Survey Says 51 Percent of Organizations Lose Data Through Mobile Devices, 59 Percent of Employees Dodge Security Controls

A new "Global Study on Mobility Risks" reveals that corporate mobile devices and the bring-your-own-device (BYOD) phenomenon are rapidly circumventing enterprise security and policies. Seventy-seven percent of more than 4,000 respondents in 12 countries agree that the use of mobile devices in the workplace is important to achieving business objectives. But 76 percent also believe that these devices put their organizations at risk—and only 39 percent have the necessary security controls to address the risk.

"IT has spent years working on desktop security and trying to prevent data loss over web and email channels—but mobile devices are radically changing the game," said Tom Clare, senior director of Product Marketing Management. "Tablets and iOS devices are replacing corporate laptops as employees bring-their-own-devices to work and access corporate information. These devices open the door to unprecedented loss of sensitive data. IT needs to be concerned about the data that mobile devices access and not the device itself."

According to a previous Ponemon Institute survey, IT respondents said 63 percent of breaches occurred as a result of mobile devices. And only 28 percent said employee desktop computers were the cause.(i)

Today's research, conducted by the Ponemon Institute© and sponsored by content security provider Websense, Inc.® (NASDAQ: WBSN), is designed to help IT security professionals plan for an increasingly mobile workforce. The research shows that organizations often don't know how and what data is leaving their networks through non-secure mobile devices. Traditional static security solutions such as antivirus (AV), firewalls, and passwords are not effective at stopping advanced malware and data theft threats from malicious or negligent insiders.

To Continue Reading: Click Here
------------------------------------------------------
Source: itnewsonline.com

Top 3 Considerations for Deploying Social Technology in the Enterprise

While we might expect social within the enterprise to be easy as Facebook or Twitter, it’s not. Deploying social technology within the enterprise is a journey filled with organizational hurdles that include compliance, security, culture change, executive sponsorship, budget and integration challenges to name just a few. In some organizations, this social journey begins when the business wants to embrace social before corporate IT is ready.

Often times the business seems to ignore these hurdles and the result is yet another silo of information — which, in actuality, becomes an unsanctioned content repository. The business, yes the business, seems to focus too much on technology, shiny new user interfaces, new smart phone applications or some marketing pitch about a “new way to work” and not enough on change management or the reality of a business world concerned about governance, risk, or compliance. Oh how “consumerization of IT” has turned the tables as it used to be the geeks in IT with the shiny new toys!

Enterprise social computing has quickly become a crowded and confusing market sector.

As the social technology space has evolved, it's become difficult for anyone evaluating vendors to untangle the marketing hype and buzzword overload. Some vendors offer standalone social “suites” with a unique and separate technology stack running outside of existing enterprise systems. In other cases, functional or departmental business applications like eLearning, CRM or applications originally designed for enterprise wikis are all jumping into the social game with more “suite-like” functionality.

To Continue Reading: Click Here
------------------------------------------------------
Source: cmswire.com
By: Rich Blank

Healthcare: A Special Area For Privacy And Data Protection

The Editor interviews Jo-Ellyn Sakowitz Klein, who leads Akin Gump Strauss Hauer & Feld LLP’s interdisciplinary privacy and data protection initiative.

Editor: Please tell our readers about your practice.

Klein: I advise clients primarily in the health, technology, professional sports and insurance industries on best practices and compliance with state and federal privacy and data protection laws. Clients typically approach me with privacy and data protection concerns arising in the course of their operations, in transactions and in connection with strategic planning, as well as when a data incident occurs.

Editor: In a September, 2011 article in this newspaper entitled “Legislative Proposals Compete As Privacy, Data Security, and Breach Notification Continue To Draw The Attention Of Federal Policymakers” to which you contributed, a number of measures introduced in both houses relating to data privacy were discussed. Did any of the measures become law?

Klein: None of the federal proposals have become law as of yet. There has been some discussion of adding data security and/or breach notification provisions to the cybersecurity bill that has seen some movement in the Senate, but its future remains unclear, as there are many critics both in and out of Congress. In terms of predictions for the near future, consumer privacy and data protection issues will continue to receive a lot of attention on the Hill, especially if companies experience more data breaches or other major snafus. Given the current climate and minimal appetite for compromise, however, it seems unlikely that Congress will enact a comprehensive consumer privacy bill this year. For any affected entity, it will be important to monitor the debate, understand how proposals would impact operations and make an active decision on whether to engage in the discussion.

To Continue Reading: Click Here
------------------------------------------------------
Source: metrocorpcounsel.com
By: Jo-Ellyn Sakowitz Klein

The Next Governance Frontier: Social Media

For many businesses, the use of social media is a necessity. FaceBook, Twitter, Blogs, and YouTube are marketing vehicles that can help campaigns go viral at a fraction of the cost of traditional advertising. LinkedIn is a networking tool that can allow workers to find and connect with new business partners and customers. Simply put, businesses cannot afford not to be social. However, companies that dive into social media without the right policies and solutions to govern usage will encounter information governance and eDiscovery nightmares down the road.

This scenario has played out time and time again, most recently with email in mid 1990s. Originally, email was a tool reserved only for the highest level executives in a company. But, it quickly rolled out to the masses and became the dominant communication tool of the 2000s.

Email proved to be beneficial to businesses by easing and speeding collaboration. But, email also created costly nightmares in the form of reactive eDiscovery. With this new form of collaboration came new forms of data types and metadata types and the compression of mass amounts of email into personal archives (e.g. PSTs) that required expensive processing when litigation arose. Email, and most electronically stored information (ESI), was still fairly new, so companies could not forsee eDiscovery challenges associated with the massive volume of email coming. Who could have known how expensive it would be to process Terabytes of email only to find that a small percentage was even relevant to the case at hand? In the social media realm, however, companies can not hide behind ignorance. Instead, they can get ahead of social media by putting in place governance policies, processes, and tools to ensure that the email history lesson informs these new methods of collaboration.

To Continue Reading: Click Here

------------------------------------------------------

Source: forbes.com

By: Barry Murphy

Google's New Privacy Policy Breaches European Law, Say Data Regulators

Google should delay introduction of the policy until European regulators have completed an investigation of the changes

Google's new privacy policy does not comply with European data protection law, and the company should delay its introduction pending an investigation of the changes, the French data privacy regulator told Google CEO Larry Page in a letter on Monday. But the company said once again that it will press ahead with the new policy, set to go live on Thursday.

The French National Commission on Computing and Liberty (CNIL) wrote to Page to express the concerns of the Article 29 Working Group, an umbrella body for data protection regulators from European Union member states.

Page did not respond directly: The company's reply was signed on behalf of Google Global Privacy Counsel Peter Fleischer.

The Article 29 Working Group's chairman, Jacob Kohnstamm, had already written to Page on Feb. 2 asking the company to delay introduction of the new policy, but Google said then it had no intention of doing so.

In Google's latest refusal to comply, Fleischer said: "We have been keen to meet with the CNIL as lead authority on this matter and have reached out to your office on several occasions both prior to and since receiving Mr Kohnstamm's letter."

But, he continued, "Google are not in a position to pause the worldwide launch of our new privacy policy. [...] To pause now would cause a great deal of confusion for users."

To Continue Reading: Click Here
------------------------------------------------------
Source: csoonline.com
By: Peter Sayer

Facebook conducting “test” SMS snooping

Social network could be reading what you're texting on Android

Facebook accesses text messages on your Android phone.

That’s the latest privacy outcry headline from an article in the Sunday Times (via C-Net), which claims the social network is using its Android app to spy on folks’ text messages. The app also has the power to write, not just read, messages.

Facebook, predictably, has been quick to respond to this one. Off the bat it said the newspaper was simply “completely wrong”, but then changed tack in a later statement to say it was conducting limited testing with this feature.

In other words, “most” users weren’t affected, although there’s no way of telling whether you’re one of those Android users who are having their texts sifted through. Not a particularly pleasant feeling…

As reported by C-Net, the Facebook statement read: “Facebook is currently running a limited test of mobile features which integrate with SMS functionality. SMS read/write is not currently implemented for most users of the mobile app.”

To Continue Reading: Click Here
------------------------------------------------------
Source: techwatch.co.uk
By: Adam Smith

Can You Survive A Fraud Investigation? Part 2: A Practical Guide To Responding To Government Investigations

Learning that your company is the subject – or worse, the target – of a government investigation can be an alarming and momentous event. Government investigations can disrupt operations, discourage morale, and, in some cases, trigger reporting obligations. If an investigation becomes public, it can undermine consumer trust, scare investors, and unnerve lenders. For government contractors and others in highly regulated industries, the exposure can multiply quickly as government agencies can suspend or debar a subject based solely on the allegations in a complaint.

These days, government investigations are affecting businesses large and small. The Department of Justice (DOJ) has been announcing record-breaking settlements with public companies over alleged violations of the Foreign Corrupt Practices Act (FCPA) and False Claims Act (FCA) – two of its preferred tools for investigating fraud. Small companies are being targeted, too, with an increased focus on businesses that have received preferential treatment.

And yet, government investigations often begin without any warning. Federal agents may swoop in with a search warrant, approach unsuspecting employees at their homes, or even tap phone lines. Rarely does a company anticipate a fraud investigation or even believe that its employees could be accused of such conduct. In fact, investigators often use surprises to get what they believe are more candid assessments of a company’s operations and culture. As a result, how you respond to that initial contact is critical to setting the right tone for interactions with the government and minimizing any further exposure.

To Continue Reading: Click Here
------------------------------------------------------
Source: metrocorpcounsel.com
By: Roderick L. Thomas and Mark B. Sweet

Firms wary of offshore cloud

SOME Australian companies are worried about storing personally identifiable data offshore and in some cases were "paranoid", according to cloud computing service providers.

Concern about weaker privacy law in other countries and the ability of overseas law enforcement agencies to gain access to data was prime concern.

Providers of cloud services attending the Kickstart 2012 conference on the Gold Coast said clients sometimes were “paranoid” about storing their company data offshore and often wanted a totally onshore solution.

“Even if it’s American-based cloud in Australia, that’s not good enough, it has to be Australian-based cloud in Australia with no American connection at all,” CA Technologies chief technical officer Carl Terrantroy said.

“It depends what it is,” he said.

To Continue Reading: Click Here

------------------------------------------------------

Source: theaustralian.com.au

By: Chris Griffith

Text messages have a way of emerging in divorce court

Couples who might be headed for a nasty breakup should be careful about texting, which could end up as evidence against them in divorce court.

More than 90 percent of the top divorce lawyers in the United States say they have seen a spike in the number of cases using evidence from smartphones during the past three years, according to the American Academy of Matrimonial Lawyers.

The rise in texting evidence follows a similar trend of two years ago, when the academy — a professional group of 1,600 members who handle prenuptial agreements, legal separations, annulments, custody battles, property divisions and the rights of unmarried couples — noticed a surge in evidence from Facebook pages.

“With emails, you can think about and rewrite them. There is a window of opportunity to rethink what you are saying,” academy President Ken Altshuler said. “But text messaging is immediate. We get a lot of text messages that people send out without thinking.”

To Continue Reading: Click Here
------------------------------------------------------
Source: dispatch.com

By: Patricia Reaney

Judge Peck Issues Opinion on Computer-Assisted Review

Magistrate Judge Andrew Peck, of the U.S. District Court for the Southern District of New York, issued a much-anticipated computer-assisted review opinion on Friday, acknowledging that it "appears to be the first in which a Court has approved of the use of computer-assisted review" in electronic data discovery.

In Monique Da Silva Moore, et al., Plaintiffs, v. Publicis Groupe & MSL Group, Defendents, 11 Civ. 1279 (ALC)(AJP), five women plaintiffs are suing "one of the world's 'big four advertising conglomerates,' and its United States public relations subsidiary," for gender discrimination.

Peck wrote that, "the decision to allow computer-assisted review in this case was relatively easy -- the parties agreed to its use (although disagreed about how best to implement such review). The Court recognizes that computer-assisted review is not a magic, Staples-Easy-Button, solution appropriate for all cases. The technology exists and should be used where appropriate, but it is not a case of machine replacing humans: it is the process used and the interaction of man and machine that the courts need to examine."

To Continue Reading: Click Here
------------------------------------------------------
Source: law.com
By: Monica Bay

From the Experts: Cloud Computing's Hidden Export Regulation Risks

How to avoid violating U.S. trade controls when storing data in the cloud.

Thousands of Americans export data overseas every day without U.S. government authorizations and don’t even know it. How? By using cloud-computing services, ranging from personal services like Gmail to large-scale enterprise data storage solutions. While cloud-based services have become a valuable tool for improving efficiency, outdated government regulation leaves cloud users exposed.

Here’s an example. Imagine you’re an engineer working for a small firm in Indiana that uses a cloud service for data storage. One day you realize the company’s aluminum valves, used only by U.S. customers, could be improved with a redesigned “butterfly” mechanism. You revise the design specifications on your desktop computer and click “save.” Your company’s cloud provider routes your document to its network’s least burdened location—which happens to be in India—for storage.

Guess what? Controlled technical information was just exported to India without U.S. government authorization.

Under a literal interpretation of the U.S. Department of Commerce’s Export Administration Regulations (EAR), you and your company would be subject to penalties totaling up to $250,000 per violation. (If the data were military technology under the U.S. State Department’s purview, civil penalties could reach $500,000 per violation.) Violations are subject to “strict liability”—you would be on the hook even if you didn’t intend to “export,” or even if you didn’t know your technology is subject to controls.

But here’s the kicker: It’s unclear whether the U.S. would apply the rules literally, though there’s reason to conclude that the government would pursue this kind of case if the data involved were particularly sensitive and if the cloud user had failed to take appropriate steps to minimize risk. Only one of the various federal agencies responsible for trade controls has addressed cloud computing, however, and its guidance raised as many questions as it answered. This leaves compliance-minded companies in limbo. But while the lack of clarity causes heartburn for many, it also creates a golden compliance opportunity.

To Continue Reading: Click Here
------------------------------------------------------
Source: law.com
By: Chad Breckenridge 

Judge Peck Issues Order Addressing “Joint Predictive Coding Protocol” in Da Silva Moore eDiscovery Case

Litigation attorneys were abuzz last week when a few breaking news stories erroneously reported that The Honorable Andrew J. Peck, United States Magistrate Judge for the Southern District of New York, ordered the parties in a gender discrimination case to use predictive coding technology during discovery. Despite early reports, the parties in the case (Da Silva Moore v. Publicis Group, et. al.) actually agreed to use predictive coding technology during discovery – apparently of their own accord. The case is still significant because predictive coding technology in eDiscovery is relatively new to the legal field, and many have been reluctant to embrace a new technological approach to document review due to, among other things, a lack of judicial guidance.

Unfortunately, despite this atmosphere of cooperation, the discussion stalled when the parties realized they were miles apart in terms of defining a mutually agreeable predictive coding protocol. A February status conference transcript reveals significant confusion and complexity related to issues such as random sampling, quality control testing, and the overall process integrity. In response, Judge Peck ordered the parties to submit a Joint Protocol for eDiscovery to address eDiscovery generally and the use of predictive coding technology specifically.

The parties submitted their proposed protocol on February 22, 2012 and Judge Peck quickly reduced that submission to a stipulation and order. The stipulation and order certainly provides more clarity and insight into the process than the status conference transcript. However, reading the stipulation and order leaves little doubt that the devil is in the details – and there are a lot of details. Equally clear is the fact that the parties are still in disagreement and the plaintiffs do not support the “joint” protocol laid out in the stipulation and order. Plaintiffs actually go so far as to incorporate a paragraph into the stipulation and order stating that they “object to this ESI Protocol in its entirety” and they “reserve the right to object to its use in the case.”

To Continue Reading: Click Here
------------------------------------------------------
Source: e-Discovery 2.0
By: Matthew Nelson

#EnterpriseSocial for IM professionals – ‘E-Discovery from the Cloud’

IM professionals (Information Management) are naturally concerned with aspects like tagging information. The skills are predominately required for organizing and archiving organizational record-keeping, which is achieved by applying indexing data to them.

Ideally this information should all be electronic, to better serve modern citizens, but in many cases synchronizing paper-based records with electornic methods is still common.

However we are seeing a dramatic and sustained evolution to social media being the preferred ‘user interface’, and so integrating records management into these environments is a similarly natural evolution of the practice too.

Cloud Providers will be able to offer relevant services – For example ‘E-Discovery from the Cloud‘.

To Continue Reading: Click Here
------------------------------------------------------
Source: cloudbestpractices.net

By: Neil McEvoy

5 Issues to Consider Before Deploying Cloud-Based Email for Law Enforcement

In a typical U.S. city, the police department and other criminal justice agencies account for as much as half of the government work force. When it’s time to make a big enterprisewide decision, there’s no doubt that law enforcement is — and always has been — a powerful bloc that’s capable of swaying a project toward success or failure.

It’s not surprising, then, that because more city, county and state CIOs have begun to seriously pursue cloud-based email in search of cost savings and up-to-date applications, there now are examples of law enforcement submarining such a migration, as well as being the driving force in a positive outcome.

What should public CIOs consider when thinking about putting their law enforcement agencies’ email into a cloud? Here are five points to ponder that have emerged in the two years since Los Angeles broke new ground by announcing its intent to have a private company manage all city workers’ email.

1. It Can Be Politically Charged

You have to wonder if Los Angeles CTO Randi Levin wishes she could have a do-over. From the start, her IT department’s plan to save money and improve service by having Google host and manage the email of all 30,000 city employees — including the Los Angeles Police Department (LAPD) — ran into opposition on multiple fronts. The Police Department was concerned about the security of its data, privacy advocates worried about data leaks, and some City Council members expressed concerns of their own — though the city ultimately decided to go forward with it.

To Continue Reading: Click Here

------------------------------------------------------

Source: govtech.com

By: Matt Williams

The Act of Production: Minimize Risk When Replying to a Subpoena

There is a trend in recent decisions that affects the attorney-client privilege and work-product protection long afforded inside counsel. The cases distinguishing between an inside lawyer's "legal work" and her "business" functions are being applied to the routine functions of gathering documents in response to subpoenas and issuing corresponding "litigation hold" notices. This article will describe the risk to inside counsel and outline a few simple steps to mitigate the risk.

We see issues when inside counsel take steps to preserve and produce information, especially electronically stored information, in response to subpoenas in civil and criminal cases. To control costs and concentrate resources, some companies have consolidated the process into an almost clerical function. That consolidation, however, spawns arguments that the tasks are no longer "lawyerly" and that, therefore, the process of holding and gathering documents should not be deemed "legal" and the memos reflecting the process should be discoverable. The same issues arise when outside lawyers are called in to do the work, but because outside legal resources generally are engaged to perform legal tasks like identifying and selecting responsive and privileged information, it is less likely that a court would describe what they are doing as not "legal" in nature.

Theoretically, the same rules should apply to inside and outside counsel for purposes of applying the privilege or the exemption. See, e.g., Hertzog, Calamari & Gleason v. Prudential Ins. Co., 850 F. Supp. 255 (S.D.N.Y. 1994); United States v. Mobil Corp., 149 F.R.D. 533 (N.D. Tex. 1993). Recent efforts to distinguish between "legal" duties and the "business" functions that lawyers in corporations are increasingly asked to perform reflect the adversary's eye toward gaining access to otherwise privileged legal work for the company. These arguments draw upon evolving case law on what constitutes "legal work" and whether the gathering of documents is the mere "act of production" rather than a reflection of actual legal advice. Corporations seeking to invoke the attorney-client privilege over "communications made by an attorney who serves the corporation in a legal and business capacity ... [must be able to] clearly demonstrate that the advice to be protected was given in a professional legal capacity." Teltron Inc. v. Alexander, 132 F.R.D. 394, 396 (E.D. Pa. 1990).

To Continue Reading: Click Here
------------------------------------------------------
Source: law.com
By: Michael Dockterman and Ira G. Greenberg

Facebook lawyer says Ceglia hid more emails

‘getzuck’ account among four sought

Facebook co-founder Mark Zuckerberg’s attorneys have again accused Wellsville native Paul Ceglia of concealing information.

But Ceglia’s attorney insisted that Facebook’s legal team is focusing too much on “minutia” and not the crux of Ceglia’s federal lawsuit — that Ceglia has a valid contract that entitles him to half ownership of the social-media colossus.

In federal court papers filed late Tuesday, lead Facebook attorney Orin Snyder claimed Ceglia has been playing “hide the ball” by failing to disclose information pertaining to the case.

Four previously unreported Ceglia email accounts, including one with a “getzuck” handle, have come to light. So have the identities of previously unknown legal representatives and an associate who may have helped Ceglia create a portfolio to shop the Facebook lawsuit to prospective litigators.

To Continue Reading: Click Here

------------------------------------------------------

Source: buffalonews.com

By: Tim Graham

Apple, Google, Microsoft Agree To California Mobile Privacy Protection Standards

Apple (NSDQ:AAPL), Google (NSDQ:GOOG) and Microsoft (NSDQ:MSFT) are among a half dozen mobile application platform providers that have agreed to privacy principles established in California to protect consumers, state Attorney General Kamala Harris said Wednesday.

The companies, which also included Amazon (NSDQ:AMZN), Hewlett-Packard (NYSE:HPQ) and Research In Motion (NSDQ:RIMM), agreed to ensure that mobile applications display privacy policies before the apps are downloaded to a smartphone, tablet or other mobile device, Harris said in a statement. Collectively, the companies account for the majority of the mobile app market.

The California Only Privacy Protection Act requires mobile apps that collect personal information to have a privacy policy. Despite the requirement, the majority of apps sold today do not have such a policy, according to Harris. In addition, consumers typically see the privacy policy after the app is downloaded.

"Your personal privacy should not be the cost of using mobile apps, but all too often it is," Harris said.

To Continue Reading: Click Here

------------------------------------------------------

Source: crn.com

By: Antone Gonsalves

AGs challenge Google on new privacy policy

Attorney General George Jepsen joined with attorneys general of 36 states and territories Wednesday in raising strong concerns about a new privacy policy by Google, Inc., scheduled to take effect March 1 for all users of Google products and services.

Under the new privacy policy, Google gives itself the freedom to combine users’ personal information from services such as YouTube with Gmail and all other Google products.

“This not only raises personal privacy issues, but it makes the collected personal information an attractive target for hackers and identity thieves,” Attorney General Jepsen said. “Google has not given users a real choice to participate and the policy makes it practically impossible to opt out, short of exiting all Google services,” Jepsen said.

In a letter to Larry Page, Google’s chief executive officer, the attorneys general outlined their issues and requested a meeting with the company as soon as possible to “work toward a solution that will best protect the privacy needs of those who use Google’s products.”

Attorney General Jepsen, who has been in contact with Google about potential issues with the changes to its privacy policy, joined the request for a meeting to foster a national discussion.

The attorneys general said Google’s policy appears to invade consumer privacy by automatically sharing personal information consumers provide for one Google product, such as Gmail and YouTube, with all Google products.

To Continue Reading: Click Here
------------------------------------------------------
Source: shorelineplus.com
By: Attorney General George Jepsen's office

Annual e-Discovery Demands, Expenses Skyrocket

The good news is companies are becoming increasingly familiar with predictive coding, but the more unsettling news is they are facing up to $20 million in annual e-discovery expenses. According to the third annual study of streamlining and reducing the cost of e-discovery on inside counsel at mostly Fortune 1000 companies, 81% of respondents are familiar with predictive coding to determine whether a document is appropriate to include in a case, states legal industry analyst Ari Kaplan, who conducted the study in tandem with e-discovery provider FTI Technology. Predictive coding is an algorithm that provides the ability to review documents combining artificial intelligence with a lawyer's input.

"Now there is a movement to get more and more technologies [in-house] to make a determination at least at the most basic level, and 55% of respondents said they would consider using it,'' he says. Kaplan surveyed 31 inside counsels late last year for the study, entitled, Advice from Counsel: An Inside Look at Streamlining E-Discovery Programs.

"This is a real shift in comfort level ... more than half of these people, all of whom are in-house counsel with decision-making capabilities and involved personally in this process, say this has become so sensitive they're willing to use even the newest technologies to see how it works. And as the technologies develop, you'll see adoption of this in some form in terms of how they treat e-discovery."

To Continue Reading: Click Here
------------------------------------------------------
Source: networkcomputing.com

By: Esther Shein

The Duty to Know Your Client's Computer System

Lessons learned from 'I-Med Pharma v. Biomatrix'

Even the most junior litigators are aware of the importance of electronic discovery. Over the past two decades, the manner and means by which we communicate electronically have grown exponentially. As a result, the number and nature of our electronic "conversations," which previously would have taken place through paper correspondence, over the telephone or in person, have grown dramatically as well. As one court noted, email has not just become a substitute for more traditional forms of communication; its ease and informality have led to the transmission of "many informal messages that were previously relayed by telephone or at the water cooler" in electronic form. Byers v. Ill. State Police, 2002 WL 1264004 at *10 (N.D.Il. 2002).

The sheer volume of these electronic communications -- and the permanent record they create -- have made the costs and risks associated with litigants involved in e-discovery greater than ever. Indeed, it is now difficult to imagine a case that does not turn, in large part, on the contents of a party's hard drive or email server. It has therefore become incumbent upon litigation counsel to understand the client's computer system and how data is stored and maintained within it.

In the words of the court, a recent case, I-Med Pharma v. Biomatrix, 2011 WL 6140658 (D.N.J. 2011), "highlights the dangers of carelessness and inattention in e-discovery." I-Med involved an alleged breach of medical distribution contracts between the parties. During discovery, the parties stipulated that the defendant could utilize an expert to conduct a forensic examination and keyword search of the plaintiff's computer network, server, and related storage devices. As the court noted in its opinion, the search the plaintiff agreed to was overly broad in at least two critical respects:

To Continue Reading: Click Here

------------------------------------------------------

Source: law.com

By: A. Ross Pearlson

Is It Safe To Store Your Trade Secrets In the Cloud?

A CIO’s nightmare may be realized if several seemingly-plausible assumptions regarding “cloud” computing and storage turn out to be untrue. These may include the assumption 1) that it is safe to put “everything” my company has in the cloud; 2) that my company’s trade secrets will remain protectable “secrets” in the cloud, even after an accidental leak or an intentional hack is stopped; and 3) in the event of leaks or hacks, the cloud service providers are liable for our losses under our cloud-service agreements. Unfortunately, these assumptions may not be correct.

Companies and their staff may choose to store all kinds of information in the cloud:

• Trade secrets and valuable information
• Outsourced storage, e-mail or financial services
• Information accessible by or stored in employees’ smart phones. For example, iPhone users have the option of backing up all iPhone files to the cloud.
• Images and information employees post on social network sites, including Facebook, Twitter and LinkedIn 

The trouble is, there are things the CIO has no control over when the company’s information is in the cloud. For example, such information can be stored essentially anywhere in the world, including locations outside the direct reach of U.S. law. Moreover, the company’s data can now be accessed remotely, sometimes by unauthorized subscribers. Finally, back-up, extra, or unsecured copies can exist even after the files are removed, modified or encrypted later. Each of these factors may impact the trade secret status of the information.

To Continue Reading: Click Here

------------------------------------------------------

Source: forbes.com

By: Rob McCauley, Ming Yang and Jared Schuettenhelm

Introducing Forrester's Data Privacy Heat Map

Data privacy laws are the champions of citizens’ rights in the digital age. However, multi-national organizations often find these laws challenging to navigate given the complex framework of global legal requirements. To help our clients address these challenges, Forrester developed a research and planning tool called the Data Privacy Heat Map (try the demo version here). Leveraging in-depth analyses on the privacy legislation of 54 countries around the world, this product is aimed at helping our clients better strategize their own global privacy and data protection approaches.

Using the tool, one can quickly determine how various countries stack up against each another in terms of their data privacy standards. Each country has been rated across seven key criteria, covering the breadth of law, EU adequacy, data transfer limitations, government surveillance activities, etc. Leveraging this data, our clients will be able to establish their own data privacy “high watermarks”, ensuring compliance in all locales in which their organization operates. One such application is in the use of cloud computing. Since the cloud is borderless, jurisdictional-based privacy laws are often a mismatch when applied to clouds. When considering outsourcing to a cloud service, companies should consult Forrester’s Privacy Heat Map to determine, for example, whether their data will be at risk of residing in a country with questionable governance surveillance practices.

While developing the Privacy Heat Map, a number of interesting trends surfaced. Most prominent was the difference between how the US treats data privacy compared with the European Union (EU). While the EU has developed an overarching data privacy framework based on the ideal that privacy is a fundamental right, the United States has taken a largely sector-based approach to its laws. This difference between the two greatly impacts the collection, use, and disclosure of customer and employee data for companies that operate on both sides of the Atlantic. This can also lead to friction between entities that engage in cross-border data transfers, as well as between branches of the same company separated by geographic borders.

To Continue Reading: Click Here
------------------------------------------------------
Source: forbes.com
By: Chris Sherman

Transborder Data Flows at Risk

Physical borders may be technically irrelevant in the age of online business, global corporate groups, and cloud computing, but they retain legal and cultural significance. Some recent developments in data privacy law around the world suggest that the “free flow of information” is becoming more conditional, and that enterprises will have to be nimble to meet the expectations of regulators, consumers, and employees when the organization wants to move personally identifiable data from one country to another.

The proliferation of comprehensive data privacy laws, more or less on the European model, increasingly requires US-based multinationals and online companies to adapt to strict requirements for dealing with individuals in other countries. While the rules may soon become more uniform in the EU, they are still new and uncertain in many other countries.

European Union

In January 2012, the European Commission published a proposed Regulation that would replace the 1995 EU Data Protection Directive. While national practices differ considerably under the 1995 framework directive, the Regulation would establish a much more consistent European approach to data protection rights and enforcement.

To Continue Reading: Click Here

------------------------------------------------------

Source: infolawgroup.com

By: W. Scott Blackmer

Tweets on Trial: Law enforcement subpoenas Twitter account

Don’t be surprised if more courtroom bailiffs call for a tiny blue bird to take the stand.

Twitter, Inc. was recently named a witness in filings made by the Criminal Court of the City of New York, and the man behind the tweets supposes the trend will only continue.

“When I saw an email from Twitter Legal in my inbox, I figured it was spam,” Malcolm Harris tells Reuters. He found out last month that the Criminal Court of the City of New York had sent a subpoena to Twitter headquarters with a demand for them to deliver “any and all user information, including email address, as well as any and all tweets” that were related to an account Harris had registered with the microblogging site.

“Twitter had attached the subpoena, and there was my handle, called by the County of New York to testify against me, the person it represents,” Harris writes.

The request called for information limited to a brief window in late 2011 and it didn’t’ take Harris long to figure out what the city was getting at.

“My tweets were being called to testify against their creator because on Oct. 1 of last year I was one of more than 700 people arrested on the Brooklyn Bridge as part of an Occupy Wall Street action,” acknowledges Harris.

To Continue Reading: Click Here

------------------------------------------------------

Source: rt.com

By: Mario Anzuoni

Federal Judges Consider Important Issues That Could Shape the Future of Predictive Coding Technology

Two recent cases will address important issues in the coming weeks that could help shape the future of predictive coding review technology in electronic discovery (ediscovery). The first case, Da Silva Moore v. Publicis Group et. al., grabbed headlines last week when initial reports erroneously indicated that The Honorable Andrew J. Peck, United States Magistrate Judge for the Southern District of New York, ordered the parties to use predictive coding technology. In reality, the transcript from a February 2012, status conference reveals that the parties agreed to use predictive coding technology, but they struggled significantly to define a mutually agreeable protocol. The challenges surrounding the dispute in Da Silva Moore center on the complexities of attempting to apply a new technological approach to electronic document review that is transparent, accurate, and fair to for all parties.

The second case, Kleen Products LLC v. Packaging Corporation of America, et al., involves alleged antitrust violations for price-fixing in the containerboard products industry. The case is venued in the United States District Court for the Northern District of Illinois with The Honorable Nan R. Nolan presiding over key discovery issues. Kleen Products represents a significant leap from the issues debated in Da Silva Moore because plaintiffs seek a court order requiring defendants, among other things, to use predictive coding technology to respond to plaintiffs’ document requests. The plaintiffs’ position is both novel and controversial considering predictive coding technology is a relatively new approach to electronic document review. Plaintiffs’ position is even more novel considering case law rarely, if ever, provides that one party can dictate whether or what kind of technology tools their opponent must use.

Is Predictive Coding A Substitute For All Predecessor Technologies?

Plaintiffs in Kleen Products take the position that defendants’ use of anything other than what they loosely refer to as “content based advanced analytics” (CBAA) is:

To Continue Reading: Click Here
------------------------------------------------------
Source: forbes.com
By: Matthew Nelson

Forensic Experts Identify Litigation Game-Changers

Every piece of litigation has a game changer: A lost witness suddenly found. A video depicting the scene of the accident. A "smoking gun" memo found on the eve of trial.

Isolated events like those can mean the difference between success and failure. These days, discovery involving electronic information is often the focus of the case, leading to the game-changing event.

Using a forensic computer expert from the beginning of the litigation can help identify the game changer early on, leading to an earlier and more favorable resolution.

Whether you are the claimant or the defendant, getting a forensic expert involved at the start can make or break your case.

For the claimant, it is important to retain the forensic expert before filing a lawsuit. Courts have consistently held that when litigation is reasonably anticipated, parties have a duty to preserve relevant records and, once litigation is filed to collect and produce the information to the opposing party.

To Continue Reading: Click Here
------------------------------------------------------
Source: law.com
By: Mark. A. Romance 

Evidentiary Objections to Email are Key to BP Oil Spill Case

The Deepwater Horizon oil spill case is scheduled for non-jury trial in New Orleans on February 27, 2012. In re: Oil Spill by the Oil Rig “Deepwater Horizon” in the Gulf of Mexico, on April 20, 2010, (E.D.La., MDL No. 2179). This mammoth case is a consolidation of 300 law suits involving 120,000 people and businesses. Click here to see the full docket on Justia. The biggest case in the country proves, once again, that email is powerful evidence. You may recall news concerning email and the world’s largest oil spill back in 2010 when Congress publicized an email from a BP drilling engineer, Brian Morel. It warned that the Deepwater Horizon oil rig was a “nightmare well” that had caused the company problems in the past. Of course, there were more emails like this, but they did not all get into evidence as this blog will explain.

Here is how the presiding Judge Carl Barbier describes the In re: Oil Spill by the Oil Rig “Deepwater Horizon” case in a recent Order:

This Multi-district Litigation (“MDL”) arises from the April 20, 2010 explosion and fire on the DEEPWATER HORIZON mobile offshore drilling unit (“MODU”), and the subsequent discharge of millions of gallons of oil into the Gulf of Mexico. The consolidated cases include claims for the death of eleven individuals, numerous claims for personal injury, and various claims for environmental and economic damages.

Order dated January 26, 2010, Granting in Part and Denying in Part Transocean’s and BP’s Cross-Motions for Partial Summary Judgment Regarding Contractual Indemnity

The purpose of the upcoming trail is to assign and apportion blame among the many defendants sued in these cases. The main corporate defendants include BP, rig owner Transocean, and Halliburton, which provided cementing services. As a side note, BP recently accused Halliburton of spoliation by intentional destruction of computer records and has, of course, moved for sanctions. Anadarko Petroleum, one of BP’s partners in the well, is also involved in the upcoming trial. Plaintiffs include individuals and businesses, represented by a plaintiffs’ steering committee, as well as many states and the U.S. government.

To Continue Reading: Click Here
------------------------------------------------------
Source: e-discoveryteam.com
By: Ralph Losey

Five Tips for Saving Money on E-Discovery (Part 1)

The explosion in volume of electronically stored information has changed the face of litigation. Just a few years ago, law firms sifted through boxes of paper documents relevant to their clients’ cases. Today, they rely on technology worthy of the Department of Homeland Security as they mine gigabytes or even terabytes of data stored on hard drives, servers and backup tapes.

The volumes of information are such that, if printed, they could easily fill the halls of the office or even spill out to the parking lot. The costs associated with this time- and labor-intensive process have increased in tandem—at some companies, e-discovery-related outlays now account for a large portion of the entire litigation budget.

Naturally, getting a handle on this line item is a major priority for chief compliance officers, general counsel and other executives at corporations of all types and sizes. Meanwhile, the risks associated with poor handling of e-discovery are a mounting concern, as courts continue to fine companies for delayed or incomplete compliance with their e-discovery obligations.

While the challenges associated with e-discovery are significant, with some advance planning companies can make major dents in their e-discovery outlays—without raising risk. The key is to develop smart strategies and policies for document storage and retrieval, to use workplace technology wisely and to take maximum advantage of those who can offer the technical and legal know-how needed to get a handle on these issues.

To Continue Reading: Click Here
------------------------------------------------------
Source: corporatecomplianceinsights.com
By: Daryl E. Shetterly

DOJ Lays Down the Law on Criminal E-Discovery Protocols

Criminal law attorneys for the federal government received their own e-discovery protocol and training mission last week.

The government's Joint Electronic Technology Working Group, led by the Department of Justice, began developing a best practices guide for e-discovery in the fall of 2009. The 21-page document includes principles, specific recommendations, strategy tips, and a case checklist. It was revealed at a federal software summit in Washington on Feb. 10. Circulation began last week.

All of the department's 6,000 federal prosecutors will receive training based on the new document. The document will also be used by U.S. Attorneys, investigative agencies, judges, and various law enforcement divisions, explained Andrew Goldsmith, national criminal e-discovery coordinator.

"We've been working very hard over the past 18 months, and very closely with our counterparts in the Office of the Public Defender, as well as Criminal Justice Act appointees, to come up with this," Goldsmith said. "[Electronically stored information] was going to threaten to swallow prosecutors and defenders alike, and the judiciary for that matter."

To Continue Reading: Click Here
------------------------------------------------------
Source: law.com
By: Evan Koblentz

Cloud-Computing Risks: Due Diligence And Insurance

Presently, there is heavy pressure to migrate company data to the cloud. Individuals already shift a large amount of their data to “the cloud” in the form of family photos, vacation videos, contact information, and music. Shifting sensitive business information to the cloud, however, brings with it more complex considerations. Should a company be sending information to a third-party cloud site that hosts data for other businesses? And just what specific information is being sent: customer information? Trade secrets? Employee health information?

Those selling cloud-computing services point to the numerous advantages of cloud computing, including claims of cost savings and enhanced data security. There has been some debate regarding the accuracy of these claims, especially involving promises of heightened data security. It is important to recognize that individuals, small businesses and large institutions opting for cloud computing give up something very important: direct control and oversight of the stored or processed information. As such, it is important that those considering cloud computing size up the risks of relinquishing that control over data to a third party. Customers, employees and co-workers will assume that safeguards and a substantial amount of due diligence will have accompanied the decision and process by which information is stored and handled externally up on the cloud.

Fueling the debate over the safety of cloud computing are two major data breaches that found their way into mainstream news accounts. One cloud provider was hacked by criminals to the tune of one hundred million customer account files (which included credit and debit card information) according to reports of the incident. The hackers infiltrated the cloud site and improperly accessed the sensitive account information. Unusually, the hackers actually had a legitimate account set up with the cloud-computing site (albeit with phony identifying information and fraudulent intentions), in contrast to the more common scenario of hackers anonymously penetrating another network or system.

To Continue Reading: Click Here
------------------------------------------------------
Source: metrocorpcounsel.com

By: Joshua Gold

New Google Privacy Policy: Damned if you do and damned if you don’t

Google has come up with a new privacy policy which it argues is simpler than its multiple predecessor policies. Does it sound convincing? The question is not whether it sounds convincing or not, but would it really matter to an average Joe, whether there is one simple policy or a number of complicated one’s? Does it make our life easier in any way? It probably does not have any impact on our convenience, and if the policy suits anyone, it is really Google itself. By aggregating all the data that Google has been able to collect across its products, Google gets in an advantageous position as compared to its competitors. What should really concern us is that if the policy does not offer any convenience, does it complicates our lives in some ways? Is there anything worrisome about this change?

Should what you buy, where you buy, what you watch, who you communicate with and everything seemingly mundane about you interest someone? You’d probably think it doesn’t. Experts however believe that it is a matter of concern for those who bother about their privacy. In a way, this implies that most of the users would be worried about their data privacy if they have a choice. It is a ‘right’ that most liberal societies value. But then nobody is forcing any individual to use the services of such search, social networking or entertainment providing companies.

The question that data privacy merging policy of Google has raised is that do we really understand the consequences of allowing a service provider to use the data any which way they like. Anindya Ghose, visiting Professor at Wharton emphasizes that the context where our data may be used now changes from the context when we provide that data in context of Google’s announcement of revised policy.

To Continue Reading: Click Here
------------------------------------------------------
Source: dailydealmedia.com
By: Preetam Kaushik

Tweeting about a bad day could lose you your job

Employees who tweet or update their Facebook status saying ‘I had a bad day at work’ could face losing their jobs, says a leading employment lawyer.

According to Paula Whelan, an employment partner at Shakespeare’s law firm, if an employee writes anything vaguely negative about their employer, including saying something as anodyne as ‘I had a bad day at work’, bosses are well within their legal rights, to sack the staff member.

“Employees think they are bullet-proof when they post anything on Facebook or Twitter. But if they bring their employer into disrepute, the boss of that firm is well within their legal right to sack them,” she explained.

“By posting something even vaguely negative about your work on these social media sites, it’s breaking the relationship of trust and confidence between the employer and employee and the company reserves the right to sack the employee.”

According to Whelan and other lawyers, how bosses control the use of social media by their staff and utilise it to judge job candidates, is one of the biggest legal employment issues currently on the agenda.

To Continue Reading: Click Here
------------------------------------------------------
Source: telegraph.co.uk
By: Emma Barnett

Google Caught Tracking Safari Users: What You Need to Know

Google is in a lot of hot water over recent revelations about how it tracks user activity on Apple devices — particularly iPhones and iPads.

As reported by The Wall Street Journal, an independent researcher has discovered that Google embeds hidden software on many websites — software designed to circumvent the default settings on a web browser to record a user’s behavior.

The issue involves how Safari, the default web browser on Apple devices, deals with cookies. Cookies, of course, are the little pieces of information (such as a user ID) that a website can leave on your phone, tablet or computer and later retrieve. Cookies allow you to log in to a website such as Flickr, and return without needing to log in again.

Cookies also enable advertisers to track your behavior. By keeping track of what you’re looking at on one website, an ad network can serve you ads, based on those clicks, on another. Users can prevent that from happening via certain settings, but not all web browsers approach the issue in the same way.

So how is Safari different? What’s at stake? And what can a concerned user do about it? Read on:

What exactly was Google caught doing?

Google was using a software trick to get around a Safari setting that only allow certain types of cookies. That way the company could put cookies on a user’s device, letting it track sites visited, which in turn let Google tailor advertising to the user.

Why would it need to “trick” Safari into doing that?

By default, Safari blocks cookies from third parties. Most browsers allow users to block cookies, but don’t set it as a default. Google happens to operate many of its advertising services, including DoubleClick, from a domain outside Google.com — a domain which Safari treats as a third party. So even if a user was logged into Google, DoubleClick was blocked from serving ads to the user — unless that user approved the cookie by, say, filling out a form.

To Continue Reading: Click Here
------------------------------------------------------
Source: mashable.com
By: Peter Pachal

Proper Preparation for the Meet-and-Confer Pays Off

In the U.S. District Court for the Southern District of California's 2011 ruling in National Association of Music Merchants Musical Instruments and Equipment Antitrust Litigation, Magistrate Judge Louisa S. Porter denied the plaintiffs' motion to order defendants (popular guitar-makers such as Fender, Gibson, and Yamaha, as well as well-known guitar retailers such as Guitar Center) to re-search their electronically stored information using commonly used abbreviations and acronyms for some of the agreed-upon search terms defendants had used. Review of the decision shows that the court decided as it did because defendants acted properly in two key ways: They cooperated thoroughly at the meet and confer and otherwise acted diligently in their searching. While cooperation made the court lean toward defendants, it was their ability to demonstrate, using their own search results, that granting the plaintiffs' motion would likely yield little additional material that ultimately persuaded the court.

BACKGROUND

The defendants initially notified the plaintiffs that they intended to use search term queries to search their ESI, and specifically solicited search terms from the plaintiffs. Initially, the plaintiffs suggested none, asserting that they could not make a meaningful contribution toward drafting proper search terms or procedures because of the defendants' "unwillingness to provide them relevant information."

Shortly before producing ESI to the plaintiffs, the defendants provided them with their search terms, at which point the plaintiffs found the terms "too restrictive and unlikely to capture some highly relevant documents." In response, the defendants agreed to modify the terms and to use terms that included other defendant names "in an effort to capture defendant-to-defendant communications."

To Continue Reading: Click Here
------------------------------------------------------
Source: law.com
By: Leonard Deutchman

EU court rules social networks cannot police downloads

The European Court of Justice (ECJ) has struck the latest blow in the debate over internet policing, ruling on Thursday (16 February) that online social network sites cannot be forced to construct measures to prevent users from downloading songs illegally.

The court, which is the highest judicial authority in the EU, stated that installing general filters would infringe on the freedom to conduct business and on data privacy.

In a press statement accompanying its judgement, the court stated that forcing sites to police their network for illegal downloads “would not be respecting the prohibition to impose on that provider a general obligation to monitor nor the requirement that a fair balance be struck between the protection of copyright, on the one hand, and the freedom to conduct business, the right to protection of personal data and the freedom to receive or impart information.”

The case was brought before the ECJ by Sabam, the Belgian national music royalty collecting society, against social network site Netlog. In 2009, Sabam went to the Belgian Court of First Instance to demand that Netlog take action to prevent site-users from illegally downloading songs from its portfolio. It also insisted that Netlog pay a €1,000 fine for every day of delaying in compliance. Netlog legal submission argued that granting Sabam’s injunction would be imposing a general obligation to monitor on Netlog, which is prohibited by the e-commerce directive.

To Continue Reading: Click Here
------------------------------------------------------
Source: euobserver.com
By: Benjamin Fox