Richard is a partner in Deloitte’s forensic practice, where he leads the forensic technology team in China. He also supports the discovery practitioners in Japan. He specialises in technology strategies for complex investigations and disputes and policy frameworks for information governance and security. His primary focus is the life science and healthcare sectors and he also has experience assisting technology and media companies responding to litigation and regulatory enquiries.

What do clients look for in an effective data and e-discovery expert?

In China, our clients could be described as being in two very different situations. We have multinational corporations, who usually require digital forensics and e-discovery in the context of their internal investigations portfolio. They are looking for in-country technology capabilities and credible experience from practitioners. To them, understanding of the types of issues which face their industry in China is important, combined with language-enabled technology enablers, both of which are critical for efficient and complete investigative review. Our other client group is Chinese companies with global operations, sometimes overseas listed, who are involved in (primarily US) litigation. They are usually new to the requirements of a discovery process and are looking for guidance and help to minimise impact on their operations, ensure the security of their data and for us to be able to speak the same language technically as their offshore external counsel.

What are the advantages and disadvantages of having a global practice?

Certainly we live in a world of sometimes conflicting regulatory obligations, not least laws on data residency and data protection. Having data centres in key global locations helps clients and counsel conduct review onshore, which helps mitigate some of those challenges, as does our ability to report on data overlap between document populations in multiple locations. In addition to data centres, we also have digital forensic labs from which we can deploy in many jurisdictions around the world, without the need to fly in – which in this era of covid-19 has been more of a logistical benefit than a pure cost consideration. It is also a considerable advantage having colleagues well experienced in language and local considerations. In terms of challenges, because we are large and global, inevitably sharing knowledge, tips and techniques in a timely way is something we actively need to consider. Also, our coverage does mean we get to work on large, multi-jurisdictional cases, which means multiple time zones and so often calls early morning and late at night. Making sure we manage our team and keeping an eye out for burnout, is very important.

In your experience, how are restrictions arising from covid-19 affecting the investigation process?

Getting data got harder. Our forensic tech teams are based in Hong Kong and Shanghai. We were unable to travel from Hong Kong to southern China and there were periods we could not travel to certain areas within the PRC even from Shanghai. Some clients had the option of collecting from their enterprise sources, but even then, if their offices were closed, nobody could put data onto physical media to ship to us. We have been working with clients on better ways to collect and transmit data, which in turn has led to opportunities to discuss efficiencies both from a process and an automation perspective.

In your experience, how has the trend towards home and virtual working affected clients?

We see three areas clients need to consider when considering home or remote working: obtaining data for investigations, data exfiltration and external cyberattacks. If staff are working from home and their data is needed for an investigation, that needs to be considered in the triage process: do we have sufficient data from enterprise sources? If we need the endpoint, can we ask them to come in and what are the risks associated? If we want to use network forensic tools, how are the staff connecting to the network and can the enterprise forensic tool ‘see’ data through that connection? Similarly, if an organisation is allowing remote access, is that limited to specific endpoint devices which they can monitor and control? And finally, we have seen cyberattacks trying to exploit the home working trend, and as ever, training (and pre-planned steps to respond quickly) are key here.