Forensic Update

Reflections on information management within the legal and regulatory arena

Posts Tagged ‘digital personnel records’

Must Transactional Attorneys Preserve Evidence?

Posted by Johnny Lee on June 5, 2012

Shred-DocumentIt is almost axiomatic in American jurisprudence that the duty to preserve arises for a party when that party “knows or reasonably should know” that litigation is foreseeable.  That said, a recent matter out of the federal courts in New York has raised a very interesting question about evidence preservation duties, as well as when and how they extend to certain parties — including their counsel.

Corporate and litigation counsel alike recognize their (somewhat nebulous) triggering event as the “reasonable anticipation” of a dispute arising, and they respond by issuing data preservation instructions to custodians to ensure that all potentially relevant information is retained for possible review and use in such a matter.  However, federal magistrate judge Joan Azrack has indicated that counsel for a party that destroys evidence might be sanctioned for failing to preserve — independent of a litigation hold — certain documents (including emails) that relate to “the lawyer’s negotiation and documentation of a loan agreement.”

What’s novel in this matter is not that this duty arises for counsel, but when and why.  The case (FDIC v. Malik) involves a suit brought by the FDIC, in its role as the receiver for a mortgage company, against the mortgage company’s attorneys (et alia) relating to a series of loan transactions.

It is important to note that this case is still in process, so its implications (both for litigation- and for records-management) will be watched closely.  Of particular note here is the implication that document retention regulations (in this case, arising out of the attorney’s professional responsibility rules) can establish evidence-preservation obligations where the affected party is “a member of the general class of persons that the regulatory agency sought to protect in promulgating the rule.”  If we were to extrapolate this to organizations across the legal spectrum, this could represent a precedent of staggering influence to corporate America and the way it manages information.

 

Advertisements

Posted in Data Governance, ECM, eDiscovery, Litigation Hold, Records Retention | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a Comment »

ForensicUpdate Editor to present on two CyberSecurity Panels…

Posted by Johnny Lee on May 7, 2012

This year’s AccessData User’s Conference will be help in Las Vegas. This conference brings together world-class instruction from real-world industry practitioners, and it provides a wealth of information related to cybersecurity, forensics, and eDiscovery.

This three-day conference will include luminaries from around the world, leading sessions and delving into the complexities related to acquiring, analyzing, and managing data in fast-paced environments and situations. There is a variety of break-out sessions and hands-on laboratories designed to improve the participants’ skills and to apply what they have learned.

ForensicUpdate editor, Johnny Lee, will participate in two panel discussions: “Data Governance and eDiscovery” and “Data Breaches.”  Click here for more details.

Posted in Computer Forensics, Data Governance, eDiscovery, Information Security, Investigations, Privacy, Records Retention, Social Networking | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a Comment »

DLA Piper publishes global handbook on Data Privacy Laws…

Posted by Johnny Lee on April 23, 2012

The safeguarding of personal information by organizations has never been more difficult or more necessary.  This is true not merely because of the relatively unchecked trends of data proliferation and data portability but also because of the increasingly complicated legal and regulatory landscape.

Organizations of all sizes are struggling with this, but multi-national companies have a unique set of challenges in trying to identify —much less reconcile — the myriad of rules, regulations, and laws related to the protection of personal data.  This is what makes DLA Piper’s subject contribution such a welcome addition to the compliance literature.

The DLA Piper Information Law Team have published a handbook with “an overview of the applicable privacy and data protection laws and regulations across 58 different jurisdictions, including a section on enforcement.  Edited by Cameron Craig, Paul McCormack, Jim Halpert, Kate Lucente, and Arthur Cheuk, the DLA Piper 2011/2012 Data Protection Laws of the World Handbook is available here.”

Posted in Data Governance, ECM, Information Security, Privacy, Records Retention | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a Comment »

Forensic Update editor presenting at 7th Annual Fraud Summit…

Posted by Johnny Lee on March 20, 2012

The seventh-annual “Fraud Summit” will be held later this month at the University of Texas at Dallas.  This summit is a collaboration among the Dallas Chapter of the Institute of Internal Auditors, the North Texas Chapter of ISACA, and the Dallas Chapter of the Association for Certified Fraud Examiners.

This two-day conference will include “numerous sessions with dynamic presenters on current fraud topics,” including a variety of break-out sessions designed to improve the participants’ fraud-detecting skills and to apply what they have learned.  Several sessions will focus upon “advanced fraud techniques and case studies for those looking for more than just the basics.”

ForensicUpdate editor, Johnny Lee, will present on the topic of “Data Governance and eDiscovery.”  Click here for more details.

Posted in Announcement, Computer Forensics, Data Governance, eDiscovery, Fraud, Investigations | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a Comment »

Data Classification — Proactive Gambit against Reactive Inertia

Posted by Johnny Lee on February 28, 2012

Data Classification

Countless times during my career, I’ve been asked why data classification makes financial sense for an organization.  This particular conversation typically arises in the context of a rebuttal to an unpopular project that has been proposed (i.e., one that doesn’t affect the bottom line — at least in a material and self-evident way).

Data classification can mean many things, of course, but from a data security perspective it typically involves the assignment of a sensitivity rating (or level) to various data used by an organization.  The purpose of this assignment is, above all, to avoid “boiling the ocean,” as we consultants like to say.

Whether an organization is responding to a specific regulatory mandate, an active litigation, or merely taking a proactive stance toward its information management lifecycle, properly classifying the data is the first step.  Such classifications (e.g., top secret, secret, confidential, restricted, and unclassified) allow organizations to identify what data an organization is handling on a regular basis, how well it is securing such data, and whether significant risks are being mitigated that relate to same.

While computer applications and appliances exist to help with data classification, ultimately this is a subjective exercise.  Properly done, it includes all strata of the business, incorporates a risk-based approach, and contemplates business, technical, and other points of view.  Only by identifying which data are important to the business, can an organization hope to quantify how expensive and inefficient its one-size-fits-all data management strategy truly is.

While data classification is most often cast in the light of risk-avoidance, there are significant benefits to classifying data that do, in fact, translate to the bottom line.  Indeed, when an organization invests the time to classify its data, there are frequently entire populations of content that are being secured at great cost — though the actual content of these files merits no such security.  These savings alone can pay for a data classification exercise.

Similarly, when organizations truly identify what data are important to their day-to-day operations, a great focus is brought to bear on how those data are created, managed, copied, distributed, and (ultimately) retired.  This heightened awareness likewise has tremendous benefit for companies — whether in heavily regulated industries or not.

Posted in Data Governance, ECM, Information Security, Records Retention | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a Comment »

General Counsel Toolworks Forum: Data Governance & eDiscovery

Posted by Johnny Lee on December 1, 2011

Sponsored by Grant Thornton LLP’s Forensic & Litigation professionals, the Forum offers educational events and resources for today’s in-house counsel and corporate senior management. We collaborate with trial and transaction lawyers from some the nation’s leading law firms to bring you periodic complimentary webcasts addressing important financial, operational and legal issues that can impact your organization.

Each event will be supported by a customized Toolbox — documents and other resources offering guidance on the topics covered by the webcast.  The next Toolworks Forum will focus upon the state of the e-discovery marketplace; the importance of intelligent, proactive information and litigation management; and practical steps companies can take to reduce expenses and risks associated with civil litigation and government investigations.

This webinar event will be held on Thursday, January 19, 2012, and it will begin at 1:00pm Eastern time and continue for 90 minutes.  CLE credit has been applied for, and full details can be found here.  Johnny Lee, Director in Grant Thornton’s Forensic & Litigation practice, and Dante Stella, eDiscovery practice leader at Dykema Gossett, will present.

Posted in Computer Forensics, Data Governance, ECM, eDiscovery, Information Security, Investigations, Litigation Hold, Records Retention, Social Networking | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | 1 Comment »

“Controlling your Data Avalanche” Webinar…

Posted by Johnny Lee on October 27, 2011

 

I am pleased to announce that I will join luminaries from Vedder Price, a prominent U.S. law firm, in a discussion on “Managing your Data Avalanche” on November 16, 2011.  This webinar will delve into strategies for satisfying an organization’s legal obligations associated with Records Retention, eDiscovery, Litigation Holds, and Data Privacy.

“All too often, companies approach their data management obligations reactively and in a piecemeal fashion. This need not be the case; in fact, companies can satisfy their legal obligations with greater certainty — and more economically — through comprehensive data management strategies.”

This Webinar will be of interest to General Counsel, Chief Compliance and Information Officers, and those with a key role in managing eDiscovery or litigation within an organization.  This Webinar will provide an overview of legal trends in data management, with a specific focus on social media, cloud computing, eDiscovery, litigation holds, and data breach preparedness and response.  We will discuss ways in which companies can better manage their data through proactive data-management strategies.

To register for this webinar, please click here.  (Login information and presentation materials will be sent to registrants prior to the webinar.)

Click to learn more about Grant Thornton’s Forensics, Investigations and Litigation practice.   Click to learn more about Vedder Price’s Records Management, eDiscovery and Data Privacy practice.

Posted in Announcement, Computer Forensics, Data Governance, ECM, eDiscovery, Forensic Accounting, Information Security, Investigations, Litigation Hold, Privacy, Records Retention, Social Networking | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a Comment »

Excellent Session with the IT GRC experts at annual ISACA Conference…

Posted by Johnny Lee on October 26, 2011

ISACA_ITGRC-LogoLast week, I had the pleasure of presenting to a lively audience at the world’s leading conference for IT governance, risk and compliance professionals. The event, hosted at the Ritz-Carlton Hotel in Orlando by the good folks at ISACA, brought together a panoply of experts in the auditing, compliance, privacy, and information security space.

I presented on the subject of Data Governance and Electronic Discovery, and how these concepts represent “flip sides of the same coin.” What was particularly rewarding for me was the level of interest and participation during our interactive case study. Thanks to all who attended and participated last week…I enjoyed myself immensely, and I hope that you found it a rewarding discussion.

Posted in Computer Forensics, Data Governance, ECM, eDiscovery, Fraud, Information Security, Investigations, Litigation Hold, Privacy, Records Retention, Social Networking | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a Comment »

Radio Show Appearance: Guest Expert on Business Fraud Awareness

Posted by Johnny Lee on September 6, 2011

ForensicUpdate editor, Johnny Lee, hit the airwaves again with colleague Philip Ratliff.  This time our host was Alan Butler, host of Atlanta’s Premier Business Talk Show “Butler on Business.”  Alan and co-host Jason Riddle facilitated a lively discussion covering a areas of concern to business owners and managers alike.

Listen as Philip Ratliff and Johnny Lee of Grant Thornton LLP’s Atlanta Forensics & Litigation practice comment on a broad variety of fraud issues facing organizations—especially in a down economy.  Segment one of the program can be found here; segment two can be found here. Please note that the views and opinions expressed are personal views and are not necessarily those of Grant Thornton; click here for more on this.

Posted in Computer Forensics, Data Governance, ECM, eDiscovery, Forensic Accounting, Fraud, Information Security, Investigations, Litigation Hold, Privacy, Records Retention, Social Networking | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a Comment »

Litigation Holds, Novel Arguments, and Great Expectations…

Posted by Johnny Lee on March 30, 2011

Hard DriveMuch has been made of recent case law that seems to prescribe a very particular set of steps that parties must take to ensure that potentially relevant evidence is not damaged.  Indeed, courts often work to ferret out “good faith” dealings among parties wrestling with the digital haystacks of electronic discovery (q.v., Courts expect affirmative steps during Litigation Holds and More data on Litigation Hold failures for more details on this).

An interesting case from late 2010 highlights just how closely some courts are scrutinizing counsel’s obligations to both initiate evidence-preservation efforts and to monitor that preservation throughout the litigation lifecycle of a given matter.  In Am. Gen. Life Ins. Co. v. Billard, 2010 U.S. Dist. LEXIS 138570 (N.D. Iowa Dec. 29, 2010), a defendant insurance company sought to obtain details related to both the nature and extent of the Plaintiff’s litigation hold protocols.

Plaintiff’s response was both curious and bold.  Conceding that there was no litigation hold issued and that counsel had, in fact, received but not reviewed the company’s record retention policies and procedures, counsel proceeded to tell the court that neither of these may be important because the Plaintiff employed a “comprehensive method” for preserving electronically stored information (“ESI”).

Unfortunately (at least for followers of this particular arena of case law), the court punted on the question of whether “comprehensive method” of ESI preservation could obviate the need for a litigation hold letter (and accompanying monitoring by counsel).  That said, the court did require Plaintiff to either produce any litigation hold letters issued or to state that none in fact were issued, effectively forcing an admission that counsel may have dropped the ball in failing to put individual custodians on notice of their preservation obligations.

Leaving aside the novel argument that a sophisticated data-preservation system could allow organizations to avoid spoliation dangers, the court in this case seems to rebut another motif in the eDiscovery universe that is receiving a lot of attention.  The theme in question is what commentator Ralph Losey has aptly dubbed the “Luddite fallacy” (albeit in a slightly different context).  Simply put, the fallacy is that technology will eventually displace the independent judgment of both counsel and those data custodians with direct knowledge of potentially relevant evidence.  We see this in the well chronicled fears that document review technologies will displace high-dollar reviewing attorneys.  It now seems that we must apply equal skepticism to the perceived “threat” that technology can displace the experts’ roles in evidence preservation and production.

Until courts bless, without qualification, the notion that you can hit the “Easy Button” and dispense with your litigation risks, this commentator thinks it best to stick with the tried-and-true method of opening lines of communication early and often among counsel, relevant data custodians, information technology professionals, and any other experts that may be deployed in a given litigation or investigation.  Technology can support these key steps in very effective and efficient ways, but the failure leverage the appropriate individuals and processes could result in new and memorable case law…though not necessarily in a way that your organization would find beneficial.

Posted in Data Governance, ECM, eDiscovery, Investigations, Litigation Hold, Records Retention | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a Comment »

 
%d bloggers like this: