As headlines continue to report data security breaches at an alarming rate, discussion often focuses on the need for enhanced technical controls, such as two-factor authentication and encryption, to protect sensitive, personally identifiable information. The role of the company employee, both as the cause of, and the first line of defense against, security breaches is often lost in the analysis. Yet developing law is increasingly requiring administrative or procedural controls, particularly those directed at employees, as a component of a legally compliant security program.
Employees can be the source of major threats to a company's data security. They need not be bad actors in order to compromise their company's data security. Often it is the innocent actions of employees (e.g., losing a laptop with key data unprotected or succumbing to a third party's social engineering techniques) that leave a company facing a breach situation. At the same time, employees are key to a company's successful compliance with various legal and administrative requirements involving data security.
A recent survey of the IT departments in 461 U.S. organizations conducted by the Ponemon Institute reported that the average annual cost of managing insider threats to data security is $3.4 million per organization. Further, more than 78 percent of respondents reported one or more unreported insider-related security breaches within their company. Latest Ponemon Institute Study Ties Lack of Awareness in Corner Office to Insider Threat Challenges, available at www.arcsight.com/solutions_insider_threat.htm, Sept. 12, 2006.
Raising the stakes further, a growing number of legal and industry guidelines governing data security are in place across multiple industry sectors, requiring companies to implement data security controls directed at their employees. Failing to satisfy such obligations can leave a company vulnerable to lawsuits filed by third parties as well as enforcement actions by federal and state government agencies.
However, employees need not be viewed as an expensive companion threat to outsiders. Instead, if companies properly focus on key employee-related security controls and implement those controls in a reasoned and responsive manner, employees can be powerful assets to data security. Employees can assist companies with compliance requirements and, at the same time, help serve as an important line of defense from insider and outsider threats.
To view the entire article, click here
---------------------------------------------------
Source: Law.com
By: Ryan Sulkin
Saturday, December 30, 2006
A paperless society? Not so fast
Use has steadily risen despite predictions
In the heady early days of the computer era, futurists imagined the coming of the paperless society. So far, ordinary people have proven them wrong.
Paper use in the United States has steadily risen, with office workers hitting the print command to produce reams of e-mails, reports and other documents. Many of those documents end up in desk drawers or file cabinets, often forgotten even by the people who printed them.
But the pattern could finally be changing. InfoTrends Inc., a Massachusetts-based consulting firm for the digital imaging industry, has forecast that 2007 will be turn out to be the high point for per-capita use of "cut-size sheets" of paper in the United States. In 2008, the organization predicts, each man, woman and child will use 4,847 sheets of the office paper, down from 4,883 sheets next year.
"No one is going to totally eliminate the use of paper, but more and more companies are realizing the benefits" of converting an increasing amount of paper into digital files, said Daryl Amy, president of Convergence Consulting, an Arkansas company that specializes in information management.
"This is happening more and more."
Paperless office systems — with records stored on computers instead of in file cabinets — were until recently used primarily by large corporations and government agencies rather than small- and medium-sized businesses. Now, analysts say, falling computer storage costs and better electronic indexing systems are bringing paperless technologies to smaller companies.
To view the entire article, click here
---------------------------------------------------
Source: spokesmanreview.com
In the heady early days of the computer era, futurists imagined the coming of the paperless society. So far, ordinary people have proven them wrong.
Paper use in the United States has steadily risen, with office workers hitting the print command to produce reams of e-mails, reports and other documents. Many of those documents end up in desk drawers or file cabinets, often forgotten even by the people who printed them.
But the pattern could finally be changing. InfoTrends Inc., a Massachusetts-based consulting firm for the digital imaging industry, has forecast that 2007 will be turn out to be the high point for per-capita use of "cut-size sheets" of paper in the United States. In 2008, the organization predicts, each man, woman and child will use 4,847 sheets of the office paper, down from 4,883 sheets next year.
"No one is going to totally eliminate the use of paper, but more and more companies are realizing the benefits" of converting an increasing amount of paper into digital files, said Daryl Amy, president of Convergence Consulting, an Arkansas company that specializes in information management.
"This is happening more and more."
Paperless office systems — with records stored on computers instead of in file cabinets — were until recently used primarily by large corporations and government agencies rather than small- and medium-sized businesses. Now, analysts say, falling computer storage costs and better electronic indexing systems are bringing paperless technologies to smaller companies.
To view the entire article, click here
---------------------------------------------------
Source: spokesmanreview.com
Friday, December 29, 2006
Court Orders Parties To Develop Sampling Protocol For Claims Information
Zurich Am. Ins. Co. v. Ace Am. Reinsurance Co., 2006 WL 3771090 (S.D.N.Y. Dec. 22, 2006)
In this reinsurance case, plaintiff sought an order compelling defendant to produce certain claim information. Defendant opposed the motion partly on the basis of undue burden. It explained that, although it processed thousands of claims, its computer system was incapable of segregating claims by the amount of the claim, the type of claim, the identity of the cedent, or the reason the claim may have been denied. The court criticized the argument, stating: “A sophisticated reinsurer that operates a multimillion dollar business is entitled to little sympathy for utilizing an opaque data storage system, particularly when, by the nature of its business, it can reasonably anticipate frequent litigation.” At the same time, the court acknowledged that a search of defendant’s entire database was infeasible in light of the tremendous volume of material accumulated. Accordingly, the court ordered the parties to propose a sampling protocol to obtain examples of claims files in which issues similar to those presented in the case were addressed. In order to facilitate that process, the court further ordered that counsel could take the depositions of persons familiar with defendant’s data storage system. Finally, the court ordered that, to the extent that defendant objected to any sampling proposal advanced by Zurich, it would be required to support its objections with specific evidence of the cost and burden involved.
A copy of the order is available here
---------------------------------------------------
Source: ediscoverylaw
In this reinsurance case, plaintiff sought an order compelling defendant to produce certain claim information. Defendant opposed the motion partly on the basis of undue burden. It explained that, although it processed thousands of claims, its computer system was incapable of segregating claims by the amount of the claim, the type of claim, the identity of the cedent, or the reason the claim may have been denied. The court criticized the argument, stating: “A sophisticated reinsurer that operates a multimillion dollar business is entitled to little sympathy for utilizing an opaque data storage system, particularly when, by the nature of its business, it can reasonably anticipate frequent litigation.” At the same time, the court acknowledged that a search of defendant’s entire database was infeasible in light of the tremendous volume of material accumulated. Accordingly, the court ordered the parties to propose a sampling protocol to obtain examples of claims files in which issues similar to those presented in the case were addressed. In order to facilitate that process, the court further ordered that counsel could take the depositions of persons familiar with defendant’s data storage system. Finally, the court ordered that, to the extent that defendant objected to any sampling proposal advanced by Zurich, it would be required to support its objections with specific evidence of the cost and burden involved.
A copy of the order is available here
---------------------------------------------------
Source: ediscoverylaw
Avoiding the Perils of Electronic Data
If your company doesn’t have a process to effectively manage electronic data, it could be at risk.
Each time your employees edit a Word document or create an Excel spreadsheet, they unknowingly leave behind vital hidden electronic data. These data can include, for example, text that a manager added or deleted to a performance review, formulas employees used for making spreadsheet calculations, and information regarding which individuals accessed a file, when they accessed it and how they changed it.
These records can be so important in legal proceedings that courts increasingly are requiring employers to maintain and track such hidden data, which do not exist in paper records.
Federal court rulings in employment discrimination suits—all within the past two years—illustrate what can befall organizations that don’t properly manage electronic data. In one case, a judge chastised an employer for not having kept everything on a former employee’s computer hard drive. In another, a judge ruled that an employer had to provide plaintiffs with the hidden data in electronic documents. In a third case, a judge ruled that an employer should have reasonably assumed it was going to be sued and should have retained e-mails it destroyed.
For HR, the unique challenges posed by maintaining and tracking such hidden electronic data require working with IT staff, legal counsel and business units to formulate an effective electronic data retention policy.
The need for such policies has never been greater. While electronic discovery has been a fact of life for more than a decade, the proliferation of computers, networks, cell phones, digital voice recorders, digital cameras, personal digital assistants, flash drives and every other manner of digital storage system has accelerated its complexities.
What’s more, lawyers have never been savvier about using electronic discovery, and computer forensic experts are more skillful at digging out damning details, including data users thought had been deleted or didn’t know existed. And there have never been more electronic documents to mine.
These trends are creating an important role for HR in reducing the risks associated with the mismanagement of e-mail, blogs, word processing files, spreadsheets, graphics presentations, voice mails and other digital files. In so doing, HR can help reduce the risk of stiff sanctions, costly settlements and public embarrassment for businesses.
To view the entire article, click here
---------------------------------------------------
Source: SHRMOnline
By: Bill Roberts
Each time your employees edit a Word document or create an Excel spreadsheet, they unknowingly leave behind vital hidden electronic data. These data can include, for example, text that a manager added or deleted to a performance review, formulas employees used for making spreadsheet calculations, and information regarding which individuals accessed a file, when they accessed it and how they changed it.
These records can be so important in legal proceedings that courts increasingly are requiring employers to maintain and track such hidden data, which do not exist in paper records.
Federal court rulings in employment discrimination suits—all within the past two years—illustrate what can befall organizations that don’t properly manage electronic data. In one case, a judge chastised an employer for not having kept everything on a former employee’s computer hard drive. In another, a judge ruled that an employer had to provide plaintiffs with the hidden data in electronic documents. In a third case, a judge ruled that an employer should have reasonably assumed it was going to be sued and should have retained e-mails it destroyed.
For HR, the unique challenges posed by maintaining and tracking such hidden electronic data require working with IT staff, legal counsel and business units to formulate an effective electronic data retention policy.
The need for such policies has never been greater. While electronic discovery has been a fact of life for more than a decade, the proliferation of computers, networks, cell phones, digital voice recorders, digital cameras, personal digital assistants, flash drives and every other manner of digital storage system has accelerated its complexities.
What’s more, lawyers have never been savvier about using electronic discovery, and computer forensic experts are more skillful at digging out damning details, including data users thought had been deleted or didn’t know existed. And there have never been more electronic documents to mine.
These trends are creating an important role for HR in reducing the risks associated with the mismanagement of e-mail, blogs, word processing files, spreadsheets, graphics presentations, voice mails and other digital files. In so doing, HR can help reduce the risk of stiff sanctions, costly settlements and public embarrassment for businesses.
To view the entire article, click here
---------------------------------------------------
Source: SHRMOnline
By: Bill Roberts
Instant Messaging, Instant Headaches
New Ways To Keep IM Systems Secure
As scandals go, it was one for the record books. When former Congressman Mark Foley was caught sending lewd instant messages to underage pages, the fallout not only scotched his career, but changed the course of the midterm elections.
It also gave IT experts something to think about. IM, once the sole province of teens and tweens, has long been used in the enterprise by workers who glom on to its convenience for chatting and file transfers. But just like email, it has its own set of threats, some of which make even the rampant problems of email seem like cakewalks.
According to Don Montgomery of IM security firm Akonix (www.akonix.com), Trojans and worms can spread with astonishing speed through IM systems simply by sending themselves to everyone in a user’s buddy list. “It spreads by orders of magnitude faster than email,” he says, noting that even the average IM user can have 30 buddies. The end result is “six degrees of separation” with malware that can “pretty much get to the entire world.”
Calling All Criminals
Perhaps that’s why 2006 saw an uptick in IM security. Montgomery says that traffic on the Akonix Web site has soared, along with calls to the company’s sales line, as a growing number of SMEs move instant messaging off their radars and onto their agendas.
Mark Levitt, program vice president for collaborative computing and the enterprise workplace at IDC, says that companies have slowly grown to realize the need to police IM systems. “IM is like email; it’s like voicemail; it’s like other business communication tools that need to be supported, controlled, and managed,” says Levitt. “This has led to more enterprise IM systems in the past.”
But unlike the past, IM hacking has gone from annoying to downright criminal, with attacks that attempt to steal data and money, often by tracking usernames and passwords with keylogging programs that come alive when users visit a banking Web site.
To view the entire article, click here
---------------------------------------------------
Source: processor.com
By: David Garret
As scandals go, it was one for the record books. When former Congressman Mark Foley was caught sending lewd instant messages to underage pages, the fallout not only scotched his career, but changed the course of the midterm elections.
It also gave IT experts something to think about. IM, once the sole province of teens and tweens, has long been used in the enterprise by workers who glom on to its convenience for chatting and file transfers. But just like email, it has its own set of threats, some of which make even the rampant problems of email seem like cakewalks.
According to Don Montgomery of IM security firm Akonix (www.akonix.com), Trojans and worms can spread with astonishing speed through IM systems simply by sending themselves to everyone in a user’s buddy list. “It spreads by orders of magnitude faster than email,” he says, noting that even the average IM user can have 30 buddies. The end result is “six degrees of separation” with malware that can “pretty much get to the entire world.”
Calling All Criminals
Perhaps that’s why 2006 saw an uptick in IM security. Montgomery says that traffic on the Akonix Web site has soared, along with calls to the company’s sales line, as a growing number of SMEs move instant messaging off their radars and onto their agendas.
Mark Levitt, program vice president for collaborative computing and the enterprise workplace at IDC, says that companies have slowly grown to realize the need to police IM systems. “IM is like email; it’s like voicemail; it’s like other business communication tools that need to be supported, controlled, and managed,” says Levitt. “This has led to more enterprise IM systems in the past.”
But unlike the past, IM hacking has gone from annoying to downright criminal, with attacks that attempt to steal data and money, often by tracking usernames and passwords with keylogging programs that come alive when users visit a banking Web site.
To view the entire article, click here
---------------------------------------------------
Source: processor.com
By: David Garret
Wednesday, December 27, 2006
State's trial courts to offer guidelines on e-discovery
SJC's Marshall leading national effort on topic
With electronic discovery now a fact of life in the federal courts following rule changes that took effect earlier this month, the state courts will not be far behind in providing guidelines on discovery of electronically stored information.
The guidelines are the product of the national Conference of Chief Justices, which established an e-discovery task force in 2004 and named Supreme Judicial Court Chief Justice Margaret H. Marshall as its chairwoman.
In August of this year, the conference approved the guidelines, which are intended to provide the nation's state court trial judges with guidance on addressing e-discovery issues that are surfacing with increasing frequency in their courts.
According to Marshall, trial court chief justices in Massachusetts have received and "welcomed" copies of the guidelines.
"The conference was aware that proposed rule changes were being considered by the federal courts, [but] when we began this initiative, we weren't sure when the federal courts were going to issue a rule," Marshall told Lawyers Weekly.
"The conference decided that what would be most helpful would be to issue guidelines [on e-discovery] so that state courts could have the benefit of collective wisdom until each addresses the subject of rule changes."
Marshall pointed out that there are some 10,000 state court trial judges in the country, all of whom are subject to different rules and statutes.
The 14-page package of guidelines covers several areas of electronic-document discovery, including agreements by counsel and pre-conference orders; the scope of e-discovery; the form of production; re-allocation of discovery costs; inadvertent disclosure of privileged information; and sanctions. The full text of the guidelines is available under the Important Documents section of our website.
To view the entire article, click here
---------------------------------------------------
Source: Law.com
By: Barbara Rabinovitz
With electronic discovery now a fact of life in the federal courts following rule changes that took effect earlier this month, the state courts will not be far behind in providing guidelines on discovery of electronically stored information.
The guidelines are the product of the national Conference of Chief Justices, which established an e-discovery task force in 2004 and named Supreme Judicial Court Chief Justice Margaret H. Marshall as its chairwoman.
In August of this year, the conference approved the guidelines, which are intended to provide the nation's state court trial judges with guidance on addressing e-discovery issues that are surfacing with increasing frequency in their courts.
According to Marshall, trial court chief justices in Massachusetts have received and "welcomed" copies of the guidelines.
"The conference was aware that proposed rule changes were being considered by the federal courts, [but] when we began this initiative, we weren't sure when the federal courts were going to issue a rule," Marshall told Lawyers Weekly.
"The conference decided that what would be most helpful would be to issue guidelines [on e-discovery] so that state courts could have the benefit of collective wisdom until each addresses the subject of rule changes."
Marshall pointed out that there are some 10,000 state court trial judges in the country, all of whom are subject to different rules and statutes.
The 14-page package of guidelines covers several areas of electronic-document discovery, including agreements by counsel and pre-conference orders; the scope of e-discovery; the form of production; re-allocation of discovery costs; inadvertent disclosure of privileged information; and sanctions. The full text of the guidelines is available under the Important Documents section of our website.
To view the entire article, click here
---------------------------------------------------
Source: Law.com
By: Barbara Rabinovitz
Hitting the High Points of the New EDD Rules
The last time the Federal Rules of Civil Procedure were amended to deal with electronic evidence, eight-track tapes were the hot technology, the Internet and cell phones were the stuff of science fiction and computers were room-sized behemoths owned by corporations, universities and governments. Times have changed, and the rules have again changed with the times.
For the last six years, some of the best minds of the bench and bar worked to amend the rules to address the enormous challenge posed by discovery of electronic evidence. These amendments took effect on Dec. 1, 2006, and, even if you don't regularly appear in federal court, the new rules merit your attention because they're sure to rapidly impact state court practice, too.
Here's a synopsis of the principal amendments, along with some observations about their operation and impact.
INTRODUCING ESI
There's a new species of evidence in town. It's called ESI, for electronically stored information, and it encompasses any potentially relevant data that's stored on computers, disks, tape, gadgets and the Internet.
The amendments don't so much create new rights as compel lawyers and litigants to deal with the central role computers and the Internet play in business and our lives. ESI comprises a startling 95 percent of all information created nowadays, yet legions of lawyers have been remiss in marshalling this rich evidentiary resource, preferring instead to focus on familiar paper documents. The Federal Rules of Civil Procedure make clear that discovery of ESI stands on equal footing with discovery of paper documents and require that any request for production of documents be understood to include a request for ESI. Although the committee members who drafted the ESI amendments could have stretched the definition of "document" to include ESI, they wisely recognized that more was needed. After all, so much of the electronic information that impacts our lives -- databases, Web content, voice messaging, even spreadsheets -- bears little resemblance to conventional documents. Instead, ESI is defined broadly to encompass the forms computer-based information takes today and adapt to whatever tomorrow brings.
To view the entire article, click here
---------------------------------------------------
Source: Law.com
By: Craig Ball
For the last six years, some of the best minds of the bench and bar worked to amend the rules to address the enormous challenge posed by discovery of electronic evidence. These amendments took effect on Dec. 1, 2006, and, even if you don't regularly appear in federal court, the new rules merit your attention because they're sure to rapidly impact state court practice, too.
Here's a synopsis of the principal amendments, along with some observations about their operation and impact.
INTRODUCING ESI
There's a new species of evidence in town. It's called ESI, for electronically stored information, and it encompasses any potentially relevant data that's stored on computers, disks, tape, gadgets and the Internet.
The amendments don't so much create new rights as compel lawyers and litigants to deal with the central role computers and the Internet play in business and our lives. ESI comprises a startling 95 percent of all information created nowadays, yet legions of lawyers have been remiss in marshalling this rich evidentiary resource, preferring instead to focus on familiar paper documents. The Federal Rules of Civil Procedure make clear that discovery of ESI stands on equal footing with discovery of paper documents and require that any request for production of documents be understood to include a request for ESI. Although the committee members who drafted the ESI amendments could have stretched the definition of "document" to include ESI, they wisely recognized that more was needed. After all, so much of the electronic information that impacts our lives -- databases, Web content, voice messaging, even spreadsheets -- bears little resemblance to conventional documents. Instead, ESI is defined broadly to encompass the forms computer-based information takes today and adapt to whatever tomorrow brings.
To view the entire article, click here
---------------------------------------------------
Source: Law.com
By: Craig Ball
Tuesday, December 26, 2006
Better Products for SMBs, Deduplication Lead Storage Trends
The numbers from IDC, Gartner/Dataquest, Enterprise Strategy Group and other researchers have confirmed it every quarter for the last three-and-a-half years: The $30 billion data storage hardware, software and services markets keep growing in double-digit fashion, with no level-off in sight.
Efficient data storage is, of course, vital to the success—dare we say, survival—of enterprise business as we know it. New court e-discovery rules and commercial regulations are key drivers in forcing enterprises to re-examine their storage and data accessibility capacities, or else incur substantial risk in the case of litigation.
Looking ahead to 2007, analysts tell eWEEK the following trends are apparent:
Enterprise features are trickling down to SMB availability. Functionality such as centralized data center automation and virtualization that weren't available at price points affordable enough for small and midsize businesses a year ago are trickling down in the form of smaller packages for the midmarket. IBM, Hewlett-Packard, EMC, Network Appliance, Sun Microsystems, Quantum, CA and others are in the middle of this trend.
"Just about all the major manufacturers are going after the SMB market by pricing these new storage subsystems very aggressively, and adding more functionality into smaller packages that mid-tier businesses can better afford," said Dianne McAdam of The Clipper Group in Wellesley, Mass.
Deduplication and single-instance storage. Sparked by EMC's October acquisition of market leader Avamar, other companies are now looking into buying this functionality. Deduplication eliminates redundant data—down to sections of individual files—throughout a storage network and enables the system to run faster and more cost-effectively.
To view the entire article, click here
---------------------------------------------------
Source: eWeek
By: Chris Preimesberger
Efficient data storage is, of course, vital to the success—dare we say, survival—of enterprise business as we know it. New court e-discovery rules and commercial regulations are key drivers in forcing enterprises to re-examine their storage and data accessibility capacities, or else incur substantial risk in the case of litigation.
Looking ahead to 2007, analysts tell eWEEK the following trends are apparent:
Enterprise features are trickling down to SMB availability. Functionality such as centralized data center automation and virtualization that weren't available at price points affordable enough for small and midsize businesses a year ago are trickling down in the form of smaller packages for the midmarket. IBM, Hewlett-Packard, EMC, Network Appliance, Sun Microsystems, Quantum, CA and others are in the middle of this trend.
"Just about all the major manufacturers are going after the SMB market by pricing these new storage subsystems very aggressively, and adding more functionality into smaller packages that mid-tier businesses can better afford," said Dianne McAdam of The Clipper Group in Wellesley, Mass.
Deduplication and single-instance storage. Sparked by EMC's October acquisition of market leader Avamar, other companies are now looking into buying this functionality. Deduplication eliminates redundant data—down to sections of individual files—throughout a storage network and enables the system to run faster and more cost-effectively.
To view the entire article, click here
---------------------------------------------------
Source: eWeek
By: Chris Preimesberger
Saturday, December 23, 2006
Virtualization Rising With Ardent Deal
Citrix Systems Inc.'s deal for Ardence Inc. last week is set to spark more acquisitions of virtualization technology at the network software maker and its rivals.
Citrix, a Fort Lauderdale, Fla., provider of application infrastructure software, said last week it would buy Ardence, a privately held provider of system-enhancing software. Terms of the deal, which is expected to close in the first quarter of 2007, were not disclosed.
Michael Cristinziano, Citrix's corporate vice president of strategic development, said the deal is one of a number of moves Citrix has made over the past three years to extend the reach of application delivery.
"Application delivery is the next area within IT that will be greatly affected by virtualization technology," said Theresa Lanowitz, founder of Voke Media LLC, a technology consultancy in Minden, Nev. "Watch for other vendors to make acquisitions of virtualization technology in the area of the application life cycle."
Virtualization technology helps enterprises increase the efficiency and performance of operating systems, networking equipment, data storage resources and desktops.
Ardence's technology will help Citrix create environments where desktops are run virtually, from a centralized location, letting corporations bypass the usual headaches of managing a traditional desktop, which is vulnerable to viruses and capacity constraints.
"Right now, 78 percent of enterprises have virtualization software in their environments," said George Hamilton, an analyst at Yankee Group Research Inc. For example, companies use virtualization to divvy up single-purpose servers into virtual machines inside host computers, allowing one server to support several operating systems and reducing power and cooling costs.
To view the entire article, click here
---------------------------------------------------
Source: Law.com
By: Kate Gibson
Citrix, a Fort Lauderdale, Fla., provider of application infrastructure software, said last week it would buy Ardence, a privately held provider of system-enhancing software. Terms of the deal, which is expected to close in the first quarter of 2007, were not disclosed.
Michael Cristinziano, Citrix's corporate vice president of strategic development, said the deal is one of a number of moves Citrix has made over the past three years to extend the reach of application delivery.
"Application delivery is the next area within IT that will be greatly affected by virtualization technology," said Theresa Lanowitz, founder of Voke Media LLC, a technology consultancy in Minden, Nev. "Watch for other vendors to make acquisitions of virtualization technology in the area of the application life cycle."
Virtualization technology helps enterprises increase the efficiency and performance of operating systems, networking equipment, data storage resources and desktops.
Ardence's technology will help Citrix create environments where desktops are run virtually, from a centralized location, letting corporations bypass the usual headaches of managing a traditional desktop, which is vulnerable to viruses and capacity constraints.
"Right now, 78 percent of enterprises have virtualization software in their environments," said George Hamilton, an analyst at Yankee Group Research Inc. For example, companies use virtualization to divvy up single-purpose servers into virtual machines inside host computers, allowing one server to support several operating systems and reducing power and cooling costs.
To view the entire article, click here
---------------------------------------------------
Source: Law.com
By: Kate Gibson
Friday, December 22, 2006
The Year in Instant Messaging
As 2006 comes to an end and 2007 looms on the horizon, Instant Messaging Planet takes a look back at the last 12 months and looks ahead to what you can expect in the new year.
Below, we break down the trends in instant messaging into five key areas: XMPP, Interoperability & Federation, Presence & Integration, IM-to-VoIP, and Security, Compliance & Archiving.
Extensible Messaging and Presence Protocol (XMPP)Google was a major contributor to the growing popularity of XMPP. Back in January, Google announced that Google Talk was now an open federation product, allowing chat capabilities with users on other XMPP services. Jive Software became a significant player this year with the release of its XMPP-driven enterprise IM server, Wildfire 3.1. This recent release incorporated transports (Wildfire Release Puts IM Interop Back in the Mix) that enabled communication with anyone on proprietary IM networks, including AOL. So far, as we near the end of 2006 we haven't heard too much from The Jabber Foundation, which doesn't particularly favor the transport solution as it undermines XMPP as a stand-alone protocol.
Rounding out the year in support of the Extensible Messaging and Presence Protocol, IBM announced XMPP support in Lotus Sametime 7.5. In the midst of announcements backing the XMPP protocol, Microsoft rolled out a new "private" beta version of its Office Communications Server this month. While it supports SIP/SIMPLE (Session Initiation Protocol for Instant Messaging and Presence Leveraging Extensions) as its core protocol, Microsoft has said it would consider adding XMPP support if demand for it develops.
Jingle, a set of open XMPP protocol extensions that allow clients to initiate multimedia IM features, such as including voice and video chat, made its debut in 2005, but became more of an emerging trend in 2006.
Throughout the year we've seen development strengthen in the video and voice areas and we're seeing more implementation of Jingle, primarily in the consumer IM market. Again, Google made a huge to-do about supporting Jingle, but what they implemented is actually its own subset of the Jingle specification.
To view the entire article, click here
---------------------------------------------------
Source: InstantMessagingPlanet
By: Vangie Beal
Below, we break down the trends in instant messaging into five key areas: XMPP, Interoperability & Federation, Presence & Integration, IM-to-VoIP, and Security, Compliance & Archiving.
Extensible Messaging and Presence Protocol (XMPP)Google was a major contributor to the growing popularity of XMPP. Back in January, Google announced that Google Talk was now an open federation product, allowing chat capabilities with users on other XMPP services. Jive Software became a significant player this year with the release of its XMPP-driven enterprise IM server, Wildfire 3.1. This recent release incorporated transports (Wildfire Release Puts IM Interop Back in the Mix) that enabled communication with anyone on proprietary IM networks, including AOL. So far, as we near the end of 2006 we haven't heard too much from The Jabber Foundation, which doesn't particularly favor the transport solution as it undermines XMPP as a stand-alone protocol.
Rounding out the year in support of the Extensible Messaging and Presence Protocol, IBM announced XMPP support in Lotus Sametime 7.5. In the midst of announcements backing the XMPP protocol, Microsoft rolled out a new "private" beta version of its Office Communications Server this month. While it supports SIP/SIMPLE (Session Initiation Protocol for Instant Messaging and Presence Leveraging Extensions) as its core protocol, Microsoft has said it would consider adding XMPP support if demand for it develops.
Jingle, a set of open XMPP protocol extensions that allow clients to initiate multimedia IM features, such as including voice and video chat, made its debut in 2005, but became more of an emerging trend in 2006.
Throughout the year we've seen development strengthen in the video and voice areas and we're seeing more implementation of Jingle, primarily in the consumer IM market. Again, Google made a huge to-do about supporting Jingle, but what they implemented is actually its own subset of the Jingle specification.
To view the entire article, click here
---------------------------------------------------
Source: InstantMessagingPlanet
By: Vangie Beal
Thursday, December 21, 2006
Legal Tech Expert E-Mails His Wish List to Santa
Dear Santa,
I've been a good boy this year. I spent all my time helping lawyers and judges with electronic data discovery (EDD) and studying really, really hard about electronically stored information (ESI), data harvest, spoliation, de-duplication, meet-and-confer, search tools, forms of production and computer forensics.
I didn't use the word "solution" in a single column.
Please leave the following presents under my tree:
1. I want a container file format for electronically stored information.
We are gathering all this discoverable data, but corrupting its metadata in the process. Plus, it's so hard to authenticate and track ESI. The container would safely hold the evidence as we harvest, search and produce it. It would include hash verification of all its parts, a place to store both an image of the document and its native content and even a special pocket to hold an overlay of all that helpful stuff we used to stamp onto paper documents, such as Bates numbers and confidentiality warnings.
And Santa -- this is really important -- it needs to be open-sourced, so no one has to pay to use it. And extensible, so we can keep using it for a very long time.
2. I want integrally write-protected external hard drives with removable electronic keys.
Producing ESI on optical disks is nice because they are read-only media and you can't intentionally or inadvertently corrupt their contents.
But nowadays, there's just too much ESI to hand over on optical disks. I want external hard drives designed for EDD such that a producing party can fill them with information, then remove a USB key or snap off a tab to insure that nothing else can be written to or changed on the drive.
If it hashed its contents and burned that hash value to an onboard write-once chip, that would be pretty cool, too.
To view the entire article, click here
---------------------------------------------------
Source: Law.com
By: Craig Ball
I've been a good boy this year. I spent all my time helping lawyers and judges with electronic data discovery (EDD) and studying really, really hard about electronically stored information (ESI), data harvest, spoliation, de-duplication, meet-and-confer, search tools, forms of production and computer forensics.
I didn't use the word "solution" in a single column.
Please leave the following presents under my tree:
1. I want a container file format for electronically stored information.
We are gathering all this discoverable data, but corrupting its metadata in the process. Plus, it's so hard to authenticate and track ESI. The container would safely hold the evidence as we harvest, search and produce it. It would include hash verification of all its parts, a place to store both an image of the document and its native content and even a special pocket to hold an overlay of all that helpful stuff we used to stamp onto paper documents, such as Bates numbers and confidentiality warnings.
And Santa -- this is really important -- it needs to be open-sourced, so no one has to pay to use it. And extensible, so we can keep using it for a very long time.
2. I want integrally write-protected external hard drives with removable electronic keys.
Producing ESI on optical disks is nice because they are read-only media and you can't intentionally or inadvertently corrupt their contents.
But nowadays, there's just too much ESI to hand over on optical disks. I want external hard drives designed for EDD such that a producing party can fill them with information, then remove a USB key or snap off a tab to insure that nothing else can be written to or changed on the drive.
If it hashed its contents and burned that hash value to an onboard write-once chip, that would be pretty cool, too.
To view the entire article, click here
---------------------------------------------------
Source: Law.com
By: Craig Ball
How to Untangle 'Strings' of E-Discovery
Attorneys nationwide are preparing to practice under the new electronic discovery amendments to the Federal Rules of Civil Procedure, which became effective on Dec. 1. The amended rules require parties in civil litigation to confer about e-discovery issues at the earliest time practicable. See Amended Fed. R. Civ. P. 26(f). One of the matters that parties should be prepared to address during this initial discussion is the assertion of privilege claims as to e-mails that are part of larger "strings" comprising both privileged and nonprivileged e-mails. Focusing on this issue before discovery begins may enable attorneys to decrease the costs of discovery and reduce the risk of court-ordered sanctions.
Increasing reliance on e-mail is a fact of life in today's business and legal environments. Yet every innovation in technology that improves our ability to communicate carries corresponding burdens for lawyers and their clients. The falling costs of storing vast amounts of data, coupled with the fear of being accused of destroying material that companies may be obligated to retain, have led to the retention of increasing amounts of data for longer periods of time. Among the problems this creates for litigators is the increased burden of reviewing vast quantities of e-mails, and identifying and asserting claims of attorney-client privilege and work-product protection over electronic documents.
E-mail strings can be key evidence over and above the individual e-mails included in them, particularly in cases that turn on the question of who knew what, and when. For this reason, attorneys naturally consider a string of e-mails to be a single document. Yet an opponent may argue that the occurrence of one or more privileged e-mails in a string does not necessarily bring nonprivileged e-mails that are also in the string within the protection of the privilege. The assertion of privilege claims over e-mail strings raises several questions:
May e-mail strings mixing privileged and nonprivileged information be noted in a privilege log as a single entry?
What consequences might there be for improperly logging e-mail strings?
Do the amended rules of civil procedure relating to electronically stored information offer any opportunities to reduce the burden associated with e-mail review and privilege logs?
To view the entire article, click here
---------------------------------------------------
Source: Law.com
By: Jennifer M. Moore and Gregory S. Kaufman
Increasing reliance on e-mail is a fact of life in today's business and legal environments. Yet every innovation in technology that improves our ability to communicate carries corresponding burdens for lawyers and their clients. The falling costs of storing vast amounts of data, coupled with the fear of being accused of destroying material that companies may be obligated to retain, have led to the retention of increasing amounts of data for longer periods of time. Among the problems this creates for litigators is the increased burden of reviewing vast quantities of e-mails, and identifying and asserting claims of attorney-client privilege and work-product protection over electronic documents.
E-mail strings can be key evidence over and above the individual e-mails included in them, particularly in cases that turn on the question of who knew what, and when. For this reason, attorneys naturally consider a string of e-mails to be a single document. Yet an opponent may argue that the occurrence of one or more privileged e-mails in a string does not necessarily bring nonprivileged e-mails that are also in the string within the protection of the privilege. The assertion of privilege claims over e-mail strings raises several questions:
May e-mail strings mixing privileged and nonprivileged information be noted in a privilege log as a single entry?
What consequences might there be for improperly logging e-mail strings?
Do the amended rules of civil procedure relating to electronically stored information offer any opportunities to reduce the burden associated with e-mail review and privilege logs?
To view the entire article, click here
---------------------------------------------------
Source: Law.com
By: Jennifer M. Moore and Gregory S. Kaufman
MX Logic introduces Message Archiving service
Dec 21 -- MX Logic Inc. has introduced its MX Logic Message Archiving service, its email archiving and surveillance solution. The new service is designed to help small and medium businesses (SMBs) comply with government regulations, including recent amendments to the Federal Rules of Civil Procedure (FRCP), MX Logic said last week.
Compliance with increasing government regulations has become a priority for many companies, due to the FRCP amendments and recent coverage surrounding email storage and retrieval, according to MX Logic, a managed services provider of easy-to-use email and Web defense solutions for SMBs. The company is excited to introduce a market evaluation of a new message archiving and surveillance solution, which will help its SMB customers stay in compliance and address regulatory and legal requirements, MX Logic said.
A number of federal regulations covering the security of electronic communications, including the Sarbanes-Oxley Act, SEC 17a-4 and Health Insurance Portability and Accountability Act (HIPAA), mandate the secure storage of business records, including all email messages, according to MX Logic of Englewood, Colorado. Court requests for e-discovery and the FRCP regulations will also put businesses, that cannot produce email records, potentially at risk of major financial penalties, the company added.
To view the entire release, click here
---------------------------------------------------
Source: wwpi.com
Compliance with increasing government regulations has become a priority for many companies, due to the FRCP amendments and recent coverage surrounding email storage and retrieval, according to MX Logic, a managed services provider of easy-to-use email and Web defense solutions for SMBs. The company is excited to introduce a market evaluation of a new message archiving and surveillance solution, which will help its SMB customers stay in compliance and address regulatory and legal requirements, MX Logic said.
A number of federal regulations covering the security of electronic communications, including the Sarbanes-Oxley Act, SEC 17a-4 and Health Insurance Portability and Accountability Act (HIPAA), mandate the secure storage of business records, including all email messages, according to MX Logic of Englewood, Colorado. Court requests for e-discovery and the FRCP regulations will also put businesses, that cannot produce email records, potentially at risk of major financial penalties, the company added.
To view the entire release, click here
---------------------------------------------------
Source: wwpi.com
Wednesday, December 20, 2006
eDiscovery for Structured Data
Electronic discovery, also known as eDiscovery, by definition is the process in which electronically stored information is reviewed, processed and presented for the purposes of litigation or regulatory requests. Electronic information can be stored in databases as structured content, in emails or instant messages as semi-structured content, and in documents or files as unstructured content.
Depending on the type of litigation, eDiscovery may involve some or all types of content. The eDiscovery solutions available in the market focus predominantly on files, documents and eMail. While eDiscovery for databases is equally important, few vendors in the market support structured data as part of an overall comprehensive eDiscovery platform. The challenge posed to IT organizations is how to architect a solution in the data center that will meet all the legal requirements, support all data types, while keeping costs in check.
In order to comply with their discovery responsibilities, legal departments are working closely with IT organizations and technology vendors to find and implement a solution that meets these requirements.
An ideal solution has many characteristics: it preserves and destroys data based on policies; the preservation and destruction process is tamper-proof and complete; the desired information is presented quickly, accurately and efficiently; and all at a justifiable cost. In addition, the solution has to accommodate all data types across disparate sources and systems. The reality is that no one unified system exists in the market that addresses all of these requirements, at least none as of yet.
In order to achieve nirvana with eDiscovery, the required solution combines best practices in archive technology (classification, data migration and data preservation/destruction), search technology (index, discovery, and filtering) and case management (process control and workflow) that works across all data types.
To view the entire article, click here
---------------------------------------------------
Source: wwpi.com
By: Julie Lockner
Depending on the type of litigation, eDiscovery may involve some or all types of content. The eDiscovery solutions available in the market focus predominantly on files, documents and eMail. While eDiscovery for databases is equally important, few vendors in the market support structured data as part of an overall comprehensive eDiscovery platform. The challenge posed to IT organizations is how to architect a solution in the data center that will meet all the legal requirements, support all data types, while keeping costs in check.
In order to comply with their discovery responsibilities, legal departments are working closely with IT organizations and technology vendors to find and implement a solution that meets these requirements.
An ideal solution has many characteristics: it preserves and destroys data based on policies; the preservation and destruction process is tamper-proof and complete; the desired information is presented quickly, accurately and efficiently; and all at a justifiable cost. In addition, the solution has to accommodate all data types across disparate sources and systems. The reality is that no one unified system exists in the market that addresses all of these requirements, at least none as of yet.
In order to achieve nirvana with eDiscovery, the required solution combines best practices in archive technology (classification, data migration and data preservation/destruction), search technology (index, discovery, and filtering) and case management (process control and workflow) that works across all data types.
To view the entire article, click here
---------------------------------------------------
Source: wwpi.com
By: Julie Lockner
Five IT Blind Spots That Shut Lawyers Out
In a world where even the most senior of partners can now be found typing away on a laptop, an observer could mistakenly believe that personal computing is as straightforward as using the average toaster. Unfortunately for attorneys, computer software is mostly designed or implemented by computer people for computer people and not for legal professionals.
What exacerbates the problem: IT's steadfast adherence to flawed beliefs we'll call "The Five Grand Assumptions." In order to transform your technology department from good to great, eliminate these five blind spots and open up the door to a better relationship with your users.
ASSUMPTION #1: IT KNOWS BEST (ABOUT EVERYTHING)
How many times have you considered installing a new product in your firm without soliciting input from a representative cross-section of users?
Early buy-in from the very people who will have to use the product ensures you'll have advocates when it comes time to "selling" it to everyone else.
A different twist: Because a product seems easy to use for a technologist, it must follow that it's simple for any nontechnical person to grasp. Interview any frustrated lawyer and you'll hear that IT doesn't even try to know how attorneys work, which is why they end up with products that are of little use.
ASSUMPTION #2: THE BUSINESS EXISTS TO SUPPORT IT
Many IT departments live for the hottest products on the market. Acquiring technology just for technology's sake isn't just a potential waste of time; it can be a sure sign to partners that their hard-earned dollars are being frittered away.
Another example: the citation of phantom policies by IT for their convenience, often spun from thin air. When pressed, it's discovered that these directives are merely fabrication, leading to the loss of much-needed credibility and questioning IT's purpose in the firm.
To view the entire article, click here
---------------------------------------------------
Source: LAW.com
By: Tom Ranalli
What exacerbates the problem: IT's steadfast adherence to flawed beliefs we'll call "The Five Grand Assumptions." In order to transform your technology department from good to great, eliminate these five blind spots and open up the door to a better relationship with your users.
ASSUMPTION #1: IT KNOWS BEST (ABOUT EVERYTHING)
How many times have you considered installing a new product in your firm without soliciting input from a representative cross-section of users?
Early buy-in from the very people who will have to use the product ensures you'll have advocates when it comes time to "selling" it to everyone else.
A different twist: Because a product seems easy to use for a technologist, it must follow that it's simple for any nontechnical person to grasp. Interview any frustrated lawyer and you'll hear that IT doesn't even try to know how attorneys work, which is why they end up with products that are of little use.
ASSUMPTION #2: THE BUSINESS EXISTS TO SUPPORT IT
Many IT departments live for the hottest products on the market. Acquiring technology just for technology's sake isn't just a potential waste of time; it can be a sure sign to partners that their hard-earned dollars are being frittered away.
Another example: the citation of phantom policies by IT for their convenience, often spun from thin air. When pressed, it's discovered that these directives are merely fabrication, leading to the loss of much-needed credibility and questioning IT's purpose in the firm.
To view the entire article, click here
---------------------------------------------------
Source: LAW.com
By: Tom Ranalli
NASD Charges Morgan Stanley DW With Repeatedly Failing to Provide Emails to Arbitration Claimants and Regulators
Firm Also Charged With Falsely Claiming That Millions of Emails in its Possession had Been Lost in 9-11 Terrorist Attacks
WASHINGTON, Dec. 19 /PRNewswire/ -- NASD announced today that it has charged Morgan Stanley DW, Inc. with routinely failing to provide emails to claimants in arbitration proceedings as well as to regulators -- and with falsely claiming that millions of emails it possessed had been lost in the Sept. 11, 2001 terrorist attacks on the World Trade Center in New York, where its email servers were housed.
In its complaint, NASD alleges that Morgan Stanley failed to provide pre- September 11 emails to arbitration claimants and regulators in numerous proceedings from October 2001 through March 2005. NASD also charged that Morgan Stanley falsely claimed in many of those proceedings that such email had been destroyed. In fact, according to the complaint, Morgan Stanley possessed millions of pre-September 11 emails that had been restored to its system shortly after September 11 using back-up tapes. Many other emails were maintained on individual users' computers and were therefore never affected by the attacks, yet Morgan Stanley often failed to search those computers when responding to requests.
NASD also charged that Morgan Stanley later destroyed many of the emails it did possess, in two ways -- by overwriting backup tapes that had been used to restore the emails to the firm's system and by allowing users of the firm's email system to permanently delete the emails over an extended period of time. As a result, the complaint alleges that between September 2001 and March 2005, millions of the emails were destroyed.
"It is essential that firms comply with discovery obligations in arbitration proceedings and respond fully and truthfully to regulatory requests," said James S. Shorris, NASD Executive Vice President and Head of Enforcement. "In this case, we charge that Morgan Stanley's conduct fell far below those standards, with the firm repeatedly making false statements about the existence of important evidence, and failing to provide that evidence in numerous proceedings. The firm's actions undermined the integrity of the regulatory and arbitration processes potentially leaving in question the validity of the outcomes in hundreds of cases."
NASD's complaint charges Morgan Stanley with violating NASD rules by failing to produce email in its possession in numerous customer arbitration proceedings over the three-and-a-half year period, and by making misrepresentations that it did not have such email in numerous proceedings. The complaint also charges Morgan Stanley with violating NASD rules by failing to produce the email to a number of regulators, including NASD, and by falsely representing that the email had been destroyed. For instance, NASD charged that in an NASD investigation into the firm's fee-based brokerage practices, Morgan Stanley falsely claimed that it did not have pre-October 2001 email and failed to produce over 12,000 emails and attachments in response to an NASD request. By the time the firm conducted the search that led to the production of these emails, the firm had already deleted millions of other emails from its servers and the regulatory matter at issue had been settled (see the August 2005 NASD news release NASD Orders Morgan Stanley to Pay Over $6.1 Million for Fee-Based Account Violations; Firm's Customers to Receive $4.6 Million in Restitution).
NASD also charged that Morgan Stanley violated recordkeeping rules by destroying many of the emails it did possess, failed to implement procedures providing for the retention of email, and failed to adopt adequate procedures governing searches for email in response to requests by regulators and in arbitration proceedings.
To view the entire article, click here
---------------------------------------------------
Source: PRNEWSWIRE
WASHINGTON, Dec. 19 /PRNewswire/ -- NASD announced today that it has charged Morgan Stanley DW, Inc. with routinely failing to provide emails to claimants in arbitration proceedings as well as to regulators -- and with falsely claiming that millions of emails it possessed had been lost in the Sept. 11, 2001 terrorist attacks on the World Trade Center in New York, where its email servers were housed.
In its complaint, NASD alleges that Morgan Stanley failed to provide pre- September 11 emails to arbitration claimants and regulators in numerous proceedings from October 2001 through March 2005. NASD also charged that Morgan Stanley falsely claimed in many of those proceedings that such email had been destroyed. In fact, according to the complaint, Morgan Stanley possessed millions of pre-September 11 emails that had been restored to its system shortly after September 11 using back-up tapes. Many other emails were maintained on individual users' computers and were therefore never affected by the attacks, yet Morgan Stanley often failed to search those computers when responding to requests.
NASD also charged that Morgan Stanley later destroyed many of the emails it did possess, in two ways -- by overwriting backup tapes that had been used to restore the emails to the firm's system and by allowing users of the firm's email system to permanently delete the emails over an extended period of time. As a result, the complaint alleges that between September 2001 and March 2005, millions of the emails were destroyed.
"It is essential that firms comply with discovery obligations in arbitration proceedings and respond fully and truthfully to regulatory requests," said James S. Shorris, NASD Executive Vice President and Head of Enforcement. "In this case, we charge that Morgan Stanley's conduct fell far below those standards, with the firm repeatedly making false statements about the existence of important evidence, and failing to provide that evidence in numerous proceedings. The firm's actions undermined the integrity of the regulatory and arbitration processes potentially leaving in question the validity of the outcomes in hundreds of cases."
NASD's complaint charges Morgan Stanley with violating NASD rules by failing to produce email in its possession in numerous customer arbitration proceedings over the three-and-a-half year period, and by making misrepresentations that it did not have such email in numerous proceedings. The complaint also charges Morgan Stanley with violating NASD rules by failing to produce the email to a number of regulators, including NASD, and by falsely representing that the email had been destroyed. For instance, NASD charged that in an NASD investigation into the firm's fee-based brokerage practices, Morgan Stanley falsely claimed that it did not have pre-October 2001 email and failed to produce over 12,000 emails and attachments in response to an NASD request. By the time the firm conducted the search that led to the production of these emails, the firm had already deleted millions of other emails from its servers and the regulatory matter at issue had been settled (see the August 2005 NASD news release NASD Orders Morgan Stanley to Pay Over $6.1 Million for Fee-Based Account Violations; Firm's Customers to Receive $4.6 Million in Restitution).
NASD also charged that Morgan Stanley violated recordkeeping rules by destroying many of the emails it did possess, failed to implement procedures providing for the retention of email, and failed to adopt adequate procedures governing searches for email in response to requests by regulators and in arbitration proceedings.
To view the entire article, click here
---------------------------------------------------
Source: PRNEWSWIRE
INTERNET LAW - E-Discovery Rules Demand New Legal Planning
A Five-Step Plan
The long wait is over, and the new Federal Rules of Civil Procedure are now a daily reality for litigants and their counsel, who can and should do much more than wait for the filing of their first case under the new rules. For those who do not frequent the federal courtroom, be aware that many states are adopting similarly worded, if not more onerous rules, while courts in jurisdictions with no explicit guidance are left to their own resources, often with harsh results for unwary litigants.
At the very least, any business with even the most basic Information System (i.e., word processing, e-mail and/or any type of enterprise network) should take the following five steps, as the changes in the law make fair game the discovery of any and all "electronically stored information," a catch phrase inserted across the new rules to eliminate the distinctions between paper documents and the exponentially larger volumes of data that must now be accounted for.
1. Identify IT contact or technical liaison to assist with legal needs.
This is a new one, having counsel go directly to IT personnel to inquire of and even challenge their knowledge of the corporate systems. One of the most frequently quoted passages from the series of cases that have defined electronic discovery obligations requires that "Counsel must become fully familiar with her client's document retention policies as well as the client's data retention architecture," which "will invariably involve speaking with information technology personnel, who can explain system-wide backup procedures and the actual (as opposed to theoretical) implementation of the firm's recycling policy."1
Some jurisdictions, including the U.S. District Court for the District of New Jersey (L. Civ. R. 26.1(d)(1)), expressly require counsel to "identify a person or persons with knowledge about the client's information management systems ... with the ability to facilitate, through counsel, reasonably anticipated discovery." (Emphasis added.) In addition to satisfying what many jurisdictions consider to be an express obligation, the IT contact will also be the person to best assist with the remaining four steps below.
2. Understand the "document" retention policies, as they apply to "electronically stored information."
Revised Fed. R. Civ. P. 37 contains a "safe harbor provision" that allows litigants to avoid sanctions for the loss, alteration or destruction of evidence as the result of the "routine, good faith operation of an electronic information system." The best way to demonstrate good faith routine operation is by demonstrating the existence of a well-thought-out document retention policy, one that embodies the realization that the storage of data is expensive and spells out the instances in which it is not justified. In short, the policy on retention will necessarily encompass deletion or destruction of data, and will withstand the scrutiny of hindsight much better when it is shown that the policy was created and enforced in good faith toward the goal of efficient business operations. In applying such policies, however, parties have a duty to suspend automatic deletion through the enactment of "litigation hold" exceptions for information that is relevant to present or anticipated litigation. In other words, a company cannot "routinely discard" information that it reasonably could have preserved and had actual or constructive notice of the duty to do so.
To view the entire article, click here
---------------------------------------------------
Source: Internet_Business_Law
By: John J. Coughlin, Duane Morris LLP
The long wait is over, and the new Federal Rules of Civil Procedure are now a daily reality for litigants and their counsel, who can and should do much more than wait for the filing of their first case under the new rules. For those who do not frequent the federal courtroom, be aware that many states are adopting similarly worded, if not more onerous rules, while courts in jurisdictions with no explicit guidance are left to their own resources, often with harsh results for unwary litigants.
At the very least, any business with even the most basic Information System (i.e., word processing, e-mail and/or any type of enterprise network) should take the following five steps, as the changes in the law make fair game the discovery of any and all "electronically stored information," a catch phrase inserted across the new rules to eliminate the distinctions between paper documents and the exponentially larger volumes of data that must now be accounted for.
1. Identify IT contact or technical liaison to assist with legal needs.
This is a new one, having counsel go directly to IT personnel to inquire of and even challenge their knowledge of the corporate systems. One of the most frequently quoted passages from the series of cases that have defined electronic discovery obligations requires that "Counsel must become fully familiar with her client's document retention policies as well as the client's data retention architecture," which "will invariably involve speaking with information technology personnel, who can explain system-wide backup procedures and the actual (as opposed to theoretical) implementation of the firm's recycling policy."1
Some jurisdictions, including the U.S. District Court for the District of New Jersey (L. Civ. R. 26.1(d)(1)), expressly require counsel to "identify a person or persons with knowledge about the client's information management systems ... with the ability to facilitate, through counsel, reasonably anticipated discovery." (Emphasis added.) In addition to satisfying what many jurisdictions consider to be an express obligation, the IT contact will also be the person to best assist with the remaining four steps below.
2. Understand the "document" retention policies, as they apply to "electronically stored information."
Revised Fed. R. Civ. P. 37 contains a "safe harbor provision" that allows litigants to avoid sanctions for the loss, alteration or destruction of evidence as the result of the "routine, good faith operation of an electronic information system." The best way to demonstrate good faith routine operation is by demonstrating the existence of a well-thought-out document retention policy, one that embodies the realization that the storage of data is expensive and spells out the instances in which it is not justified. In short, the policy on retention will necessarily encompass deletion or destruction of data, and will withstand the scrutiny of hindsight much better when it is shown that the policy was created and enforced in good faith toward the goal of efficient business operations. In applying such policies, however, parties have a duty to suspend automatic deletion through the enactment of "litigation hold" exceptions for information that is relevant to present or anticipated litigation. In other words, a company cannot "routinely discard" information that it reasonably could have preserved and had actual or constructive notice of the duty to do so.
To view the entire article, click here
---------------------------------------------------
Source: Internet_Business_Law
By: John J. Coughlin, Duane Morris LLP
HOW TO USE METADATA AS AN EXAMINATION TOOL
In today’s computer dependant world, the zealous advocate must be able to navigate his way through every conceivable form of discovery in order to effectively represent his or her client. Failure to seek the appropriate records or the failure to respond to discovery requests with the appropriate electronic discovery knowledge could potentially expose both client and attorney to the risk of sanctions for discovery abuses and/or result in the spoliation of evidence. Knowledge of the electronic evidence is crucial to any attorney hoping to retain clients. Once electronic evidence is in hand though, an attorney faces additional obstacles, specifically, regarding how to properly use such evidence. Gaining a true understanding of metadata can mean the difference between success and failure.Metadata is more than simple electronic evidence. General electronic discovery typically considers easily accessible electronic files, such as those on an active network file server. Metadata is more obscure and difficult to locate, and is found through an examination of often hidden and deleted files, or even left over file fragments that were supposed to be deleted. Specifically, metadata describes how, when and by whom particular set of data is collected and formatted. Metadata can often be thought of as the “DNA” of documents. It is hidden from view and often contains the most damaging information. Discovering the metadata behind a piece of data, such as a document or spreadsheet, can reveal the authors of the document, all comments and edits made and any other trait related to its creation. Mining for metadata is the newest tool in the ongoing battle between those seeking to conceal and those seeking to reveal electronic evidence.
The “hard” paper evidence obtained throughout the discovery process only reflects the most recent form of the document, and often does not reveal the most useful information. Direct or cross examination based strictly on the hard copy document restricts the examiner to questions regarding the information only contained on the printed page. It is therefore difficult to determine the document’s authenticity, its author and any edits made while the copy was still a work in progress. Often times though, these documents were created in a word processing program such as Microsoft Word, which leaves a trail of information regarding the life of the document itself. The use of a skilled attorney or a forensic examiner can lead to the discovery of every detail regarding the document.
The metadata contained in documents will include ‘tags’ and information regarding when and by whom the document was created, what changes were ever made to the document, and even what else may have been on the creator’s computer screen when making the document. For example, a forensic examination of a single fax cover letter can reveal not only the name and fax number but can also reveal every message sent by that user, using the same fax template. The metadata can reveal this information because when text is deleted using a word processor program, it is never truly removed from the document. In reality, when deleting the text the processor is simply instructed not to print or display the data. Knowledge of what the creator thought was deleted can be an extremely useful tool, for persuasive, substantive and impeachment purposes throughout the trial.
The hiring of an expert Data Forensics Expert may well be a justified expense when in the best interests of a client. The examiner will be able to help paint a picture by providing a story line with corroborating evidence including creation and edits dates, authorship, all communications regarding the document and potentially even the intent behind the acts. Such experts should be used in cases where substantial hidden digital evidence may exist. This is not restricted to intellectual property cases, but may involve every area of law, including family law, breach of contract, discrimination and sexual harassment.
To view the entire article, click here
---------------------------------------------------
Source: E-Legal_Lawyer
The “hard” paper evidence obtained throughout the discovery process only reflects the most recent form of the document, and often does not reveal the most useful information. Direct or cross examination based strictly on the hard copy document restricts the examiner to questions regarding the information only contained on the printed page. It is therefore difficult to determine the document’s authenticity, its author and any edits made while the copy was still a work in progress. Often times though, these documents were created in a word processing program such as Microsoft Word, which leaves a trail of information regarding the life of the document itself. The use of a skilled attorney or a forensic examiner can lead to the discovery of every detail regarding the document.
The metadata contained in documents will include ‘tags’ and information regarding when and by whom the document was created, what changes were ever made to the document, and even what else may have been on the creator’s computer screen when making the document. For example, a forensic examination of a single fax cover letter can reveal not only the name and fax number but can also reveal every message sent by that user, using the same fax template. The metadata can reveal this information because when text is deleted using a word processor program, it is never truly removed from the document. In reality, when deleting the text the processor is simply instructed not to print or display the data. Knowledge of what the creator thought was deleted can be an extremely useful tool, for persuasive, substantive and impeachment purposes throughout the trial.
The hiring of an expert Data Forensics Expert may well be a justified expense when in the best interests of a client. The examiner will be able to help paint a picture by providing a story line with corroborating evidence including creation and edits dates, authorship, all communications regarding the document and potentially even the intent behind the acts. Such experts should be used in cases where substantial hidden digital evidence may exist. This is not restricted to intellectual property cases, but may involve every area of law, including family law, breach of contract, discrimination and sexual harassment.
To view the entire article, click here
---------------------------------------------------
Source: E-Legal_Lawyer
Tuesday, December 19, 2006
Storage Tip: What errors of data classification can you afford?
What seems to be the problem? As a result of recent changes to the Federal Rules of Civil Procedure (FRCP), you must carefully preserve all relevant data (i.e., data that needs to be saved as possible evidence in litigation). But what is relevant data? Now you can preserve all of your data, but that would be manageably burdensome and costly just to unnecessarily preserve data that is not relevant for e-discovery purposes. But separating the relevant data wheat from the irrelevant data chaff may seem intractable. How might you think about the problem?
What do you need to know? For a change, let's do a little Statistics 101 and see how it applies to preserving only the data that you need. (Don't worry; there won't be a quiz.) There are two types of errors that can be made in the significance testing of a hypothesis. A Type I error means that a true null hypothesis is incorrectly rejected. From a data classification perspective, that would mean incorrectly destroying (i.e. rejecting) data that should be preserved. A Type II "error" (technically, it is not an error) is not rejecting a hypothesis when the hypothesis is false. From a data classification perspective, that means preserving data that really has no useful value for discovery purposes is being preserved.
Now you do not want to commit either error. Alas, in an imperfect world with all the complex data that you possess you may not be able to separate it properly. If you must err, on which side should you err? And that gets into a discussion of asymmetry of value for committing each type of error.
Permit me to use a personal example as an illustration of asymmetry. For years on the way to work, I crossed a railroad track in a rural wooded area and never saw a train. Then one day the lights (no gates) at the crossing were flashing and continued to flash. After awhile when no train appeared, I got out of my car to take a closer look (as visibility because of the trees was quite restricted). No train was coming so I cautiously drove across the tracks. A few days later the lights flashed again and once again there was no train. However, on the third time, when I was just getting out of my car to take a look, a train appeared! Now my stopping the first two times was a Type II "error" since the hypothesis that a train was coming was false, but I stopped anyway. The penalty was the "unnecessary" loss of a few minutes each time. However, if I had continued without stopping on the third occasion that would have been a Type I error since the hypothesis that a train was coming was true, but if I had not stopped, that would have been a rejection of a true hypothesis. The penalty would have been a fatal accident.
To view the entire article, click here
---------------------------------------------------
Source: storage.itworld.com
By: David Hill, Mesabi Group
What do you need to know? For a change, let's do a little Statistics 101 and see how it applies to preserving only the data that you need. (Don't worry; there won't be a quiz.) There are two types of errors that can be made in the significance testing of a hypothesis. A Type I error means that a true null hypothesis is incorrectly rejected. From a data classification perspective, that would mean incorrectly destroying (i.e. rejecting) data that should be preserved. A Type II "error" (technically, it is not an error) is not rejecting a hypothesis when the hypothesis is false. From a data classification perspective, that means preserving data that really has no useful value for discovery purposes is being preserved.
Now you do not want to commit either error. Alas, in an imperfect world with all the complex data that you possess you may not be able to separate it properly. If you must err, on which side should you err? And that gets into a discussion of asymmetry of value for committing each type of error.
Permit me to use a personal example as an illustration of asymmetry. For years on the way to work, I crossed a railroad track in a rural wooded area and never saw a train. Then one day the lights (no gates) at the crossing were flashing and continued to flash. After awhile when no train appeared, I got out of my car to take a closer look (as visibility because of the trees was quite restricted). No train was coming so I cautiously drove across the tracks. A few days later the lights flashed again and once again there was no train. However, on the third time, when I was just getting out of my car to take a look, a train appeared! Now my stopping the first two times was a Type II "error" since the hypothesis that a train was coming was false, but I stopped anyway. The penalty was the "unnecessary" loss of a few minutes each time. However, if I had continued without stopping on the third occasion that would have been a Type I error since the hypothesis that a train was coming was true, but if I had not stopped, that would have been a rejection of a true hypothesis. The penalty would have been a fatal accident.
To view the entire article, click here
---------------------------------------------------
Source: storage.itworld.com
By: David Hill, Mesabi Group
Electronic Records Management -- For Most, It's Still "Waiting for Godot"
December 19, 2006 -- AIIM - The Enterprise Content Management Association releases results from its new Industry Watch study on Electronic Records Management (ERM). The study of over 800 end users, sponsored by Xerox Global Services (NYSE: XRX), found that end users still do not place sufficient emphasis on managing electronically stored information, and user confidence in this area lags behind that expressed for paper-based information.
"Many records management programs just cover the tip of the iceberg," states AIIM President John F. Mancini. "As the survey pushed participants for more granularities with regards to their records and information management program, it became apparent that many end users have yet to address important elements in a truly comprehensive program."
Download the Executive Summary at http://www.aiim.org/article-industrywatch.asp?ID=32316
Organizations -- especially medium-sized ones -- are vulnerable to new e-Discovery rules. "There are some aspects of the new e-Discovery rules announced December 1, 2006 (such as the safe harbor for inadvertent deletions) that are positive, given the extremely ambiguous legal environment that exists for 'electronically stored information' (the term used in the new rules)," says Mr. Mancini. "However, as is evident from the results of this survey (and other AIIM Industry Watch surveys), the expectation that the new rules create -- that organizations have control over their electronically stored information -- is problematic at best for most organizations."
In searching for an Electronic Records solution, organizations stress the basics. The decision to implement an electronic records management solution hinges on three primary drivers: "improve efficiency and productivity," "compliance," and "risk management/business continuity." It is surprising that even in a survey specifically focused on records management, and with a sample dominated by "document management specialists," the "productivity" and "efficiency" benefits of RM technologies are understood and valued.
To view the entire release, click here
---------------------------------------------------
Source: MarketWire
"Many records management programs just cover the tip of the iceberg," states AIIM President John F. Mancini. "As the survey pushed participants for more granularities with regards to their records and information management program, it became apparent that many end users have yet to address important elements in a truly comprehensive program."
Download the Executive Summary at http://www.aiim.org/article-industrywatch.asp?ID=32316
Organizations -- especially medium-sized ones -- are vulnerable to new e-Discovery rules. "There are some aspects of the new e-Discovery rules announced December 1, 2006 (such as the safe harbor for inadvertent deletions) that are positive, given the extremely ambiguous legal environment that exists for 'electronically stored information' (the term used in the new rules)," says Mr. Mancini. "However, as is evident from the results of this survey (and other AIIM Industry Watch surveys), the expectation that the new rules create -- that organizations have control over their electronically stored information -- is problematic at best for most organizations."
In searching for an Electronic Records solution, organizations stress the basics. The decision to implement an electronic records management solution hinges on three primary drivers: "improve efficiency and productivity," "compliance," and "risk management/business continuity." It is surprising that even in a survey specifically focused on records management, and with a sample dominated by "document management specialists," the "productivity" and "efficiency" benefits of RM technologies are understood and valued.
To view the entire release, click here
---------------------------------------------------
Source: MarketWire
Redirecting the E-Mail Onslaught
Automating the e-mail discovery process proves fruitful for Transatlantic Reinsurance Co.
Any attorney or in-house counsel who relies on e-mail for evidence or litigation support knows that e-mail discovery is among the most mind-numbing, inefficient processes that enterprises face. And in today's highly regulated business climate, e-mail messages have become one of the most scrutinized and sought after categories of business records.
Transatlantic Reinsurance Company, Inc. better known as "TRC," is one of the largest publicly traded reinsurers in the industry, and like all other players in that industry, we face increasing oversight over business transactions -- particularly relating to e-mail. As a result, our legal and IT teams are responsible for searching through and reviewing tens of thousands of messages to find pertinent e-mails related to inquiries. These examinations are almost always subject to fairly tight deadlines.
THE PERSISTENCE OF E-MAIL
The challenge with e-mail is that retention policies are difficult to police at best, and e-mail never really goes away.
As a result, companies like TRC have ended up with literally millions of messages stored on multiple servers.
Prior to automating our retrieval and analysis process, our IT team spent between one and three days processing each keyword inquiry.
Depending on the number of "hits" returned, our lawyers then had thousands of e-mails to review for relevance and privilege.
Each time a regulator returned with a new keyword request, an entirely new search had to be initiated. In instances where historical data were needed from tapes or other long-term media, the IT department would inevitably need to add at least another week to the process. Once the search was complete, we had to cull the duplicate hits caused by getting the same e-mail from any number of recipients. As a result, our legal personnel ended up spending days organizing and analyzing the results. In one instance, a review of 11,000 messages generated by a keyword search determined that approximately 50 percent were duplicates and another 40 percent were spam or irrelevant. In the end, less than 10 percent were actually relevant.
To view the entire article, click here
---------------------------------------------------
Source: Law.com
By: Edward Kelley
Any attorney or in-house counsel who relies on e-mail for evidence or litigation support knows that e-mail discovery is among the most mind-numbing, inefficient processes that enterprises face. And in today's highly regulated business climate, e-mail messages have become one of the most scrutinized and sought after categories of business records.
Transatlantic Reinsurance Company, Inc. better known as "TRC," is one of the largest publicly traded reinsurers in the industry, and like all other players in that industry, we face increasing oversight over business transactions -- particularly relating to e-mail. As a result, our legal and IT teams are responsible for searching through and reviewing tens of thousands of messages to find pertinent e-mails related to inquiries. These examinations are almost always subject to fairly tight deadlines.
THE PERSISTENCE OF E-MAIL
The challenge with e-mail is that retention policies are difficult to police at best, and e-mail never really goes away.
As a result, companies like TRC have ended up with literally millions of messages stored on multiple servers.
Prior to automating our retrieval and analysis process, our IT team spent between one and three days processing each keyword inquiry.
Depending on the number of "hits" returned, our lawyers then had thousands of e-mails to review for relevance and privilege.
Each time a regulator returned with a new keyword request, an entirely new search had to be initiated. In instances where historical data were needed from tapes or other long-term media, the IT department would inevitably need to add at least another week to the process. Once the search was complete, we had to cull the duplicate hits caused by getting the same e-mail from any number of recipients. As a result, our legal personnel ended up spending days organizing and analyzing the results. In one instance, a review of 11,000 messages generated by a keyword search determined that approximately 50 percent were duplicates and another 40 percent were spam or irrelevant. In the end, less than 10 percent were actually relevant.
To view the entire article, click here
---------------------------------------------------
Source: Law.com
By: Edward Kelley
Monday, December 18, 2006
Kroll Ontrack Joins Safe Harbor
MINNEAPOLIS--(BUSINESS WIRE)--Kroll Ontrack, the industry’s largest provider of electronic and paper-based document discovery and computer forensics services, today announced its formal registration as compliant with the Safe Harbor framework, a set of standards developed by the U.S. Department of Commerce and European Commission in order to bridge the gap between the data privacy approaches of the two regions. Compliance with the Directive will demonstrate to Kroll Ontrack clients that the practices of the company meet European requirements for data privacy protection and will further streamline data transfers between Europe and the United States when necessary. Kroll Ontrack is the only electronic discovery provider of the top five vendors named in the 2006 AmLaw Tech survey to join the Safe Harbor.
“As part of the Safe Harbor framework, our potential clients can be certain we adhere to the ‘adequate protection’ requirements for personal data, as put forth by the European Commission’s Directive on Data Protection,” said Kristin Nimsger, vice president of Legal Technologies at Kroll Ontrack. “Compliance with this initiative eliminates the need to negotiate separate data privacy contracts for every transfer of data from each European country involved in a project, and better enables us to meet our clients’ time-sensitive deadlines.”
“Our clients’ engagements have grown increasingly international and complex in that many of our cases now involve the collection, transfer and processing of electronic data from multiple jurisdictions throughout the world,” said Ben Allen, president of Kroll Ontrack. “Participation in the Safe Harbor framework allows those clients who desire an entire project to be centrally processed and managed in the United States the ability to do so. This represents Kroll Ontrack’s continued commitment to our global network of clients by protecting the privacy and confidentiality of the data entrusted to us.”
The European Commission’s Directive on Data Protection prohibits the transfer of personal data to non-European nations that do not meet the European “adequacy" standard for privacy protection. Established in 2000 as a solution to the unique approaches to data privacy between the U.S. and E.U., the Safe Harbor framework enables U.S. companies who comply to more efficiently serve the needs of their European customers and minimize delays in the transfer of data that could arise as a result of European privacy laws.
Adherence to the Safe Harbor framework ensures clients that data can be lawfully transferred from the European Union to the United States for processing in connection with an electronic discovery engagement. Given its global presence, in addition to the Safe Harbor framework, Kroll Ontrack continues to provide local data collection, processing, review and production from its offices throughout Europe, including its main office in London, so that clients may be comprehensively served both inside and outside of the United States.
To view the entire article, click here
---------------------------------------------------
Source: BusinessWire
“As part of the Safe Harbor framework, our potential clients can be certain we adhere to the ‘adequate protection’ requirements for personal data, as put forth by the European Commission’s Directive on Data Protection,” said Kristin Nimsger, vice president of Legal Technologies at Kroll Ontrack. “Compliance with this initiative eliminates the need to negotiate separate data privacy contracts for every transfer of data from each European country involved in a project, and better enables us to meet our clients’ time-sensitive deadlines.”
“Our clients’ engagements have grown increasingly international and complex in that many of our cases now involve the collection, transfer and processing of electronic data from multiple jurisdictions throughout the world,” said Ben Allen, president of Kroll Ontrack. “Participation in the Safe Harbor framework allows those clients who desire an entire project to be centrally processed and managed in the United States the ability to do so. This represents Kroll Ontrack’s continued commitment to our global network of clients by protecting the privacy and confidentiality of the data entrusted to us.”
The European Commission’s Directive on Data Protection prohibits the transfer of personal data to non-European nations that do not meet the European “adequacy" standard for privacy protection. Established in 2000 as a solution to the unique approaches to data privacy between the U.S. and E.U., the Safe Harbor framework enables U.S. companies who comply to more efficiently serve the needs of their European customers and minimize delays in the transfer of data that could arise as a result of European privacy laws.
Adherence to the Safe Harbor framework ensures clients that data can be lawfully transferred from the European Union to the United States for processing in connection with an electronic discovery engagement. Given its global presence, in addition to the Safe Harbor framework, Kroll Ontrack continues to provide local data collection, processing, review and production from its offices throughout Europe, including its main office in London, so that clients may be comprehensively served both inside and outside of the United States.
To view the entire article, click here
---------------------------------------------------
Source: BusinessWire
Stock Finds in 'E-Discovery'
The widespread stock-options investigations have forced companies to spend millions of dollars to collect, sift, restore and review massive amounts of old emails and other electronic documents to pinpoint any unscrupulous behavior.
But having to quickly locate important documents is not limited to nefarious cases -- it's part of doing business now. Huge amounts of electronic documents, emails, instant messages and text messages all fall into the record-keeping basket in the digital age, and there is a growing list of rules requiring companies to manage the information.
Thus far, companies that can step in with the tools and expertise to assist in what's called e-discovery and litigation consulting seem to be little known, but they should be on investors' radar.
"This is a booming space that's basically tied to the data explosion that's occurred with digital communications," says Colin Gillis, an analyst with Canaccord Adams who covers several companies that provide e-discovery services. And the options backdating situation "is a good catalyst."
"Interest rates go up and down, technology spending and oil prices go up and down," Gillis says. "High-stakes litigation is going to be around."
With hundreds of tools and vendors, the e-discovery market is fragmented and confusing, making the market size difficult to judge, Forrester analyst Barry Murphy wrote in a December report. He estimates that e-discovery technology spending alone (not including consulting services or forensic work) will jump from $1.4 billion this year to over $4.8 billion by 2011, "as enterprises realize that they have no choice but to prepare for electronic discovery."
To view the entire article, click here
---------------------------------------------------
Source: TheStreet
By: Katie Dean
But having to quickly locate important documents is not limited to nefarious cases -- it's part of doing business now. Huge amounts of electronic documents, emails, instant messages and text messages all fall into the record-keeping basket in the digital age, and there is a growing list of rules requiring companies to manage the information.
Thus far, companies that can step in with the tools and expertise to assist in what's called e-discovery and litigation consulting seem to be little known, but they should be on investors' radar.
"This is a booming space that's basically tied to the data explosion that's occurred with digital communications," says Colin Gillis, an analyst with Canaccord Adams who covers several companies that provide e-discovery services. And the options backdating situation "is a good catalyst."
"Interest rates go up and down, technology spending and oil prices go up and down," Gillis says. "High-stakes litigation is going to be around."
With hundreds of tools and vendors, the e-discovery market is fragmented and confusing, making the market size difficult to judge, Forrester analyst Barry Murphy wrote in a December report. He estimates that e-discovery technology spending alone (not including consulting services or forensic work) will jump from $1.4 billion this year to over $4.8 billion by 2011, "as enterprises realize that they have no choice but to prepare for electronic discovery."
To view the entire article, click here
---------------------------------------------------
Source: TheStreet
By: Katie Dean
United States: Federal Courts Adopt Electronic Discovery Rules
For the first time, the Federal Rules of Civil Procedure (FRCP) explicitly recognize electronically stored information (or "e-discovery") as requiring specific rules governing discovery. The amendments, effective December 1, 2006, broadly incorporate e-discovery as subject to disclosure requirements, and provide a framework for resolving related issues.
The amendments aim to strike a balance between the duty to preserve and produce e-discovery while recognizing that certain forms can be too burdensome to retrieve. A safe harbor from sanctions is also included for circumstances in which e-discovery is automatically deleted as part of "good-faith" "routine" system operations; in other words, deleted without any intent to destroy evidence. The amendments recognize the increased risk of a party inadvertently disclosing privileged information due to the dynamic and voluminous nature of e-discovery, offering procedures to minimize and resolve such situations.
In sum, the e-discovery amendments:
* Explicitly recognize e-discovery as information in which a party has the duty to preserve, search and disclose;
* Require parties to discuss early on (and alert the court of) anticipated e-discovery issues, including production form, the ease of review, and potential for inadvertently disclosing privileged documents;
* Provide a default standard for parties to produce e-discovery as it is "ordinarily maintained or reasonably usable," except where it is shown that such information is "not accessible because of undue burden or cost;"
* Create a safe harbor from sanctions where a party fails to preserve e-discovery as a result of routine, good-faith computer operations systems; and
* Add procedures for protecting inadvertently disclosed privileged information, given the increasing risk of producing privileged information in dynamic e-discovery forms.
E-Discovery Must be Reasonably Preserved, Searched for, and Disclosed
The new rules recognize it was becoming "increasingly difficult" to fit all forms of e-discovery into the conventional notion of a "document." The amendments confirm e-discovery stands on equal footing with discovery of traditional paper documents. Thus, business records searches conducted in response to discovery requests must now include a search of e-discovery. The amendments are intended to reach an expansive and broad range of e-discovery, including e-mail, electronic spreadsheets, sound files and material from databases. The concept of e-discovery is flexible to adapt to developing technologies.
To view the entire article, click here
---------------------------------------------------
Source: Mondaq
By: David E. Novitski and Erin R. Ranahan
The amendments aim to strike a balance between the duty to preserve and produce e-discovery while recognizing that certain forms can be too burdensome to retrieve. A safe harbor from sanctions is also included for circumstances in which e-discovery is automatically deleted as part of "good-faith" "routine" system operations; in other words, deleted without any intent to destroy evidence. The amendments recognize the increased risk of a party inadvertently disclosing privileged information due to the dynamic and voluminous nature of e-discovery, offering procedures to minimize and resolve such situations.
In sum, the e-discovery amendments:
* Explicitly recognize e-discovery as information in which a party has the duty to preserve, search and disclose;
* Require parties to discuss early on (and alert the court of) anticipated e-discovery issues, including production form, the ease of review, and potential for inadvertently disclosing privileged documents;
* Provide a default standard for parties to produce e-discovery as it is "ordinarily maintained or reasonably usable," except where it is shown that such information is "not accessible because of undue burden or cost;"
* Create a safe harbor from sanctions where a party fails to preserve e-discovery as a result of routine, good-faith computer operations systems; and
* Add procedures for protecting inadvertently disclosed privileged information, given the increasing risk of producing privileged information in dynamic e-discovery forms.
E-Discovery Must be Reasonably Preserved, Searched for, and Disclosed
The new rules recognize it was becoming "increasingly difficult" to fit all forms of e-discovery into the conventional notion of a "document." The amendments confirm e-discovery stands on equal footing with discovery of traditional paper documents. Thus, business records searches conducted in response to discovery requests must now include a search of e-discovery. The amendments are intended to reach an expansive and broad range of e-discovery, including e-mail, electronic spreadsheets, sound files and material from databases. The concept of e-discovery is flexible to adapt to developing technologies.
To view the entire article, click here
---------------------------------------------------
Source: Mondaq
By: David E. Novitski and Erin R. Ranahan
Email Gets More Outsourced Options
A slew of newcomers are using promises of compliance to push email management services, in a trend that could mean growth in outsourced options.
Recent announcements include MX Logic, a four-year-old firm based in Colo., which today unveiled MX Logic Message Archiving, a nationwide Web-based email service based on technology from ContentFast. (See MX Logic Adds Archiving Service.)
Aimed at SMB customers, the new service is being rolled out in the first quarter of 2007, but MX Logic is engaged in a trial offering with 30 accounts. For a monthly subscription fee of $13 per user, a company can host all email offsite, using a secure Web connection that requires no on-site hardware or software.
But the key functions include surveillance of outgoing messages and compliance archiving. This more full-featured service will bring the cost to $16 per user.
In news last week, Austin, Texas-based MessageOne announced EMS Archive, a suite of hosted services that includes archiving, legal discovery, and compliance control for corporate email. Based on proprietary technology, the service starts at about $3 per mailbox per month.
Email archiving as a service is a model that's worked best for Iron Mountain and Zantaz, both of which presently dominate the market for email archiving services, according to the Radicati Group consultancy. (See Smoke Clears for Iron Mountain.) "The demand is there. There's obviously room for growth, but competition hasn't been there," says Radicati senior analyst Masha Khmartseva.
The Radicati Group has put the 2006 worldwide revenue figure for outsourced email archiving at $248 million; but by 2009, the firm predicts that figure will be $1.3 billion.
To view the entire article, click here
---------------------------------------------------
Source: ByteandSwitch
Recent announcements include MX Logic, a four-year-old firm based in Colo., which today unveiled MX Logic Message Archiving, a nationwide Web-based email service based on technology from ContentFast. (See MX Logic Adds Archiving Service.)
Aimed at SMB customers, the new service is being rolled out in the first quarter of 2007, but MX Logic is engaged in a trial offering with 30 accounts. For a monthly subscription fee of $13 per user, a company can host all email offsite, using a secure Web connection that requires no on-site hardware or software.
But the key functions include surveillance of outgoing messages and compliance archiving. This more full-featured service will bring the cost to $16 per user.
In news last week, Austin, Texas-based MessageOne announced EMS Archive, a suite of hosted services that includes archiving, legal discovery, and compliance control for corporate email. Based on proprietary technology, the service starts at about $3 per mailbox per month.
Email archiving as a service is a model that's worked best for Iron Mountain and Zantaz, both of which presently dominate the market for email archiving services, according to the Radicati Group consultancy. (See Smoke Clears for Iron Mountain.) "The demand is there. There's obviously room for growth, but competition hasn't been there," says Radicati senior analyst Masha Khmartseva.
The Radicati Group has put the 2006 worldwide revenue figure for outsourced email archiving at $248 million; but by 2009, the firm predicts that figure will be $1.3 billion.
To view the entire article, click here
---------------------------------------------------
Source: ByteandSwitch
Federal rules make storing e-mail mandatory
If your business is sued for copyright infringement, restraint of trade or employment discrimination, having a means in place to track electronic data is critical to successfully defending the case. Otherwise, you're likely to lose -- and pay hefty damages -- even before stepping into a federal courtroom.
On Dec. 1, new federal rules went into effect creating a legal obligation for Florida business owners to store their e-mail messages and other electronic documents for use on demand. The rules are mandatory in all federal cases, including copyright or trademark infringement matters, securities or antitrust claims, cases involving the Americans with Disabilities Act and other employment lawsuits.
Under the new rules, both parties in a lawsuit must disclose their electronically stored information, along with any other materials they plan to use to prove their cases.
That means Florida business owners need to know exactly what information is stored on their networks, individual computers and electronic archives -- and how that information can be used to support their legal position.
Small-business owners can no longer use the excuse that they have not been able to go through their e-mail archives in time for the initial disclosures.
Therefore, the failure to produce information may prevent business owners from using that information, which may be the best evidence in their favor at the trial.
What should you do as a small-business owner? Consult with legal counsel in advance rather than waiting to respond to a lawsuit and risk having important evidence excluded from your case. A lawyer will institute litigation hold procedures to preserve relevant electronic information if your business becomes the target of a lawsuit or if you file a lawsuit as the plaintiff. Holding and reviewing electronic data does not necessarily mean every file is delivered to the opposing attorney. That depends on the legal strategy in the case. But preserving electronic data prevents the opposing attorney from arguing that the business owner allowed vital evidence to be destroyed.
To view the entire article, click here
---------------------------------------------------
Source: MiamiHerald
By: THOMAS J. MEEKS
On Dec. 1, new federal rules went into effect creating a legal obligation for Florida business owners to store their e-mail messages and other electronic documents for use on demand. The rules are mandatory in all federal cases, including copyright or trademark infringement matters, securities or antitrust claims, cases involving the Americans with Disabilities Act and other employment lawsuits.
Under the new rules, both parties in a lawsuit must disclose their electronically stored information, along with any other materials they plan to use to prove their cases.
That means Florida business owners need to know exactly what information is stored on their networks, individual computers and electronic archives -- and how that information can be used to support their legal position.
Small-business owners can no longer use the excuse that they have not been able to go through their e-mail archives in time for the initial disclosures.
Therefore, the failure to produce information may prevent business owners from using that information, which may be the best evidence in their favor at the trial.
What should you do as a small-business owner? Consult with legal counsel in advance rather than waiting to respond to a lawsuit and risk having important evidence excluded from your case. A lawyer will institute litigation hold procedures to preserve relevant electronic information if your business becomes the target of a lawsuit or if you file a lawsuit as the plaintiff. Holding and reviewing electronic data does not necessarily mean every file is delivered to the opposing attorney. That depends on the legal strategy in the case. But preserving electronic data prevents the opposing attorney from arguing that the business owner allowed vital evidence to be destroyed.
To view the entire article, click here
---------------------------------------------------
Source: MiamiHerald
By: THOMAS J. MEEKS
Sunday, December 17, 2006
Securing data storage
Data protection
Symantec’s US$13.5 billion acquisition of Veritas and, more recently, EMC’s US$2.1 billion purchase of RSA Security, are just some of the many indications that storage and security are consolidating.
In fact, in the last two years we have seen several storage and security players converging in a bid to reinvent themselves, as the line that separates the storage and security markets continues to blur.
The trend gathered steam with Network Appliance (NetApp) buying security appliance company Decru 18 months ago to bolster its portfolio of data protection solutions, and, since then, other vendors followed suit.
The actual integration of security and storage has been happening for some time, but it was only recently that the convergence started gaining momentum.
“We saw this shift, in the past, where a number of storage and security vendors came together and started either cooperating together — without being acquired — but they went to the market with some sort of reselling or OEM [original equipment manufacturer] partnership for approaching customers together,” notes Abdul Karim Riyaz, CA’s regional director for storage and protection in Europe, Middle East and Africa’s (EMEA) Eastern markets.
“We also saw certain acquisitions happening with companies coming together,” he adds.
There are several key reasons why security is fast becoming an indispensable element of storage.
The widespread use of the internet and other web technologies, along with wireless and mobile access, for instance, all allow company data to be more readily available to third-party organisations, such as customers, partners and vendors.
If previously, their data was only accessible internally with very little traffic passing into the insecure outside world, now that web-based interactions are becoming more common, many of the companies’ internal applications and information are being opened up to, almost, anyone.
With their data no longer confined within their organisation’s perimeter, IT managers have come to realise that whatever security measures they had in place for their storage systems before should be considered compromised.
Storage now requires the same level of protection as other elements of the network.
To view the entire article, click here
---------------------------------------------------
Source: ITP.net
By: Peter Branton
Symantec’s US$13.5 billion acquisition of Veritas and, more recently, EMC’s US$2.1 billion purchase of RSA Security, are just some of the many indications that storage and security are consolidating.
In fact, in the last two years we have seen several storage and security players converging in a bid to reinvent themselves, as the line that separates the storage and security markets continues to blur.
The trend gathered steam with Network Appliance (NetApp) buying security appliance company Decru 18 months ago to bolster its portfolio of data protection solutions, and, since then, other vendors followed suit.
The actual integration of security and storage has been happening for some time, but it was only recently that the convergence started gaining momentum.
“We saw this shift, in the past, where a number of storage and security vendors came together and started either cooperating together — without being acquired — but they went to the market with some sort of reselling or OEM [original equipment manufacturer] partnership for approaching customers together,” notes Abdul Karim Riyaz, CA’s regional director for storage and protection in Europe, Middle East and Africa’s (EMEA) Eastern markets.
“We also saw certain acquisitions happening with companies coming together,” he adds.
There are several key reasons why security is fast becoming an indispensable element of storage.
The widespread use of the internet and other web technologies, along with wireless and mobile access, for instance, all allow company data to be more readily available to third-party organisations, such as customers, partners and vendors.
If previously, their data was only accessible internally with very little traffic passing into the insecure outside world, now that web-based interactions are becoming more common, many of the companies’ internal applications and information are being opened up to, almost, anyone.
With their data no longer confined within their organisation’s perimeter, IT managers have come to realise that whatever security measures they had in place for their storage systems before should be considered compromised.
Storage now requires the same level of protection as other elements of the network.
To view the entire article, click here
---------------------------------------------------
Source: ITP.net
By: Peter Branton
iPods being used for data theft
PUNE, DEC 17: Three months ago a large chemical company in Mumbai lost a multi-crore tender by a slender margin. Investigations revealed that the tender documents, blueprints and formula was leaked out. Computer forensics showed that somebody was accessing the USB drive and an employee was carrying an iPod and had used it to down load data. He used the iPod as a USB storage device to steal data and pass it on to the competitor. To evade detection, the file was deleted from the iPod and retrieved later using data recovery tools.
Six months ago, an overseas company that had been working on banking software and was launching the product into the market. They were told by a potential client that they had been offered a similar software by another company but at much lower prices. The overseas company, had worked on this project for three years and had outsourced the project to a Bangalore-based IT company. The entire project team was under suspicion. The man heading the project had used his iPod with an 80 GB capacity to copy the entire software and sold it to a foreign company with whom he started a new company. These two cases were investigated by the Asian School of Cyber Laws (ASCL) but because of NDAs with these companies they are not revealing the names. “Data theft has always been happening but this is a new modus operandi in India. The iPod here was not just used to download and listen to songs but as an external storage device holding any file type,” says R Narayanan, head of Cyber Crime Investigation team at ASCL in Pune.
The iPods or other MP3 players have capacity from one GB to 80 GB that is more than many desk top processors and could be misused. Companies prohibit employees and visitors from carrying personal laptops, palmtops, electronic notebooks and internet or Bluetooth enabled mobile phones into sensitive areas. However, people are not stopped from carrying iPods and other MP3 players into such places.
To view the entire article, click here
---------------------------------------------------
Source: FinancialExpress
Six months ago, an overseas company that had been working on banking software and was launching the product into the market. They were told by a potential client that they had been offered a similar software by another company but at much lower prices. The overseas company, had worked on this project for three years and had outsourced the project to a Bangalore-based IT company. The entire project team was under suspicion. The man heading the project had used his iPod with an 80 GB capacity to copy the entire software and sold it to a foreign company with whom he started a new company. These two cases were investigated by the Asian School of Cyber Laws (ASCL) but because of NDAs with these companies they are not revealing the names. “Data theft has always been happening but this is a new modus operandi in India. The iPod here was not just used to download and listen to songs but as an external storage device holding any file type,” says R Narayanan, head of Cyber Crime Investigation team at ASCL in Pune.
The iPods or other MP3 players have capacity from one GB to 80 GB that is more than many desk top processors and could be misused. Companies prohibit employees and visitors from carrying personal laptops, palmtops, electronic notebooks and internet or Bluetooth enabled mobile phones into sensitive areas. However, people are not stopped from carrying iPods and other MP3 players into such places.
To view the entire article, click here
---------------------------------------------------
Source: FinancialExpress
Saturday, December 16, 2006
E-discovery draws scrutiny
Text messages, information on PDAs, and even home computers now are more likely to become evidence in lawsuits.
Corporate information stored electronically on office desktop computers, laptops and servers long have been the target of discovery motions during litigation, but a federal civil court rule change that went into effect Dec. 1 allows discovery of previously unexplored items including text messages, PDAs, Internet service providers and home computers.
The U.S. Supreme Court approved the rule change.
"Mountains of data will be at risk," says Barney Robinson, a commercial litigation attorney for Butler, Snow, O'Mara, Stevens & Cannada in Jackson.
Butler Snow attorneys list three reasons expanded e-discovery could pose problems:
It offers a rich source of information that plaintiffs haven't considered before.
Potential intrusion into sensitive personal data may pit private interests against corporate interests and increase the pressure to settle a civil case.
E-discovery can wreak economic havoc on an unprepared company.
"I don't think you will see much of a fight about this until attorneys learn more about it," Robinson said.
Tupelo lawyer Jim Waide, who primarily handles cases in federal court, said he wasn't familiar with the rules change and is unsure about the impact.
Jackson lawyer Carlton Reeves, of Pigott, Reeves, Johnson and Minor, said the firm already tends to seek all documents, whether paper or electronic, when filing a motion for discovery evidence to prepare for trial in a lawsuit.
To view the entire release, click here
---------------------------------------------------
Source: Clarionledger
By: Jimmie Gates
Corporate information stored electronically on office desktop computers, laptops and servers long have been the target of discovery motions during litigation, but a federal civil court rule change that went into effect Dec. 1 allows discovery of previously unexplored items including text messages, PDAs, Internet service providers and home computers.
The U.S. Supreme Court approved the rule change.
"Mountains of data will be at risk," says Barney Robinson, a commercial litigation attorney for Butler, Snow, O'Mara, Stevens & Cannada in Jackson.
Butler Snow attorneys list three reasons expanded e-discovery could pose problems:
It offers a rich source of information that plaintiffs haven't considered before.
Potential intrusion into sensitive personal data may pit private interests against corporate interests and increase the pressure to settle a civil case.
E-discovery can wreak economic havoc on an unprepared company.
"I don't think you will see much of a fight about this until attorneys learn more about it," Robinson said.
Tupelo lawyer Jim Waide, who primarily handles cases in federal court, said he wasn't familiar with the rules change and is unsure about the impact.
Jackson lawyer Carlton Reeves, of Pigott, Reeves, Johnson and Minor, said the firm already tends to seek all documents, whether paper or electronic, when filing a motion for discovery evidence to prepare for trial in a lawsuit.
To view the entire release, click here
---------------------------------------------------
Source: Clarionledger
By: Jimmie Gates
Friday, December 15, 2006
Learning the Rules: Lawyers and ESI
In the last two articles, Preserving Data in the Wake of Amended Rule 37(f) and Reacting to the Federal Rules' EDD Changes, we discussed how recent case law and the changes to the Federal Rules of Civil Procedure require a party to assemble a team to preserve potentially discoverable electronically stored information (ESI) within an electronic information system and produce it during discovery. The team will have to know the complete workings of the system, the cost of running it and the costs of electronic discovery production. We also discussed how the nontechnical members of the team would have to learn about ESI and advised how to do so.
Underlying all of these dictates is that the responsibility to preserve and produce electronic discovery lies with counsel, which means that we as lawyers must learn enough about ESI to discuss it intelligently.
That responsibility is no more clearly presented than in requirements of Rules 26(f) and 16(b)(5), which direct the parties to meet and confer "as soon as practicable" but no later than 90 days after the defendant's appearance to discuss "any issues relating to preserving discoverable information" and develop a discovery plan that concerns "any issues relating to disclosure or discovery of electronically stored information." These issues include:
Mandatory disclosure of all ESI under Rule 26(a)(1)(B);
What is not being produced because it is not "reasonably accessible because of undue burden or cost" under Rule 26(b)(2)(B) and so not subject to discovery either at all or without the cost of production shifted to the requesting party;
The form of production; and,
"Claw back" and "quick peek" agreements to provide for the return of privileged documents inadvertently disclosed.
MANDATORY DISCLOSURE
Preparing for the meet and confer provides the best opportunities to come to understand a client's IT system and to perform a self-evaluating reality check as to how well you truly understand that system. This month we will address mandatory disclosure and objections to discovery requests for ESI that is not "reasonably accessible."
The amended rules require that at the meet and confer a party disclose all possible locations of ESI. Recall from last month's article that you have learned from your client's IT staff the answers to questions such as whether data was routinely destroyed by the system; where e-document and e-mail files were saved; was the system upgraded during the relevant discovery period and, if so, did the data from the old system migrate to the present one; whether data resided on backup tapes and what tapes, exactly, were used. These answers will allow you to map the locations of ESI storage in: 1) "local" computers" (e.g., desktops, laptops and PDAs); 2) e-mail and file servers; 3) old "legacy" systems; 4) backup tapes; and 5) off-site storage.
Mandatory disclosure of ESI should easily follow the map.
The map should also allow you to determine what ESI is not "reasonably accessible because of undue burden or cost" under Rule 26(b)(2)(B). To make that determination you will need to know the answers to some basic questions. Foremost is whether the different ESI locations store different, or merely duplicate, data. Obviously, duplicate data need not be produced. The more typical, and difficult, situation is when there is significant but not complete overlap between sources. Here, you will need to quantify the overlap. An easy way is by date range, e.g., the data from the local computers and servers goes back to April 2004 while the tapes go back to January 2004, so only three months of tapes at best need restoration. A more effective way may be to do duplication sampling prior to the meet and confer. Sampling is recommended in the Comments to Rule 26(b)(2) ("Such discovery might take the form of requiring the responding party to conduct a sampling of information contained in the sources identified as not reasonably accessible"). Testing would allow you to represent to the court that you should not have to search all desktop computers, for example, because review of e-mails on one revealed no, or only a few, e-mails not already located on the e-mail server.
To view the entire release, click here
---------------------------------------------------
Source: Law.com
By: Leonard Deutchman
Underlying all of these dictates is that the responsibility to preserve and produce electronic discovery lies with counsel, which means that we as lawyers must learn enough about ESI to discuss it intelligently.
That responsibility is no more clearly presented than in requirements of Rules 26(f) and 16(b)(5), which direct the parties to meet and confer "as soon as practicable" but no later than 90 days after the defendant's appearance to discuss "any issues relating to preserving discoverable information" and develop a discovery plan that concerns "any issues relating to disclosure or discovery of electronically stored information." These issues include:
Mandatory disclosure of all ESI under Rule 26(a)(1)(B);
What is not being produced because it is not "reasonably accessible because of undue burden or cost" under Rule 26(b)(2)(B) and so not subject to discovery either at all or without the cost of production shifted to the requesting party;
The form of production; and,
"Claw back" and "quick peek" agreements to provide for the return of privileged documents inadvertently disclosed.
MANDATORY DISCLOSURE
Preparing for the meet and confer provides the best opportunities to come to understand a client's IT system and to perform a self-evaluating reality check as to how well you truly understand that system. This month we will address mandatory disclosure and objections to discovery requests for ESI that is not "reasonably accessible."
The amended rules require that at the meet and confer a party disclose all possible locations of ESI. Recall from last month's article that you have learned from your client's IT staff the answers to questions such as whether data was routinely destroyed by the system; where e-document and e-mail files were saved; was the system upgraded during the relevant discovery period and, if so, did the data from the old system migrate to the present one; whether data resided on backup tapes and what tapes, exactly, were used. These answers will allow you to map the locations of ESI storage in: 1) "local" computers" (e.g., desktops, laptops and PDAs); 2) e-mail and file servers; 3) old "legacy" systems; 4) backup tapes; and 5) off-site storage.
Mandatory disclosure of ESI should easily follow the map.
The map should also allow you to determine what ESI is not "reasonably accessible because of undue burden or cost" under Rule 26(b)(2)(B). To make that determination you will need to know the answers to some basic questions. Foremost is whether the different ESI locations store different, or merely duplicate, data. Obviously, duplicate data need not be produced. The more typical, and difficult, situation is when there is significant but not complete overlap between sources. Here, you will need to quantify the overlap. An easy way is by date range, e.g., the data from the local computers and servers goes back to April 2004 while the tapes go back to January 2004, so only three months of tapes at best need restoration. A more effective way may be to do duplication sampling prior to the meet and confer. Sampling is recommended in the Comments to Rule 26(b)(2) ("Such discovery might take the form of requiring the responding party to conduct a sampling of information contained in the sources identified as not reasonably accessible"). Testing would allow you to represent to the court that you should not have to search all desktop computers, for example, because review of e-mails on one revealed no, or only a few, e-mails not already located on the e-mail server.
To view the entire release, click here
---------------------------------------------------
Source: Law.com
By: Leonard Deutchman
Subscribe to:
Posts (Atom)
