Forensic Update

Reflections on information management within the legal and regulatory arena

Archive for the ‘Computer Forensics’ Category

Panel Discussion on Data Preservation @ 2013 IT-LEX Conference…

Posted by Johnny Lee on October 2, 2013

IT-LEX Logo“Technology is outpacing the law. IT-Lex is a technology law 501(c)(3) not-for-profit organization dedicated to narrowing this gap with entertaining educational experiences.  We are pleased to offer our first annual conference, Innovate.”  The Innovate Conference is an active learning experience with a focus on user participation, and ForensicUpdate editor Johnny Lee will participate in a panel discussion on Friday, October 18th on the topic of data preservation and evidence collection.  Please click here for more details.

———-

Please see the disclaimer associated with content published on (and associated with) this site.

Posted in Computer Forensics, Data Governance, ECM, eDiscovery, Investigations, Litigation Hold, Privacy, Records Retention | Tagged: , , , , , , , , , , , , , , , , , , , , , , , | Comments Off on Panel Discussion on Data Preservation @ 2013 IT-LEX Conference…

Regulator Fines Financial Services Company $9 Million for Email Spoliation…

Posted by Johnny Lee on May 28, 2013

FINRAThe Financial Industry Regulatory Authority (“FINRA”) announced last week that it had levied fines against LPL Financial LLC (“LPL”) to the tune of $7.5 million for thirty five “separate, significant email system failures, which prevented LPL from accessing hundreds of millions of emails and reviewing tens of millions of other emails.”  FINRA also determined that LPL had made “material misstatements” during FINRA’s inquiry into the email failures, resulting in the establishment of a $1.5 million fund “to compensate brokerage customer claimants potentially affected by its failure to produce email.”

While this is technically not a spoliation sanction, which can only be issued by a court, it is nonetheless what those in the eDiscovery arena recognize as punishment for the failure to preserve relevant evidence.  FINRA’s Chief of Enforcement said that LPL simply failed to “expand its compliance and technology infrastructure” as LPL grew.  This resulted in LPL failing “in its responsibility to provide complete responses to regulatory and other requests for emails.”

To be clear, FINRA felt that these failures were both systemic and severe.  To illustrate just a few of the thirty five enumerated failures, see just a few examples below.

  • LPL failed to supervise 28 million “doing business as” (DBA) emails sent/received by thousands of representatives who were operating as independent contractors over a four-year period.
  • LPL failed to maintain access to hundreds of millions of emails during a transition to a less expensive email archive (with 80 million of those emails becoming corrupted in the process).
  • For seven years, LPL failed to preserve and review 3.5 million Bloomberg messages, as required by regulation.
  • LPL failed to preserve emails sent to customers via third-party email-based advertising platforms.

The Chief of Enforcement sums this up in a rather pithy statement: “This case sends a strong message to firms to make sure your business does not outgrow your compliance systems.”  Indeed…message received.

For more on FINRA’s consent announcement, please click here. To read the actual consent agreement, please click here.

Please see the disclaimer associated with content published on (and associated with) this site.

Posted in Computer Forensics, Data Governance, ECM, eDiscovery, Investigations, Litigation Hold, Records Retention, Social Networking | Tagged: , , , , , , , , , , , , , , , , , , , , , , , | Comments Off on Regulator Fines Financial Services Company $9 Million for Email Spoliation…

Excellent panel discussion on the Challenges of Managing Cross-Border Governance…

Posted by Johnny Lee on October 26, 2012

I recently had the pleasure of moderating a panel discussion on the Challenges of Managing Cross-Border Governance.  The event was sponsored by Thomson Reuters, as part of their ongoing series covering topics within the arena of Governance, Risk & Compliance.

Joining me on the panel were a trio of all-star attorneys from the Atlanta area: Scott Burton, Partner at Sutherland; Jason Poulos, Of Counsel at Wheeler Weinberg; and Dewitt Rogers, Partner at Troutman Sanders.  Each of these veteran attorneys shared their perspectives, ranging from the challenges of conducting investigations and litigation across multiple borders to the complexities and impacts of these issues as they relate to Corporate Governance and international Mergers and Acquisitions.

I thoroughly enjoyed myself, and I appreciate the opportunity to take part in such an informed discussion.  I hope that those who attended took as much away from the experience as I did.

 

Please see the disclaimer associated with content published on (and associated with) this site.

 

Posted in Announcement, Computer Forensics, Data Governance, ECM, eDiscovery, Investigations, Privacy, Records Retention | Tagged: , , , , , , , , , , , , , , , , , , , | Comments Off on Excellent panel discussion on the Challenges of Managing Cross-Border Governance…

ForensicUpdate Editor to join panel on “Information Security, Access Control and Forensics”…

Posted by Johnny Lee on August 8, 2012

The Metro Atlanta Chapter of the Information Systems Security Association (ISSA)® will host a panel discussion on information security and related topics in late August 2012.  The meeting will be held on August 30, 2012 from 6:30 PM – 9:00 PM at One Concourse Pkwy NE, 5th floor, Atlanta, GA 30328.  Panelists include Andre Maxwell (Principal at Information Security Xperts, Inc.), Kevin Morgan (Global IT Audit Manager at InterContinental Hotels Group), and Johnny Lee (Forensic Investigator and ForensicUpdate editor).

 

Please join us for a lively discussion of trends, technologies, and lessons learned from practitioners wrestling with these issues on a daily basis.  Audience participation is both welcome and encouraged.  We hope to see you there!  Click here for details.

“The ISSA is a not-for-profit, international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members.  The primary goal of the ISSA is to promote management practices that will ensure the confidentiality, integrity, and availability of information resources. The ISSA facilitates interaction and education to create a more successful environment for global information systems security and for the professionals involved. Members include practitioners at all levels of the security field in a broad range of industries such as communications, education, healthcare, manufacturing, financial, and government.”

Please see the disclaimer associated with content published on this site.

Posted in Computer Forensics, Data Governance, ECM, eDiscovery, Information Security, Litigation Hold, Records Retention | Tagged: , , , , , , , , , , , , , , , , , , , , , , , | Comments Off on ForensicUpdate Editor to join panel on “Information Security, Access Control and Forensics”…

ForensicUpdate Editor to present on two CyberSecurity Panels…

Posted by Johnny Lee on May 7, 2012

This year’s AccessData User’s Conference will be help in Las Vegas. This conference brings together world-class instruction from real-world industry practitioners, and it provides a wealth of information related to cybersecurity, forensics, and eDiscovery.

This three-day conference will include luminaries from around the world, leading sessions and delving into the complexities related to acquiring, analyzing, and managing data in fast-paced environments and situations. There is a variety of break-out sessions and hands-on laboratories designed to improve the participants’ skills and to apply what they have learned.

ForensicUpdate editor, Johnny Lee, will participate in two panel discussions: “Data Governance and eDiscovery” and “Data Breaches.”  Click here for more details.

Posted in Computer Forensics, Data Governance, eDiscovery, Information Security, Investigations, Privacy, Records Retention, Social Networking | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Comments Off on ForensicUpdate Editor to present on two CyberSecurity Panels…

Forensic Update editor presenting at 7th Annual Fraud Summit…

Posted by Johnny Lee on March 20, 2012

The seventh-annual “Fraud Summit” will be held later this month at the University of Texas at Dallas.  This summit is a collaboration among the Dallas Chapter of the Institute of Internal Auditors, the North Texas Chapter of ISACA, and the Dallas Chapter of the Association for Certified Fraud Examiners.

This two-day conference will include “numerous sessions with dynamic presenters on current fraud topics,” including a variety of break-out sessions designed to improve the participants’ fraud-detecting skills and to apply what they have learned.  Several sessions will focus upon “advanced fraud techniques and case studies for those looking for more than just the basics.”

ForensicUpdate editor, Johnny Lee, will present on the topic of “Data Governance and eDiscovery.”  Click here for more details.

Posted in Announcement, Computer Forensics, Data Governance, eDiscovery, Fraud, Investigations | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Comments Off on Forensic Update editor presenting at 7th Annual Fraud Summit…

Federal Circuit’s Model Order adopted to curtail the expense of eDiscovery…Paradigm Shift of Wishful Thinking?

Posted by Johnny Lee on January 30, 2012

eDiscovery-LassoIn a move designed to stem the escalating costs of electronic discovery, the U.S. Court of Appeals for the Federal Circuit recently adopted a Model Order that sets out requirements designed to limit the scope and impact of eDiscovery in patent cases.  In a September 2011 presentation, Chief Judge Randall Rader of the U.S. Court of Appeals for the Federal Circuit unveiled a Model Order Regarding E-Discovery in Patent Cases (“Model Order”).

Judge Rader stated last September (at the joint conference of the Federal Circuit and Eastern District of Texas) that the Model Order will serve as an aid to district courts to enforce “responsible, targeted use of eDiscovery.”  According to Chief Judge Rader, the Model Order was drafted by special committee of the Advisory Council for the Federal Circuit and was designed to achieve the efficiencies achieved via Federal Rule of Civil Procedure (“FRCP”) Rule 30 (which limits the number of depositions that may be taken by each party).

The Model Order contains discrete provisions orchestrated to minimize expensive, overbroad, and time-consuming eDiscovery requests by establishing a process by which parties should exchange information, including electronically stored information (“ESI”).  Under the Model Order, parties are required to exchange “core documentation” prior to any request or production of electronic mail.  This core documentation includes related to the underlying patent and it prior art as well as the allegedly infringing product.

One of the most impactful provisions of the Model Order is its distinct and very detailed — treatment of electronic mail.  The Model Order actually presumes that general production requests shall not include email.  This addresses one of the most significant aspects of discovery in patent litigation, as a good deal of what is typically reviewed in such matters begins (and often ends) with a review of email.

Should this presumption be surmounted in a given matter, the Model Order also seeks to limit the number of custodians from whom email shall be produced.  “Each requesting party shall limit its email production requests to a total of five custodians per producing party for all such requests.”  This too can have a tremendous impact on the scope, expense, and timeliness of document reviews within patent litigation.

These changes alone are substantial, but the Model Order goes on to limit the nature and scope of eDiscovery in several other notable ways:

  • Email production requests should be limited to a total of five search terms, per custodian, per party;
  • Absent a showing of good cause, parties should be exempted from producing metadata;
  • Costs will be shifted for disproportionate production requests (consistent with FRCP Rule 26); and
  • Inadvertent productions are deemed a non-waiver within the pending case or any other state/federal proceeding (consistent with Federal Rule of Evidence 502).

These changes codify a material shift in thinking that speaks directly to the root causes of overblown eDiscovery efforts in patent cases.  Moreover, these changes should begin to bear fruit immediately in the form of reduced “digital haystacks” that parties are required to sift through in search of the proverbial needle(s) they seek.

Indeed, in a recent patent case in the Northern District of California, a U.S. Magistrate Judge granted a defense motion to govern discovery using an order quite similar to the Model Order (q.v., DCG v. Checkpoint Technologies).  Interestingly, in that case, the plaintiff asserted that the Model Order should not be applied, as it was designed to limit discovery abuses by so-called “patent trolls” (as opposed to disputes between actual competitors in the marketplace).  The Magistrate Judge disagreed with this assertion, stating that the Model Order neither deals exclusively with patent trolls nor exempts parties from discovery scope-limitations simply because they are market competitors.

Posted in Computer Forensics, Data Governance, eDiscovery, Litigation Hold, Records Retention | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , | Comments Off on Federal Circuit’s Model Order adopted to curtail the expense of eDiscovery…Paradigm Shift of Wishful Thinking?

General Counsel Toolworks Forum: Data Governance & eDiscovery

Posted by Johnny Lee on December 1, 2011

Sponsored by Grant Thornton LLP’s Forensic & Litigation professionals, the Forum offers educational events and resources for today’s in-house counsel and corporate senior management. We collaborate with trial and transaction lawyers from some the nation’s leading law firms to bring you periodic complimentary webcasts addressing important financial, operational and legal issues that can impact your organization.

Each event will be supported by a customized Toolbox — documents and other resources offering guidance on the topics covered by the webcast.  The next Toolworks Forum will focus upon the state of the e-discovery marketplace; the importance of intelligent, proactive information and litigation management; and practical steps companies can take to reduce expenses and risks associated with civil litigation and government investigations.

This webinar event will be held on Thursday, January 19, 2012, and it will begin at 1:00pm Eastern time and continue for 90 minutes.  CLE credit has been applied for, and full details can be found here.  Johnny Lee, Director in Grant Thornton’s Forensic & Litigation practice, and Dante Stella, eDiscovery practice leader at Dykema Gossett, will present.

Posted in Computer Forensics, Data Governance, ECM, eDiscovery, Information Security, Investigations, Litigation Hold, Records Retention, Social Networking | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | 1 Comment »

Divorce Law ruling with potentially far-reaching eDiscovery implications…

Posted by Johnny Lee on November 10, 2011

Facebook-Divorce-Status-Update

A fascinating case from Connecticut may shake up the eDiscovery world.  About a month ago, Judge Kenneth Schluger ordered that soon-to-be-divorced couple Stephen and Courtney Gallion exchange the login information for their Facebook and dating websites.

Like many recent examples from the case law, the reasoning adopted by the court was that the content found within these accounts speaks directly to a matter before the bar.  Namely, Stephen Gallion is alleging that such content raises questions of parental fitness, something that speaks directly to the issue of custody in this divorce case, according to his divorce attorney Gary Traystman.

The reason this was elevated to the judge is that a prior agreement between the parties to share these account credentials broke down after evidence arose (according to Traystman) that Courtney Gallion had texted a friend, requesting that the recipient log into her accounts, delete some messages, and change some passwords.  The judge issued an injunction against such misbehavior, and he then ordered the parties’ attorneys to exchange passwords for such accounts held by both spouses as a furtherance to the discovery process.

Interestingly, this judicial order violates Facebook’s terms of service.  This raises questions of conflicting guidance, among others, though the parties are undoubtedly going to err on the side of listening to a judge.  As traditional notions of privacy continue to morph within the legal landscape, we will undoubtedly see more of these cases…so be careful what you put into your digital archiveno matter how private you believe it to be, it is both permanent and potentially discoverable.

Posted in Computer Forensics, eDiscovery, Fraud, Information Security, Investigations, Privacy, Records Retention, Social Networking | Tagged: , , , , , , , , , , , , , , , , , | Comments Off on Divorce Law ruling with potentially far-reaching eDiscovery implications…

“Controlling your Data Avalanche” Webinar…

Posted by Johnny Lee on October 27, 2011

 

I am pleased to announce that I will join luminaries from Vedder Price, a prominent U.S. law firm, in a discussion on “Managing your Data Avalanche” on November 16, 2011.  This webinar will delve into strategies for satisfying an organization’s legal obligations associated with Records Retention, eDiscovery, Litigation Holds, and Data Privacy.

“All too often, companies approach their data management obligations reactively and in a piecemeal fashion. This need not be the case; in fact, companies can satisfy their legal obligations with greater certainty — and more economically — through comprehensive data management strategies.”

This Webinar will be of interest to General Counsel, Chief Compliance and Information Officers, and those with a key role in managing eDiscovery or litigation within an organization.  This Webinar will provide an overview of legal trends in data management, with a specific focus on social media, cloud computing, eDiscovery, litigation holds, and data breach preparedness and response.  We will discuss ways in which companies can better manage their data through proactive data-management strategies.

To register for this webinar, please click here.  (Login information and presentation materials will be sent to registrants prior to the webinar.)

Click to learn more about Grant Thornton’s Forensics, Investigations and Litigation practice.   Click to learn more about Vedder Price’s Records Management, eDiscovery and Data Privacy practice.

Posted in Announcement, Computer Forensics, Data Governance, ECM, eDiscovery, Forensic Accounting, Information Security, Investigations, Litigation Hold, Privacy, Records Retention, Social Networking | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Comments Off on “Controlling your Data Avalanche” Webinar…

 
%d bloggers like this: