UK referred to EU court over data privacy laws

In April 2009 the European Commission told the UK that it wasn't doing enough to protect internet users from having their activities being tracked without their knowledge or permission by services such as Phorm.

A mere six months later the EC lunged towards the next phase of proceedings against the UK, after it became clear that our own bureaucrats had done nothing to address its concerns in the intervening time.

All that frenetic activity clearly tired-out the European officials responsible for hassling the UK over data privacy, and they gave themselves 11 months to recharge their batteries before charging unto the breach once more.

Today they presented the latest fruits of their generously subsidised labour: they've taken the gloves off and... referred the matter to someone else. It may seem draconian, but that's the kind of hard-nosed, take-no-prisoners treatment you can expect from the EC when you interrupt its tax-payer funded holiday.

So, after a year and a half, the trifling matter of our privacy online has been finally been referred to the EU's Court of Justice, with the UK accused of "not fully implementing EU rules on the confidentiality of electronic communications such as e-mail or internet browsing. Specifically, the Commission considers that UK law does not comply with EU rules on consent to interception and on enforcement by supervisory authorities."

In the meantime nothing seems to have been done to protect Internet users from such invasions of privacy, and we hold out little hope that the EU Court of Justice will attach any more urgency to the matter than the EC did.

To Continue Reading: Click Here
-----------------------------------------------------------
Source: channel.hexus.net
By: Scott Bicheno

Five tips for meeting the eDiscovery challenge

The time to develop your data archiving strategy is not the day you get hit with an eDiscovery request. Here are a few pointers to help you implement a system that will keep you in compliance.

eDiscovery, email discovery, electronic discovery — however you refer to it, eDiscovery is a necessary burden for IT managers, corporate legal teams, and executives alike. Federal, state, and corporate regulations require most companies to retain electronically stored information for two to seven years and to be able to produce it quickly upon request. Noncompliance can be costly; FINRA (Financial Industry Regulatory Authority) alone handed out $50 million in fines in 2009. Thankfully, companies that follow simple best practices can drastically reduce the burden of eDiscovery while protecting their finances — and reputations.

1: Know your regulations
Do you know what the December 2006 revision to the Federal Rules of Civil Procedure (FRCP) mean for eDiscovery requirements? According to Debra Logan, VP of Research at Gartner, “Many companies aren’t even aware of the new eDiscovery requirements … this could cost them billions of dollars if they don’t get up to speed quickly.” If you are not familiar with FRCP, here is the short version: EVERYONE must be prepared to discuss how and where they store their email early in the pretrial proceedings, they must preserve their email in a compliant manner and produce it with specified metadata intact, and they must produce their email quickly according to discovery timelines. Talk to your legal department. Or if you don’t have one, consult outside counsel. Make sure you are aware of the regulations that affect your company and then promote awareness and preparedness internally.

2: Create an internal policy
Create an internal policy that details exactly what data needs to be retained to comply with regulatory and eDiscovery requirements. In most cases, companies choose to implement an archiving strategy that addresses retention and compliance requirements for email and other communications. Not only will an effective plan alleviate pressure and lighten the workload of your organization’s IT staff, but it will allow IT staff and legal departments to define an email retention policy that automatically archives all necessary emails. This will further protect the company, should it face litigation, by removing the possibility of human error.

To Continue Reading: Click Here
-----------------------------------------------------------
Source: blogs.techrepublic.com
By: Greg Arnette

87 of AmLaw 200 Law Firms Now Claim to have eDiscovery Practice Group, According to The Cowen Group Survey

One mystery within in the legal profession has been trying to determine how many eDiscovery Practice Groups currently exist within US law firms, and estimates varied widely. According to a recent survey conducted by The Cowen Group (http://www.cowengroup.com), Current State/Future State: eDiscovery Practice Groups at AmLaw 200 Firms, 87 of the AmLaw 200 Law Firms now claim to have an eDiscovery Practice Group.

"These findings are significant for corporations who require law firms with legitimate eDiscovery experience," said David Cowen, Founder of The Cowen Group. "Many firms realized that they needed to establish an eDiscovery Practice Group to market themselves to savvy clients, but far fewer made the necessary investments in people, process, and technology to develop a group with true eDiscovery expertise."

The survey examined current trends among the AmLaw200 toward developing cohesive eDiscovery Practice Groups. Market research indicates that most large firms are moving away from utilizing a single eDiscovery Counsel to tackle EDD issues, and it is now known that 87 of the AmLaw200 have established integrated eDiscovery Practice Groups to replace these individuals. However, there is a significant disparity in the relative sophistication of these groups, so the next step for The Cowen Group will be to establish a set of criteria to determine which firms have the leading eDiscovery Practice Groups.

"By targeting Managing Attorneys, Litigation Partners, and eDiscovery Attorneys, The Cowen Group's market research has already revealed the size, composition, and structure of these evolving Practice Groups," Cowen said. "We plan to further examine the motivations behind their establishment and their value to the firm and its clients. This is an important step in the effort to create transparency regarding the practices of America's top firms."

The results of the survey provide law firm management and leadership with the critical business intelligence necessary to define strategic objectives and advocate for the budget, resources, and authority necessary to achieve success and compete in this evolving marketplace. Additionally, this information provides corporate America with the intelligence they need to be sophisticated and savvy consumers of eDiscovery services.


To Continue Reading: Click Here
----------------------------------------------------------
Source: Trading Markets
By: The Cowen Group

E-discovery moves in-house

More companies are seeing the wisdom of putting the function under internal IT control

When Jonathan Chow, chief information security officer at NBC Universal, found his department's services in increasing demand, that wasn't necessarily a good thing.

He says demand for e-discovery services was increasing 30% to 50% annually in the early and middle parts of the past decade, and he was seeing a dramatic rise in the hours spent supporting e-discovery as his department collected and culled through some of the electronically stored data needed by the company's legal staff.

The information security department, part of corporate IT, owns the e-discovery function and uses it not just for litigation support, Chow explains, but also for M&A activities and internal investigations generated by HR or corporate security, for example.

"We used to handle those occasional queries on an ad hoc basis, but as the number of e-discovery requests grew, this became a much larger and much more time-/resource-intensive process to manage," he said via e-mail. "It was obvious that we could more affordably conduct our e-discovery in-house, assuming we could find the best solutions to support our process."

So Chow moved e-discovery in-house in 2007.

Others are following a similar course. Analyst firm Enterprise Strategy Group (ESG) and Clearwell Systems Inc., an e-discovery software company in Mountain View, Calif., surveyed about 100 Fortune 2,000 enterprises and government agencies late last year and found that some 73% plan to bring e-discovery in-house.

Discovery is the part of the pretrial process in which both sides request information, data and documents from each other as each tries to find, or discover, facts pertinent to the case. Electronic discovery is the part of this longstanding legal process that refers to any information stored electronically.

To Continue Reading: Click Here
-----------------------------------------------------------
Source: Computerworld
By: Mary K. Pratt

Beware of the ESI-discovery-tail wagging the poor old merits-of-the-dispute dog

Here is a new opinion you probably have not heard of yet by Senior U.S. District Judge Sandra s. Beckwith. Moody v. Turner Corp., Case No. 1:07-cv-692 (S.D. OH, Sept. 21, 2010). Judge Beckwith is an early signatory of The Sedona Conference® Cooperation Proclamation. She also uses one of my favorite sayings about the e-discovery-tail wagging the merits-of-the-dispute dog in this opinion. But you will have to read to the end for her full context quote. Thanks to Matthew R. Byrne, my Jackson Lewis e-discovery liaison in Cincinnati, for bringing this case to my attention.

This opinion arises out of ERISA, an old legal speciality of mine before I went full-time e-discovery-only in 2006. It is a dispute over the plan administrator’s calculation of pre-retirement lump sum pension benefits. (Yawn.) The plaintiffs’ attorneys apparently tried to stay awake by engaging in old-fashioned, non-cooperative, hardball discovery, which Judge Beckwith summarized as a “lengthy and contentious discovery process.” Seemed like they picked the wrong judge for that sort of litigation tactic, but maybe they have never even heard of Sedona or the Cooperation Proclamation.

Plaintiffs’ Production Request

The plaintiff made many, many discovery requests in what should be a factually simple, albeit legally complex dispute. In two of their requests for production they included categories concerning ESI and even specified keywords. Here is how Judge Beckwith describes them:

Plaintiffs’ request for production No. 1 and No. 2 sought production of emails concerning the plan that contained words or phrases identified in nine separate sub-requests; the Court’s rough count of the requested search terms is at least 160 different terms.

To Continue Reading: Click Here
-----------------------------------------------
Source: e-discoveryteam.com
By: Ralph Losey

LegalTech 2008-2011: Measuring the eDiscovery Recession

Officially, the U.S. recession started in December 2007 and ‘ended’ last June. Unofficially, we all know of talented people who are still looking for work. Anecdotally, the eDiscovery market seemed to bottom out in the third quarter of last year. I know that I saw a lot more resumes floating around LegalTech 2010 than in previous years. That led me to wonder who had closed shop or been acquired in the last couple years. I figured that one of the better ways to chase this list down would be to compare the LTNY Exhibitor lists from year to year. This exercise turned up some interesting numbers and facts.

I started with the simple metrics of the number of exhibitors per year from 2008 – 2011. The slow recovery may result in a number a last second exhibitors this year as marketing execs look at their budgets. A quick look at the 84 exhibitors from 2010 who are not yet on the 2011 list revealed several healthy, expanding providers. What was interesting to me was the flat number of exhibitors in 2008-2009 and the spike in the 2010 show, right when everyone seemed to be feeling the pinch. The predictions of meteoric revenue growth in the eDiscovery market seemed to attract a lot of peripheral players wanting to capitalize on the hot new market. Given the drop in the current 2011 exhibitor list, I would hazard that many of these services (translators, telecom, web, IT, etc) decided that eDiscovery is more than just a label.


There are 59 exhibitors from 2008 who did not exhibit in the 2010 boom. That means that over 36% of the ‘players’ in 2008 either elected not to exhibit, closed or reorganized in some manner. That is a lot of turnover. We only lost 40 exhibitors from 2009 to the 2010 show, a 25% change. There are a rough total of 312 distinct exhibitors over all four years (not trying to reconcile name changes). Only 83 exhibitors are represented in all 4 years, so roughly 50% of the overall market. That number jumps to 95 if you take out 2011 as being too early for a final count. That still says a lot for the volatility of our emerging market space.

To Continue Reading: Click Here
-----------------------------------------------
Source: ediscoveryjournal.com
By: Greg Buckles

Live Forensics and the Cloud

Exploring the effect of Cloud Computing on digital forensics - Part II

Cloud Computing offers a sense of "vastness" in terms of storage and remote processing. According to Simpson Garfinkil, a major challenge to any digital forensics investigator investigating data within the cloud; can be an inability to locate or identify data or code that is lost when single data structures are split into elements.

This in effect directly impacts forensic visibility.

Within this ecosystem a major concern can be access to and the preservation of data within an on-going digital forensic investigation. Of consideration as mentioned in Part 1 - is that in a live and dynamic system such as the cloud, it is virtually impossible to go back to an original state of data after obtaining a "snapshot" for investigation.

Also of importance will be jurisdictional and legal ramifications pertaining to the physical location of the cloud systems holding data under investigation.

This part of the article continues from the question, "How can an investigator identify and track such an issue?" It looks at identity within the cloud with regard to the issue of anonymous authentication and how it can impact a digital forensic investigation.

To Continue Reading: Click Here
-----------------------------------------------
Source: sys-con.com
By: Jon Shende

ECM: What’s your angle?

If you still think that an enterprise content management (ECM) system is a repository of documents and an interface through which to access them, it’s time to update your image. Like many things in life, ECM is what you make of it. In some cases, the mission-critical function is workflow, in others it’s change management, and in still others, it’s collaboration. ECM can take on many roles, and is increasingly able to be tailored to meet users’ requirements.

Cengage Learning, which publishes educational and reference material for academic, library and professional markets, is using ECM to improve its workflow. One of its brands is the well-known Gale series of reference books, among them a 17-volume encyclopedia called Grzimek’s Animal Life. Originally published in Germany in 1967 with Bernard Grzimek as editor, the encyclopedia covers more than 4,000 species of animals. In 2003, Gale published the first revised and updated version, and in 2009, the first digital version.

Publishing workflow

Each new entry is carefully reviewed by a subject matter expert and a series of editors. Up until several years ago, entries were routed in electronic form to reviewers via e-mail. However, the process was still manual, and significant resources were required to track the progress of each entry from the subject matter expert to the subject matter editors and then to the managing editor.

In 2009, Cengage Learning began using Nuxeo to manage the review process for entries planned for inclusion in Grzimek’s. Nuxeo is an open source ECM platform designed for enterprise applications. “We are using Nuxeo’s workflow to automate the process of routing excerpts to the subject matter experts and to the editors,” says Michael Seiler, eCMS architect. “We have 60 experts who curate the content that is submitted by authors, and Nuxeo is configured to route the content to reviewers according to their area of expertise.” In addition, Cengage uses Nuxeo for versioning, security and access control.

For most subject areas, the entry can be reviewed by one of several experts. The first individual to download the entry from the queue takes on the review. However, if the reviewer does not complete the process within a specified amount of time, the entry is placed back into the queue. Reviewers are also limited in the number of entries they may have out at one time.

To Continue Reading: Click Here
-----------------------------------------------
Source: kmworld.com
By: Judith Lamont, Ph.D.

Virtual Panel to Focus on Social Media, Controlling Legal Costs

In-house counsel can attend a day of CLE-accredited seminars on social media, controlling legal costs, eDiscovery risks, and more without ever leaving the office. And it's free.

Corporate Counsel is presenting its first-ever Virtual Corporate Counsel Forum on Thursday [Sept. 30], featuring a full day of webcasts, a virtual exhibit hall, and a chance to chat with speakers and others "attending" the virtual forum.

The fully interactive webcast will allow in-house counsel to attend presentations and panel discussions, talk with vendors, view product demonstrations, collect information, and network with colleagues.

The agenda includes two social media sessions, one on privacy & security, and one on crafting and enforcing a uniform social media policy. Other segments deal with improving corporate litigation readiness; eliminating eDiscovery risks; understanding the drivers of legal costs; maximizing legal spend; and selecting the right fee arrangement.

All but the segment on maximizing legal spend qualify for CLE credits.

To Continue Reading: Click Here
-----------------------------------------------
Source: law.com
By: Sue Reisinger

Labor Disputes Arising out of Social Media

As the dramatic growth of social media continues to transform the manner in which we all interact with each other, prudent employers must consider traditional labor law principles when implementing workplace social media policies. The new National Labor Relations Board is paying attention to new media in all its forms, featuring its own Facebook page, YouTube channel, and Twitter feed. It is only a matter of time before this board directly addresses labor disputes arising out of the use of these media in the workplace.

In December 2009, the board's Division of Advice issued an advice memorandum addressing whether an employer's social media policy promulgated by Sears Holdings Corp. violated §8(a)(1) of the National Labor Relations Act. Although advice memorandums do not constitute formal adjudication or binding precedent, they often provide important insight.

Among the "Prohibited Subjects" listed in the policy at issue were confidential or proprietary information, intellectual property, explicit sexual references and, most critical to the issue before the division, "[d]isparagement of company's ... executive leadership, employees [or] strategy."

Relying on the framework set forth by the Bush board in Lutheran Heritage Village -- Livonia, 343 NLRB 646 (2004), the Division of Advice opined that the Sears Holdings social media policy did not violate the act: "While the ban on '[d]isparagement of company's ... executive leadership, employees, [or] strategy ... .' could chill the exercise of Section 7 rights if read in isolation, the Policy as a whole provides sufficient context to preclude a reasonable employee from construing the rule as a limit on Section 7 conduct. The Policy covers a list of proscribed activities, the vast majority of which are clearly not protected by Section 7."

To Continue Reading: Click Here
-----------------------------------------------
Source: law.com
By: Seth Borden

Do Your Social Networking Privacy Settings Matter If You Get Sued?

Here’s a tale of two lawsuits: an artist who wants to get paid for his work and a university employee who wants to get paid for falling out of her chair. The former gets to keep his Facebook and MySpace communications private and the latter has to turn them over. Old electronic communications laws mixed with cutting edge electronic communication on social networking sites mean that individual judges have wide leeway in determining what online is private and what’s not.

In California, artist Buckley Crispin sued an apparel company for using his designs in ways that violated his original contract. During the course of defending itself, the company — Christian Audigier, for the fashionistas out there, known in part for having put its logo on luxury condoms — wanted access to all of Crispin’s communications about his work for Audigier from Facebook and MySpace, among others. They probably hoped to find evidence that Crispin was psyched that the company was not limiting his work to street-wear apparel, but was also putting it on jewelry, pet accessories, wine bottles, luggage, etc. Perhaps they would even find that he posted on someone’s Facebook wall that he hoped to see his designs on a condom soon.

To Continue Reading: Click Here
-----------------------------------------------
Source: blogs.forbes.com

Stuxnet: Malware more complex, targeted and dangerous than ever

(CNN) -- Stuxnet is viewed as potentially the most dangerous piece of computer malware discovered. It's been developed on an unprecedented scale and has the ability to target and control specified industrial machinery.

Trying to explain how this works is a bit like trying to trace the origin of this nasty little piece of work. It's a bit all over the place so bear with me on this one.

It's an attack that goes straight after the PLC (programmable logic control) software of an industrial machine, which is effectively the brain of the unit. It uses four zero-day exploits in one package, with a zero-day exploit being an undiscovered flaw in a piece of software; it's the time between the hackers finding a hole in the system and when the developers patch it. And in this case there are four of these exploits, meaning that they've already exponentially increased the chances of finding a way into the system in case any of the holes happened to already be plugged.

Once the malware infects the system it can spread to other computers on the local intranet. It is not an internet-based piece of malware; it can spread through indirect internet usage, but that's not how it sets about its business.

Its main course of action is to look for a specific type of machinery, then report back to a central control server located hundreds of miles away, from where the commands will again be relayed off into the maze of servers set up to make tracing near impossible.

And it is through the trail of servers around the world that the data generated by the PLC software is manipulated and the changes in the running of the machines are made. So theoretically, a group of people located on one side of the planet could control a machine in a nuclear power plant on the other. Scary stuff.

To Continue Reading: Click Here
-----------------------------------------------
Source: CNN
By: Jack Maddox

Who owns the data in network Clouds?

Is it our interest to store data in a cloud or not? After all, all data stored in a Cloud is usually backed up automatically saving us the trouble and we can access it from almost any workstation or device that has a network connection. But data in a Cloud can also be lost or stolen as happened with the Danger Sidekick last year. With more of our data residing in a Cloud than ever, our privacy and ownership rights to the data are unclear.

We’ll look at three types of data often residing in Clouds including web analytics data logs, patent information and social media data (tweets, posts, likes, photos, applications, etc).

Who owns web analytics data stored in a Cloud?

There seems to be little agreement on who owns web analytics session data stored in Network Clouds.

If I were completely reliant on Google Analytics right now for my business, I'd be questioning who really owns my analytics data? Google? Me? Or my site visitors?

Every time we use Google Analytics, Adobe Omniture, WebTrends on Demand or Coremetrics (to name a few of the better known analytics platforms) we rely on security and privacy polices without often knowing what they are.

To Continue Reading: Click Here
---------------------------------------------------
Source: mycustomer.com
By: Marshall Sponder with Cecilia Pineda Feret

Project Management With SharePoint Task Lists

Like many law firms, project management is finding its way into the lexicon of attorneys and staff at Fenwick & West. Driven by clients' desire for more predictable legal costs, law firms are beginning to look beyond the billable hour to alternative fee arrangements. While AFAs can take many forms, they share one thing in common -- they transfer the risk of cost overruns from the client to the firm.

The need to better manage the risk of cost overruns is driving law firms to adopt process management techniques that have become common practice in other industries. One obvious candidate is formal project management. Since many traditional project management tools and techniques are foreign to attorneys, some firms hire dedicated project managers and create project management offices.

Regardless of the structure, successful project management requires tools that are easy to learn and use, which present a minimal distraction from the practice of law. This requirement presents a challenge to legal IT departments charged with selecting project management tools that can support better management of staff projects, as well as client matters. If you use Microsoft SharePoint, then you may already have such a tool: SharePoint task lists.

There is a continuum of tools that may be used to manage legal projects and matters, from paper, to tables and lists in Word or Excel, to centralized enterprise project repositories such as Microsoft Project Server. See Figure 1.






Figure 1: Legal project management tools

Within this universe of options, SharePoint task lists offer those unfamiliar with formal project management low complexity yet sufficient capabilities to improve project and matter management.

To Continue Reading: Click Here
---------------------------------------------------
Source: law.com
By: Mark Gerow

Up to code: Data protection laws

An insurance provider in Massachusetts had basic security measures in place, but these were not enough to be fully compliant with a strict, new state regulation, reports Greg Masters.

When Massachusetts passed what arguably is one of the most stringent data protection laws in the nation last March, Ray Pata, the manager of systems and programming at A.I.M. Mutual Insurance Cos., found himself particularly challenged with the encryption of laptops, required by the new law.

The legislation, 201 CMR 17.00, requires that all companies, no matter where they are based, must safeguard the paper or electronic records in their possession of any Massachusetts resident. Businesses that possess personally identifiable information (PII) of Bay State residents will now be required to encrypt all devices and transmissions.

This legislation differentiates itself from other state disclosure bills because it forces businesses to become proactive in securing technology, insisting that organizations take measures to protect information, as opposed to other guidelines that only require companies alert customers should their data be compromised. In addition, it requires that businesses restrict access to company data to only those employees requiring access, have an employee dedicated to security efforts, regularly monitor enterprise security programs, and develop, implement and maintain a “comprehensive information security program.

To Continue Reading: Click Here
---------------------------------------------------
Source: scmagazineus.com
By: Greg Masters

Court Orders Mirror Imaging to Ensure Preservation During Ongoing Discovery But Declines to Compel Production of Plaintiff's Computer to Defendants

Piccone v. Town of Webster, 2010 WL 3516581 (W.D.N.Y. Sept. 3, 2010)

In this case, both parties moved for spoliation sanctions alleging destruction of emails. Defendants also sought to compel production of certain emails and plaintiff’s personal computer and storage devices to ensure she was not withholding evidence. Both motions for sanctions were denied. Despite denying the motion to compel production of plaintiff's computer, the court ordered plaintiff to create a mirror image at defendants’ expense — to be left in safekeeping with her attorney — to ensure the preservation of evidence while defendants further investigated her preservation efforts.

Plaintiff was terminated from her position with the Town of Webster on January 2, 2008. Plaintiff then filed the instant lawsuit alleging a hostile work environment, among other things. Specifically, plaintiff alleged harassment in the form of offensive emails. Both parties sought production of such emails. Thereafter, dissatisfied with the respective productions, both parties filed motions for spoliation sanctions.

Plaintiff alleged that defendants engaged in spoliation when an employee specifically implicated in the alleged harassment allowed her stepson to remove pornographic images and “inappropriate emails” from his computer in 2004, and again in April 2007, including approximately 200 “offensive emails” allegedly missing from defendants’ production. Defendants denied the spoliation, or that it had allowed her stepson to review and delete emails from the relevant computer.

To Continue Reading: Click Here
---------------------------------------------------
Source: ediscoverylaw.com

Cloud vendors seek better online data protections

Executives from top cloud vendors Microsoft, Google, Amazon.com, Salesforce.com and Rackspace Thursday urged a congressional committee to support their goal of giving data stored in cloud computing systems the same legal protections as information stored on one's personal computer.

The lack of such protections today is a particularly important issue for enterprise customers, and is deterring some from using cloud services, the executives said.

To give lawmakers a sense of the scale of cloud-based system use, Google senior counsel Richard Salgado told the committee that there are 3 million business users of the company's cloud services today, and about 3,000 more sign up for them each day.

All face "inconsistent, confusing and uncertain" privacy laws that can be applied to data, he added.

For instance, the Electronic Communications Privacy Act of 1986 allows the government to compel a service provider to disclose the contents of an e-mail older than 180 days "with nothing more than a subpoena," said Salgado. A search warrant, which unlike a supoena requires that investigators provide probable cause, is needed to turn over e-mails less than 180-days-old, he added.

To Continue Reading: Click Here
---------------------------------------------------
Source: sfgate.com
By: Patrick Thibodeau

Microsoft's head lawyer asks Congress to update tech privacy law

Congress should bring the existing laws on electronic privacy up to speed with today's cloud-computing technologies such as Web-based e-mail and online productivity apps, Microsoft's head lawyer said Wednesday.

SmithGeneral Counsel Brad Smith told the Senate Judiciary Committee in Washington, D.C., that the 24-year-old federal Electronic Communications Privacy Act (ECPA) should be overhauled. Microsoft is calling for greater transparency around the privacy practices of cloud-service providers, better enforcement of cyber crimes, consistency among international laws and clearer rules on the privacy of people's online communications.

In his prepared statement (PDF), Smith gave two examples of inconsistent privacy protection under the current ECPA, which was enacted in 1986:

While this law has served us well for many years, continual advances in technology -- most particularly the advent of low cost Internet-based computing and storage services -- have called into question whether ECPA is adequate to meet our needs as a society today and into the future. For example, under ECPA, emails stored for less than 180 days receive greater privacy protections than emails stored for a longer period. And while information stored on a hard drive would be fully protected by the Fourth Amendment, under ECPA a single email might be subject to multiple legal standards, depending upon whether it is stored and waiting to be read or whether it has been opened. While treating emails differently in these circumstances might have made sense in 1986, it is no longer justified in light of unprecedented digitization and indefinite storage of personal information online.

To Continue Reading: Click Here
---------------------------------------------------
Source: blog.seattlepi.com

Cloud Privacy – Open Rights Management in the Cloud

Laws have not yet caught up with the new Cloud world we live in, and so related data privacy vulnerabilities are hindering best practice adoption. Modernizing these and marrying them with key privacy technologies will open the floodgates for an economy-boosting tech boom that will dwarf the dot com craze.

The Open Identity framework provides a single, globally consistent approach to personal identity information on the Internet, and as such provides a platform for an equally unified legal framework too for the associated Privacy laws, engendering a system for “Cloud Rights Management”.

Cloud Rights Management

Concerns over how data is more vulnerable in the remote data-centres of Cloud providers has been the core thorny issue that holds up its massive-scale adoption, because the simple formula of whether its behind the corporate firewall or not is typically used as the blunt instrument for assuring information protection and compliance.

However the irony is that actually Cloud providers will become considerably more secure. The industry will experience a “race to the top” effect where technology innovation and excellence, and associated levels of business investment, will drive an environment that applies the most advanced IT and policies to achieve the highest standards of information protection.

A firewall is a systems-level protection, against hackers, malware and viruses et al, not a policy-level tool. It can’t regulate access to documents based on the readers role within a certain organization for example, this is ‘Rights Management’. Critically the firewall can also be overly protective, inhibiting legitimate collaboration between staff and their organizational partners due to the VPN access to applications like MS Sharepoint methods being only for direct employees.

To Continue Reading: Click Here
---------------------------------------------------
Source: sys-con.com
By: Cloud Ventures

Abusive Social Networking Can Yield IP Infringement

Like domain names, social networking user names are often an extension of an entity's identity. Businesses use social networking identities to promote themselves as a source of goods and services. Abusive use of social networking user names allows a third party to benefit from the goodwill byproduct endorsement and such abusive behavior constitutes intellectual property infringement.

Among the first publicized evidence of abusive social networking behavior resulting in infringement occurred when an Internet social networking site was sued for allowing the creation of a Twitter site using a famous person's name without authorization. Douglas MacMillan vs. Twitter, No. CGC-09-488101 (Cal. Super. Ct. filed May 6, 2009). The complaint stated that an unauthorized person created an account using a famous person's name and posted content using that account which constituted cybersquatting.

Since 2009, infringement claims based upon abusive use of social networking user names have made regular news. This year, the abuse of social networking became so prevalent that the Federal Trade Commission sued Twitter for facilitating such an infringement. In June, the Washington Post reported that Twitter settled charges brought by the Federal Trade Commission that it "deceived consumers" by allowing hackers to control and send tweets -- the 140-character microblogs users sent out, which appeared to be from well-known people and organizations.

Infringement can be found in both an act of cybersquatting and when social network names are misused; however, the misuse of a social network name does not constitute cybersquatting.

To Continue Reading: Click Here
---------------------------------------------------
Source: law.com
By: Jonathan Bick

Document filters as a search proxy war

Document filters. There’s a phrase to conjure up excitement in any technologists eh? No? Didn’t think so. But look more carefully at what is going on and it does get more interesting, trust me.

I was moved to expand in this by Isys Search Software’s recent attempt at guerilla marketing at Oracle Open World which it tweeted about here:

isyssearch: ISYS goes guerrilla; kicked out of Oracle Open World party after projecting our branding on the Metreon http://tinyurl.com/272fync #oow10

Quite apart from what it says about Isys and how much it’s changed in the last two years – a bit like the nerdy guy in the playground trying to act tough – it shows how important some people – including me – think these filters have become.

There are two main companies selling products that enable the opening and viewing of myriad file formats (400 is a common number cited by both the vendors and their customers). So when a search engine comes across a Word 1997 or even something like Wordstar 4 file, how does it open it? usually using one of two products: Oracle’s OutsideIn or Autonomy’s IDOL KeyView.

To Continue Reading: Click Here
---------------------------------------------------
Source: blogs.the451group.com
By: Nick Patience

What is the Term ‘Early Case Assessment’ Really About?

In the last couple of months, I have seen many different definitions of Early Case Assessment (ECA). Some vendors mold the concept of Early Case Assessment to support their own offerings–which isn’t surprising, but it does cloud the issue. Some of the definitions have merit, but not all. There is one definition that I disagree with in particular: it states that Early Case Assessment consists of a traditional sequential legal review in which the documents are split up into review sets for the lawyers to review the documents one by one. This definition asserts that Early Case Assessment is easier after the full, or at least a significant, legal review has taken place. It results in a reduced set of relevant documents, but the drawback, of course, is that it requires the expense and effort of a traditional legal review early on.

Let’s take a step back and see what we can find on Wikipedia for Early Case Assessment:

According to Wikipedia: “Early case assessment refers to estimating risk (cost of time and money) to prosecute or defend a legal case. Global organizations deal with legal discovery and disclosure requests for electronically stored information “ESI” and paper documents on a regular basis. Over 90% of all cases settle prior to trial. Oftentimes an organization will find they need or want to settle a case, for whatever reason, only to find they wish they did before they spent so much time and money on the case.“

The last sentence gets to the real essence of Early Case Assessment: being able to reach a favorable settlement before spending too much time and money! You can only do that if you really know what is going on. In other words, you need to know exactly what relevant data is in your document set as soon as possible. The last thing you want is to be surprised by opposing counsel with an email that you were not aware of and that is not in your favor in the middle of a settlement procedure, mediation or court proceeding.

But, there are other, more cost effective strategies, tools and technology than a massive legal review. A true early case assessment does far more than reduce the number of relevant documents. It arms the legal team with a very good sense of their legal risk, what damaging evidence they may – or may not – possess, and how many people are involved. It is crucial to assess everything in order to determine the strategy and budget. Will you just settle and pay X dollars, or are you going to fight and allocate X dollars to the defense and response work required? Early Case Assessment is more about defining your eDiscovery strategy than it is about implementing it (i.e., reducing the number of documents). Therefore, one should look for a system that enables to you mine your complete information discreetly and “in the wild” before disrupting business-as-usual with an eDiscovery or legal hold process. The right search tools make this possible.

These tools and techniques have been used effectively by law enforcement, intelligence and security applications, where it is impossible to trim down the document set by means of a legal review. Advanced search, content analytics and text mining help professionals to identify “hot” and “relevant” documents immediately, resulting in an immediate insight in what is really going on.

To Continue Reading: Click Here
-----------------------------------------------------------------
Source: eDiscovery and Information Management
By: JCScholtes (Zylab)

INTERNET LAW - Electronic Discovery & Prenuptial Agreements in New York

Electronic discovery is still evolving with the aid of the 2006 federal rules regarding electronic discovery, which provide great protection for non-parties from onerous discovery. Indeed, cost is one of the major factors when it comes to electronic discovery; particularly when documents have already been destroyed. When documents have already been destroyed, computer savvy people can reconstruct those documents, and even determine if they have been altered. In the case of prenuptial agreements, electronic discovery becomes an interesting legal issue because, in many cases, documents were destroyed and the party against the discovery is ordered may not be a party to an actual legal dispute. This article provides an example of a New York case that involved electronic discovery related to a prenuptial agreement, when the documents had been destroyed and the order was issued against a law firm that was not a party to the current dispute.

In Matter of Maura, 842 N.Y.S.2d 851 (Surrg. Ct. NY 2007), the Surrogate's Court of New York, Nassau County, decided a case involving an electronic discovery request of destroyed documents, issued against a law firm that was not a party to the actual dispute. Matter of Maura presented the following facts: the petitioner filed an action claiming that the second wife of the decedent was not entitled to an elective share under N.Y law because, the petitioner claimed, the second wife had waived her right to an elective share by signing a prenuptial agreement. The second wife claimed that the prenuptial agreement was "null and void as it was the product of fraud, deception, and undue influence.” The second wife also claimed that the decedent had not disclosed his net worth and assets when they signed the prenuptial agreement and that she was not represented by an attorney. The attorney who prepared the prenuptial agreement was not a party to the actual proceedings, but the second wife asked the court to order this attorney to disclose certain documents. For instance, the attorney was asked to produce the estate planning file of the decedent, all documents related to transfer of property from the second wife, statements of income related to the couple"s properties, and all documents related to the couple’s prenuptial agreement found in the attorney’s computer. The court ordered the attorney to comply with this demand in 20 days, except that related to the search in the attorney’s computers. This order, however, could not be complied with in 20 days and the attorney opposed the extent of the order. The second wife filed a motion for contempt.

To Continue Reading: Click Here
---------------------------------------------------
Source: ibls.com
By: Martha L. Arias

The missing piece of cloud security?

Cloud computing, especially public cloud infrastructure-as-a-service is not yet a reality for the vast majority of companies. Recent announcements however, from VMware, Citrix and Oracle clearly show that enterprise cloud computing is gaining momentum.

Security absurdity: U.S. in sensitive information quagmire

In 2010, 9% of companies are currently using or evaluating IaaS, with many more planning deployments for 2011 and 2012. Even though 62% of companies trust IaaS mostly for development and testing applications for now, only 14% trust it for customer-facing Web applications. What's standing in the way of IaaS adoption? Security is the biggest challenge, by a factor of two over all other reasons cited in our research.

Security professionals say that the lack of visibility and control over public cloud infrastructure makes it hard to apply security controls, monitoring, audit and assurance. One of the key services missing from public cloud is centralized, secure and reliable logging. IaaS computing is in many ways a DIY model: you have to design, build, secure and operate each operating system image yourself. Over time, IaaS providers have gradually built more and more platform services that extend the basic CPU-and-storage-on-demand offering. Unfortunately, no one, to my knowledge, is yet offering a logging-as-a-service to complement an IaaS solution.

Log management is hard enough in your own data center. Doing it in a public cloud poses additional unique difficulties. First, there's the issue of ephemeral virtual machines: as virtual machines are turned up and down, their logs need to persist long after the machines disappear. The second problem is deciding where to put the log collection server or servers. If the log collector servers are themselves in the cloud then there is a risk that a failure or outage affecting the production servers will also compromise the log servers leaving no logs to troubleshoot. Conversely, if you backhaul all the logs out of the public cloud and back in to your own data center, you have to consider bandwidth capacity and costs.

To Continue Reading: Click Here
---------------------------------------------------
Source: Network World
By: Andreas M. Antonopoulos

EDD Investment Rallies 'Round Regulation

Now that Dodd-Frank (pdf) is law, and regulators have either gotten or are getting their marching orders, what do corporations need to pay attention to?

That was the subject on the table -- or around it, actually -- at a New York restaurant on a weekday afternoon. It was too small to be called a conference: just four guys and several of us reporter types talking about the issues over lunch. But it helped that one of the guys was David Shonka, principal deputy general counsel at the Federal Trade Commission. The other guest "panelists" were John Davis, a partner at Pillsbury Winthrop Shaw Pittman LLP, and Mark Racanelli, a partner at O'Melveny & Myers.

It wasn't surprising that a good deal of talk touched on e-discovery, considering that the event was set up by Recommind, a San Francisco-based software company heavily involved in that business. But the conversation covered a lot of ground, and it never slipped into an advertisement. That probably had something to do with the moderator, Craig Carpenter, who is not only the company's vice president of marketing, he was once an outside litigator.

Even before the session was called to order, Carpenter and Davis were chatting about federal Magistrate Judge Paul Grimm's Sept. 9 decision in a Maryland district court case called Victor Stanley, Inc. v. Creative Pipe, Inc. It's an e-discovery case that's likely to be talked about for some time to come.

Grimm found that Creative Pipe's president, Mark Pappas, had engaged in a pattern of spoliation that constituted contempt of court. The judge not only granted the plaintiffs a default judgment, he ordered Pappas to pay the plaintiffs' attorney fees and costs -- or go straight to prison.

To Continue Reading: Click Here
-------------------------------------------------
Source: Law.com
By: David Hechler

Q&A: White House E-mail Lawyer Anne Weismann

CREW issues its final report on a fading scandal

In April 2007, Citizens for Responsibility and Ethics in Washington told the world that the White House had failed to comply with its legal obligation to properly retain and archive e-mail records. The revelation came after the Abramoff scandal revealed that some officials were using private e-mail accounts to conduct official business, but this was something different: CREW alleged that at least five million e-mails had been lost due to the White House’s failure to implement a comprehensive e-mail archiving system.

That report kicked off a long-running saga, driven by investigations by Representative Henry Waxman and lawsuits from National Security Archive, the George Washington University-based records watchdog, and CREW. The Obama administration settled the cases in December 2009, agreeing to release documents that recorded their predecessor’s response to the crisis. From these tens of thousands of pages of documents, CREW produced what should be the final word on the issue, a fifty-plus page report which was released last month.

CREW was originally alerted to the problem from whistleblowers, who told of their superiors’ disinterest in efforts to grasp the full extent of the problem, to propose solutions, and to archive what stray e-mails could be found scatted across various computers or on the White House’s emergency backup tapes. While the nature of the problem—how can you count things that are missing?—has obscured the full extent of any data loss, a White House internal analysis from 2006, before the problem went public, showed that there were 473 days where a component of the White House registered not a single archived e-mail. Another 229 days had abnormally low numbers of archived e-mails.

To Continue Reading: Click Here
---------------------------------------------------------
Source: cjr.org
By: Clint Hendler

Avoiding the Ethical Minefield of Social Media: Do You Know Who Your Friends Are?

The use of social media has grown to the point that if Facebook were a country, it would be the third or fourth most populous in the world today.

According to the Socialnomics web site, Generation Y will outnumber baby boomers sometime this year, and 96 percent of Generation Y have already joined an online social network. With this explosion of online activity has come a new set of challenges for employers and attorneys alike.

Also See: FULL Expert Archive

While the media is filled with stories about how corporations are responding to social media issues, there are separate issues particular to attorneys that require additional attention for in-house lawyers. It is more important than ever to remember that while the Internet presents opportunity for business growth, it is also a minefield for ethical violations.

The root of the problem is that while Internet social networking can give the impression that communications are intimate and private, the reality is that posting on the web is more akin to publishing on the front page of The New York Times.

The Internet makes communications easy, and perhaps because of the ease, encourages informality. For many, the line between private and public has disappeared as people grow up tweeting or blogging about the minutiae of their lives. With this unprecedented ease of communications come several hazards.

To Continue Reading: Click Here
---------------------------------------------------------
Source: law.com
By: Edward Chang and John Nagle

The ins and outs of metadata mining

Want to know what opposing counsel was really thinking prior to sending you a document? Mine that document for metadata using techniques like these:

• Activate the Track Changes feature to read insertions, deletions and comments
• Check headers and footers (Does the last page in a discovery read “Page 3 of 7”? Does the date of creation not mesh with other information you’ve been given?)
• Search for “white text” (text in a white font set on a white background)
• In Microsoft Excel, look for hidden columns and rows and floating notes
• In PowerPoint, look for speaker’s notes
• Check a document’s properties for things like document creation date, author, software used to create the document, and other details
• Look for extra fields in e-discovery production documents
• Download a free metadata extractor from the Internet and use it to open files
• You won’t always find useful metadata in documents you receive, but enough lawyers remain ignorant of both metadata and the consequences of disclosing it that it’s worth your while to try the techniques in the list above.

“It isn’t just legal,” says Dominic Jaar, president of Montreal-based Ledjit Consulting Inc. “It’s an ethical obligation for lawyers to look at metadata from opposing counsel.” He also notes that lawyers are obliged to disclose any finds to opposing counsel.

“I review the metadata if it’s relevant to the case,” says Dera Nevin, senior director, litigation support for McCarthy Tétrault LLP.

To Continue Reading: Click Here
---------------------------------------------------------
Source: lawyersweekly.ca
By: Luigi Benetton

Protecting Data in a Cloud Computing Environment

One of the most important elements of cloud computing is protecting the information or data that is stored in the cloud. When IT departments lack the intimate knowledge necessary to make good decisions regarding the identification of sensitive data, it can cost a company millions in lost revenue and legal costs.

In a recent Technology news report, the battle between encryption and tokenization was explored. As securing data in the cloud becomes an increasingly important topic, the merits of both methodologies are being considered. And, while the debate rages on over which solution is the best, the fact that protection in cloud computing is available is ultimately the good news.

In today’s business climate, it is essential that data is secure while in storage or in transit – both inherent in cloud computing. This protection is necessary in industries from retail processing to accessing personal medical records, managing financial activity to government information. Implementing the right data security method to protect sensitive information is a must.

Tokenization is a method to secure specific data by replacing it with a non-sensitive and non-descript value set. It is most common for the actual sensitive data to be stored locally in a protected location or a third-party service provider. Unauthorized access is prevented by tokens to protect information such as social security numbers, medical records, financial transactions and more.

To Continue Reading: Click Here
---------------------------------------------------------
Source: it.tmcnet.com
By: Susan J. Campbell

Sandisk Fails to Find Proper E-Discovery Balance – Gets Sanctioned

In the Southern District of New York it’s easy to get eclipsed (in the electronic discovery world at least) by the Honorable Shira A. Scheindlin (of Zubulake fame). And yet, the latest case out of this district was penned by Magistrate Judge William H. Pauley and contains one of the most memorable preambles to a case that I’ve read in a while:

“Electronic discovery requires litigants to scour disparate data storage mediums and formats for potentially relevant documents. That undertaking involves dueling considerations: thoroughness and cost. This motion illustrated the perils of failing to strike the proper balance.”

In Harkabi v. Sandisk Corp., 08 Civ. 8203 (WHP) (S.D.N.Y. Aug, 23, 2010), aside from the stellar opening, Magistrate Pauley illustrates that the culpability standard for certain technology companies may actually be higher than for their low tech counterparts. The discovery dispute began after the plaintiffs claimed that the defendant Sandisk failed to produce their former laptops and corporate email. When the underlying action (for failure to pay the plaintiffs their “earn outs” after an acquisition) began to heat up the plaintiffs wisely sent Sandisk a preservation letter.

Sandisk, upon the receipt of the letter sent a “Do-Not-Destroy” memorandum as well as securing the laptops issued to plaintiffs. After some time, the laptops were imaged and the data was saved on a file server. Unfortunately, this is where things took a turn for the worse.

To Continue Reading: Click Here
---------------------------------------------------------
Source: eDiscovery 2.0
By: Dean Gonsowski

What is ECA? Here is my definition.

Much of my time is spent advising and performing activities concerned with preservation and Early Case Assessment (“ECA“). I like to do them both together, at the beginning of a case, with initial priority put on starting the preservation process. Yes, process. There is a lot more to it than just sending out a notice, as Judge Scheindlin reminded us all in The Pension Committee of the University of Montreal Pension Plan, et al. v. Banc of America Securities, et al., 685 F. Supp. 2d 456 (S.D.N.Y. Jan. 15, 2010 as amended May 28, 2010).

I was challenged by a partner the other day to come up with a simple two paragraph definition of the electronic discovery aspects of ECA. I thought it might be helpful to share my effort, written quickly, just like ECA. There is a lot of confusion and vendor hype surrounding the term these days. So the view of a lawyer actually practicing law in the field is needed. I don’t pretend my definition of ECA for e-discovery is the last word, far from it. This definition describes, to some extent, my personal techniques (such as the use of native views to help get inside the head of a witness), and every attorney tends to have their own unique approaches. This necessarily idiosyncratic definition is shared in the hope that it will start a reasoned dialogue on the subject by those of us whose professional careers are devoted to e-discovery; those of us who actually do ECA most every day, and not just sell software or consult about it.

Same Old, Same Old

Although the ECA process has changed considerably over the last few years, it is nothing new. I have been assessing a case at its commencement my whole career. Every trial attorney does. Review of documents has always been an essential part of most early case assessments. Nowadays, however, the document review is much more complicated, considering the volume of documents has exploded a million-fold and they tend to throw themselves away! In the old days of the 1980s a big document case was a warehouse of documents, now it’s the whole Library of Congress. See i.e.: Lehman Brother Examiner’s Report.

Yes, the document evaluation segment of ECA has changed dramatically in the last thirty years, although the rest of the components of ECA, such as study of the law and witness interviews is pretty much the same. Now, of course, you have to also ask witnesses about their ESI and preservation compliance, something rarely touched on years ago in the pre-Zubulake world. But that is not really a big change in witness interviews. You still focus on the merits of the case, what they know, the five Ws (who, what, when, where, why). Most importantly, the fundamental goals of real ECA remains the same: how good a case do you have? How hard will it be to prove? And every client’s favorite, the one that attorneys are adept at avoiding, how much will it cost? Depends.

To Continue Reading: Click Here
---------------------------------------------------------
Source: e-discoveryteam.com
By: Ralph Losey

What Does the New Law Mean for Me?

Now that Dodd-Frank (pdf) is law, and regulators have either gotten or are getting their marching orders, what do corporations need to pay attention to?

That was the subject on the table — or around it, actually — at a Manhattan restaurant on Wednesday afternoon. It was too small to be called a conference: just four guys and several of us reporter types talking about the issues over lunch. But it helped that one of the guys was David Shonka, principal deputy general counsel at the Federal Trade Commission. The other guest "panelists" were John Davis, a partner at Pillsbury Winthrop Shaw Pittman LLP, and Mark Racanelli, a partner at O'Melveny & Myers.

It wasn't surprising that a good deal of talk touched on e-discovery, considering that the event was set up by Recommind, a San Francisco-based software company heavily involved in that business. But the conversation covered a lot of ground, and it never slipped into an advertisement. That probably had something to do with the moderator, Craig Carpenter, who is not only the company's vice president of marketing, he was once an outside litigator.

Even before the session was called to order, Carpenter and Davis were chatting about federal Magistrate Judge Paul Grimm's Sept. 9 decision in a Maryland district court case called Victor Stanley, Inc. v. Creative Pipe, Inc. It's an e-discovery case that's likely to be talked about for some time to come.

Grimm found that Creative Pipe's president, Mark Pappas, had engaged in a pattern of spoliation that constituted contempt of court. The judge not only granted the plaintiffs a default judgment, he ordered Pappas to pay the plaintiffs' attorney fees and costs — or go straight to prison.

To Continue Reading: Click Here
---------------------------------------------------------
Source: law.com
By: David Hechler

Don’t be afraid to delete that email

Today, many enterprises find themselves mired in the ever increasing need of bigger inboxes and larger archives. But the problem is that their IT departments haven't got the dough to buy more storage."

The financial crisis and tighter IT budgets are not helping the situation either. Between 2007 and 2009, the part of IT budget spent on storage has jumped up from 7 per cent to 17 percent. So, at a time when IT budgets are flat or negative, and storage budget as a component of the overall IT budget keeps burning a bigger hole, IT departments have to live the cliché of our times: do more with less. However, that does not leave them with enough moolah for chasing innovations.

Bottom-line? We can't afford to fund bigger mail boxes, the companies sing in a chorus of despair.

Small problem, big pain, that's right. This begs the question: Is there a solution for this moolah-guzzling monster of a problem?

Delete and manage

Apparently there is, says Sean Regan, director, product marketing, Information Management Group, Symantec. Sean was recently in Singapore ahead of announcing Symantec's releasing of a new de-duplication appliance based on its existing software product, as well as a cloud storage service for NetBackup and Backup Exec customers (read the related story here).

To Continue Reading: Click Here
---------------------------------------------------------
Source: news.idg.no
By: Zafar Anjum

The Data Liberation Movement

Despite the advanced portability of data, the world's largest cloud computing vendors are fighting to lock their customers within their proprietary formats. But it does not need to be this way. Data liberation is a movement that is gaining momentum among enterprises and cloud vendors alike. These progressive businesses and consumers desire to control their data regardless of its location.

Renaissance Italy created an explosion of new ideas across art, science and culture, but the biggest idea to come from that era was the idea of the modern bank. By creating an independent entity to hold and protect customer assets, modern banking helped lay the foundation for modern capitalism, and all the wealth that it has created. The beautiful thing about banks is that when you put your money in, you still own it. You can withdraw it at any time, usually in a matter of minutes.

If only cloud computing could work this way.

Anti-Portability Pain

Despite the advanced portability of data, the world's largest cloud computing vendors are fighting a raging battle to lock enterprises and consumers alike within their proprietary formats -- formats that fragment the market without providing any real benefits to the end users.

It is ironic that in a world where all of the world's information is available through a browser and the cloud app ecosystem is growing exponentially that the cloud has the potential to place data back into silos. Setting aside the prediction of which cloud vendor is likely to win the battle, or if we're in for another protracted conflict, the upshot for consumer data is rather clear: Get ready for data anti-portability.

To Continue Reading: Click Here
---------------------------------------------------------
Source: technewsworld.com
By: Rob May

Is Integrated E-Discovery the Best Approach?

The e-discovery market is changing at an ever-increasing rate. Almost daily, we hear news of a merger between two vendors with talk of providing an integrated solution for law firms. Indeed, integration has quickly become one of the buzzwords of 2010.

With law firms increasingly feeling pressure to adapt to client demands to reduce bills and expenses, an integrated e-discovery solution may seem like a wise investment. Having fewer vendors providing necessary services is always beneficial. It means less administrative overhead, less potential for miscommunication, and less time spent training staff on new software. However, when it comes to e-discovery, an integrated solution may not always provide a law firm with exactly what it needs. An integrated e-discovery platform must provide the firm with the ability to process, review, analyze, and then produce electronically stored information in a consistent, defensible, and economically sensible manner. This is of paramount importance. Without understanding the many nuances involved in each of these phases, a law firm may quickly find out that it has purchased an integrated solution that fails to perform an essential task. At that point, the firm is faced with outsourcing this essential task or purchasing stand-alone software, defeating the purpose of investing in an integrated solution. In light of this, firms should carefully consider the essential software components for each phase of the e-discovery life cycle before investing in an integrated solution.

ESSENTIAL COMPONENTS FOR ESI PROCESSING

Processing ESI is one of the biggest hurdles for any e-discovery solution. Data comes in many forms and formats, and often requires many steps in order to be made ready for analysis. Removing duplicate copies, especially of e-mails, is also crucial. An integrated tool must address all of these issues.

When it comes to the processing phase, law firms should consider whether an integrated solution provides the following.

Identification of file types. Obviously, the most basic function of a processing application should be to identify files by file type, and truthfully, most solutions readily perform some level of file type identification. However, file extensions can often be misleading. A better tool can process files by analyzing their contents, not simply their extensions.

To Continue Reading: Click Here
---------------------------------------------------------
Source: law.com
By: David Deusner

E-Discovery Sanctions: Not for Defendants Only

In the beginning, there was Zubulake.

OK, maybe that's an overstatement, but it is no overstatement to say that most civil litigators were introduced to the world of e-discovery through the series of opinions leading up to the final decision in Zubulake v. UBS Warburg, a 2004 case out of the U.S. District Court for the Southern District of New York. The other notorious case that woke up litigators to the issues involving e-discovery was Morgan Stanley & Co. v. Coleman (Parent) Holdings, a 2004 case that went before Florida's 4th District Court of Appeals.

In both matters, the defendants' gross deficiencies in preserving and producing e-discovery led the courts to find that spoliation, i.e. the destruction of evidence, had occurred. The courts provided remedies in the form of monetary sanctions, as well as adverse inference instructions to the jury that they must infer from defendants' failure to produce discovery that such discovery would have supported the plaintiffs' version of events. Those cases made familiar those and other terms now often used and generally associated with e-discovery matters.

Both cases also provided the parties with the roles we associate with e-discovery litigation: The plaintiff demands e-discovery while the defendant produces it.

Zubulake, in particular, provided the most familiar scenario in e-discovery litigation, in which the "David" plaintiff seeks smoking-gun e-mails from the "Goliath" defendant.

And the position taken by the civil defense bar confirms the reality that, in most cases, plaintiffs seek e-discovery while defendants produce it.

To Continue Reading: Click Here
---------------------------------------------------------
Source: law.com
By: Leonard Deutchman

Shaquille O'Neal Sued for Computer Hacking, Destruction of Evidence

Shaquille O'Neal is being sued in Dade County, Florida, by a former employee of his, Shawn Darling.

This type of thing (people suing rich, famous people) happens every single day. But the details of Shaq's lawsuit aren't your average, every day civil complaint from an ex-employee.

Radar Online reports that Darling is suing Shaq for some pretty heavy stuff: computer hacking and destruction of evidence.

Darling claims that he worked for O'Neal -- and O'Neal's wife, Shaunie, as well as his "associates" and children as well -- from late 2007 until November 2009, and that during that time, Shaq had him "wipe" Shaq's computers and delete the information in his "AOL" account in relation to other legal issues.

To Continue Reading: Click Here
--------------------------------------------------
Source: Fanhouse
By: Will Brinson

European Court Limits Attorney-Client Privilege for In-House Counsel

In a blow to multinational businesses and their in-house counsel, the European Court of Justice on Tuesday held that communications between company management and in-house lawyers are not protected from disclosure or discovery in competition law cases or investigations by the European Commission.

"The ECJ ruling has serious ramifications as it denies in-house attorneys and multinational businesses in Europe and elsewhere the critical legal counsel on competition law matters that companies working in today's global legal marketplace require," said London solicitor J. Daniel Fitz, former chairman of the board of the Association of Corporate Counsel, which had intervened in the case.

The court ruled in an appeal brought by Akzo Nobel Chemicals and its subsidiary Akcros Chemicals. The two companies were being investigated for possible anti-competitive behavior. During the investigation, a dispute arose over copies of two e-mails exchanged between the managing director and Akzo Nobel's coordinator for competition law, a member of the Netherlands Bar and a member of Akzo Nobel's legal department. After analyzing those documents, the investigating officials of the European Commission decided that they were not covered by legal professional privilege. The companies lost an appeal in the lower court.

In examining the companies' subsequent appeal, the European Court of Justice applied its 1982 decision in AM&S Europe v. Commission, which set out two conditions for granting the privilege: First, the exchange with the lawyer must be connected to "the client's rights of defence" and, second, that the exchange must emanate from "independent lawyers," that is "lawyers who are not bound to the client by a relationship of employment."

The court rejected arguments that an in-house lawyer enrolled at a bar or law society is, simply on account of his obligations of professional conduct and discipline, just as independent as an external lawyer.

"An in-house lawyer, despite his enrolment with a Bar or Law Society and the professional ethical obligations to which he is, as a result, subject, does not enjoy the same degree of independence from his employer as a lawyer working in an external law firm does in relation to his client," the court wrote. "Consequently, an in-house lawyer is less able to deal effectively with any conflicts between his professional obligations and the aims of his client.

"It follows, both from the in-house lawyer's economic dependence and the close ties with his employer, that he does not enjoy a level of professional independence comparable to that of an external lawyer."

To Continue Reading: Click Here
-----------------------------------------------------
Source: Law.com
By: Marcia Coyle

Security and privacy still issues for cloud

Whilst many cloud providers may play it down, one of the Intel fellows claims we still have a lot of questions around security and privacy to answer before strong cloud adoption takes hold.

Cloud computing may be the hot topic in technology right now but an Intel fellow has warned there are still questions that need to be answered before full scale adoption becomes a reality.

During a panel discussion with a number of fellows at IDF 2010, Kevin Kahn, Intel senior fellow and director of the communications technology lab, claimed the questions marks hovering over security and privacy in the cloud were yet to be dealt with.

“We really have a lot of questions to answer about how cloud computing rolls out, particularly in the area of privacy and security,” he said.

“[For example] what exactly is the legal status of your data if you are using a cloud service that happens to put one of their data centres in France? You are a US citizen perhaps, you think you are dealing with a US company, but because of the time of day, the maintenance schedule of the data centre here, your data happens to be in another country. What is your legal status?”

To Continue Reading: Click Here
---------------------------------------------------------
Source: itpro.co.uk
By: Jennifer Scott

Q&A: A New Approach to Tape Discovery

Dealing with archived media is a thankless -- and often painful -- job. IT's constant changes to its environment complicates matters. There must be a better way to get a handle on archived data, especially to streamline data recovery and reporting. Jim McGann, vice president of information discovery for Index Engines, explains the benefits of enterprise tape discovery and the best practices that will help you make the most of the technology.

Enterprise Strategies: What are the biggest challenges enterprises are facing with tape discovery?

Jim McGann: IT infrastructure is constantly changing. Software changes, configurations change, e-mail servers change, and file systems are reorganized. When searching for specific data, it is often a huge challenge to recover your data on specific tapes. Enterprise IT teams could be searching through thousands of tapes, dealing with different backup versions or vendor formats, different e-mail server versions, and different operating systems versions.

The major concerns surrounding tape discovery is the significant expense needed to manage and store data. Those include offsite storage fees, maintenance and support of tape infrastructures, software, and consultant fees needed to restore/ recover data from old tapes.

What are all the use cases for tape discovery outside of litigation?

Although use of electronic media (such as e-mails, external flash drives, and instant messaging software) enables organizations to have ready access to all kinds of information, many companies worry about the legal ramifications of storing sensitive and confidential data that could be used against them in a court of law. Recent laws and changes to the Federal Rules of Civil Procedure (FRCP) have placed a burden on companies to document and defend their recordkeeping and e-discovery procedures.

To Continue Reading: Click Here
---------------------------------------------------------
Source: esj.com
By: James Powell

Privacy & data protection - the long reach of the (Massachusetts Data Protection) law

While your company may not be physically or operationally doing business in Massachusetts, you should know about the recently enacted Massachusetts Data Protection Law (Massachusetts 201 CMR 17). This law should interest you for two reasons:

• Your company is subject to this law if it handles or stores the personal information of any Massachusetts resident; and
• The law establishes certain requirements of a security program that your company should consider implementing, regardless of where you do business.

These regulations finally went into effect on March 1, 2010. The law requires that every person or business that has the "personal information" of a Massachusetts resident develop, implement and maintain a "comprehensive information security program." Among the specific requirements that a company must have addressed as part of its information security program, it must include, without limitation:

• Adoption of a written information security program. Appointment of someone accountable for the information security program.
• Adoption and implementation of comprehensive security policies and training of employees thereon.
• Encryption of personal information across public networks and when transmitted wirelessly.
• Encryption of portable devices that store personal information, where reasonable and technically feasible.
• Encryption of backup tapes on a prospective basis.
• Limitation of the amount of personal information collected, the length of time the information is retained and the number of individuals who are permitted to access and use it.
• Regular monitoring of the security program and an assessment of the security measures on an annual basis, or when there is a material change to the business practices of the company, whichever is earlier.
• Requirements that third party service providers maintain appropriate safeguards, including contractual representations, respecting the protection of personal information.
• Deployment of security system controls such as malware protection, patches and virus definitions that receive security updates on a regular basis.
• Documentation of actions taken in connection with the occurrence of a security incident with lessons learned incorporated back into the security program.
  

To Continue Reading: Click Here
---------------------------------------------------------
Source: lexology.com

By: Amy E. Yates

Clarity Needed in Breach Notification Rule

Gray Areas Need to be Eliminated

My fingers are crossed that the final version of the federal breach notification rule greatly clarifies when a breach has to be reported to the individuals affected as well as federal authorities.

I hope the final version states in the simplest possible terms that the federal law supersedes state laws, unless the state laws have tougher requirements.

Write the rule in clear enough language that an organization doesn't need to hire a lawyer to decipher it.

And I also hope the so-called "harm standard" in the interim final version of the rule bites the dust. Several members of Congress, and some privacy advocates, already have called for its demise.

The harm standard provision allows healthcare organizations and their business associates to conduct a risk assessment to determine whether a particular data security breach presents "significant risk" and thus needs to be reported to those affected.

The provision creates gray area in the law. It needs to be replaced by clear-cut, black-and-white guidance on what must be reported.

Regulators need to make it easier for an organization to figure out how to comply with the rule. Spell out when a breach needs to be reported. Spell out when federal regulations prevail over state regulations. Remove any room for interpretation. Write the rule in clear enough language that an organization doesn't need to hire a lawyer to decipher it.

To Continue Reading: Click Here
---------------------------------------------------------
Source: blogs.infosecurity.com
By: Howard Anderson

The Grimm Truth About Spoliation

Victor Stanley, Inc. v. Creative Pipe, Inc., No. MJG-06-2662 (D. Md. Sept. 9, 2010)

For willful, bad faith discovery violations, including failure to implement a litigation hold, attempted deletion of ESI, actual deletion of ESI, and misrepresentations regarding the completeness of discovery, the Court recommended default judgment and a permanent injunction as to plaintiff’s copyright claim and ordered monetary sanctions and that defendants’ acts of spoliation be treated as contempt such that an individual defendant, the President of Creative Pipe, be jailed for not more than two years “unless and until” he pays the attorney’s fees and costs awarded.

The Court’s opinion also offers extensive analysis of the spoliation laws in each circuit.

Specifically, in addition to defendants’ attempted deletion of certain ESI, the Court identified eight discreet preservation failures:

(1) Pappas’s* failure to implement a litigation hold; (2) Pappas’s deletions of ESI soon after [Plaintiff] filed suit; (3) Pappas’s failure to preserve his external hard drive after Plaintiff demanded preservation of ESI; (4) Pappas’s failure to preserve files and emails after Plaintiff demanded their preservation; (5) Pappas’s deletion of ESI after the Court issued its first preservation order; (6) Pappas’s continued deletion of ESI and use of programs to permanently remove files after the Court admonished the parties of their duty to preserve evidence and issued its second preservation order; (7) Pappas’s failure to preserve ESI when he replaced the CPI server; and (8) Pappas’s further use of programs to permanently delete ESI after the Court issued numerous production orders.

[*Per the Court’s footnote, “because Pappas controlled [Creative Pipe, Inc.] at all times relevant to this case, his conduct is attributable to him individually as well as to his company, CPI.”]

Based on defendants’ “willful, bad faith conduct”, the Court presumed the relevance of the destroyed ESI, as well as the prejudice to the plaintiff, as is permitted in the Fourth Circuit.

Regarding plaintiff’s request for sanctions, the Court found that “the facts amply demonstrate the intentional, bad-faith permanent destruction of a significant quantity of relevant evidence” such that default judgment on liability was “clearly appropriate” as to Count I, plaintiff’s copyright claim. Notably (and somewhat surprisingly), defendants “admit spoliation, relevance, and prejudice, and consent to default judgment….” As to the same count, the Court recommended a permanent injunction which was also unopposed by the defendants.

The Court also ordered monetary sanctions, specifically reasonable attorney’s fees and costs, including “fees and costs associated with all discovery that would not have been undertaken but for Defendants' spoliation….” Further, the Court ordered that “[Defendants’] acts of spoliation be treated as contempt of this court, and that as a sanction, [Pappas] be imprisoned for a period not to exceed two years, unless and until he pays to Plaintiff the attorney’s fess and costs that will be awarded….”

To Continue Reading: Click Here
---------------------------------------------------------
Source: ediscoverylaw.com

Examining eDiscovery

To fully understand what electronic discovery (ediscovery) is, you must understand the legal profession and the litigation process. During litigation, both sides exchange information about the case. This can be in the form of depositions, interrogatories and document exchange. The rules governing this process come from the Federal Rules of Civil Procedure for litigation in Federal court or your state rules of civil procedure for state cases.

The legal system itself is slow and methodical by design. This can lead to a great deal of confusion when new laws and factual situations come into effect because law is never really set until the facts are litigated and make their way through the appellate process. In general, the standard answer you will receive from an attorney on just about any question is, "it depends." Within areas of emerging law, especially those surrounding technology, the answer is, "We don't know yet."

Unlike regulations such as Sarbanes-Oxley, which placed many new requirements directly on organizations with a deadline for compliance, the electronic discovery amendments affect them only through the litigation process. Many companies faced with tight budgets aren't preparing in advance for litigation. This is clearly their right to do so. This bad decision can lead to astronomical costs of litigation when it finally does occur.

Penalties for failing to comply with a duty to preserve data range from monetary sanctions all the way to an "adverse inference" instruction. In this situation, a jury is instructed to assume any files and communications not produced were harmful to the defendant. Such an instruction all but guarantees defeat for a defendant.

Increasingly, judges are also holding attorneys themselves responsible for the negligent acts of their clients in preparing for discovery.

To Continue Reading: Click Here
---------------------------------------------------------
Source: enterpriseitplanet.com
By: Sonny Discini