eDiscovery Leaders Live: Jonathan Maas of Maas Consulting Group
Jonathan and I started with a discussion about what he calls “data wrangling”, his recasting of eDiscovery and those who engage it into a vital role in the world beyond litigation and legal. We talked about what eDiscovery practitioners bring to the table, the expertise they offer not just for lawsuits and investigations but for any situation involving the aggregation and analysis of data. We discussed the impact of data privacy on eDiscovery and the reverse, as well as the benefits and challenges of anonymization and pseudonymization. Jonathan addressed an area he has long speculated about, self-service eDiscovery. And, before a lost connection brought our session to a premature close, he focused on one of Jonathan’s key buttons, the mismatch between the litigation process we need to go through and the emphasis we place on discovery as part of it.
Recorded live on June 4, 2021 | Transcription below
Note: This content has been edited and condensed for clarity.
Welcome to eDiscovery Leaders Live, hosted by ACEDS and sponsored by Reveal. I am George Socha, Senior Vice President of Brand Awareness at Reveal. Each Friday morning at 11 am Eastern, I host an episode of eDiscovery Leaders Live, where I get the chance to chat with luminaries in eDiscovery and related areas. Past episodes are available on the Reveal website; go to “revealdata.com”, select “Resources”, then select eDiscovery Leaders Live”.
My guest this week is Jonathan Maas, Managing Director of the Maas Consulting Group. He is a paper and electronic discovery/disclosure veteran, with 39 years of experience in the field: 29 years in international law firms and 10 years in international consultancies. Jonathan speaks and writes on the subject of eDiscovery and disclosure quite widely. He's been involved in developing civil procedure in England and Wales to respond to the demands of litigating in the digital age. His métier, really, is acting as a verbal or written bridge between experts and lay people, whether it's conveying complex technology concepts to a legal audience or explaining matters of detailed legal procedure to IT specialists.
Jonathan also regularly sends out an email alert (his “BONG!”) to subscribers that contains brief snippets of interesting recent discovery, GDPR, legal technology, scientific, and other news.
Thank you very much. Good morning, George. Delighted to be here. Thank you to ACEDS and to Reveal.
What is Data Wrangling?
Glad to have you with us. I would like to start by diving into a topic I know is of interest to you. One you called “data wrangling”. So before we get into the topic, first tell us what you mean by data wrangling?
I think it's long overdue that we break out of the various silos that people have expertise in around the issue of doing things with data. So, lately I've got in the habit of just calling it “data wrangling”. It's where you know something that you need to do something to, is in your data. So you wrangle it, you herd it all up, you corral it, you investigate, you interrogate, you review, whether that's personally as a human being or using the great technology that’s out there. And then you take action based on what you found in the data. That needs to happen in the information governance world, the compliance world, the criminal investigation world, the eDiscovery, or the discovery, world. It needs to happen everywhere, even just to inform a business about how it should go to market or what its strategies should be for the next three or four years. It’s nothing to do with discovery, it’s data wrangling.
And I am convinced that the skills that people have in, say, the eDiscovery silo are equally applicable and useful and needed in all those other areas. But they just get labeled ED, litigation, and everyone else ignores them. They're pigeonholed and I think they shouldn't be.
So is the silo you're talking about a segment within legal? Is it all of legal? Is it even bigger than that? What's the silo we should be looking at breaking out up here?
In particular it’s the ED silo, obviously, because everything is labeled ED. I've used, lately, the analogy of the footwear I wore when I played badminton and squash. I had Blue Flash footwear for my badminton activities and Green Flash for my squash. In reality they were exactly the same shoe, just the manufacturer had given them different colors so idiots like me would buy two pairs instead of just the one.
I think that the silo we should be in is everything, it’s not one thing. I think that it's all to do with wrangling data, whatever that purpose is. I'm not saying that a person who is good at eDiscovery is necessarily going to be excellent at data analysis. No, I'm not saying that, I'm just saying that the processes and the workflows, the EDRM, or the IGRM, whatever you want to call it, is not and should not be restricted to legal, or litigation in legal. Wherever there's a need to wrangle data, to find data, to wrangle data… by that, I mean defensively getting rid of it, accessing ROT data and doing something to that.
eDiscovery tools and people and knowledge, we've got the clipboards, we’ve got the experience, we know how to interview people and we’re not scared of large amounts of data. I think we should be expanding, everyone should be expanding.
What do People in eDiscovery Bring to the Table?
Are there any particular capabilities or areas of expertise that we from the legal side and from the litigation and discovery or disclosure side bring to bear if we were to move into areas of privacy, governance, or into fields such as medical or whatever else it might be?
Great question. I think that what I imply from that question is not what I actually mean. What I imply from that question is that in order to be effective in other silos you have to be privacy experts or whatever else you say. No. The people who do eDiscovery aren't necessarily litigation lawyers. They are people who know how to find things, to fritter the facts out of them, and to hand them to people who can then make decisions about what they've been given.
So the people in eDiscovery have the expertise of interviewing custodians to find out where data...Data as we know, in the business is never where the business thinks it should be. It's where the individuals keep it. We are experienced in coercing that information out of helpful unwilling custodians. We are comfortable talking to IT people, we are comfortable talking to people in many functions within organizations in order to understand that data map that is essential for privacy reasons, essential for knowing where the rubbish is on your network. We are experts at finding it and preserving it, at collecting it and reducing its volume, in offering it up, or indeed doing a review ourselves having interviewed the end users, the lawyers, to understand what it is that they're interested in, what's relevant, what isn't relevant. Or an investigation, is it responsive or not responsive to the matters being investigated.
We're used to doing it for data subject access requests, certainly in Europe and I gather more so in America. You don't need to be an expert in medicine to be an expert in giving something to the expert in medicine. or to the business expert in order to decide which departments in the business are busiest or slowest, or what the drivers are in the legal department. You know, can you develop FAQs based on the data the legal department has that would take some of the pressure off them to answer frequent questions from the business?
So I think it's not looking at it from the endpoints, which again, it is kind of applying a silo to it as well. It’s looking at the fact that everybody has to cope with data, whatever the end use. So I think that we have a great future in that role, if you like, being the chef not the restaurant critic.
Okay. So we'll put on our chef hats and figure out where to go from there.
That analogy just came to me. I think a chef can cook many different genres of food.
The Impact of Data Privacy on eDiscovery
Okay. Okay, now I understand better. I'd like to ask about data privacy because not that many years ago we did things like repurpose and publish the Enron data, something that of course, none of us would do today.
Of course not.
Of course not. We wouldn't even consider and no one would let us do that type of thing. But the world has changed considerably. What has been the impact of that on eDiscovery? What opportunities does that focus on data privacy create for us, whether it's disclosure or data wranglers?
A very broad subject. And touching on what we were talking about earlier, I'm not a privacy expert but my observations of the impact is that there's now certainly in Europe, a massive inclination towards onsite storage of the found data. So you don’t actually go out of country with it. And the cloud is obviously making this a much easier thing, you just run up an instance in the cloud, in Azure or Amazon or wherever. And you can do that in-country, it’s now a relatively easy thing to do. I haven’t done it myself, but it seems to be relatively easy.
I think that we, certainly in the UK, I’m seeing service providers, many service providers opening up new revenue streams of responding to data subject access requests, DSARs, under the GDPR - the General Data Protection Regulation in Europe. I think that will increase as the spread of GDPR to other countries doing business with Europe will have to respond in like manners. And of course in America as the various states slowly fall to the privacy regulator, that will increasingly happen in the states. So that's a business stream. Plus, of course, for everybody in the ED world, there's a need suddenly to get very quick and experienced with redaction as people need to remove PII (personally identifiable information) from their data sets.
I can remember a long time ago, in about 2010/2011, at the Sedona Conference in Washington DC there was a long conversation led by the judge Shira Scheindlin about whether there was a need to redact PII in discovery generally. There is so much PII that goes around law firms, parties, service providers, third parties, barristers. The PII flying around in our world is amazing. We came to the conclusion at that meeting, I think it was a side issue, it wasn't the main topic for discussion, I think we came to the conclusion after a half an hour, we being the panel and the audience, that it was going to be someone else's problem. That it wasn’t going to be ours. As it was looked at then, at that point with the technology available at that point, it was a massive extra cost burden, a massive extra set of things that needed to be done. And if people weren't saying you have to do it, then we’d move on and address it when we had to address it because it was just such a massive problem.
So, I think that what privacy has definitely brought about is confusion. It’s confusion between data protection and privacy and what it actually means. It's like the response to data preservation to litigation hold. The response was, well, we don't really know exactly what the legal stand is on this so let's just hold everything. Let's just preserve everything. And that can't go on, obviously. So that will have to be addressed. Already in the technology world, if you impose a litigation hold on any business, like shut down its email systems, you bring the business to its knees because of the sheer amount of data wallowing around on its network, which wouldn't normally be there. So, I think it's an interesting area and I would like to have simple clarity over exactly what one can and can't do. And I don't think there's enough of that.
I'm sure there are people who know, I know there are very good specialists in privacy and stuff, but I think generally there is no general knowledge really about it. We know that when you pick up a pen and take the lid off it's going to write for you, should do. We don't know, that easily, what it is that we can and can’t do in terms of privacy. So we tend not to do anything. We tend not to move the data. We tend to try and redact everything that needs to be redacted. But sometimes in our business, clearly you can’t redact everything because sometimes that PII actually indicates what is or is not relevant. So you’ve got to move towards pseudonymization, rather than anonymization, which is not redaction of course. Pseudonymization is making it possible to find out what that piece of information is, if you've got the keys to unlock it.
So, I don't have an answer. It's just the whole new area that's of interest and confused at the same time. But I'm definitely seeing new business lines available for service providers who get asked by their clients to help them respond to DSARs. Which of course with a time limit on them and reputational damage if they're not responded to correctly, have become very important to businesses.
Working Around Anonymization and Pseudonymisation
It seems to me that when it comes to efforts at anonymization and pseudonymisation, so much of what we need to do on the discovery side of things before we get to disclosing data to someone else, is to figure out what happened. We don't know necessarily what we're looking for. If data is anonymized, that can cripple our ability to figure out what happened because we don't know who was communicating with whom about what, with the who and whom.
We pseudonymize it, but do so in a way that allows us to figure out who's communicating with whom; then it's not really pseudonymized. We’ve actually swapped out one identifier with another identifier. Any thoughts on how we deal with that or do we keep that all within the protective borders of what we do, and then only after that, try to anonymize or pseudonymize it?
As you were talking I was thinking, well really the only time that you need to make PII inaccessible, however it's done, however permanent or however temporary, is when it's traveling, not when it’s at rest. Unless the resting place is a place for someone who is not actually engaged in that matter legally or in that investigation legally. I guess that's the most important because that's what we’re worried about. We’re worried about people leaving a laptop on the train or hard drive in the back seat of the car, and of course FTPing it off to someone who never thought that we're going to get something so wonderful.
So I guess the most important would be when it's traveling or going to an organization that doesn't need to see the data for the reasons that you said. They're not part of the investigation or the dispute resolution or litigation or whatever, so they don't need to see that. So one could argue, why do they need the data in the first place, actually. It could be that they’re a courier company, you know, whatever the reason. So I think that's the most important time to do it because you're exactly right. If you're working on the matter and you're devising a plea or getting a deposition out the door, you need to know who the heck did what, when, where, otherwise it's totally valueless.
So, yeah. So I suppose we should consider when it's traveling, but then you need to have a process of easily doing it, pseudonymizing, or obscuring the stuff and easily revealing it. And neither of those is an easy process at the moment.
So to sum it up, challenges.
Yes. In the wild west, we’re back in the wild west.
Self-Service in eDiscovery
One of the things that folks have longed talked about or speculated about, is to what extent eDiscovery has become, is becoming, or could become a self-service market. Thoughts on that?
Yes, I got quite a lot of thoughts on quite a lot of things, I’m afraid. And we’ve only got 30 minutes. 12 minutes now. Yes, my focus and most of our focus, our being the eDiscovery community, has been on the larger law firms, the larger corporates, who have the money to sue each other, the money to get involved in M&A and therefore need due diligence, are large enough to concern the regulators. And really the deep pockets to go deeper into sources of evidence than your average high street law firm, or store or company. So the focus has been on big matters. We talk daily about big pieces of software, big companies, global presence, and so on and so forth. And they are all important, but they serve a small proportion of a market.
If you look at England or Wales and these aren’t hard figures, but they’re ones I kind of heard of over the years. The big boys and girls, the large city law firms in England and Wales, that's our jurisdiction here, not Scotland or Ireland. They make up 10-15 percent of the membership of the English law society. The other 80 percent in litigation have exactly the same requirements and obligations under our civil procedure rules, under your FRCP. And yet they have no tools other than Microsoft and file search and all that kind of stuff. Nothing really available to them to help them find evidence electronically, where it all is now. Whatever your size, unless you're in a company that does not traditionally have electronic communications for anything, which I don't think there's many yet, other than as you go towards the sub-Sahara or something. But even that's changing.
Even that's changed.
Exactly. You know, there's need for copper wiring anymore, for instance. So those countries that don't have an infrastructure like that are no longer restricted. I think there is a vast market out there that needs to be served. And it’s almost an access to justice thing. It's almost that big, an A to J thing. We're seeing it now, there are obviously service providers out there who have aimed specifically at the SME law firm, small, medium enterprise and legal department. And I think that is the next big area of service for people who traditionally have offered this to the deep pockets. It's organizations that don't have Lit. Sup. managers. It's organizations that don't have a process for discovery or eDiscovery; I prefer the term discovery because it's all going to be discovered and treating paper and electronic as different things is not necessarily useful. Many partners actually print out the electronic anyway.
I think that is a big area where we need to spend some time helping. And not necessarily educating, but just making the tools available at a cost that suits them, at the speed that they want. So I think sales teams will start selling to the end user, not to the law firm. Not to Lit. Sup. manager, or the IT director. They will call the partner directly and say look, can I interest you in this? And especially in smaller firms, where their IT support is outsourced, they don't have an IT manager, they’re not that experienced with discovery because they didn't do it that often and they’re very inexperienced at taking a matter to court, because that rarely happens. And yet they have the need to do due diligence on a small scale, to look at evidence, you know, 100 documents, 1,000 documents.
If you're a barrister, a trial lawyer here, and you've got 10 cases, 10 matters on the go at the same time, each of which is a hundred documents, that becomes a not insubstantial amount of stuff that you want to manage. And I find myself talking to quite a few people like that. In the old days, Dragon Dictate and stuff like that, you’d get it on a CD off the PC World in your magazine shop. You don't get this kind of software, doing what it’s designed to do, cheaply.
And you know, if you don't want all the services of document review, the services of admin and 78 certified administrators in an organization, you just want to get the stuff from a client, make sense of it and get rid of it on a daily basis. So I think the self service is a very exciting model that has evolved or surfaced over the past few years.
It sounds like it's more the need for that that’s surfaced than the delivery of that so far.
Yeah. I think that there is a massive education gap at the smaller organizations, who just don't realize... They know kind of they’ve got to do it, but they’re like the larger firms were 15-20 years ago where they just said, I know I got to do it, but I'm going to ignore it because I don't know how to do it. And I didn't really need to because it’s all word of mouth from the client to me.
But I think that when they realize that they can do it, and it's not costing them everything, they don’t have to remortgage their property in order to get technology used for their clients. Then I think that they will be falling over themselves to make use of it, and there will become a bit of a competitive struggle, as there never is between lawyers, to be the ones who get the best tech in at the cheapest price, to service clients. So I think there's going to be quite a battle down there in the short grass between the smaller players, a battle for life and death, I suspect.
Measuring eDiscovery’s Role in Litigation
Quite likely, yes. One of the other challenges that we all face with respect to the processes we're dealing with, is a mismatch between the litigation process as we think of it and how much emphasis we place on discovery these days. Care to elaborate?
Will you stop pushing my buttons?
That's what I'm here for.
I know, I know and you do it very well. I think, and there are others who’ve identified this and I could name them, that discovery disclosure has become, certainly amongst the larger organizations that we've just been talking about, has become a beast all of its own. It has a life all of its own. It has an importance all on its own. I think we've lost sight of the fact that it is simply a blip on the road of resolution. Again, I just made that phrase up.
Alma Asay, one of the people I mentioned, she described it as, there's your soup to nuts, your case from the beginning to trial. And there in the middle is your discovery, the disclosure. And that's all it is. For the lawyers, it's just one part of the whole. But for many of us it seems to be the totality.
But that's not what the budget looks like, is it?
Entirely possible, yes. Well, I think that litigators nowadays are increasingly focused on getting through discovery and then dealing with discovery, rather than on the facts and the merits of the case itself. I think the increase and again, this is on large matters, I think increasingly, knowledge of the matters in the case is vested in contract lawyers on the larger jobs, who are doing the review on behalf of the service provider. Basically, obviously they do a lot more, to tick a box that says, “should this be discovered or not?” Obviously it's a lot more complicated than that, depending on the issues and the nature of privilege and so on and so forth. But it’s essentially, yes/no. If it's yes, it goes. It’s that simple.
I think increasingly that the lawyers who have conduct of the matter, do not have in-depth knowledge of the matters that they need to have when it comes to proofing witnesses, taking depositions, preparing for trial, doing the opening submissions for trial, briefing barristers, trial lawyers, all that kind of thing. I think the whole thing is becoming skewed and it's, “Phew, we’ve got discovery out of the way. Now we can relax and just focus on the law”.
And I think that lawyers should be, as they used to, interviewing witnesses sooner rather than later, before disclosure, before discovery, for two main reasons. One, because they can get a better understanding of whether there actually is a case to answer or to push. Because they actually talk to the people who were there at the time rather than the boardroom who's just heard that there's an issue, or had an argument with another boardroom somewhere. So you need to talk to soldiers as soon as possible. That also in turn will influence what is or is not discoverable. Because you'll have a better grasp earlier on of what the facts are and what disagreements there are as well, possibly. That of course, informs the pleadings and it most certainly informs the direction that you take in any settlement negotiations and any conversations that happened around everything, because the lawyers have a good understanding, as they used to. I'm not harking back for the days of baked bread and no electricity and stuff, but in the old days, lawyers… [connection lost]
I'd like to thank Jonathan for the time we were able to spend with him. Jonathan is the Managing Director of the Maas Consulting Group. He's been in this industry for quite some time, has a longer repertoire of war stories to tell than any of us actually have time to listen to.
I am George Socha, this has been eDiscovery Leaders Live, hosted by ACEDS and sponsored by Reveal. Thanks for joining us all today.
Please join us again next Friday, June 11th, when our guests will be Clare Chalkley of Integreon. Thanks, Jonathan and thanks everyone else.