eDiscovery Leaders Live: Rose Jones & Jenni Weaver of King & Spalding
Each week on eDiscovery Leaders Live, I chat with a leader in eDiscovery or related areas. Our guests on May 28 were Rose Jones, a partner at King & Spalding, and Jenni Weaver, a senior lawyer also at King & Spalding.
Rose, Jenni and I started with a discussion about King & Spalding’s take on eDiscovery, one which is more expansive than the approach taken by many firms. They not only work on eDiscovery projects but spend a considerable amount of time helping clients build and improve eDiscovery processes. We discussed the technology gap analyses they perform, how they help clients build and implement eDiscovery protocols, and how to gather and make more effective use of metrics. From there we moved to talking about ways to cut costs, sometimes by millions, through implementing standardized procedures, tracking data and actions against retention policies, and, of course, education. I asked Jenni and Rose about how they helped clients meet the challenges of moving data across borders, and in particular what they have seen done with respect to blocking statutes. I closed with my “ideal eDiscovery platform” question; see what each of them had to say on that!
Recorded live on May 28, 2021 | Transcription below
Note: This content has been edited and condensed for clarity.
Welcome to eDiscovery Leaders Live, hosted by ACEDS and sponsored by Reveal. I am George Socha, Senior Vice President of Brand Awareness at Reveal. Each Friday morning at 11 am Eastern, I host an episode of eDiscovery Leaders Live, where I get the chance to chat with luminaries in eDiscovery and related areas. Past episodes are available on the Reveal website. Go to “revealdata.com”, select “Resources”, then select “eDiscovery Leaders Live”.
This week I have with me two guests, both from King & Spalding. One is Rose Jones. Rose is a partner at the firm. She co-leads the firm’s eDiscovery practice and is Director of eDiscovery Project Management and Client Services. She devotes her entire practice to eDiscovery, serving as lead eDiscovery counsel for clients in their highest risk cases. Representative matters have included leading roles and high profile government investigations of global corporations, including, you probably never heard of these places… Google, Toyota, Porsche; high stakes litigation for pharmaceutical and commercial product manufacturers such as GlaxoSmithKline and Purdue Pharma; and most recently a leading role in responding to a wide range of discovery obligations related to matters for Walmart.
The second guest, also from King & Spalding, is Jenni Weaver. Jenni is a senior lawyer based in London although this week, joining us from the U.S. Her practice centers on eDiscovery issues - what a surprise - particularly with respect to representing clients in product liability matters and government investigations. Her primary focus is ensuring her clients’ European operations and eDiscovery processes are compliant with GDPR. This includes conducting data flow maps, assisting with data protection impact assessment and DSARs or data subject access requests.
She also provides advice and counsel to clients to help limit the scope and cost of document review through a variety of techniques and works closely with in-house counsel, co-counsel and vendors to ensure consistency, efficiency, and quality throughout the eDiscovery process.
So Jenni, Rose, welcome. Glad you could join us this week.
Yes, thank you for having us.
King & Spalding’s Unique eDiscovery Approach
I would like to start going into greater detail than I could provide a quick overview with what you all do for your clients because I know, I've worked with you, I've talked with you, and it's not the average approach to eDiscovery.
Right? George, again, thank you so much for having us today. And as you mentioned, we help our clients in high stakes litigation, crisis investigation. And so oftentimes we are diving right into the meat of a matter and working very hard with stakeholders of the companies to try to meet deadlines. We're trying to ensure that data is properly preserved. We're trying to make sure that we can then quickly move it to the collection phase all the way through, as you know, getting documents out the door and produced. Oftentimes during these situations, we are uncovering potential gaps or areas for improvement in the eDiscovery process. And one of the things that we really want to focus on today is one of the things that we love, which is helping our clients build and improve on their existing discovery procedures.
And so as you could imagine, it's a different approach than dealing with the litigation and being in the trenches but we're able to leverage the knowledge that we gained during those situations. So then say, “Okay, how do we make this smoother or how do we make it more cost effective?”
A lot of the time what's really most important for our clients is we want to just discharge our discovery obligations to the best of our abilities but we want to do it in a way that's cost effective for our clients. And so, one of the things that we like to do is a technology gap analysis. And Jenni Weaver, who has been with the firm for nearly 10 years now, is very detail oriented in the technology side of things. She has significant knowledge with respect to overseas litigation, cross-border eDiscovery. She has taken on the opportunity and has done a fantastic job of leading our eDiscovery team in the EU. And she currently resides in London and heads up that practice for us.
And so Jenni, do you want to talk a little bit about how that technology gap analysis is conducted because it does play a key role in our GDPR analysis?
Sure, and quite frankly, when we’re discussing the technology gap analysis it really starts at the beginning and it starts looking at the client's infrastructure, how they are sharing data amongst their departments, amongst subsidiaries, or either you know, other countries. And so we want to understand their flow of data, how they can move data around, how they may be collecting data if they're taking that obligation on and understanding gaps, holes, maybe data flowing in the wrong direction. And we look at that, we sit down, truly in the trenches of IT, and walk through those steps to understand what they're currently doing.
We also, in that same vein, discuss potential issues or things that we need to address to ensure that compliance to GDPR or also within their own binding corporate role of things to make sure that what they say they're doing, they are actually doing because sometimes when you have things written down on paper versus what's happening in practice, they don't necessarily always align.
And then we take that information and we look at the eDiscovery aspect which is, do they have a current vendor of their choosing? If not, then we certainly can help them go down the route of reviewing and letting them select a vendor. And then we talk about what that looks like. Do they want to bring that technology in house? Do they want to take that on? Do they want the roles and responsibilities of creating an eDiscovery IT group, which is different from IT, and that's something that I try to like, scream because it's not the same.
The IT as we know it should be handling IT, and then those roles and responsibilities of truly litigation, discovery work, retention, preservation, potentially collection, that is just a separate role and it should be a group that’s built out and trained to understand how their role overlaps with IT but also it's completely separate and then how they would integrate into both systems.
And so we do that as well, or if they do not want to choose that route and they want to rely on a vendor, we help them through that process. Help them understand the throughputs in metrics of what they were looking for and what they need, and then guide them through that process. And certainly there's lots of vendors out there. There's pros and cons to all of them. And we help them understand what it means and what they're signing up for and how we can assist them throughout the whole process and then obviously partner with that vendor because it's extremely important for us to partner with that vendor to understand what they can do, what they can provide and how we can help them, because it's always a partnership.
And frankly, from that point, Rose and I will start building out the protocols. Because once you kind of get those pieces in place, if you don't have protocols, then nothing will be consistent, nothing can be copied or, the continuity will never be there unless we actually train and then write out the processes so that they can be followed. And so that's something Rose loves and we do a lot. It’s one of her favorite, I think, hobbies, frankly. But she can certainly touch on some of those and how we set those up and work with the client to make sure that not only do we set them up, but they are marketed and people understand them. And then we can set up training sessions so they can actually be followed.
Going Beyond the End of a Matter
This sounds like an impressive array of services packaged together as an offering that can help clients a lot. To get there, you have to convince them to even think about it. There is a very common story arc in litigation. I’ll hugely over simplify: I'm a company, I get sued, I'm outraged, I did nothing wrong, I'm going to fight this till the end of time, no expense will be spared. Time goes on. I'm not so outraged, the expense is met, I want it all done, and finally I give up, I settle the thing. The last thing I want to do is think in any way about anything related to that lawsuit again. Now, I hugely over simplified, but the point is that all too often by the time you get to the end of a matter, a lawsuit or an investigation, the client just wants to move on. How do you get them to think about doing this type of post mortem analysis and rebuilding so they can move forward more effectively in the future?
So, from my perspective, it all goes back to cost savings and cost savings could be presented in multiple ways. Obviously financial, but oftentimes there are these situations where it's incredibly stressful, it's a huge burden on resources within the company. And so employees are having to do more work. So they have a day job and then they've got the rest of their day where they're trying to focus on responding to litigation and identifying documentation or helping out on work streams that might be better suited for other individuals within the company.
And so we tell the story of how we got to the final process, but again, it's a delicate balance of explaining where there could be process improvement. And the key factor in that is metrics, so the great thing about eDiscovery, you can track cost saving through metrics, whether that’s hours, whether that's true cost. And so one of the things that we do is we're able to present that to our clients in a way that tells the story and shows how implementation of standardized procedures will allow you to cut costs significantly. I mean, we have cut the costs of our clients in the millions with just implementing standardized procedures, with renegotiating vendor contracts, with….
Yeah absolutely, looking at ESI protocols, and making sure that we're following and negotiating and helping the trial lawyers or those working directly with the government certainly and truly understand what the client's capabilities are, what their current vendors’ capabilities are. I think that's a great point Jenni. So from my perspective, it's all about being able to track what you're doing and then presenting that to the client. And oftentimes when they see the potential for cost savings, that's the driving factor in moving forward with this type of analysis. And if it's just an end to end process analysis, making sure it's all tied up.
Helping Clients Cut Future Costs
Who then is your audience on the client end? And are you talking with legal, finance? Where?
So oftentimes, we are talking with legal, with IT, with human resources, with procurement and you know, records. So it really is all key stakeholders in the company that you could imagine touch upon eDiscovery because it's not just the legal department. And that's one of the things that we try to do when we conduct these types of end-to-end process overhauls is, we interview key stakeholders and ensure that we're understanding what's important for them on the information governance side. It's really important to help ensure that they have proper policies in place. How are you handling mobile devices? Are you allowing bring your own device? There's huge consequences for not having a standardized procedure in place, just on one piece of technology.
It's really focusing across the entire company and looking, how does each piece of the organization, how the different business units all play a role, when a litigation hits or when a government investigation comes along. Because what you do five years before the litigation hits really has an effect. I mean, it all goes back to the very beginning, it’s not just what's happening at that time.
Just a small comment on that, is for one of our cases that Rose and I have been, our client that we've been working with for almost six years now, they have that exact mentality. Frankly, once we're done, we're done, like get out, like thank you very much, but please leave, essentially. And I remember…
And if I might, she says, like we were really on site all the time.
We were on site. It was like, you have taken all of our space. And frankly, and I said, believe me I want to go home too, but I will say, and this is something especially for companies in Europe, but also companies that really haven't had large litigation and they’re new to it and they don't quite understand what that means, especially when that litigation is with the DOJ or others. And I said, completely understand, I want to go home too, but I will tell you once you open Pandora's Box and you start producing, that box unfortunately doesn't seem to close and it will continue.
And so if we don't set up some policies and procedures now, I mean to the point of data retention and preservation and how you have retention policies, let's look at and see if IT is actually implementing any of them. Because the more data you have, if it's relevant, we have to collect it. If they're not following the retention policies, then you could have mounds and mounds and mounds of data. And as you know, the easiest way to uptick cost is volume, I mean, and that's across the board, I mean processing, collection, processing, review. And so making sure that they have retention policies in place, making sure they're defensible, but also making sure IT understands those policies and are actually implementing them and putting them in practice. Because I think, as Rose says, if you conduct that work early and you conduct it even five years before the next matter, that is going to immensely help with what we have to do, what we have to find and what we have to collect when that matter hits.
Those are the types of topics I really touched on with that client and said, look, you need to plan, plans are important. And unless you want to do the exact thing, which we had to do, which was as Rose says, we came in and we had four months to complete this massive project and the amount of people and hours and machinery that those costs just explode because we don't have time to properly plan and put things in place. And I think over time, they finally started seeing that this probably was going to continue and that they were going to need these policies and procedures. And so, we did kick that off and quite frankly, we're to this day, we're still working on matters. And so I'm glad that we started early, but there's still work to be done, always for every client.
But I do think, explaining to them that it doesn't just disappear, legal files don't disappear. Unfortunately, lawyers are needed. I know everyone hates that idea, but it is important. And so we were able to explain that and Rose had metrics on tons of all the data we had coming in for certain custodians, and it was showing them in real time and in real numbers, what the cost could be five years from now. If they have this much data, you quantify that over time, the cost will increase by x. And so I think that really gave them the motivation to at least listen. And so that was good.
Meeting the Needs and Requirements of European Clients and Data
Many of, probably most of, your clients have operations and a presence outside of the United States. You're not just doing work within the U.S. for them. What are the implications of that?
Rose, do you want to take the first step?
Sure, absolutely. I think from my perspective, when you have a global corporation is education. And the education begins within the client, but then also to your co-council, to the court, to opposing counsel. And from my perspective, on the eDiscovery side, the first thing I want to do is have those conversations with the key stakeholders. And the key stakeholders oftentimes are outside of the company. So make sure they understand the additional hurdle that we have to jump over in order to conduct cross border discovery.
So while it's not impossible, it is a little bit more time consuming. And so from our perspective or for me, it's really that key education at the very beginning, so you're managing everyone's expectations. So that when you are negotiating timing of scheduling of hearings and productions and negotiating your ESI protocol, you’re ensuring that you're including protections that are required from a data privacy perspective. I mean there's just a lot of things that come into play. And so number one for me is education. And so then number two is implementation and so that's where Jenni comes in.
Yay. I will say from my side in the US, that the biggest difference truly, at least initially from the US litigation to working with corporations or our clients outside the US where we have to collect and process and review their data, is the client contact. Truly, the level of contact and what is required to properly conduct these collections and processing outside of the US. In the US, it's kind of just open and you can collect and do most of that work without a whole lot of, depending on the client, without a whole lot of contact with the custodians and do that work quickly and get it out the door.
Whereas, when we’re in Europe, there is a lot more contact and information and notifications that are generally required. And it depends on how you set it up within GDPR, it depends on what you're using as your derogation, but a lot of times there are increased privacy notifications that must go out. If you're going to rely on consent, you have to speak or make sure that the custodian understands the consent form and what it means that they can sign it freely, voluntarily. That also increases the communications with a legal department to ensure that those notifications and consent forms are going out.
That increases a lot of contact with those custodians. You know, we've got clients overseas who allow their custodians to review the documents and disagree, because it's releasing private information. So it's truly a different kind of setting and custodians have a lot of say, and it's important that we understand how to handle that. If they change their mind and they want to rescind this consent, we have to be able to deal with that. And so from my side, as Rose stated, it's a lot more about timing, it's a lot more about communication with the client and making sure that we have set up the processes in a way that we can deal with situations where the custodians can come in and review or they can rescind their consent and we have to figure out how to set aside their data and truly not produce until we come up with a resolution.
And so there's hurdles and there's a lot of things that we have to do in addition to just the normal linear review that are important and must be handled before we really kick off any type of production or transfer of data. And so it's just a lot more paperwork, it’s a lot more time probably spent than it would be certainly in the US. And then frankly, the protocols and the procedures we have to put in place to ensure that we are protecting these custodians, and we are trying to minimize any type of private information to leave the country. It's an enhanced, as Rose was saying, it’s an enhanced workflow, kind of top to bottom.
Let's say you have a new lawsuit based in the US. So, let's pick the Southern District of New York, just because so much happens out of there. And you've got a client where the data at issue is located in France. What happens then? Just to make an easy example.
Thank you. Thank you so much, George, for that one. You know, there's two things, actually there's quite a few, specifically with France, and I will say hurdles, that need to be addressed and looked at. And frankly, one obviously is just the GDPR, the General Data Privacy and Protection. And then also the blocking statute in France. And even recently they've created another, it’s an anti-corruption statute that they're implementing to try to, I don't know if it's enhance the blocking statute, I don't know if it's just an additional roadblock, I’m not really sure what it's going to do in the end.
But when looking at France and we've got to deal with data from France we need to understand, can we find that data elsewhere? Is this a large corporation where we can try to start answering some of the requests using individual data from other countries? Because within the blocking statute, the idea is that you are not to produce commercially sensitive data out of France without going through the Hague Convention, getting a court order. There's a whole lot of hurdles and so it's just a means to make it more difficult to produce out of France.
So there are ideas around finding data elsewhere. Talking to the company, who's talking to whom, where are these state documents stored? Can we find some low hanging fruit in the U.S if it exists? Are there other countries, subsidiaries, or other offices involved where we can look there? Obviously understanding that they likely may have other privacy regulations to deal with.
Another option, and this is something that we are looking at and this is something that we can integrate into the top to bottom process, is setting up a mobile workspace, some people call it a backpack, where you go into France and you kind of set up an infrastructure, a very small one, that we can just handle the collection, the processing, the interview and it remains in-country, so that we can understand what's there. And then maybe understand what we would likely need to get out of France and how to best do that. Because the current opinion is that, and frankly the Supreme Court of the United States have said, you can’t use the statute if we have personal jurisdiction over the company to not provide data that's required for litigation. So there's a whole lot of articles and white papers and things out there regarding what it really means.
There hasn't been a whole lot of enforcement of the blocking statute in France. I believe it's just one case maybe, I think that’s it. So there's a lot of discussion to be had with the client as well on the risk factors and what's important and how we should address US litigation and how important it is to address US litigation, especially if they want to continue to do business in the US. And so there's ways around it, but I think it's really something you work with the client to understand the data map. Where is their data? Can we find it elsewhere? If we have to go into France, if we need that data, we do, we go and we can set up a mobile or backpack process or utilize a vendor in-country. But it's certainly another hurdle in addition to GDPR, which still applies.
So there's still the notification aspect, there’s still consent or working through the derogation to ensure that we can collect and process and do it in complying with GDPR as well as the blocking statute which may come into play if we have to produce.
The Ideal eDiscovery Platform
A lot to keep in mind. We've got just a few minutes left here. I'd like to switch directions and ask each of you my ideal eDiscovery platform question. Which goes like this: What would your ideal eDiscovery look like assuming absolutely no limits? Anything you could possibly imagine, it's available today, and it’s technologically feasible, it works, it all happens. And imagine no budgetary limits. No one cares how much it costs. You've got a pocket book that never ends. What would your ideal eDiscovery platform look like?
So I'll take the first stab, Jenni. So from my perspective, my ideal platform would have all artificial intelligence, machine learning, everything fully integrated. That is such a powerful tool and it's not being leveraged as well as it could be because it's not always fully integrated. And so having that at your fingertips from the time data is processed from the very beginning would be my dream come true, I think. I think for me, that's the biggest piece, the artificial intelligence, the machine learning, and have it immediately available at the very beginning of the process.
I think that that’s, honestly, I think that as Rose just says, it needs to happen. It’s extremely important because the amount of data that we have to deal with today, especially in large scale litigation with large companies, is so vast. And how do we get to the right documents? That's a huge question. And how do we formulate search terms that are good without having that type of intelligence, is difficult. And you need the bells and whistles sometimes to get to the right place. So I think that's a definite.
The other I would say, which I think is a part of this as well, of artificial intelligence, is the need, especially with DSARs and things coming out of Europe and frankly the need to ensure that we are anonymizing or redacting out the private information, is better redaction tools. Better native redaction tool that can help identify in the database and automate some of those reactions that truly aren't based on context, it’s date of birth, it’s health information, they’re insurance number in the EU. Those types of things that it's just really, truly is like regex, a lot of it can be handled that way. And that's a lot of times, how we identify it just that we can look at it. But better tools that can do that in a way that isn't as, let's just say….
Requires as much manual intervention.
Yes, yes. Because there are tools out there. We all know they exist, but they need to be better because there's a lot of manual work that we have to do and a lot of QC. And I just think if we could have, wherever this magic box is, George that you're talking about, it can be changed in a way that we would have the ability to, instead of manual work, it would learn from itself, right? So the artificial intelligence side, so it's learning and we're saying, this is a good redaction and this is a bad one. And it can say, okay this is a good redaction because it’s in the body of the email, versus the signature block. And we have the ability for it to do all that versus us having to go in and actually manually remove it or keep it. And that takes up so much time. I mean, that is a time thing, it is something that you can't get around a lot of times with data from Europe. So, please, someone build that, whoever you are. It would be amazing.
It’s very important, I really think it's in line with what Rose was saying. Like we need more ability to use artificial intelligence and those tools. NexLP and others, they’re great tools but we just need them to be built into the platform.
Well, I can't promise that to you for next week. We will see what we can do.
Thank you Jenni, thank you Rose. Jenni is a senior lawyer and Rose a partner at the law firm of King and Spalding. Thank you both for taking time with me today. I am George Socha, this has been eDiscovery Leaders Live, hosted by ACEDS and sponsored by Reveal. Our guest next week, Friday June 4th, will be Jonathan Maas from the Maas Consulting Group. Again, Rose, Jenni, thanks so much.