Using Nuix Discover to Help Law Firms with Data Subject Access Requests

Nuix Discover Reviewer Dasbhoard

Written By:Martin Bonney

This article was originally written for the quarterly Nuix Partner Connect newsletter.

A couple of years back, when the GDPR was about to come into force, there was a great deal of talk about Data Subject Access Requests (DSARs)[1]. While European residents had long held the right to request their data, the fact that it was now free, and that there were potentially significant penalties for non-compliance meant that many organizations expected a tsunami of DSARs. There was an increase but perhaps not a tidal wave. Recently there has been speculation (in the wake of the COVID-19 pandemic and the associated job redundancies) that we are likely to see another surge.

It is important to understand that DSARs are about the rights of a data subject. A data controller must not only confirm whether it is processing the data requested and provide a copy, but also document:

  • The purposes of processing
  • The categories of personal data concerned
  • The recipients or categories of recipient to whom the data has been disclosed
  • The retention period for storing the personal data or, where this is not possible, the criteria for determining how long it will be stored
  • Notice of the existence of the right to request rectification, erasure, or restriction or to object to such processing and the right to lodge a complaint with the supervisory authority
  • Information about the source of the data where not obtained directly from the individual
  • The existence of automated decision-making (including profiling)
  • The safeguards provided if the data is transferred to a third country or international organization.

So, you can see that the exercise is as much about data governance and organization as it is about eDiscovery. Many DSARs are from disgruntled consumers, so managing the requests is mainly about good customer relations. Fix a person’s mobile phone, for example, and they may drop the DSAR.

However, there is one scenario where DSARs take on some of the characteristics of eDiscovery. A DSAR can be a quick and inexpensive way to get evidence to support a claim, without having to start on an expensive formal lawsuit (a kind of shortcut to pre-action disclosure). It can also be a negotiating ploy for an executive wanting to negotiate a decent exit package. “I know your data is a mess, and it will cost you £50,000 to respond to this, so I’ll settle for £20,000.” Or it might just be a disgruntled ex-employee who wants to cause annoyance.

An organization needs to respond to a DSAR within 30 days, but typically they don’t send the data to their supporting law firm until day 20—and I’ve heard stories of day 28. Further, the lawyers don’t necessarily know whether the DSAR is a torpedo about to explode into a larger legal action, or a legitimate request that needs to be answered as efficiently and cheaply as possible.

This is the great advantage of Nuix Discover®: It has the flexibility to support a self-service model designed to maximize efficiency and minimize cost while being able to pivot and become a full-function deep investigation and review tool. Panoram’s vision is to combine the two: Get lawyers used to the technology in day-to-day cases so they’re comfortable using the tools for more challenging ones.

THE MANTRA IS SPEED TO REVIEW AND SPEED OF REVIEW

Of course, that starts with fast and comprehensive data processing. Nuix has long been the benchmark here, and the ongoing enhancements in areas such as Microsoft Teams processing will be crucial going forwards.

Then it is all about the parallel early case assessment workflows of discounting redundant information and finding what is important. Nuix Discover’s analytics tools such as Mines and Clusters might allow you to exclude large amounts of non-personal communication from a review. If there is a parallel complaint going on (say into bullying) then communication network analysis will quickly allow you to see if team members are talking to each other about a person, and the concept cloud will allow you to understand what they are saying and whether it includes anything untoward.

As ever, the key route to controlling costs though is in review; accelerators such as quick coding, code as previous, and macros all help speed up review and so reduce cost. Threading, near dupe, and concepts allow you to streamline review workflows so reviewers get batches of similar data types to look at and make faster, more consistent review decisions.

The DSAR rules allow lawyers to exclude some documents from production, most notably for legal professional privilege and for confidentiality. Most complicated is the scenario of mixed data, where there may be a conflict between the need to provide data to a data subject and not to harm a third party’s rights—known as a tie breaker. Here the ability to note why a decision has been made is crucial, and so too is a consistency of approach. Back to the design of the right workflow.

Then there is redaction. The ability to use search term families to find and redact on individual documents is already useful. Regular expression searches make it possible to identify patterns of personal information (such as credit card numbers, national identity numbers, and passports). Once Nuix Discover has highly awaited case-wide redaction and native redaction for Microsoft Excel, it will have a significant advantage (for a while) over other products. Fast redaction is key to DSARs.

Finally, we have reporting. Law firms may be supporting multiple DSARS and need to make sure they are on track to meet the 30-day deadline, but also to measure accuracy and cost. Ideally this will reveal whether certain approaches are more efficient and make sure they are not losing money. A recent survey by Guardum says it costs £4,900 to answer the average DSAR, which does not leave a lot of fat. In Deer v Oxford University,the court ordered further searches causing the university to review 500,000 documents at a cost of £116,000 (for the disclosure of a further 33 documents).

The world does not standstill. You will notice I have consistently talked about data, not documents. Most kinds of data can be personal data (IP addresses, for instance). As we move to 5G and the internet of things, there is likely to be a coming together of the cybersecurity and forensics end of things and traditional legal review. Finding ways to show and illustrate this will be key and it is our hope that by being a Nuix partner we can both be at the forefront of building compelling solutions.

Source: https://www.nuix.com/blog/using-nuix-discover-help-law-firms-data-subject-access-requests

Nuix Partners with EDMS Consultants to Target Mining, Energy, and Utilities

Perth, Australia – May 11, 2021, Global software company Nuix (www.nuix.com, ASX:NXL) and leading solution provider EDMS Consultants, have announced a new partnership to offer Nuix solutions to the natural resources sector in Western Australia and ASEAN region.

Both companies aim to provide litigation and investigations technology to support the booming natural resources sector which faces increasing regulations, class actions, cybersecurity and privacy issues, internal investigations, and intellectual property disputes.

“Throughout the years we have been in the business, the energy, resources, and utilities sectors are among the most highly regulated industries,” said Peter Buck, Business Development Director of EDMS Consultants. “Now more than ever, operators need full access to their unstructured data or data silos to ensure regulatory compliance.”

He added, “We have worked with PETRONAS, BP, Exxon, PTTEP, and KPOC (PETRONAS/ Shell / ConocoPhillips) on various services throughout the years, and we believe based on experience Nuix has the ideal solution for big organisations with unstructured data”.

The explosion of unstructured data places an increasing burden on large enterprises – especially those in the mining and energy sector that manage very complex projects – to sort through the massive volumes of content they gather, generate and exchange every day. Added to this challenge, the often remote and distributed business model with operations and assets spread over a wide geographical area means that information governance and data access are crucial.

‘’Nuix has a proven history of partnering with large enterprises to solve their messy data challenge,’’ said Jonathan Rees, Nuix Executive Vice President, International. “We have the world’s leading technology for extracting intelligence from high volumes of structured and unstructured data, forged from our experience with regulatory inquiries. Opening new markets and customer segments will continue our growth path and I am excited to partner with EDMS, to drive our combined solution and services, into the wide footprint EDMS has in the natural resources industry.”

About Nuix

Nuix (www.nuix.com, ASX:NXL) creates innovative software that empowers organisations to simply and quickly find the truth from any data in a digital world. We are a passionate and talented team, delighting our customers with software that transforms data into actionable intelligence and helps them overcome the challenges of litigation, investigation, governance, risk, and compliance.

About EDMS

EDMS is a leading solution provider in the Asia Pacific Region, providing enterprise data solutions to the Energy, Resource & Utility industry. We continuously explore and find the best solution to offer our clients. We have a multi-disciplined team of specialists, based in Kuala Lumpur, Malaysia, and Perth, Australia to support our clients. EDMS has implemented projects to the leading Energy, Resource & Utility throughout the region.