Forensic Update

Reflections on information management within the legal and regulatory arena

Posts Tagged ‘EDRM’

ForensicUpdate Editor to present on two CyberSecurity Panels…

Posted by Johnny Lee on May 7, 2012

This year’s AccessData User’s Conference will be help in Las Vegas. This conference brings together world-class instruction from real-world industry practitioners, and it provides a wealth of information related to cybersecurity, forensics, and eDiscovery.

This three-day conference will include luminaries from around the world, leading sessions and delving into the complexities related to acquiring, analyzing, and managing data in fast-paced environments and situations. There is a variety of break-out sessions and hands-on laboratories designed to improve the participants’ skills and to apply what they have learned.

ForensicUpdate editor, Johnny Lee, will participate in two panel discussions: “Data Governance and eDiscovery” and “Data Breaches.”  Click here for more details.

Advertisements

Posted in Computer Forensics, Data Governance, eDiscovery, Information Security, Investigations, Privacy, Records Retention, Social Networking | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a Comment »

DLA Piper publishes global handbook on Data Privacy Laws…

Posted by Johnny Lee on April 23, 2012

The safeguarding of personal information by organizations has never been more difficult or more necessary.  This is true not merely because of the relatively unchecked trends of data proliferation and data portability but also because of the increasingly complicated legal and regulatory landscape.

Organizations of all sizes are struggling with this, but multi-national companies have a unique set of challenges in trying to identify —much less reconcile — the myriad of rules, regulations, and laws related to the protection of personal data.  This is what makes DLA Piper’s subject contribution such a welcome addition to the compliance literature.

The DLA Piper Information Law Team have published a handbook with “an overview of the applicable privacy and data protection laws and regulations across 58 different jurisdictions, including a section on enforcement.  Edited by Cameron Craig, Paul McCormack, Jim Halpert, Kate Lucente, and Arthur Cheuk, the DLA Piper 2011/2012 Data Protection Laws of the World Handbook is available here.”

Posted in Data Governance, ECM, Information Security, Privacy, Records Retention | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a Comment »

Forensic Update editor presenting at 7th Annual Fraud Summit…

Posted by Johnny Lee on March 20, 2012

The seventh-annual “Fraud Summit” will be held later this month at the University of Texas at Dallas.  This summit is a collaboration among the Dallas Chapter of the Institute of Internal Auditors, the North Texas Chapter of ISACA, and the Dallas Chapter of the Association for Certified Fraud Examiners.

This two-day conference will include “numerous sessions with dynamic presenters on current fraud topics,” including a variety of break-out sessions designed to improve the participants’ fraud-detecting skills and to apply what they have learned.  Several sessions will focus upon “advanced fraud techniques and case studies for those looking for more than just the basics.”

ForensicUpdate editor, Johnny Lee, will present on the topic of “Data Governance and eDiscovery.”  Click here for more details.

Posted in Announcement, Computer Forensics, Data Governance, eDiscovery, Fraud, Investigations | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a Comment »

Data Classification — Proactive Gambit against Reactive Inertia

Posted by Johnny Lee on February 28, 2012

Data Classification

Countless times during my career, I’ve been asked why data classification makes financial sense for an organization.  This particular conversation typically arises in the context of a rebuttal to an unpopular project that has been proposed (i.e., one that doesn’t affect the bottom line — at least in a material and self-evident way).

Data classification can mean many things, of course, but from a data security perspective it typically involves the assignment of a sensitivity rating (or level) to various data used by an organization.  The purpose of this assignment is, above all, to avoid “boiling the ocean,” as we consultants like to say.

Whether an organization is responding to a specific regulatory mandate, an active litigation, or merely taking a proactive stance toward its information management lifecycle, properly classifying the data is the first step.  Such classifications (e.g., top secret, secret, confidential, restricted, and unclassified) allow organizations to identify what data an organization is handling on a regular basis, how well it is securing such data, and whether significant risks are being mitigated that relate to same.

While computer applications and appliances exist to help with data classification, ultimately this is a subjective exercise.  Properly done, it includes all strata of the business, incorporates a risk-based approach, and contemplates business, technical, and other points of view.  Only by identifying which data are important to the business, can an organization hope to quantify how expensive and inefficient its one-size-fits-all data management strategy truly is.

While data classification is most often cast in the light of risk-avoidance, there are significant benefits to classifying data that do, in fact, translate to the bottom line.  Indeed, when an organization invests the time to classify its data, there are frequently entire populations of content that are being secured at great cost — though the actual content of these files merits no such security.  These savings alone can pay for a data classification exercise.

Similarly, when organizations truly identify what data are important to their day-to-day operations, a great focus is brought to bear on how those data are created, managed, copied, distributed, and (ultimately) retired.  This heightened awareness likewise has tremendous benefit for companies — whether in heavily regulated industries or not.

Posted in Data Governance, ECM, Information Security, Records Retention | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a Comment »

Federal Circuit’s Model Order adopted to curtail the expense of eDiscovery…Paradigm Shift of Wishful Thinking?

Posted by Johnny Lee on January 30, 2012

eDiscovery-LassoIn a move designed to stem the escalating costs of electronic discovery, the U.S. Court of Appeals for the Federal Circuit recently adopted a Model Order that sets out requirements designed to limit the scope and impact of eDiscovery in patent cases.  In a September 2011 presentation, Chief Judge Randall Rader of the U.S. Court of Appeals for the Federal Circuit unveiled a Model Order Regarding E-Discovery in Patent Cases (“Model Order”).

Judge Rader stated last September (at the joint conference of the Federal Circuit and Eastern District of Texas) that the Model Order will serve as an aid to district courts to enforce “responsible, targeted use of eDiscovery.”  According to Chief Judge Rader, the Model Order was drafted by special committee of the Advisory Council for the Federal Circuit and was designed to achieve the efficiencies achieved via Federal Rule of Civil Procedure (“FRCP”) Rule 30 (which limits the number of depositions that may be taken by each party).

The Model Order contains discrete provisions orchestrated to minimize expensive, overbroad, and time-consuming eDiscovery requests by establishing a process by which parties should exchange information, including electronically stored information (“ESI”).  Under the Model Order, parties are required to exchange “core documentation” prior to any request or production of electronic mail.  This core documentation includes related to the underlying patent and it prior art as well as the allegedly infringing product.

One of the most impactful provisions of the Model Order is its distinct and very detailed — treatment of electronic mail.  The Model Order actually presumes that general production requests shall not include email.  This addresses one of the most significant aspects of discovery in patent litigation, as a good deal of what is typically reviewed in such matters begins (and often ends) with a review of email.

Should this presumption be surmounted in a given matter, the Model Order also seeks to limit the number of custodians from whom email shall be produced.  “Each requesting party shall limit its email production requests to a total of five custodians per producing party for all such requests.”  This too can have a tremendous impact on the scope, expense, and timeliness of document reviews within patent litigation.

These changes alone are substantial, but the Model Order goes on to limit the nature and scope of eDiscovery in several other notable ways:

  • Email production requests should be limited to a total of five search terms, per custodian, per party;
  • Absent a showing of good cause, parties should be exempted from producing metadata;
  • Costs will be shifted for disproportionate production requests (consistent with FRCP Rule 26); and
  • Inadvertent productions are deemed a non-waiver within the pending case or any other state/federal proceeding (consistent with Federal Rule of Evidence 502).

These changes codify a material shift in thinking that speaks directly to the root causes of overblown eDiscovery efforts in patent cases.  Moreover, these changes should begin to bear fruit immediately in the form of reduced “digital haystacks” that parties are required to sift through in search of the proverbial needle(s) they seek.

Indeed, in a recent patent case in the Northern District of California, a U.S. Magistrate Judge granted a defense motion to govern discovery using an order quite similar to the Model Order (q.v., DCG v. Checkpoint Technologies).  Interestingly, in that case, the plaintiff asserted that the Model Order should not be applied, as it was designed to limit discovery abuses by so-called “patent trolls” (as opposed to disputes between actual competitors in the marketplace).  The Magistrate Judge disagreed with this assertion, stating that the Model Order neither deals exclusively with patent trolls nor exempts parties from discovery scope-limitations simply because they are market competitors.

Posted in Computer Forensics, Data Governance, eDiscovery, Litigation Hold, Records Retention | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a Comment »

Divorce Law ruling with potentially far-reaching eDiscovery implications…

Posted by Johnny Lee on November 10, 2011

Facebook-Divorce-Status-Update

A fascinating case from Connecticut may shake up the eDiscovery world.  About a month ago, Judge Kenneth Schluger ordered that soon-to-be-divorced couple Stephen and Courtney Gallion exchange the login information for their Facebook and dating websites.

Like many recent examples from the case law, the reasoning adopted by the court was that the content found within these accounts speaks directly to a matter before the bar.  Namely, Stephen Gallion is alleging that such content raises questions of parental fitness, something that speaks directly to the issue of custody in this divorce case, according to his divorce attorney Gary Traystman.

The reason this was elevated to the judge is that a prior agreement between the parties to share these account credentials broke down after evidence arose (according to Traystman) that Courtney Gallion had texted a friend, requesting that the recipient log into her accounts, delete some messages, and change some passwords.  The judge issued an injunction against such misbehavior, and he then ordered the parties’ attorneys to exchange passwords for such accounts held by both spouses as a furtherance to the discovery process.

Interestingly, this judicial order violates Facebook’s terms of service.  This raises questions of conflicting guidance, among others, though the parties are undoubtedly going to err on the side of listening to a judge.  As traditional notions of privacy continue to morph within the legal landscape, we will undoubtedly see more of these cases…so be careful what you put into your digital archiveno matter how private you believe it to be, it is both permanent and potentially discoverable.

Posted in Computer Forensics, eDiscovery, Fraud, Information Security, Investigations, Privacy, Records Retention, Social Networking | Tagged: , , , , , , , , , , , , , , , , , | Leave a Comment »

“Controlling your Data Avalanche” Webinar…

Posted by Johnny Lee on October 27, 2011

 

I am pleased to announce that I will join luminaries from Vedder Price, a prominent U.S. law firm, in a discussion on “Managing your Data Avalanche” on November 16, 2011.  This webinar will delve into strategies for satisfying an organization’s legal obligations associated with Records Retention, eDiscovery, Litigation Holds, and Data Privacy.

“All too often, companies approach their data management obligations reactively and in a piecemeal fashion. This need not be the case; in fact, companies can satisfy their legal obligations with greater certainty — and more economically — through comprehensive data management strategies.”

This Webinar will be of interest to General Counsel, Chief Compliance and Information Officers, and those with a key role in managing eDiscovery or litigation within an organization.  This Webinar will provide an overview of legal trends in data management, with a specific focus on social media, cloud computing, eDiscovery, litigation holds, and data breach preparedness and response.  We will discuss ways in which companies can better manage their data through proactive data-management strategies.

To register for this webinar, please click here.  (Login information and presentation materials will be sent to registrants prior to the webinar.)

Click to learn more about Grant Thornton’s Forensics, Investigations and Litigation practice.   Click to learn more about Vedder Price’s Records Management, eDiscovery and Data Privacy practice.

Posted in Announcement, Computer Forensics, Data Governance, ECM, eDiscovery, Forensic Accounting, Information Security, Investigations, Litigation Hold, Privacy, Records Retention, Social Networking | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a Comment »

Excellent Session with the IT GRC experts at annual ISACA Conference…

Posted by Johnny Lee on October 26, 2011

ISACA_ITGRC-LogoLast week, I had the pleasure of presenting to a lively audience at the world’s leading conference for IT governance, risk and compliance professionals. The event, hosted at the Ritz-Carlton Hotel in Orlando by the good folks at ISACA, brought together a panoply of experts in the auditing, compliance, privacy, and information security space.

I presented on the subject of Data Governance and Electronic Discovery, and how these concepts represent “flip sides of the same coin.” What was particularly rewarding for me was the level of interest and participation during our interactive case study. Thanks to all who attended and participated last week…I enjoyed myself immensely, and I hope that you found it a rewarding discussion.

Posted in Computer Forensics, Data Governance, ECM, eDiscovery, Fraud, Information Security, Investigations, Litigation Hold, Privacy, Records Retention, Social Networking | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a Comment »

Panel discussion: “Data Governance & Electronic Discovery – Flip Sides of the Same Coin”

Posted by Johnny Lee on September 22, 2011

SIM AtlantaForensicUpdate editor, Johnny Lee, is moderating a panel entitled “Data Governance and Electronic Discovery – Flip Sides of the Same Coin.”  The luncheon event, hosted by the Atlanta chapter of the Society for Information Management will be held tomorrow, September 23rd at The Georgian Club.

Joining me on the dais will Ed Shubert, 25-year veteran of the F.B.I. and current Director of Corporation Security at McKesson; Marty Smith, former Chief Information Officer at ChoicePoint; and Michael de Janes, former General Counsel and Chief Data Officer at ChoicePoint.  I’m excited about diving into some complex issues with these gentlemen, and I hope to see some familiar faces in the crowd.  Details on the event can be found here.

Posted in Announcement, Data Governance, ECM, eDiscovery, Information Security, Investigations, Litigation Hold, Privacy, Records Retention, Social Networking | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a Comment »

Forensic Update editor presenting at North American ISACA conference…

Posted by Johnny Lee on May 17, 2011

The world’s leading conference for IT audit, control, security and governance professionals holds its 2011 annual conference in Las Vegas. ForensicUpdate editor, Johnny Lee, will present on the topic of “Data Governance and eDiscovery: Good Faith, Bad Actors, and Questionable Data.”  Click here for more details.

Posted in Announcement, Computer Forensics, Data Governance, ECM, eDiscovery, Information Security, Investigations, Litigation Hold, Privacy, Records Retention, Social Networking | Tagged: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , | Leave a Comment »

 
%d bloggers like this: