eDiscovery platform EMEA user conference 2017

Copyright © 2017 Veritas Technologies LLC.1
eDiscovery Platform EMEA
UserConference 2017

Welcome
David Moseley
Global Solutions Marketing –GDPR and eDiscovery
2 Copyright © 2017 Veritas Technologies

3
Contents
1 eDiscoveryTrends
2 GDPR in Practice
3 Why eDiscovery Platform 9.0?
4 eDiscovery 2017 Journey
5 eDiscovery FocusGoing Forward
6 eDiscovery Platform 9 demo
7 Open Reporting
8 ClosingComments - Rabobank
Copyright © 2017 Veritas Technologies

eDiscoveryTrends
Shaun Hurst
Information Intelligence Specialist

Data Subjects’ Rights
Under theGeneral Data Protection
Regulation –A PracticalView
Tamzin Evershed
Global Privacy Lead

• A privacy law which applies automatically to all 28 Member States of the European
Union (EU) effective 25th May 2018 - when we Brexit it will be enacted into English
law by the new Data Protection Bill
• Applies to “personal data” – any information relating to an identified or identifiable
individual (known as a 'data subject‘), whether they can be identified directly or
indirectly
• Ensures that individuals know and can control how information about them is used
• The data subjects’ rights in the GDPR support it
Copyright © 2016 Veritas Technologies LLC9
WHAT ISTHEGENERAL DATA PROTECTION REGULATION
(GDPR)?

• The GDPR gives individuals new and improved rights:
–Article 15 Right of Access by the Data Subject
–Article 16 Right to Rectification
–Article 17 Right to Erasure (AKA Right to be forgotten)
–Article 18 Right to Restriction
–Article 20 Right to Portability
–Article 21 Right to object to processing for direct marketing,
profiling or where processing is done on grounds of legitimate
interests
–Article 22 Right to object to decisions made on automated
grounds, including profiling
Copyright © 2017 Veritas Technologies.10
WHATARE DATASUBJECTS’RIGHTS?

• Yes: In limited circumstances where the requests
are manifestly unfounded or excessive, in
particular because of their repetitive character
(Or they can choose to make a reasonable fee to
cover administrative costs)
• The burden of proof is on the Data Controller to
prove the request is manifestly unfounded or
excessive
• Guidance is eagerly awaited, but it makes sense
to err on the side of caution
CAN ORGANISATIONSREFUSE?

• There are strict timelines to fulfil a data subject’s request - one
month, plus an additional two months if the request is complex
or the number of requests made by the individual justify it
• Failure to meet the deadline or fulfil the request completely, or
at all attracts the top penalty:
–Fines of up to €20million or 4% of annual worldwide turnover in the
previous financial year, whichever is the greater
–Data subjects can sue for damages
–It suggests a lack of care for customers
WHAT IFTHEYDON’T GET IT RIGHT?

• Right to know:
–Purposes
–Categories of personal data
–Recipients (in particular outside the European Economic Area – EU+ Norway, Iceland, Liechtenstein)
–If possible envisaged period of retention or if not possible, criteria used to determine it
–Details of right to correct, erase or restrict processing, or to object to the processing
–Right to complain to the Data Protection Authority
–The source of the data if it didn’t come from the data subject directly
–The existence of any automated decision making or profiling
–If the personal data goes outside the EEA,what mechanism was put in place to make it lawful
• Right to have a copy
ARTICLE 15 RIGHTOFACCESS

SOWHAT HAPPENSIN PRACTICE?

• Not an absolute right
• Requester must prove that the processing:
–is no longer necessary
–was based only on consent, and that consent is withdrawn
–is on the basis of legitimate interests, and the are no grounds that would allow the Data Controller
to claim its rights override those of the individual
–Is unlawful
• Or
–It was collected in the course of providing an “information society service” e.g. Facebook
–A legal requirement mandates its erasure
RIGHTTO BE FORGOTTEN

• The Data Controller can refuse to the extent that the processing is necessary:
–For exercising the right of freedom of expression (privacy is not an absolute right)
–For compliance with a legal obligation, or a task in the public interest, or the exercise of official
authority
–For public health
–For archiving in the public interest – public health or statistical purposes if it would make it
impossible or impair achievement of the objectives
–For the establishment, exercise or defence of legal claims
AND EVEN IFTHE REQUESTIS LEGITIMATE:

SOWHAT IS LIKELYTO HAPPENIN PRACTICE?

Why eDiscovery Platform9.0?
Mat Beer
Principal Product Manager

CanTrump be Indicted??
19
“Newly Disclosed Clinton-era Memo Says
Presidents Can Be Indicted”
How was this article discovered and
made public?
A FOIArequest by the NewYorkTimes
https://www.nytimes.com/interactive/2017/0
7/22/us/document-Savage-NYT-FOIA-Starr-
memo-presidential.html

What does the released document look like?
20
Content redacted
Stamps and Strike-through Common reason codes

Is this workflowUS FOIA only?
21
DLA Piper have created an interactive map regarding Privacy
Laws across the world.
Absolutely not!!

How can theVeritas eDiscovery Platform
help?
V9.0 GA: December 2017

CLASSIFYDATA
23
WHAT
• Classify data using Integrated Classification
Engine (ICE) with configurable classification rules
• Filter data based on classification tags
WHY
• Accelerate review of personal data (in support of
GDPR or FOIA requests)
[classify]– [redact]– [annotate]

24
PRESETREDACTIONCODES
WHAT
• Pre-defined list of redaction codes
• Auto-populates Redaction Set
• Search & filter by reason code
WHY
• Ensure consistent reasons for redacting
data.
• Example – FOIA has 9 exemption categories
some with sub-categories which are fixed.

BULK REDACTIONS
25
WHAT
• Ability to find and redact text across an entire
dataset
WHY
• Mask sensitive data quickly, reducing review
time and costs
• Ensure consistency of redactions

26
ANNOTATIONTOOLS
WHAT
• Annotate documents during review
• strike through text
• text highlighting
• free text comments
• stamp with image
• Draw lines/arrows
• Produce with annotations
WHY
• Document designations can change – e.g.
“CONFIDENTIAL”to “PUBLIC”.Strike
through/stamp/comment to indicate change.
Strikethrough Comment
Highlight

Veritas eDiscovery 2017 Journey

8.3 – June 2017
CORE IMPROVEMENTS
✓ 25 issues including XSS, Privilege
Escalation, common passphrase, host
header poisoning
✓ Strong cipher suites: TLS 1.2 standard;
dropped TLS 1.0, 1.1
✓ Ability to change MySQL password
3rd PARTY SOFTWARE UPDATES
✓ Java Update pack 121 (manual upgrade for laterpacks
supported)
✓ MySQL 5.6.35 (5.6.36 upgrade via standalone utility)
✓ Oracle OutsideIn 8.5.3
✓ NIST List v 2.55 (Dec 2016)
SECURITYUPGRADE
RESILIENCE
Processing
Improvement:
• Handle over 200 error related to corrupt
Microsoftmessages
Result:
• Ensure Processingcompletes
Export
Improvement:
• Improved large/complexdatasethandling
Result:
• Reduce “partial success”states in export
Backup
Improvement:
• Backup hash and empty directory re-creation
Result:
• Ensure backupsmoved restore correctly

NEW LEGAL HOLD REPORT
29
WHAT
Global report showing every hold (and status)
for every custodian
WHY
Simplifies reporting for Legal Hold status and
activity
Custodian
Name
Email
Address
Case
Name
Legal Hold
Name
Legal Hold Notice
Name
Current
Status Date
Legal Hold Notice
Sender's Email
acmeu1
acmeu1@a
cme.ad Case2 LegalHold4
LegalHold4:
Custodian Notice6 SENT
11:56 AM
3/14/2017 esaadmin@acme.ad
acmeu1
acmeu1@a
cme.ad
LegalHold :
With 65K
Custodians
Notice
LegalHold : With
65K Custodians
Notice: Custodian
Notice1 SENT
5:55 PM
3/15/2017 admin@acme.ad
acmeu2
acmeu2@a
LegalHold4:
11:56 AM
acmeu2
acmeu2@a
cme.ad LegalHold11
LegalHold11:
System Admin
Notice1
SEND_FAILE
D_INITIAL
12:43 PM
acmeu2
acmeu2@a
cme.ad
LegalHold :
With 65K
Custodians
Notice
LegalHold : With
65K Custodians
Notice: Custodian
Notice1 SENT
5:55 PM
acmeu3
acmeu3@a
LegalHold4:
11:56 AM

Performance updates
[Version8.3] Backups/Restores – improvements 40% to 70% faster
[8.3 CHF1 and 2] Page Loadtimes (select pages)– improvements 50% to 90% faster

BACKUP PERFORMANCE IMPROVEMENTS
31
85GB backup 8.2 8.3 Improvement
Backup (D:) 28mins 40 sec 16 min 4 sec 42%
Restore(D:) 1 hr 10 min 55 sec 22 min 45 sec 68%
Backup (NAS) 3 hrs 29 min 25 sec 27min 11 sec 76%
Restore(NAS) 1 hr 13 min 4 sec 39 min 39 sec 46%
Backup (SAN) 29 min 11 sec 9 min 19 sec 71%
Restore(SAN) 1 hr 8 min 43 sec 22 min 24 sec 67%
Indicativefigures – internal testing

32
Indicativefigures – internal testing
Hardware: Singleserver, 128Gb RAM, 24CPU cores, RAID 10 array (15k RPM)
Environment Page name Load time -8.2
CHF4
Load time -8.2
CHF6/8.3CHF2
Improvement
200 ofeach entity:
• Cases
• Backups
• Templates
• Archives
• Collections
• ProcessedCases
• 176 Reviewedand Produced
Cases
AllCases –AllCases 27 3 89%
AllCases Dashboard 414 12 97%
All processing – All cases 129 31 76%
300 of each entity:
• Cases
• Legal Holds
• Collections processed cases
AllCases –AllCases 61 14 77%
AllCases Dashboard 653 66 90%
400Cases only AllCases –AllCases 59 5 91%
AllCases Dashboard Not responsive 51

OTHER 8.3 CHF features
33
• Automatically process Microsoft OST files
• Support for MAPI/HTTP for O365
• Support Single Sign on for Legal Holds with IWA
• MySQL standalone Critical Update Pack installer:
• Link to tech note and installer: https://www.veritas.com/support/en_US/article.000127314

eDiscovery FocusGoing Forward

Forward-looking Statements: Any forward-lookingindicationof plansfor products is preliminaryandall
future release dates are tentative and are subject to changeat the sole discretionofVeritas. Any future
release of the product or plannedmodificationsto product capability,functionality,or feature are subject
to ongoingevaluation byVeritas, may or may not be implemented,should not be consideredfirm
commitmentsbyVeritas, should not be relied upon in makingpurchasingdecisions,andmay not be
incorporatedinto any contract.
35

2018-2020 RoadmapThemes

Version 9 feature demo

eORBIT –Open Reporting
Shaun Hurst
Information Intelligence Specialist

“Who are my ‘frequent flyer’ clients?”
“When is our
Peak Period?”
“How much am I really
saving on my Legal Bills with
this tool?”

Virtual Machine
eOrbit JAVA
Component
eOrbit
Database
Oracle
MySQL Databases
(Case Based) …and more
Reporting Tool Options
A 360° view of all your eDiscovery cases

A look at how eOrbit handles your data

ClosingComments - Rabobank
Thomas Eekels

Rabobank E-discovery
VeritasUser Meeting
London7-11-2017

Rabobank E-discovery
• Compliance does integrity investigations on staff
• Specific compliance staff has the mandate to ‘violate’ privacy
• Employee data is required on a case by case basis
• Only ‘unstructured’ communications data is within scope
(Mail,Chat, Personal File, possibly Phone)
• Other data to be disclosed: Internet traffic, Location, CTV
• Rabobank utilisesVeritas Ediscovery platform ‘formerlyClearWell’
Scope: Internal Fraud (Not litigation!)

• You can earn € 100.000,-
• Have an offer byCOB !
• Have it Payed beforeYear’s end
• Tell me why we need it…..
• Btw:
One of your collegues got the same offer, first come-first go !
BudgetChallenge
December23rd 2011
Rabobank,Compliance
Why eDiscovery Platform

ClearWell grow in licence
• 2012 100 Gb
• 2013 250 Gb
• 2014 500 Gb
• 2015 1Tb
• Current : 1TB pool licence on 3 machines
• Server in Best
• Server in Boxtel
• Mobile server eDiscoveryPlatform = strategic for RabobankeDiscovery
Financed
From savings
We can go
Where the
data is!
I won ! ☺

ClearWell grow in cases
0
5
10
15
20
25
30
35
40
45
50
Year 2012 Year 2013 Year 2014 Year 2015 Year 2016 Year 2017
Total

ClearWell grow in data processing
0
50,000
100,000
150,000
200,000
250,000
300,000
350,000
400,000
Year 2015 Year 2016 Year 2017
#Files
0
500
1000
1500
2000
2500
Year 2015 Year 2016 Year 2017
#Gbytes
Data
retention
policy
Zillionsof
documents

What’s the
problem?
Who does
it concern?
Make sure
nothing
vanishes
Get it all Apply
some tricks Value the
results
(Lawyer)
In-depth
analysis
(Lawyer)
Give it to
them
Go to trail
Rabobank adheres to:

Current implementation
RabobankNederland,Directoraat Toezicht
Done by US or
IT
Done by us
Done by us

-IT staff makes dump of custodian data
-Data has to be transferred to compliance
-Complianceputs dumps inClearWEll
So:

Shift to the left of the EDRM
Plans for …….The future
• IT should not be aware
• IT should not be involved
WHY ??
Rabobank,Compliance

Rabobank,Compliance
Exchange
Share
point
Laptop
Desktop
FileShare Office365 ? HCP E.V.
eDiscoveryPlatform
Automated
Data Collection
Plans for …….The future
Case Mgr
Investigators
2017
2018

So, a challenging 2018:
Redesignserver architecture (into Hot Standby)
Upgrade to ClearWell v9
POCAutomated Data collectionfromthe cloud
BuildAPI to HCP ?

What else do we want:
• Tagging the Processing “Exceptions” for Native Export purpose
• Inject a password dictionary to decrypt files during Processing
• Process .PST > 50 GB
• Process larger files
• Repair .PST better !
• Auto update/scroll the job logs
• Export word list in native form (Not change to lower case)
• Discover & Process jobs in parallel
• Remove the higher ‘already’ processed folder block
• Delete inactive users (save credentials with the archive ?)

• Version 9.0 information will be updated at the following website in December:
https://www.veritas.com/product/information-governance/ediscovery-platform
• In the meantime, to schedule a demo or receive further information, please contact
yourAccount Manager
Next Steps

Thank you
David.Moseley@Veritas.com
Shaun.Hurst@Veritas.com
Privacy@Veritas.com
Mat.Beer@Veritas.com
SIRC
info@sirc.net
202-536-2800
@SIRC_DC

eDiscovery Platform EMEA
UserConference 2017

eDiscovery platform EMEA user conference 2017

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Similar a eDiscovery platform EMEA user conference 2017

Similar a eDiscovery platform EMEA user conference 2017 (20)

Más de Veritas Technologies LLC

Más de Veritas Technologies LLC (20)

Último

Último (20)

eDiscovery platform EMEA user conference 2017