Sign up for more with a complimentary subscription to Today’s General Counsel magazine.
Interview with Eric Robinson of KLDiscovery
May 2, 2023
Eric M. Robinson, JD/PMP
Vice President, Global Advisory Services & Strategic Client Solutions
How does AI play a role in establishing efficiencies for data mining in cyber incident response over traditional models?
For almost a decade, the incident response industry has relied on traditional eDiscovery tools to conduct data mining. However, this approach has not been entirely effective, as traditional eDiscovery tools have not been designed with data mining in mind. Data mining is a distinct process that requires a different mindset and approach.
In most scenarios, impacted data sources are extracted from their native environment for data mining analysis, in order to allow the enterprise to get back to business as usual. Extracting the data allows for data analysis and mining leveraging advanced tools and technologies, not readily available in the native environment.
By leveraging better analytics tools in the initial stages of the data mining process, you can create significant efficiencies. Cyber incidents are stressful, expensive, and traumatic for end-clients (and insurers), so finding ways to make the process more effective and efficient is crucial. Artificial intelligence (AI) and AI-related technologies have proven useful in this regard, enabling the industry to deliver better solutions, usually within shorter timeframes and at lower costs than traditional technologies.
How would you describe AI and AI-adjacent technologies from a compliance perspective? And what role do these types of technologies play in an environment of heightened security and changing rules around regulatory compliance?
The current state of the world is marked by the exponential growth of data. Recent studies show that the volume of data being retained, stored, and created annually is doubling. This trend continues to grow due to new data sources, modes of communication, and the increasing need for data intelligence. The availability of data requires alternative means of data analysis, especially for compliance and investigation purposes. Recent headlines have shown that regulators, both in the US and globally, are monitoring organizations more closely in terms of data management, creation, and retention. This monitoring forces organizations to create compliance regimes to manage and maintain data.
Regulated industries have specific requirements they must comply with and there are heightened security concerns due to cyber risks associated with their data. Organizations need to understand the data they have, where it is, and what is in it to identify sensitive or protected data. There is also a shifting landscape of regulatory regimes globally. To keep up with these changes, organizations must leverage technology, automation, and artificial intelligence to help them understand what they have, where they have it, and even alert them when data or communication contains sensitive or inappropriate types of information.
How are these technologies important for regulated industries?
Using the financial services sector as an example, compliance and surveillance programs are critical and required. The challenges posed by today’s data and technology landscape makes it nearly impossible to achieve these requirements without some form of AI or AI-adjacent technology.
Large financial institutions such as private equity and venture capital firms retain billions of messages in their archives, making basic keyword searches inefficient by potentially taking days, weeks, or even months to complete. AI technology is able to scan through these volumes of data and identify potentially illegal and/or inappropriate communications. Standard technology would have a much more difficult (if at all) time identifying this type of behavior.
The shifting regulatory landscape regarding communications has resulted in multimillion-dollar fines to several large financial institutions and related enterprises. As such, organizations are being pressed to be more proactive in ensuring appropriate compliance and surveillance programs. These programs can and should leverage technology enabling them to scan an environment and identify specific emails or text messages that contain critical information that raises a flag. In industries subject to heightened regulations, it is vital to have technology that can monitor data sources efficiently. Without AI or AI-adjacent technologies, regulatory requirements may not be met.
So how can AI and AI-adjacent technologies impact discovery or investigations? And what are the downstream benefits of leveraging these technologies?
In today’s world, leveraging technology can help organizations gain insight into data, making their downstream processes more efficient and effective. By using enterprise-level systems, companies can flag broker trader issues or SEC compliance audits and identify any potential malfeasance. This not only helps in the downstream process of catching issues and taking remedial action, but it also raises awareness, allowing companies to go to regulators and demonstrate their compliance efforts.
Regulators are now promoting a self-reporting mechanism, and identifying issues early on in the process narrows the scope and makes manual reviews more manageable. However, even if enterprise-level systems cannot identify issues, AI and AI-adjacent technologies can help discover and investigate relevant data. By using predictive coding and predictive analysis, organizations can find similar contextual documents within the dataset.
The approach an organization takes toward managing data depends on various factors. Some organizations have in-house teams with expertise in managing data, while others may risk malpractice if they provide legal advice without relevant experience. For organizations with in-house teams, early data analysis can provide valuable insights and help narrow the scope of data before it is provided to outside counsel. This can ultimately reduce the workload and costs for outside counsel.
But managing the data discovery process requires coordination between the end client, outside counsel, and the discovery provider. The discovery process is like a funnel meant to narrow down the scope of data as much as possible. Leveraging AI and AI-adjacent technology can significantly aid in achieving this goal.
With the recent focus on AI in the media, including ChatGPT and the Metaverse, where do you see potential impacts on discovery and compliance?
I think the reality is that we will continue to see an evolution in available technologies, including platforms like ChatGPT and Metaverse, and these will be sources of discoverable data which no one has a solution for yet. There is a forensic challenge as well that, again, we do not have an answer to yet.
Take the Metaverse. You are talking about a platform in which, for lack of a better way to put it, you have individuals role-playing in real-time in a created environment. When organizations start having meetings in the Metaverse as opposed to Microsoft Teams, Zoom, or another similar platform, what type of audit trails, metadata, and tracking is available?
At this point, we do not have answers, but these types of questions are being asked. These newer platforms have not yet been brought into litigation, meaning they have not been tested yet. I think we are going to quickly be struggling to figure out how to answer these questions.
Yes, exactly. It is like any nascent technology where we can see this is going to generate discoverable data, but until someone requests it for litigation, no one is going to create a solution. But I agree that the chatbots and Metaverse are a whole new beast.
They most definitely are.
Article originally appeared in Today's General Counsel's digital magazine:
Share this post: