Federal rules governing retention of electronic documents pull info security into the legal domain.
It's not often that I'm contacted by my company's legal counsel, but when he sent me a meeting request with the topic of "data retention," I realized that this could mean only one thing: e-discovery. Whatever size organization they work for, security managers must be prepared to address this subject.
The Federal Rules of Criminal Procedure are definitely within the purview of legal counsel. E-discovery, though, is where the FRCP intersect with IT and information security. The FRCP require companies to preserve data, be it on paper or some electronic medium, that might be related to litigation, whether it's pending or merely anticipated.
Discovery, of course, is part of the process in all lawsuits. It involves lawyers for one side requesting information that the other party has access to. The FRCP bring this process into the 21st century, extending discovery to electronic media.
As I understand it, e-discovery is generally pretty straightforward. If a company is being sued for, say, sexual harassment, it would first have to disclose to opposing counsel the types of information it has available: paper memos, e-mail or instant messages from the period in question. What is available depends on the company's retention policy. If the policy is to keep e-mail for one year, then it isn't obligated to provide e-mail interactions relevant to the lawsuit that were sent two years ago.
To Continue Reading: Click Here
By: Mathias Thurman