When I speak to e-discovery experts of all kinds about preservation, be they law firm lawyers, big or small, in-house corporate counsel, government lawyers, scholars and academics, insurance company lawyers, paralegals, lit-support, vendors, or technology gurus, they all have a common refrain. They all lament about the murky issue of when a duty to preserve is triggered. As David Letterman said: “Next in importance to having a good aim is to recognize when to pull the trigger.”
The general rule of law is simple, but vague. A duty to preserve is triggered when litigation is reasonably foreseeable. But when is litigation reasonably foreseeable? Whole treatises have been written in this issue and how to make the determination. Best among them is The Sedona Conference’s Commentary on Legal Holds: The Trigger & The Process (August 2007 Public Comment Version) (The preservation duty is either triggered by service of process or earlier by “notice of a ‘credible threat’ of litigation.”) It reminds me of what Letterman says: “Traffic signals in New York are just rough guidelines.”
One case I have written about before went so far as to find a duty to preserve arose eight years before suit was filed! Phillip M. Adams & Associates, L.L.C., v. Dell, Inc., 2009 WL 910801 (D.Utah March 30, 2009). Magistrate Judge David Nuffer reached this clairvoyant trigger date based upon his supposition that everyone in the floppy disk industry should have known they would be sued for patent infringement someday. I figured this bizarre opinion would be appealed and reversed. But the magistrate denied the motion for sanctions, stopping any appeal by the District Court Judge, unless it is by the moving party. Phillip M. Adams & Associates, L.L.C., v. Dell, Inc, 2010 WL 2977228 (D. Utah July 21, 2010). Too bad that moots my bet with a New Yorker turned Texan, Craig Ball, who disagreed with my critiques of this case and bet that the hair-trigger hold opinion would be upheld on appeal. Reminds me of a David Letterman joke:
To Continue Reading: Click Here
------------------------------------------
Source: e-discoveryteam.com
By: Ralph Losey
Tuesday, August 31, 2010
Computer Forensics Experts, Who's Your Daddy?
In 2001, Jessica Bair was serving as an expert computer forensic examiner in a statutory rape case being prosecuted largely on the basis of digital evidence. As is common in such cases, the defense challenged the validity of the computer files by attacking the credibility of her reports and conclusions. But Bair says one thing helped tip things in her favor. When being qualified, she mentioned computer forensic certifications she had earned while in the military. As soon as she mentioned her certifications, she says the judge stopped her mid-answer and asked her to repeat each certification slowly, so he could write them down in his notes. "At the time, only military or law enforcement could get certification like this," says Bair, who later co-created a certification program for Guidance Software. "Computer forensics examiners can have a hard time defending themselves in court without some sort of validation they can point to."
As computer forensics has become increasingly important to civil and criminal trials, certification for computer experts has been a growing business. Today there are a handful of nonprofit and for-profit organizations that offer computer forensic certification programs. However, no one program or authority has appeared to define what a computer forensic certification should entail, which means these programs can vary wildly in terms of quality. "The fact is that most certifications in computer forensics mean little more than that the person has paid a fee and completed a form," says Craig Ball, a computer forensics examiner in Austin, Texas. "I hold multiple certifications, so it's not that I feel they have no value; but I think that you can pass the certification exams and still be a markedly inadequate examiner."
Originally, only military and law enforcement certifications were available. But as computer forensic experts began to be commonly employed in legal matters, more civilian and nonlaw enforcement computer professionals began entering the business. The growing demand for computer forensic experts has created a growing profession without a standard training model. "People watch a program like CSI and think they want to get into this field," says Bair, senior director of curriculum development at Guidance Software. "You might be able to train to be a technician, but this is a complex field that requires many different skills."
To Continue Reading: Click Here
------------------------------------------
Source: law.com
By: Jason Krause
As computer forensics has become increasingly important to civil and criminal trials, certification for computer experts has been a growing business. Today there are a handful of nonprofit and for-profit organizations that offer computer forensic certification programs. However, no one program or authority has appeared to define what a computer forensic certification should entail, which means these programs can vary wildly in terms of quality. "The fact is that most certifications in computer forensics mean little more than that the person has paid a fee and completed a form," says Craig Ball, a computer forensics examiner in Austin, Texas. "I hold multiple certifications, so it's not that I feel they have no value; but I think that you can pass the certification exams and still be a markedly inadequate examiner."
Originally, only military and law enforcement certifications were available. But as computer forensic experts began to be commonly employed in legal matters, more civilian and nonlaw enforcement computer professionals began entering the business. The growing demand for computer forensic experts has created a growing profession without a standard training model. "People watch a program like CSI and think they want to get into this field," says Bair, senior director of curriculum development at Guidance Software. "You might be able to train to be a technician, but this is a complex field that requires many different skills."
To Continue Reading: Click Here
------------------------------------------
Source: law.com
By: Jason Krause
New York Moves Ahead on E-Filing and E-Discovery
State court rules have been amended in an effort to insure that lawyers are up to speed about their clients' electronic records at the early stages of discovery.
Meanwhile, after 11 years of experimentation with electronic filing, the state has accorded permanent status to the effort and has begun to institute mandatory e-filing in limited areas.
Chief Administrative Judge Ann Pfau said the amendments to the Uniform Trial Court Rules are part of an effort to improve the way electronic discovery is handled in New York state courts.
According to a February 2010 court system report, interviews with judges, law clerks, and lawyers revealed "a strong consensus that the court system should act now to ensure that e-discovery is handled as expertly, expeditiously, and inexpensively as possible.
"Many frequent state-court litigants and lawyers have expressed concern about the lack of predictability and consistency in handling e-discovery," Feinberg, a deputy counsel in New York's Unified Court System, wrote in the report. "Those same parties and lawyers appear to be turning away from New York State courts for the greater sense of certainty and ability to handle massive e-discovery disputes that the Federal courts, and to a lesser extent, other state courts with more developed e-discovery practices, can provide."
The alterations to §202.10(b) and §202.70(g) of the Uniform Rules of Trial Courts were published Aug. 18 and went into effect immediately. They were approved beforehand by Chief Judge Jonathan Lippman and the presiding justices of the four appellate division departments.
To Continue Reading: Click Here
------------------------------------------
Source: law.com
By: Joel Stashenko
Meanwhile, after 11 years of experimentation with electronic filing, the state has accorded permanent status to the effort and has begun to institute mandatory e-filing in limited areas.
Chief Administrative Judge Ann Pfau said the amendments to the Uniform Trial Court Rules are part of an effort to improve the way electronic discovery is handled in New York state courts.
According to a February 2010 court system report, interviews with judges, law clerks, and lawyers revealed "a strong consensus that the court system should act now to ensure that e-discovery is handled as expertly, expeditiously, and inexpensively as possible.
"Many frequent state-court litigants and lawyers have expressed concern about the lack of predictability and consistency in handling e-discovery," Feinberg, a deputy counsel in New York's Unified Court System, wrote in the report. "Those same parties and lawyers appear to be turning away from New York State courts for the greater sense of certainty and ability to handle massive e-discovery disputes that the Federal courts, and to a lesser extent, other state courts with more developed e-discovery practices, can provide."
The alterations to §202.10(b) and §202.70(g) of the Uniform Rules of Trial Courts were published Aug. 18 and went into effect immediately. They were approved beforehand by Chief Judge Jonathan Lippman and the presiding justices of the four appellate division departments.
To Continue Reading: Click Here
------------------------------------------
Source: law.com
By: Joel Stashenko
Close Look At Cloud Computing Is Essential
The Editor interviews Nolan M. Goldberg , IP & Technology Counsel, Proskauer.
Editor: Tell us about your practice and role at Proskauer, particularly as a founding member of the Litigation Department's Electronic Discovery Task Force.
Goldberg: I am a patent attorney with an electrical engineering background. My practice is primarily patent and trade secret litigation, with lots of work in the telecommunications, barcode scanner and financial services fields.
Over the past couple of years, advising clients on electronic discovery-related issues, both in the absence of litigation and during litigation, has become a significant part of my practice. Before litigation, for example, I help clients develop information management systems to proactively reign in discovery costs and meet compliance obligations. During litigation, I help clients understand and manage the burden and costs of the process, with the goal being a rational e-discovery expenditure that, while meeting all obligations, minimizes the disruption to my client, and is proportionate to the amount at issue in the litigation. I also consult on the recovery of often-overlooked electronic evidence, such as computer forensics.
Recently I've focused on electronic discovery and alternate dispute resolution, and I am the primary author of the e-discovery section of the International Institute for Conflict Prevention and Resolution's model economical litigation agreement, colloquially known as the "Litigation Prenup."
Editor: "Cloud computing" is a buzzword that's been popping up more frequently than ever. How would you define it?
Goldberg: Cloud computing is a marketing term that covers lots of different technologies and business applications. By way of example, the National Institute of Standards and Technology ("NIST") is now on version 15 of their attempt to define the cloud, with the current definition two pages long, with lots of subparts.
I like the analogy in the book The Big Switch by Nicholas Carr for an initial introduction to the cloud concept, which compares the evolution of cloud computing to the transition from individual power generation to modern utilities.
To Continue Reading: Click Here
------------------------------------------
Source: metrocorpcounsel.com
Editor: Tell us about your practice and role at Proskauer, particularly as a founding member of the Litigation Department's Electronic Discovery Task Force.
Goldberg: I am a patent attorney with an electrical engineering background. My practice is primarily patent and trade secret litigation, with lots of work in the telecommunications, barcode scanner and financial services fields.
Over the past couple of years, advising clients on electronic discovery-related issues, both in the absence of litigation and during litigation, has become a significant part of my practice. Before litigation, for example, I help clients develop information management systems to proactively reign in discovery costs and meet compliance obligations. During litigation, I help clients understand and manage the burden and costs of the process, with the goal being a rational e-discovery expenditure that, while meeting all obligations, minimizes the disruption to my client, and is proportionate to the amount at issue in the litigation. I also consult on the recovery of often-overlooked electronic evidence, such as computer forensics.
Recently I've focused on electronic discovery and alternate dispute resolution, and I am the primary author of the e-discovery section of the International Institute for Conflict Prevention and Resolution's model economical litigation agreement, colloquially known as the "Litigation Prenup."
Editor: "Cloud computing" is a buzzword that's been popping up more frequently than ever. How would you define it?
Goldberg: Cloud computing is a marketing term that covers lots of different technologies and business applications. By way of example, the National Institute of Standards and Technology ("NIST") is now on version 15 of their attempt to define the cloud, with the current definition two pages long, with lots of subparts.
I like the analogy in the book The Big Switch by Nicholas Carr for an initial introduction to the cloud concept, which compares the evolution of cloud computing to the transition from individual power generation to modern utilities.
To Continue Reading: Click Here
------------------------------------------
Source: metrocorpcounsel.com
Roundtable: E-Discovery - An Ever-Improving, Revolutionary Development
The Editor interviews Warwick Sharp , Vice President - Marketing and Business Development, Equivio; Laura Kibbe, Esq., Senior Vice President, eDiscovery Solutions, Epiq Systems; Michael J. Prounis, Chief Executive Officer/Co-Founder of Evidence Exchange; David P. Gaines, Vice President of Security and Compliance, Micro Strategies, Inc.; Richard Cohen, President of RenewData.
Editor: Has the increased accuracy and efficiency of e-discovery software significantly reduced its costs as well as attorney costs in ferreting out significant documents?
Sharp: Technology is now available to identify significant documents. This is a sea change in the industry. The first generation of e-discovery technology has been able to seek out non-significant documents. At the basic level, this includes de-duplication and culling by file type, data range or custodian. More advanced examples of technology in this stage include near-duplication algorithms, and email threading, where content analysis is used to identify emails that are contained in subsequent layers of a thread. But once you've done all that, you still have the challenge of finding the significant or relevant documents among what's left. That's costly, often prohibitively so.
The new generation of e-discovery technology includes the ability to identify these significant documents. Initial attempts to address this problem were naïve applications of keyword searching, which is plagued by accuracy issues, or clustering by topic, which is only a tangential solution, organizing the documents but essentially leaving the heart of the problem - finding what's relevant - intact.
A new wave of technologies has emerged with the arrival of software that can learn from a sample set of coded records. The decisions of document relevancy from the sample are then propagated to the rest of the documents in the set. This allows litigators to review fewer documents, and review them in order of relevancy. We regularly see cost savings of over 50 percent through the application of learning technology.
Kibbe: Yes, in many ways the evolution of technology in the e-discovery space has resulted in real cost savings for the ultimate corporate client on both the e-discovery provider and outside counsel front. The real truth is that, in most cases, less than 20 percent of most document sets are relevant. However, the cost of identifying the subset of these relevant documents is extremely high, particularly when an attorney review team utilizes a linear review.
To Continue Reading: Click Here
------------------------------------------
Source: metrocorpcounsel.com
Editor: Has the increased accuracy and efficiency of e-discovery software significantly reduced its costs as well as attorney costs in ferreting out significant documents?
Sharp: Technology is now available to identify significant documents. This is a sea change in the industry. The first generation of e-discovery technology has been able to seek out non-significant documents. At the basic level, this includes de-duplication and culling by file type, data range or custodian. More advanced examples of technology in this stage include near-duplication algorithms, and email threading, where content analysis is used to identify emails that are contained in subsequent layers of a thread. But once you've done all that, you still have the challenge of finding the significant or relevant documents among what's left. That's costly, often prohibitively so.
The new generation of e-discovery technology includes the ability to identify these significant documents. Initial attempts to address this problem were naïve applications of keyword searching, which is plagued by accuracy issues, or clustering by topic, which is only a tangential solution, organizing the documents but essentially leaving the heart of the problem - finding what's relevant - intact.
A new wave of technologies has emerged with the arrival of software that can learn from a sample set of coded records. The decisions of document relevancy from the sample are then propagated to the rest of the documents in the set. This allows litigators to review fewer documents, and review them in order of relevancy. We regularly see cost savings of over 50 percent through the application of learning technology.
Kibbe: Yes, in many ways the evolution of technology in the e-discovery space has resulted in real cost savings for the ultimate corporate client on both the e-discovery provider and outside counsel front. The real truth is that, in most cases, less than 20 percent of most document sets are relevant. However, the cost of identifying the subset of these relevant documents is extremely high, particularly when an attorney review team utilizes a linear review.
To Continue Reading: Click Here
------------------------------------------
Source: metrocorpcounsel.com
Turning The Tables On E-Discovery: How Innovation Can Transform Challenges Into Opportunities
The Editor interviews Brian A. Davis, Co-chair of Choate Hall & Stewart LLP's Litigation Department. Founded in 1899, Choate is a Boston-based firm with a national legal practice. Choate has long been a believer in the "one-firm, one-roof" philosophy and offers its clients a unique alternative approach to the "big firm" legal model. Mr. Davis agreed to be interviewed regarding his firm's innovative e-discovery methodology and Choate's experience with Equivio>Relevance.
Editor: What are some of the biggest challenges around e-discovery in litigation?
Davis: The digital era caught the U.S. legal system somewhat unawares and has simultaneously created a wave of new problems and opportunities. While centralized servers, e-mail and mobile devices make day-to-day corporate life far more productive and efficient, these technologies also generate massive amounts of electronically stored information (ESI) that raises unique issues in the litigation context. In fact, with the cost of disposal for electronic data now greater than the cost of storing the data, many companies are literally swimming in ESI that can be relevant to a particular lawsuit or investigation. Dealing with the deluge in an efficient, defensible way poses a significant challenge.
The old ways of collecting, sifting and analyzing potentially relevant data obviously no longer work. Although some firms still are trying, it simply is not feasible, economically or otherwise, to review hundreds of gigabytes, or even terabytes, of ESI on a "page-by-page" basis. The costs can be prohibitive and the results uneven. Moreover, initial methods of managing the electronic discovery process developed over the last ten years or so have fallen short. Arbitrary keyword searches and other basic techniques, such as "fuzzy searches" or "clustering," often have proven to be over-inclusive, under-inclusive, or just plain inaccurate. The courts, as well as clients, are expressing increasing concern regarding these methodologies and their inherent drawbacks. It's clear that there needs to be new thinking at all levels about overcoming the problems posed by large volumes of ESI.
Editor: There has been a great deal of discussion about the very high costs associated with e-discovery. What have you done to help mitigate those costs for clients?
Davis: The Choate litigation model has long been focused on providing our clients with exceptional service at a reduced cost. We're not a 1,000+ lawyer firm with multiple offices; rather, we rely on lean case teams with all of our attorneys in one location in order to better manage and supervise the entire litigation process. We've also devoted a substantial amount of time and effort over the last few years identifying, adopting and refining the best e-discovery tools and techniques, and re-engineering the data collection and review process, so that we can better leverage our resources and deliver dramatically more "bang for the buck" to our clients. Because current approaches to e-discovery no longer are sustainable, the market for potential solutions has exploded - new e-discovery vendors and tools crop up just about every day. Our mission has been to find a truly innovative and useful approach, not the same old method reconfigured with a new design. Equivio>Relevance is one of the most impressive e-discovery tools that Choate identified.
Editor: What attracted Choate to the Equivio>Relevance Product?
Davis: Equivio>Relevance operates much differently than traditional e-discovery tools. Unlike many other analytical tools on the market, Equivio> Relevance does not rely upon keyword lists or complex linguistic models. Rather, it leverages the knowledge of the most informed and qualified members of the legal team, compiled through an iterative online training process, to automatically sort and rank potentially relevant ESI according to the data's relative significance to the case. In this way, Equivio>Relevance takes a multi-dimensional view of the data it assesses, distinguishing it from the older and less accurate linear model of data analysis.
To Continue Reading: Click Here
------------------------------------------
Source: metrocorpcounsel.com
Editor: What are some of the biggest challenges around e-discovery in litigation?
Davis: The digital era caught the U.S. legal system somewhat unawares and has simultaneously created a wave of new problems and opportunities. While centralized servers, e-mail and mobile devices make day-to-day corporate life far more productive and efficient, these technologies also generate massive amounts of electronically stored information (ESI) that raises unique issues in the litigation context. In fact, with the cost of disposal for electronic data now greater than the cost of storing the data, many companies are literally swimming in ESI that can be relevant to a particular lawsuit or investigation. Dealing with the deluge in an efficient, defensible way poses a significant challenge.
The old ways of collecting, sifting and analyzing potentially relevant data obviously no longer work. Although some firms still are trying, it simply is not feasible, economically or otherwise, to review hundreds of gigabytes, or even terabytes, of ESI on a "page-by-page" basis. The costs can be prohibitive and the results uneven. Moreover, initial methods of managing the electronic discovery process developed over the last ten years or so have fallen short. Arbitrary keyword searches and other basic techniques, such as "fuzzy searches" or "clustering," often have proven to be over-inclusive, under-inclusive, or just plain inaccurate. The courts, as well as clients, are expressing increasing concern regarding these methodologies and their inherent drawbacks. It's clear that there needs to be new thinking at all levels about overcoming the problems posed by large volumes of ESI.
Editor: There has been a great deal of discussion about the very high costs associated with e-discovery. What have you done to help mitigate those costs for clients?
Davis: The Choate litigation model has long been focused on providing our clients with exceptional service at a reduced cost. We're not a 1,000+ lawyer firm with multiple offices; rather, we rely on lean case teams with all of our attorneys in one location in order to better manage and supervise the entire litigation process. We've also devoted a substantial amount of time and effort over the last few years identifying, adopting and refining the best e-discovery tools and techniques, and re-engineering the data collection and review process, so that we can better leverage our resources and deliver dramatically more "bang for the buck" to our clients. Because current approaches to e-discovery no longer are sustainable, the market for potential solutions has exploded - new e-discovery vendors and tools crop up just about every day. Our mission has been to find a truly innovative and useful approach, not the same old method reconfigured with a new design. Equivio>Relevance is one of the most impressive e-discovery tools that Choate identified.
Editor: What attracted Choate to the Equivio>Relevance Product?
Davis: Equivio>Relevance operates much differently than traditional e-discovery tools. Unlike many other analytical tools on the market, Equivio> Relevance does not rely upon keyword lists or complex linguistic models. Rather, it leverages the knowledge of the most informed and qualified members of the legal team, compiled through an iterative online training process, to automatically sort and rank potentially relevant ESI according to the data's relative significance to the case. In this way, Equivio>Relevance takes a multi-dimensional view of the data it assesses, distinguishing it from the older and less accurate linear model of data analysis.
To Continue Reading: Click Here
------------------------------------------
Source: metrocorpcounsel.com
Monday, August 30, 2010
In "'David-And-Goliath-Like' Struggle for Electronic Discovery", Court Orders Adverse Inference, Monetary Sanctions for Spoliation and Delay
Harkabi v. Sandisk Corp., 08 Civ. 8203 (WHP) (S.D.N.Y. Aug, 23, 2010)
For failing to preserve the laptops issued to plaintiffs while working for defendant, the court found defendant was “at a minimum” negligent and indicated that an adverse inference would be crafted after all the evidence had been received. For “prolonged delay” in producing relevant emails the court denied terminating sanctions but ordered monetary sanctions in the amount of $150,000.
This opinion begins: “Electronic discovery requires litigants to scour disparate data storage mediums and formats for potentially relevant documents. That undertaking involves dueling considerations: thoroughness and cost. This motion illustrated the perils of failing to strike the proper balance.”
Plaintiffs were fired by defendant and thereafter brought suit for breach of contract, among other things. With the dispute “brewing”, plaintiffs’ counsel sent defendant a preservation letter. Accordingly, a “Do-Not-Destroy” memorandum was distributed by defendant and the laptops issued to plaintiffs while employed with defendant were secured in storage. Later, however, following installation of a new email archive service, the laptops were imaged and the data was saved on a file server.
Upon plaintiffs’ request for electronic discovery, defendant discovered it could not locate the laptops’ data. Rather than revealing the loss, however, defense counsel informed plaintiffs that laptops were typically recycled after employees left the company. A statement from defendant’s in-house counsel indicated “no reason to believe” that the “Do-Not-Destroy” instructions were not “fully complied with”. Later, defendant characterized a large native production of ESI as “everything.” Defendant thereafter refused to produce plaintiffs’ hard drives asserting all relevant documents from the drives had been produced.
To Continue Reading: Click Here
------------------------------------------
Source: ediscoverylaw.com
For failing to preserve the laptops issued to plaintiffs while working for defendant, the court found defendant was “at a minimum” negligent and indicated that an adverse inference would be crafted after all the evidence had been received. For “prolonged delay” in producing relevant emails the court denied terminating sanctions but ordered monetary sanctions in the amount of $150,000.
This opinion begins: “Electronic discovery requires litigants to scour disparate data storage mediums and formats for potentially relevant documents. That undertaking involves dueling considerations: thoroughness and cost. This motion illustrated the perils of failing to strike the proper balance.”
Plaintiffs were fired by defendant and thereafter brought suit for breach of contract, among other things. With the dispute “brewing”, plaintiffs’ counsel sent defendant a preservation letter. Accordingly, a “Do-Not-Destroy” memorandum was distributed by defendant and the laptops issued to plaintiffs while employed with defendant were secured in storage. Later, however, following installation of a new email archive service, the laptops were imaged and the data was saved on a file server.
Upon plaintiffs’ request for electronic discovery, defendant discovered it could not locate the laptops’ data. Rather than revealing the loss, however, defense counsel informed plaintiffs that laptops were typically recycled after employees left the company. A statement from defendant’s in-house counsel indicated “no reason to believe” that the “Do-Not-Destroy” instructions were not “fully complied with”. Later, defendant characterized a large native production of ESI as “everything.” Defendant thereafter refused to produce plaintiffs’ hard drives asserting all relevant documents from the drives had been produced.
To Continue Reading: Click Here
------------------------------------------
Source: ediscoverylaw.com
CSI SQL Server
Methods for collecting digital evidence
Contemporary information systems, such as eLearning, eGovernment, eUniversity, eVoting, and eHealth, are frequently used and misused for irregular data changes (data tampering). Those facts force us to reconsider our security measures and find a way to improve them. Proving a computer crime act occurred requires very complicated processes that are based on digital evidence collecting, forensic analysis, and an investigation process. Forensic analysis of database systems is very specific and demanding task, and it was main inspiration for writing this article. In this article you will find information about what digital forensic is and what kind of methods you can use for collecting digital evidence on SQL Server. Some of them are efficient and some are less efficient. Also, I will cover SQL Server Audit feature
Business processes produce a large amount of data in government agencies, universities, and enterprises on daily basis. Therefore, having a secure environment for storing a data is imperative. Cases in which data is maliciously modified (e.g., data tampering, data fraud, unauthorized data gathering) can produce serious, long-term consequences. Data tampering can be done with unauthorized access, and in some cases through authorized users. Results of that action can be unpleasant for both businesses and their clients.
For example, a highly “motivated” candidate for data tempering can be a medical person. A physician gives a diagnosis and prescribes therapy with or without the use of medications. Unintentional or intentional mistakes in that process can produce serious complications and can even result in the death of a patient. In order to cover his actions, the physician might try to modify a patient’s medical record and add some extra notes or prescription.
To Continue Reading: Click Here
------------------------------------------
Source: sqlmag.com
By: Jasmin Azemovic
Contemporary information systems, such as eLearning, eGovernment, eUniversity, eVoting, and eHealth, are frequently used and misused for irregular data changes (data tampering). Those facts force us to reconsider our security measures and find a way to improve them. Proving a computer crime act occurred requires very complicated processes that are based on digital evidence collecting, forensic analysis, and an investigation process. Forensic analysis of database systems is very specific and demanding task, and it was main inspiration for writing this article. In this article you will find information about what digital forensic is and what kind of methods you can use for collecting digital evidence on SQL Server. Some of them are efficient and some are less efficient. Also, I will cover SQL Server Audit feature
Business processes produce a large amount of data in government agencies, universities, and enterprises on daily basis. Therefore, having a secure environment for storing a data is imperative. Cases in which data is maliciously modified (e.g., data tampering, data fraud, unauthorized data gathering) can produce serious, long-term consequences. Data tampering can be done with unauthorized access, and in some cases through authorized users. Results of that action can be unpleasant for both businesses and their clients.
For example, a highly “motivated” candidate for data tempering can be a medical person. A physician gives a diagnosis and prescribes therapy with or without the use of medications. Unintentional or intentional mistakes in that process can produce serious complications and can even result in the death of a patient. In order to cover his actions, the physician might try to modify a patient’s medical record and add some extra notes or prescription.
To Continue Reading: Click Here
------------------------------------------
Source: sqlmag.com
By: Jasmin Azemovic
Saturday, August 28, 2010
Teachers file suit over social media policy
Teachers union filing suit against Santa Rosa over new policy on social media
The union representing Santa Rosa County teachers and support personnel is planning to file an unfair labor practices lawsuit against the School District over what it claims is an overly restrictive new policy on educators' use of e-mail and social media websites, such as Facebook.
The lawsuit will be filed late next week by Florida Education Association Legal Services on behalf of the Santa Rosa Professional Educators and Marie Locklin Bodi, a third-grade teacher at Gulf Breeze Elementary School, said union President Rhonda Chavers.
The new policy outlines how employees should use digital communications at work and when working in their official capacities from home. It covers e-mail, Facebook and similar websites, Twitter, blogs, personal websites, text messages, instant messages, chat rooms, list serves, podcasts, cell phones and Blackberrys.
Bodi has concerns about the policy, which she does not plan to sign.
"My main concern is an employer has asked an employee to sign a document that is so lengthy, it required a table of contents," she said.
To Continue Reading: Click Here
------------------------------------------
Source: pnj.com
By: Carmen Paige
The union representing Santa Rosa County teachers and support personnel is planning to file an unfair labor practices lawsuit against the School District over what it claims is an overly restrictive new policy on educators' use of e-mail and social media websites, such as Facebook.
The lawsuit will be filed late next week by Florida Education Association Legal Services on behalf of the Santa Rosa Professional Educators and Marie Locklin Bodi, a third-grade teacher at Gulf Breeze Elementary School, said union President Rhonda Chavers.
The new policy outlines how employees should use digital communications at work and when working in their official capacities from home. It covers e-mail, Facebook and similar websites, Twitter, blogs, personal websites, text messages, instant messages, chat rooms, list serves, podcasts, cell phones and Blackberrys.
Bodi has concerns about the policy, which she does not plan to sign.
"My main concern is an employer has asked an employee to sign a document that is so lengthy, it required a table of contents," she said.
To Continue Reading: Click Here
------------------------------------------
Source: pnj.com
By: Carmen Paige
4 Questions to Ask About Cloud Computing
No business or government leader today can ignore cloud computing. It will affect how computing strategies are developed and managed, how information is controlled, and how the economics of business technology are applied. Here are some essential questions government decision-makers should be asking about this still-new phenomenon.
1. What is cloud computing and how does it work?
Cloud computing allows users -- from citizens to departmental employees to IT support staff -- to obtain computing capabilities through the Internet, regardless of their physical location.
Beneficial characteristics of cloud services include:
• little or no capital investment;
• variable pricing based on consumption; buyers pay per use;
• rapid acquisition and deployment; and
• lower ongoing operating costs.
The basic technologies are well established and can be duplicated by any organization. That makes it possible for governments to build private clouds -- restricted infrastructure that uses cloud computing technologies but is only shared among approved organizations. Given the specific challenges that governments face with respect to storing, securing and processing data, and data privacy restrictions, private clouds are likely to play a key role in the evolution of cloud computing for government organizations.
To Continue Reading: Click Here
------------------------------------------
Source: govtech.com
By: Andrew Greenway
1. What is cloud computing and how does it work?
Cloud computing allows users -- from citizens to departmental employees to IT support staff -- to obtain computing capabilities through the Internet, regardless of their physical location.
Beneficial characteristics of cloud services include:
• little or no capital investment;
• variable pricing based on consumption; buyers pay per use;
• rapid acquisition and deployment; and
• lower ongoing operating costs.
The basic technologies are well established and can be duplicated by any organization. That makes it possible for governments to build private clouds -- restricted infrastructure that uses cloud computing technologies but is only shared among approved organizations. Given the specific challenges that governments face with respect to storing, securing and processing data, and data privacy restrictions, private clouds are likely to play a key role in the evolution of cloud computing for government organizations.
To Continue Reading: Click Here
------------------------------------------
Source: govtech.com
By: Andrew Greenway
In Focus: Post-ILTA 2010
Covering technology shows in the legal sector can be pedestrian when compared to the Computer Electronic Association's CES or UBM TechWeb's Interop. One thing about legal technology shows, they are well-focused on the profession. If you're interested in buying or selling technology in the legal space, there are a number of shows with exhibits to attend over the year: LegalTech New York, ABA TECHSHOW, the Association of Corporate Counsel annual meetingi, and the International Legal Technology Association conference. This year there were plenty of new things to see at ILTA's most recent conference in Las Vegas from August 22-26.
I previously covered some of the news from ILTA when I discussed an overall theme that drove me to this year's show: new and improved views of data to make more informed decisions. Here are a few of the products I viewed on the exhibit floor.
E-DISCOVERY UPDATES
Access Data announced the first new release of AD Summation CaseVantage 6 since Access Data and CT merged. AD Summation CaseVantage is an on-premise, web-based review platform. The new version supports near-duplicate analysis, e-mail threading, and enhanced search features to conduct concept and faceted searching.
Clearwell Systems announced the latest release of its Review Module, which brings it up to speed with other review platforms. The new version 6.0 offers to group and present similar documents together with an aim to increase review speed and reduce costs. The new release also supports a Find Similar feature so reviewers can identify similar e-mails and files, an Auto-Resume function to automatically return users to where they left off after logging out and logging back in, and the ability to batch review folders automatically and assign them to specific reviewers, as well as monitor and view case progress reports in real-time and assess the productivity of individual reviewers.
Some will have you believe that e-discovery should all flow from a legal hold. From that perspective, Exterro Fusion, legal hold workflow management software, has teamed with Recommind's Axcelerate ECA & Collection product with an aim to provide customers the ability to follow through on a legal hold to preserve, collect, process, and review content under hold and potentially responsive to litigation or investigation. "It's critical for corporations to take proactive steps to ensure a rapid, complete and cost-effective e-discovery response," says Bobby Balachandran, president and CEO of Exterro. By automating legal hold workflows with early case assessment and collection software, it appears that Exterro customers will be in a good position to provide a defensible response to their duty to preserve evidence.
To Continue Reading: Click Here
------------------------------------------
Source: law.com
By: Sean Doherty
I previously covered some of the news from ILTA when I discussed an overall theme that drove me to this year's show: new and improved views of data to make more informed decisions. Here are a few of the products I viewed on the exhibit floor.
E-DISCOVERY UPDATES
Access Data announced the first new release of AD Summation CaseVantage 6 since Access Data and CT merged. AD Summation CaseVantage is an on-premise, web-based review platform. The new version supports near-duplicate analysis, e-mail threading, and enhanced search features to conduct concept and faceted searching.
Clearwell Systems announced the latest release of its Review Module, which brings it up to speed with other review platforms. The new version 6.0 offers to group and present similar documents together with an aim to increase review speed and reduce costs. The new release also supports a Find Similar feature so reviewers can identify similar e-mails and files, an Auto-Resume function to automatically return users to where they left off after logging out and logging back in, and the ability to batch review folders automatically and assign them to specific reviewers, as well as monitor and view case progress reports in real-time and assess the productivity of individual reviewers.
Some will have you believe that e-discovery should all flow from a legal hold. From that perspective, Exterro Fusion, legal hold workflow management software, has teamed with Recommind's Axcelerate ECA & Collection product with an aim to provide customers the ability to follow through on a legal hold to preserve, collect, process, and review content under hold and potentially responsive to litigation or investigation. "It's critical for corporations to take proactive steps to ensure a rapid, complete and cost-effective e-discovery response," says Bobby Balachandran, president and CEO of Exterro. By automating legal hold workflows with early case assessment and collection software, it appears that Exterro customers will be in a good position to provide a defensible response to their duty to preserve evidence.
To Continue Reading: Click Here
------------------------------------------
Source: law.com
By: Sean Doherty
Friday, August 27, 2010
“Weekend At Bernie’s” and End-user based eDiscovery
In the cult-classic “Weekend At Bernie’s”[1], two young men try to fool others into believing that their murdered boss is still alive, despite strong evidence to the contrary. Of course, trying to keep up appearances with a decaying body gets more and more difficult with time, but they persist. Eventually, they are found out – but in true Hollywood fashion, all ends well.
Have we now reached the same point with end-user based eDiscovery?
End-user or Custodian-based eDiscovery is the practice of relying almost entirely upon end-user employees to identify, preserve and collect data for a specific case.[2] There are good reasons that end-user eDiscovery became popular – it’s relatively easy and quick to create and administer a process; very little (if any) technology needs to be understood, purchased or deployed; and, under the proper circumstances, it can be reasonably defensible. In addition, the process of relying on end-users to preserve and collect relevant information has its roots in the old paper days of discovery, which means that many lawyers are very comfortable with the process.
However, end-user eDiscovery has seen a steady stream of detractors who have pointed out its many flaws.[3] More recently, the number of detractors seems to have grown, and the detractors now include the only group that really matters for eDiscovery – the courts. Recent cases have indicated little patience for a process where legal abdicates its responsibility for eDiscovery to end-users, and many cases have resulted in sanctions.
To Continue Reading: Click Here
------------------------------------------
Source: Kazeon Blog
By: James D. Shook
Have we now reached the same point with end-user based eDiscovery?
End-user or Custodian-based eDiscovery is the practice of relying almost entirely upon end-user employees to identify, preserve and collect data for a specific case.[2] There are good reasons that end-user eDiscovery became popular – it’s relatively easy and quick to create and administer a process; very little (if any) technology needs to be understood, purchased or deployed; and, under the proper circumstances, it can be reasonably defensible. In addition, the process of relying on end-users to preserve and collect relevant information has its roots in the old paper days of discovery, which means that many lawyers are very comfortable with the process.
However, end-user eDiscovery has seen a steady stream of detractors who have pointed out its many flaws.[3] More recently, the number of detractors seems to have grown, and the detractors now include the only group that really matters for eDiscovery – the courts. Recent cases have indicated little patience for a process where legal abdicates its responsibility for eDiscovery to end-users, and many cases have resulted in sanctions.
To Continue Reading: Click Here
------------------------------------------
Source: Kazeon Blog
By: James D. Shook
Despite Negligent Preservation, Failure to Establish Relevance of Lost Emails Results in Denial of Motion for Sanctions
Siani v. State Univ. of New York at Farmingdale, 2010 WL 3170664 (E.D.N.Y. Aug. 10, 2010)
In this employment discrimination case, the court denied the pro se plaintiff’s motion for spoliation sanctions, despite finding defendants were at least negligent in their preservation efforts, where plaintiff failed to present extrinsic evidence “tending to show that the destroyed emails would have been favorable to his case.”
Plaintiff alleged that defendants failed to preserve electronic evidence and requested an adverse inference. Specifically, plaintiff alleged that emails were deleted by both named defendants and non-party employees of the university in violation of their duty to preserve.
Defendants presented evidence that following receipt of notice of plaintiff’s claim, multiple litigation hold notices were disseminated and individuals subject to the hold were repeatedly reminded of their preservation obligations. The employee in charge of the university’s IT department also backed up the email accounts of the named defendants (employees of the university), but admitted he did not back up his own email account or accounts belonging to any relevant non-parties. Nor did he suspend the automatic deletion cycle. Despite the hold, certain named defendants and non-parties admitted that emails were deleted either unintentionally or in the course of routine cleaning. Still, some of the deleted emails were available from alternative sources.
“A party seeking an adverse inference instruction (or other sanctions) based on the spoliation of evidence must establish the following three elements: (1) that the party having control over the evidence had an obligation to preserve it at the time it was destroyed; (2) that the records were destroyed with a ‘culpable state of mind’ and (3) that the destroyed evidence was ‘relevant’ to the party's claim or defense such that a reasonable trier of fact could find that it would support that claim or defense.”
To Continue Reading: Click Here
------------------------------------------
Source: ediscoverylaw.com
In this employment discrimination case, the court denied the pro se plaintiff’s motion for spoliation sanctions, despite finding defendants were at least negligent in their preservation efforts, where plaintiff failed to present extrinsic evidence “tending to show that the destroyed emails would have been favorable to his case.”
Plaintiff alleged that defendants failed to preserve electronic evidence and requested an adverse inference. Specifically, plaintiff alleged that emails were deleted by both named defendants and non-party employees of the university in violation of their duty to preserve.
Defendants presented evidence that following receipt of notice of plaintiff’s claim, multiple litigation hold notices were disseminated and individuals subject to the hold were repeatedly reminded of their preservation obligations. The employee in charge of the university’s IT department also backed up the email accounts of the named defendants (employees of the university), but admitted he did not back up his own email account or accounts belonging to any relevant non-parties. Nor did he suspend the automatic deletion cycle. Despite the hold, certain named defendants and non-parties admitted that emails were deleted either unintentionally or in the course of routine cleaning. Still, some of the deleted emails were available from alternative sources.
“A party seeking an adverse inference instruction (or other sanctions) based on the spoliation of evidence must establish the following three elements: (1) that the party having control over the evidence had an obligation to preserve it at the time it was destroyed; (2) that the records were destroyed with a ‘culpable state of mind’ and (3) that the destroyed evidence was ‘relevant’ to the party's claim or defense such that a reasonable trier of fact could find that it would support that claim or defense.”
To Continue Reading: Click Here
------------------------------------------
Source: ediscoverylaw.com
BP Suits to Show Challenge of Taming Discovery
Electronic discovery has changed the economic profile of litigation surrounding high-stakes disputes. The volume of information that now arrives in the form of electronically stored information is reflected in the "e" before "discovery." The altered economic profile of discovery comes from the new and different expenses associated with making ESI accessible for document review and analysis in relation to any given piece of litigation.
There have been several instances of what many have considered overzealous advocacy during discovery; instances when parties have tried to drive outcomes through strategies that force discovery costs as high as possible. The use of this particular strategy has resulted in some very expensive discovery, and the use of sanctions, special masters, and discovery masters by some judges, in an effort to focus outcomes on substantive issues rather than cost.
As these new expenses have changed the profile of cases worth taking to trial, nonprofit best-practices groups, such as the Sedona Conference, which identifies itself as a research and educational institute dedicated to the advanced study of law and policy in the areas of antitrust law, complex litigation, and intellectual property rights, have begun to lobby and educate within the profession to encourage responsible cooperation during discovery. See the Sedona Conference Cooperation Proclamation.
An abundance of legal actions will arise from the oil spill in the Gulf of Mexico. The litigation that followed the Exxon Valdez spill of March 24, 1989, is still crawling to a close in 2010. Already, there are articles appearing that discuss the preservation dilemmas in relation to e-discovery related to the spill. For each lawsuit that proceeds past a motion to dismiss, additional and increased discovery will occur.
To Continue Reading: Click Here
------------------------------------------
Source: law.com
By: John J. Bartko and J. Eric Bartko
There have been several instances of what many have considered overzealous advocacy during discovery; instances when parties have tried to drive outcomes through strategies that force discovery costs as high as possible. The use of this particular strategy has resulted in some very expensive discovery, and the use of sanctions, special masters, and discovery masters by some judges, in an effort to focus outcomes on substantive issues rather than cost.
As these new expenses have changed the profile of cases worth taking to trial, nonprofit best-practices groups, such as the Sedona Conference, which identifies itself as a research and educational institute dedicated to the advanced study of law and policy in the areas of antitrust law, complex litigation, and intellectual property rights, have begun to lobby and educate within the profession to encourage responsible cooperation during discovery. See the Sedona Conference Cooperation Proclamation.
An abundance of legal actions will arise from the oil spill in the Gulf of Mexico. The litigation that followed the Exxon Valdez spill of March 24, 1989, is still crawling to a close in 2010. Already, there are articles appearing that discuss the preservation dilemmas in relation to e-discovery related to the spill. For each lawsuit that proceeds past a motion to dismiss, additional and increased discovery will occur.
To Continue Reading: Click Here
------------------------------------------
Source: law.com
By: John J. Bartko and J. Eric Bartko
Federal Judge Sanctions Tech Company Over Handling of E-Discovery
A federal judge has sanctioned a leading developer of "flash drive" technology for its mishandling of electronic discovery in what the judge called a "David and Goliath-like" struggle.
Southern District Judge William H. Pauley ruled that he would instruct the jury to draw a negative inference from the fact that SanDisk Corp., a company with a market capitalization of $8.7 billion, had lost the hard drives from laptop computers it issued to two former employees who are the plaintiffs in Harkabi v. Sandisk Corp., 08 Civ. 8230.
SanDisk must be "mortif[ied]" by the ex-employees' argument that the company, as a leading purveyor of electronic data storage devices, cannot claim that it made an "innocent" mistake in losing the hard-drive data, Pauley wrote.
That argument is on target, the judge concluded, noting that SanDisk's "size and cutting edge technology raises an expectation of competence in maintaining its own electronic records."
Pauley also awarded $150,000 in attorney's fees to the two plaintiffs, Dan Harkabi and Gidon Elazar, because of delays the company caused in producing their e-mails during the 17 months they worked for SanDisk.
In 2004, the plaintiffs sold a software company they had founded in Israel to SanDisk for $10 million up front. An additional $4 million was to be paid depending on the level of sales SanDisk realized over the next two years on products "derived" from technology developed by the Israeli company. As part of the deal, Harkabi and Elazar moved to New York and began working for SanDisk.
At the end of the two-year period, SanDisk contended the threshold for the Israeli software developers to claim their "earn-out" fee had not been met, and offered them $800,000. When the developers continued to demand the full $4 million, SanDisk ended their employment.
To Continue Reading: Click Here
------------------------------------------
Source: law.com
By: Daniel Wise
Southern District Judge William H. Pauley ruled that he would instruct the jury to draw a negative inference from the fact that SanDisk Corp., a company with a market capitalization of $8.7 billion, had lost the hard drives from laptop computers it issued to two former employees who are the plaintiffs in Harkabi v. Sandisk Corp., 08 Civ. 8230.
SanDisk must be "mortif[ied]" by the ex-employees' argument that the company, as a leading purveyor of electronic data storage devices, cannot claim that it made an "innocent" mistake in losing the hard-drive data, Pauley wrote.
That argument is on target, the judge concluded, noting that SanDisk's "size and cutting edge technology raises an expectation of competence in maintaining its own electronic records."
Pauley also awarded $150,000 in attorney's fees to the two plaintiffs, Dan Harkabi and Gidon Elazar, because of delays the company caused in producing their e-mails during the 17 months they worked for SanDisk.
In 2004, the plaintiffs sold a software company they had founded in Israel to SanDisk for $10 million up front. An additional $4 million was to be paid depending on the level of sales SanDisk realized over the next two years on products "derived" from technology developed by the Israeli company. As part of the deal, Harkabi and Elazar moved to New York and began working for SanDisk.
At the end of the two-year period, SanDisk contended the threshold for the Israeli software developers to claim their "earn-out" fee had not been met, and offered them $800,000. When the developers continued to demand the full $4 million, SanDisk ended their employment.
To Continue Reading: Click Here
------------------------------------------
Source: law.com
By: Daniel Wise
Wednesday, August 25, 2010
European Reservations?
German state data protection authorities have recently criticized both cloud computing and the EU-US Safe Harbor Framework. From some of the reactions, you would think that both are in imminent danger of a European crackdown. That’s not likely, but the comments reflect some concerns with recent trends in outsourcing and transborder data flows that multinationals would be well advised to address in their planning and operations.
In April, the Düsseldorfer Kreis, an informal group of state data protection officials that attempts to coordinate approaches to international data transfers under Germany’s federal system, called on the US Federal Trade Commission to increase its monitoring and enforcement of Safe Harbor commitments by US companies handling European personal data. On July 23, Dr. Thilo Weichert, head of the data protection commission in the northernmost German state of Schleswig-Holstein (capital: Kiel), issued a press release provocatively titled “10th Anniversary of Safe Harbor – many reasons to act but none to celebrate.” Dr. Weichert cites an upcoming report by an Australian consultancy (Galexia) asserting that hundreds of American companies claiming to be part of the Safe Harbor program are not currently certified, and that many Safe Harbor companies fail to provide information to individuals on how to enforce their rights or refer them to costly self-regulatory dispute resolution programs. Dr. Weichert urges a radical solution: “From a privacy perspective there is only one conclusion to be drawn from the lessons learned – to terminate safe harbor immediately.”
To Continue Reading: Click Here
------------------------------------------
Source: infolawgroup.com
By: W. Scott Blackmer
In April, the Düsseldorfer Kreis, an informal group of state data protection officials that attempts to coordinate approaches to international data transfers under Germany’s federal system, called on the US Federal Trade Commission to increase its monitoring and enforcement of Safe Harbor commitments by US companies handling European personal data. On July 23, Dr. Thilo Weichert, head of the data protection commission in the northernmost German state of Schleswig-Holstein (capital: Kiel), issued a press release provocatively titled “10th Anniversary of Safe Harbor – many reasons to act but none to celebrate.” Dr. Weichert cites an upcoming report by an Australian consultancy (Galexia) asserting that hundreds of American companies claiming to be part of the Safe Harbor program are not currently certified, and that many Safe Harbor companies fail to provide information to individuals on how to enforce their rights or refer them to costly self-regulatory dispute resolution programs. Dr. Weichert urges a radical solution: “From a privacy perspective there is only one conclusion to be drawn from the lessons learned – to terminate safe harbor immediately.”
To Continue Reading: Click Here
------------------------------------------
Source: infolawgroup.com
By: W. Scott Blackmer
Federal CIOs Issue Cloud Computing Privacy Framework
Poorly planned and executed cloud computing contracts could result in security disaster, warns CIO Council.
Although cloud computing represents a possible solution to the government's rapidly increasing on-premises storage needs, federal agencies need to be aware of "significant privacy concerns" associated with storing personally identifiable information in the cloud, the federal CIO Council says in a new document outlining a proposed policy framework on privacy and the cloud.
Federal privacy regulations control how and where federal agencies hold and process personally identifiable information, and the CIO Council warns that, without consulting their legal and privacy teams and putting a plan into place, federal agencies may run afoul of those regulations.
"Once an agency chooses a cloud computing provider to collect and store information, the individual is no longer providing information solely to the government, but also to a third party who is not necessarily bound by the same laws and regulations," the document says.
Federal agencies need to follow laws like the E-Government Act and the Privacy Act and regulations like the National Institute of Standards and Technology's Special Publication 800-53, but cloud providers are bound only so far as they don't stray so far from the regulations that they can't serve the federal government.
To Continue Reading: Click Here
------------------------------------------
Source: Information Week
By: J. Nicholas Hoover
Although cloud computing represents a possible solution to the government's rapidly increasing on-premises storage needs, federal agencies need to be aware of "significant privacy concerns" associated with storing personally identifiable information in the cloud, the federal CIO Council says in a new document outlining a proposed policy framework on privacy and the cloud.
Federal privacy regulations control how and where federal agencies hold and process personally identifiable information, and the CIO Council warns that, without consulting their legal and privacy teams and putting a plan into place, federal agencies may run afoul of those regulations.
"Once an agency chooses a cloud computing provider to collect and store information, the individual is no longer providing information solely to the government, but also to a third party who is not necessarily bound by the same laws and regulations," the document says.
Federal agencies need to follow laws like the E-Government Act and the Privacy Act and regulations like the National Institute of Standards and Technology's Special Publication 800-53, but cloud providers are bound only so far as they don't stray so far from the regulations that they can't serve the federal government.
To Continue Reading: Click Here
------------------------------------------
Source: Information Week
By: J. Nicholas Hoover
Zurich fined £2.3m by FSA over loss of back-up tape
The Financial Services Authority (FSA) has fined Zurich Insurance £2,275,000 after a back-up tape containing unencrypted personal details on 46,000 policy holders went missing in transit. The FSA said Zurich had inadequate systems and controls in place.
The fine is the highest levied to date on a single firm for data security failings, according to the UK regulator.
Zurich UK outsourced the processing of some of its general insurance customer data to Zurich Insurance Company South Africa Limited (Zurich SA). The FSA reported that in August 2008, an unencrypted back-up tape was lost during a routine transfer from a data centre in South Africa to a third party data storage facility.
The tape was lost by a subcontractor engaged by Zurich SA. The FSA found that the subcontractor had been engaged without Zurich UK's written consent.
The missing tape included identity details and in some cases bank account and credit card information. Zurich UK did not learn of the incident until a year later.
The FSA said the loss could have led to serious financial detriment for customers and exposed them to the risk of burglary. It found that the insurer had failed to take reasonable care to ensure it had effective systems and controls to manage the risks relating to the security of customer data resulting from the outsourcing arrangement. The firm also failed to ensure that it had effective systems and controls to prevent the lost data being used for financial crime.
To Continue Reading: Click Here
------------------------------------------
Source: out-law.com
The fine is the highest levied to date on a single firm for data security failings, according to the UK regulator.
Zurich UK outsourced the processing of some of its general insurance customer data to Zurich Insurance Company South Africa Limited (Zurich SA). The FSA reported that in August 2008, an unencrypted back-up tape was lost during a routine transfer from a data centre in South Africa to a third party data storage facility.
The tape was lost by a subcontractor engaged by Zurich SA. The FSA found that the subcontractor had been engaged without Zurich UK's written consent.
The missing tape included identity details and in some cases bank account and credit card information. Zurich UK did not learn of the incident until a year later.
The FSA said the loss could have led to serious financial detriment for customers and exposed them to the risk of burglary. It found that the insurer had failed to take reasonable care to ensure it had effective systems and controls to manage the risks relating to the security of customer data resulting from the outsourcing arrangement. The firm also failed to ensure that it had effective systems and controls to prevent the lost data being used for financial crime.
To Continue Reading: Click Here
------------------------------------------
Source: out-law.com
This message will self-destruct
It’s something straight out of Mission: Impossible. Vanishing e-mail.
As in the kind that can’t be forwarded. Can’t be printed. Can’t be copied or passed into another program. Automatically encrypts once the message is viewed, rendering it essentially self-destructible.
Ethan Hunt would be proud. But this kind of software isn’t just for secret agents.
In an era when the tiniest details of our lives are played out for the entire world on the Internet—cached, copied and archived, often without our knowledge—greater control over data is one of the Holy Grails of business.
Think of the potential savings in data storage. The protection against proprietary theft or accidental disclosure. The risk-management potential.
As with every policy and procedure, however, there’s something else to consider when contemplating such software: the legal ramifications.
“We’ve had customers inquire about this, and the legal question has come up,” says Mohit “Mo” Vij, CEO of General Informatics, a Baton Rouge-based information technology management firm that ranks No. 1,179 on Inc. magazine’s list of the nation’s 5,000 fastest-growing companies.
To Continue Reading: Click Here
------------------------------------------
Source: businessreport.com
As in the kind that can’t be forwarded. Can’t be printed. Can’t be copied or passed into another program. Automatically encrypts once the message is viewed, rendering it essentially self-destructible.
Ethan Hunt would be proud. But this kind of software isn’t just for secret agents.
In an era when the tiniest details of our lives are played out for the entire world on the Internet—cached, copied and archived, often without our knowledge—greater control over data is one of the Holy Grails of business.
Think of the potential savings in data storage. The protection against proprietary theft or accidental disclosure. The risk-management potential.
As with every policy and procedure, however, there’s something else to consider when contemplating such software: the legal ramifications.
“We’ve had customers inquire about this, and the legal question has come up,” says Mohit “Mo” Vij, CEO of General Informatics, a Baton Rouge-based information technology management firm that ranks No. 1,179 on Inc. magazine’s list of the nation’s 5,000 fastest-growing companies.
To Continue Reading: Click Here
------------------------------------------
Source: businessreport.com
Proposed law targets companies snooping on social networking sites
A German proposal to stop employers from screening current or potential workers on private Internet sites could prove difficult, if not impossible, to enforce. Yet data protection experts laud the move.
German Interior Minister Thomas de Maiziere has drafted a new law on data privacy that, among other things, will clamp down on the information companies can legally collect on employees from social networking sites, such as Facebook and MySpace.
The German cabinet is expected to approve the draft bill on Wednesday. It must then go before parliament for debate and a final vote.
Germany to take the lead
If passed into law, Germany will become the first country to slap legal restrictions on the use of personal information in private social networking sites. The law, however, will continue to allow companies to look at sites that are expressly designed to help people market themselves to potential employers.
A 2009 survey by Career Builder indicated that 45 percent of employers look at the Facebook profiles of potential applicants and 35 percent of these employers rejected applicants because of their findings.
Bildunterschrift: Großansicht des Bildes mit der Bildunterschrift: Facebook is popular among young people - and their potential employers. Data experts say the proposed law will be nearly impossible to enforce. It would only provide greater protection for job-seekers who are able to prove that a potential employer collected information on them from a private social networking site, according to Yvette Reif, deputing managing director of the German Society for Data Protection and Security (GDD).
To Continue Reading: Click Here
------------------------------------------
Source: dw-world.de
German Interior Minister Thomas de Maiziere has drafted a new law on data privacy that, among other things, will clamp down on the information companies can legally collect on employees from social networking sites, such as Facebook and MySpace.
The German cabinet is expected to approve the draft bill on Wednesday. It must then go before parliament for debate and a final vote.
Germany to take the lead
If passed into law, Germany will become the first country to slap legal restrictions on the use of personal information in private social networking sites. The law, however, will continue to allow companies to look at sites that are expressly designed to help people market themselves to potential employers.
A 2009 survey by Career Builder indicated that 45 percent of employers look at the Facebook profiles of potential applicants and 35 percent of these employers rejected applicants because of their findings.
Bildunterschrift: Großansicht des Bildes mit der Bildunterschrift: Facebook is popular among young people - and their potential employers. Data experts say the proposed law will be nearly impossible to enforce. It would only provide greater protection for job-seekers who are able to prove that a potential employer collected information on them from a private social networking site, according to Yvette Reif, deputing managing director of the German Society for Data Protection and Security (GDD).
To Continue Reading: Click Here
------------------------------------------
Source: dw-world.de
Is 'Private' Data on Social Networks Discoverable?
Calif. federal court ruling holds that messages and comments on social networks visible to a restricted set of users are protected
On May 26, a federal court issued an opinion in a discovery dispute that applies outmoded federal electronic privacy laws from the 1980s to Facebook and MySpace. The ruling could permanently change the way "social networking" sites are viewed by businesses and those involved in litigation. The decision also appears to offer the first in-depth analysis on the effect of "privacy settings" found on many social networking sites and whether information is protected from discovery by federal privacy laws.
The U.S. district court's decision partially reversed and partially vacated a magistrate judge's order declining to quash subpoenas for certain materials held by a third party in a copyright infringement case. See Crispin v. Christian Audigier Inc., 2010 U.S. Dist. Lexis 52832 (C.D. Calif. May 26, 2010). The decision appears to be the first to apply the Stored Communications Act, enacted in 1986, to content on today's social networking sites. See 18 U.S.C. 2701-11. The plaintiff, an artist named Buckley Crispin, claimed that the defendants, Christian Audigier Inc. and its sublicensees, used his artwork in violation of their oral agreement. The defendants sought information from MySpace and Facebook, including Crispin's subscriber information and all communications by Crispin referring to any of the defendants. A federal magistrate declined to quash certain of the defendants' subpoenas, rejecting among other arguments that the information they sought was protected by the SCA.
The district court's decision offered answers to two key questions. First, the holding explains that the SCA's protections reach at least some of the content hosted on social networking sites and that such content will be precluded from discovery from those sites. Second, the decision suggests that privacy settings matter. The private messaging features of social networking sites were protected because the court considered them to be as private as e-mail. Moreover, the court found that the SCA's protections applied to wall postings and comments only to the extent that those communications were not available to the general public.
To Continue Reading: Click Here
------------------------------------------
Source: law.com
By: Alan Klein, John M. Lyons and Andrew R. Sperl
On May 26, a federal court issued an opinion in a discovery dispute that applies outmoded federal electronic privacy laws from the 1980s to Facebook and MySpace. The ruling could permanently change the way "social networking" sites are viewed by businesses and those involved in litigation. The decision also appears to offer the first in-depth analysis on the effect of "privacy settings" found on many social networking sites and whether information is protected from discovery by federal privacy laws.
The U.S. district court's decision partially reversed and partially vacated a magistrate judge's order declining to quash subpoenas for certain materials held by a third party in a copyright infringement case. See Crispin v. Christian Audigier Inc., 2010 U.S. Dist. Lexis 52832 (C.D. Calif. May 26, 2010). The decision appears to be the first to apply the Stored Communications Act, enacted in 1986, to content on today's social networking sites. See 18 U.S.C. 2701-11. The plaintiff, an artist named Buckley Crispin, claimed that the defendants, Christian Audigier Inc. and its sublicensees, used his artwork in violation of their oral agreement. The defendants sought information from MySpace and Facebook, including Crispin's subscriber information and all communications by Crispin referring to any of the defendants. A federal magistrate declined to quash certain of the defendants' subpoenas, rejecting among other arguments that the information they sought was protected by the SCA.
The district court's decision offered answers to two key questions. First, the holding explains that the SCA's protections reach at least some of the content hosted on social networking sites and that such content will be precluded from discovery from those sites. Second, the decision suggests that privacy settings matter. The private messaging features of social networking sites were protected because the court considered them to be as private as e-mail. Moreover, the court found that the SCA's protections applied to wall postings and comments only to the extent that those communications were not available to the general public.
To Continue Reading: Click Here
------------------------------------------
Source: law.com
By: Alan Klein, John M. Lyons and Andrew R. Sperl
Informative Graphics Introduces Redact-It for IBM eDiscovery Manager
Informative Graphics Corporation (IGC), a leader in viewing, collaboration and redaction technology, today announced the release of Redact-It(R) for IBM eDiscovery Manager. IBM's eDiscovery software complements core information management capabilities and provides a strategic, in-house approach to globally address discovery, privacy and retention requirements more efficiently. Tightly integrated with IBM eDiscovery Manager, Redact-It performs automated redaction on documents during the export phase, allowing organizations to process large volumes of documents in-house.
Redact-It automatically applies "Privilege" or "Privacy" scripts and creates a new PDF or TIFF rendition of the redacted file(s), leaving the source file(s) untouched. The redacted rendition contains no hidden text or metadata; the content is completely removed, so there is no risk of inadvertent disclosure through improper redaction. Redact-It also offers the ability to export source files to PDF or TIFF from eDiscovery Manager in addition to IBM's traditional EDRM-XML and Native format options.
Attorney and eDiscovery expert, Tom O'Connor, says, "Effective redaction is an extremely important part of the eDiscovery process. Unfortunately, sometimes people don't understand redaction technology, and they don't buy a good product like Redact-It. They think they are effectively redacting some privileged information, and instead they inadvertently send it to opposing counsel as part of their production. If lawyers have not protected privilege within documents, for which they have a duty to the client, they may be exposing themselves to a malpractice case. Firms must take the steps necessary to protect a case, and that includes proper redaction."
To Continue Reading: Click Here
------------------------------------------
Source: marketwatch.com
Redact-It automatically applies "Privilege" or "Privacy" scripts and creates a new PDF or TIFF rendition of the redacted file(s), leaving the source file(s) untouched. The redacted rendition contains no hidden text or metadata; the content is completely removed, so there is no risk of inadvertent disclosure through improper redaction. Redact-It also offers the ability to export source files to PDF or TIFF from eDiscovery Manager in addition to IBM's traditional EDRM-XML and Native format options.
Attorney and eDiscovery expert, Tom O'Connor, says, "Effective redaction is an extremely important part of the eDiscovery process. Unfortunately, sometimes people don't understand redaction technology, and they don't buy a good product like Redact-It. They think they are effectively redacting some privileged information, and instead they inadvertently send it to opposing counsel as part of their production. If lawyers have not protected privilege within documents, for which they have a duty to the client, they may be exposing themselves to a malpractice case. Firms must take the steps necessary to protect a case, and that includes proper redaction."
To Continue Reading: Click Here
------------------------------------------
Source: marketwatch.com
Tuesday, August 24, 2010
Social media poses risks to businesses
To stay competitive in a constantly evolving, data-saturated marketplace, businesses must not only make vast amounts of data available electronically, but also update the data quickly and effectively.
So it is no surprise that businesses have started using social networks such as blogs, Twitter and Facebook. But these new forms of communication have caused significant problems when businesses end up in legal disputes. Put simply, most businesses’ information-management policies are not updated to account for electronic information needed when disputes go to litigation or arbitration. In litigation, courts view electronically-generated and stored information as essentially equivalent to information on paper. Courts expect businesses to preserve such information and be able to produce it as required by pertinent rules.
The deep inadequacy of business management of such electronic information became clear earlier this summer with the results of a June survey performed by a leading forensic center on the effect of social networking. While two-thirds of businesses worry about e-discovery risks posed by data contained within social networks, 25 percent say they are not prepared to address related electronic information discovery requests, and 33 percent think they are only partially prepared. Moreover, only 9 percent of companies surveyed think they are well prepared for such discovery requests. And the situation is probably worse than even these numbers suggest, because businesses that think they are adequately prepared often find out that they are not.
To Continue Reading: Click Here
------------------------------------------
Source: dcjoregon.com
By: Hafez Daraee
So it is no surprise that businesses have started using social networks such as blogs, Twitter and Facebook. But these new forms of communication have caused significant problems when businesses end up in legal disputes. Put simply, most businesses’ information-management policies are not updated to account for electronic information needed when disputes go to litigation or arbitration. In litigation, courts view electronically-generated and stored information as essentially equivalent to information on paper. Courts expect businesses to preserve such information and be able to produce it as required by pertinent rules.
The deep inadequacy of business management of such electronic information became clear earlier this summer with the results of a June survey performed by a leading forensic center on the effect of social networking. While two-thirds of businesses worry about e-discovery risks posed by data contained within social networks, 25 percent say they are not prepared to address related electronic information discovery requests, and 33 percent think they are only partially prepared. Moreover, only 9 percent of companies surveyed think they are well prepared for such discovery requests. And the situation is probably worse than even these numbers suggest, because businesses that think they are adequately prepared often find out that they are not.
To Continue Reading: Click Here
------------------------------------------
Source: dcjoregon.com
By: Hafez Daraee
What Lawyers Need to Know About Search Tools
It will come as no surprise to anyone who has handled complex litigation during the past five years that the volume of electronically stored information that must be reviewed in the course of discovery can be staggering. It may be more surprising to learn that keyword search is not nearly as effective at identifying relevant information as many lawyers would like to believe. See David C. Blair and M.E. Maron, "An Evaluation of Retrieval Effectiveness for a Full-Text Document-Retrieval Sys.," 28(3) Comm. of the ACM 289 (1985) (showing lawyers estimated their search had identified 75 present of the relevant documents when only about 20 present were found); Douglas W. Oard, et al., Overview of the TREC 2008 Legal Track (March 17, 2009), (showing Boolean search identified only 24 present of the relevant documents); Stephen Tomlinson, et al., Overview of the 2007 TREC Legal Track (April 30, 2008), (showing Boolean search identified only 22 present of the relevant documents).
Litigators today face severe challenges in identifying and producing documents responsive to requests for production, on time, within budget and without waiver of privilege. See, e.g., In re Fannie Mae Sec. Litig., 552 F.3d 814 (D.D.C. 2009) (involving delayed production in which 400 search terms yielded 660,000 documents, costing $6 million -- or 9 present of annual budget -- to review); Mt. Hawley Ins. Co. v. Felman Prod., No. 3:09-CV-00481, 2010 WL 1990555 (S.D. W. Va. May 18, 2010) (finding waiver of privilege for inadvertent production of 377 privileged documents in 346-gigabyte production). To assist lawyers in these efforts, there are a dizzying array of vendors and search tools on the market, each claiming to offer the "silver bullet." For time-strapped lawyers who have little -- if any -- interest in technology, sorting through the options can be overwhelming. But the consequences of getting it wrong -- and using a shovel when one really needs a crane -- can be severe, in terms of cost and otherwise. See, e.g., In re Fannie Mae Sec. Litig., 552 F.3d 814 (D.D.C. 2009) (upholding contempt citation for failure to comply with deadline in stipulated discovery order).
Are all search tools and methods created equal? Do they all achieve the same results? How can attorneys become sufficiently comfortable using search tools so they can certify that, "to the best of [their] knowledge ... formed after a reasonable inquiry," their response to a document request is "complete and correct," and that they have produced everything -- or as close to everything as possible -- that is responsive to the request? Fed. R. Civ. P. 26(g)(1)(A).
To Continue Reading: Click Here
------------------------------------------
Source: law.com
By: Maura R. Grossman and Terry Sweeney
Litigators today face severe challenges in identifying and producing documents responsive to requests for production, on time, within budget and without waiver of privilege. See, e.g., In re Fannie Mae Sec. Litig., 552 F.3d 814 (D.D.C. 2009) (involving delayed production in which 400 search terms yielded 660,000 documents, costing $6 million -- or 9 present of annual budget -- to review); Mt. Hawley Ins. Co. v. Felman Prod., No. 3:09-CV-00481, 2010 WL 1990555 (S.D. W. Va. May 18, 2010) (finding waiver of privilege for inadvertent production of 377 privileged documents in 346-gigabyte production). To assist lawyers in these efforts, there are a dizzying array of vendors and search tools on the market, each claiming to offer the "silver bullet." For time-strapped lawyers who have little -- if any -- interest in technology, sorting through the options can be overwhelming. But the consequences of getting it wrong -- and using a shovel when one really needs a crane -- can be severe, in terms of cost and otherwise. See, e.g., In re Fannie Mae Sec. Litig., 552 F.3d 814 (D.D.C. 2009) (upholding contempt citation for failure to comply with deadline in stipulated discovery order).
Are all search tools and methods created equal? Do they all achieve the same results? How can attorneys become sufficiently comfortable using search tools so they can certify that, "to the best of [their] knowledge ... formed after a reasonable inquiry," their response to a document request is "complete and correct," and that they have produced everything -- or as close to everything as possible -- that is responsive to the request? Fed. R. Civ. P. 26(g)(1)(A).
To Continue Reading: Click Here
------------------------------------------
Source: law.com
By: Maura R. Grossman and Terry Sweeney
Monday, August 23, 2010
Who has Legal Jurisdiction in the Cloud?
Summary
Agreements can be made concerning the jurisdiction over disputes concerning the data. However, disputes involving other entities not parties to that agreement may not be subject to the agreement. Accordingly, cloud computing presents uncertainty and has the potential for future disputes concerning jurisdiction.
Analysis
Cloud computing is a general term for the delivery of hosting and other services over the Internet. Instead of storing data in-house, the data and data applications are stored remotely, with access provided via the Internet (or the “cloud ). Some of the larger companies operating in the “cloud” marketplace include: Google, Microsoft, Yahoo!, Google, Amazon, Cisco, and Hewlett-Packard to name a few. See http://cloudcomputing.sys-con.com/node/770174 (last visited, 8/18/2010). A key issue often overlooked by companies evaluating the value of the “cloud” is Jurisdiction, which is a key legal construct. A court can only hear a matter if it has jurisdiction over the parties and the subject matter of the action, while law enforcement agencies can only exercise their powers within their authorized jurisdictions.
Jurisdiction over the parties is called “personal jurisdiction” and can generally be obtained over a party who resides within the court’s geographic authority or has entered into “minimum contacts” with a person or company located in the jurisdiction. Generally, a company that does business in a particular geographic area will be subject to jurisdiction in that area. Personal jurisdiction can also be obtained by consent, which is commonly done through a contract provision stating that the parties agree to submit themselves to the jurisdiction of a specific court. In order to take jurisdiction, the federal courts require that all parties to the action be citizens of different states, expect for certain types of cases that are exclusive to the federal courts.
Jurisdiction over the subject matter of an action is referred to as “subject matter jurisdiction.” This can be based upon a minimum or maximum dollar amount in dispute, or upon the type of dispute. Subject matter jurisdiction can also impact the types of remedies a court can fashion, such as equitable remedies.
To Continue Reading: Click Here
------------------------------------------
Source: glgroup.com
By: GLG Expert Contributor
Agreements can be made concerning the jurisdiction over disputes concerning the data. However, disputes involving other entities not parties to that agreement may not be subject to the agreement. Accordingly, cloud computing presents uncertainty and has the potential for future disputes concerning jurisdiction.
Analysis
Cloud computing is a general term for the delivery of hosting and other services over the Internet. Instead of storing data in-house, the data and data applications are stored remotely, with access provided via the Internet (or the “cloud ). Some of the larger companies operating in the “cloud” marketplace include: Google, Microsoft, Yahoo!, Google, Amazon, Cisco, and Hewlett-Packard to name a few. See http://cloudcomputing.sys-con.com/node/770174 (last visited, 8/18/2010). A key issue often overlooked by companies evaluating the value of the “cloud” is Jurisdiction, which is a key legal construct. A court can only hear a matter if it has jurisdiction over the parties and the subject matter of the action, while law enforcement agencies can only exercise their powers within their authorized jurisdictions.
Jurisdiction over the parties is called “personal jurisdiction” and can generally be obtained over a party who resides within the court’s geographic authority or has entered into “minimum contacts” with a person or company located in the jurisdiction. Generally, a company that does business in a particular geographic area will be subject to jurisdiction in that area. Personal jurisdiction can also be obtained by consent, which is commonly done through a contract provision stating that the parties agree to submit themselves to the jurisdiction of a specific court. In order to take jurisdiction, the federal courts require that all parties to the action be citizens of different states, expect for certain types of cases that are exclusive to the federal courts.
Jurisdiction over the subject matter of an action is referred to as “subject matter jurisdiction.” This can be based upon a minimum or maximum dollar amount in dispute, or upon the type of dispute. Subject matter jurisdiction can also impact the types of remedies a court can fashion, such as equitable remedies.
To Continue Reading: Click Here
------------------------------------------
Source: glgroup.com
By: GLG Expert Contributor
In Focus: ILTA 2010
You may think that the new technology coming out of the International Legal Technology Association conference at the Las Vegas Aria, on Aug. 22-26, is a walk in the park after LegalTech New York. That may be true if the park is Yellowstone. There is plenty going on at ILTA 2010 in the e-discovery space, as well as other areas of legal technology. Here are a few items to focus on when the doors open.
There seems to be some question on the estimate of the size of the e-discovery market as reported by George Socha and Tom Gelbmann in the 2010 Socha-Gelbmann Electronic Discovery Survey, as observed by Rees Morrison, of Law Department Management, and as rebutted by Gelbmann. By the time Gelbmann and Morrison sort that out, the market will move, most likely in an upward direction.
Craig Carpenter, vice president of marketing at Recommind, has observed record-breaking revenue growth of more than 300 percent in the first half of 2010 vis-a-vis the same period in 2009. Carpenter conceded that some of that growth may be a reflection of the 2009 market, but observed that there are hard drivers for the EDD market, such as complying with regulatory investigations. Carpenter also noted that human-machine interfaces have improved to the point where legal professionals and judges are getting familiar with new technology to trust it, which enables vendors to increase automation and drive down costs.
To Continue Reading: Click Here
------------------------------------------
Source: law.com
By: Sean Doherty
There seems to be some question on the estimate of the size of the e-discovery market as reported by George Socha and Tom Gelbmann in the 2010 Socha-Gelbmann Electronic Discovery Survey, as observed by Rees Morrison, of Law Department Management, and as rebutted by Gelbmann. By the time Gelbmann and Morrison sort that out, the market will move, most likely in an upward direction.
Craig Carpenter, vice president of marketing at Recommind, has observed record-breaking revenue growth of more than 300 percent in the first half of 2010 vis-a-vis the same period in 2009. Carpenter conceded that some of that growth may be a reflection of the 2009 market, but observed that there are hard drivers for the EDD market, such as complying with regulatory investigations. Carpenter also noted that human-machine interfaces have improved to the point where legal professionals and judges are getting familiar with new technology to trust it, which enables vendors to increase automation and drive down costs.
To Continue Reading: Click Here
------------------------------------------
Source: law.com
By: Sean Doherty
Mobile devices and security: Plug the leaks, then encrypt
Mobile devices are running into organizations faster than ants to a picnic. There are two security challenges associated with this onslaught: access and data leakage. This week, we’ll look at data leakage and the business challenges associated with protecting wandering information.
Data leakageThe fundamental issue underlying protecting information on mobile devices is data leakage. If users didn’t copy sensitive information to their phones, laptops, thumb drives, and other devices with abandon, controlling for breaches would be much simpler.
My definition of data leakage is simple; it is the moving/copying of information from a place of acceptable trust to one of lesser or absent trust. In other words, placing data in a location with insufficient controls to adequately protect it.
Figure A depicts many of the ways users have found to leak data. If we want effectively to keep our information from spreading into the wide unknown, we have to take steps to plug some of these leaks.
Policies are a great start. Many organizations still haven’t updated acceptable use policies to include appropriate mobile device use. Of course, a monitoring solution should check to see if users actually read and adhere to the applicable policies. In addition, use of technology to prevent unwanted behavior is another risk mitigation control. This is where DLP (data loss prevention) and e-discovery solutions can help.
DLP controls are placed at two layers: network and host. The network layer is used to detect movement of data of interest across the network. However, the best way to prevent the kinds of leaks shown in Figure A is to use host-based DLP.
To Continue Reading: Click Here
------------------------------------------
Source: blogs.techrepublic.com
By: Chad Perrin
Data leakageThe fundamental issue underlying protecting information on mobile devices is data leakage. If users didn’t copy sensitive information to their phones, laptops, thumb drives, and other devices with abandon, controlling for breaches would be much simpler.
My definition of data leakage is simple; it is the moving/copying of information from a place of acceptable trust to one of lesser or absent trust. In other words, placing data in a location with insufficient controls to adequately protect it.
Figure A depicts many of the ways users have found to leak data. If we want effectively to keep our information from spreading into the wide unknown, we have to take steps to plug some of these leaks.
Policies are a great start. Many organizations still haven’t updated acceptable use policies to include appropriate mobile device use. Of course, a monitoring solution should check to see if users actually read and adhere to the applicable policies. In addition, use of technology to prevent unwanted behavior is another risk mitigation control. This is where DLP (data loss prevention) and e-discovery solutions can help.
DLP controls are placed at two layers: network and host. The network layer is used to detect movement of data of interest across the network. However, the best way to prevent the kinds of leaks shown in Figure A is to use host-based DLP.
To Continue Reading: Click Here
------------------------------------------
Source: blogs.techrepublic.com
By: Chad Perrin
Friday, August 20, 2010
ABA Continues Examining Legal Outsourcing Ethics
I was privileged to be invited as a guest speaker at the August 6th, 2010 ABA Ethics 20/20 Commission public hearing on legal outsourcing San Francisco. The ABA also heard or received testimony from two other executives of legal process outsourcers (LPO). Click here for the speaker schedules and written testimony (PDF). In this post, I report on the status of the ABA ethics consideration process, my testimony, and my take-away from the hearing. I then share our view on what direction the ethics rules should take. The post closes with information on upcoming PLI conferences about legal outsourcing.
The ABA Process. The San Francisco hearing follows on from the ABA Section of International Law’s Public Forum on Offshore Outsourcing of Legal Services held in New York City on April 17, 2010. The purpose of that session was “to gather viewpoints for the Section’s Leadership Council, which is considering the formulation of policy recommendations to the larger ABA”. Integreon also testified at that meeting, as we reported in our blog post, ABA Reviewing Ethics Rules, Examining Legal Outsourcing. At that time, as noted in our post, the ABA had not decided what, if any action it should take regarding the ethics of legal outsourcing.
Since then, the ABA position seemed to shift a bit. Shortly before the San Francisco public hearing, a Section of International Law newsletter noted that the Section is “helping the larger ABA wrestle with whether existing ethical rules and regulatory structures adequately address the realities and challenges of a globalized 21st Century law practice… [the] efforts of the Section’s Task Force and the Ethics 20/20 Working Group have now merged [and] [t]he Working Group has developed proposed amendments to the Model Rules to address ethical issues arising from outsourcing.” So I went into the hearing assuming that the ABA will amend the Model Rules of Professional Conduct.
To Continue Reading: Click Here
------------------------------------------
Source: Integreon Blog
By: Mark Ross
The ABA Process. The San Francisco hearing follows on from the ABA Section of International Law’s Public Forum on Offshore Outsourcing of Legal Services held in New York City on April 17, 2010. The purpose of that session was “to gather viewpoints for the Section’s Leadership Council, which is considering the formulation of policy recommendations to the larger ABA”. Integreon also testified at that meeting, as we reported in our blog post, ABA Reviewing Ethics Rules, Examining Legal Outsourcing. At that time, as noted in our post, the ABA had not decided what, if any action it should take regarding the ethics of legal outsourcing.
Since then, the ABA position seemed to shift a bit. Shortly before the San Francisco public hearing, a Section of International Law newsletter noted that the Section is “helping the larger ABA wrestle with whether existing ethical rules and regulatory structures adequately address the realities and challenges of a globalized 21st Century law practice… [the] efforts of the Section’s Task Force and the Ethics 20/20 Working Group have now merged [and] [t]he Working Group has developed proposed amendments to the Model Rules to address ethical issues arising from outsourcing.” So I went into the hearing assuming that the ABA will amend the Model Rules of Professional Conduct.
To Continue Reading: Click Here
------------------------------------------
Source: Integreon Blog
By: Mark Ross
'Web 2.0' as Evidence
In a recent intellectual property case for which we were retained, among the electronically stored information (ESI) that the plaintiff sought for production were internal company blogs and wikis used by the defendant’s developers to discuss new product ideas, as well as the design and coding of the alleged offending application. Included in the discovery were sites created using Microsoft® SharePoint® and MediaWiki software (and others). The discovery order was crafted with the typical “readily accessible” and “native format” language that seems totally irrelevant to sites which maintain dynamic content.
Due to the nature of the business, none of the sites for which production was requested was required to be managed in accordance with standards for business compliance such as Sarbanes-Oxley or the European Union Data Protection Directive. All were informal sites created by the development team to support collaboration with other team members. It is arguable whether there was any affirmative “duty to preserve” since it appeared that the developers were totally unaware of any intellectual property concerns related to their work.
Thus, the issues that arose during production were two-fold: What constituted “readily accessible” in sites in which the content is frequently changing and for which point-in-time recovery (PiTR) solutions do not exist? The producing party’s view was that snapshots of the current site with resolution and recursion on internal links to one level of depth was sufficient, but how to produce those snapshots in a form which was reasonably complete but did not constitute a hardship for the producing party? Initial attempts using various web crawlers were abandoned after the output far exceeded the volume of space actually occupied by the site itself! And given that the site content is, at least in part, database driven, what is the impact of continued site use, after the alleged point of infringement, on the database contents?
As for “native format”, how does one handle those sites which convert uploaded content from one form to another using processes which are undocumented and proprietary? Even if the conversion process is well documented, what assurances exist that metadata will be preserved? Many Content Management Systems support import/export programs which convert documents from their native format to a format more easily viewed from the Web (e.g. PDF or HTML). In many cases, valuable metadata is removed by the conversion process.
To Continue Reading: Click Here
------------------------------------------
Source: Forensic Focus
By: Sean McLinden
Due to the nature of the business, none of the sites for which production was requested was required to be managed in accordance with standards for business compliance such as Sarbanes-Oxley or the European Union Data Protection Directive. All were informal sites created by the development team to support collaboration with other team members. It is arguable whether there was any affirmative “duty to preserve” since it appeared that the developers were totally unaware of any intellectual property concerns related to their work.
Thus, the issues that arose during production were two-fold: What constituted “readily accessible” in sites in which the content is frequently changing and for which point-in-time recovery (PiTR) solutions do not exist? The producing party’s view was that snapshots of the current site with resolution and recursion on internal links to one level of depth was sufficient, but how to produce those snapshots in a form which was reasonably complete but did not constitute a hardship for the producing party? Initial attempts using various web crawlers were abandoned after the output far exceeded the volume of space actually occupied by the site itself! And given that the site content is, at least in part, database driven, what is the impact of continued site use, after the alleged point of infringement, on the database contents?
As for “native format”, how does one handle those sites which convert uploaded content from one form to another using processes which are undocumented and proprietary? Even if the conversion process is well documented, what assurances exist that metadata will be preserved? Many Content Management Systems support import/export programs which convert documents from their native format to a format more easily viewed from the Web (e.g. PDF or HTML). In many cases, valuable metadata is removed by the conversion process.
To Continue Reading: Click Here
------------------------------------------
Source: Forensic Focus
By: Sean McLinden
Jones v. Bremen High School District 228, 2010 WL 2106640 (N.D. Ill. May 25, 2010)
In a decision filed May 25, 2010, US Magistrate Judge Susan E. Fox sanctioned defendant Bremen High School District 228 for its reckless and grossly negligent failure to impose an effective legal hold, again highlighting the perils of employee self-collection as a method for preservation of ESI.
Defendant learned in October 2007 that Plaintiff Victoria Jones had filed a race discrimination claim against them with the US Equal Employment Opportunity Commission. As a result, defendant’s counsel asked three employees to search their own personal e-mail and cull out relevant documents, but failed to supervise the employees’ preservation. After plaintiff filed her federal lawsuit in June 2008, defendants’ counsel asked additional employees to cull their e-mails in addition to the original three but, again, did not supervise their preservation. During this time period, employees could permanently delete e-mails in a manner that made them unrecoverable, as defendant’s e-mail backup tapes were overwritten every 30 days. It was not until October 2008 that defendant began preserving all employees’ e-mails in a searchable archive. This despite having a published document retention policy dating back to 2003 which stated that defendant would maintain and preserve all evidence of its “organization, function, policies, procedures or activities.”
To Continue Reading: Click Here
------------------------------------------
Source: Guidance on eDiscovery
By: Patrick Burke
Defendant learned in October 2007 that Plaintiff Victoria Jones had filed a race discrimination claim against them with the US Equal Employment Opportunity Commission. As a result, defendant’s counsel asked three employees to search their own personal e-mail and cull out relevant documents, but failed to supervise the employees’ preservation. After plaintiff filed her federal lawsuit in June 2008, defendants’ counsel asked additional employees to cull their e-mails in addition to the original three but, again, did not supervise their preservation. During this time period, employees could permanently delete e-mails in a manner that made them unrecoverable, as defendant’s e-mail backup tapes were overwritten every 30 days. It was not until October 2008 that defendant began preserving all employees’ e-mails in a searchable archive. This despite having a published document retention policy dating back to 2003 which stated that defendant would maintain and preserve all evidence of its “organization, function, policies, procedures or activities.”
To Continue Reading: Click Here
------------------------------------------
Source: Guidance on eDiscovery
By: Patrick Burke
Thursday, August 19, 2010
Delaware Chancery Court Vice Chancellor Derides Lax Attitude Toward eDiscovery and Custodian Self-Collection
A transcript of an April 8, 2010 conference call [transcript] reveals a senior Delaware judge chastising defense counsel for their unsatisfactory approach toward electronic discovery in Roffe v. Eagle Rock Energy GP, L.P., a proposed class action and derivative lawsuit. The conference was called to discuss the failure of defense counsel adequately to produce e-mail sent or received by the chair and two other members of defendant’s conflicts committee.
Defendants’ counsel argued that it should be found sufficient that e-mail was collected only from two of the three Eagle Rock Energy conflict committee members, with those committee members having personally selected the particular e-mails to be were produced. Defense counsel Gerald L. Bracht, a partner in Andrew Kurth LLP’s Houston office, argued in the transcript that he thought it unnecessary to search the e-mail of the Chairman of the conflicts committee, because it would take time, cost money and because that individual used his personal computer for e-mail and the relevant e-mails are “interspersed with his personal e-mails, his other business e-mails, and he estimates that he receives about 150 e-mails a day.” He also posited that the Chair’s e-mails would likely duplicate those of the two other committee members.
“This is not satisfactory,” Vice Chancellor J. Travis Laster is quoted in the transcript as saying. As to defendants’ counsel producing only those e-mails selected for production by the two committee members, the Vice Chancellor said “First of all, you do not rely on a defendant to search their own e-mail system. Okay? There needs to be a lawyer who goes and makes sure the collection is done properly.” “[W]e don’t rely on people who are defendants to decide what documents are responsive,” said Laster, “at least not in this Court.” He went on “[T]he real question in my mind is whether at this point it’s enough to do the production the way it should have been done in the first place, or whether there needs to be some additional steps taken to actually image these drives and do some searching to make sure that things haven’t been lost since what should have been done in the first place hasn’t been done.”
To Continue Reading: Click Here
------------------------------------------
Source: Guidance on eDiscovery
By: Patrick Burke
Defendants’ counsel argued that it should be found sufficient that e-mail was collected only from two of the three Eagle Rock Energy conflict committee members, with those committee members having personally selected the particular e-mails to be were produced. Defense counsel Gerald L. Bracht, a partner in Andrew Kurth LLP’s Houston office, argued in the transcript that he thought it unnecessary to search the e-mail of the Chairman of the conflicts committee, because it would take time, cost money and because that individual used his personal computer for e-mail and the relevant e-mails are “interspersed with his personal e-mails, his other business e-mails, and he estimates that he receives about 150 e-mails a day.” He also posited that the Chair’s e-mails would likely duplicate those of the two other committee members.
“This is not satisfactory,” Vice Chancellor J. Travis Laster is quoted in the transcript as saying. As to defendants’ counsel producing only those e-mails selected for production by the two committee members, the Vice Chancellor said “First of all, you do not rely on a defendant to search their own e-mail system. Okay? There needs to be a lawyer who goes and makes sure the collection is done properly.” “[W]e don’t rely on people who are defendants to decide what documents are responsive,” said Laster, “at least not in this Court.” He went on “[T]he real question in my mind is whether at this point it’s enough to do the production the way it should have been done in the first place, or whether there needs to be some additional steps taken to actually image these drives and do some searching to make sure that things haven’t been lost since what should have been done in the first place hasn’t been done.”
To Continue Reading: Click Here
------------------------------------------
Source: Guidance on eDiscovery
By: Patrick Burke
US Supreme Court Weighs In On Instant Messaging Privacy Issues
Recognizing the growing convergence of law and technology, the Supreme Court of the United States delved into the Constitutional issues of electronic communications in the recent opinion, City of Ontario, California v. Jeff Quon, 2010 WL 2400087 (U.S.S.C., June 17, 2010). In a unanimous decision, in which Justices Scalia and Stevens concurred, Justice Kennedy delivered the opinion which held that the City of Ontario, California did not violate the Fourth Amendment rights of Quon when they searched the electronic text message history of his city-issued pager. Because of the non-work related subject-matter of the texts and the electronic device from which they were sent, some legal commentators believe that this holding has the potential to reach beyond Fourth Amendment search-and-seizure issues, and actually widen the scope of relevant data in civil litigation.
In this matter, the city had acquired pagers capable of sending text messages, and issued them to the officers of the Ontario Police Department (OPD), where Quon was employed as a member of the SWAT team. Quon and other OPD officers used the pagers for personal texts, and some of Quon’s texts were sexually explicit in nature. The department had a defined computer policy in place for email usage, however, they also made clear to employees that they would treat personal text messages on the department-issued pagers the same as emails. Quon, however, received somewhat conflicting information from his superiors regarding personal text messages. After numerous issues involving overages with the pagers, the chief of the OPD conducted an audit to determine whether the charges were personal or work-related. Quon’s personal texts were revealed, and he was subsequently disciplined by the OPD. In response, Quon filed a claim against the city alleging that the search of his text messages violated his Fourth Amendment rights. The district court found for the defendants; the 9th Circuit Court of Appeals reversed, and the Supreme Court reversed the decision of the 9th Circuit.
To Continue Reading: Click Here
------------------------------------------
Source: Guidance on eDiscovery
By: John Blumenschein
In this matter, the city had acquired pagers capable of sending text messages, and issued them to the officers of the Ontario Police Department (OPD), where Quon was employed as a member of the SWAT team. Quon and other OPD officers used the pagers for personal texts, and some of Quon’s texts were sexually explicit in nature. The department had a defined computer policy in place for email usage, however, they also made clear to employees that they would treat personal text messages on the department-issued pagers the same as emails. Quon, however, received somewhat conflicting information from his superiors regarding personal text messages. After numerous issues involving overages with the pagers, the chief of the OPD conducted an audit to determine whether the charges were personal or work-related. Quon’s personal texts were revealed, and he was subsequently disciplined by the OPD. In response, Quon filed a claim against the city alleging that the search of his text messages violated his Fourth Amendment rights. The district court found for the defendants; the 9th Circuit Court of Appeals reversed, and the Supreme Court reversed the decision of the 9th Circuit.
To Continue Reading: Click Here
------------------------------------------
Source: Guidance on eDiscovery
By: John Blumenschein
The justice system, crime and adapting to social media
Canadian Bar Association faces multi-issues
The streets of Niagara falls have been crawling with lawyers this week as the Canadian Bar Association holds its annual meeting.
About 800 lawyers and judges have descended upon this picturesque border town of 82,000, which happens to be the home riding of federal Justice Minister and lawyer Rob Nicholson,
The minister took the opportunity to plug his hometown, while at the same time delivering his government's tough on crime message to an audience that seemed less than receptive.
In what has become an annual affair, the Justice Minister had a bear pit question and answer session with a few hundred lawyers, many of whom practice main street law -- such as criminal, family and personal injury.
So his message of getting tougher on gangs and throwing more people in jail fell flat, which is oddly puzzling, since it should create more work for some of the lawyers who attended.
To Continue Reading: Click Here
------------------------------------------
Source: vancouversun.com
By: Jim Middlemiss
The streets of Niagara falls have been crawling with lawyers this week as the Canadian Bar Association holds its annual meeting.
About 800 lawyers and judges have descended upon this picturesque border town of 82,000, which happens to be the home riding of federal Justice Minister and lawyer Rob Nicholson,
The minister took the opportunity to plug his hometown, while at the same time delivering his government's tough on crime message to an audience that seemed less than receptive.
In what has become an annual affair, the Justice Minister had a bear pit question and answer session with a few hundred lawyers, many of whom practice main street law -- such as criminal, family and personal injury.
So his message of getting tougher on gangs and throwing more people in jail fell flat, which is oddly puzzling, since it should create more work for some of the lawyers who attended.
To Continue Reading: Click Here
------------------------------------------
Source: vancouversun.com
By: Jim Middlemiss
Employers struggle with the social web
Where do the ever-blurring lines between personal and business interaction on the social web meet? Most employers and employees do not know and the law has yet to reflect the intricacies of online interactions.
ESI includes social networking platforms
Whereas ten years ago it was relatively novel to include e-mail as a form of evidence it is now the case that social networking has overtaken e-mail in popularity, and internet usage policies in most companies do not reflect this change.
"Whereas a decade ago e-mail was often excluded from discovery as part of an unspoken agreement between parties, today all sorts of electronic communications are potentially discoverable. User activity on social networking sites like Twitter, LinkedIn, Facebook and MySpace warrant serious concern," wrote H. Christopher Boehning and Daniel J. Toal on their Law.com blog Law Technology News last year.
"Like it or not, social networking has come to the office, and its arrival presents a host of challenges. Those challenges can best be met through a formal policy, which should also address how to consider this online activity when collecting ESI (electronically stored information) for discovery," they added.
To Continue Reading: Click Here
------------------------------------------
Source: siliconrepublic.com
ESI includes social networking platforms
Whereas ten years ago it was relatively novel to include e-mail as a form of evidence it is now the case that social networking has overtaken e-mail in popularity, and internet usage policies in most companies do not reflect this change.
"Whereas a decade ago e-mail was often excluded from discovery as part of an unspoken agreement between parties, today all sorts of electronic communications are potentially discoverable. User activity on social networking sites like Twitter, LinkedIn, Facebook and MySpace warrant serious concern," wrote H. Christopher Boehning and Daniel J. Toal on their Law.com blog Law Technology News last year.
"Like it or not, social networking has come to the office, and its arrival presents a host of challenges. Those challenges can best be met through a formal policy, which should also address how to consider this online activity when collecting ESI (electronically stored information) for discovery," they added.
To Continue Reading: Click Here
------------------------------------------
Source: siliconrepublic.com
Google CEO's social media warning; Impending information armageddon?
In an interview with the Wall Street Journal, Google CEO Eric Schmidt warns of the future consequences of social media and networks, and the vast amount of personal data that users put out there on the Web.
“I don’t believe society understands what happens when everything is available, knowable and recorded by everyone all the time,” he says. He predicts, apparently seriously, that every young person one day will be entitled automatically to change his or her name on reaching adulthood in order to disown youthful hijinks stored on their friends’ social media sites.
“I mean we really have to think about these things as a society,” he adds. “I’m not even talking about the really terrible stuff, terrorism and access to evil things,” he says.
He even suggested that today’s younger generation should consider changing their names in later life to escape their past online misgivings. That’s hardly a means to an end. Surely proactively encouraging the education of online privacy instead of suggesting a deed poll on your graduation day?
This is something I have harped on about many of times before, and privacy watchdogs are constantly filling the news of data privacy awareness campaigns and asking those to consider the consequences of identity fraud and suchlike.
Who is to blame?
It boils down to (forgive the pun) the chicken or the egg. One could argue the point of who’s fault it really is: the user for putting the information out there, or the search engines and social networks for collating the data and retaining it for vast periods of time.
To Continue Reading: Click Here
------------------------------------------
Source: zdnet.com
By: Zack Whittaker
“I don’t believe society understands what happens when everything is available, knowable and recorded by everyone all the time,” he says. He predicts, apparently seriously, that every young person one day will be entitled automatically to change his or her name on reaching adulthood in order to disown youthful hijinks stored on their friends’ social media sites.
“I mean we really have to think about these things as a society,” he adds. “I’m not even talking about the really terrible stuff, terrorism and access to evil things,” he says.
He even suggested that today’s younger generation should consider changing their names in later life to escape their past online misgivings. That’s hardly a means to an end. Surely proactively encouraging the education of online privacy instead of suggesting a deed poll on your graduation day?
This is something I have harped on about many of times before, and privacy watchdogs are constantly filling the news of data privacy awareness campaigns and asking those to consider the consequences of identity fraud and suchlike.
Who is to blame?
It boils down to (forgive the pun) the chicken or the egg. One could argue the point of who’s fault it really is: the user for putting the information out there, or the search engines and social networks for collating the data and retaining it for vast periods of time.
To Continue Reading: Click Here
------------------------------------------
Source: zdnet.com
By: Zack Whittaker
Integreon’s Propensity to Innovate: Facilitating E-Discovery through New Technology
A few months ago I had posed the question, ‘What is the LPO’s Kanban?’ and I’ve since heard a variety of opinions and interesting perspectives on how Legal Process Outsourcing will bring innovative ideas to market. One such innovation is currently making waves in LPO news circles and it comes from Integreon, a market leader in the legal outsourcing landscape. I had the pleasure of discussing Integreon’s newly launched E-Discovery product Seek & Collect™ with Mark Ross, VP Legal Services & Jeffery Fehrman, VP Forensics & Consulting to learn more about how this product impacts E-Discovery services.
I would like to thank Mark & Jeffery for taking the time out for this insightful Q&A. We had an opportunity to also get their thoughts on LPO’s evolution through Mark’s recent participation in the ABA Ethics 20/20 Commission hearings in San Francisco on outsourcing this month.
LPOSavvy: Tell us what Seek & Collect™ aims to do for legal counsel and how Integreon conceived of this product?
JEFFERY: Integreon’s forensics team noticed the unmet need in the e-discovery market for a “simple” solution that could quickly pull together a defensible set of evidence from many geographic locations.
Seek & Collect simplifies the e-discovery process by utilizing plug-and-play appliances – either thumb drives or external hard drives – which use custom-built software to identify and collect relevant ESI (electronically stored information) in a defensible manner.
Seek & Collect eliminates the need for physical data collection by forensic experts, a step in the e-discovery process that can be cost-prohibitive and highly disruptive for many companies. By eliminating this need, we help our clients save time and considerable e-discovery costs.
LPOSavvy: You call it an ‘appliance,’ how is it used?
JEFFERY: When a client engages with Integreon for the Seek & Collect service, our forensic experts first consult with the client’s counsel to determine which critical files are needed for preservation. Then, our experts configure the device to collect forensically sound, logical copies of those critical files and their directories. We then send the devices to data custodians via traceable courier. When clients’ individual data custodians receive the Seek & Collect devices, they plug them into their computers, and the appliance automatically executes the software – collecting ESI in a secure, defensible manner. Then, each individual returns the appliance in the provided return envelope, which is tracked until it returns to Integreon’s Electronic Evidence Labs.
To Continue Reading: Click Here
-------------------------------------------------------------
Source: lposavy.info
By: Sanket Purani
I would like to thank Mark & Jeffery for taking the time out for this insightful Q&A. We had an opportunity to also get their thoughts on LPO’s evolution through Mark’s recent participation in the ABA Ethics 20/20 Commission hearings in San Francisco on outsourcing this month.
LPOSavvy: Tell us what Seek & Collect™ aims to do for legal counsel and how Integreon conceived of this product?
JEFFERY: Integreon’s forensics team noticed the unmet need in the e-discovery market for a “simple” solution that could quickly pull together a defensible set of evidence from many geographic locations.
Seek & Collect simplifies the e-discovery process by utilizing plug-and-play appliances – either thumb drives or external hard drives – which use custom-built software to identify and collect relevant ESI (electronically stored information) in a defensible manner.
Seek & Collect eliminates the need for physical data collection by forensic experts, a step in the e-discovery process that can be cost-prohibitive and highly disruptive for many companies. By eliminating this need, we help our clients save time and considerable e-discovery costs.
LPOSavvy: You call it an ‘appliance,’ how is it used?
JEFFERY: When a client engages with Integreon for the Seek & Collect service, our forensic experts first consult with the client’s counsel to determine which critical files are needed for preservation. Then, our experts configure the device to collect forensically sound, logical copies of those critical files and their directories. We then send the devices to data custodians via traceable courier. When clients’ individual data custodians receive the Seek & Collect devices, they plug them into their computers, and the appliance automatically executes the software – collecting ESI in a secure, defensible manner. Then, each individual returns the appliance in the provided return envelope, which is tracked until it returns to Integreon’s Electronic Evidence Labs.
To Continue Reading: Click Here
-------------------------------------------------------------
Source: lposavy.info
By: Sanket Purani
Wednesday, August 18, 2010
SLA: A big question mark for cloud adopters
Due to service levels or the lack thereof, organizations are hesitant to move to the cloud. Vendors clear the air on SLAs for the cloud
We are currently at a stage where the IT world has seen its share of conferences, presentations, and in some cases actual adoption of what can be described the current favorite newsmaker, cloud computing. Som organizations have already moved to the cloud in some way or the other. While for others who are contemplating whether or not to delvier theit IT from the cloud, Service Level Agreements (SLAs) are creating a fair amount of anxiety.
What's known is SLAs in the enterprise goes by the name Quality of Service (QoS) in the cloud world. The QoS determines the percentage of its IT infrastructure an organization would be comfortable moving to the cloud.
Due to the perceived loss of control over the infrastructure and the potential loss of company data most organizations are wary of putting their core applications on the cloud. Cloud service vendors on the other hand, claim that they design their cloud infrastructure with the service levels in mind, some even promise higher uptime than that if the client had his IT hosted in house.
What are they worried about?
Availability
For starters, CIOs or IT heads in general, are largely worried about the availability of infrastructure. For organizations that handles customer intensive data, where the business is highly volatile, it can be catastrophic if access to the infrastructure goes down.
The cloud could become unavailable for several reasons - a hardware problem at the cloud provider’s end, network connectivity going down, etc. CIOs want vendors to consider these factors and offer an appropriate SLA.
To Continue Reading: Click Here
-------------------------------------------------------------
Source: informationweek.in
By: Harshal Kallyanpur
We are currently at a stage where the IT world has seen its share of conferences, presentations, and in some cases actual adoption of what can be described the current favorite newsmaker, cloud computing. Som organizations have already moved to the cloud in some way or the other. While for others who are contemplating whether or not to delvier theit IT from the cloud, Service Level Agreements (SLAs) are creating a fair amount of anxiety.
What's known is SLAs in the enterprise goes by the name Quality of Service (QoS) in the cloud world. The QoS determines the percentage of its IT infrastructure an organization would be comfortable moving to the cloud.
Due to the perceived loss of control over the infrastructure and the potential loss of company data most organizations are wary of putting their core applications on the cloud. Cloud service vendors on the other hand, claim that they design their cloud infrastructure with the service levels in mind, some even promise higher uptime than that if the client had his IT hosted in house.
What are they worried about?
Availability
For starters, CIOs or IT heads in general, are largely worried about the availability of infrastructure. For organizations that handles customer intensive data, where the business is highly volatile, it can be catastrophic if access to the infrastructure goes down.
The cloud could become unavailable for several reasons - a hardware problem at the cloud provider’s end, network connectivity going down, etc. CIOs want vendors to consider these factors and offer an appropriate SLA.
To Continue Reading: Click Here
-------------------------------------------------------------
Source: informationweek.in
By: Harshal Kallyanpur
6 Little Known Secrets To Organizing Data With SharePoint
There’s little doubt that SharePoint can touch each byte of data within your organization. Keep these tips in mind to easily organize and retrieve data.
1. Have a strategy.
Use your company’s hierarchical classification of its terms of interest as the basis of your tagging system. Work with a professional electronic content information management firm to help you establish your organization’s tagging protocols. It’s much more effective and cost-efficient to set up tagging protocols right the first time.
Bonus tip: create tags that also use terms used by people within your organization. This returns better, more relevant search results in a shorter period of time.
2. Stop manual tagging of data.
It’s rare when two people agree on the same metadata for the same digital asset.
In addition, most manual tagging systems have no provisions to ensure tagging is even happening.
Inconsistent tagging is the number one issue to organizing data within SharePoint.
To Continue Reading: Click Here
-------------------------------------------------------------
Source: booshnews.com
1. Have a strategy.
Use your company’s hierarchical classification of its terms of interest as the basis of your tagging system. Work with a professional electronic content information management firm to help you establish your organization’s tagging protocols. It’s much more effective and cost-efficient to set up tagging protocols right the first time.
Bonus tip: create tags that also use terms used by people within your organization. This returns better, more relevant search results in a shorter period of time.
2. Stop manual tagging of data.
It’s rare when two people agree on the same metadata for the same digital asset.
In addition, most manual tagging systems have no provisions to ensure tagging is even happening.
Inconsistent tagging is the number one issue to organizing data within SharePoint.
To Continue Reading: Click Here
-------------------------------------------------------------
Source: booshnews.com
Tuesday, August 17, 2010
Successful Search Defense Means not Having to Restore Your Backup Tapes
So often in e-discovery we receive an opinion from one Court or another in which the Judge has been (properly) incensed at some shortcoming or malfeasance of an attorney or party that fire and brimstone seem to emanate from the very page. At long last, however, the opinion in Calixto v. WABO presents a case in which the Judge carefully and rather completely describes the process, proceedings, and even the contents of affidavits or declarations and testimony, so that we can get a feel for how electronic discovery can actually work in the real world. Moreover, the Court presents the case and its conclusions in a down-to-earth way that makes you actually want to practice in her courtroom.
Jorge Calixto, a Brazilian patent holder, sued WABO for damages and an injunction as a result of WABO’s alleged interference with Calixto’s contract with a third party and infringement of his patents. The dispute centered on WABO’s refusal to restore and search 30 backup tapes for material responsive to Calixto’s discovery requests.1 In response to Calixto’s motion to compel, WABO explained that it had identified all employees who might have any information relevant to the lawsuit. It instructed them to retain all their documents and exempted their ESI from the autodestruct mechanisms built into the computer system. WABO then conducted a search through all the electronic and paper documents of the people subject to the legal hold. Moreover, WABO argued, the earliest information on the backup tapes is from the same time as the information subject to the legal hold, so any production from the backup tapes would be the same information already searched and produced from “live” sources. (*13–*14.)
The Court then directed WABO to file an affidavit detailing how it had done the search, what if any ESI was deleted from WABO’s IT system and under what circumstances, and what if any options were available for recovering the deleted ESI.
WABO filed its affidavit, and it contained the following main points:
The affidavit was sworn to by WABO’s head of IT, Molly Young, who had been personally involved in gathering the information responsive to Plaintiff’s requests.
WABO first identified all employees “who had any possible contact with Plaintiff, knowledge of the [trademarks or patents involved in the litigation], or possibly had any information relating to the Lawsuit or Plaintiff[’s] document requests.”
WABO instructed these seven individuals to search their personal electronic records, including personal hard drives and computer files, and hard-copy files for any responsive information.
Young then electronically searched server house directories, shared drives, and individual files (including archives) using a list of terms selected to retrieve relevant information. The individuals were also instructed to use the same search term list on their local hard drives and Lotus Notes mailboxes.
Counsel for WABO then interviewed the individuals about where they stored their ESI.
All responsive documents were provided to counsel who either produced them or listed them on a privilege log.
Moreover, since the available live sources contained everything that might be resurrected from the backup tapes, plaintiff had already been provided everything on those tapes, and restoring them would be duplicative. Separately, WABO submitted an affidavit from a vendor that detailed how restoring the backup tapes was laborious (because of the kind of software used) and expensive, with the cost running to $40,000 before incurring the expense of relevance and privilege review.
To Continue Reading: Click Here
-------------------------------------------------------------
Source: MyLegal
By: Jeffrey Reed
Jorge Calixto, a Brazilian patent holder, sued WABO for damages and an injunction as a result of WABO’s alleged interference with Calixto’s contract with a third party and infringement of his patents. The dispute centered on WABO’s refusal to restore and search 30 backup tapes for material responsive to Calixto’s discovery requests.1 In response to Calixto’s motion to compel, WABO explained that it had identified all employees who might have any information relevant to the lawsuit. It instructed them to retain all their documents and exempted their ESI from the autodestruct mechanisms built into the computer system. WABO then conducted a search through all the electronic and paper documents of the people subject to the legal hold. Moreover, WABO argued, the earliest information on the backup tapes is from the same time as the information subject to the legal hold, so any production from the backup tapes would be the same information already searched and produced from “live” sources. (*13–*14.)
The Court then directed WABO to file an affidavit detailing how it had done the search, what if any ESI was deleted from WABO’s IT system and under what circumstances, and what if any options were available for recovering the deleted ESI.
WABO filed its affidavit, and it contained the following main points:
The affidavit was sworn to by WABO’s head of IT, Molly Young, who had been personally involved in gathering the information responsive to Plaintiff’s requests.
WABO first identified all employees “who had any possible contact with Plaintiff, knowledge of the [trademarks or patents involved in the litigation], or possibly had any information relating to the Lawsuit or Plaintiff[’s] document requests.”
WABO instructed these seven individuals to search their personal electronic records, including personal hard drives and computer files, and hard-copy files for any responsive information.
Young then electronically searched server house directories, shared drives, and individual files (including archives) using a list of terms selected to retrieve relevant information. The individuals were also instructed to use the same search term list on their local hard drives and Lotus Notes mailboxes.
Counsel for WABO then interviewed the individuals about where they stored their ESI.
All responsive documents were provided to counsel who either produced them or listed them on a privilege log.
Moreover, since the available live sources contained everything that might be resurrected from the backup tapes, plaintiff had already been provided everything on those tapes, and restoring them would be duplicative. Separately, WABO submitted an affidavit from a vendor that detailed how restoring the backup tapes was laborious (because of the kind of software used) and expensive, with the cost running to $40,000 before incurring the expense of relevance and privilege review.
To Continue Reading: Click Here
-------------------------------------------------------------
Source: MyLegal
By: Jeffrey Reed
How to Size Up, and Manage, FCPA Investigation Costs
Corporations worried about compliance with the Foreign Corrupt Practices Act—which would be, like, all of them—have a few more glimpses into the costs of investigating and settling FCPA probes that might prove to be useful benchmarks.
FCPA headlines tend to be dominated by large corporations settling large corruption problems, with large fines and penalties in tow. The standard example is Siemens, the giant German engineering firm that paid $1.6 billion in 2008 to settle FCPA charges after a two-year internal investigation that spanned 30 countries and cost the company $850 million.
Most FCPA probes aren’t anywhere near that magnitude, but they can still impose significant costs to a company in relative terms. Just this month, for example, Alvin, Texas-based industrial services company Team, Inc. disclosed that it spent $3.2 million on an investigation into possible bribes paid by its Trinidad unit—more than six times the $50,000 in alleged bribes in question.
Maxwell Technologies also disclosed on July 29 that it has set aside nearly $13 million to settle FCPA charges with the Securities and Exchange Commission, and General Electric last month settled FCPA charges for $23 million. Neither company said how much it spent internally to investigate the bribery allegations
To Continue Reading: Click Here
-----------------------------------------------------------
Source: complianceweek.com
By: Melissa Klein Aguilar
FCPA headlines tend to be dominated by large corporations settling large corruption problems, with large fines and penalties in tow. The standard example is Siemens, the giant German engineering firm that paid $1.6 billion in 2008 to settle FCPA charges after a two-year internal investigation that spanned 30 countries and cost the company $850 million.
Most FCPA probes aren’t anywhere near that magnitude, but they can still impose significant costs to a company in relative terms. Just this month, for example, Alvin, Texas-based industrial services company Team, Inc. disclosed that it spent $3.2 million on an investigation into possible bribes paid by its Trinidad unit—more than six times the $50,000 in alleged bribes in question.
Maxwell Technologies also disclosed on July 29 that it has set aside nearly $13 million to settle FCPA charges with the Securities and Exchange Commission, and General Electric last month settled FCPA charges for $23 million. Neither company said how much it spent internally to investigate the bribery allegations
To Continue Reading: Click Here
-----------------------------------------------------------
Source: complianceweek.com
By: Melissa Klein Aguilar
Socialite service keeps an eye on your social networks
The software-as-a-service helps enterprises manage e-discovery and records retention on Facebook, Twitter and LinkedIn. Why the technology won’t let you share the phrase, ‘My Secret Project,’ on your LinkedIn status
An on-premise software for managing social networks like Facebook, Twitter and LinkedIn is now being offered as a software-as-a-service (SaaS) for those enterprises concerned about e-discovery and records retention for content created by remote workers.
Socialite, developed by Belmont, Calif.-based web 2.0 management technology vendor FaceTime Communications Inc., is the SaaS version of on-premise software Unified Security Gateway.
Socialite can by used by marketing departments, for instance, within companies that have strict requirements about information posted on social networks and keeping a record of those postings, said Carter.
Besides logging and archiving content shared on social media sites, Socialite also provides controls for what can and cannot be posted. “It prevents the capability of someone sharing the phrase ‘My Secret Project’ in their LinkedIn status inadvertently,” said Sarah Carter, chief strategy officer at FaceTime.
The Socialite service allows IT administrators to set roaming policies for remote workers “so you can control any of the managed machines that might be utilized by the road warriors of the world,” said Carter
To Continue Reading: Click Here
-----------------------------------------------------------
Source: itworldcanada.com
By: Kathleen Lau
An on-premise software for managing social networks like Facebook, Twitter and LinkedIn is now being offered as a software-as-a-service (SaaS) for those enterprises concerned about e-discovery and records retention for content created by remote workers.
Socialite, developed by Belmont, Calif.-based web 2.0 management technology vendor FaceTime Communications Inc., is the SaaS version of on-premise software Unified Security Gateway.
Socialite can by used by marketing departments, for instance, within companies that have strict requirements about information posted on social networks and keeping a record of those postings, said Carter.
Besides logging and archiving content shared on social media sites, Socialite also provides controls for what can and cannot be posted. “It prevents the capability of someone sharing the phrase ‘My Secret Project’ in their LinkedIn status inadvertently,” said Sarah Carter, chief strategy officer at FaceTime.
The Socialite service allows IT administrators to set roaming policies for remote workers “so you can control any of the managed machines that might be utilized by the road warriors of the world,” said Carter
To Continue Reading: Click Here
-----------------------------------------------------------
Source: itworldcanada.com
By: Kathleen Lau
Monday, August 16, 2010
How the Miracle of E-Mail Works
What you see when you open a message in Outlook or Gmail isn't just a snapshot of what someone sent to you. It's a report. It's generated by an invisible query and built of select fields of information culled from a complex dataset, then presented to you in an arrangement determined by your e-mail client's capabilities and user settings.
Dude, your e-mails are a database, and so are mine ... and his ... and hers. Epic.
And for most corporate e-mail users, their messages and attachments implicate at least two databases: the big one housed on a server and storing e-mail records for many users, and smaller, local counterparts residing on employees' desktop computers, laptops, cell phones, iPads and other e-mail client devices.
E-MAIL DATA AND METADATA
E-mail databases do more than simply store and transmit messages and attachments; they add information, too.
When a user opens a message, his or her e-mail client changes the message's appearance to indicate it's been read. When the user flags a message for follow-up, moves messages to folders or deletes certain items, the e-mail client records these changes as data about data, i.e., metadata.
This metadata, and pieces of information transmitted within the messages, are fields in a database that collectively comprise records users query to display what they see onscreen as e-mail messages.
Users rarely see all of the metadata that an e-mail server or local client stores about messages. Instead, they're given a nicely formatted presentation of just the data and metadata their e-mail client software is configured to display. That is, they see the fields in the default "report" that the message database writes to the screen. But, it's easy to see more -- much more.
If you're an Outlook user, find the pane that lists your e-mail, and note the columns in your current view. You're certain to have From, Subject and Received among them. You may also spot columns for flagging messages or displaying their importance or size. Now, right-click on the column title bar and select Fields. In the Show Fields menu that appears, choose All Mail Fields from the Available Fields submenu, and you'll have dozens of additional fields from which to choose. Want to display whether a message was read or copied to another? Add those columns. Want to report if a message has been opened or flagged? Add those columns. With each column you add, you're revising the report that Outlook displays about your e-mail.
To Continue Reading: Click Here
-----------------------------------------------------------
Source: Law.com
By: Craig Ball
Dude, your e-mails are a database, and so are mine ... and his ... and hers. Epic.
And for most corporate e-mail users, their messages and attachments implicate at least two databases: the big one housed on a server and storing e-mail records for many users, and smaller, local counterparts residing on employees' desktop computers, laptops, cell phones, iPads and other e-mail client devices.
E-MAIL DATA AND METADATA
E-mail databases do more than simply store and transmit messages and attachments; they add information, too.
When a user opens a message, his or her e-mail client changes the message's appearance to indicate it's been read. When the user flags a message for follow-up, moves messages to folders or deletes certain items, the e-mail client records these changes as data about data, i.e., metadata.
This metadata, and pieces of information transmitted within the messages, are fields in a database that collectively comprise records users query to display what they see onscreen as e-mail messages.
Users rarely see all of the metadata that an e-mail server or local client stores about messages. Instead, they're given a nicely formatted presentation of just the data and metadata their e-mail client software is configured to display. That is, they see the fields in the default "report" that the message database writes to the screen. But, it's easy to see more -- much more.
If you're an Outlook user, find the pane that lists your e-mail, and note the columns in your current view. You're certain to have From, Subject and Received among them. You may also spot columns for flagging messages or displaying their importance or size. Now, right-click on the column title bar and select Fields. In the Show Fields menu that appears, choose All Mail Fields from the Available Fields submenu, and you'll have dozens of additional fields from which to choose. Want to display whether a message was read or copied to another? Add those columns. Want to report if a message has been opened or flagged? Add those columns. With each column you add, you're revising the report that Outlook displays about your e-mail.
To Continue Reading: Click Here
-----------------------------------------------------------
Source: Law.com
By: Craig Ball
Court Compels Production of Relevant Content from Social Networking Sites
EEOC v. Simply Storage Mgmt., LLC, No. 1:09-cv-1223-WTL-DML (S.D. Ind. May 11, 2010)
The EEOC, on behalf of two claimants, filed claims alleging sexual harassment. In the course of discovery, defendant sought production of claimants’ internet social networking site (“SNS”) profiles and other communications from claimants’ Facebook and MySpace.com accounts. Plaintiff resisted. Following its discussion of the “General Principles Applicable to Discovery of SNS” and the proper scope of discovery in the present case, the court determined that certain content was relevant and ordered plaintiff to produce the relevant information, subject to the guidelines identified by the court.
Defendant sought production of all SNS content on claimants’ online profiles. Plaintiff objected, arguing the requests were “overbroad, not relevant, unduly burdensome” and would improperly infringe upon claimants' privacy and cause embarrassment. Defendant claimed the information was proper where plaintiff placed the emotional health of the claimants at issue “beyond that typically encountered with ‘garden variety emotional distress claims’” and that “the nature of the injuries…alleged implicates all of [claimants’] social communications (i.e., all their Facebook and MySpace content).”
Addressing first the discovery of SNS generally, the court acknowledged that the “[d]iscovery of SNS requires the application of basic discovery principles in a novel context” but stated that the true nature of the challenge before it was to “define appropriately broad limits – but limits nevertheless – on the discoverability of social communications in light of a subject as amorphous as emotional and mental health and to do so in a way that provides meaningful direction to the parties.” Accordingly, the court determined that the claimants’ expectation and intent that their SNS communications would be maintained as private was not a legitimate basis for shielding discovery; that SNS content must be produced when relevant to the claim or defense in a case; and that the proper scope of discovery was wider than “communications that directly reference the matters alleged”, the scope advocated by the EEOC. Specifically, the court reasoned that “[i]t is reasonable to expect severe emotional or mental injury to manifest itself in some SNS content, and an examination of that content might reveal whether onset occurred, when, and the degree of stress.”
To View: Click Here
--------------------------------------
Source: ediscoverylaw.com
The EEOC, on behalf of two claimants, filed claims alleging sexual harassment. In the course of discovery, defendant sought production of claimants’ internet social networking site (“SNS”) profiles and other communications from claimants’ Facebook and MySpace.com accounts. Plaintiff resisted. Following its discussion of the “General Principles Applicable to Discovery of SNS” and the proper scope of discovery in the present case, the court determined that certain content was relevant and ordered plaintiff to produce the relevant information, subject to the guidelines identified by the court.
Defendant sought production of all SNS content on claimants’ online profiles. Plaintiff objected, arguing the requests were “overbroad, not relevant, unduly burdensome” and would improperly infringe upon claimants' privacy and cause embarrassment. Defendant claimed the information was proper where plaintiff placed the emotional health of the claimants at issue “beyond that typically encountered with ‘garden variety emotional distress claims’” and that “the nature of the injuries…alleged implicates all of [claimants’] social communications (i.e., all their Facebook and MySpace content).”
Addressing first the discovery of SNS generally, the court acknowledged that the “[d]iscovery of SNS requires the application of basic discovery principles in a novel context” but stated that the true nature of the challenge before it was to “define appropriately broad limits – but limits nevertheless – on the discoverability of social communications in light of a subject as amorphous as emotional and mental health and to do so in a way that provides meaningful direction to the parties.” Accordingly, the court determined that the claimants’ expectation and intent that their SNS communications would be maintained as private was not a legitimate basis for shielding discovery; that SNS content must be produced when relevant to the claim or defense in a case; and that the proper scope of discovery was wider than “communications that directly reference the matters alleged”, the scope advocated by the EEOC. Specifically, the court reasoned that “[i]t is reasonable to expect severe emotional or mental injury to manifest itself in some SNS content, and an examination of that content might reveal whether onset occurred, when, and the degree of stress.”
To View: Click Here
--------------------------------------
Source: ediscoverylaw.com
Subscribe to:
Posts (Atom)
