Ever since December 2006, when the US government introduced amendments to the Federal Rules of Civil Procedure (.pdf) for the discovery of electronically stored information, e-discovery has become a major issue for UK information security professionals working in American corporations. Unfortunately, many UK infosec pros don’t realise how important e-discovery is.
The rules stipulated that, when a lawsuit begins, the two parties must meet and agree on which electronic files, including emails and other electronic communications, might be relevant to the case, and then decide on how much information needs to be produced as potential evidence. That put a new burden on companies to manage their information more systematically and store it in a way that it could be effectively searched.
So why should this worry anyone working in the UK? According to Debra Logan, an analyst with research and advisory firm Gartner who specialises in the field of e-discovery, most UK organisations believe e-disclosure is an American phenomenon, and of no concern to them. But they are wrong.
“Some Europeans think it doesn’t matter here,” Logan said, “but the fact is that the rules of disclosure and discovery are no different in any jurisdiction.”
Furthermore, with increased regulations and laws covering factors such as privacy and corporate bribery, there is a growing level of litigation in Europe. According to Fulbright & Jaworski, a law firm that tracks litigation trends in the US and UK, 50% of UK companies faced at least one legal dispute in 2010, compared with 45% the year before.
To Continue Reading: Click Here
--------------------------------------
Source: searchsecurity.techtarget.co.uk
By: Ron Condon
Thursday, September 29, 2011
Wednesday, September 28, 2011
Eight cloud computing risks, and how to quash them
What could go wrong with cloud? Let’s count the ways….
In their latest book, Cloud Computing for Business, Dr. Chris Harding and his team of co-authors affiliated with The Open Group — a key standards body for enterprise architecture — detail some of the key risk areas that need to be looked at with any cloud project:
Risk #1: The solution may not meet its financial objectives: Do your short-term and long-term ROI work. The key factors to consider when assessing cloud ROI risk probability include utilization, speed, scale, and quality. “These factors are built into most ROI models, and affect the headline figures for investment,
revenue, cost, and time to return.”
Risk # 2: The solution may not work in the context of the user enterprise’s organization and culture: Always a biggie. The best way to address is having “a clear executive vision and direction for business transformation,” which includes top-level executive support. (Easier said than done, right?) This should include the establishment of “a clear roadmap for procurement or implementation of cloud services and applications that use them, and coordination of stakeholders and competing strategies to get consensus for storage, computing, network and applications to avoid islands of demand usage.” Always start with pilots to create confidence and “build buy-in and usage in the user community for cloud services.”
Risk #3: The solution may be difficult to develop due to the difficulty of integrating the cloud services involved: “There is a risk that it will not be possible to integrate [multiple] cloud services with the existing system and with each other. This risk is critical; if the system cannot be built, it cannot be used. The service integration risk can be assessed by considering interface conversion cost, ability to change the existing system, and available skills.” The skills part could stand as a risk on its own, as Harding and his co-authors point out that “significant skills are required to assemble and customize multiple cloud services from different providers in a flexible, adaptable way, while maintaining security, backup, and governance mechanisms.”
To Continue Reading: Click Here
--------------------------------------
Source: zdnet.com
By: Joe McKendrick
In their latest book, Cloud Computing for Business, Dr. Chris Harding and his team of co-authors affiliated with The Open Group — a key standards body for enterprise architecture — detail some of the key risk areas that need to be looked at with any cloud project:
Risk #1: The solution may not meet its financial objectives: Do your short-term and long-term ROI work. The key factors to consider when assessing cloud ROI risk probability include utilization, speed, scale, and quality. “These factors are built into most ROI models, and affect the headline figures for investment,
revenue, cost, and time to return.”
Risk # 2: The solution may not work in the context of the user enterprise’s organization and culture: Always a biggie. The best way to address is having “a clear executive vision and direction for business transformation,” which includes top-level executive support. (Easier said than done, right?) This should include the establishment of “a clear roadmap for procurement or implementation of cloud services and applications that use them, and coordination of stakeholders and competing strategies to get consensus for storage, computing, network and applications to avoid islands of demand usage.” Always start with pilots to create confidence and “build buy-in and usage in the user community for cloud services.”
Risk #3: The solution may be difficult to develop due to the difficulty of integrating the cloud services involved: “There is a risk that it will not be possible to integrate [multiple] cloud services with the existing system and with each other. This risk is critical; if the system cannot be built, it cannot be used. The service integration risk can be assessed by considering interface conversion cost, ability to change the existing system, and available skills.” The skills part could stand as a risk on its own, as Harding and his co-authors point out that “significant skills are required to assemble and customize multiple cloud services from different providers in a flexible, adaptable way, while maintaining security, backup, and governance mechanisms.”
To Continue Reading: Click Here
--------------------------------------
Source: zdnet.com
By: Joe McKendrick
Model Order Would Limit E-Discovery in Patent Cases
Chief Judge Randall Rader of the U.S. Court of Appeals for the Federal Circuit has unveiled a model order that would limit e-discovery in patent cases. At the 2011 Eastern District of Texas Bench Bar Conference in Irving on Sept. 27, Rader said the Federal Circuit Advisory Council unanimously voted to adopt the proposed "Model Order on E-Discovery in Patent Cases." Rader's standing-room only talk was billed as "Thoughts on the Status and Direction of Patent Litigation in the United States."
The Eastern District of Texas Bar Association and the Federal Circuit Bar Association jointly ran the three-day event.
The model order proposes several limits on the production of electronically stored information. These are laid out in the following provisions:
• Metadata is excluded from e-discovery production requests without "a showing of good cause."
• E-mail production requests must be for specific issues "not general discovery of a product or business."
• E-mail production requests should be delayed until after disclosures about the patents, the accused uses of the invention, relevant financial information and the prior art — published information about the subject matter of the claimed invention, including issued patents.
To Continue Reading: Click Here
--------------------------------------
Source: law.com
By: Sheri Qualters
The Eastern District of Texas Bar Association and the Federal Circuit Bar Association jointly ran the three-day event.
The model order proposes several limits on the production of electronically stored information. These are laid out in the following provisions:
• Metadata is excluded from e-discovery production requests without "a showing of good cause."
• E-mail production requests must be for specific issues "not general discovery of a product or business."
• E-mail production requests should be delayed until after disclosures about the patents, the accused uses of the invention, relevant financial information and the prior art — published information about the subject matter of the claimed invention, including issued patents.
To Continue Reading: Click Here
--------------------------------------
Source: law.com
By: Sheri Qualters
Managing Information Risk and Archiving Social Media
Imagine a simple scenario. Jane Doe, a disgruntled employee at a multi-billion dollar mineral spring water company (A), sends out the following tweet from her work station and the marketing department’s Twitter account, which she is authorized to use.
“Senior Management here at (A) is telling industry analysts that Company (B)’s bottles are filled with tap water.
The statement is false. Five minutes later, Jane Doe deletes the tweet. No one in in Company (A) knows about the incident – yet. In the interim, however, her single tweet has been re-tweeted over 10,000 times, including to financial analysts on Wall Street, most major newspapers around the world, and the television media. The story is breaking.
Social Media Icons
An ambitious reporter calls Company (A) and asks whether the CEO will confirm or deny the veracity of the tweet. A board meeting is interrupted, the facts are presented, and neither the CEO nor the General Counsel has the first clue what’s going on. What tweet? Who sent it? From which account? Was it deleted? What did it say? Can we confirm the exact text from the retweets? Do we have an archive of the tweet? The General Counsel’s mind spins, but he is already is sure of one thing: there’s no archived record of the incident.
Does this sound unreasonable? It isn’t.
Social media has changed the face of business. Whether in product marketing, consumer branding, customer relations, and/or human resources, the benefits of corporate social media are beyond dispute. Yet mounting evidence shows that the risks are, too. Last week, Symantec released the results of an independent survey of 2,000 global enterprises across a variety of industries with a minimum of 1,000 employees. (Symantec confirmed that “[t]he respondents do not represent any kind of grouping of former or current Symantec customers.”) The survey results speak to the heterogeneous nature of the types of electronically stored information (“ESI”) stored during legal proceedings. See Evan Koblentz, Symantec: Files, Databases Overtake Email in E-Discovery, Law Technology News (Sept. 19, 2011). As part of the survey, respondents were asked the following question:
To Continue Reading: Click Here
--------------------------------------
Source: forbes.com
By: Ben Kerschberg
“Senior Management here at (A) is telling industry analysts that Company (B)’s bottles are filled with tap water.
The statement is false. Five minutes later, Jane Doe deletes the tweet. No one in in Company (A) knows about the incident – yet. In the interim, however, her single tweet has been re-tweeted over 10,000 times, including to financial analysts on Wall Street, most major newspapers around the world, and the television media. The story is breaking.
Social Media Icons
An ambitious reporter calls Company (A) and asks whether the CEO will confirm or deny the veracity of the tweet. A board meeting is interrupted, the facts are presented, and neither the CEO nor the General Counsel has the first clue what’s going on. What tweet? Who sent it? From which account? Was it deleted? What did it say? Can we confirm the exact text from the retweets? Do we have an archive of the tweet? The General Counsel’s mind spins, but he is already is sure of one thing: there’s no archived record of the incident.
Does this sound unreasonable? It isn’t.
Social media has changed the face of business. Whether in product marketing, consumer branding, customer relations, and/or human resources, the benefits of corporate social media are beyond dispute. Yet mounting evidence shows that the risks are, too. Last week, Symantec released the results of an independent survey of 2,000 global enterprises across a variety of industries with a minimum of 1,000 employees. (Symantec confirmed that “[t]he respondents do not represent any kind of grouping of former or current Symantec customers.”) The survey results speak to the heterogeneous nature of the types of electronically stored information (“ESI”) stored during legal proceedings. See Evan Koblentz, Symantec: Files, Databases Overtake Email in E-Discovery, Law Technology News (Sept. 19, 2011). As part of the survey, respondents were asked the following question:
To Continue Reading: Click Here
--------------------------------------
Source: forbes.com
By: Ben Kerschberg
Text Messages Are Inadmissible, Pa. Court Says
Unauthenticated text messages may not be admitted as evidence in trial, the Pennsylvania Superior Court has ruled, adding to the state's body of case law regarding the evidentiary boundaries of electronic communications.
In granting a new trial to defendant Amy N. Koch, a unanimous three-judge panel found there was no evidence showing Koch wrote the drug-related text messages police found on her phone. The court also decided the texts constituted inadmissible hearsay.
One former prosecutor predicted the decision would be "fertile" ground for future arguments over the admissability of electronic communications.
"Glaringly absent" in the case of first impression was evidence -- be it testimony or clues from the texts identifying Koch as the author -- that Koch wrote the messages, the panel found. Koch admitted to owning the phone, which police seized during a 2009 drug search of her home, but successfully argued the state lacked evidence tying her to the texts. A detective admitted that some of the messages found on the cell phone referred to Koch in the third person and "were clearly not written by her," according a 20-page opinion filed this month.
But the district attorney of Cumberland County, Pa., said the texts should have been viewed as a factor in the state's "totality of circumstances" argument and likened the messages to an "owe sheet" police look for in drug busts.
To Continue Reading: Click Here
--------------------------------------
Source: law.com
By: Ben Present
In granting a new trial to defendant Amy N. Koch, a unanimous three-judge panel found there was no evidence showing Koch wrote the drug-related text messages police found on her phone. The court also decided the texts constituted inadmissible hearsay.
One former prosecutor predicted the decision would be "fertile" ground for future arguments over the admissability of electronic communications.
"Glaringly absent" in the case of first impression was evidence -- be it testimony or clues from the texts identifying Koch as the author -- that Koch wrote the messages, the panel found. Koch admitted to owning the phone, which police seized during a 2009 drug search of her home, but successfully argued the state lacked evidence tying her to the texts. A detective admitted that some of the messages found on the cell phone referred to Koch in the third person and "were clearly not written by her," according a 20-page opinion filed this month.
But the district attorney of Cumberland County, Pa., said the texts should have been viewed as a factor in the state's "totality of circumstances" argument and likened the messages to an "owe sheet" police look for in drug busts.
To Continue Reading: Click Here
--------------------------------------
Source: law.com
By: Ben Present
Tuesday, September 27, 2011
Cloud Helping Enterprise Defy Data Growth
Enterprise segments like the public sector, banking and telecom are likely to increase their cloud intake in the coming months
In today’s fast paced data intensive world, increasingly enough, global enterprise customers struggling with continued data growth are looking up towards cloud-based applications to fight with the cost and administrative burden of maintaining their on-premises IT infrastructure.
In a scenario like this, growing proceedings and compliance demands have compounded data retention and retrieval problems, leading to new cloud-based archiving options that better manages costs while transferring risk and complexity. Today’s enterprise world is looking at Cloud-based archives that offers cost savings, ease of use, and scalability of the cloud coupled with best-of-breed security from a trusted provider for defensibly handling high-risk enterprise data.
Email Retention
Experts in the industry feel that big and small organizations are experiencing at least 20% annual email capacity growth. This becomes a big problem if we keep in mind the exponential growth of email archival on a yearly basis.
To Continue Reading: Click Here
--------------------------------------
Source: itvarnews.net
In today’s fast paced data intensive world, increasingly enough, global enterprise customers struggling with continued data growth are looking up towards cloud-based applications to fight with the cost and administrative burden of maintaining their on-premises IT infrastructure.
In a scenario like this, growing proceedings and compliance demands have compounded data retention and retrieval problems, leading to new cloud-based archiving options that better manages costs while transferring risk and complexity. Today’s enterprise world is looking at Cloud-based archives that offers cost savings, ease of use, and scalability of the cloud coupled with best-of-breed security from a trusted provider for defensibly handling high-risk enterprise data.
Email Retention
Experts in the industry feel that big and small organizations are experiencing at least 20% annual email capacity growth. This becomes a big problem if we keep in mind the exponential growth of email archival on a yearly basis.
To Continue Reading: Click Here
--------------------------------------
Source: itvarnews.net
Could You Survive a Social Media Background Check?
As of September 2011, the U.S. Bureau of Labor Statistics reported that 14 million people are unemployed. At this rate, an employer can easily receive hundreds of responses to a single job posting. While a large applicant pool certainly gives the employer a wide variety of choices, it also makes background checks an important tool to be able to choose the most qualified candidate.
Most job applicants are familiar with being asked to sign a waiver so that the prospective employer can run a credit report, which includes information about an employee's credit-payment history and other credit habits from which the employer might draw conclusions about the applicant. A criminal background check, particularly for jobs where an employee will work with children, the elderly, or people with disabilities, is also routine.
While the latest background screening tool -- the social media background check -- is considered new, it has actually been in use for quite some time. Almost all employers have been doing some sort of informal background checking on their own and they rely on this information for recruitment purposes. This means that prior to an applicant being called for an interview, chances are that someone has performed a "Google" search on the applicant on behalf of the employer, looking for Facebook, MySpace, Twitter, and LinkedIn pages, as well as blogs and other accounts. No law officially prohibits employers from searching social networking sites while conducting their own background checks of job applicants.
To Continue Reading: Click Here
--------------------------------------
Source: law.com
By: Vivian Luckiewicz
Most job applicants are familiar with being asked to sign a waiver so that the prospective employer can run a credit report, which includes information about an employee's credit-payment history and other credit habits from which the employer might draw conclusions about the applicant. A criminal background check, particularly for jobs where an employee will work with children, the elderly, or people with disabilities, is also routine.
While the latest background screening tool -- the social media background check -- is considered new, it has actually been in use for quite some time. Almost all employers have been doing some sort of informal background checking on their own and they rely on this information for recruitment purposes. This means that prior to an applicant being called for an interview, chances are that someone has performed a "Google" search on the applicant on behalf of the employer, looking for Facebook, MySpace, Twitter, and LinkedIn pages, as well as blogs and other accounts. No law officially prohibits employers from searching social networking sites while conducting their own background checks of job applicants.
To Continue Reading: Click Here
--------------------------------------
Source: law.com
By: Vivian Luckiewicz
Managing risk in the cloud
Mike Small, a member of the London Chapter ISACA Security Advisory Group, BCS Fellow and a senior analyst at KuppingerCole, on managing risk in the cloud
The key benefit of adopting a cloud approach is one of scale - the cloud provider can potentially offer a better service at a lower cost because the scale of its operation means it can afford the skilled people and state-of-the-art technology necessary to deliver a secure service.
In general, a large cloud provider is likely to provide a better and more secure IT service at a lower cost than a small to medium-sized enterprise can provide itself.
While the public cloud offers applications shared by multiple customers, the private cloud provides applications and infrastructure that are dedicated to a particular organisation. It allows organisations to outsource the management of their IT infrastructure while retaining tighter control over the location and management of the resources.
But the price to pay for this is that the costs are likely to be higher than for a public cloud because there is less potential for economies of scale, and resilience may be lower because of the limit on service resources available.
Adopting cloud computing may, then, save money, but how does it affect risk?
The information security risk associated with cloud computing depends on both the service and delivery models adopted, while the specific risks depend on the organisation and its individual requirements. The common security concerns include ensuring the confidentiality, integrity and availability of the services and data delivered.
To Continue Reading: Click Here
--------------------------------------
Source: cbronline.com
The key benefit of adopting a cloud approach is one of scale - the cloud provider can potentially offer a better service at a lower cost because the scale of its operation means it can afford the skilled people and state-of-the-art technology necessary to deliver a secure service.
In general, a large cloud provider is likely to provide a better and more secure IT service at a lower cost than a small to medium-sized enterprise can provide itself.
While the public cloud offers applications shared by multiple customers, the private cloud provides applications and infrastructure that are dedicated to a particular organisation. It allows organisations to outsource the management of their IT infrastructure while retaining tighter control over the location and management of the resources.
But the price to pay for this is that the costs are likely to be higher than for a public cloud because there is less potential for economies of scale, and resilience may be lower because of the limit on service resources available.
Adopting cloud computing may, then, save money, but how does it affect risk?
The information security risk associated with cloud computing depends on both the service and delivery models adopted, while the specific risks depend on the organisation and its individual requirements. The common security concerns include ensuring the confidentiality, integrity and availability of the services and data delivered.
To Continue Reading: Click Here
--------------------------------------
Source: cbronline.com
Monday, September 26, 2011
Lawyers warned about negligence in e-discovery
In the high-tech world of electronic discovery, lawyers need to take old-world steps to avoid negligence claims, say lawyers who practise in the area.
Susan Wortzman has seen lawyers negligently collect too few or too many records.
A panel of lawyers tackled e-discovery negligence at a conference on Sept. 19 organized by Sedona Canada and sponsored by the Law Society of Upper Canada, the Ontario Bar Association, and The Advocates’ Society.
Susan Wortzman, co-founder of e-discovery law firm Wortzman Nickle Professional Corp., noted she has seen lawyers negligently collect too few or too many records, both of which can be fatal to a case. “If you over-collect, the problem you will face is that you are left with so much data.
You can use all the fancy tools you want to cull it but if you collect a million records and you’re successful in culling 75 per cent of it, you still have 250,000 records to review, and that is a lot of records.
Now you need lawyers to sit for days, months, and maybe years, and the costs are going to become exorbitant.”
Glenn Smith, a founding partner at Lenczner Slaght Royce Smith Griffin LLP, said there’s a risk of negligence right at the inception of a file if lawyers fail to exert the type of supervision that seems routine in other areas of practice.
“If you allow a client to self-collect the evidence, you may already have a negligence problem. It’s like having the client go through the filing cabinet without you there. You wouldn’t do that in hard copy but you somehow allow it to happen today.”
To Continue Reading: Click Here
--------------------------------------
Source: lawtimesnews.com
By: Michael McKiernan
Susan Wortzman has seen lawyers negligently collect too few or too many records.
A panel of lawyers tackled e-discovery negligence at a conference on Sept. 19 organized by Sedona Canada and sponsored by the Law Society of Upper Canada, the Ontario Bar Association, and The Advocates’ Society.
Susan Wortzman, co-founder of e-discovery law firm Wortzman Nickle Professional Corp., noted she has seen lawyers negligently collect too few or too many records, both of which can be fatal to a case. “If you over-collect, the problem you will face is that you are left with so much data.
You can use all the fancy tools you want to cull it but if you collect a million records and you’re successful in culling 75 per cent of it, you still have 250,000 records to review, and that is a lot of records.
Now you need lawyers to sit for days, months, and maybe years, and the costs are going to become exorbitant.”
Glenn Smith, a founding partner at Lenczner Slaght Royce Smith Griffin LLP, said there’s a risk of negligence right at the inception of a file if lawyers fail to exert the type of supervision that seems routine in other areas of practice.
“If you allow a client to self-collect the evidence, you may already have a negligence problem. It’s like having the client go through the filing cabinet without you there. You wouldn’t do that in hard copy but you somehow allow it to happen today.”
To Continue Reading: Click Here
--------------------------------------
Source: lawtimesnews.com
By: Michael McKiernan
Ontario judge slams ‘Dark Ages’ court system
An Ontario Superior Court judge made some interesting remarks on the proportionality rule, lawyers’ fees, and the courts’ stone-age approach to technology last week.
Ruling in Harris v. Leikin Group, Justice David Brown considered the cost motion of one of the defendants, First Capital Realty Inc., following its successful bid for summary judgment. The case centred on a bid process for College Square in Ottawa. The plaintiffs alleged the bid process was a sham and took several parties, including First Capital, to court.
Brown ruled there was no basis for the claim against First Capital, which sought $437,000 in costs, including $333,000 in fees and $62,000 in disbursements. The plaintiffs responded with several criticisms:
1. First Capital wasn’t entitled to costs for participating in four unsuccessful summary judgment motions by the other defendants.
2. The hourly rates claimed by First Capital’s lawyers were too high.
3. Counsel for First Capital spent too much time on certain steps.
4. First Capital’s costs would violate the principle of proportionality because they’d amount to more than 50 per cent of the substantial indemnity costs of $709,000 incurred by the plaintiffs in defending all five summary judgment motions.
But perhaps the most interesting aspect of Brown’s decision is his analysis of First Capital’s claim for $30,000 in disbursements for electronic document production and database management.
While the plaintiffs didn’t oppose recovery, Brown carefully considered the fees in light of the court’s direction that lawyers follow the Sedona Canada principles for e-discovery. He accepted them but then engaged in a fairly harsh diatribe about the court’s seemingly hypocritical stance in ordering parties to use the Sedona principles in relation to e-discovery when they themselves can’t accept electronic documents.
To Continue Reading: Click Here
--------------------------------------
Source: canadianlawyermag.com
By: Glen Kauth
Ruling in Harris v. Leikin Group, Justice David Brown considered the cost motion of one of the defendants, First Capital Realty Inc., following its successful bid for summary judgment. The case centred on a bid process for College Square in Ottawa. The plaintiffs alleged the bid process was a sham and took several parties, including First Capital, to court.
Brown ruled there was no basis for the claim against First Capital, which sought $437,000 in costs, including $333,000 in fees and $62,000 in disbursements. The plaintiffs responded with several criticisms:
1. First Capital wasn’t entitled to costs for participating in four unsuccessful summary judgment motions by the other defendants.
2. The hourly rates claimed by First Capital’s lawyers were too high.
3. Counsel for First Capital spent too much time on certain steps.
4. First Capital’s costs would violate the principle of proportionality because they’d amount to more than 50 per cent of the substantial indemnity costs of $709,000 incurred by the plaintiffs in defending all five summary judgment motions.
But perhaps the most interesting aspect of Brown’s decision is his analysis of First Capital’s claim for $30,000 in disbursements for electronic document production and database management.
While the plaintiffs didn’t oppose recovery, Brown carefully considered the fees in light of the court’s direction that lawyers follow the Sedona Canada principles for e-discovery. He accepted them but then engaged in a fairly harsh diatribe about the court’s seemingly hypocritical stance in ordering parties to use the Sedona principles in relation to e-discovery when they themselves can’t accept electronic documents.
To Continue Reading: Click Here
--------------------------------------
Source: canadianlawyermag.com
By: Glen Kauth
Sunday, September 25, 2011
What's a Company's Biggest Security Risk? You
Employees don't mean to be the primary entry point for hackers. But they are.
We are the weakest link.
Hacking attacks against companies are growing bigger and bolder—witness a string of high-profile breaches this year at Sony Corp., Citigroup Inc. and others. But gone are the days when hackers would simply find holes in corporate networks to steal valuable data. Large companies have grown wise to the threat of hacking, and have spent the past 30 years hardening the perimeters of their networks with upgraded technology.
"The security gap is end users," says Kevin Mandia, chief executive of security firm Mandiant Corp. The majority of corporate security breaches his firm is currently investigating involve hackers who gained access to company networks by exploiting well-intentioned employees.
Consider what happened in March at EMC Corp.'s RSA security unit, the maker of computer login devices used by thousands of other companies. A hacker sent emails to two small groups of employees that looked innocent enough, including a spreadsheet titled "2011 Recruitment plan." The message was so convincing that one employee retrieved it from the "junk mail" folder and then opened the attachment. Doing so introduced a virus inside RSA's network that eventually gave the hacker access to sensitive company data and enabled later attacks against RSA's customers.
Employees have more opportunities than ever to compromise company information. We not only screw up by clicking on emails from hackers that download viruses, letting them bypass corporate firewalls. We also open a Pandora's Box of security problems by circumventing company tech-support rules and doing work with personal gadgets and consumer-grade online services like Web email and cloud storage services.
Closing these holes is proving very difficult, security experts say. But companies keep fighting. To stop potentially dangerous employee habits, they're testing new tools to keep track of what's happening on their networks and rolling out employee education programs.
To Continue Reading: Click Here
--------------------------------------
Source: The Wall Street Journal
By: Geoffrey A. Fowler
We are the weakest link.
Hacking attacks against companies are growing bigger and bolder—witness a string of high-profile breaches this year at Sony Corp., Citigroup Inc. and others. But gone are the days when hackers would simply find holes in corporate networks to steal valuable data. Large companies have grown wise to the threat of hacking, and have spent the past 30 years hardening the perimeters of their networks with upgraded technology.
"The security gap is end users," says Kevin Mandia, chief executive of security firm Mandiant Corp. The majority of corporate security breaches his firm is currently investigating involve hackers who gained access to company networks by exploiting well-intentioned employees.
Consider what happened in March at EMC Corp.'s RSA security unit, the maker of computer login devices used by thousands of other companies. A hacker sent emails to two small groups of employees that looked innocent enough, including a spreadsheet titled "2011 Recruitment plan." The message was so convincing that one employee retrieved it from the "junk mail" folder and then opened the attachment. Doing so introduced a virus inside RSA's network that eventually gave the hacker access to sensitive company data and enabled later attacks against RSA's customers.
Employees have more opportunities than ever to compromise company information. We not only screw up by clicking on emails from hackers that download viruses, letting them bypass corporate firewalls. We also open a Pandora's Box of security problems by circumventing company tech-support rules and doing work with personal gadgets and consumer-grade online services like Web email and cloud storage services.
Closing these holes is proving very difficult, security experts say. But companies keep fighting. To stop potentially dangerous employee habits, they're testing new tools to keep track of what's happening on their networks and rolling out employee education programs.
To Continue Reading: Click Here
--------------------------------------
Source: The Wall Street Journal
By: Geoffrey A. Fowler
Apple Joins Push for Clearer Laws on Phone Searches
Apple joined the push for an update to laws governing the search of mobile devices, in an effort to modernize rules for the digital age.
The Cupertino, Calif.-based company and cloud-based storage provider Dropbox teamed up with other technology firms like Comcast and eBay, and groups like the American Civil Liberties Union and the Electronic Frontier Foundation, pushing for the update of the nation's Electronic Communications Privacy Act.
The Digital Due Process coalition isn't focused on repealing the 1986 law, which doesn't take many modern internet uses and capabilities into consideration and hasn't been significantly revised since its implementation. The group rather wants to include elements like e-mail, messaging, cloud computing, social media, search and location tracking, to name a few, in the law.
The coalition seeks a clearer approach to the law as it applies to modern technology innovations. Many of these electronic advances became widespread after the law was enacted, leading lower courts to determine a patchwork of rulings on their use.
For example, e-mail, messaging, cell phones and location tracking may be subject to warrant or may require a lesser order to be searched by law enforcement. Reviewing a person's computer search mechanism is also not covered in any form, prompting the DPP to push for clear provisions to better govern these functions.
To Continue Reading: Click Here
--------------------------------------
Source: mobiledia.com
By: Margaret Rock
The Cupertino, Calif.-based company and cloud-based storage provider Dropbox teamed up with other technology firms like Comcast and eBay, and groups like the American Civil Liberties Union and the Electronic Frontier Foundation, pushing for the update of the nation's Electronic Communications Privacy Act.
The Digital Due Process coalition isn't focused on repealing the 1986 law, which doesn't take many modern internet uses and capabilities into consideration and hasn't been significantly revised since its implementation. The group rather wants to include elements like e-mail, messaging, cloud computing, social media, search and location tracking, to name a few, in the law.
The coalition seeks a clearer approach to the law as it applies to modern technology innovations. Many of these electronic advances became widespread after the law was enacted, leading lower courts to determine a patchwork of rulings on their use.
For example, e-mail, messaging, cell phones and location tracking may be subject to warrant or may require a lesser order to be searched by law enforcement. Reviewing a person's computer search mechanism is also not covered in any form, prompting the DPP to push for clear provisions to better govern these functions.
To Continue Reading: Click Here
--------------------------------------
Source: mobiledia.com
By: Margaret Rock
Health Care Organizations Underprepared to Secure Patient Data: PwC
A new report by PwC calls on health care organizations to adopt the security technology now being developed to avoid data breaches.
Consulting firm PwC's Health Research Institute has come out with a report revealing that health organizations are underprepared to secure patient medical information.
The report, "Old Data Learns New Tricks: Managing Patient Privacy and Security on a New Data-Sharing Playground," shows that despite advances in electronic health records (EHRs) software and security technology, health care organizations have yet to adopt privacy measures on a large scale.
For the survey, PwC interviewed 600 executives from hospitals, physician practices, health insurers and pharmaceutical and life science companies.
Only 58 percent of providers and 41 percent of health insurers train employees on privacy measures for EHRs, PwC reports.
Health care companies are underprepared because they've underinvested in IT and focused on legal and regulatory compliance under HIPAA instead, according to James Koenig, director and co-leader of the health information privacy and security practice at PwC.
"Now that there are law changes [and] IT changes to stimulate electronic health records, now's the time for these organizations to address and to mature their environment," Koenig told eWEEK.
To Continue Reading: Click Here
--------------------------------------
Source: eweek.com
By: Brian T. Horowitz
Consulting firm PwC's Health Research Institute has come out with a report revealing that health organizations are underprepared to secure patient medical information.
The report, "Old Data Learns New Tricks: Managing Patient Privacy and Security on a New Data-Sharing Playground," shows that despite advances in electronic health records (EHRs) software and security technology, health care organizations have yet to adopt privacy measures on a large scale.
For the survey, PwC interviewed 600 executives from hospitals, physician practices, health insurers and pharmaceutical and life science companies.
Only 58 percent of providers and 41 percent of health insurers train employees on privacy measures for EHRs, PwC reports.
Health care companies are underprepared because they've underinvested in IT and focused on legal and regulatory compliance under HIPAA instead, according to James Koenig, director and co-leader of the health information privacy and security practice at PwC.
"Now that there are law changes [and] IT changes to stimulate electronic health records, now's the time for these organizations to address and to mature their environment," Koenig told eWEEK.
To Continue Reading: Click Here
--------------------------------------
Source: eweek.com
By: Brian T. Horowitz
Friday, September 23, 2011
Examining the Limits of Online Storage Provider Liability
Over the past year Amazon, Google, and Apple have all launched "cloud" music services of one kind or another. From the press, one could be forgiven for thinking that cloud storage is the hot new thing; but while it is certainly hot, it is not especially new. Generally speaking, "cloud" storage simply refers to data storage that is accessible over a wide area network (usually the internet).
Typically, the term is used to refer to storage space sold as a service by third parties who own, manage, and control the servers to users who need a place to store their data. The owner of the servers leases out space at a certain price per gigabyte, often with some free space up front, and the user can store whatever he or she wants there. The model has been around for a many years, but it is becoming more and more popular as fast internet connections become ubiquitous and devices shed storage capacity and processing power to become cheaper and more mobile.
Cloud storage has numerous advantages over local storage -- it ensures that all devices are accessing the same data, it largely eliminates backup and data loss issues, and it makes data available wherever there is a sufficiently fast internet connection. It may also be the only solution for some applications: Extensive collections of media may be too large to fit on the limited storage available on mobile devices or tablet computers. If, for example, a lawyer wants to have access to an entire document production on her iPad, the production can be stored "in the cloud" (on a service such as DropBox) and accessed wherever there is a wireless signal, even if the production is far too large to store locally on the device.
A more mainstream example -- and the one driving much of the current rush to adopt these services -- is music. Music files are large enough to require substantial storage space, small enough to stream over relatively low bandwidth (such as a 3G wireless connection) and desirable to have available on mobile devices. The enormous music libraries many users have amassed (through legal means or otherwise) are far too large to store on current mobile devices, so cloud storage is a perfect solution and many familiar names have rushed to fill the space.
To Continue Reading: Click Here
--------------------------------------
Source: Law Technology News
By: Stephen M. Kramarsky
Typically, the term is used to refer to storage space sold as a service by third parties who own, manage, and control the servers to users who need a place to store their data. The owner of the servers leases out space at a certain price per gigabyte, often with some free space up front, and the user can store whatever he or she wants there. The model has been around for a many years, but it is becoming more and more popular as fast internet connections become ubiquitous and devices shed storage capacity and processing power to become cheaper and more mobile.
Cloud storage has numerous advantages over local storage -- it ensures that all devices are accessing the same data, it largely eliminates backup and data loss issues, and it makes data available wherever there is a sufficiently fast internet connection. It may also be the only solution for some applications: Extensive collections of media may be too large to fit on the limited storage available on mobile devices or tablet computers. If, for example, a lawyer wants to have access to an entire document production on her iPad, the production can be stored "in the cloud" (on a service such as DropBox) and accessed wherever there is a wireless signal, even if the production is far too large to store locally on the device.
A more mainstream example -- and the one driving much of the current rush to adopt these services -- is music. Music files are large enough to require substantial storage space, small enough to stream over relatively low bandwidth (such as a 3G wireless connection) and desirable to have available on mobile devices. The enormous music libraries many users have amassed (through legal means or otherwise) are far too large to store on current mobile devices, so cloud storage is a perfect solution and many familiar names have rushed to fill the space.
To Continue Reading: Click Here
--------------------------------------
Source: Law Technology News
By: Stephen M. Kramarsky
Thursday, September 22, 2011
From the Experts: Read the Fine Print Before You Tweet
Google+ Adds to Challenges in Corporate Liability
It's no secret that the heavyweights of the social media realm—Facebook, Twitter, and LinkedIn—are gaining more digital body mass daily with their exponential growth of new users. And while no one would ever call Google a lightweight, in the social media realm Google was sorely lacking. . . until now. With the rollout of Google+, the internet-search giant has lobbed a swift uppercut to the standing champions: in a little under a month, the site reached over 25 million users sharing over one billion items a day, all "by invitation only."
Google+ got off on the right foot by using effectively its most precious resource: user data. By taking advantage of user profiles through Gmail, Google Docs, Chrome, Picassa, Blogger, YouTube, and other Google products, it aggregated user profiles, preferences, videos, photos, and friends, all under one roof.
Initially, social media platforms were used for personal purposes, such as sharing photos and announcing life events, with a limited network of friends or schoolmates. As the platforms' technology improved and their popularity increased, so did their purpose, with individuals incorporating work associates as "friends" or "followers"—and companies capitalizing on the promise of new marketing opportunities.
With the boundaries between the personal and professional realms now blurred, the question of "personal privacy" vs. "company policy" is inevitably encountered. And with the arrival of Google+, those boundaries promise to become all the more hazy, which translates to a specific and pressing business need for executives to be keenly aware of—and proactive about—the risks social media present. Although significant legal precedents are currently lacking (most related cases are settled out of court), it is only a matter of time before social media data will be the primary focus—if not the cause—of corporate legal disputes. When this occurs, corporate leadership and general counsel will be obliged to offer up any or all corporate social media data at the behest of a plaintiff or defendant, not to mention possibly that of employees as well. And the monetary cost and reputational damage potentially inflicted by the ever-growing mountain of searchable, discoverable data is staggering.
To Continue Reading: Click Here
--------------------------------------
Source: Corporate Counsel
By: Josh Kubicki
It's no secret that the heavyweights of the social media realm—Facebook, Twitter, and LinkedIn—are gaining more digital body mass daily with their exponential growth of new users. And while no one would ever call Google a lightweight, in the social media realm Google was sorely lacking. . . until now. With the rollout of Google+, the internet-search giant has lobbed a swift uppercut to the standing champions: in a little under a month, the site reached over 25 million users sharing over one billion items a day, all "by invitation only."
Google+ got off on the right foot by using effectively its most precious resource: user data. By taking advantage of user profiles through Gmail, Google Docs, Chrome, Picassa, Blogger, YouTube, and other Google products, it aggregated user profiles, preferences, videos, photos, and friends, all under one roof.
Initially, social media platforms were used for personal purposes, such as sharing photos and announcing life events, with a limited network of friends or schoolmates. As the platforms' technology improved and their popularity increased, so did their purpose, with individuals incorporating work associates as "friends" or "followers"—and companies capitalizing on the promise of new marketing opportunities.
With the boundaries between the personal and professional realms now blurred, the question of "personal privacy" vs. "company policy" is inevitably encountered. And with the arrival of Google+, those boundaries promise to become all the more hazy, which translates to a specific and pressing business need for executives to be keenly aware of—and proactive about—the risks social media present. Although significant legal precedents are currently lacking (most related cases are settled out of court), it is only a matter of time before social media data will be the primary focus—if not the cause—of corporate legal disputes. When this occurs, corporate leadership and general counsel will be obliged to offer up any or all corporate social media data at the behest of a plaintiff or defendant, not to mention possibly that of employees as well. And the monetary cost and reputational damage potentially inflicted by the ever-growing mountain of searchable, discoverable data is staggering.
To Continue Reading: Click Here
--------------------------------------
Source: Corporate Counsel
By: Josh Kubicki
Facebook to 'automate' data requests, campaigners say
The Austrian-based organisation Europe v Facebook said on Thursday that Facebook was working on an automated system in response to a campaign, in which the group had urged people to request the personal data it holds on them.
Europe v Facebook says the current system, in which users can wait up to 30 days to get the data, contravenes European privacy law. It is possible for users to download most of their own data from the site, but that only covers the information that they themselves have uploaded. It does not include information that other people have put up, which Facebook has linked to the user in question.
"A Facebook representative has now told the group that, after receiving a massive amount of access requests following the campaign of Europe v Facebook in German-speaking countries, Facebook is now working on a system to automatically process access requests," the campaigners said in a statement.
In an email seen by ZDNet UK, the Facebook representative told Europe v Facebook that the company is sorting through the various legal and technical issues that surround setting up a scalable data request fulfilment system.
The campaign group noted that it is unclear if the new system will satisfy its demands, as the nature of the system is itself not yet apparent, nor is a timescale for its release. It is also unclear how many data requests have been made in response to Europe v Facebook's urging, although the organisation says the page explaining how to make such requests has received 47,818 hits.
To Continue Reading: Click Here
--------------------------------------
Source: zdnet.co.uk
By: David Meyer
Europe v Facebook says the current system, in which users can wait up to 30 days to get the data, contravenes European privacy law. It is possible for users to download most of their own data from the site, but that only covers the information that they themselves have uploaded. It does not include information that other people have put up, which Facebook has linked to the user in question.
"A Facebook representative has now told the group that, after receiving a massive amount of access requests following the campaign of Europe v Facebook in German-speaking countries, Facebook is now working on a system to automatically process access requests," the campaigners said in a statement.
In an email seen by ZDNet UK, the Facebook representative told Europe v Facebook that the company is sorting through the various legal and technical issues that surround setting up a scalable data request fulfilment system.
The campaign group noted that it is unclear if the new system will satisfy its demands, as the nature of the system is itself not yet apparent, nor is a timescale for its release. It is also unclear how many data requests have been made in response to Europe v Facebook's urging, although the organisation says the page explaining how to make such requests has received 47,818 hits.
To Continue Reading: Click Here
--------------------------------------
Source: zdnet.co.uk
By: David Meyer
Court Orders Government to Reproduce ESI, Discusses Need for Criminal Rules Addressing Electronic Discovery
United States v. Briggs, No. 10CR184S, 2011 WL 4017886 (W.D.N.Y. Sept. 8, 2011)
Defendants were charged with several counts related to the distribution of cocaine. In its disclosures, the Government produced thousands of pages of documents as well as audio recordings, none of which were text searchable. Defendants sought reproduction. Noting the lack of relevant criminal rules and discussing the requirements of Fed. R. Civ. P. 34, the court relied upon its inherent authority to order reproduction in native format or in a PDF format “suitable for searching.”
In its voluntary discovery, the Government produced disks “containing thousands of pages of documents” as well as audio recordings. Although the information was allegedly produced using a program “routinely used in cases such as this” (i.e. multi-defendant cases “employing investigative techniques, such as court-authorized recordings of intercepted communications”), it could not be sorted or searched and lacked certain data. Accordingly, defendants sought reproduction. The Government resisted, arguing, among other things, that the cost of reproduction was prohibitive and that it lacked the necessary computer storage space to reproduce the data in PDF format. The Government further alleged that it had produced the particular data requested by defendants (although not in the form sought) and that given defendants’ heavy burden in asserting certain theories to which the data allegedly was relevant, the Government should not bear the burden of reproduction “to suit the defendants.”
Taking up the issue, the court acknowledged the absence of a standard for electronic production in criminal cases and established its own authority to grant appropriate relief in discovery, including ordering the manner of production. The court then turned to a discussion of other criminal cases in which the issue was addressed, including United States v. Warshak, 631 F.3d 266 (6th Cir. 2010) (finding the district court did not abuse its discretion in failing to require reproduction in a different format) and United States v. O’Keefe, 537 F. Supp. 2d 14 (D.D.C. 2008) (applying Fed. R. Civ. P. 34 to an extensive document production).
To Continue Reading: Click Here
--------------------------------------
Source: ediscoverylaw.com
Defendants were charged with several counts related to the distribution of cocaine. In its disclosures, the Government produced thousands of pages of documents as well as audio recordings, none of which were text searchable. Defendants sought reproduction. Noting the lack of relevant criminal rules and discussing the requirements of Fed. R. Civ. P. 34, the court relied upon its inherent authority to order reproduction in native format or in a PDF format “suitable for searching.”
In its voluntary discovery, the Government produced disks “containing thousands of pages of documents” as well as audio recordings. Although the information was allegedly produced using a program “routinely used in cases such as this” (i.e. multi-defendant cases “employing investigative techniques, such as court-authorized recordings of intercepted communications”), it could not be sorted or searched and lacked certain data. Accordingly, defendants sought reproduction. The Government resisted, arguing, among other things, that the cost of reproduction was prohibitive and that it lacked the necessary computer storage space to reproduce the data in PDF format. The Government further alleged that it had produced the particular data requested by defendants (although not in the form sought) and that given defendants’ heavy burden in asserting certain theories to which the data allegedly was relevant, the Government should not bear the burden of reproduction “to suit the defendants.”
Taking up the issue, the court acknowledged the absence of a standard for electronic production in criminal cases and established its own authority to grant appropriate relief in discovery, including ordering the manner of production. The court then turned to a discussion of other criminal cases in which the issue was addressed, including United States v. Warshak, 631 F.3d 266 (6th Cir. 2010) (finding the district court did not abuse its discretion in failing to require reproduction in a different format) and United States v. O’Keefe, 537 F. Supp. 2d 14 (D.D.C. 2008) (applying Fed. R. Civ. P. 34 to an extensive document production).
To Continue Reading: Click Here
--------------------------------------
Source: ediscoverylaw.com
Security Risks of Online Review
Data breaches are on the rise, with more than 300 identified breaches this year, according to the Privacy Rights Clearinghouse. The breaches are evenly split between hackers and malware, experts say; 90 percent are targeted at databases that may contain caches of valuable data, reports USA Today's Technology Live. The good news: Most breaches could have been avoided with good security practices.
But these breaches raise issues for electronic data discovery, particularly for practitioners who use web-based ("cloud") review services. Care must be taken when evaluating and choosing vendors to be sure data is protected throughout the EDD process. When sensitive intellectual property leaves the firewall of an organization, corporate legal has both an ethical and legal obligation to zealously protect client confidences and secrets. This can be a daunting task -- security risk points include the cloud storage server, review workstations, the pipeline between the review workstation, and the servers -- and access control and security credentials of employees and reviewers.
For starters, thoroughly review the security protocols that are used to determine access rights and the credentials of all personnel who will be exposed to sensitive data. Many recent security incidences involved use of weak or stolen credentials or passwords, so require that systems have limited logon attempts, and that they hide access credentials. Consider also requiring two-factor authentication.
To Continue Reading: Click Here
--------------------------------------
Source: law.com
By: Albert Barsocchini
But these breaches raise issues for electronic data discovery, particularly for practitioners who use web-based ("cloud") review services. Care must be taken when evaluating and choosing vendors to be sure data is protected throughout the EDD process. When sensitive intellectual property leaves the firewall of an organization, corporate legal has both an ethical and legal obligation to zealously protect client confidences and secrets. This can be a daunting task -- security risk points include the cloud storage server, review workstations, the pipeline between the review workstation, and the servers -- and access control and security credentials of employees and reviewers.
For starters, thoroughly review the security protocols that are used to determine access rights and the credentials of all personnel who will be exposed to sensitive data. Many recent security incidences involved use of weak or stolen credentials or passwords, so require that systems have limited logon attempts, and that they hide access credentials. Consider also requiring two-factor authentication.
To Continue Reading: Click Here
--------------------------------------
Source: law.com
By: Albert Barsocchini
Tuesday, September 20, 2011
Who Knows Your Company Best? It's Google
Let’s start with a question. Who knows you best? Your spouse, friend, boss or… Google? Admit it, you know the answer. Google has the ability to capture, store and use all your likes, interests, purchases, comments, documents, emails, photos, personal information and aesthetic preferences. This collection of data is known in the cyber world as your personal data profile. Depending on its contents, your data profile could be very helpful or very damaging.
Data mining companies, for example, often hunt out these personal portraits and provide them to employers who can use that information to decide whether to hire or fire you. We are on the brink of having our personal data profiles affect our ability to make important decisions in our lives (getting a job, buying a car, procuring a loan, etc.).
The Company Data ProfileNow, what if we translated that to an entire company of employees? If you were to compile all of the Google searches, sites visited, emails exchanged, Tweets / DMs / text messages sent, documents written, and phone messages left in a given day, week, month or year at your company, what terms would rank highest? What themes would emerge about the nature and character of your company? You'd see organizational hopes and fears, aspirations and failures, all in one big data grab.
To Continue Reading: Click Here
--------------------------------------
Source: cmswire.com
By: Joshua Kubicki
Data mining companies, for example, often hunt out these personal portraits and provide them to employers who can use that information to decide whether to hire or fire you. We are on the brink of having our personal data profiles affect our ability to make important decisions in our lives (getting a job, buying a car, procuring a loan, etc.).
The Company Data ProfileNow, what if we translated that to an entire company of employees? If you were to compile all of the Google searches, sites visited, emails exchanged, Tweets / DMs / text messages sent, documents written, and phone messages left in a given day, week, month or year at your company, what terms would rank highest? What themes would emerge about the nature and character of your company? You'd see organizational hopes and fears, aspirations and failures, all in one big data grab.
To Continue Reading: Click Here
--------------------------------------
Source: cmswire.com
By: Joshua Kubicki
How Social Media Affects E-Discovery
If you’re not exactly sure what e-discovery is, simply tune in to one of the many CSI shows currently airing; they’re bound to feature the latest form of forensic science, which uses electronic data gathered from computers, cell phones, and other devices as evidence for courtroom trials. In many cases, the process of electronic discovery is carried out by software that searches through the multitude of data to find keywords that could be of use during an investigation and trial. This process is both time and cost effective, which is why it has become so popular. But what is the role that social networking plays in the process of e-discovery? Can it help during a trial, or will it only hinder forward progress? Here’s the 411 on how social networking coincides with e-discovery.
In most cases, social networking provides a gold mine for any lawyer wishing to dig up dirt, so to speak. Nearly everyone seems to be involved in some type of social networking these days, whether they have a page on MySpace or Facebook or a Twitter feed that they post to daily. In addition to offering a public forum for discussions on issues personal, political, and other, social networking sites also tend to foster an atmosphere that is uninhibited. Surprisingly, people will post all kinds of information that can be used in a trial setting as evidence. So in this way, social networking can be a major boon in the e-discovery arena.
To Continue Reading: Click Here
--------------------------------------
Source: business2community.com
By: Sarah Harris
In most cases, social networking provides a gold mine for any lawyer wishing to dig up dirt, so to speak. Nearly everyone seems to be involved in some type of social networking these days, whether they have a page on MySpace or Facebook or a Twitter feed that they post to daily. In addition to offering a public forum for discussions on issues personal, political, and other, social networking sites also tend to foster an atmosphere that is uninhibited. Surprisingly, people will post all kinds of information that can be used in a trial setting as evidence. So in this way, social networking can be a major boon in the e-discovery arena.
To Continue Reading: Click Here
--------------------------------------
Source: business2community.com
By: Sarah Harris
Monday, September 19, 2011
European data concerns cloud outlook for US vendors
The Dutch government may block bids from US cloud vendors under provisions of the Patriot Act
American cloud providers may find themselves unable to sell to the Dutch government due to concerns that the vendors could be compelled to share data with US authorities under the provisions of the Patriot Act, while similar concerns are being raised in the European Parliament.
Ivo Opstelten, the Dutch minister of security and justice, informed the Tweede Kamer (the Dutch lower house) that the government is contemplating excluding American cloud providers from government bids. Dutch government agencies need to protect government information and citizen data from being accessed by the US, and so bids must be able to meet demands that cloud providers do not hand over any information to the US.
"That basically means that companies form the United States are excluded from such government bids and contracts," Opstelten said in the letter.
Excluding US cloud providers is not official policy yet. However, Vincent van Steen, spokesperson for the ministry of the interior, confirmed that the Dutch government is considering a ban on American cloud providers like Microsoft and Google. "The minister is considering this," he said. "This means that it could be a requirement for tenders and the awarding of contracts."
To Continue Reading: Click Here
--------------------------------------
Source: computerworld.uk.com
By: Loek Essers
American cloud providers may find themselves unable to sell to the Dutch government due to concerns that the vendors could be compelled to share data with US authorities under the provisions of the Patriot Act, while similar concerns are being raised in the European Parliament.
Ivo Opstelten, the Dutch minister of security and justice, informed the Tweede Kamer (the Dutch lower house) that the government is contemplating excluding American cloud providers from government bids. Dutch government agencies need to protect government information and citizen data from being accessed by the US, and so bids must be able to meet demands that cloud providers do not hand over any information to the US.
"That basically means that companies form the United States are excluded from such government bids and contracts," Opstelten said in the letter.
Excluding US cloud providers is not official policy yet. However, Vincent van Steen, spokesperson for the ministry of the interior, confirmed that the Dutch government is considering a ban on American cloud providers like Microsoft and Google. "The minister is considering this," he said. "This means that it could be a requirement for tenders and the awarding of contracts."
To Continue Reading: Click Here
--------------------------------------
Source: computerworld.uk.com
By: Loek Essers
Sunday, September 18, 2011
US lawmakers shun EU model on data privacy
US lawmakers dealing with data privacy on Thursday (15 September) said their legislation needs to be improved but warned against following the EU model, which in their view has a "sporadic and inconsistent enforcement."
Looking at the 'burden' of EU data privacy laws on US companies, representatives dealing with trade and commerce in the US Congress said that America's legislation needs to be upgraded to better protect against identity theft and security breaches, but that government has a tendency to "overreach".
Republican congresswoman Mary Bono Mack said EU online privacy laws have "sporadic and inconsistent enforcement, with a seemingly disproportionate number of American companies targeted for compliance violations."
"EU directives at some point crossed paths with Murphy's law. Anything that can possibly go wrong, does," she said.
Democratic congressman G.K. Butterfield said the EU data protection law sounds fine in principle, but it is not applied in the same way across the bloc. "For businesses that have to navigate the laws of these 27 different countries, some regulations can feel pointless, some paperwork and record-keeping burdensome, and some enforcement actions unfair," he said.
To Continue Reading: Click Here
--------------------------------------
Source: euobserver.com
By: Valentina Pop
Looking at the 'burden' of EU data privacy laws on US companies, representatives dealing with trade and commerce in the US Congress said that America's legislation needs to be upgraded to better protect against identity theft and security breaches, but that government has a tendency to "overreach".
Republican congresswoman Mary Bono Mack said EU online privacy laws have "sporadic and inconsistent enforcement, with a seemingly disproportionate number of American companies targeted for compliance violations."
"EU directives at some point crossed paths with Murphy's law. Anything that can possibly go wrong, does," she said.
Democratic congressman G.K. Butterfield said the EU data protection law sounds fine in principle, but it is not applied in the same way across the bloc. "For businesses that have to navigate the laws of these 27 different countries, some regulations can feel pointless, some paperwork and record-keeping burdensome, and some enforcement actions unfair," he said.
To Continue Reading: Click Here
--------------------------------------
Source: euobserver.com
By: Valentina Pop
HP Execs Call Pending Autonomy Acquisition Key To Information Management Plans
Hewlett-Packard (NYSE:HPQ)'s pending $10.3 billion acquisition of Autonomy is intended to help turn HP into a provider of information management services, said HP Chairman Ray Lane and Shane Robison, the company's executive vice president and chief strategy and technology officer.
The executives also promised to make the Autonomy technology available to mid-range customers also looking to extract value from their data.
Lane and Robison made their comments in response to questions from Fritz Nelson, senior vice president and editorial director of InformationWeek. InformationWeek is a sister publication of CRN.
Their comments come in the wake of last month's announcement that HP plans to acquire the British-based developer of information management software.
Autonomy, based in Cambridge, U.K., markets database search, information governance, information discovery, records management, archiving and Web content management software. Autonomy made news in May when it spent $380 million to acquire technology assets from iron Mountain, including digital archiving, e-discovery, and backup and recovery services.
Lane said HP's vision is to be a service company with innovative technology on the back end -- servers, storage, networking -- to provide information management.
To Continue Reading: Click Here
--------------------------------------
Source: crn.com
By: Joseph F. Kovar
The executives also promised to make the Autonomy technology available to mid-range customers also looking to extract value from their data.
Lane and Robison made their comments in response to questions from Fritz Nelson, senior vice president and editorial director of InformationWeek. InformationWeek is a sister publication of CRN.
Their comments come in the wake of last month's announcement that HP plans to acquire the British-based developer of information management software.
Autonomy, based in Cambridge, U.K., markets database search, information governance, information discovery, records management, archiving and Web content management software. Autonomy made news in May when it spent $380 million to acquire technology assets from iron Mountain, including digital archiving, e-discovery, and backup and recovery services.
Lane said HP's vision is to be a service company with innovative technology on the back end -- servers, storage, networking -- to provide information management.
To Continue Reading: Click Here
--------------------------------------
Source: crn.com
By: Joseph F. Kovar
Symantec: Files, Databases Overtake E-Mail in E-Discovery
E-mail is no longer the most requested type of electronically stored information in e-discovery, having been eclipsed by application data, database records, and documents, according to a new Symantec report.
Symantec, which makes data management and security software, acquired e-discovery specialist Clearwell for $390 million this summer. Its survey taken in June and July included lawyers and technologists at 2,000 enterprises worldwide.
Respondants gave a surprising answer to a question about how frequently various types of ESI are requested during legal and regulatory processes. Files and documents are requested in 67 percent of situations, followed by application and database records at 61 percent, and e-mail at 58 percent, they said. Microsoft SharePoint records are requested 51 percent of the time, while messaging formats such as instant messaging, texts, and BlackBerry PIN messages are needed 44 percent of the time. Data from social media trailed, being needed for 41 percent of ESI requests.
"I think the takeaway is not that e-mail isn't important ... I think the homogenous nature of electronic discovery, where e-mail axiomatically equals e-discovery at the expense of everything else, those days are behind us," Symantec e-discovery attorney Dean Gonsowski said. "I think its importance is being less impactful compared to these newer kinds of media, and the reason is everyone's already got their arms wrapped around e-mail. You could quibble with the exact ranking but you can't deny that loose files and databases are taking a seat at the table."
To Continue Reading: Click Here
--------------------------------------
Source: law.com
By: Evan Koblentz
Symantec, which makes data management and security software, acquired e-discovery specialist Clearwell for $390 million this summer. Its survey taken in June and July included lawyers and technologists at 2,000 enterprises worldwide.
Respondants gave a surprising answer to a question about how frequently various types of ESI are requested during legal and regulatory processes. Files and documents are requested in 67 percent of situations, followed by application and database records at 61 percent, and e-mail at 58 percent, they said. Microsoft SharePoint records are requested 51 percent of the time, while messaging formats such as instant messaging, texts, and BlackBerry PIN messages are needed 44 percent of the time. Data from social media trailed, being needed for 41 percent of ESI requests.
"I think the takeaway is not that e-mail isn't important ... I think the homogenous nature of electronic discovery, where e-mail axiomatically equals e-discovery at the expense of everything else, those days are behind us," Symantec e-discovery attorney Dean Gonsowski said. "I think its importance is being less impactful compared to these newer kinds of media, and the reason is everyone's already got their arms wrapped around e-mail. You could quibble with the exact ranking but you can't deny that loose files and databases are taking a seat at the table."
To Continue Reading: Click Here
--------------------------------------
Source: law.com
By: Evan Koblentz
Thursday, September 15, 2011
Court Denies Motion to Exclude Inadvertently Produced Email, Rejects Argument that 26(b)(5)(B) Request for the Email's Return Satisfied FRE 502(b)(3)
Williams v. District of Columbia, No. 06-02076 (CKK), 2011 WL 3659308 (D.D.C. Aug. 17, 2011)
In this case, the court denied the defendant’s motion to exclude an inadvertently produced email where the defendant failed to satisfy the burden of establishing that reasonable steps were taken to prevent disclosure and where the defendant failed to promptly take reasonable steps to rectify the error. In so holding, the court rejected the defendant’s argument that its actions pursuant to Rule 26(b)(5)(B) (i.e. sending a written request for the return of the email) were sufficient to discharge its obligations under FRE 502(b)(3).
In this case arising from claims of retaliation in violation of the District of Columbia Whistleblower Protection Act, the defendant produced a “recommendation to terminate packet” which contained a privileged email. The email was located within the first ten pages of the packet. Five months later, after realizing it’s mistake, the defendant wrote to the plaintiff requesting the return of the email pursuant to Rule 26(b)(5)(B). The plaintiff did not respond and the defendant did not follow up. More than two years later, when the email was identified as an exhibit for the plaintiff, the defendant filed a motion to exclude.
After ordering additional briefing from the parties, including on the issue of whether requesting the return of inadvertently privileged material pursuant to Rule 26(b)(5)(B) was “necessary or sufficient (or neither) for a party to discharge its obligations under Rule 502(b)(3),” the court denied the defendant’s Motion to Exclude. (FRE 502(b)(3) requires a party who has inadvertently produced a privileged document to “promptly” take “reasonable steps to rectify the error, including, if applicable following Federal Rule of Civil Procedure 26(b)(5)(B)” to avoid waiver.)
First, the court addressed the question of whether the defendant took reasonable steps to prevent disclosure and noted that it was the defendant’s burden to prove that it did. Citing the defendant’s reliance on “unsworn averments” of counsel who had not been involved with the case during the relevant time, the defendant’s failure to explain its methodology for its review and production and, more specifically, the defendant’s failure to provide “a concrete sense” of the number of documents reviewed and produced or to provide a "clear picture of the demand placed upon it by virtue of" the document requests and the timetable of production, the court held that the defendant did not meets its burden. The court’s analysis also identified “the sort of considerations one would expect to be relevant” to the question of whether reasonable steps were taken, including when the review occurred, how much time was allocated to review, the nature of the reviewers’ experience, the extent of supervision, whether the review included multiple rounds, and how privileged information was segregated, for example. No such information was provided by the defendant.
To Continue Reading: Click Here
--------------------------------------
Source: ediscoverylaw.com
In this case, the court denied the defendant’s motion to exclude an inadvertently produced email where the defendant failed to satisfy the burden of establishing that reasonable steps were taken to prevent disclosure and where the defendant failed to promptly take reasonable steps to rectify the error. In so holding, the court rejected the defendant’s argument that its actions pursuant to Rule 26(b)(5)(B) (i.e. sending a written request for the return of the email) were sufficient to discharge its obligations under FRE 502(b)(3).
In this case arising from claims of retaliation in violation of the District of Columbia Whistleblower Protection Act, the defendant produced a “recommendation to terminate packet” which contained a privileged email. The email was located within the first ten pages of the packet. Five months later, after realizing it’s mistake, the defendant wrote to the plaintiff requesting the return of the email pursuant to Rule 26(b)(5)(B). The plaintiff did not respond and the defendant did not follow up. More than two years later, when the email was identified as an exhibit for the plaintiff, the defendant filed a motion to exclude.
After ordering additional briefing from the parties, including on the issue of whether requesting the return of inadvertently privileged material pursuant to Rule 26(b)(5)(B) was “necessary or sufficient (or neither) for a party to discharge its obligations under Rule 502(b)(3),” the court denied the defendant’s Motion to Exclude. (FRE 502(b)(3) requires a party who has inadvertently produced a privileged document to “promptly” take “reasonable steps to rectify the error, including, if applicable following Federal Rule of Civil Procedure 26(b)(5)(B)” to avoid waiver.)
First, the court addressed the question of whether the defendant took reasonable steps to prevent disclosure and noted that it was the defendant’s burden to prove that it did. Citing the defendant’s reliance on “unsworn averments” of counsel who had not been involved with the case during the relevant time, the defendant’s failure to explain its methodology for its review and production and, more specifically, the defendant’s failure to provide “a concrete sense” of the number of documents reviewed and produced or to provide a "clear picture of the demand placed upon it by virtue of" the document requests and the timetable of production, the court held that the defendant did not meets its burden. The court’s analysis also identified “the sort of considerations one would expect to be relevant” to the question of whether reasonable steps were taken, including when the review occurred, how much time was allocated to review, the nature of the reviewers’ experience, the extent of supervision, whether the review included multiple rounds, and how privileged information was segregated, for example. No such information was provided by the defendant.
To Continue Reading: Click Here
--------------------------------------
Source: ediscoverylaw.com
My Thoughts on Electronic Discovery's Per Gigabyte Pricing Model
I recently read The Demise of Electronic Discovery’s Per-Gigabyte Pricing Model by Ben Kerschberg on Forbes.com September 13th and must say that I am a little disappointed with the topic when compared to many of the strong articles Ben has written on the subject. The article tends to focus on price and technology and the forces driving cost as opposed to the overall issues that must be considered when entering a discovery request.
My concern with a post like this on a widespread publication like Forbes is that it attempts to further commoditize a specialty industry that historically has been built on workflow and solutions and now in the buyers mind appears to be nothing more than technology and a person pushing buttons. By way of background I founded a software company to assist companies in driving down the costs associated with the discovery process. Prior to starting Mindseye Solutions I worked for nearly a decade on the services side consulting clients in how best to manage their ediscovery spend. During my time on the services side I watched several shifts in pricing occur, we went from a per-file and per-page model to a flat per-gigabyte model, then per gigabyte based on expansion of data, then pre-processing and filtering at a lower per GB rate. Today we see offerings of all processing, hosting, and first pass attorney review in one per document or per GB rate.
Through my career I have watched the industry mature and have also lived through the continuing maturation process. Through this process the market has adapted to the more widespread use of electronic data and as data sizes have grown exponentially we have seen more creative processes and consulting built around addressing these issues. Pricing models have adapted to give companies greater transparency around overall cost while also allowing for data reduction and downstream cost management at lower rates.
As the technology has evolved the primary focus has shifted to become less about the creation of solutions to manage this process and much more about the technology being used to get to that end result. Technology is only one piece of the equation; if the technology is not used properly, or if the infrastructure is inadequate and there are not clear cut processes around how the technology will be incorporated any firm is going to be in trouble whether large or small. Technology is simply a tool for delivering results, just because I have a hammer in my hand doesn’t make me a carpenter.
The gigabyte is one of the few known measures when beginning the discovery process. Charging on the gigabyte enables companies to gain a better understanding of what the projected downstream costs will be. Through education and experience companies can leverage the lower cost filtering and analysis components to manage their costs moving downstream while interacting with their data early and often. This process allows companies to continue expanding the review set by applying what is learned through review back into the overall universe of case data to prioritize more data for review. The gigabyte being charged by most service providers accounts for many areas that assist in providing value. When you factor in the overall costs for infrastructure, backups, redundancy, bandwidth, experienced analysts, consultants, IT personnel, hardware, software, space, marketing, sales and the amount of risk that a company is off-setting not only is the company gaining value they are getting a relative steal when you see the going rates for processing in 2011.
One of the major issues with the article is it focuses on commoditizing the companies providing support to organizations related to discovery but it doesn’t focus on what the driving factors are around these perceived cost increases. The article references the doubling of data within companies every 18-24 months and that this correlates to a company doubling their discovery costs as a result. Since 2002, I have seen the cost per-gigabyte of data drop or a pricing model change every 6-12 months, pricing per gigabyte of processing has dropped from $2500 per GB in 2007 to an average of around $100-$250 per GB in 2011. Not only is the price 1/10 of what it was in 2007, there are more creative ways to handle the reduction of data at an even lower cost per gigabyte or sometimes even a flat fee.
So where is the price for handling discovery doubling?
Bottom line, when entering discovery the plan shouldn’t be beating up ten service providers on their per gigabyte cost it should be time spent around evaluating the proposed plans of the providers and developing a solid strategy for managing cost and reducing data to manage downstream costs. This strategy can be around looking for predictability in an all-in model that includes processing hosting and review or other creative pricing options. While evaluating the various options a provider has, look at what steps are in place for reducing data also evaluate whether they provide details around pricing options and data reduction, look for a trusted partner that has well thought out workflow designs and project management that is ultimately going to get you down the path of lowest cost with the least risk. My guidance would be to look for all of the above and when a strong relationship can be forged, stick with it! The transactional nature of this business and lack of commitment make it hard to create a team. Some companies seem to go through service providers like someone goes through socks which can certainly create a lack of consistency. When there is a lack of consistency and a lack of planning discovery costs can skyrocket as mistakes made early can have dangerous implications in terms of cost and risk. While determining the appropriate partner it is also important to note that not all providers are created equal, so although price should always be an issue it should only be one part of your determining factors.
As a solid relationship is forged and a level of commitment between company and service provider is created, the two organizations can begin to grow together with consistency. There will be bumps in the road and issues will occur as this process is not a perfect science but provided each party learns from mistakes and systems are constantly refined to improve efficiency and minimize error the process can be streamlined. Over time the constant improvement of processes, planning, and management will result in a more predictable discovery process helping to reduce costs. As the relationship matures companies will have the ability to evaluate the amount of data being hosted and managed by their service partner as well as the technologies built into their workflow and from there a fixed annual cost can be derived that will assist in sharing risk; but bear in mind whether directly stated or not this fixed cost will in some way involve some unit of measure and that measure will more than likely be the gigabyte.
These are purely my thoughts on the overall process, I would love to hear your thoughts and any welcome comments.
Digging Out of the E-Discovery Morass One Idea at a Time
Much is said about the burdens and challenges of e-discovery, and rightfully so, but the organizations dedicated solely to improving the process are nearly just as prevalent.
One organization that has the most power to effect change in this area, at least at the federal level, is the Civil Rules Advisory Committee of the U.S. Judicial Conference. The committee, which is meeting more frequently these days, met last week to discuss potential changes to the Federal Rules of Civil Procedure -- specifically the rules regarding preservation and sanctions in e-discovery.
Offering a clearer direction on preservation issues in terms of what needs to be preserved and when would be music to defense attorneys' ears. It is often their clients that have the bulk of the data to be preserved and a number of defense attorneys cited enhanced preservation rules as one of the best ways to improve the difficulties of e-discovery for their clients.
"That would probably benefit a lot of large organizations with challenging IT issues," Morgan Lewis & Bockius' Stephanie A. "Tess" Blair said.
To Continue Reading: Click Here
--------------------------------------
Source: law.com
By: Gina Passerella
One organization that has the most power to effect change in this area, at least at the federal level, is the Civil Rules Advisory Committee of the U.S. Judicial Conference. The committee, which is meeting more frequently these days, met last week to discuss potential changes to the Federal Rules of Civil Procedure -- specifically the rules regarding preservation and sanctions in e-discovery.
Offering a clearer direction on preservation issues in terms of what needs to be preserved and when would be music to defense attorneys' ears. It is often their clients that have the bulk of the data to be preserved and a number of defense attorneys cited enhanced preservation rules as one of the best ways to improve the difficulties of e-discovery for their clients.
"That would probably benefit a lot of large organizations with challenging IT issues," Morgan Lewis & Bockius' Stephanie A. "Tess" Blair said.
To Continue Reading: Click Here
--------------------------------------
Source: law.com
By: Gina Passerella
IT ratchets up social-media involvement
Although marketing still rules most companies' social-media strategy decisions, IT is increasingly getting a seat at the table.
When a late arrival thought he'd catch up on the buzz at a recent conference of CIOs, he logged into Twitter. What he found -- or rather didn't find -- amazed him.
"I couldn't find a single tweet about what was happening at the conference that morning -- 300 CIOs in a room and not a single one using Twitter," recalls Paul Gillin, founder of Paul Gillin Communications, a social media consultancy in Framingham, Mass. Gillin, a former Computerworld editor in chief, was referring to a 2010 conference held by a vendor he didn't want to name.
Though he acknowledges that marketing is the dominant use of social media tools, the lack of Twitter activity by a group of CIOs "didn't make sense to me," Gillin says. "When a new technology comes into use, it is IT's responsibility to understand it."
"It's unfortunate that CIOs who really should be out there leading and experimenting and innovating are not," says Ed Marx, CIO at Texas Health Resources and a self-described "big-time" Twitter user. "Were they healthcare CIOs? We're always five to 10 years behind," says Ed Marx, CIO at Texas Health Resources in Arlington, in response to Gillin's anecdote. Marx, who calls himself a "big-time" Twitter user, says, "it's unfortunate that CIOs who really should be out there leading and experimenting and innovating are not."
Marx says he started using Twitter two and a half years ago, and now regularly uses Facebook, LinkedIn and an internal social media tool.
To Continue Reading: Click Here
--------------------------------------
Source: computerworld.com
By: Michael Fitzgerald
When a late arrival thought he'd catch up on the buzz at a recent conference of CIOs, he logged into Twitter. What he found -- or rather didn't find -- amazed him.
"I couldn't find a single tweet about what was happening at the conference that morning -- 300 CIOs in a room and not a single one using Twitter," recalls Paul Gillin, founder of Paul Gillin Communications, a social media consultancy in Framingham, Mass. Gillin, a former Computerworld editor in chief, was referring to a 2010 conference held by a vendor he didn't want to name.
Though he acknowledges that marketing is the dominant use of social media tools, the lack of Twitter activity by a group of CIOs "didn't make sense to me," Gillin says. "When a new technology comes into use, it is IT's responsibility to understand it."
"It's unfortunate that CIOs who really should be out there leading and experimenting and innovating are not," says Ed Marx, CIO at Texas Health Resources and a self-described "big-time" Twitter user. "Were they healthcare CIOs? We're always five to 10 years behind," says Ed Marx, CIO at Texas Health Resources in Arlington, in response to Gillin's anecdote. Marx, who calls himself a "big-time" Twitter user, says, "it's unfortunate that CIOs who really should be out there leading and experimenting and innovating are not."
Marx says he started using Twitter two and a half years ago, and now regularly uses Facebook, LinkedIn and an internal social media tool.
To Continue Reading: Click Here
--------------------------------------
Source: computerworld.com
By: Michael Fitzgerald
Report: Product Integration, M&A in E-Discovery's Future
Looking to the future, customers of e-discovery software and services face difficult challenges, such as poorly integrated systems, conflicting legal rules, the effects of industry mergers, and uncertainty over how to handle multimedia data, analysts at The 451 Group said in their recently released annual report, "E-Discovery and E-Disclosure 2011."
But the questions of how best to approach such obstacles are open-ended, analysts Nick Patience and David Horrigan wrote.
To begin, they said, e-discovery customers should be wary of vendor claims about a single software suite seamlessly addressing all blocks of the Electronic Discovery Reference Model. "Such claims are almost never accurate," they wrote. "Covering the entire EDRM is a difficult -- some might say impossible -- task." Service providers can do that better than software companies, as even industry giants such as Autonomy entered the various EDRM sections by acquisitions that still need better integration with each other, they noted.
Industry-wide, there are major challenges to discovering unstructured data, such as that in cloud-based storage and social media, along with audio, video, and anything from mobile devices. For mobile devices specifically, "The issue there is the shift in the perimeter of control. It's no longer the corporate network, or even a private cloud, it's wherever that device happens to be, perhaps even in which jurisdiction that device happens to be. The more portable they become, the less relevant old notions of networks will become," Patience added, in an e-mail interview with Law Technology News.
To Continue Reading: Click Here
--------------------------------------
Source: law.com
By: Evan Koblentz
But the questions of how best to approach such obstacles are open-ended, analysts Nick Patience and David Horrigan wrote.
To begin, they said, e-discovery customers should be wary of vendor claims about a single software suite seamlessly addressing all blocks of the Electronic Discovery Reference Model. "Such claims are almost never accurate," they wrote. "Covering the entire EDRM is a difficult -- some might say impossible -- task." Service providers can do that better than software companies, as even industry giants such as Autonomy entered the various EDRM sections by acquisitions that still need better integration with each other, they noted.
Industry-wide, there are major challenges to discovering unstructured data, such as that in cloud-based storage and social media, along with audio, video, and anything from mobile devices. For mobile devices specifically, "The issue there is the shift in the perimeter of control. It's no longer the corporate network, or even a private cloud, it's wherever that device happens to be, perhaps even in which jurisdiction that device happens to be. The more portable they become, the less relevant old notions of networks will become," Patience added, in an e-mail interview with Law Technology News.
To Continue Reading: Click Here
--------------------------------------
Source: law.com
By: Evan Koblentz
Tuesday, September 13, 2011
The Demise of Electronic Discovery's Per-Gigabyte Price Model
I’ve written on several occasions that one of the best ways to learn about timely topics, especially in an industry changing so rapidly, is via webinars and podcasts. I had the opportunity to listen to E-Discovery—Without The High Price Tag on Digital Detectives, a great series held regularly by Sharon Nelson and John Simek, President and Vice President of Sensei Enterprises, respectively. This episode featured Bill Gallivan, Managing Executive of Gallivan Gallivan & O’Melia. Digital Detectives is available for free on both the Legal Talk Network and on iTunes. (Note: I am not affiliated with any of these enterprises.)
Upward Price Forces and E-Discovery
The amount of electronically stored information (“ESI”) now doubles every 18-24 months. Corporations are thus faced with the impossible situation of simultaneously having to double their outlay to third-party e-discovery vendors. Why? The answer is pretty simple. Almost all e-discovery vendors still charge their clients based on an anachronistic per-gigabyte (i.e. per volume of ESI) model that ignores both the present and future of e-discovery.
According to Gallivan, there are least two key reasons why the price of processing ESI is increasing so rapidly.
To Continue Reading: Click Here
--------------------------------------
Source: forbes.com
By: Ben Kerschberg
Upward Price Forces and E-Discovery
The amount of electronically stored information (“ESI”) now doubles every 18-24 months. Corporations are thus faced with the impossible situation of simultaneously having to double their outlay to third-party e-discovery vendors. Why? The answer is pretty simple. Almost all e-discovery vendors still charge their clients based on an anachronistic per-gigabyte (i.e. per volume of ESI) model that ignores both the present and future of e-discovery.
According to Gallivan, there are least two key reasons why the price of processing ESI is increasing so rapidly.
To Continue Reading: Click Here
--------------------------------------
Source: forbes.com
By: Ben Kerschberg
Legal Technology at a Customization Crossroads
The hacker ethic is making a comeback. "Hacker" in 21st-century media and technology circles is often associated with crime, but its original definition simply meant exploration and personalization of a system -- da Vinci, Newton, Edison, and Gates were all hackers. In 2011, it can mean anything from "rooting" your smartphone (a legal way of running the software you want, instead of the software your handset vendor and wireless carrier want) to attending an event such as the increasingly popular Maker Faire series (a pro-am science festival that I strongly recommend attending.)
Lawyers have hacking opportunities, too. E-discovery review specialist kCura two months ago illuminated its own twist on the concept of an e-discovery applications market. That example is significant because the vendor is encouraging customers to engage in software personalization, and the results are available to everyone. Service providers also sometimes engage in such customization as they learn the software market -- just ask Integreon, where officials told me their specialized services have been misunderstood by all manner of experts and pundits. kCura and Integreon are both name-brand companies trying to win by doing something unique.
So I e-mailed industry analysts Brian Hill, of Forrester Research, and Deb Logan, of Gartner, and asked what they think of customization vs. off-the-shelf products in e-discovery.
To Continue Reading: Click Here
--------------------------------------
Source: law.com
By: Evan Koblentz
Lawyers have hacking opportunities, too. E-discovery review specialist kCura two months ago illuminated its own twist on the concept of an e-discovery applications market. That example is significant because the vendor is encouraging customers to engage in software personalization, and the results are available to everyone. Service providers also sometimes engage in such customization as they learn the software market -- just ask Integreon, where officials told me their specialized services have been misunderstood by all manner of experts and pundits. kCura and Integreon are both name-brand companies trying to win by doing something unique.
So I e-mailed industry analysts Brian Hill, of Forrester Research, and Deb Logan, of Gartner, and asked what they think of customization vs. off-the-shelf products in e-discovery.
To Continue Reading: Click Here
--------------------------------------
Source: law.com
By: Evan Koblentz
Monday, September 12, 2011
Keep E-Discovery Costs From Torpedoing Litigation Budgets
Opposing counsel has just served requests for production,seeking electronic data from the past 10 years, including data stored on legacy systems, backup tapes, and disaster recovery systems. At first glance, the recovery costs of this data alone could exceed the value of the suit. So what's the next step in-house counsel should take?
Rely on the procedural rules. Texas Rule of Civil Procedure 196.4 may provide relief. Similar to Federal Rule of Civil Procedure 26(b)(2), Texas Rule 196.4 requires the responding party to produce responsive electronic information "reasonably available to the responding party in its ordinary course of business." However, a responding party is not required to produce electronic information that it cannot retrieve or produce "through reasonable efforts."
Texas Rule 196.4 contains a mandatory cost-shifting provision triggered when the electronic information requested is not "reasonably available" to the responding party. Under the rule, when a court orders the production of such information, it must "also order that the requesting party pay the reasonable expenses of any extraordinary steps required to retrieve and produce the information."
To invoke the cost-shifting provision of Rule 196.4, the responding party must object to the request for production on the ground that the requested information is not reasonably available. Under Rule 193.4, which governs objections and assertions of privilege, either party may seek a hearing on the objection, at which time the responding party must prove that the requested electronic information is not reasonably available in the ordinary course of business.
Understand the information systems. Understanding the client's information systems is critical for maintaining or challenging an objection to a request for electronic information.
To Continue Reading: Click Here
--------------------------------------
Source: law.com
By: Rick Anigian and Charlie Jones
Rely on the procedural rules. Texas Rule of Civil Procedure 196.4 may provide relief. Similar to Federal Rule of Civil Procedure 26(b)(2), Texas Rule 196.4 requires the responding party to produce responsive electronic information "reasonably available to the responding party in its ordinary course of business." However, a responding party is not required to produce electronic information that it cannot retrieve or produce "through reasonable efforts."
Texas Rule 196.4 contains a mandatory cost-shifting provision triggered when the electronic information requested is not "reasonably available" to the responding party. Under the rule, when a court orders the production of such information, it must "also order that the requesting party pay the reasonable expenses of any extraordinary steps required to retrieve and produce the information."
To invoke the cost-shifting provision of Rule 196.4, the responding party must object to the request for production on the ground that the requested information is not reasonably available. Under Rule 193.4, which governs objections and assertions of privilege, either party may seek a hearing on the objection, at which time the responding party must prove that the requested electronic information is not reasonably available in the ordinary course of business.
Understand the information systems. Understanding the client's information systems is critical for maintaining or challenging an objection to a request for electronic information.
To Continue Reading: Click Here
--------------------------------------
Source: law.com
By: Rick Anigian and Charlie Jones
Friday, September 09, 2011
Conn. Courts Weigh In on Social Media as Evidence
When defendant Robert Eleck wanted to impeach the credibility of a key prosecution witness, he turned to a source that has increasingly provided a treasure trove of evidence in court cases: Facebook. The messages on the witness's Facebook page appeared to contradict her testimony that she had no contact with Eleck after he was accused of stabbing another teen at a party.
But there was just one catch. Though the woman did not deny the postings came from her Facebook account, she testified that she had not written them. Instead, she claimed, the page had been hacked into. She planted enough seeds of doubt that the trial judge ruled the messages inadmissible as evidence.
The Connecticut Appellate Court recently upheld the ruling. It's one of a number of similar decisions in jurisdictions around the country as courts grapple with whether and how to admit social media evidence in civil and criminal cases.
At least one legal scholar believes the Connecticut ruling grafts a stricter standard of admissibility onto social media evidence than what is required.
"You really have to accept the fact that the standard is sufficiency and the standard is a low standard for a purpose," said Sam Stonefield, a professor at Western New England University School of Law who has written extensively on evidence issues. "If there are problems with the evidence, let the other side bring those to the attention of the jury and let the jury decide. Historically, whenever there's been a new technology, courts have been wary of embracing that new technology."
To Continue Reading: Click Here
--------------------------------------
Source: law.com
By: Marie P. Grady
But there was just one catch. Though the woman did not deny the postings came from her Facebook account, she testified that she had not written them. Instead, she claimed, the page had been hacked into. She planted enough seeds of doubt that the trial judge ruled the messages inadmissible as evidence.
The Connecticut Appellate Court recently upheld the ruling. It's one of a number of similar decisions in jurisdictions around the country as courts grapple with whether and how to admit social media evidence in civil and criminal cases.
At least one legal scholar believes the Connecticut ruling grafts a stricter standard of admissibility onto social media evidence than what is required.
"You really have to accept the fact that the standard is sufficiency and the standard is a low standard for a purpose," said Sam Stonefield, a professor at Western New England University School of Law who has written extensively on evidence issues. "If there are problems with the evidence, let the other side bring those to the attention of the jury and let the jury decide. Historically, whenever there's been a new technology, courts have been wary of embracing that new technology."
To Continue Reading: Click Here
--------------------------------------
Source: law.com
By: Marie P. Grady
ACAS publishes social media usage guide
The employment relations body estimates that almost six out of ten staff (55 percent) now use social network like Facebook and Twitter at work. How to police it
U.K. Employment relations body Advisory, Conciliation and Arbitration Service (ACAS) has published an employers' guide on the use of social networks in the workplace, to help them avoid disputes.
ACAS estimates that almost six out of ten staff (55 percent) now use social network like Facebook and Twitter at work, either on computers or mobile phones.
But it said some employers complain that "many staff are abusing access" by looking at personal web pages instead of working, posting derogatory comments about managers and colleagues, or buying and selling online.
ACAS says some employers like BT and HMRC have already issued their own social media policies, but that fewer than one in ten employers have such a policy.
ACAS main recommendation is that an employer should consult with staff and trade unions to spell out the "dos and don'ts" of using the internet and social media, and that they should also make clear the consequences of breaching a social media policy, which should become part of contracts of employment.
To Continue Reading: Click Here
--------------------------------------
Source: itworldcanada.com
By: Antony Savvas
U.K. Employment relations body Advisory, Conciliation and Arbitration Service (ACAS) has published an employers' guide on the use of social networks in the workplace, to help them avoid disputes.
ACAS estimates that almost six out of ten staff (55 percent) now use social network like Facebook and Twitter at work, either on computers or mobile phones.
But it said some employers complain that "many staff are abusing access" by looking at personal web pages instead of working, posting derogatory comments about managers and colleagues, or buying and selling online.
ACAS says some employers like BT and HMRC have already issued their own social media policies, but that fewer than one in ten employers have such a policy.
ACAS main recommendation is that an employer should consult with staff and trade unions to spell out the "dos and don'ts" of using the internet and social media, and that they should also make clear the consequences of breaching a social media policy, which should become part of contracts of employment.
To Continue Reading: Click Here
--------------------------------------
Source: itworldcanada.com
By: Antony Savvas
Sedona Conference Shuffles Leadership, Expands Working Groups
The Sedona Conference, a technology-focused legal think tank that is particularly influential regarding e-discovery, recently announced new management positions and said that founder and former executive director Richard Braman is now its full-time chairman.
"Instead of one person wearing all those hats, we'll have four people. I became a victim of my own success and started working way too many hours per week," said Braman, who founded the nonprofit organization in Sedona, Ariz., in 1997.
John Rabieg, appointed as executive director on Jan. 31, will forgo that position to become director of judicial outreach. Kenneth Withers, who joined Sedona in 2006 as director of judicial education and content, is narrowing his focus to the education component.
In addition, Howard Bergman joins as director of conferences and content, and will continue serving as counsel in residence at the University of Minnesota Law School. Dustin McKissen is the new director of business operations, and previously was deputy CEO of the National Association for Information Destruction.
To Continue Reading: Click Here
--------------------------------------
Source: law.com
By: Evan Koblentz
"Instead of one person wearing all those hats, we'll have four people. I became a victim of my own success and started working way too many hours per week," said Braman, who founded the nonprofit organization in Sedona, Ariz., in 1997.
John Rabieg, appointed as executive director on Jan. 31, will forgo that position to become director of judicial outreach. Kenneth Withers, who joined Sedona in 2006 as director of judicial education and content, is narrowing his focus to the education component.
In addition, Howard Bergman joins as director of conferences and content, and will continue serving as counsel in residence at the University of Minnesota Law School. Dustin McKissen is the new director of business operations, and previously was deputy CEO of the National Association for Information Destruction.
To Continue Reading: Click Here
--------------------------------------
Source: law.com
By: Evan Koblentz
Thursday, September 08, 2011
Does Clicking 'I Agree' Create a Binding Contract?
As consumers continue to buy more and more products over the internet, courts are being presented with opportunities to examine the validity of online agreements.
For example, on May 13, the Appellate Division decided Hoffman v. Supplements Togo Mgmt., LLC, 419 N.J. Super. 596 (App. Div. 2011), holding that the forum-selection clause contained on the defendant's website did not meet the "fair and forthright" standard, and was therefore presumptively unenforceable. The court in Hoffman foreshadowed the likelihood of growth of this area of the law, stating: "[C]onsumers are increasingly purchasing products and services over the Internet. As those Internet transactions have become more prevalent, so too have legal disputes proliferated over the contractual rights created in cyberspace between buyers and sellers."
Prior to Hoffman, courts in several jurisdictions, including New Jersey, had decided cases involving the validity of online agreements. The New Jersey Appellate Division first dealt with this issue in Caspi v. Microsoft Network, 323 N.J. Super. 118 (App. Div. 1999). In Caspi, the plaintiffs, members of the defendant's internet service, filed suit claiming, among other things, consumer fraud. The defendant moved to dismiss the complaint for lack of jurisdiction, claiming that the suit could only be brought in the state of Washington, as per a forum-selection clause found in the membership agreement plaintiffs allegedly agreed to when they clicked through the website.
The court in Caspi looked at the circumstances under which the plaintiffs were presented the online agreement. Before becoming a member of the defendant's service, a prospective subscriber was prompted to view a membership agreement containing the forum-selection clause. The membership agreement appeared on the web page next to blocks providing the choices "I Agree" and "I Don't Agree." Registration could proceed only after the potential subscriber had assented to the membership agreement by clicking on "I Agree."
To Continue Reading: Click Here
--------------------------------------------------
Source: Law.com
By: Elliot D. Ostrove and Brian W. Disler
Wednesday, September 07, 2011
Special Master Considers Whether Attachments to Emails Must be Produced
Abu Dhabi Commercial Bank v. Morgan Stanley & Co, Inc., No. 08 Civ. 7508(SAS), 2011 WL 3738979 (S.D.N.Y. Aug. 18, 2011)
In this case, the Special Master considered the question of whether, under the particular circumstances of this case, emails and their attachments should be considered singular or separate entities and thus, whether they must be produced together. While no definitive answer emerged, the Special Master’s consideration of the issues and resulting recommendation are illuminating, and were ultimately adopted by District Court Judge Shira Scheindlin.
Summarizing broadly, defendants sought to compel SEI Investments (“SEI”) to produce the attachments to many emails previously produced without them or to provide an explanation for why the attachments were being withheld. SEI responded that it had produced all relevant, non-privileged, responsive documents and that the unproduced attachments were not responsive primarily because they were outside of the applicable date range.
Seeking to establish the relevant legal standard, the Special Master consulted a diversity of sources, but none provided a definitive answer. Rather, the sources revealed conflicting treatment and considerations. In favor of producing together, for example, the Special Master noted that “many” cases imply such an obligation, but acknowledged that most dealt with format of production issues where relevance was presumed. The Special Master also considered Evidence Rule 106 and the “completeness” standard (leading to the conclusion that if something is attached, it is likely relevant to the context of the communication); Rule 34’s allowance for producing things as kept in the usual course of business and its appealing application to emails and attachments; and the indications of “anecdotal” and secondary sources that production together was “the prevailing practice.” Against producing together, the Special Master cited the practice of treating emails and attachments separately for purposes of privilege determinations. Further, the Special Master indicated that "conceptually" there was "a good basis for considering each item . . . seperately," and reasoned that “[r]elevance is the sine qua non of discovery” such that “if information is not relevant, it is not discoverable under plain text of the Rule.” (Citing Rule 26(b)(1))
To Continue Reading: Click Here
--------------------------------------
Source: ediscoverylaw.com
In this case, the Special Master considered the question of whether, under the particular circumstances of this case, emails and their attachments should be considered singular or separate entities and thus, whether they must be produced together. While no definitive answer emerged, the Special Master’s consideration of the issues and resulting recommendation are illuminating, and were ultimately adopted by District Court Judge Shira Scheindlin.
Summarizing broadly, defendants sought to compel SEI Investments (“SEI”) to produce the attachments to many emails previously produced without them or to provide an explanation for why the attachments were being withheld. SEI responded that it had produced all relevant, non-privileged, responsive documents and that the unproduced attachments were not responsive primarily because they were outside of the applicable date range.
Seeking to establish the relevant legal standard, the Special Master consulted a diversity of sources, but none provided a definitive answer. Rather, the sources revealed conflicting treatment and considerations. In favor of producing together, for example, the Special Master noted that “many” cases imply such an obligation, but acknowledged that most dealt with format of production issues where relevance was presumed. The Special Master also considered Evidence Rule 106 and the “completeness” standard (leading to the conclusion that if something is attached, it is likely relevant to the context of the communication); Rule 34’s allowance for producing things as kept in the usual course of business and its appealing application to emails and attachments; and the indications of “anecdotal” and secondary sources that production together was “the prevailing practice.” Against producing together, the Special Master cited the practice of treating emails and attachments separately for purposes of privilege determinations. Further, the Special Master indicated that "conceptually" there was "a good basis for considering each item . . . seperately," and reasoned that “[r]elevance is the sine qua non of discovery” such that “if information is not relevant, it is not discoverable under plain text of the Rule.” (Citing Rule 26(b)(1))
To Continue Reading: Click Here
--------------------------------------
Source: ediscoverylaw.com
Subscribe to:
Posts (Atom)
