Data Exposure Podcast

Take Back Control How In-House Legal Teams Are Reclaiming Power in Litigation

In-house legal teams are rethinking litigation by reducing data sprawl, preserving information in place, and enforcing governance to improve efficiency, control costs, and strengthen defensibility before disputes arise.

Litigation risk isn’t just growing. It’s spreading. And too many legal teams are still responding the old way, collect everything remotely related to litigation, ship it out for collection and review, and hope for defensibility later.

In this episode of Data Xposure, brought to you by Exterro, Greg Gruic, a computer science engineer turned Law Operations leader at Marathon Petroleum, explains how in-house teams hope to reclaim more control. His approach: stop exporting risk and start tightening governance before litigation begins.

Listen to this podcast to learn:

Why data sprawl is leaving legal departments less prepared than ever
How “evergreen” data maps and intake workflows prevent downstream chaos
Resetting engagement expectations so outside counsel works inside your controlled environment

Mike Hamilton (00:09)

Welcome to Data Xposure, the podcast for data risk leaders brought to you by Exterro My name is Mike Hamilton, the VP of Corporate Marketing at Exterro and we'll be your host today. Right now, litigation risk isn't just growing, it's spreading. For years, the industry standard was always a relay race of manual handoffs, collect everything, ship it out to a law firm and hope the process holds up in court. But as data volumes explode, that hope and ship model has become a massive liability.

In this episode titled, Take Back Control, how in-house legal teams are reclaiming power in litigation, we're joined by someone who is fundamentally changing that narrative. Greg Gruic law operations manager at Marathon Petroleum, didn't start his career in a courtroom. He started it with a computer science degree. He's an engineer who realized survive the era of tremendous data growth, legal teams have to stop exporting the risk and start tightening their architecture before first

subpoena even arrives. We're diving deep into a couple of topics that will empower in-house legal teams to take back control of their litigation processes, including why traditional data sprawl is leaving departments unprepared, how evergreen data maps prevent downstream chaos, and the inventive new tactic Greg uses to ensure outside counsel works inside his environment. We hope you enjoy today's episode. I know I did.

Mike Hamilton (01:30)

Hey, Greg, thanks for joining us here today on Data Xposure Greg, before we dive into our conversation today, I'd love for our audience to get to know the person behind who you are, right? A former engineer and ⁓ outside of managing legal operations, what is the one hobby or passion you have that helps you kind of reset, you know? And is there a mindset from that part of your life that you brought into your daily?

Greg Gruic (01:57)

Yeah, I would say right now ⁓ hockey is dominating my life. ⁓ And I have a youngest kid that's actually playing hockey. helped coach his team. But because I was coaching, I started playing as well. So really new to it, that's my stress relief. That's my freedom when I come out of work. It's usually going to an ice rink somewhere, freezing my butt off. ⁓ The thing that I get from hockey, and I think you learned a lot this year as I stepped into the coaching role, was

Mike Hamilton (02:16)

Nice.

Greg Gruic (02:24)

things are always changing consistently. Like, you know, can have the best laid plan out with the kids, somebody gets a penalty, something you need to adjust the plan every time you go through. And I think that's something that's played well into what I do on a day-to-day basis within the legal organization. So I think that being ready for that ever-changing environment.

Mike Hamilton (02:43)

That makes a ton of sense and especially working with kids, feel like Greg, right? Like everything kind of gets boiled down to like this very like human level of like, are we communicating effectively? Can we pivot to change effectively? And what a great time to be a hockey fan with ⁓ the Olympics just getting over with, right?

Greg Gruic (03:02)

Yep, yep,

coming into the Stanley Cup, getting those final derives into the Stanley Cup and coming off of a USA win was huge for sure.

Mike Hamilton (03:09)

Awesome. Awesome. And Greg, you're located up in Minnesota, correct?

Greg Gruic (03:14)

No, I'm actually in Northwest Ohio, so.

Mike Hamilton (03:17)

I apologize, I apologize.

Well, that is hockey country there. Thank you again for joining us. Let's dive into the podcast and get to know your work environment a little bit and how you got into the industry. What's always really curious to me about getting into more litigation, eDiscovery type activities is people didn't really set their careers at the very beginning to be like, man, I really want to do this, right?

So can you tell me a little bit about how you got into the industry, and especially those early days, like was there a specific darkest hour or moment where something went wrong, where you realized the traditional habits that happen in litigation were somewhat broken?

Greg Gruic (04:02)

Definitely a different past being computer science engineer. My goal was I wanted to write video games, honestly. That's the idea that I had. Fell into the corporate world and it was fortunate enough to do some internships at Marathon and then ended up supporting the legal organization on the back end. So understanding their apps and the processes that they're doing. Knowing absolutely nothing about the litigation process and it was really more of, how can I support these applications and make these attorneys jobs?

Mike Hamilton (04:10)

Bye.

Greg Gruic (04:30)

and the legal operations jobs easier for everybody. One of the things that, you know, as I stepped into the role as taking over for somebody that was moving off was we had just acquired or implemented Exterro as an on-premise application.

And the initial expectation of it was to actually collect to preserve, right? And that was before they had the unified vault. So every matter had its own collection of data. So if I was on two holds, you collected my mailbox twice, right? In that first three to five months of having it stood up, I think we hit 100 terabytes of data that was collected that we were trying to preserve. looking at that from what we were trying to do on premise was just a

a big challenge and we could see that that wasn't going to be sustainable.

expectation going forward, right? switching to trying to do some of that preservation in place or preserving it where we could. it was, you know, like I said, during the early days, it was before, you know, Exterro really had the good integrations with with 0365. So you didn't have the in place preservation as well as you could in some areas. So I think that was, you know, kind of eye opening on how much data they were trying to even just just preserve yet alone, you know, get into that collection side of

things ⁓ for what we needed to use in legal matters. It was excessive.

Mike Hamilton (05:43)

Do you mind explaining to our audience, when we say preserve in place, what do you mean by that?

Greg Gruic (05:49)

Yeah, so wherever the data lives is where we want to hold it, right? So you you think about your mailbox, your mailbox has it's already there, right? So let's throw a flag on it and says, hey, this data cannot be deleted from this mailbox because it's on a legal hold, right? So we keep it in the mailbox until we truly need it. So we do the same thing with OneDrive, with Teams, with SharePoint data. And there's a ton of different applications that are building out the functionality to allow you to just hold their data or put a flag on

that says, you can't delete this. It's there until this legal hold is released. So keeping it where it's natively stored is the goal. Why make copies? Like I talked about with that Darkest Hour question earlier, we had growing up to 100 terabytes of data that was making copies of it. So that 100 terabytes already existed somewhere. Now it's duplicated somewhere else. And we try to avoid that as much as we can.

Mike Hamilton (06:25)

Sure.

Yeah, and from a legal perspective, mean, collecting more and more data, that's just more and more data that you have to review, right? And then there's a storage cost on top of that that tend to add up. So, you know, the way I look at it, I'm curious if you agree, do you see kind of in-place preservation as kind of that happy medium? Because I know some organizations, some of our customers, they'll just send out legal hold notice and say, self-preserve.

Greg Gruic (06:50)

Absolutely.

Mike Hamilton (07:11)

Don't delete anything, we're going to trust you. Then other organizations are, well, we're just going to collect everything just in case. It sounds like you found that nice middle ground.

Greg Gruic (07:22)

Yeah, and I think we have, right? So we still do some of the self-preservation, right? We have physical documents in that area. We have applications that we don't have our fingers on yet that we can say, preserve this in place. And we have some expectation. But we're trying to balance kind of that following our retention policy along with preserving the data, right? So obviously, legal supersedes the policies of data retention. But if we can identify

limited subset of data that we need to preserve and preserve just that it really makes it a little bit easier and helps us You know limit the amount of data that we're bringing into the legal environment in some way shape or form So yeah as much as you possibly can try to leverage in place preservation especially targeted in place preservation, right so One of the pitfalls that we had when we first started doing in place preservation was it was easy to just say hey It's an ongoing hold. So save everything from here until we release the whole right? So so encouraging your team to put

put end dates on it if they're able to be defined, put a to and from date. Obviously there's some instances where you can't do that, but as much as possible, limit the date ranges. Start leveraging early onset keywords. There is a little bit of a gray area on that, because as you start to develop the matter, the legal team starts to develop matter, they might need to expand the range. So think date range as a minimum is the goal for us with

the data or criteria that we need for in-place preservation.

Mike Hamilton (08:44)

Hmm, interesting, interesting. And, you know, it sounds like when you came over there, know, Marathon had a process, but you continue to involve that process rather than try to reinvent the wheel. Do you mind talking a little bit more about that, about how you kind of see the evolution of the eDiscovery litigation space and how you presided over that?

Greg Gruic (09:08)

And I would say, you know, it worked well because they have a good they had a good base, right. And most people probably do have a good base for their eDiscovery processes or that that, you know, that information lifecycle process. And it's always easier to build off of that than it is to try to reinvent the wheel. And there's really two aspects to it. One, you know, obviously you have the capability of of growing what you already know and you're familiar with. But but two, sometimes it's a lot of, you know, budget constraints or IT constraints on limiting you from completely

changing a tool or changing a process that that that you are out of your control right so you know I think growing the tools that you already have and changing your process a little bit makes it an easier transition into something rather than trying to start over you know we look at it

Mike Hamilton (09:54)

Yeah, yeah, make the best of what you have and.

Yeah, in just coming from the IT world, right, Greg, like technology, the amount of data, the types of data, it's evolving at such an accelerated rate. You have to evolve, right?

Greg Gruic (09:57)

That good.

absolutely. Absolutely. You you talk about the volume of data that we're producing on a regular basis is just astronomical to me, right? So getting our hands on and around it is a challenging process every day.

Mike Hamilton (10:23)

So let's move on to kind of how, you know, that evolution leads to how you actually manage your process, right? So most legal departments have a litigation playbook and a lot of our customers say like, we have one, but it's static, right? And you've advocated for that evergreen process. So for our listeners who are struggling with these outdated manuals, how do you go about like,

defining and creating an evergreen, updated, accurate process.

Greg Gruic (10:56)

Yeah, so first thing is is set up a cadence for review, right? So we do quarterly reviews of our our different playbooks. You know, we have a matter management playbook. We have an e-con or eDiscovery, ⁓ you know, playbook that we dive into a little bit more.

It's ensuring that you're looking at it on a regular basis, keeping it in that forefront. Make sure you have the right team members involved in doing so, right? We originally, our eDiscovery manual, as we started off, you know, it was the eDiscovery administrator and our chief litigation officer that was kind of the ones that did it, right? Expand that base out, right? So talk to the people that are also involved. You know, we started including, you know, some of our paralegals that do the actual, you some

the legwork doing the coordination from us to outside council.

Involving our IT department involving, you know, different groups that are involved in the entire end-to-end process and trying to help Have those discussions. It doesn't have to be a long in-depth discussion, but a quarter be like, let's look at what's new in our environment, right? understanding that hey, we have this brand new app and it's creating a ton of data How does that play into the eDiscovery model? How can we try to leverage in-place preservation within that application? How are we setting, you know retention schedules because that's you know, a big piece, right?

how are we getting rid of data before it even becomes relevant to a legal matter, right? So setting those policies around it and doing that review on a quarterly basis for us. might be, you know, semi-annual for some, but I think the quarterly cadence kind of works out, gives you enough time to try to capture all those new things that are coming in.

Mike Hamilton (12:30)

And that sounds simple on paper, like, hey, let's meet on a quarterly basis, let's meet on timely basis to really review, update, evolve this thing. But in reality, getting buy-in from other teams, other departments to come to the table and partner with you can be somewhat hard. And so how did you help to create a culture in which, hey, this is something that we're all in it together?

Greg Gruic (12:56)

Yeah, so there's a couple aspects of it. kind of you got to cater to the teams that you're talking to, right? So when you think about IT talking to them, they're big on data storage, data processes. You know, when we talk about back in the day when we tried to collect to preserve, like, you know, our network team was freaking out because we were bogging down the network because we were collecting so much data, right? And then, you know, the cost around duplicating. So catering to some of their interests.

⁓ Is is kind of how we got that buy-in right? So it's like hey We have an opportunity to try to to to make you know the eDiscovery process easier because you know Everybody gets a legal hold notices like how can we make their processes easier like hey? We're just letting you know that's there and you don't have to do any work if we can You know get your your buy-in up front on hey, let's try to set up some in place preservation So you know catering to each of those little things that are annoyances to people? Kind of help get their their buy-in of saying hey it might benefit us if we actually

Mike Hamilton (13:46)

Mm-hmm.

Greg Gruic (13:49)

try a little harder to help these guys out front and make sure that we're covering our bases.

Mike Hamilton (13:54)

That's a really good point. What's in it for them starting there and working backwards from that? Those are wise words and I think a lot of people can learn from that, right? Because a lot of times people will sort of say, well, it's best for the business. We need to protect the business, right? It's kind of these broad overarching things, but really you're disrupting people's day jobs, right? To ask them to do something else. Well, let's look at the...

Greg Gruic (14:17)

Right. Yep, yep, trying to find a way to

help them benefit,

Mike Hamilton (14:23)

Yeah, 100%. 100%. Like, get some stake in the game on their end. So let's talk a little bit about, you know, we've talked about eDiscovery a lot. And when people talk about eDiscovery, they usually reference the Electronic Discovery Reference Model, which is the EDRM. And, you know, we've had prior guests on this podcast, know, gentleman named Patrick Butts, who is the Director of Legal Ops at Hilltop Securities.

One thing he always referenced was having kind of a seamless eDiscovery process, right? And so can you talk about a little bit for our listeners what the EDRM is and why it's a strategic mistake to treat it as a series of disconnected point solutions?

Greg Gruic (15:08)

Yeah, I would say looking at the EDR in metal, it's kind of a digital filter for eDiscovery, right? There's...

and it's the process to help you narrow down and eliminate the amount of data that you truly need to have available and presented and sent to outside counsel for whatever your legal matter is or, you know, internal if you guys are handling everything internally. It's a life cycle over the data that

I think needs to stay connected because the data is still connected, right? The data doesn't change whether it's in the first stage of trying to find the retention schedule, divide the lifecycle for it, whether it ends up being part of your eDiscovery case, whether you're collecting it, preserving it, reviewing it, producing it, all the steps that are listed in that EDRM, it is still that single source of truth, that single piece of data. And I think you have to have that connected so that you maintain

the right metadata, the right defensibility around that data. So I think it starts, it's that entire data lifecycle that starts with your information governance around a single piece of data, a single file, a single piece of metadata. And if you disconnect those, you're introducing gaps and risks of losing that metadata, corrupting the data, missing the data completely. So if it's not into the connected system, you might even miss a data source completely that say, hey, that's not

Then you open yourself up to all kinds of issues within the legal system.

Mike Hamilton (16:34)

Yeah, I think you hit on a good point here. It seems like you're talking, when we talk about a seamless eDiscovery or litigation process when it comes to the discovery process, having that defensibility, that interconnectedness is paramount. And it seemed like when you're early on in your days at Marathon, you guys were more the collect everything. So it's like, let's make sure that we're defensible.

Now it sort of seems, we talk about defensibility and efficiency going hand in hand, it seems like you're kind of moving over to, we're defensible, we know how to be defensible, let's be efficient now. Would you agree?

Greg Gruic (17:13)

Yeah, I think there's definitely been a transition to understanding how those two are intermingled, right? So you still have the defensibility, but yes, let's try to be efficient with it, but also implementing some things that help us.

Mike Hamilton (17:21)

Mm-hmm.

Greg Gruic (17:28)

be more defensible, right? So you're talking about, you know, chain of custody, right? If you can have a seamless system, there's less chain of custody documentation that you need to have to maintain documents that are transitioning between every which way that they go, right? So if you can keep it in a system that has an auditable trail, your defensibility goes up along with those efficiencies.

Mike Hamilton (17:48)

best of both worlds, right?

Greg Gruic (17:50)

That's what you strive for.

Mike Hamilton (17:52)

Yeah,

Exactly. Exactly. If you got both those things, you're set up for success and you're way ahead of the game when it comes to a lot of legal departments. Well, let's get into the meat of today's podcast episode. And really, our podcast today was titled, Taking Back Control of Litigation. And when I was first talking to Greg, we started talking about what his process looked like. And there's something that really stood out to me about something that he mentioned.

how he's working with law firms. And we all know law firms are built around billable hours. So Greg, from an engineering standpoint, why does the habit that we all know, it's commonplace within the legal environment to sort of throw data over the fence, be like, I'm gonna send all this to the outside law firm. Why does that feel illogical that maybe it could even compromise that defensibility and the efficiency that we were just talking

Greg Gruic (18:49)

Yeah, I think there's two things to that that really stand out. The billable hour model is designed to obviously

bill you for hours, right? So the more data you're throwing, the more it's going to cost you for them to review. So there's a ton of, it's kind of backwards from a customer perspective of let's throw them everything because now they have an opportunity to bill you for a bunch more work that you could have either potentially done in-house or if you don't leverage some of the tools to manage the data upfront, you could send less data over, right? The second thing is it talks about around the defensibility, right?

Mike Hamilton (19:02)

Thank

Greg Gruic (19:26)

So there's that risk of the chain of custody that you got to say, hey, I sent them this data. They decided that they were going to review it. And here's the things that they eliminated versus what was actually relevant. So there's a huge risk on.

losing data as you're transitioning it between multiple sources over and over again, right? So as you're sending it to outside counsel, outside counsel is doing the review, either sending it back to you or providing it to opposing counsel and then presenting it. So there's definitely some processes as you're transitioning data that it could be corrupted, it could be lost. But I think the biggest aspect is really that cost aspect of it, right? So you're really shooting yourself in the foot when you throw them everything, when there's some easy opportunities that you can take. like one of the first things that you learn

in ACEDS is how to filter out some of the data, right? So doing that first pass at a minimum internal is almost a requirement for anybody that's in-house at this point in time.

the amount of digital data that's out there. Yeah, the amount of digital data that's out there right now. And like I said, we talked about it's ridiculously that you're creating stuff that has no relevance whatsoever. There's so many digital newsletters, so many things that you should be able to eliminate before you even try to engage outside counsel.

Mike Hamilton (20:19)

Yeah, that makes a ton of sense.

And honestly, Greg, that is a pretty innovative way to be thinking, right? A lot of attorneys and legal departments that I've talked to, they'll kind of fall back on, that's the price of doing business or protecting the business, right? And so the fact that you're evolving that mindset gets into the optimization kind of framework that you probably came from, that world that you came from.

on the engineering side of like, how can we improve? How can we continue to optimize? So let's talk a little bit more about how you fix that problem, right? How do you not throw that data over the wall, right? So how do you get the law firms to actually work inside your environment? And so let's first touch on technology. So what technology is needed to make this idea come to reality?

Greg Gruic (21:36)

Yeah, so it kind of started on us early with some internal processes, right? So we had the tools with our eDiscovery functionality to gather information.

our internal audit team came to us and said, hey, we have an investigation that we need to do. And historically, we've asked IT to produce PST files for these emails so that we can go through and comb through these mailboxes one by one and try to figure out what they're doing. The process was drastically inefficient, right? We talked to them about what they were looking for and kind of backed into a process leveraging our exterior review platform that allows us to collect the data that they need.

and then gives them that functionality within the review platform to do some searching, to do some email change, to do some mapping of conversation mapping, but also allowed us to segregate our internal audit team from our legal team, right? Because they're two different business units. They have different functions. Who knows, maybe the internal audit was trying to look at me, right? I mean, to make sure that we're ensuring that those attorneys can't see what internal audit's doing.

internal

audit can't see what you know our legal team was doing so that's where it kind of started was was our internal audit reaching out asking if we had a way to help them.

improve their processes and then realizing that we had this functionality within the Exterro platform that allowed us to really build out these silos so that we can segregate the data from other users. And the idea came that, you know, it wasn't novel to us when we first rolled out Exterro, I think we had tried to allow outside counsel into our environment when it was still on-prem. And there was a lot of hurdles through our IT side of things that in roadblocks,

that came up that prevented.

anybody from really getting into our network that was the biggest challenge. And I think once we migrated to the cloud, I think we saw those opportunities that, you know, when internal audit asked the questions like, ⁓ let's revisit this opportunity that we had, or this thought process that we had years ago of letting our outside counsel in now that we have the capability of, you know, role based access, reviewing, know, segregated review sets that we can set up for individual outside councils and allow them to come in and actually do

Some of the review sets in our environment that reduce risks of us sending data outside, like where is it going? How is it getting there? Are we encrypting it when we're sending it? All the thought processes that IT asks you when you're talking about protecting the data, we kind of skip over those and say, hey, we're just going to let them into this specific review set that they're going to get the data regardless, but let's keep it in our environment where we have it a lot more controlled.

Mike Hamilton (24:01)

Mm-hmm.

That's a great point. one thing that I've seen in the news a lot is one of the primary targets for hackers, criminals, has been law firms in hacking into their data infrastructure and taking some of that data because it's so sensitive. It's related to litigation. It's related to these sensitive matters. So that makes a ton of sense. Greg, when you're

you have these guardrails in place and you have the infrastructure to bring your law firm or third party in to review the data. Can you talk about, you've kind of touched on a little bit, but talk about the primary benefits of that and what have the results been so

Greg Gruic (24:53)

Yeah, so I'll put my IT hat on a little bit first, right? So initially, every application that we have that hosts data, we have to do the risk assessment. You know, we reach out, talk about what is the risk of their environment? You what are the SOC 2 type 2s? How are you handling our data? Who has access to the data within your environment? Those are all the questions that IT comes out, right? When I joined into the organization, there was kind of this blanket waiver for legal because, you know, it's like, right, we have to give it to this outside council anyway, no matter what, right?

Mike Hamilton (25:12)

Mm-hmm.

Greg Gruic (25:23)

⁓ So this opportunity gives us an opportunity to...

kind of comply with that a little bit more to the fact that, you we're going to vet them a little bit before we let them into our system. But then we host or we control all of those uncontrollables that you stick. We used to experience by saying, hey, it's legal. We have to send it over. So we got this blanket waiver. We're just going to send it out without actually reviewing the law firms. Right. So it's it's really that that control from a technology perspective in the risk perspective. Because like you said, know, there's law firms are targeted and we don't know.

or have control over the environment. And generally we don't review it, right? We don't do those full risk assessments when we're looking at some of those partners. Some of the longer term higher level ones that we use on you know, at every case basis almost, it seems like those ones we might do a little bit more of a review. But in general, I think there's a gap there between assessing those outside council vendors that we never did compared to what we do with our technology vendors and anybody that we use from software perspective. So I think that's one huge risk.

The second piece that always comes to mind is the cost basis, right? You look at your outside council building, if you comb through and look at the wine items, you're gonna end up seeing several wine items for data storage, right? So how can we reduce those data storage charges, right? And one of the things that we thought, well, let's have them come into our environment. Let's start doing that internal, right? So now we've given them kind of that...

Mike Hamilton (26:42)

Mm-hmm.

Greg Gruic (26:51)

They were cut off that line item billing of saying, we're going to pay for costs of storage outside when we have an opportunity internally to just do it.

Mike Hamilton (27:01)

No, that's amazing. That's innovative thinking. And I want to touch on something that you told me about, which I thought was a bold tactic, right? You're working with a variety of different law firms. So talk to me about that bold tactic. I don't want to give it away. I don't want to steal your thunder. But can you tell us about that and how it of helped ensure that if you're not saving money and someone doesn't want to come in your environment that you're recouping it in other ways?

Greg Gruic (27:28)

Yeah, so we haven't fully rolled it out yet. So I don't know how the blowback is going to be from it yet, but we're.

curating our engagement letter to include language that indicates that you are going to expect our wall firms to come into our environment ⁓ to leverage our exterior environment to do that initial review or partner with one of the other vendors that we have that we leverage in our exterior environment to review the data. And the expectation is that if you don't do that, that you are going to have to assume the cost for any data hosting. So if we send you data,

you're gonna have to pay the storage costs. I think there's two benefits that we're gonna try to get out of that, right? One, obviously, we're gonna force them into our environment and we can leverage partners like Integrion that we have with Exterro to either do the review for them or train them on the review process in our Exterro environment. Or they're going to be more strict on

⁓ what data they're asking for, right? We talked about throwing everything over the fence, right? Now, if they're gonna be responsible for any of those storage charges, they're gonna probably be a little more detailed on what search terms they want, what date ranges they want, what custodians they're gonna want, right? You're gonna kinda narrow that down into the key custodian. So our expectation is either A, it's gonna be internal, or B, we're gonna see less data going over because they're gonna need less, they're gonna want less data if they're gonna have to assume those charges.

Mike Hamilton (28:49)

That's pretty amazing. mean, anyone that's listening to this, if I were listening to this and I was in-house counsel, I'd be taking notes, right? Because this is something where you're turning the relationship a little bit on its head, right? There's always been kind of this sort of, I'll take law firm, in-house legal partnership that's been a partnership, right? Like, hey, we're here together, working together as a team, but really in reality, you're the customer.

They're the vendor, right? Like you gotta do what's in the best interest of the company that you work for, right?

Greg Gruic (29:24)

Right, like we're still willing to give you our business, but we do have to, one, eliminate some of our risk and two, reduce the cost, right? Billable hours are going through the roof consistently. So what can we do to reduce those costs in some way, or form? Don't want to get into that alternative fee arrangements or flat fee stuff. That's a bigger discussion, but you know.

Mike Hamilton (29:46)

Yeah.

Well, Greg, let's move on and let's look towards the future, right? You've already talked about some really innovative things that you're doing over there at Marathon, Petroleum, but let's go on to, you know, we've heard a lot around AI. We've heard about a lot around new data sources. So one of the data sources that you called out on a prior presentation that you're on with Exterro,

was around those disappearing messaging or those vanishing chats. So do you want to sort of talk about that and how you're kind of trying to protect against those risks that you're seeing with these new types of sources?

Greg Gruic (30:28)

Yeah, yeah, for sure. So and I think this is key. And I think we kind of, you know, touch base on us trying to plug in other departments, right? So talking about including IT, talk supply chain, you know, all those organizations that have insight into applications that you're using, right? Getting your foot in that door, right? How do you get your involvement into those onboarding of new applications, right? So so ensuring that legal is involved. Obviously, there's always the you know, the contract negotiation that bubbles up to legal, right? And they're thinking,

Mike Hamilton (30:43)

Mm-hmm.

Greg Gruic (30:56)

you know, how is our contract working, right? So getting that, and I should say legal operations foot into those applications, those onboarding pieces, right? Asking those questions around.

retention, retention schedules, how are we controlling that data? But then how are we using the data? Right. It kind of goes back to those basis of information governance models that they talk about, where it's you know, want to collect if you're using or collecting any data or hosting any data, why are you using it? Right. And is there way to eliminate it? Right. Because if we can eliminate it at the onset, then you're not going to need it when you get to the discovery side of things. Right. So let's just not collect it in the first place if we're not hosted data at all possible.

But once you have those relationships, it's understanding, taking the information that they're giving you and trying to build the process around it. We talked about the evergreen model, right? So we have those quarterly business reviews and we talk about, here's all the new things that the business is coming out with. And one of them was the ephemeral messaging through tele or WhatsApp, right? We do international business. There's opportunities where you're going to have to use something like that. So finding a solution that will help you get around that.

Mike Hamilton (31:46)

Mm-hmm.

Greg Gruic (32:04)

piece. You know, we leverage telemessage, it creates a backup of everything that we have on on prem so that we can actually collect that data. But being in that forefront, being at that onboarding piece from a legal operations perspective is the critical

aspect of trying to control that, right? You know, it's trying to be that proactive approach instead of reactive. Like, hey, I found out we have this stuff. no, right? Like, let's, let's try to be proactive with it. Get your get your foot into those those supply chain meetings as people are onboarding, you know, when have your legal team as they say, hey, we got a new IT contract that came through that that's going to potentially host data, have them partner you with whoever the businesses that's trying to bring those those pieces in and understand the data that they're trying to bring in. Find out if there are ways

Mike Hamilton (32:27)

Yeah.

Greg Gruic (32:48)

to do some in-place preservation or if there's not like like whatsapp the messages disappear right there's settings that you can change but but help them find a tool that can do it you know and you know everybody who says was the you know the naysayer of the industry like no we can't do that right change that attitude right and help them find a solution that'll help you know get what they need and you'll see a lot more response from them on

Mike Hamilton (33:04)

Yeah.

Greg Gruic (33:14)

providing you data upfront on how you can manage their systems or help them manage it so you don't want to manage your system, you don't want everyone to take that over. But help them manage their systems that they're implementing so that you're better prepared for your role later on if it's needed.

Mike Hamilton (33:28)

Really wise words there and it leads to kind of the elephant in the room when it comes to all of our jobs, no matter what industry you're in. But, you know, there's been a lot of pontification around how AI fits in with legal, right? It's, you know, there's one end of the spectrum of like what you just talked about. Legal needs to be brought into those conversations where AI is supporting other areas of the business, right? But,

There is also AI that can be leveraged to streamline a lot of the activities that we've talked about here today within the legal space, the litigation arena, eDiscovery. So I don't know if you've heard about the news about Anthropic creating a new legal agent. I'd love for your feedback, your own personal views on how do you think AI is going to evolve

in the legal space and what does having a tool like Anthropic coming to do that space, what are the pros and cons of that? What are your take on that?

Greg Gruic (34:37)

Yeah, so I think there's a lot of opportunity for use within the legal realm for ⁓ some AI functionality.

I think it does need to be catered to legal, right? So you sit there and think about, know, we rolled out co-pilot kind of early on within our environment and our attorneys were kind of using it to see what they could do, right? But it was so generalized that it didn't give that legal aspect, Maybe not even the legal terms, the legal communication. So I think there's opportunities where if they're building out models that they're actually training, know, you think of like Harvey or McGoy.

They're building out these models based on ⁓ legal aspects of...

data that I think there will be some benefits, right? I think, you know, doing research is going to be huge, right? If they have a large research database that they can actually cite, right? That's the biggest thing, making sure that you're citing the right data within their environment. I think that's great. think, you know, flagging differences, you know, contract right now, the biggest use is probably in contract generation or contract or redlining, right? So they can flag causes. I think there's some benefit to that as well. I think as we

we build out eDiscovery tools. I think there's a huge benefit to doing those first passes, right? I think there's, you you talk about, you know, billable hours and throwing everything outside or over the fence or trying to keep it internally, but how can we even limit that down even more by leveraging some AI tools that will do those first passes for us and help identify. ⁓

Mike Hamilton (36:08)

Mm-hmm.

Greg Gruic (36:10)

data that truly is not relevant, right? I wouldn't say that we want to leverage it to use, you know, what is relevant, what isn't, there still has to be some sort of human aspect into that, in my opinion. But I think, you know, eliminating some of those, you know, we talked about newsletters and all those things that are just the garbage that fills up everybody's data, right? I think there's a lot of opportunity to try to comb through that. And then also building timelines, right? I think that's really one of the greatest things that AI is going to be able to do because, you know, for us to pay somebody internal or external

to go through and try to look through every messages and where do these people communicate where AI can just kind of build those pieces together. I think there's a lot of benefit to what we can leverage from that EDRM model from the AI tools.

Mike Hamilton (36:55)

Really good points and speaking from Exterro's point of view, we have built specific AI agents to execute on specific tasks within the eDiscovery or data risk sphere. And that's where we kind of see the crux there is, you can have purpose-built solutions that are out there in the marketplace that can really, we're really experts in

in automating and getting you access to information and viewpoints on data that can be really helpful. Right. And so it's really interesting to hear your thought process. And one other question on AI. Just you've seen being an IT guy, an engineer, you've probably seen how, you know, in other areas you're seeing self-driving autonomous workflows.

Do you see that happening in the legal industry? What are your thoughts on that?

Greg Gruic (37:52)

I think there's...

Definitely potential. don't think we're quite there yet, right? Again, building these models around, you know, generalized AI versus something that's specific in the legal realm, I think is where there still needs to be some work. I don't know that there's necessarily, I think there always needs to be a human in the loop, especially when you're talking about legal aspect of it. But I think there's definitely some opportunities to really automate some of these functionalities that we have, right? So you're thinking, you know, reading a subpoena, getting out the proper data,

Mike Hamilton (38:10)

So.

Greg Gruic (38:21)

Can they determine the date ranges that they need to do and automatically issue the IPP? So where we just, our legal team doesn't come in until we're validating that information, right? So is there opportunities that you can tie all the systems? Again, we talked about the seamless integration between everything is how can we tie end to end together so that we don't lose or miss anything. with that process, I think we have a lot of opportunities to automate most of those things.

right? You know, somebody finally get a request that says, Hey, we have a discovery request. Here's the specific keywords, right? So if they can read that email, can we email it to an AI bot and just have it, you know, run those queries for us and produce some results? Absolutely. think there's going to be plenty of opportunity for that to take over.

Mike Hamilton (39:05)

Yeah, and the one point that I would really want to double down on is that interconnectedness tissue, right? That needs to be where all the systems need to talk together to even have that autonomous state even being reached. And then having the security protocols and the audit trails, as you said, to verify like what's being done. Because, you know, as you know, right, legal professionals and security professionals are some of the most risk adverse people out there.

So they'll want to see that audit trail, right? Yeah.

Greg Gruic (39:37)

Absolutely, yeah,

no, is ensuring that the audit trails are like city. You to have that human in the loop somebody that can review the audit trails.

you know, eventually I'm sure somebody is going to automate the audit trails of some sort. Like, hey, here's where this AI screwed up, so we need to fix it here. You know, so I'm sure it's going to end up that way at some point in time. but yes, you know, I think there's the interconnectivity is crucial if you want to try to truly build an end to end automation process that everything needs to talk well together and it needs to be connected together. So.

Mike Hamilton (39:53)

Yeah.

Mm-hmm.

Well, Greg, you know, we're getting to the end of our time here, but, you know, looking back over your career, like, you know, I love to ask people this because it really, to me, highlights, you know, what really you're passionate about. What's been that, career milestone that you've had in your career since coming over to more of the eDiscovery side that's been most rewarding?

Greg Gruic (40:32)

man, know, it's

As I've come into the eDiscovery thing, think it's been helping that transition or transformation from a reactive to a proactive environment has probably been the biggest aspect for me, right? I think, you know, coming in from that computer science information technology side of things, you know, when I wanted to develop applications, had thought about, you know, wanted to video, develop video games, of course, something that somebody could actually go out and do. I think, you know, taking those aspects

of what can I do to make something better before somebody gets into it is kind of what's spun into what I'm doing now and how I'm trying to run the legal operations department is, know, kind of what can we do to be proactive and how can we improve not just our lives but everybody else's around us to make it easier for when we do get into some sort of litigation, right? It's easier for our attorneys, it's easier for our paralegals, but it's also easier for all the custodians that are involved in whatever process that you're doing, right? ⁓

Mike Hamilton (41:07)

Mm-hmm.

Greg Gruic (41:32)

That's kind of big achievement, I guess, is slowly getting that to where it's less involvement for the custodians as needed and trying to, like I said, trying to get to that point where we can automate stuff as much as we possibly can. But yeah, I think that would probably be it.

Mike Hamilton (41:46)

I mean, it's easier said than

done, I'll tell you that much. To make that culture shift from reactive to proactive, especially in the legal industry, I mean, you're fighting uphill against hundreds of years of just culture that's been built up. So kudos to you, Greg. Greg, thank you so much for joining us here today. Thank you for your time.

Greg Gruic (42:09)

I appreciate you having

me on. Thank you. Looking forward to any other future conversations. Anybody needs to reach out and ask questions on how or why we're doing things, I am here for you. Always happy to help.

Mike Hamilton (42:21)

Thank

you again, Greg. Thank you again.

Greg Gruic (42:24)

Thank you.

Mike Hamilton (42:26)

What I love about Greg's story is the reminder that true innovation isn't always about reinventing the wheel. It's about the courage to refine it. Greg's journey from the IT guy to the architect of a unified legal foundation proves that when legal and IT speak the same language,

The results are fundamentally more secure. As Greg reminds us, building this foundation is a marathon, not a sprint. But in a with a crazy amount of annual data growth, the most important step is simply the first one, taking back control. My name is Mike Hamilton. Thanks for joining us on Data Xposure, the podcast for data risk leaders, brought to you by Exterro. We hope to see you next time.

‍