Judge orders defendant to decrypt PGP-protected laptop

A federal judge has ordered a criminal defendant to decrypt his hard drive by typing in his PGP passphrase so prosecutors can view the unencrypted files, a ruling that raises serious concerns about self-incrimination in an electronic age.

In an abrupt reversal, U.S. District Judge William Sessions in Vermont ruled that Sebastien Boucher, who a border guard claims had child porn on his Alienware laptop, does not have a Fifth Amendment right to keep the files encrypted.

"Boucher is directed to provide an unencrypted version of the Z drive viewed by the ICE agent," Sessions wrote in an opinion last week, referring to Homeland Security's Immigration and Customs Enforcement bureau. Police claim to have viewed illegal images on the laptop at the border, but say they couldn't access the Z: drive when they tried again nine days after Boucher was arrested.

Boucher's attorney, Jim Budreau, already has filed an appeal to the Second Circuit. That makes it likely to turn into a precedent-setting case that creates new ground rules for electronic privacy, especially since Homeland Security claims the right to seize laptops at the border for an indefinite period. Budreau was out of the office on Thursday and could not immediately be reached for comment.

The Fifth Amendment says nobody can be "compelled in any criminal case to be a witness against himself," which Magistrate Judge Jerome Niedermeier ruled in November 2007 prevented Boucher from being forced to divulge his passphrase to prosecutors.

Originally, the U.S. Department of Justice asked the magistrate judge to enforce a subpoena requiring Boucher to turn over "passwords used or associated with" the computer. In their appeal to Sessions, prosecutors narrowed their request and said they only want Boucher to decrypt the contents of his hard drive before the grand jury, apparently by typing in his passphrase in front of them.

To Continue Reading: Click Here
---------------------------------------------
Source: news.cnet.com
By: Declan McCullagh

D.C. Circuit Delivers High-Cost EDD Lesson

A recent decision from the U.S. Court of Appeals for the District of Columbia Circuit affirms an order requiring a nonparty to spend $6 million (9 percent of its annual operating budget) to comply with an e-discovery subpoena.

Litigators overseeing discovery know they must assess a client's documents, and particularly a client's electronic documents, at the outset of discovery. Estimating the resources necessary to collect and produce electronically stored information is a vital role of counsel today. Without such advance knowledge, lawyers may be blindsided by unexpected burdens and time pressure in the production process.

The D.C. Circuit's ruling in In re Fannie Mae Securities Litigation, 552 F.3d 814 (2009), highlights the importance of counsel understanding issues related to e-discovery, and the potential scope of that discovery, before entering into any type of agreement governing the future conduct of discovery in the case.

The circuit was unwilling to entertain an argument that the burden on a nonparty was too high to be reasonable once the nonparty had entered a stipulated discovery order. In particular, the court had little sympathy for the argument that the keyword search suggested by the requesting party resulted in an overwhelming number of documents, many of which surely would be of little probative value.[FOOTNOTE 1]

In re Fannie Mae upheld a district court order holding a third party in contempt and imposing sanctions for that party's failure to comply with a stipulated discovery order. The Office of Federal Housing Enterprise Oversight was the government agency charged with regulating the Federal National Mortgage Association (Fannie Mae).[FOOTNOTE 2]

In 2003, OFHEO opened a special review of Fannie Mae's accounting and financial practices, and concluded that the enterprise "had departed from generally accepted accounting principles in order to manipulate its reported earnings and inflate executive compensation."[FOOTNOTE 3] This report led to several private civil actions against Fannie Mae, its senior executives and others. These actions were consolidated into multidistrict litigation in the U.S. District Court for the District of Columbia.

To Continue Reading: Click Here
---------------------------------------------
Source: law.com
By: H. Christopher Boehning and Daniel J. Toal

As crunch bites, don't neglect the logs

Managing risk, compliance and security are objectives that still need to be achieved even while organizations rush to cut costs.

The insider threat in particular has always been a key challenge for organizations and, with staff being made redundant in droves these days, access rights to sensitive company information must be revoked quickly.

The external threat is getting worse as well, as hackers are increasingly targeting corporate networks for financial gain. In January 2009 security technology vendor McAfee estimated that data theft and breaches cost businesses worldwide approximately US$1 trillion in lost intellectual property and expenditures for cleaning up the damage caused.

All organizations should take note. In an economic downturn, businesses switch focus from acquiring customers to retaining them. Any security breach where data is lost could damage their reputation and cause customers to jump ship.

Failure to adequately protect information and ensure its integrity has not been compromised could also lead to organizations being unable to comply with a growing roster of regulations requiring higher data security standards including: the Payment Card Industry Data Security Standard (PCI DSS); e-discovery requests, which are commonplace in the United States and becoming more so in Europe; and security breach disclosure legislation, which is expected to be enacted in the near future by the European Union.

Because of these factors, protecting data is now one of the top business-driven issues for improving security and managing risk.

In order to prove that security controls are effective and to be able to comply with potential litigation requests, organizations need to put in place an effective system for policing information governance, including the ability to organize, retrieve and analyze information, as well as to report on the effectiveness of controls over information access for audit purposes and for responding to litigation requests such as e-discovery.

This means establishing a system of electronics records management across the organization, covering all data stores and including both structured data, such as databases, and unstructured information, such as e-mail messages and documents. The system must cover the entire lifecycle of electronics records--including when they are generated, backed up and archived--and must ensure the integrity of all records is maintained.

To Continue Reading: Click Here
---------------------------------------------
Source: zdnetasia.com
By: Fran Howarth

Taking Control of eDiscovery Costs: Are Archiving Costs Necessary for eDiscovery?

The skyrocketing cost of eDiscovery has made headlines recently with several court cases setting precedents in favor of supporting huge eDiscovery costs. For example, a January circuit court decision required the Office of Federal Housing Enterprise Oversight to spend $6 million (totaling 9 percent of its annual budget) to comply with a subpoena for electronic documents; and another recent district court ruling enforces preservation and production of metadata.

These rulings make taking control of eDiscovery costs more important than ever, and with many eDiscovery options available, corporate counsel and law firms are realizing that they can significantly reduce costs by bringing eDiscovery in-house.


But going in-house with eDiscovery cannot be over-complicated by having to fit technologies together that were never intended for the task of eDiscovery. Many “eDiscovery” solutions that vendors are selling include hard to manage and unnecessary processes, such as archiving, that are the result of vendors pushing legal features onto technology platforms that are inappropriate for what is needed. This adds unacceptable and unnecessary costs, weaker eDiscovery processes and a hard to manage infrastructure.

Changing the eDiscovery Paradigm

eDiscovery is an end-to-end process starting from the point of identifying all information across an enterprise to processing it, extending legal hold, analyzing and reviewing it for pertinence to case matters. eDiscovery solutions address business, legal and IT requirements for meeting legal discovery and forensic investigation challenges.

To Continue Reading: Click Here
---------------------------------------------
Source: cmswire.com
By: Karthik Kannan

Data Theft Common By Departing Employees

Many people who are either laid-off from their job or simply moving to another opportunity often secretly take proprietary data from their employer on their way out the door, a study released this week found.

Nearly 60 percent of employees who quit a job or are asked to leave are stealing company data, according to report by the Ponemon Institute, a Tucson based research group. The survey was based on interviews with 945 adults who were laid off, fired or changed jobs in the last year.

Seventy-nine percent of those who admitted to taking data said they did so despite knowing that their former employer did not permit them to take internal company information.

Sixty-five percent of those who took data from their former employer grabbed e-mail lists. The next most frequently stolen data included non-financial business information (45 percent), customer contact lists (39 percent), employee records (35 percent) and financial information (16 percent).

The institute's founder, Larry Ponemon, said several factors may contribute to such cavalier attitudes toward data theft, including a lack of employee loyalty and telecommuting.

To Continue Reading: Click Here
---------------------------------------------
Source: washingtonpost.com
By: Brian Krebs

Court Considers Zubulake Factors, Denies Defendant's Motion to Shift Cost of OCR Processing

Proctor & Gamble Co. v. S.C. Johnson & Son, Inc., 2009 WL 440543 (E.D. Tex. Feb 19, 2009)

In this case, following the court’s decision that all documents were to be produced electronically in TIFF format with Optical Character Recognition (“OCR”), defendant asserted that the cost of processing the documents should be shifted to the plaintiff. In support of its assertion, defendant claimed that the cost of conversion to OCR would likely exceed $200,000 and that “it does not itself seek to use the OCR process, and any extra expense would be incurred on it behalf solely for Plaintiff’s convenience.” Defendant offered no evidence in support of its estimate, however, and the court’s own research indicated the estimated cost appeared to be “somewhat inflated.” Nor did defendant deny that the OCR process would make the documents easier to examine, thus reducing costs for attorney time.

In making its determination, the court indicated its intent to rely on the multi-factor test adopted in Zubulake v. USB Warburg, LLC, despite its “slightly different context.” 217 F.R.D. 309 (S.D.N.Y. 2003). Those factors were:

• (1) the extent to which the request was specifically tailored to discover relevant information; (2) the availability of such information from other sources; (3) the total cost of production, when compared to the amount in controversy; (4) the total cost of production, when compared to the resources available to each party; (5) the relative ability of each party to control costs and the incentive to do so; (6) the importance of the issues at stake in the litigation; and (7) the relative benefits to the parties of obtaining the information.

To Continue Reading: Click Here
---------------------------------------------
Source: ediscoverylaw.com

Plaintiff Fails to Respond Promptly to Notice of Inadvertent Production, Court Orders Privilege Waived

Brookdale Univ. Hosp. & Med. Ctr., Inc., 2009 WL 393644 (E.D.N.Y. Feb. 13, 2009)

In this case, the court was asked to reconsider its prior order compelling defendants to return privileged documents inadvertently produced by the plaintiff. The court declined to overturn its ruling regarding documents specifically identified by the plaintiff as inadvertently produced and addressed by the court’s prior order. However, as to documents not identified at the time of the order, the court declared any privilege waived.

On January 15, 2009, defendants informed plaintiff that privileged materials may have been inadvertently produced. Six days later, plaintiff responded by indicating it did not believe it had produced anything inadvertently, but that it would look again. The next day, defendants sent a second letter reiterating their concerns. 11 days after first providing notice, defendants requested the court declare all privilege waived. At the hearing on January 29th, plaintiff was given one day to address the inadvertent production. The next day, 15 days after first receiving notice of its production of privileged information, plaintiff identified thirty documents it claimed were inadvertently produced and indicated that its search for additional documents was ongoing.

Following the hearing, the court issued an order directing defendants to return or destroy any of plaintiff’s privileged documents in their possession. Thereafter, defendants filed a motion for reconsideration.

In their motion, defendants asserted that the inadvertent production was not limited to thirty documents but rather could include as many as five hundred email communications between plaintiff and its attorneys. Plaintiff disputed that number claiming the total would likely be less than 200 documents and asserting its belief that plaintiff’s counsel’s initial response upon learning of the inadvertent production was appropriate in light of several factors, including the confidentiality agreement between the parties, the impending deadlines, and the volume of documents requiring assessment. Plaintiff did not specifically identify any additional inadvertently produced documents, however.

To Continue Reading: Click Here
---------------------------------------------
Source: ediscoverylaw.com

Listen Up and Discover Audio Recordings

As most IT professionals already know, courtesy of the Federal Rules of Civil Procedure Rule 34(a), audio files are now fully discoverable. This has led many IT professionals to create and implement procedures that will record and store telephonic conversations and other electronic interactions originating from and connected to their company client orders. These new protocols specifically address sound content from call desks, trading desks, phone systems and, of course, VoIP. IT professionals have enacted these procedures in an effort to keep up with one of the newest trends in mainstream e-discovery: sound recordings.

HOW AUDIO E-DISCOVERY AFFECTS IT

The necessity for IT professionals to haul audio recordings into their general e-discovery process is gaining awareness because of situations that may -- at first glance -- appear harmless. Think about scenarios where a company employee is having a phone dialogue with a customer and at the same time sending e-mails to another. This may seem innocuous on the surface; the two interactions seem separate and unconnected with no suggestion of any illegality.

However, if one pays attention to the audio in the milieu of the e-mail exchange, it may paint an absolutely different picture. In reality, the entire picture may demonstrate that the company employee was using the data received from the person with whom he or she was exchanging instant messages or e-mails to his or her advantage when speaking with the other customer on the phone. Nevertheless, connecting these two actions together is nearly impossible via conducting a discovery of solely written messages. IT professionals are now tasked with bridging this gap by creating an integrated business information system that will account for all business written and audio content.

To Continue Reading: Click Here
---------------------------------------------
Source: law.com
By: Michael Swarz

Search 101--How Enterprise Search Differs from Other Search Solutions

Everyone nowadays is familiar with the concept of Web search, thanks to Google and other Internet search engines. Very few people, however, are familiar with the concept of “enterprise search.” Those who encounter the term for the first time might think enterprise search is simply applying a Web search engine to an organization’s enterprise intranet, much like “desktop search” on your personal computer.

Although there are many common similarities to all these “search” type solutions, they are inherently different from one another. In a nutshell, enterprise search is the ability to search for business-related content, both inside and outside the enterprise firewall, but primarily inside. There are many examples of the use of enterprise search in various vertical markets and applications. An enterprise search solution could be the engine behind a Web portal for a large online retailer, or power a legal electronic discovery (e-discovery) solution, retrieving all legal documents and emails for an enterprise related to a specific customer.

What’s the Difference between Enterprise Search and Web Search?

The demands of the enterprise user are different and the complexities of source content are greater than a public search of the Web.

Users expect a better answer to their question because they are more intimate with their content. They are not looking for the most popular answer--the general logic behind ranking for Web search--they want the right answer. Consequently, the ranking model for the enterprise is much more complex than for the Web. It must consider several parameters in its balance of demand between precision and recall (term frequency, source freshness, spatial proximity, authority, etc.), a balance that changes from application to application.

Now add to this greater complexity. The reasons for searching are much more varied. Data types are much more varied. Data freshness (how soon does a new document appear in my search?) is more important. Security is an issue. A typical enterprise supports more content types, formats, and security layers than the entire Web.

Finally, search in the enterprise is often in context of a specific solution, for example uncovering legal risk, assessing product campaigns, or buying goods online. While it is popular to start a request for information with a search query, unlike the Web, there is an expectation that further investigation will involve refinement techniques that include navigating through supplemental information such as facets and concepts. This more exploratory model visualized through navigators, tag clouds, heat maps, and the like, is commonplace in enterprise search but not on the Web.

To Continue Reading: Click Here
---------------------------------------------
Source: wwpi.com
By: Andrew McKay

An IT Inventory to Meet Your EDD Needs

For many years, a debate has raged about the value of technology inventories for disaster recovery and business continuity, and whether they should be performed by your internal IT department or an outside organization. But today, there's a new twist to the debate: how much will inventories help your preparedness for litigation and electronic data discovery?

At the most basic level, technology inventories are a detailed roster of a company's IT systems -- e.g., hardware, software and data. The document should contain current network drawings, a list of computing devices (servers, PCs, laptops), programs, data maps and security tools and protocols. To be effective, the inventory needs to be a "living" document that is maintained and updated as technology and data change within the company.

Inventories not only help IT administrators monitor how technology is used and where assets are physically located, but they also help organizations make sound decisions about maintenance and purchasing to maximize their return on investment.

But these same inventories can play a key role to reduce the costs of EDD -- before and during litigation. In fact, a technology inventory is an essential component to litigation readiness.

Many general counsel and litigators are nervous about litigation readiness, especially as it relates to the amendments to the Federal Rules of Civil Procedure, which require parties to have a conference to discuss any issues regarding preservation of discoverable information.

To Continue Reading: Click Here
---------------------------------------------
Source: law.com
By: John Roman Jr.

New E-Discovery Tome a Bit of a 'Mishmash'

"E-Discovery: Creating and Managing an Enterprisewide Program -- A Technical Guide to Digital Investigation and Litigation Support." Syngress, 2008.

This multi-author book reminds me of Longfellow's little girl with the little curl. "When she was good, she was very good indeed. But when she was bad, she was horrid." When this ponderously titled mishmash is good, it's very good indeed. But when it's bad, well ... you know.

The technical content in the latter half is good. Chapters on data identification, search techniques and review platforms are standouts. The tips, warnings and notes sprinkled throughout ably flag and explain peculiarities and pitfalls of electronic evidence.

Laden with charts, FAQs and sidebars (and, less appealingly, repurposed marketing pap and fuzzy screenshots), browsing readers will find it easy to pick up and put down. But as they say, "A camel is a horse designed by committee," and this book by 14 contributors is as uneven as a dromedary's back.

Worse, it's a tad retread. Can you tell which passage is from the book and which is Atlas' advertising:

To Continue Reading: Click Here
---------------------------------------------
Source: law.com
By: Craig Ball

Perspectives on Text Analytics in 2009

You’re reading this article because you’re actively interested in text analytics technology and market trends. Whether you’re a solutions provider or consumer, you want to be sure you’ve invested your time and financial resources wisely.

The picture is complex, however, as the text analytics domain is not dominated by any one algorithm or approach, vendor or business sector. So far, the diversity of options has benefitted potential users; awareness (and realization) of the technology’s capabilities is building rapidly in areas such as media monitoring, publishing, customer-experience management and semantic search. Meanwhile, growth remains strong in domains that have long applied text analytics. These areas include life sciences, intelligence and law enforcement, and financial services. While the text analytics domain isn’t unaffected by current business conditions, economic pressures could actually spur uptake motivated by a quest for efficiency through automation.

Sources and Perspectives

To stay on top of trends, I try to talk to current and prospective users as often as I can, and I also try to keep up with researchers and fellow analysts. (You’ll find links for some of the folks I follow at my BeyeNETWORK channel.) I also catch up with vendors periodically.

Because it’s helpful to understand current industry perspectives, I recently invited CEOs, CTOs and thought leaders to respond to the following query:

What do you see as the 3 (or fewer) most important text analytics technology, solution or market challenges in 2009?

Before relaying answers I received, I’ll mention two meta-replies. First, Marti Hearst, associate professor in the UC Berkeley School of Information, declined to respond, in part because “…for me, 2009 is too close a time horizon.” This thought applies not only to academic researchers but also to anyone who’s thinking strategically, beyond this year’s crop of product releases and business conditions. Next, Lexalytics CEO Jeff Catlin candidly characterized his response as “somewhat self-serving thoughts.” No doubt many of the vendors quoted see the greatest challenges as residing in areas their tools address, so take their views with a grain of salt.

To Continue Reading: Click Here
---------------------------------------------
Source: b-eye-network.com
By: Seth Grimes

e-Discovery Summit - February 26th

Dave Henderson at BrightTALK emailed me today about an upcoming FREE e-Discovery summitt they are hosting online February 26th. It takes less than three minutes to create an account and it appears they have nine different presentations lined up. Some of the topics and presenters include:

• Preserving Data for e-Discovery: Best Practices (Robert Brown, Senior Director Litigation Consulting at First Advantage)


• Framing the Issues in International E-Discovery (Nicole B. Boehler and Marla Weston, Parters at Smith and Partners)


• Handle e-discovery in-house: Take control, reduce risks and costs (Dominic Jaar, Legal Counsel at Ledjit Consulting)


• Mitigating the Potential for Sanctions (Mark Yacano, Principal at Wright Robinson)


• Spoilation: It's Not Always Intentional (Warren Kruse, VP Data Forensics and Analytics at Encore Discovery Solutions)

To register for this FREE event click here

Law and Technology Grow Up

The legal department at Exelon Corporation had to reschedule its conversation with Corporate Counsel for this story. "We are having problems with one of our legal systems," e-mailed legal information technology systems manager Teresa Britton. The company's e-billing system would not upload accounts to the matter management software, and accounting needed the information to close the year.

A half hour of emergency Web conferences with IT support in Malaysia later, all was fine. And in a nutshell, that one story brings up the key results of our latest survey of legal department technology. Only a few years ago, in the dark ages of legal technology, in-house attorneys used whatever basic tools the IT department supplied them with. After all, the legal business had been conducted with paper for centuries.

That's not enough anymore. Litigation demands need new ways to categorize and search information. Global business must track truckloads of documents. Corporate budget constraints demand that general counsel leverage attorney salaries and find ways to seriously cut department costs. Companies depend on the economic and operational lift that such technologies as calendaring, matter management, e-billing, board communications, IP management, databases and customized programming can provide. In-house lawyers depend on technology-and hardware and software budgets, the implementation of new applications, and user support and training have joined the issues constantly nagging general counsel everywhere.

Smart GCs are working toward solutions that take into account the technical sophistication of department users as well as corporate structure and culture. And, in the best of worlds, that means having tech-savvy staff to watch over the process.

The importance of technology is beyond question. Over 70 percent of the 40 Fortune 500 companies that responded use an online document repository. Almost 92 percent have their own sites on their corporate intranets. Close to half of the legal departments have made e-billing a condition to continued use of a law firm. A full 56 percent of them have a dedicated member of the staff supervising electronic discovery or auditing financial systems. About 95 percent of respondents supply BlackBerrys to at least some of their lawyers.

To Continue Reading: Click Here
---------------------------------------------
Source: law.com
By: Erik Sherman

United States: Before You Hit Send: 10 Rules To Help Keep You Out Of E-Mail Trouble

While everyone knows that e-mail shouldn't be used to share potentially embarrassing information and personal stories, the hazards of using e-mail extend beyond this relatively obvious caution. Judicious use of e-mail also applies to routine business email. Holland & Knight partner Bill Hamilton, a member of the firm's Technology Committee and co-chair of the electronic discovery practice, offers ten tips that you should practice when writing email.

1. Follow The Golden Rule

Assume that your e-mail will be printed on the front page of the New York Times. If you would be embarrassed or concerned, don't send it.

2. Don't E-Mail If You Can Telephone Or Meet In Person

E-mail is not a replacement for personal conversation. Comments and suggestions can be said in a conversation that suddenly and surprisingly become misinterpreted, embarrassing or harmful in an e-mail.

3. Never Ever Send E-Mail When You Are Angry Or Tired

Fatigue will cause you to lose patience and send something you will later regret. Never send an e-mail when tired or angry.

4. Never Joke In E-Mails

What you are sending may seem hysterical to you, but don't do it. You never really know the mood of the person receiving the e-mail.

To Continue Reading: Click Here
---------------------------------------------
Source: mondaq.com
By: William F. Hamilton

Companies can expect closer regulation and greater demands for data disclosure

Kroll Ontrack looks at the likely impact the financial crisis will have on data disclosure trends over the next 12 months.

Martin Carey, Managing Director, Kroll Ontrack, said: “The next 12 months will inevitably be shaped by the global economic downturn. Beyond the immediate financial impact, however, will be a shift in working practices that will have a knock on effect to the implementation of electronic discovery. Alongside an increased demand will be the continued development of new technologies, making it easier for lawyers to focus on the important documents faster and more efficiently.”

1. Redundancies and litigation

The Centre for Business and Economic Research predicted 62,000 job losses in the financial sector alone by the end of 2009, and reports from the CBI already suggest an increase in employment tribunal claims: Statistics from the CBI showed the number of employment tribunal claims climbed sharply from 132,600 in 2006-07 to 189,300 in 2007-08. This area of litigation will prompt greater reference to electronic disclosure, as companies look to protect against liability in employee disputes.

2. Mobile working and its implications

With workforce and budgetary cuts increasing across all sectors, remote working is likely to be a practice relied upon more in 2009. The compliance and disclosure issues of this practice are multiple, with remotely stored data an obvious liability for industries that are highly regulated. As a result, there will likely be an increase in internal regulation and compliance in 2009.

This trend comes at the same time as a boom in the number of devices suitable for working remotely. The last three months alone have seen the introduction of 85 new products from the telecom industry. Tools will need to be developed to allow the extraction and analysis of data from these devices and expert forensics will play a key role.

To Continue Reading: Click Here
---------------------------------------------
Source: securitypark.co.uk

Is Big Brother Watching? The Goverment might soon be!

Do you know who does what on each specific wireless access point in your office? What about at your coffee shop? What about your home?

If the proposed bills before the House pass, Two bills have been introduced so far--S.436 in the Senate and H.R.1076 in the House. Each of the companion bills is titled "Internet Stopping Adults Facilitating the Exploitation of Today's Youth Act," or Internet Safety Act, you will have to be able to produce this information to law enforcement officials if they ask – going back two years. Both of the same directive, “A provider of an electronic communication service or remote computing service shall retain for a period of at least two years all records or other information pertaining to the identity of a user of a temporarily assigned network address the service assigns to that user."

The legislation, which echoes a measure proposed by one of their Democratic colleagues three years ago, would impose unprecedented data retention requirements on a broad swath of Internet access providers and is certain to draw fire from businesses and privacy advocates.

What this really means is that any network, whether it be home, AT&T, Comcast, your office, coffee shop, library that dynamically assigns IP addresses via DHCP, PTPP, BOOTP or any other method would be liable to produce all the data related to any connections that were attached to your network. Yes, that means you.

This is not the first time such a measure has been called for, in 2006 Attorney General Alberto Gonzales had called for laws requiring that subscriber information and requisite information should be logged for at least two years. After Gonzalez left the post, the effort died down and did not apply to home wireless networks.

Currently, A 1996 federal law called the Electronic Communication Transactional Records Act regulates data preservation. It requires Internet providers to retain any "record" in their possession for 90 days "upon the request of a governmental entity." It does not require home users to produce records.

To Continue Reading: Click Here
---------------------------------------------
Source: examiner.com
By: Bruce Sarte

Obama’s DOJ quietly sought dismissal of missing White House emails lawsuit

One day after he was sworn in as president of the United States and in the same week signing executive orders ushering in a new era of government transparency, Barack Obama’s Justice Department quietly filed a motion in federal court to dismiss a long-running lawsuit that sought to force the Bush administration to recover as many as 15 million missing White House emails.

In a legal briefs filed Jan. 21, the Justice Department admitted that a secretive restoration process implemented during George W. Bush’s last months in office was still incomplete, and that a bulk of the emails sent between 2003 and 2005 were deleted from servers in the Executive Office of the president and unrecoverable. The missing emails cover a time frame that included the lead up to the Iraq war, a lawsuit involving the identities of individuals and corporations who advised Dick Cheney on energy policy and the leak by White House officials of covert CIA operative Valerie Plame’s identity.

But despite it all, the newly minted Obama administration said in court papers that the issue revolving around the missing emails is “moot” because some steps, however incomplete, had been taken by the Bush White House to preserve and restore missing emails, even though the work has been conducted under the cover of secrecy by an unknown outside contractor hired by Bush administration officials.

Now, one month after the Justice Department filed its motion to dismiss the lawsuit, the plaintiffs in the case, watchdog group Citizens for Responsibility and Ethics in Washington (CREW) and the National Security Archive, the historical project that operates out of George Washington University, have filed their responses to the Justice Department with a district court judge. CREW and the National Security Archive sued the Bush administration two years ago alleging the White House violated the Presidential Records Act and Federal Records Act by not properly archiving emails from 2003 to 2005.

CREW said the Justice Department’s motion to dismiss the lawsuit “is yet another gambit in a series of actions designed to avoid transparency and accountability by obscuring the fact the Bush White House did nothing for years about a serious email problem that left a gaping hole in our nation’s history.”

The group said because there has not been an accurate and truthful accounting of how the emails went missing in the first place, “we have no assurance the problem will not be repeated.”

To Continue Reading: Click Here
---------------------------------------------
Source: onlinejournal.com
By: Jason Leopold

Silo Busters

Search can ease e-discovery and help employees get relevant data fast. But you might need multiple technologies for these very different tasks

Enterprise search tools are evolving to meet significantly different business requirements. IT and legal may need to scoop up documents, files, and e-mail relevant to forthcoming litigation. Security and compliance officers want to search laptops to make sure credit card numbers aren’t hitting the road. Meanwhile, lines of business are clamoring for better ways to extract value from reams of enterprise data. Cracking open different repositories could help salespeople better use information gathered about customers.

Companies approaching enterprise search must match their requirements to the capabilities of competing search platforms from Google, Microsoft, and a growing field of specialized vendors. Yet even if CIOs scope out requirements perfectly, they may find themselves running multiple search products for different business units to address diverse needs, and piling on the storage and server resources. And that’s OK.

Take National Instruments, a maker of computer-based measurement and automation products for manufacturers and scientists. The company has seen its search infrastructure—covering information from customers outside the firewall and employees inside it—grow from 10 servers to 25 in about three years. Eight of those are production servers, with the rest dedicated to testing and development, security, and processing. Of particular note is the wildfire growth of National Instruments employees’ use of search. John Graff, VP of marketing and customer operations, says CPU requirements to index data and respond to employee queries are growing 152% year over year.

But National doesn’t begrudge the increase in resources. “As IT comes back to me to say ‘We need more,’ it’s an easy sign-off because the value is so clear,” Graff says.

In this business climate, what kind of technology draws that kind of support? One that solves problems. Still, purchasing decisions are complex. There’s not only no clear market leader, but the category is diverging into two distinct paths.

To Continue Reading: Click Here
---------------------------------------------
Source: networkcomputing.in
By: Andrew Conry-Murray

Obama administration tries to kill e-mail case

The Obama administration, siding with former President George W. Bush, is trying to kill a lawsuit that seeks to recover what could be millions of missing White House e-mails.

Two advocacy groups suing the Executive Office of the President say that large amounts of White House e-mail documenting Bush's eight years in office may still be missing, and that the government must undertake an extensive recovery effort. They expressed disappointment that Obama's Justice Department is continuing the Bush administration's bid to get the lawsuits dismissed.

During its first term, the Bush White House failed to install electronic record-keeping for e-mail when it switched to a new system, resulting in millions of messages that could not be found.

The Bush White House discovered the problem in 2005 and rejected a proposed solution.

Recently, the Bush White House said it had located 14 million e-mails that were misplaced and that the White House had restored hundreds of thousands of other e-mails from computer backup tapes.

The steps the White House took are inadequate, one of the two groups, the National Security Archive, told a federal judge in court papers filed Friday.
"We do not know how many more e-mails could be restored but have not been, because defendants have not looked," the National Security Archive said in the court papers.

"The new administration seems no more eager than the last" to deal with the issue, said Anne Weismann, chief counsel for Citizens for Responsibility and Ethics in Washington, the other group that sued the EOP.

The Executive Office of the President includes the president's immediate staff and many White House offices and agencies.

To Continue Reading: Click Here
---------------------------------------------
Source: google.com

By: Pete Yost

Social Networking Sites Look Like Plunder to Attorneys

Social networking Web sites are taking the Internet by storm.

Millions of Internet users log onto sites such as MySpace, Facebook and LinkedIn every day to chronicle the intimate details of their personal and professional lives, promote their business or "find a friend." These online interactive sites allow users to create profiles that include pictures and private information for the entire world to view.

These sites create a virtual gold mine of discoverable information that may have a devastating impact on a business' reputation or the outcome of litigation. As a result, employers and litigators alike are left to wonder whether social networking sites will become the next frontier for electronic discovery.

Thirty-five percent of adult Internet users in the United States have a profile on a social networking site, and more than 500,000 new users join these sites every day. The real question is not whether these sites will have an impact on electronic discovery but when.

In fact, millions of people log onto these networks from their BlackBerrys, mobile phones and workplace computers in the time it takes to read this article. Businesses will have to find creative ways to manage employee access to these sites while at the same time find ways to prevent employees from leaking confidential and proprietary information on their personal computers.

Some businesses may restrict employee access to these sites entirely. At the other end of the spectrum, social networking sites may not be even a blip on many businesses' radars. Although there is no "one size fits all" solution, it is inevitable that businesses will have to face-up to Facebook and learn how to manage the risks associated with these sites, including whether information exchanged on them could fall within the "possession, custody or control" of the business.

To Continue Reading: Click Here
---------------------------------------------
Source: law.com
By: Ethan J. Wall

Lawful Mining of Blogs on Social Networks

Web logs (blogs) simultaneously provide Internet users with social network prospects and employers a source of information suitable for employment assessment decisions but previously inaccessible. While social networks users may argue that posted content is private, courts have unequivocally ruled that the revelation of personal information in a public manner results in the diminution or elimination of reasonable privacy expectations. To avoid legal difficulties, employers are well advised to employ three particular policies when using information mined from blogs.

Three policies which may help ensure the lawful use of blogs include specific actions associated with third parties, existing employees and potential employees. First, attempt to ensure the firm's personnel who research potential employee's background comply with the appropriate third-party terms of use agreements while data mining blogs. Second, update the firm's employee handbook to detail what data mined from blogs may be used, and what data mined from blogs may not be used. Third, update disclosures and background search permission acknowledgements used by potential employees and existing employees to appropriately cover blog review.

Lawful access to blogs requires compliance with a set of terms of use associated with the terms of use agreement associated with each blog mined. A terms of use agreement for a blog is a set of rules set up by the operator of a blog which govern how their blogs may be legally used. From a legal prospective, a blog's terms of use agreement is a contractual agreement between a blog operator and a third-party user. A blog terms of use agreement generally details the duties of each party. For employer researchers, this agreement identifies what a blog user may do with the content posed on the blog. In a court of law, agreeing to terms of use is tantamount to entry into a written contract.

From the employer's prospective a blog terms of use agreement is useful for justifying what can and cannot be done to the content of the blog with or without permission. Typically, with respect to content, a blog terms of use agreement normally is limited to stating that content may not be distributed by e-mail or other means. Thus, the blog terms of use agreement does not prohibit an employer from using the content as a basis for an employment-related decision.

To Continue Reading: Click Here
---------------------------------------------
Source: law.com
By: Jonathan Bick

Untangling The DNA Of A Document

A very small thing called “metadata” is getting bigger, at least in legal significance.

Attorneys said that lawsuits demanding the production of metadata -- the digital DNA of a document that can prove who created it, when and who may have altered it over time -- have increased in recent years. And courts are honoring many of those requests when they are made early on, and relevance is shown.

Most recently, a federal judge in New York ruled that companies need to be ready to produce metadata in litigation, holding that metadata associated with e-mails and electronic files must be preserved, maintained and produced in the course of legal discovery, particularly when sought early.

The case, Aguilar v. U.S. Immigration and Customs Enforcement Div., was a class action alleging unlawful searches and seizures of immigrants’ homes, in which a discovery dispute arose regarding the production of metadata.

“There is a pattern that has developed in these cases that suggests that, when a party requests metadata early on in the e-discovery process, they’re usually going to get it,” said New York partner Wayne Matus, co-national head of Pillsbury Winthrop Shaw Pittman‘s electronic discovery practice.

Melissa Geist, Reed Smith‘s director of complex litigation electronic discovery from the Princeton, N.J., office, agreed. “That [New York] case is consistent with a clear pattern that we’re seeing,” Geist said. “There is a trend by parties to seek metadata, and right now what we’re seeing typically is courts are ordering the production of metadata when it’s sought early on in the case.”

Fishing Expedition?

Geist said that, although metadata may be critical under some circumstances, her law firm routinely opposes plaintiffs’ requests for metadata, calling them “overly broad and burdensome requests” and “completely irrelevant” in some cases.
“In some ways, it’s a fishing expedition,” Geist said.

Many courts, however, have a different view.

In a Florida products liability case involving the drug Seroquel (In re Seroquel Prods. Liab. Litig.), a federal court in 2007 ordered specific metadata fields to be produced in a multidistrict action by 6,500 plaintiffs who claimed that the antipsychotic drug caused various illnesses.

To Continue Reading: Click Here
---------------------------------------------
Source: ctlawtribune.com
By: TRESA BALDAS

Court Dismisses Plaintiffs' Claims as Sanction for Discarding Laptop, Orders Adverse Inference Instruction as to Defendants' Cross-Claims

Kvitka v. Puffin Co., LLC, 2009 WL 385582 (M.D. Pa. Feb. 13, 2009)

Finding plaintiff intentionally discarded her laptop despite a duty to preserve it, the court ordered dismissal of her claims and an adverse inference instruction as to defendants’ cross-claims.

After years of advertising in defendants’ magazine, plaintiff Kvitka, an antique doll dealer, received notice that defendants were terminating her right to advertise because of complaints about her business practices, including that she disparaged other advertisers and dealers. In the parties’ subsequent discussions, defendants revealed their possession of a file containing several complaints about Kvitka as well as 15 pages of emails, written by her, in which she disparaged other advertisers.

Unable to resolve the conflict out of court, Kvitka filed suit. In the course of discovery, it was revealed that despite Kvitka’s counsel’s receipt of correspondence from defendants specifically requesting preservation of Kvitka’s computer and emails, Kvitka had nonetheless discarded her laptop.

Kvitka claimed the laptop was discarded after experiencing problems with it in approximately February 2006. She claimed she had been advised to buy a new computer by her computer technician, although he had never inspected the laptop. Despite the alleged problems, testimony revealed that at the time the laptop was discarded and replaced it was still able to send and receive email.

On March 16, 2006 Kvitka was asked by the judge about the status of the original emails but failed to disclose that her old laptop was discarded and “instead opted to discontinue the pending state court litigation.” In April 2006, Kvitka filed suit in federal court. In October 2007, she revealed for the first time that she discarded her old laptop.

Between October 2007 and January 2008, Kvitka maintained that no files or emails were recovered from her old laptop. Following defendants’ motion for an order of inspection of the new laptop, however, Kvitka informed defendants that “some” emails had been recovered and “appeared on her new laptop.” She nonetheless continued to maintain that no files had been transferred from her old laptop to the new. Rather, she proffered an “absurd” explanation alleging that the files just “showed up” on the computer and were discovered following an intense search. Defendants moved for spoliation sanctions.

To Continue Reading: Click Here
---------------------------------------------
Source: ediscoverylaw.com

Slashed budgets? Think strategic, not tactical

In the current economic climate of uncertainty and tight IT budgets, often the mistake is to assume a more tactical, rather than strategic, approach to securing the ever-increasing volume of data travelling through an organization, said an information security expert.

"We see a lot of tactical activity, and that's probably human nature to plug the obvious holes," said Jon Oltsik, senior analyst with Milford, Mass.-based research firm Enterprise Strategy Group.

Focus on encrypting disks, tapes and laptops, and preventing network data leakage are the obvious things to do, but Oltsik thinks the real struggle is that businesses are creating increasingly more data and attempting to use it in intelligent ways both internally and externally.

Organizations must think strategically by first taking "an assessment approach" by surveying their overall data, said Oltsik, for they may uncover users who have been erroneously granted access to sensitive data, or who have the ability to save sensitive data to portable media.

To Continue Reading: Click Here
---------------------------------------------
Source: networkworld.com
By: Kathleen Lau

New E-Discovery Rules Help County Courts Manage Cases

Commercial disputes brought in Nassau County will now be governed by new electronic discovery rules, as the county's three Commercial Division judges have expanded the requirements of their preliminary conference orders.

Modeled after federal rules, Nassau's new standard is the most detailed of any in the state's commercial divisions, and is being closely watched by the Office of Court Administration.

Electronic evidence specified in the new Nassau order includes e-mail attachments, voice mails, instant messages, text files, files saved in a proprietary format, such as ".txt" or ".doc" and "the corresponding metadata which is ordinarily maintained."

The "rather extensive" amendment to Section 12 of the order will help the Commercial Division manage cases at their earliest stage, said Supreme Court Justice Leonard B. Austin.

"This gives us a handle on dealing with a monstrous amount of information and enables us to handle discovery in a controlled way," he said.

The order also applies to cases brought before Justices Ira B. Warshawsky and Stephen A. Bucaria.

See sample filings under the old rules and new rules.

"When we were young, and we had to go do a case with a massive amount of discovery, there would be the proverbial warehouse in New Jersey where we would go, they would open the doors and there were boxes from the floor to the ceiling, and they'd say, 'Here they are, take what you want,'" Justice Austin remarked in an interview. "Now, you get two disks with the same number of papers, just in an electronic format. It became the Wild West again."

To Continue Reading: Click Here
---------------------------------------------
Source: law.com
By: Vesselin Mitev

Tools and Tactics to Tweet Well on Twitter

In an earlier "Technology Today" column I wrote about the benefits of using newsreaders to stay abreast of multiple blogs. I pointed out that newsreaders -- my current favorite of which is Google Reader -- allow you to build "channels" of information so that you can control what kinds of information you receive and when you read it.

A newer information-exchange tool that has received a lot of press recently is Twitter. This free Internet-based service will broadcast whatever you have to say to whoever decides to receive your messages, and will allow you to receive and view similar messages from other Twitter users. The catch: each message can be no more than 140 characters long, the standard length of a cell phone text message.

Twitter mystified me when I first encountered it a couple of years ago. It bills itself as "a service for friends, family, and co-workers to communicate and stay connected through the exchange of quick, frequent answers to one simple question: What are you doing?"

After a short period of self-examination I concluded that little of what I was doing would be of interest to anybody else. I also decided that I was not curious enough about other people to want to know when they were stuck in traffic or meeting a high school crush for drinks.

I put Twitter aside until I started reading more about it from a number of blogs, via my newsreader, of course. It seemed that Twitter had grown up, maturing into a content delivery system for business, or at least for business people. Twitter had developed into a good way to find out what interesting people thought was interesting at any given time. It was also a way of connecting directly with those interested in what you had to say; the Obama campaign made very effective use of the @barackobama Twitter account, which has more than 250,000 followers (though the last post was on Jan. 19; the "unofficial" White House blog Twitter feed is @TheWhiteHouse).

To Continue Reading: Click Here
---------------------------------------------
Source: law.com
By: Kelly D. Talcott

Leveraging Enterprise Records Management

Risk management and Enterprise Records Management (ERM) are increasingly becoming intertwined in today’s business world. New laws, regulations and court rulings – combined with the challenges of living up to Sarbanes-Oxley rules – present significant risks to companies in terms of compliance laws, market performance and strategic goals. This is particularly true when you consider the escalating challenge of managing electronic records and unstructured content.

A recent survey by the enterprise content management association, AIIM, found that roughly 50 percent of respondents said they are less than confident that, if challenged in court, their organization could demonstrate that their electronic information is accurate, accessible, and trustworthy. Only now are organizations realizing the complexity and compliance requirements associated with e-records, including electronic documents, data, e-mail and instant messages. Another survey by CFO.com found more than one-third of top-level executives say their companies don’t have a disciplined way to deal with electronic discovery issues. And according to Politico.com, other countries are starting to look to Sarbanes Oxley as a model for their own new regulations, a development that could have broad consequences for multi-national enterprises.

The law now considers electronic data to be just as important as paper records when it comes to legal discovery, but electronic information raises a different set of issues from paper records. Many organizations apply outdated policies and procedures originally developed in an era when virtually all important records existed in hard copy form. Others have trouble navigating through the world of “unstructured” corporate data such as digital images, email and instant messages. This poses a huge risk when courts will often only give an organization 90 days present relative documents for an upcoming trial. ERM, inclusive of e-records management, has not just become a business need - it’s the law.

To Continue Reading: Click Here
---------------------------------------------
Source: s-ox.com
By: Rich Bailey

The problem of original content in a digital context

Methods and definitions in the world of Records Management (and subsequently ECM) have been long established and remain, in many cases, as valid today as they ever have.

However, most of these methods and definitions were agreed upon when most records were physical hard copies; in most commercial situations this meant paper documents. The introduction and growth of digital documents has been embraced by the RM community, but many of these base definitions remain unchanged, and are unlikely to change in the foreseeable future. One of those is the definition of an "original" document, a particularly crucial definition in these days of e-discovery.

An original document or file is just that, the original. It is not a copy; it is authentic and it can be proven to be authentic. In the paper world this is easy to understand: the original signed document is the original, not a photocopy of the original, even though that photocopy may be identical in every way. Even though the copy may be identical in every way, it is not the original, and in many cases will not be given the same legal status.

Likewise, in most instances, digital documents that are identified as originals, needing to be securely stored for a defined period of time due to regulatory demands, are stored as originals – in other words, the actual original file is transferred to an archive medium such as disk or tape.

However, most of these digital originals come in the form of unstructured data files or fixed content. These files are typically bulky, complex in nature and make heavy demands on storage systems and management applications. The perceived need to reduce this burden has spawned logical copy-based storage systems.

Such a system stores an original file, but if changes are made to it moving forward, only the changed elements are stored. However, what will be displayed to anyone querying the system will be an exact replica of the changed original – a virtual original, but not the actual original.

To Continue Reading: Click Here
---------------------------------------------
Source: cmswatch.com
By: Alan Pelz-Sharpe

Deletions violate Nagin's own policy

E-mail removal blamed on storage

The decision by Mayor Ray Nagin's administration to delete virtually every e-mail sent and received by Nagin last year was not only an apparent violation of the state public-records law, it also flies in the face of a detailed policy recommendation prepared less than a year ago by the mayor's own technology office.

A memo titled "Proposed Alterations of E-mail Policies," dated May 13, is posted on the city's Web site. The document offers a long list of suggestions, including sections devoted to e-mail retention and the recovery of deleted e-mail via the use of backup systems.

One change the technology office said it "strongly recommends": that the city maintain backup tapes from its e-mail server, remove them every three months and store the data at an offsite location.

"No effort will be made to remove e-mail from the offsite backup tapes," the memo continues.

State law says e-mail and other public records must be maintained for three years. The memo goes further, saying that fiscal and administrative e-mail should be kept four years, while "general correspondence" need be retained only one year.

None of the recommendations appears to have been followed, based on comments made by an attorney for the city during a Tuesday court hearing on a lawsuit filed by WWL-TV. The station is seeking copies of Nagin's e-mail and information from his 2008 calendar.

To Continue Reading: Click Here
---------------------------------------------
Source: nola.com
By: Frank Donze

Catch Me If You Can: Preventing and Dealing with an Employee’s Theft of Electronically Stored Information

It is the electronic age, and our clients rely more and more upon computers and electronic-storage devices to house their company’s most valuable assets, including marketing plans, engineering designs, business strategies, customer information, and research. Increasingly, I find myself helping businesses who suspect or have discovered that a departing employee has downloaded, copied, or emailed themselves the company’s most valuable information in the hopes of embarking upon a promising new career with a competitor.

Proving such cases can be challenging and expensive, often requiring the assistance of a computer forensic expert. However, there are a number of preventive measures our clients can take to avoid such situations altogether. This article attempts to identify for you those preventive measures and provide you with advice and guidance on what to do when a client suspects that an employee has taken their most valuable information.

Preventive Measures

There are a number of steps businesses can take to reduce their risk that an employee will steal their confidential information. Some of these steps may seem obvious to us as attorneys, but it is amazing the number of businesses that do not take these simple precautions.

To Continue Reading: Click Here
---------------------------------------------
Source: WisBar
By: Nicole Druckrey

Strategies for email archiving and meeting compliance regulations

A study released in late 2008 by Barracuda Networks Inc. looked at email messaging archive technology adoption among North American organizations. An overwhelming majority, nearly 82%, of the surveyed 200 IT professionals viewed email archiving, commonly defined as an approach to saving and protecting email data for future use, as "important" or "very important" for their organizations. Interestingly, more than two-thirds of respondents cited reasons other than compliance as their main consideration for implementing an email archiving product.

I find it encouraging that regulatory requirements are not the only forces driving good IT practices. For 29% of organizations, however, compliance with industry regulations was the critical factor behind archiving email. So which regulations make archiving an increasingly important element of network administration and compliance? In this tip, we'll touch on some regulations driving email archiving, why archiving is important, and how to avoid common mistakes made when dealing with archived data.

Compliance regulations driving email archivingTo start, there are two regulations that affect the majority of organizations. To address electronically stored information, amendments to the aging Federal Rules of Civil Procedure (FRCP) require organizations to manage their data so that it can be produced in a timely and complete fashion when required in the course of legal proceedings.

This change to the FRCP, which basically applies to every business in the United States, means that some form of archiving product is invaluable for timely email discovery. In the Barracuda survey, nearly half of the respondents said they had been involved in a litigation request that required email as part of the discovery process. A third of them even took up to a month, without the aid of an email archiving product, to produce email as part of an e-discovery request.

To Continue Reading: Click Here
------------------------------------------------
Source: searchsecurity.techtarget.com
By: Michael Cobb

Inadvertent Disclosures in E-Mail

E-mail is part of our way of life. We use it to communicate with colleagues, partners, customers, clients, adversaries, friends, courts and even complete strangers. The use of e-mail is so prevalent -- and accessible with the proliferation of BlackBerrys, smart phones and the like -- that little thought is given to the fact that every message typed at a computer or thumbed out on a BlackBerry creates a permanent record that could be an issue in a legal dispute.

A word to the wise: E-mail can never truly be erased.

It should come as no surprise that electronically stored information, such as e-mail and other materials -- including Microsoft Word documents, spreadsheets and accounting data -- stored on computers and shared servers has become a focal point of most complex commercial litigation.

ESI can be a treasure trove for the enterprising litigator because it creates a contemporaneous record of business dealings, thoughts and reactions in a way that its paper predecessors -- letters and memorandums -- could never do. E-discovery has correspondingly become a significant line item in modern, complex commercial litigation.

The Federal Rule of Evidence 502 was enacted in September against this backdrop. One of the driving forces was the desire to rein in the staggering costs of reviewing ESI to prevent the inadvertent disclosure of materials protected by the attorney-client privilege or work-product doctrine to an adversary. The rule was intended to clarify the principle that the inadvertent production of, for example, a protected e-mail should not lead to the draconian result of a full subject matter waiver.

To Continue Reading: Click Here
------------------------------------------------
Source: law.com
By: William K. Hill and Scott N. Wagner

Its 3am. Do you know where your backups are?

A constant source of quiet amusement for me is drawn from visiting sites where the server room is secured by multi-factor authentication, but the backup tapes are stored in the unlocked cupboard above the system administrator’s cubicle.
The thinking goes something like this: the server room is locked because servers are expensive to replace. The backup tapes are unlocked because no one has really thought about how much important data is actually stored on them, or because last year Rocky had a dentist’s appointment on a day when Jeff needed a file restored and Kleefy forgot where he’d put the spare key.

Backup tapes contain all your organization’s data. They should be as secure as your servers are.

Of course all someone needs to do to get access to all of an organization’s data is wander off with a backup tape. In many organizations, backup tapes are so poorly organized that it would take the person doing the backup a while to figure out if some of them had actually been stolen (mostly because the first assumption, when you can’t find a particular tape, is that someone left it on top of the tape drive in the server room!).

To Continue Reading: Click Here
------------------------------------------------
Source: windowsitpro.com
By: Orin Thomas

Handle the Deluge of Investigations and Litigation

Recommind, a leading provider of enterprise search, email management and eDiscovery systems for enterprises, has announced the immediate availability of its groundbreaking Insite Legal Hold solution. Insite Legal Hold helps enterprises explore, preserve and collect electronically stored information (ESI) to prepare for and comply with litigation, regulatory oversight and investigations of every kind. The need for a practical, accurate legal hold solution has never been greater, heightened by the ongoing global financial meltdown, as enterprises have begun responding to costly investigations and litigation while preparing for greatly increased regulatory oversight.

Incorporating several breakthroughs in legal hold technology, Insite Legal Hold allows enterprises to explore information where it resides quickly and accurately – before it is collected and placed on hold in response to an investigation or lawsuit. This Explore in Place™ technology represents a paradigm shift in legal hold methodology. Competing solutions simply index and aggregate large amounts of data without any ability to determine the relevance of such information prior to collection, resulting in the collection, preservation, storage, processing, review and analysis of far more information than required. Alone in the industry, Insite Legal Hold allows enterprises to collect and hold only the data necessary for a given proceeding in a highly accurate and defensible manner. This makes Insite Legal Hold the only solution capable of dramatically improving the speed and accuracy of the legal hold process while drastically reducing the cost of eDiscovery.

"With federal oversight and the threat of investigation or litigation increasing daily, legal hold has become an increasingly important yet increasingly complex part of the data management process,” says Vivian Tero, Program Manager, Compliance Infrastructure at IDC. “Recommind’s Insite Legal Hold solution enables corporate litigants to investigate and target the scope of their preservation obligations more effectively than the ‘preserve everything’ approach."

To Continue Reading: Click Here
------------------------------------------------
Source: s-ox.com