In this visual, media-driven world, more and more lawyers are using courtroom technology to speed the flow of trials and more effectively communicate to judges and juries. According to the 2008 American Bar Association Legal Technology Survey Report, 47 percent of responding attorneys, including 34 percent of solo practitioners, reported using laptops in the courtroom.
Despite these growing numbers, it often happens that opposing sides are unevenly matched, and the less technologically equipped party cries foul. At some point, lawyers who bring their own technology into the courtroom likely will encounter requests -- and judicial pressure -- to share their hardware, software and even their staff with opposing counsel.
Litigators at my firm, Harrisburg, Pa.-based McNees Wallace & Nurick, have experienced this situation with some regularity, and anecdotally, it seems we're not alone. Typically, the opposition moves to bar the use of technology altogether. The judge then offers a Hobson's choice: Either make your digital exhibits available to the other side, or leave them at the office.
Lawyers who have not faced this before may be tempted to comply without resistance. But the arguments against sharing computer-generated exhibits are not trifling, and they are well worth making.
PROFESSIONAL COURTESY?
What litigator hasn't been asked during trial to share a foam board enlargement of a key document photograph? Who could reasonably refuse such a request?
To Continue Reading: Click Here
---------------------------------------------
Source: law.com
By: Susan V. Metcalfe
Sunday, May 31, 2009
Cyber Criminals use Search Engines
Unless you work for or own an online business, chances are you’ve never heard the terms “search engine optimization” (SEO) and “search engine marketing” (SEM). Yet these two phrases—SEO (the effort by site owners to get their website ranked higher by search engines) and SEM (the use of paid advertising to gain prominent placement on search engines) are increasingly important vocabulary for businesses that seek to prosper on the web. Unfortunately, legitimate businesses are not the only ones gaining fluency with this new language. The cyber criminals, from singular ones to organized groups, have realized that the same search engines that enable legitimate businesses to reach more consumers can also be used by criminals to separate more victims from more of their money.
In a study conducted by McAfee, Inc., they have identified that the riskiest set of keyword variations was “screensavers” with a maximum risk of 59.1% and an average risk of 34.4%, substantially higher than expected averages. Consumers looking to save money, and/or searching for means of additional income, should take note: searchers clicking on results that contain the word “free” have a 21.3 percent chance of infecting their PCs with online threats, such as spyware, spam, phishing, adware, viruses and other malware. “Work from home” searches can be as much as four times riskier than the average risk for all popular terms.
How does one keyword differ from another one, in terms of cyber weightage. The difference in two keywords is exactly its search engine results based costing, and has a direct relationship towards the number of searches made per day. Though it is difficult to understand the motives and modus of most of the cyber criminals, they also think of themselves as successful provided they can lure more victims to these phishing site. Mostly victims are coaxed into downloading a computer program into their system. People of any walks of the life, and any age group could get duped. As people continue to convert their music collection into mp3 and other digital format, they struggle between the cost of buying and converting. And once they are ready to download off the Internet, they are atleast prepared to download something, and this makes the malware authors work eaiser.
To Continue Reading: Click Here
---------------------------------------------
Source: keralaonline.com
In a study conducted by McAfee, Inc., they have identified that the riskiest set of keyword variations was “screensavers” with a maximum risk of 59.1% and an average risk of 34.4%, substantially higher than expected averages. Consumers looking to save money, and/or searching for means of additional income, should take note: searchers clicking on results that contain the word “free” have a 21.3 percent chance of infecting their PCs with online threats, such as spyware, spam, phishing, adware, viruses and other malware. “Work from home” searches can be as much as four times riskier than the average risk for all popular terms.
How does one keyword differ from another one, in terms of cyber weightage. The difference in two keywords is exactly its search engine results based costing, and has a direct relationship towards the number of searches made per day. Though it is difficult to understand the motives and modus of most of the cyber criminals, they also think of themselves as successful provided they can lure more victims to these phishing site. Mostly victims are coaxed into downloading a computer program into their system. People of any walks of the life, and any age group could get duped. As people continue to convert their music collection into mp3 and other digital format, they struggle between the cost of buying and converting. And once they are ready to download off the Internet, they are atleast prepared to download something, and this makes the malware authors work eaiser.
To Continue Reading: Click Here
---------------------------------------------
Source: keralaonline.com
Saturday, May 30, 2009
A Modest Solution to E-Discovery Problems
CEOs and their general counsels are worried about electronic discovery. And with good reason: today's big-money lawsuits often ride on a few key e-mails or other e-records, and the law around e-discovery is evolving and complex. In the last several years, companies have been sanctioned for losing or deleting e-mails, the new federal rules put e-records at the center of discovery, and Sarbanes-Oxley imposes stiff penalties for improperly destroying records. And to cause more anxiety, e-records are usually spread across the company in different computer systems, managed inconsistently, and many companies' IT and legal teams rarely talk to each other. All this means increased risk, and CEOs understandably give their lawyers a direct order: Do something.
A general counsel usually reacts by retaining an outside lawyer who specializes in e-discovery and records management. It's a smart first move. The lawyer reviews all parts of the company's e-discovery "readiness" and reports back, usually with several specific and good recommendations. Among other things, most experts in this area advise a company to implement a 45-day e-mail delete policy; to recycle backup tapes every 30 days; and to implement a "litigation hold" plan. Once implemented, all of these recommendations will help reduce the company's risk.
The rub is implementation. However well intentioned, the outside lawyer drops her report in the general counsel's office and leaves -- review complete, recommendations made. The general counsel then delegates implementation to someone on her staff, say an associate general counsel. The AGC in turn calls the company's deputy chief technology officer to discuss implementation. As an example, take the 45-day e-mail delete policy. The conversation goes something like this:
AGC: Hey John, wanted to talk about implementing a few recommendations we just received from an outside lawyer. The guy's an expert in e-discovery and e-records. Knows his stuff.
To Continue Reading: Click Here
---------------------------------------------
Source: law.com
By: Adam L. Rosman
A general counsel usually reacts by retaining an outside lawyer who specializes in e-discovery and records management. It's a smart first move. The lawyer reviews all parts of the company's e-discovery "readiness" and reports back, usually with several specific and good recommendations. Among other things, most experts in this area advise a company to implement a 45-day e-mail delete policy; to recycle backup tapes every 30 days; and to implement a "litigation hold" plan. Once implemented, all of these recommendations will help reduce the company's risk.
The rub is implementation. However well intentioned, the outside lawyer drops her report in the general counsel's office and leaves -- review complete, recommendations made. The general counsel then delegates implementation to someone on her staff, say an associate general counsel. The AGC in turn calls the company's deputy chief technology officer to discuss implementation. As an example, take the 45-day e-mail delete policy. The conversation goes something like this:
AGC: Hey John, wanted to talk about implementing a few recommendations we just received from an outside lawyer. The guy's an expert in e-discovery and e-records. Knows his stuff.
To Continue Reading: Click Here
---------------------------------------------
Source: law.com
By: Adam L. Rosman
Ease The Pain Of E-Discovery
Here's how three companies have pulled together IT, legal, and other stakeholders to reduce the complexity and cost of finding information when the lawyers come calling.
When the Office of Federal Housing Enterprise Oversight was subpoenaed for documents in litigation involving Fannie Mae and Freddie Mac, its IT department thought it had searched every cranny to find relevant e-mails. It turned out the agency overlooked disaster-recovery backups that were stored off-site.
That oversight triggered a legal fight and then a protracted search that resulted in a $6 million discovery bill--a whopping 9% of the office's annual budget.
When it comes to e-discovery costs, $6 million isn't an outlier, which points to the urgency of IT and legal departments working hand in hand to build policies and execute on them when litigation hits. At times, however, IT and legal work at cross-purposes--they don't communicate or, worse, argue over the best approach to collecting electronically stored information that's being called for, often on short notice.
To avoid these squabbles and the mistakes that come out of them, smart companies are creating e-discovery teams led by legal and IT principals, with other stakeholders in the organization brought in as needed. These teams set policies for data retention and preservation, oversee implementation of these policies, and handle e-discovery work related to specific legal cases. We'll look at what three companies--in insurance, telecom, and construction--are doing to make e-discovery the team sport it must be.
To Continue Reading: Click Here
---------------------------------------------
Source: informationweek.com
By: Andrew Conry-Murray
When the Office of Federal Housing Enterprise Oversight was subpoenaed for documents in litigation involving Fannie Mae and Freddie Mac, its IT department thought it had searched every cranny to find relevant e-mails. It turned out the agency overlooked disaster-recovery backups that were stored off-site.
That oversight triggered a legal fight and then a protracted search that resulted in a $6 million discovery bill--a whopping 9% of the office's annual budget.
When it comes to e-discovery costs, $6 million isn't an outlier, which points to the urgency of IT and legal departments working hand in hand to build policies and execute on them when litigation hits. At times, however, IT and legal work at cross-purposes--they don't communicate or, worse, argue over the best approach to collecting electronically stored information that's being called for, often on short notice.
To avoid these squabbles and the mistakes that come out of them, smart companies are creating e-discovery teams led by legal and IT principals, with other stakeholders in the organization brought in as needed. These teams set policies for data retention and preservation, oversee implementation of these policies, and handle e-discovery work related to specific legal cases. We'll look at what three companies--in insurance, telecom, and construction--are doing to make e-discovery the team sport it must be.
To Continue Reading: Click Here
---------------------------------------------
Source: informationweek.com
By: Andrew Conry-Murray
Technology Is Great, but Prove Your Point
I still remember the first time I faced an opposing counsel who was using high-end trial technology. Unbeknownst to me, the plaintiffs lawyer arrived at the courthouse early to set up equipment that was capable of projecting any document or videotaped deposition onto a large screen. I had no idea what I was facing until I arrived with my flipchart and colored pens. When I saw the attorney's technology, I suddenly felt as if I were in the final battle in "Star Wars" -- the fight between Darth Vader's high-tech Imperial Stormtroopers and the cute Ewoks from the Stone Age.
What opposing counsel had put together that day was impressive, particularly considering how expensive that type of technology was at the time. Twelve years later, as prices have decreased and options have increased, the use of trial technology has exploded. Unfortunately, the variety and affordability of the technology has not always been met with a corresponding improvement in the quality of trials themselves, as lawyers often fail to choose the most appropriate and effective technology for their cases.
These selection errors often occur for any one of few common reasons. Many lawyers have a fundamental misperception about trial technology. Some have an unjustified fear of it while others place an undue reliance upon it. A number of lawyers also fail to appreciate that each form of technology has its advantages and disadvantages. In addition, lawyers often fail to appropriately mix their media in a meaningful way.
When it comes to technology, lawyers can be divided into two groups: technophobes and technophiles. Typically, the technophobes are older and, like me, were once intimidated by portable electric typewriters. Technophiles are generally younger and find it hard to imagine cite checking with a stack of books instead of a computer. Each group operates with different core assumptions about technology. For technophobes, modern trial technology is something to fear because they believe it is an innovation for which they must learn an entirely new set of skills.
To Continue Reading: Click Here---------------------------------------------
Source: law.com
By: G. Christopher Ritter
Thursday, May 28, 2009
LegalTech West Coast Sessions to Focus on Emerging Social Media Tools, and Adapting to Turbulent Economy
Panel sessions at Incisive Media's upcoming LegalTech West Coast conference will focus on how law firms and lawyers can leverage emerging Web 2.0 and social media tools, including Twitter, while another panel track will offer expert advice to attorneys and firms on coping with the current economic downturn. LegalTech West Coast 2009, the region’s largest and most prestigious legal technology conference and trade show, will take place June 24-25 at the Los Angeles Convention Center. Complete conference information is available at www.legaltechshow.com.
The “Adopting Web 2.0” track will include a panel on the emerging social media and microblogging tool, Twitter. The session, “What is Twitter and How Can I Use It?” will explore the potential use of Twitter by law firms and lawyers, and will be moderated by Monica Bay, editor in chief of Incisive Media’s Law Technology News. Panelists include Nina Goldberg, attorney at Baker & Hostetler LLP; Matthew Homann, founder of LexThink LLC; lawyer, blogger and author Denise Howell; and Kevin O’Keefe, chief executive officer of LexBlog.
Topics to be covered by the panelists will include:
The “Adopting Web 2.0” track will include a panel on the emerging social media and microblogging tool, Twitter. The session, “What is Twitter and How Can I Use It?” will explore the potential use of Twitter by law firms and lawyers, and will be moderated by Monica Bay, editor in chief of Incisive Media’s Law Technology News. Panelists include Nina Goldberg, attorney at Baker & Hostetler LLP; Matthew Homann, founder of LexThink LLC; lawyer, blogger and author Denise Howell; and Kevin O’Keefe, chief executive officer of LexBlog.
Topics to be covered by the panelists will include:
- What is Twitter and why should ‘I’ use it?
- At the end of the day, is Twitter the “ultimate time waster” or a “great tool”?
- From 'huh?" to "a ha!" - one lawyer's journey into the Twitterverse or "How I learned to stop worrying and love to Tweet!"
- Lawyers, Twitter and client development.
To Continue Reading: Click Here
---------------------------------------------
Source: businesswire.com
Wednesday, May 27, 2009
Court Finds Delay in Objecting to a Failure to Produce in Native Format Was "Patently Unreasonable" and Denies Defendant's Motion to Compel Production
Ford Motor Co. v. Edgewood Props., Inc., 2009 WL 1416223 (D.N.J. May 19, 2009)
In this case, arising from allegations surrounding contaminated concrete following the demolition of a Ford plant in New Jersey, defendant Edgewood Properties (“Edgewood”) brought several motions before the court, including a motion to compel production of documents in their native format (or documents containing metadata) and a motion for an order granting Edgewood the right to confirm the adequacy of Ford’s manual collection process by searching the electronic systems of certain custodians. Finding Edgewood had waived its objection to the format of Ford’s production by failing to object within a reasonable time period, the court denied Edgewood’s motion to compel. The court also denied Edgewood’s motion to allow access to certain of Ford’s electronically-stored records citing inter alia the burden to Ford and Edgewood’s failure to make a showing of Ford’s purposeful or negligent withholding of documents.
Edgewood’s initial document request called for the production of electronically stored information (“ESI”) in its native format (or with metadata). Ford responded by informing Edgewood of its intent to produce “Tagged Image File Format (“TIFF”) with accompanying searchable text.” The parties failed to reach agreement regarding the format of production, and Ford produced its documents as indicated, in TIFF format. Ford made three productions in TIFF format, one in March 2008, one in August 2008, and one in November 2008. Following the third production, in January 2009, Edgewood sought to compel re-production of Ford’s documents in native format, as originally requested.
Beginning its analysis with Fed. R. Civ. P. 34, as discussed in Aguilar v. Immigration & Customs Enforcement Div. of U.S. Dep’t of Homeland Sec., 2008 WL 5062700 (S.D.N.Y. Nov. 21, 2008), the court elucidated the parameters of the rule which allow for the requesting party to specify the format of production, but also for the responding party to object to such specification. Per the rule, upon objecting, the responding party must also indicate its intended format of production. If the requesting party opposes the suggested format, the parties are required to meet and confer before filing a motion to compel. The court’s analysis also acknowledged the need to consider the necessity of producing metadata to allow equal access to the information produced, as discussed by The Sedona Conference©, and that court’s have generally ordered the production of metadata “when it is sought in the initial document request and the producing party has not yet produced the documents in any form.”
To Continue Reading: Click Here
---------------------------------------------
Source: ediscoverylaw.com
In this case, arising from allegations surrounding contaminated concrete following the demolition of a Ford plant in New Jersey, defendant Edgewood Properties (“Edgewood”) brought several motions before the court, including a motion to compel production of documents in their native format (or documents containing metadata) and a motion for an order granting Edgewood the right to confirm the adequacy of Ford’s manual collection process by searching the electronic systems of certain custodians. Finding Edgewood had waived its objection to the format of Ford’s production by failing to object within a reasonable time period, the court denied Edgewood’s motion to compel. The court also denied Edgewood’s motion to allow access to certain of Ford’s electronically-stored records citing inter alia the burden to Ford and Edgewood’s failure to make a showing of Ford’s purposeful or negligent withholding of documents.
Edgewood’s initial document request called for the production of electronically stored information (“ESI”) in its native format (or with metadata). Ford responded by informing Edgewood of its intent to produce “Tagged Image File Format (“TIFF”) with accompanying searchable text.” The parties failed to reach agreement regarding the format of production, and Ford produced its documents as indicated, in TIFF format. Ford made three productions in TIFF format, one in March 2008, one in August 2008, and one in November 2008. Following the third production, in January 2009, Edgewood sought to compel re-production of Ford’s documents in native format, as originally requested.
Beginning its analysis with Fed. R. Civ. P. 34, as discussed in Aguilar v. Immigration & Customs Enforcement Div. of U.S. Dep’t of Homeland Sec., 2008 WL 5062700 (S.D.N.Y. Nov. 21, 2008), the court elucidated the parameters of the rule which allow for the requesting party to specify the format of production, but also for the responding party to object to such specification. Per the rule, upon objecting, the responding party must also indicate its intended format of production. If the requesting party opposes the suggested format, the parties are required to meet and confer before filing a motion to compel. The court’s analysis also acknowledged the need to consider the necessity of producing metadata to allow equal access to the information produced, as discussed by The Sedona Conference©, and that court’s have generally ordered the production of metadata “when it is sought in the initial document request and the producing party has not yet produced the documents in any form.”
To Continue Reading: Click Here
---------------------------------------------
Source: ediscoverylaw.com
The Art and Science of EDD Special Masters
I frequently field this question: "Hi Craig. I'm a tech-savvy lawyer and want to serve as an e-discovery special master. What advice can you offer me? And what does a special master do exactly?"
A special master for electronically stored information is a technical expert -- ideally a lawyer -- appointed by the court to manage and resolve discovery disputes involving electronic evidence.
Governed by FRCP Rule 53 in the federal courts, an SM-ESI enjoys such powers as the court delegates, subject to de novo review by the judge. Courts may turn to special masters when the judge lacks the technical expertise or time to address complex or contentious e-discovery disputes.
An SM-ESI may sort out search terms, fashion collection protocols, investigate spoliation, resolve privilege concerns, arbitrate forms of production, suggest sampling scenarios, apportion costs and make sanctions recommendations. It's fascinating, challenging, creative work.
But there's more to being an effective SM-ESI than legal and technical know-how. Special masters don't have skills training courses such as those available to lawyers, judges and mediators. We learn by doing and from our mistakes.
TIPS & TECHNIQUES
Here are some lessons I've learned in the trenches.
Special masters are often appointed because the parties won't cooperate. Discussions are ugly, angry and petty. Demand that backbiting and snide comments cease. When recriminations fly, give them no quarter. Professionals should act professionally, and compulsory courtesy fosters the real thing.
To Continue Reading: Click Here---------------------------------------------
Source: law.com
By: Craig Ball
Managing Growing Data Assets In A Shrinking Economy
Growing" and "assets" are words rarely spoken in the same sentence these days, but when it comes to unstructured data, "growing assets" is exactly the term enterprises are using. The slowdown in the economy has done nothing to stem the proliferation of electronic data, in particular unstructured data in the form of Word documents, PDFs, spreadsheets and email. Workers, even when their numbers decrease, still manage to create an astounding and expanding amount of unstructured content every hour of every workday. The only downward trend, it appears, is tied to the IT resources left to manage data. And fewer data management resources translate into a bigger data mess.
This is unfortunate because downtimes, like we're seeing currently, beg for better data management. Most obvious are the increase in lawsuits. We are a litigious culture and when we are upset because our money managers have wreaked havoc with our business assets, or our life savings, we invest the money we have left in lawyers. The lawyers require evidence to do their jobs, and the courts demand that they produce this evidence in short order.
To Continue Reading: Click Here---------------------------------------------
Source: datastorageconnection.com
By: Steve Akers
Monday, May 25, 2009
The Cloud-Computing Myth
There's always a new era of "network computing" around the corner, but we won't reach it soon.
John Chambers, among others, has reignited a fervor around the prospects of "cloud computing."
Distributed computing has been championed on several occasions, perennially reemerging every five years or so but failing each time to overcome significant hurdles and operational risks before fading back into remission.
Let me save you some suspense, I believe the hype of cloud computing will once again taper off, even with advancements in Internet applications and improvements in connectivity the past few years. Bandwidth constraints and the growing cost of incremental traffic will partly be to blame (this is not a trivial hurdle; carriers grapple with an inability to charge by usage). The concept will also fail because of the complexity of maintaining and supporting so many remote devices and the costs of unavoidable outages; because part of a business' competitive advantage is its operational customization of off-the-shelf software; because of regulatory hurdles and restrictions not often considered part of the discussion.
To Continue Reading: Click Here
---------------------------------------------
Source: Forbes
By: Avi Cohen
John Chambers, among others, has reignited a fervor around the prospects of "cloud computing."
Distributed computing has been championed on several occasions, perennially reemerging every five years or so but failing each time to overcome significant hurdles and operational risks before fading back into remission.
Let me save you some suspense, I believe the hype of cloud computing will once again taper off, even with advancements in Internet applications and improvements in connectivity the past few years. Bandwidth constraints and the growing cost of incremental traffic will partly be to blame (this is not a trivial hurdle; carriers grapple with an inability to charge by usage). The concept will also fail because of the complexity of maintaining and supporting so many remote devices and the costs of unavoidable outages; because part of a business' competitive advantage is its operational customization of off-the-shelf software; because of regulatory hurdles and restrictions not often considered part of the discussion.
To Continue Reading: Click Here
---------------------------------------------
Source: Forbes
By: Avi Cohen
Sunday, May 24, 2009
Cloud Tech Poses Problems For Lawyers
E-discovery lost in brave new world
The term “cloud computing” may sound space age, but it’s presenting some unique challenges for attorneys and their clients when it comes to the discovery process.
Although cloud computing covers a range of services from IT to software, its common thread is that all those services are provided by third parties that require customers to trust them with all manner of data.
“On one hand, it’s very efficient for users because the company essentially rents space on a host system,” said James Donnelly, an attorney at Worcester firm Mirick O’Connell and a member of the Massachusetts Bar Association’s technology task force.
On the other hand, he said, the company “doesn’t own the host system, and it could be located anywhere in the world.”
Companies store data off-site in hard copy files all the time. Cloud computing is basically the same practice, but different in that a company’s proprietary information is on some (probably shared) server that is not under the company’s control and could be anywhere in the world.
“If a company is contracting with a (cloud) service company in Shrewsbury, it’s a simple matter,” Donnelly said. “But the mainstream is globalized” and companies tend to store their data where they can get the best rates, and often that’s in China or India.
As it does in many other aspects of business, failing to prepare for the worst can and will hurt a company that doesn’t carefully consider exactly how it wants to use a cloud system.
The discovery process is as old as the law itself.
When a company gets sued, it must provide any information that may be related to the case at hand. The e-discovery process is the same, but instead of digging through filing cabinets, the lawyers are scouring the company’s computer files.
But lawyers say there are gaps between the rules presumed to govern the possession, custody and control of information and a company’s practical ability to control the cloud systems with which they contract.
To Continue Reading: Click Here
-----------------------------------------------
Source: wbjournal.com
By: Matthew L. Brown
The term “cloud computing” may sound space age, but it’s presenting some unique challenges for attorneys and their clients when it comes to the discovery process.
Although cloud computing covers a range of services from IT to software, its common thread is that all those services are provided by third parties that require customers to trust them with all manner of data.
“On one hand, it’s very efficient for users because the company essentially rents space on a host system,” said James Donnelly, an attorney at Worcester firm Mirick O’Connell and a member of the Massachusetts Bar Association’s technology task force.
On the other hand, he said, the company “doesn’t own the host system, and it could be located anywhere in the world.”
Companies store data off-site in hard copy files all the time. Cloud computing is basically the same practice, but different in that a company’s proprietary information is on some (probably shared) server that is not under the company’s control and could be anywhere in the world.
“If a company is contracting with a (cloud) service company in Shrewsbury, it’s a simple matter,” Donnelly said. “But the mainstream is globalized” and companies tend to store their data where they can get the best rates, and often that’s in China or India.
As it does in many other aspects of business, failing to prepare for the worst can and will hurt a company that doesn’t carefully consider exactly how it wants to use a cloud system.
The discovery process is as old as the law itself.
When a company gets sued, it must provide any information that may be related to the case at hand. The e-discovery process is the same, but instead of digging through filing cabinets, the lawyers are scouring the company’s computer files.
But lawyers say there are gaps between the rules presumed to govern the possession, custody and control of information and a company’s practical ability to control the cloud systems with which they contract.
To Continue Reading: Click Here
-----------------------------------------------
Source: wbjournal.com
By: Matthew L. Brown
Friday, May 22, 2009
Making a Case for Disaster Recovery
Today's CIOs and IT professionals face numerous challenges, tasked with directives relating to business productivity, compliance issues, service-level agreements and more. In the legal industry especially, our priority is to identify and implement effective technologies that align with business requirements. The ability to recover data in the wake of a disaster and continue to serve our clients is a top priority at Sheppard Mullin. The 550-attorney firm has eight of its eleven offices in earthquake and fire prone California (with additional offices in New York, Washington, D.C., and Shanghai). As a result, disaster recovery was one of the most important IT projects facing the firm's IT department in 2008. Sheppard Mullin took steps to implement a successful disaster recovery solution to ensure that the firm and its clients (many of whom are among the Fortune 100) would not experience business or service disruption.
BUSINESS AND TECHNOLOGICAL DRIVERS FOR DISASTER RECOVERY
Most law firms have some type of disaster recovery system in place. But in the aftermath of 9/11, the legal industry re-evaluated the adequacy of existing data protection standards. True disaster recovery means that data must be accessible at the same speed and with the same integrity as it was before a disaster or event (e.g., natural or man-made disasters, viruses, power disruptions). Some companies have the potential of going out of business within one year of sustaining a multi-day outage, making a strong case that businesses are only as safe and viable as their disaster recovery measures.
Sheppard Mullin's data centers and the majority of our servers are housed in our Los Angeles and Washington, D.C., offices, with a planned transition to a collocation facility in Scottsdale, Arizona. Currently, we maintain individual Microsoft Exchange Servers at each of our 11 locations, with plans for server consolidation and use of WAN optimization devices when we move to the collocation facility. Our IT infrastructure is Windows-centric, utilizing SQL Server as the back-end database application and VMware for server virtualization. We were using tape backup and off-site storage, but the threat of regional disasters prompted the search for more feature-rich disaster recovery technology.
To Continue Reading: Click Here
-----------------------------------------------
Source: law.com
By: Donna Paulson
BUSINESS AND TECHNOLOGICAL DRIVERS FOR DISASTER RECOVERY
Most law firms have some type of disaster recovery system in place. But in the aftermath of 9/11, the legal industry re-evaluated the adequacy of existing data protection standards. True disaster recovery means that data must be accessible at the same speed and with the same integrity as it was before a disaster or event (e.g., natural or man-made disasters, viruses, power disruptions). Some companies have the potential of going out of business within one year of sustaining a multi-day outage, making a strong case that businesses are only as safe and viable as their disaster recovery measures.
Sheppard Mullin's data centers and the majority of our servers are housed in our Los Angeles and Washington, D.C., offices, with a planned transition to a collocation facility in Scottsdale, Arizona. Currently, we maintain individual Microsoft Exchange Servers at each of our 11 locations, with plans for server consolidation and use of WAN optimization devices when we move to the collocation facility. Our IT infrastructure is Windows-centric, utilizing SQL Server as the back-end database application and VMware for server virtualization. We were using tape backup and off-site storage, but the threat of regional disasters prompted the search for more feature-rich disaster recovery technology.
To Continue Reading: Click Here
-----------------------------------------------
Source: law.com
By: Donna Paulson
Thursday, May 21, 2009
The Discoverability of Digital Voicemail
Companies today have more options than ever for generating, receiving, storing, retrieving and disposing of voicemail messages.
In the past, voicemails were stored on analog tapes, but increasingly, organizations now use unified, digital systems that integrate telephone and computer systems. While more efficient and flexible, these advances raise a number of electronic data discovery issues.
If your organization is considering an upgrade, it's imperative to evaluate the effect, if any, that the new system will have on your obligation to preserve, search and disclose relevant voicemail messages.
Here is a brief overview of EDD issues and how courts are addressing the discoverability of digital voicemail messages.
DIGITAL OR ANALOG
Digital systems store the messages on a central server, from which, if not routinely deleted, they can be retrieved. Some create additional data points, such as e-mail "message received" notification or e-mail pointers that allow the messages to be retrieved from the server via e-mail.
These notification systems sometimes use e-mail notices that identify the caller, date, time and duration of the call -- which provides the firm (or a litigation adversary) with the ability to trace an employees' receipt of messages, and can lead to additional burdensome discovery demands.
Depending on the system, the manner in which this metadata is retained will likely be under your control; and the messages and accompanying e-mails are likely to be subject to your data backup and retention policies. However, that may be easier said than done -- digital messages can be more difficult to delete because redundant backup systems and personal user habits often result in multiple copies.
Unified messaging systems, where voicemail messages appear in the user e-mail box as audio files (most commonly WAV), pose the greatest risk and potential for increased EDD costs. They not only create additional, readily accessible data for every message, but also significantly expand the size of the user's e-mail boxes, persist for long periods of time and can be widely disseminated with the ease of forwarding an e-mail.
To Continue Reading: Click Here
-----------------------------------------------
Source: Law.com
By: Mark Sidoti & Paul Asfendis
In the past, voicemails were stored on analog tapes, but increasingly, organizations now use unified, digital systems that integrate telephone and computer systems. While more efficient and flexible, these advances raise a number of electronic data discovery issues.
If your organization is considering an upgrade, it's imperative to evaluate the effect, if any, that the new system will have on your obligation to preserve, search and disclose relevant voicemail messages.
Here is a brief overview of EDD issues and how courts are addressing the discoverability of digital voicemail messages.
DIGITAL OR ANALOG
Digital systems store the messages on a central server, from which, if not routinely deleted, they can be retrieved. Some create additional data points, such as e-mail "message received" notification or e-mail pointers that allow the messages to be retrieved from the server via e-mail.
These notification systems sometimes use e-mail notices that identify the caller, date, time and duration of the call -- which provides the firm (or a litigation adversary) with the ability to trace an employees' receipt of messages, and can lead to additional burdensome discovery demands.
Depending on the system, the manner in which this metadata is retained will likely be under your control; and the messages and accompanying e-mails are likely to be subject to your data backup and retention policies. However, that may be easier said than done -- digital messages can be more difficult to delete because redundant backup systems and personal user habits often result in multiple copies.
Unified messaging systems, where voicemail messages appear in the user e-mail box as audio files (most commonly WAV), pose the greatest risk and potential for increased EDD costs. They not only create additional, readily accessible data for every message, but also significantly expand the size of the user's e-mail boxes, persist for long periods of time and can be widely disseminated with the ease of forwarding an e-mail.
To Continue Reading: Click Here
-----------------------------------------------
Source: Law.com
By: Mark Sidoti & Paul Asfendis
Wednesday, May 20, 2009
Is the eDisclosure time bomb about to explode?
Freedom of information is pretty big news right now, just ask your local MP. But have you thought about your own situation with regards to eDisclosure for your business? According to new research by information risk management outfit Recommind, nearly half of UK enterprises have experienced an increase in eDisclosure requests during the last year.
OK, so you might not have to worry so much about revelations of money spent on cleaning your moat or ‘flipping’ half a dozen London flats in a year, but the small matter of the identification, preservation and collection of electronically stored information for regulatory and internal investigations and law suits has the potential to become a big problem nonetheless.
Recommind tells me that despite the number of businesses getting more and more eDisclosure requests, two thirds of UK organisations can only muster no more than five percent of their IT budgets to address the issue. Some 90 percent are under the 10 percent of total budget spend boundary when it comes to provisioning properly and preparing for the almost inevitable eDisclosure time bomb to explode.
The figures are not altogether surprising, given that the same research suggests that most IT directors could pretty much care less. Most rated it as their lowest priority, an oversight that might just come back and bite them on the arse it would seem to me. Simon Price, a Recommind director, also shares this feeling.
To Continue Reading: Click Here
-------------------------------------------
Source: itpro.co.uk
By: Davey Winder
OK, so you might not have to worry so much about revelations of money spent on cleaning your moat or ‘flipping’ half a dozen London flats in a year, but the small matter of the identification, preservation and collection of electronically stored information for regulatory and internal investigations and law suits has the potential to become a big problem nonetheless.
Recommind tells me that despite the number of businesses getting more and more eDisclosure requests, two thirds of UK organisations can only muster no more than five percent of their IT budgets to address the issue. Some 90 percent are under the 10 percent of total budget spend boundary when it comes to provisioning properly and preparing for the almost inevitable eDisclosure time bomb to explode.
The figures are not altogether surprising, given that the same research suggests that most IT directors could pretty much care less. Most rated it as their lowest priority, an oversight that might just come back and bite them on the arse it would seem to me. Simon Price, a Recommind director, also shares this feeling.
To Continue Reading: Click Here
-------------------------------------------
Source: itpro.co.uk
By: Davey Winder
White House wins ruling in e-mail case
The White House's Office of Administration is not subject to the Freedom of Information Act and can keep records of what could be millions of lost e-mail messages from the public, an appeals court ruled yesterday.
The unit of the president's office performs only operational and administrative tasks and does not qualify for FOIA disclosures under federal law, a three-judge panel of the U.S. Court of Appeals for the District of Columbia Circuit ruled.
Because the Office of Administration provides only support services, it "lacks substantial independent authority and is therefore not an agency under FOIA," the panel said in its decision involving the open-records law.
The ruling is a setback for Citizens for Responsibility and Ethics in Washington, or CREW. The policy group has been seeking records on millions of White House e-mail messages created in 2003-05 during the administration of President George W. Bush.
To Continue Reading: Click Here
-------------------------------------------
Source: philly.com
The unit of the president's office performs only operational and administrative tasks and does not qualify for FOIA disclosures under federal law, a three-judge panel of the U.S. Court of Appeals for the District of Columbia Circuit ruled.
Because the Office of Administration provides only support services, it "lacks substantial independent authority and is therefore not an agency under FOIA," the panel said in its decision involving the open-records law.
The ruling is a setback for Citizens for Responsibility and Ethics in Washington, or CREW. The policy group has been seeking records on millions of White House e-mail messages created in 2003-05 during the administration of President George W. Bush.
To Continue Reading: Click Here
-------------------------------------------
Source: philly.com
Tuesday, May 19, 2009
Companies Die, But Data, Hard Drives Live On
In many cases, computers need to be stored and ready for potential use long after the company has dissolved. A network of federal and state laws require data to be maintained for a specific amount of time. The Civil Rights Act of 1964 requires companies to keep employee data for one year. Likewise, employment data has a web of laws.
Even after companies die, their tech departments -- and the expense and hassle of running them -- can linger on.
With the proliferation of bankruptcy cases in this economic downturn, court-appointed trustees who typically manage the liquidation of assets, as well as some creditors who receive the assets, are wondering what to do with computer data .
Some are finding they're legally prevented from disposing of the data on many computers for years.
"Suddenly, trustees may realize they have something they didn't anticipate as a liability," said Lance Watson, vice president of case management at Avansic Digital Forensics Professionals.
And that means, in many cases, computers need to be stored and ready for potential use long after the company has dissolved, Watson said. His company has helped some clients who were storing just a few dozens computers in a closet, though another had hundreds of computers connected through servers.
A network of federal and state laws require data to be maintained for a specific amount of time. Oklahoma's Health Insurance Portability and Accountability Act requires medical data be held for five years.
To Continue Reading: Click Here-------------------------------------------
Source: cio-today.com
Monday, May 18, 2009
Wolfram/Alpha Looks Beyond Search Toward Computation
Unlike Google, the newly debuted "computational knowledge engine" attempts to compute answers to questions based on established facts.
Wolfram Research, makers of the noted computational software Mathematica, on Monday launched Wolfram/Alpha, a service the company characterizes as a "computational knowledge engine."
It's not a search engine. Though widely compared to Google, Wolfram/Alpha does not try to match queries against a list of indexed documents. It attempts to compute answers to questions based on established facts.
Whereas Google takes an ambiguous query like "bass" and returns results related to the fish, the musical instrument, and the shoe brand, Wolfram/Alpha returns an array of nutritional data related to the fish.
Google can tell you where to find information about "the best restaurant in San Francisco." The data sources identified by Google may not be ones you'd agree with, but that's what you get when you ask a subjective question.
Wolfram/Alpha aspires to offer something more objective, answering queries not by matching keywords in an index but through computation. For example, if presented with the query $250 + 15%, it returns the correct answer, $287.50.
Google too can do this, if the query is constructed properly: (15% of 250) + 250. But Wolfram/Alpha is far more sophisticated in the kinds calculations it can perform, assuming it can turn the query into a proper equation.
When presented with questions related to its curated knowledge base that can be parsed, understood, and answered through computation, it performs brilliantly. Asked to find "the distance between New York and San Francisco," it not only returns 2,578 miles, but it also provides a calculation of travel time for a person in an airplane traveling at 550 mph (4.7 hours) and for light traveling through a fiber-optic cable (19.4 milliseconds), among other fact-based calculations.
To Continue Reading: Click Here
-------------------------------------------
Source: Information Week
By: Thomas Claburn
Wolfram Research, makers of the noted computational software Mathematica, on Monday launched Wolfram/Alpha, a service the company characterizes as a "computational knowledge engine."
It's not a search engine. Though widely compared to Google, Wolfram/Alpha does not try to match queries against a list of indexed documents. It attempts to compute answers to questions based on established facts.
Whereas Google takes an ambiguous query like "bass" and returns results related to the fish, the musical instrument, and the shoe brand, Wolfram/Alpha returns an array of nutritional data related to the fish.
Google can tell you where to find information about "the best restaurant in San Francisco." The data sources identified by Google may not be ones you'd agree with, but that's what you get when you ask a subjective question.
Wolfram/Alpha aspires to offer something more objective, answering queries not by matching keywords in an index but through computation. For example, if presented with the query $250 + 15%, it returns the correct answer, $287.50.
Google too can do this, if the query is constructed properly: (15% of 250) + 250. But Wolfram/Alpha is far more sophisticated in the kinds calculations it can perform, assuming it can turn the query into a proper equation.
When presented with questions related to its curated knowledge base that can be parsed, understood, and answered through computation, it performs brilliantly. Asked to find "the distance between New York and San Francisco," it not only returns 2,578 miles, but it also provides a calculation of travel time for a person in an airplane traveling at 550 mph (4.7 hours) and for light traveling through a fiber-optic cable (19.4 milliseconds), among other fact-based calculations.
To Continue Reading: Click Here
-------------------------------------------
Source: Information Week
By: Thomas Claburn
Don't toss all your practice's e-mails in the virtual trash
Reading and deleting e-mails might be customary when e-mailing for personal use. But physicians incorporating e-mail into their practices might have to get out of that habit and enter the unfamiliar territory of e-mail archiving.
"A lot of people think that e-mails are just e-mails, that it's like a telephone conversation that you have with someone, you hang up and you have no record of it," said William J. Spratt Jr., health care partner for the Miami offices of K&L Gates. "But that's not the case. It actually is a written record, and it must be maintained if it is considered a health record."
Spratt said many don't consider this fact when they start using e-mail as a form of communication between physician and patient because of the convenience it offers. But experts say e-mails should be considered part of the business record and kept for future reference.
Ryan Williams, a health care attorney at the Cleveland firm of Walter & Haverfield, said that because archiving e-mail is so important to a practice, the decision to begin e-mailing patients should be a business decision for which doctors should weigh financial and liability risks and benefits.
Even if you are receiving reimbursement for e-visits, there are costs and staff time associated with maintaining those records that might not make it worth the investment.
To Continue Reading: Click Here
-------------------------------------------
Source: AMNews
By: Pamela Lewis Dolan
"A lot of people think that e-mails are just e-mails, that it's like a telephone conversation that you have with someone, you hang up and you have no record of it," said William J. Spratt Jr., health care partner for the Miami offices of K&L Gates. "But that's not the case. It actually is a written record, and it must be maintained if it is considered a health record."
Spratt said many don't consider this fact when they start using e-mail as a form of communication between physician and patient because of the convenience it offers. But experts say e-mails should be considered part of the business record and kept for future reference.
Ryan Williams, a health care attorney at the Cleveland firm of Walter & Haverfield, said that because archiving e-mail is so important to a practice, the decision to begin e-mailing patients should be a business decision for which doctors should weigh financial and liability risks and benefits.
Even if you are receiving reimbursement for e-visits, there are costs and staff time associated with maintaining those records that might not make it worth the investment.
To Continue Reading: Click Here
-------------------------------------------
Source: AMNews
By: Pamela Lewis Dolan
The Most Important E-Discovery Rule
Rule 26(f) is a means to communicate disputes to federal judges for early resolution
Time for a pop quiz. Can you name the most important of the so-called "e-discovery" amendments to the Federal Rules of Civil Procedure adopted in 2006? Candidates include, among others, Rule 26(b)(2)(B), which introduced the concept of "not reasonably accessible" electronically stored information; Rule 26(b)(5)(B), which established a uniform procedure among the United States district courts to assert claims of inadvertent production; Rule 34(b), which addressed form of production of ESI; and Rule 37(e), which purported to create a "safe harbor" from sanctions for loss of ESI under certain circumstances.
The correct answer: Rule 26(f), which expanded on the concept of "meet and confer" to include ESI.
Rule 26(f) first appeared in 1980. At that time, it was intended to deter abuse of the discovery process: "[C]ounsel who has attempted without success to effect with opposing counsel a reasonable program or plan for discovery is entitled to the assistance of the court." See Advisory Committee Note to 1980 Amendment of Rule 26(f). The procedure envisioned by this first incarnation of the rule was used only sparingly. See Advisory Committee Note to 1993 Amendment of Rule 26(f).
In 1993, Rule 26(f) was amended to, more or less, its current form. The 1993 amendment provided that, unless exempted by local rule or order, parties meet in person, discuss specific matters and submit their discovery proposals to the court. The 1993 amendment went hand-in-hand with the "greater need for early judicial involvement to consider the scope and timing of the disclosure requirements of Rule 26(a) and the presumptive limits on discovery imposed under these rules [the Federal Rules of Civil Procedure] or by local rules." The 1993 amendment paralleled the amendment of Rule 16, which was intended to "highlight the court's powers regarding the discovery process."
The year 2000 saw the elimination of the "in person" requirement:
"There are important benefits to face-to-face discussion of the topics to be covered in the conference, and those benefits may be lost if other means of conferring were routinely used when face-to-face meetings would not impose burdens. Nevertheless, geographic conditions ... may exact costs far out of proportion to these benefits." See Advisory Committee Note to 2000 Amendment of Rule 26(f).
The year 2000 also saw, in general terms, the elimination of local exemption from the Rule 26(f) process. Since 2000, Rule 26(f) and its duty to "meet-and-confer" has become a cornerstone of the federal civil litigation process. (Parenthetically, Rule 37(a)(1) imposes an analogous duty before discovery motions may be made.)
To Continue Reading: Click Here
---------------------------------------------
Source: Law.com
By: Ronald J. Hedges
Time for a pop quiz. Can you name the most important of the so-called "e-discovery" amendments to the Federal Rules of Civil Procedure adopted in 2006? Candidates include, among others, Rule 26(b)(2)(B), which introduced the concept of "not reasonably accessible" electronically stored information; Rule 26(b)(5)(B), which established a uniform procedure among the United States district courts to assert claims of inadvertent production; Rule 34(b), which addressed form of production of ESI; and Rule 37(e), which purported to create a "safe harbor" from sanctions for loss of ESI under certain circumstances.
The correct answer: Rule 26(f), which expanded on the concept of "meet and confer" to include ESI.
Rule 26(f) first appeared in 1980. At that time, it was intended to deter abuse of the discovery process: "[C]ounsel who has attempted without success to effect with opposing counsel a reasonable program or plan for discovery is entitled to the assistance of the court." See Advisory Committee Note to 1980 Amendment of Rule 26(f). The procedure envisioned by this first incarnation of the rule was used only sparingly. See Advisory Committee Note to 1993 Amendment of Rule 26(f).
In 1993, Rule 26(f) was amended to, more or less, its current form. The 1993 amendment provided that, unless exempted by local rule or order, parties meet in person, discuss specific matters and submit their discovery proposals to the court. The 1993 amendment went hand-in-hand with the "greater need for early judicial involvement to consider the scope and timing of the disclosure requirements of Rule 26(a) and the presumptive limits on discovery imposed under these rules [the Federal Rules of Civil Procedure] or by local rules." The 1993 amendment paralleled the amendment of Rule 16, which was intended to "highlight the court's powers regarding the discovery process."
The year 2000 saw the elimination of the "in person" requirement:
"There are important benefits to face-to-face discussion of the topics to be covered in the conference, and those benefits may be lost if other means of conferring were routinely used when face-to-face meetings would not impose burdens. Nevertheless, geographic conditions ... may exact costs far out of proportion to these benefits." See Advisory Committee Note to 2000 Amendment of Rule 26(f).
The year 2000 also saw, in general terms, the elimination of local exemption from the Rule 26(f) process. Since 2000, Rule 26(f) and its duty to "meet-and-confer" has become a cornerstone of the federal civil litigation process. (Parenthetically, Rule 37(a)(1) imposes an analogous duty before discovery motions may be made.)
To Continue Reading: Click Here
---------------------------------------------
Source: Law.com
By: Ronald J. Hedges
E-Discovery Pitfalls and Practice Tips
Understanding the e-discovery rules is critical in today's litigation environment. The Mancia v. Mayflower Textile Servs. Co., 253 F.R.D. 354 (D. Md. 2008), and Treppel v. Biovail Corp., 249 F.R.D. 111 (S.D.N.Y. 2008), cases demonstrate the pitfalls that can occur. This article will analyze these cases and detail practice tips for propounding and responding to e-discovery demands.
The Mancia case required litigants to cooperate and communicate during the discovery process to minimize the costs and burdens of discovery. While Mancia does not specifically address e-discovery issues, it could have a wide-ranging effect on cases that involve massive amounts of electronically stored information.
In Mancia, employees filed an action against defendant under the Fair Labor Standards Act for knowingly failing to compensate them for overtime work and illegally deducting wages from their paychecks. Plaintiff served several discovery demands upon defendant, and moved to compel responses. At a subsequent hearing, Magistrate Judge Grimm raised concerns about the breadth of plaintiff's discovery demands, which were disproportionate to the issues raised in the litigation, as well as defendant's "reflexive" boilerplate objections. Noting that the dispute could have been resolved or minimized by cooperation and communication between counsel, the court's opinion focused upon Fed.R.Civ.P. 26(g), which is becoming the favored discovery enforcement tool of the federal bench. Rule 26(g) requires that every discovery request, response and objection, be signed by an attorney. The attorney certifies that, to the best of his or her knowledge or information and belief formed after a reasonable inquiry, the request, response or objection is: (i) consistent with the rules of procedure and warranted by existing law; (ii) not imposed for an improper purpose, such as to harass or needlessly increase the cost of litigation; and (iii) neither unreasonable nor unduly burdensome or expensive, considering the needs of the case, prior discovery in the case, the amount in controversy and the importance of the issue at stake in the action. A key component of Rule 26(g) that is frequently overlooked by counsel is that it imposes mandatory sanctions for violations that are not substantially justified.
Grimm addressed the limits imposed upon discovery by specifically focusing upon the tenets of Rule 26(g). As the court explained, "the rule aspires to eliminate one of the most prevalent of all discovery abuses: 'kneejerk discovery requests served without consideration of cost or burden to the responding party' as well as ending 'the equally abusive practice of objecting to discovery requests reflexively -- but not reflectively -- and without a factual basis.'"
To Continue Reading: Click Here
----------------------------------------------
Source: law.com
By: Timothy B. Parlin
The Mancia case required litigants to cooperate and communicate during the discovery process to minimize the costs and burdens of discovery. While Mancia does not specifically address e-discovery issues, it could have a wide-ranging effect on cases that involve massive amounts of electronically stored information.
In Mancia, employees filed an action against defendant under the Fair Labor Standards Act for knowingly failing to compensate them for overtime work and illegally deducting wages from their paychecks. Plaintiff served several discovery demands upon defendant, and moved to compel responses. At a subsequent hearing, Magistrate Judge Grimm raised concerns about the breadth of plaintiff's discovery demands, which were disproportionate to the issues raised in the litigation, as well as defendant's "reflexive" boilerplate objections. Noting that the dispute could have been resolved or minimized by cooperation and communication between counsel, the court's opinion focused upon Fed.R.Civ.P. 26(g), which is becoming the favored discovery enforcement tool of the federal bench. Rule 26(g) requires that every discovery request, response and objection, be signed by an attorney. The attorney certifies that, to the best of his or her knowledge or information and belief formed after a reasonable inquiry, the request, response or objection is: (i) consistent with the rules of procedure and warranted by existing law; (ii) not imposed for an improper purpose, such as to harass or needlessly increase the cost of litigation; and (iii) neither unreasonable nor unduly burdensome or expensive, considering the needs of the case, prior discovery in the case, the amount in controversy and the importance of the issue at stake in the action. A key component of Rule 26(g) that is frequently overlooked by counsel is that it imposes mandatory sanctions for violations that are not substantially justified.
Grimm addressed the limits imposed upon discovery by specifically focusing upon the tenets of Rule 26(g). As the court explained, "the rule aspires to eliminate one of the most prevalent of all discovery abuses: 'kneejerk discovery requests served without consideration of cost or burden to the responding party' as well as ending 'the equally abusive practice of objecting to discovery requests reflexively -- but not reflectively -- and without a factual basis.'"
To Continue Reading: Click Here
----------------------------------------------
Source: law.com
By: Timothy B. Parlin
Sunday, May 17, 2009
The stuff security nightmares are made of
Keeping your data safe in a time of layoff: Pink slips, passwords and computer viruses.
Want a data security nightmare to dream about tonight?
Last October, a contract employee with Fannie Mae planted a computer virus in the mortgage finance company's software system after he'd been told he was being fired and was ordered to turn in his laptop. The virus was uncovered by another programmer -- a fortunate discovery, because the code was designed to destroy data on 4,000 servers, shut down the company for a week and cause millions of dollars in damage.
An estimated 2.8 million U.S. employees lost their jobs in 2008 and the rate of layoffs accelerated in the early months of 2009. I can't count the times I've received calls from panicked Minnesota business owners who've had to terminate employees and, after escorting them out the door, realized those disgruntled alumni still had remote access to confidential computer data.
Just a few years ago, employees would have limited access to data through a secure office network, which was easy to block the moment they were terminated. But the popularity today of mobile devices -- from laptops to Blackberries -- and the ubiquity of a mobile workforce tapping into networks at home and on the road widened the security perimeter a company must maintain around its data. Employees now have access to business data through home Internet connections, with sales figures and other mission-critical information installed on home laptops, smart phones and PDAs.
To Continue Reading: Click Here
----------------------------------------------
Source: startribune.com
By: Jason Baker
Want a data security nightmare to dream about tonight?
Last October, a contract employee with Fannie Mae planted a computer virus in the mortgage finance company's software system after he'd been told he was being fired and was ordered to turn in his laptop. The virus was uncovered by another programmer -- a fortunate discovery, because the code was designed to destroy data on 4,000 servers, shut down the company for a week and cause millions of dollars in damage.
An estimated 2.8 million U.S. employees lost their jobs in 2008 and the rate of layoffs accelerated in the early months of 2009. I can't count the times I've received calls from panicked Minnesota business owners who've had to terminate employees and, after escorting them out the door, realized those disgruntled alumni still had remote access to confidential computer data.
Just a few years ago, employees would have limited access to data through a secure office network, which was easy to block the moment they were terminated. But the popularity today of mobile devices -- from laptops to Blackberries -- and the ubiquity of a mobile workforce tapping into networks at home and on the road widened the security perimeter a company must maintain around its data. Employees now have access to business data through home Internet connections, with sales figures and other mission-critical information installed on home laptops, smart phones and PDAs.
To Continue Reading: Click Here
----------------------------------------------
Source: startribune.com
By: Jason Baker
Cloud Computing - Who's Watching Your Back?
Implications
Cloud computing is all the rage, but what happens when your data no longer is under your own control? What would happen to your business if access to email, accounting, and other information just stopped? Do you have a business continuity plan should your hosted applications or data go offline, become corrupted, or destroyed? And do you realize that the courts have ruled that the police can search your data without a warrant, as long as others hold that data?
Analysis
Cloud computing is all the rage this year, with Amazon’s Elastic Compute Cloud (EC2) and Simple Storage Service (S3), Agathon Group, ElasticHosts, and dozens of other providers available to you. Amazon S3 was down for nearly 8 hours on July 20, 2008, Gmail has suffered multiple outages of up to 2 1/2 hours affecting more than 113 million users, Ma.gnolia bookmarking service suffered a database failure, and Carbonite lost data belonging to 7,500 customers.
There are also security and availability worries when your data no longer is under your own control. ”There are legitimate questions enterprises should ask about the security, scalability, availability and reliability of a cloud computing solution,” says John Sloan, an analyst with Info-Tech Research Group in London, Ontario. Oh yeah, and the courts have ruled that the police can search your data without a warrant, as long as others hold that data. If the police want to read the e-mail on your computer, they need a warrant; but they don't need one to read it from the backup tapes at your cloud provider.
To Continue Reading: Click Here
----------------------------------------------
Source: glgroup.com
Cloud computing is all the rage, but what happens when your data no longer is under your own control? What would happen to your business if access to email, accounting, and other information just stopped? Do you have a business continuity plan should your hosted applications or data go offline, become corrupted, or destroyed? And do you realize that the courts have ruled that the police can search your data without a warrant, as long as others hold that data?
Analysis
Cloud computing is all the rage this year, with Amazon’s Elastic Compute Cloud (EC2) and Simple Storage Service (S3), Agathon Group, ElasticHosts, and dozens of other providers available to you. Amazon S3 was down for nearly 8 hours on July 20, 2008, Gmail has suffered multiple outages of up to 2 1/2 hours affecting more than 113 million users, Ma.gnolia bookmarking service suffered a database failure, and Carbonite lost data belonging to 7,500 customers.
There are also security and availability worries when your data no longer is under your own control. ”There are legitimate questions enterprises should ask about the security, scalability, availability and reliability of a cloud computing solution,” says John Sloan, an analyst with Info-Tech Research Group in London, Ontario. Oh yeah, and the courts have ruled that the police can search your data without a warrant, as long as others hold that data. If the police want to read the e-mail on your computer, they need a warrant; but they don't need one to read it from the backup tapes at your cloud provider.
To Continue Reading: Click Here
----------------------------------------------
Source: glgroup.com
Saturday, May 16, 2009
Google searches become evidence in sexual assault trial
Two days after a 17-year-old Palo Alto girl was kidnapped and assaulted, someone used a laptop at the Sunnyvale apartment that suspect Todd Burpee shared with his fiancee and her mother to search the Web for the California Penal Code sections on assault and kidnapping, a computer forensics analyst testified Friday.
Mario Soto, a criminalist for Santa Clara County, said the user also appeared to have searched Google for media coverage of the attack, using terms such as "kidnapping," "Palo Alto Daily" and "sexual asslat" (sic).
The searches were performed on the same day Burpee was arrested for the alleged crimes: Nov. 1, 2007.
Soto's expert testimony, which also touched on pornographic pictures that had been downloaded onto a second computer, capped the first week of Burpee's trial in Santa Clara County Superior Court on charges of attempted murder, battery, kidnapping and sexual assault. It added to a growing body of circumstantial evidence against the defendant, who the unnamed victim has never positively identified.
Soto was challenged extensively by defense attorney Daniel Olmos on the details of his qualifications, methods and conclusions. The biggest dispute of the day, however, centered on the prosecution's references to pornographic files found on a desktop computer that was also seized from the Sunnyvale apartment as evidence.
To Continue Reading: Click Here
----------------------------------------------
Source: mercurynews.com
By: Will Oremus
Mario Soto, a criminalist for Santa Clara County, said the user also appeared to have searched Google for media coverage of the attack, using terms such as "kidnapping," "Palo Alto Daily" and "sexual asslat" (sic).
The searches were performed on the same day Burpee was arrested for the alleged crimes: Nov. 1, 2007.
Soto's expert testimony, which also touched on pornographic pictures that had been downloaded onto a second computer, capped the first week of Burpee's trial in Santa Clara County Superior Court on charges of attempted murder, battery, kidnapping and sexual assault. It added to a growing body of circumstantial evidence against the defendant, who the unnamed victim has never positively identified.
Soto was challenged extensively by defense attorney Daniel Olmos on the details of his qualifications, methods and conclusions. The biggest dispute of the day, however, centered on the prosecution's references to pornographic files found on a desktop computer that was also seized from the Sunnyvale apartment as evidence.
To Continue Reading: Click Here
----------------------------------------------
Source: mercurynews.com
By: Will Oremus
In Defense of the Billable Hour: Bad, or Just Misunderstood?
Lower hourly charges don't necessarily translate into a lower bill for clients
Ask a lawyer what her hourly rate is and she'll probably give a dollar figure. Ask a client about his lawyer's hourly rate, and one may get a scowl. In fact, if one asks a client to describe his biggest complaint about his lawyer, one shouldn't be surprised if he says it's that hourly rate that is presumptively too high.
The imminent demise of the billable hour has been confidently predicted for years, maybe now more than ever. And yet, like Rasputin, no matter whether one tries to stab it, shoot it or poison it, the billable hour somehow manages to survive. The hourly rate -- at least until it finally dies -- is one of the knottiest aspects of the relationship between lawyers and their clients. The hourly rate problem can become a trap.
First, though, a cautionary tale: In 2005, the directors of Hewlett-Packard Co. were concerned about confidential board information leaking like a sieve to the news media. HP's "solution" to the problem was to hire private investigators who set about using a number of questionable techniques to investigate certain board members, employees and even reporters. When the dust cleared, HP's chairman had resigned, lawyers and others were indicted, a number of the principals were hauled before a congressional committee, the U.S. Securities and Exchange Commission investigated and the company paid a $14.5 million fine.
The real scandal, however, is that the plan was hatched with lawyers in the room.
How much would it have been worth to HP for one of its lawyers to say, "Hey, before we do this, let's make sure these investigators proceed in a lawful manner, because if they won't (or can't), we probably shouldn't do it at all." Would that 30 seconds of advice have been worth it, even at $750 an hour? In retrospect, the lack of that advice ended up costing HP millions of dollars and even more in shattered lives, careers and public opprobrium. HP, no doubt, would have paid dearly for the counsel it never got.
To Continue Reading: Click Here----------------------------------------------
Source: law.com
By: Press Millen
Security Standards for Outsourcing
Companies are caretakers of valuable corporate assets, such as employees, facilities, equipment, trade secrets, confidential information and intellectual property. Some companies also process and store consumer or employee personal information, which is often subject to various laws regarding unauthorized disclosure, access and use. To adequately protect and mitigate risk to these assets, companies typically develop, implement and maintain a customized set of security standards that are consistent with, among other things, the value of the assets, the risk profile of the company, identified threats to the assets and applicable laws.
When a company outsources a function to a third-party service provider, the company should contractually require the service provider to maintain security standards that are at least as restrictive as the company's own security standards with respect to the outsourced function. This can be accomplished by requiring the service provider to either comply with: (i) the customer's security standards; or (ii) the service provider's security standards along with any additional safeguards to bridge the gap between the standards of the customer and the service provider.
Companies should also consider using the Statement on Auditing Standards No. 70, Type II, or SAS 70, the Payment Card Industry Data Security Standard and International Standards Organization 27001 standard as tools to evaluate the effectiveness of a service provider's security program. This article explores the purposes, benefits and limitations of each of these tools from a security perspective and how they can be used contractually.
SAS 70
SAS 70 is a standard developed by the American Institute of Certified Public Accountants to audit control objectives. Although the scope of the SAS 70 report is entirely determined by the service provider, the report is prepared by an independent, third-party auditor in a standardized format and contains the auditor's opinion on whether the control objectives were met over a defined testing period.
To Continue Reading: Click Here
----------------------------------------------
Source: law.com
By: W. Carter Santos
When a company outsources a function to a third-party service provider, the company should contractually require the service provider to maintain security standards that are at least as restrictive as the company's own security standards with respect to the outsourced function. This can be accomplished by requiring the service provider to either comply with: (i) the customer's security standards; or (ii) the service provider's security standards along with any additional safeguards to bridge the gap between the standards of the customer and the service provider.
Companies should also consider using the Statement on Auditing Standards No. 70, Type II, or SAS 70, the Payment Card Industry Data Security Standard and International Standards Organization 27001 standard as tools to evaluate the effectiveness of a service provider's security program. This article explores the purposes, benefits and limitations of each of these tools from a security perspective and how they can be used contractually.
SAS 70
SAS 70 is a standard developed by the American Institute of Certified Public Accountants to audit control objectives. Although the scope of the SAS 70 report is entirely determined by the service provider, the report is prepared by an independent, third-party auditor in a standardized format and contains the auditor's opinion on whether the control objectives were met over a defined testing period.
To Continue Reading: Click Here
----------------------------------------------
Source: law.com
By: W. Carter Santos
Minding the Three P's of E-Discovery
The electronic discovery process entails many hazards that can cause clients and practitioners to wipe out rather than ride safely to shore.
The 2006 amendments to the Federal Rules of Civil Procedure were intended to provide guidance to parties navigating e-discovery. In reality, judges, litigants, lawyers and technologists are still struggling to frame the discovery boundaries of a vast, ever-expanding world of electronically stored information. Thus, every organization must, to a degree, craft its proactive day-to-day information-management strategy and its reactive litigation approach from an e-discovery standpoint.
Do not panic about embarking on this ride. A legally defensible ESI process can result from minding the "Three P's" -- policies, protocols and preservation. If an organization and its counsel follow these practical tips, they will be best equipped to catch e-discovery's cresting wave.
POLICIES: PROACTIVE PROCEDURES
A proactive records-retention program can enable a much smoother ride once litigation ensues. Once on board, the litigator should inquire into the client's records-retention policy and any related policies as well as its overall compliance with these policies.
Hopefully, the organization has frontloaded some effort to achieve efficiencies and information management benefits from a legally defensible, systematized approach to records retention and destruction. An organization with a pre-existing program can more quickly access ESI in a cost-effective way, which will also allow it to assess the relevant contents of the ESI.
Substantial compliance with a retention program can provide a safe harbor once litigation hits. Indeed, a retention policy is really a destruction policy, "created in part to keep certain information from getting into the hands of others, including the government," the U.S. Supreme Court noted in U.S. v. Arthur Andersen, 544 U.S. 696 (2005). Thus, having an adhered-to policy can serve as a justifiable explanation for why responsive information was not retained.
To Continue Reading: Click Here
----------------------------------------------
Source: law.com
By: Robert D. Brownstone and Juleen Konkel
The 2006 amendments to the Federal Rules of Civil Procedure were intended to provide guidance to parties navigating e-discovery. In reality, judges, litigants, lawyers and technologists are still struggling to frame the discovery boundaries of a vast, ever-expanding world of electronically stored information. Thus, every organization must, to a degree, craft its proactive day-to-day information-management strategy and its reactive litigation approach from an e-discovery standpoint.
Do not panic about embarking on this ride. A legally defensible ESI process can result from minding the "Three P's" -- policies, protocols and preservation. If an organization and its counsel follow these practical tips, they will be best equipped to catch e-discovery's cresting wave.
POLICIES: PROACTIVE PROCEDURES
A proactive records-retention program can enable a much smoother ride once litigation ensues. Once on board, the litigator should inquire into the client's records-retention policy and any related policies as well as its overall compliance with these policies.
Hopefully, the organization has frontloaded some effort to achieve efficiencies and information management benefits from a legally defensible, systematized approach to records retention and destruction. An organization with a pre-existing program can more quickly access ESI in a cost-effective way, which will also allow it to assess the relevant contents of the ESI.
Substantial compliance with a retention program can provide a safe harbor once litigation hits. Indeed, a retention policy is really a destruction policy, "created in part to keep certain information from getting into the hands of others, including the government," the U.S. Supreme Court noted in U.S. v. Arthur Andersen, 544 U.S. 696 (2005). Thus, having an adhered-to policy can serve as a justifiable explanation for why responsive information was not retained.
To Continue Reading: Click Here
----------------------------------------------
Source: law.com
By: Robert D. Brownstone and Juleen Konkel
Thursday, May 14, 2009
Storing old computers for data access often mandated by law
Increasing bankruptcies bring the issue to light.
Even after companies die, their tech departments — and the expense and hassle of running them — can linger on.
With the proliferation of bankruptcy cases in this economic downturn, court-appointed trustees who typically manage the liquidation of assets, as well as some creditors who receive the assets, are wondering what to do with computer data.
Some are finding they're legally prevented from disposing of the data on many computers for years.
"Suddenly, trustees may realize they have something they didn't anticipate as a liability," said Lance Watson, vice president of case management at Avansic Digital Forensics Professionals.
And that means, in many cases, computers need to be stored and ready for potential use long after the company has dissolved, Watson said. His company has helped some clients who were storing just a few dozens computers in a closet, though another had hundreds of computers connected through servers.
A network of federal and state laws require data to be maintained for a specific amount of time. Oklahoma's Health Insurance Portability and Accountability Act requires medical data be held for five years.
To Continue Reading: Click Here
----------------------------------------------
Source: tulsaworld.com
By: Robert Evatt
Even after companies die, their tech departments — and the expense and hassle of running them — can linger on.
With the proliferation of bankruptcy cases in this economic downturn, court-appointed trustees who typically manage the liquidation of assets, as well as some creditors who receive the assets, are wondering what to do with computer data.
Some are finding they're legally prevented from disposing of the data on many computers for years.
"Suddenly, trustees may realize they have something they didn't anticipate as a liability," said Lance Watson, vice president of case management at Avansic Digital Forensics Professionals.
And that means, in many cases, computers need to be stored and ready for potential use long after the company has dissolved, Watson said. His company has helped some clients who were storing just a few dozens computers in a closet, though another had hundreds of computers connected through servers.
A network of federal and state laws require data to be maintained for a specific amount of time. Oklahoma's Health Insurance Portability and Accountability Act requires medical data be held for five years.
To Continue Reading: Click Here
----------------------------------------------
Source: tulsaworld.com
By: Robert Evatt
How effective is Enterprise Search?
When you follow an industry as closely as we do here at FierceContentManagement, you begin to recognize patterns. One of the areas we look at closely is Enterprise Search because what good is managing content if you can't find it and use it?
To me, search is really the key piece of the content management puzzle. It's what AIIM called 'findability' in a study of search last year. What AIIM found was that enterprise search still had a ways to go to help users find content wherever it is (as I wrote in an EContent article called AIIM Study Finds Enterprise Search Still Lacking). Now comes a study from search vendor Recommind that suggests the situation does not appear to have improved very much since AIIM released its study last June.
Key findings
To me, search is really the key piece of the content management puzzle. It's what AIIM called 'findability' in a study of search last year. What AIIM found was that enterprise search still had a ways to go to help users find content wherever it is (as I wrote in an EContent article called AIIM Study Finds Enterprise Search Still Lacking). Now comes a study from search vendor Recommind that suggests the situation does not appear to have improved very much since AIIM released its study last June.
Key findings
The study was conducted by Osterman Research and looked at 200 people from companies averaging 10,000+ employees using questions written by Recommind. Let's look at three key findings in the study:
- Of the companies represented in the survey, only 42% have an enterprise search solution in place
To Continue Reading: Click Here
----------------------------------------------
Source: fiercecontentmanagement.com
By: Ron Miller
Surveys Indicate Information Is Top Business Priority, Yet Organizations Struggle to Meet E-discovery Requirements
HP today announced new survey findings indicating that while organizations cite information as their highest business priority in 2009, less than half of business decision-makers have a high confidence level in the quality and accessibility of information within their organizations.(1)
In addition, the research found that approximately 40 percent of companies are hindered by a lack of in-house expertise and an unclear information strategy. Organizations realize that getting the right information at the right time is critical to their business success, but often find it difficult to justify investing in information-related projects.(1)
Research showed that cost reduction and compliance were considered among the most important business goals for companies.(1) However, most organizations remain ill-equipped to manage information for electronic discovery (e-discovery) requests in a timely and cost-effective manner. This is due to the lack of a proactive strategy, solutions and funding to properly address requests.(2)
When asked which “information-centric” projects they would spend on in the next two years, respondents noted document workflow transformation, records management and e-discovery/compliance.(1)
To Continue Reading: Click Here
----------------------------------------------
Source: prdomain.com
In addition, the research found that approximately 40 percent of companies are hindered by a lack of in-house expertise and an unclear information strategy. Organizations realize that getting the right information at the right time is critical to their business success, but often find it difficult to justify investing in information-related projects.(1)
Research showed that cost reduction and compliance were considered among the most important business goals for companies.(1) However, most organizations remain ill-equipped to manage information for electronic discovery (e-discovery) requests in a timely and cost-effective manner. This is due to the lack of a proactive strategy, solutions and funding to properly address requests.(2)
When asked which “information-centric” projects they would spend on in the next two years, respondents noted document workflow transformation, records management and e-discovery/compliance.(1)
To Continue Reading: Click Here
----------------------------------------------
Source: prdomain.com
Wife May Use Husband's E-Mails in Divorce Case
In an upcoming divorce trial, a Brooklyn woman may introduce e-mails surreptitiously culled from her estranged husband's e-mail account as evidence of his scheme to hide his true income, a Supreme Court judge has ruled.
Justice Jeffrey S. Sunshine said the woman's accessing of her husband's account did not constitute "eavesdropping" under New York's Penal Law and therefore does not render the e-mails inadmissible.
The decision turned on the fact that the wife looked at e-mails stored in her husband's account, rather than intercepting e-mails while they were "in transit" to him.
"It is this court's understanding from the reading of the statute, legislative history and case law that the purpose of Penal Law § 250.00 is to prohibit individuals from intercepting communication going from one person to another, and in this case an email from one person to another," Justice Sunshine wrote in Gurevich v. Gurevich, 42358/07. "In the case at bar the email was not 'in transit,' but stored in the email account."
The parties, software developer Yelena Gurevich and computer programmer Vladimir Gurevich, married in June 1990.
In 2001, Mr. Gurevich was laid off and switched to a less lucrative career as a medical technician.
To Continue Reading: Click Here
----------------------------------------------
Source: law.com
By: Mark Fass
Justice Jeffrey S. Sunshine said the woman's accessing of her husband's account did not constitute "eavesdropping" under New York's Penal Law and therefore does not render the e-mails inadmissible.
The decision turned on the fact that the wife looked at e-mails stored in her husband's account, rather than intercepting e-mails while they were "in transit" to him.
"It is this court's understanding from the reading of the statute, legislative history and case law that the purpose of Penal Law § 250.00 is to prohibit individuals from intercepting communication going from one person to another, and in this case an email from one person to another," Justice Sunshine wrote in Gurevich v. Gurevich, 42358/07. "In the case at bar the email was not 'in transit,' but stored in the email account."
The parties, software developer Yelena Gurevich and computer programmer Vladimir Gurevich, married in June 1990.
In 2001, Mr. Gurevich was laid off and switched to a less lucrative career as a medical technician.
To Continue Reading: Click Here
----------------------------------------------
Source: law.com
By: Mark Fass
How Blogging Affects Legal Proceedings
Technology has entered the jury box. While the press has long reported on pending trials, bloggers -- or so-called "citizen journalists," some sitting in juries -- have increasingly posted commentary about judicial proceedings. Yet recent events suggest that blog posts and other electronic communications by jurors about ongoing trials can potentially disrupt the integrity of the proceedings.
Indeed, several months ago, defense lawyers in a federal political corruption trial in Pennsylvania announced plans to appeal a guilty verdict based, in part, on the fact that a juror posted remarks about the trial and the jury's deliberations to Facebook and Twitter.
Similarly, a construction materials company recently appealed a $12.6 million verdict in an Arkansas case because one juror posted short messages on Twitter during the trial that allegedly exhibited bias against the company.[FOOTNOTE 1]
With the new generation of mobile devices with wireless e-mail capability, jurors may be tempted to post thoughts about the ongoing jury experience, despite explicit instructions to avoid discussing the trial with outside parties.
Given this new technological reality, counsel and judges have adapted jury instructions that include specific charges against blogging or posting online comments about a pending trial. Trial attorneys also have started to routinely monitor pretrial and post-trial publicity on the Internet to determine whether jurors or others had blogged or posted online comments about the trial that might reveal pretrial bias. Beyond jurors, counsel and judges need to be aware how their own blogging practices are impacted by professional ethical standards.
To Continue Reading: Click Here----------------------------------------------
Source: law.com
By: Richard Raysman and Peter Brown
Wednesday, May 13, 2009
Email Policy Management Guidelines for the IT Manager
The news is filled with stories about companies paying large fines and corporate officers being prosecuted, stemming from employee email misuse. For example, a prominent consulting company was sued by one of its former employees for $3.7 million over an alleged defamatory job reference. He requested copies of all email records containing his name, dating back 10 years.
But the company contested, claiming that the cost of retrieving the emails would be $7.8 million to search the 61 backups. According to a company manager, "Compliance would theoretically require us to restore every server for every backup data over the last five years. And, there is no guarantee that any email which may have referred to the claimant would still exist."
According to IDC, 27 percent of Fortune 500 companies have had to deal with similar harassment claims concerning email.
So what does that mean for you, the IT Manager? Are you personally liable? Probably not, but the CEO and other top executives could well be, and the company could be subject to fines and penalties under new regulations from the Federal Rules of Civil Procedure (FRCP). Yet, many organizations see IT as the department that has the responsibility for creating and enforcing email policies. But without the right tools, IT doesn’t have the time or ability to manage this process!
So if your company is potentially at risk every time an employee sends an email, what steps can you take to mitigate that risk? Your key defense is your ability to demonstrate that processes are in place to monitor and respond to compliance breaches. If there are technologies or best practices that are reasonably available to your company and are not instituted, there is a case for negligence. To help you better understand how this relates to you and your organization, start by asking yourself the following nine questions.
Do we have formal company policies on the use and misuse of email?
How are we educating our employees about the email policies?
How do we ensure they understand the policies?
Do we have a way to determine when and how email policies are broken?
What is the process when a policy breach is found?
Do our employees understand how email-based security breaches put the company at risk?
How many investigations has the company performed this year involving email?
How many required you to find and produce email to prove or disprove something?
What is the cost of finding email today?
To Continue Reading: Click Here
--------------------------------------------------
Source: Computer Technology Review
By: Tom Politowski
But the company contested, claiming that the cost of retrieving the emails would be $7.8 million to search the 61 backups. According to a company manager, "Compliance would theoretically require us to restore every server for every backup data over the last five years. And, there is no guarantee that any email which may have referred to the claimant would still exist."
According to IDC, 27 percent of Fortune 500 companies have had to deal with similar harassment claims concerning email.
So what does that mean for you, the IT Manager? Are you personally liable? Probably not, but the CEO and other top executives could well be, and the company could be subject to fines and penalties under new regulations from the Federal Rules of Civil Procedure (FRCP). Yet, many organizations see IT as the department that has the responsibility for creating and enforcing email policies. But without the right tools, IT doesn’t have the time or ability to manage this process!
So if your company is potentially at risk every time an employee sends an email, what steps can you take to mitigate that risk? Your key defense is your ability to demonstrate that processes are in place to monitor and respond to compliance breaches. If there are technologies or best practices that are reasonably available to your company and are not instituted, there is a case for negligence. To help you better understand how this relates to you and your organization, start by asking yourself the following nine questions.
Do we have formal company policies on the use and misuse of email?
How are we educating our employees about the email policies?
How do we ensure they understand the policies?
Do we have a way to determine when and how email policies are broken?
What is the process when a policy breach is found?
Do our employees understand how email-based security breaches put the company at risk?
How many investigations has the company performed this year involving email?
How many required you to find and produce email to prove or disprove something?
What is the cost of finding email today?
To Continue Reading: Click Here
--------------------------------------------------
Source: Computer Technology Review
By: Tom Politowski
White House wants cloud computing
Cloud computing will play a major role in modernizing the federal government’s technology infrastructure, according to a White House document published today with the administration's 2010 budget request.
White House officials want agencies to launch pilot projects that identify common services and solutions and that focus on cloud computing, according to the “ Analytical Perspectives” document released with the budget request.
Cloud computing refers to an arrangement in which an organization pays a service provider to deliver applications, computing power and storage via the Web. Under the White House’s plan, several agencies could access a common application from the cloud.
Cloud computing pilot projects would address the risks and new policies required to implement the emerging technology, the document states. Securing a traditional data center in the walls of an agency is different than securing a cloud computing network where computer servers are often owned and operated by a third party, it said.
“The federal community will need to actively put in place new security measures which will allow dynamic application use and information-sharing to be implemented in a secure fashion,” according to the budget document.
One pilot project would be for end-user communications and computing and would examine how to provide secure provisioning, support and operation of end-user applications across a spectrum of devices. It would also address the needs of teleworking and a mobile workforce.
To Continue Reading: Click Here
----------------------------------------------
Source: Federal Computer Week
By: Doug Beizer
White House officials want agencies to launch pilot projects that identify common services and solutions and that focus on cloud computing, according to the “ Analytical Perspectives” document released with the budget request.
Cloud computing refers to an arrangement in which an organization pays a service provider to deliver applications, computing power and storage via the Web. Under the White House’s plan, several agencies could access a common application from the cloud.
Cloud computing pilot projects would address the risks and new policies required to implement the emerging technology, the document states. Securing a traditional data center in the walls of an agency is different than securing a cloud computing network where computer servers are often owned and operated by a third party, it said.
“The federal community will need to actively put in place new security measures which will allow dynamic application use and information-sharing to be implemented in a secure fashion,” according to the budget document.
One pilot project would be for end-user communications and computing and would examine how to provide secure provisioning, support and operation of end-user applications across a spectrum of devices. It would also address the needs of teleworking and a mobile workforce.
To Continue Reading: Click Here
----------------------------------------------
Source: Federal Computer Week
By: Doug Beizer
Tuesday, May 12, 2009
E-Mails Are Major Legal Discovery Risk
ECM industry researcher AIIM has found that a third of organizations have no policy to deal with legal discovery, and 40 percent might need to search backup tapes to find e-mails that could be relevant to litigation. This new 2009 AIIM survey, which was supported by EMC Corp. and ASG, found that 84 percent would have no way to justify why e-mails of a certain age or type had been deleted.
In AIIM’s view, most organizations are only just waking up to the fact that among the deluge of day-to-day e-mails are some that constitute important business records. These e-mails need to be recorded and retained as such.
More than half of respondents lack confidence that e-mails related to documenting commitments and obligations made by staff are recorded, complete and recoverable. This number has not improved during the past three AIIM surveys. Perhaps this finding is not surprising given that 45 percent of respondents are still filing important e-mails in personal Outlook folders. A resolute 18 percent print important e-mails and file them as paper. Only 19 percent have the facility to move important e-mails into a document or records management system, or a dedicated e-mail management system.
To Continue Reading: Click Here
----------------------------------------------
Source: talentmgt.com
In AIIM’s view, most organizations are only just waking up to the fact that among the deluge of day-to-day e-mails are some that constitute important business records. These e-mails need to be recorded and retained as such.
More than half of respondents lack confidence that e-mails related to documenting commitments and obligations made by staff are recorded, complete and recoverable. This number has not improved during the past three AIIM surveys. Perhaps this finding is not surprising given that 45 percent of respondents are still filing important e-mails in personal Outlook folders. A resolute 18 percent print important e-mails and file them as paper. Only 19 percent have the facility to move important e-mails into a document or records management system, or a dedicated e-mail management system.
To Continue Reading: Click Here
----------------------------------------------
Source: talentmgt.com
Buyer's Guides Tests White Papers Webcasts Solution Centers Social Web Email Close
The security gaps in cloud computing demand greater scrutiny than traditional IT outsourcing models, a new Forrester report says.
With traditional outsourcing models, a customer places its own servers in someone else's data center, or a service provider manages devices dedicated to that customer. But multi-tenancy rules the day in cloud computing, and customers may not know where their data is stored or how it's replicated, Forrester analyst Chenxi Wang writes in a report titled "How secure is your cloud?"
"Cloud computing decouples data from infrastructure and obscures low-level operational details, such as where your data is and how it's replicated," Wang writes. "Multi-tenancy, while it is rarely used in traditional IT outsourcing, is almost a given in cloud computing services. These differences give rise to a unique set of security and privacy issues that not only impact your risk management practices, but have also stimulated a fresh evaluation of legal issues in areas such as compliance, auditing, and eDiscovery."
The rise of software-as-a-service, http://www.networkworld.com/topics/saas.html along with Web-based platforms for building applications and hosting server or storage capacity have many industry watchers examining the benefits and pitfalls of cloud computing.
To Continue Reading: Click Here----------------------------------------------
Source: networkworld.com
By: Jon Brodkin
Monday, May 11, 2009
Cloud computing providers require strong audits
Companies must develop better ways of evaluating the security and privacy practices of the cloud services they utilize, according to a report by Forrester released Friday.
“Auditing the cloud providers is something that needs to be done since you're essentially giving your data into the good hands of the providers,” Philippe Courtot, chairman and CEO, Qualys told SCmagazineUS.com Monday.
With 21 percent of decision-makers using software as a service (SaaS) and another 26 percent considering it, businesses increasingly becoming aware of the advantages cloud computing can provide -- including financial benefits, operational improvements and the ability to collaborate more easily. But this trend that has the industry buzzing is not without its concerns -- including the privacy of data in the cloud, implications of compliance and intellectual property issues. Businesses must implement an assessment strategy when utilizing cloud computing services, according to the report titled, “How secure is your cloud?”
Forrester interviewed people from a number of cloud service providers such as Google, HP, Qualys, salesforce.com, the Jericho Forum and Websense for the report. The report concludes that when assessing cloud computing services, the goal must be to find ways to secure and optimize your investments in the cloud. An assessment strategy must include data protection, compliance, privacy, identity management, secure operations, and other related security and legal issues.
To Continue Reading: Click Here
----------------------------------------------
Source: scmagazineus.com
By: Angela Moscaritolo
“Auditing the cloud providers is something that needs to be done since you're essentially giving your data into the good hands of the providers,” Philippe Courtot, chairman and CEO, Qualys told SCmagazineUS.com Monday.
With 21 percent of decision-makers using software as a service (SaaS) and another 26 percent considering it, businesses increasingly becoming aware of the advantages cloud computing can provide -- including financial benefits, operational improvements and the ability to collaborate more easily. But this trend that has the industry buzzing is not without its concerns -- including the privacy of data in the cloud, implications of compliance and intellectual property issues. Businesses must implement an assessment strategy when utilizing cloud computing services, according to the report titled, “How secure is your cloud?”
Forrester interviewed people from a number of cloud service providers such as Google, HP, Qualys, salesforce.com, the Jericho Forum and Websense for the report. The report concludes that when assessing cloud computing services, the goal must be to find ways to secure and optimize your investments in the cloud. An assessment strategy must include data protection, compliance, privacy, identity management, secure operations, and other related security and legal issues.
To Continue Reading: Click Here
----------------------------------------------
Source: scmagazineus.com
By: Angela Moscaritolo
Subscribe to:
Posts (Atom)
