Bringing eDiscovery and insider threat perceptions and perspectives to privacy counsel.
- [11:30] Returning to the old-fashioned phone call to get on the same page.
- [11:59] What he wants from privacy counsel.
- [13:26] What he wants from counsel when insider threats are involved.
- [14:12] M365 – is it there yet?
- [17:06] Microsoft trying to pack a lot of different things into M365, including efforts to address privacy.
- [16:26] Thoughts on Microsoft’s eDiscovery offerings.
- [20:19] Thoughts on Microsoft’s security tools.
- [22:05] Best practices for working collaboration tools – find out what collaboration tools really are in use.
- [23:18] Best practices 2 – education about which collaboration tools to use and how.
- [24:19] Best practices 3 – legal holds and monitoring.
- [24:46] The challenge of the ever-growing volumes of content created by proliferating communication tools.
- “The key issue for us is privacy. I tell this to my team on both sides of the house, from eDiscovery as well as insider threat. Anything we do, we need to have one of the lenses we look through [be] the privacy lens.”
- “How do you marry multiple flavors given regional privacy differences with the fact that I’m [with] a global company and any case I have is likely to involved people from different regions?”
- “One of my challenges working with our privacy counsel and understanding the laws, is you might ask the same question to four different privacy counsel on a use case and get four different answers…. That’s not a knock on anybody. It’s just reality.”
- “I’m happy to take an answer I don’t agree with [from privacy counsel] but not if it doesn’t’ have the proper analysis.”
- “[M365] works really well if you’re a smaller entity with generally smaller volumes of data…. It’s when you are part of a much larger, broader organization that has an exponentially larger volume of data that is has to account for…, I think that’s where some of the things fall down.”
- “We are very much engaged with [Microsoft on M365]. We are very much eager to take advantage of the tools. Some of them work kind of cool, some of them kind of well, some of them less so.”
- “That’s also one of the really key connective tissues between eDiscovery and security insider threat, is being able to access, manage, collect data from a communications perspective. It’s no longer just emails.”