1 MTASC Spring Meeting 2009 IT Policies, E-Discovery, Records Management & FOIA
2 THE MAIN PRINCIPLE E-docs Party in litigation, non-party subpoena, FOIA E-Discovery costs are directly related to the AMOUNT of ESI that must be preserved, reviewed and produced. Key = USE the computer to manage/reduce the volume of ESI. You CANNOT do E-Discovery by printing electronic files to paper.
3 It depends. Question #1: What is a reasonable request for ESI? Criminal or civil? Party or non-party? Agency records or personal employee records? Legal issues (fraud, patent infringement, employment discrimination, slip and fall)? Value of the case? Jurisdiction (state or federal or administrative agency)? LEGAL must be engaged at the beginning.
4 Rules When Party to Litigation ESI=VERY broad Document Freeze (includes metadata) Once litigation is reasonably anticipated Litigation Hold protocol Due diligence interviews of custodians Chain of custody Storage on secure store (back up) Back Up Tapes (archive v. disaster recovery) Must work with legal to narrow scope and identify key sources
5 Rules When Responding to Subpoena Narrowly tailored request Designated ESI Once subpoena is received, freeze instituted (may include metadata ) Legal should review ASAP (14 days to object) Rule 45 requires no undue burden imposed on non-parties (cost & man power) Mandatory cost-shifting for significant expenses Fannie Mae contempt citation upheld (8% agency budget spent on contract attorneys searching/reviewing s on disaster recovery tapes)
6 Rules When Responding to FOIA Request ESI=agency records (narrow exemptions) Once FOIA request received, freeze instituted Duty to preserve v. produce Must conduct a reasonable search for documents 30 days under SCFOIA to respond FOIA exemptions are narrowly construed Reasonable costs does not include attorney review time under the SCFOIA (should be changed; negotiate with requesting party) 1 GB = $10,000 (search, collect, process, review and produce) Is metadata a public record? (Arizona says no)
7 It depends. Question #2: Must IT Convert Data to Format Requested? Party to litigation= must produce files as kept in ordinary course and in format reasonably accessible to opponent (native,.pdf). Parties should agree at outset on format (TIFF with links to metadata, hard copies scanned with OCR) Non-party/subpoena= same as above, but cost burden is borne by the requester typically FOIA= unsettled; can move for protective order
8 Question #3: Must Metadata Be Produced? Party to litigation= metadata is evidence and must be preserved and produced (as a general rule) Responding to subpoena= same as above, unless otherwise agreed upon. FOIA response= unsettled. Should still preserve metadata even if metadata will not be produced.
9 Question #4: What types of metadata tied to other data should be omitted? Privileged/confidential communications Redacted documents (re-run OCR) Proprietary/trade secret information (if applicable) Be careful when PHI or other information protected by privacy laws are being exchanged (SS#s, etc.) Converting word docs to.pdf is required in federal filings, but poses issues so be sure your lawyer understands this.
10 Question # 5: Should You Have Defined Data Retrieval Processes? Yes. Litigation Hold Protocol. Collection Protocol. Chain-of-Custody Protocol. Formal usage and policies. Auditing and training for compliance. Document, document, document.
11 Question #6: How Should Reasonable Fees Be Set Up? Per gigabyte charge (should include preservation, collection, and production) Cannot charge for attorney review time, although this is typically the biggest expense. Negotiate costs, or move for protective order if necessary. Reasonableness to cost of the production v. value of the litigation Use web-based resources to lower costs in high profile matters (Shuttle Columbia disaster s are posted on the web)
12 Question #7: What about data mining requests from for-profit companies? Raw information can be FOIA d Unless it falls within the statutory enumerated exemptions, or Is protected from disclosure by federal or state law (HIPAA and PHI; privacy laws; etc.) FOIA counsel should be consulted
13 Question #8: What Can You Copyright? Seago v. Horry County, 378 S.C. 414, 663 S.E.2d 38 (2008) Question: Whether further dissemination of public documents obtained pursuant to SCFOIA may be restricted where the government entity claims the information is copyrighted under federal copyright law? Answer: Yes.
14 Seago v. Horry County Horry County s geographic information systems (GIS) department developed a digital database to combined several layers of mapping information onto one digital photographic map of the county (4,000 orthophoto aerial images of the county compressed into a seamless collage in Mr. Sid computer format. $7.5 million to develop $1 million/year to maintain FOIA request for Orthophoto Coverage in Mr. Sid format (Countywide).
15 Seago v. Horry County County charged $100 for copy and required requester to sign licensing agreement restricting further commercial use without County approval. Requester refused to sign licensing agreement. Ruling: FOIA grants the public immutable right to access public records. State and political subdivisions may obtain copyrights to the extent it could be shown that the copyrighted material contained original material, research and creative compilation.
16 Copyrights Cannot copyright information or data Can copyright unique format (database, proprietary software) Consult copyright lawyer Note: In litigation, you may have to provide your opponent with copy (under Protective Order) if data is not reasonably accessible without access to the proprietary technology.
17 Question #9: How Does Presenting Information on the Web Harm/Hurt? Fact of life Government in the sunshine Public Records=web access (money/time saver) EFOIA. Records that contain PHI, or information protected by privacy laws should not be publicly available (restricted access; intranet possibly); should encrypt this information if sent across wire Wayback machine (internet archive) Redacted.jpgs (BE careful!!!)
18 IT Policies E-document retention policy (records v. non-records) Information systems and internet usage policy (access, data security, authorized use) policy Litigation hold ( document freeze ) protocol Discovery response ( data retrieval ) protocol FOIA response protocol
19 Components of Policy Purpose: To make sure that is used and stored properly. Policy Prohibited Activities Personal Use Storage/Retention Litigation Hold Enforcement/Consequences
20 Property of Entity NOT Employee s are the property of the entity not individual employee. Includes work s Includes personal s on the system
21 No Expectation of Privacy 9 th Circuit/Fourth Amendment Employees have no expectation of privacy. s may be monitored. s may be read by and produced to others. Particularly true for government employees.
22 New York Times Rule Employees should treat s as if they will be made public. If you would not want an to appear on the front page of a newspaper, don t send it. Includes government s sent from personal computers, laptops, PDAs
23 Confidential Information Do not use to send confidential or sensitive information. Be aware that PHI is confidential and sensitive information.
24 Secure If confidential or sensitive information must be sent by e- mail, it must be sent by secure e- mail. Designate types of information that must be sent by secure .
25 Access Can Be Denied access is a privilege. access can be taken away.
26 Prohibitions Prohibited Uses No crimes No civil violations No sexually explicit material No harassment No abusive or offensive language Etc.
27 Personal Use of Reasonable personal use may be allowed, except: No Prohibited Uses No interference with work (yours or co-workers) No storage of personal s the system No expectation of privacy Disclaim liability for disclosure of personal information!!
28 Reasonable Personal Use
29 Storage and Retention Policy s should be reviewed daily/weekly. records should be archived. s that are not records and have no business purpose should be deleted. Inbox, Sent and Deleted Folders may be automatically deleted every days. BE CAREFUL HERE!
30 Litigation Hold Policy Must Include Freeze for Litigation Employees must stop deleting relevant s once they are notified of a Litigation Hold
31 Enforcement and Consequences Monitor for compliance. Failure to follow policy can result in disciplinary action, including termination. Compliance is everyone s responsibility.
32 Sending Messages Responding to Messages Receiving Messages Forwarding Messages Deleting Messages Storing Messages Organizing Messages Explaining & Training How To Follow Policy
33 Litigation Hold Protocol Party s Obligation- Once litigation is reasonably anticipated, party must suspend normal retention/destruction policy and put in place a Litigation Hold to ensure preservation of documents.
34 Duty to Preserve Evidence (1) Issue clear preservation instructions; (2) Oversee client s compliance with litigation hold, monitoring party s efforts to retain and produce relevant documents; Understand how client s information system operates as well as document retention/destruction policies Speak with IT re: systems, destruction policies, automatic delete features for , e- docs Interview key players to understand how they use and store data or system-wide key word search. (3) Periodic reminders.
35 # 1 Issue Litigation Hold Notice Preservation Letter or Issued by top officer (pay attention) Paralegal/assistant not sufficient Must be someone that employees will obey
36 Litigation Hold Notice Written instructions re: duty to preserve and consequences for failing to do so Require a signed and dated response Unsettled Law Attorney-client privileged/work product Be careful (bad faith/spoliation=discoverable) Document, document, document
37 # 2 Oversee Compliance with Hold Non-Delegable Duty Meet with IT Interview key custodians (especially about organization of online data and location of offline data) Off-site storage Third parties in custody or control of client data
38 IT and Legal Must Meet Understand client systems and data Explain preservation duty Locate sources of potentially relevant ESI Visit IT department for backup tapes Co-ordinate plan to freeze and preserve ESI Always double-check that preservation efforts worked IT can be deposed under Rule 30(b)(6) Document, document, document!
39 IT Personnel Are Essential Pull backups/may be offsite Disengage automatic delete features for Retention/destruction policies Archives, legacy systems, off-site storage Protocol for preserving data going forward Document, document, document!
40 Meet with Key Players Ensure they received Litigation Hold notice Ensure they understand duty to preserve Explain consequences for failure to preserve Explain that delete does NOT mean gone Document, document, document!
41 Meet with Key Players Ask about offline storage CD, DVD, flash drive Cell phone, PDA, personal laptop, personal account Inquire into how online data is organized s E-docs Voice mail Develop key word searches
42 # 3 Periodic Reminders Should be written with personal follow-up Continue to update IT as new witnesses are identified & others data becomes not as important to retain going forward Reasonableness about timing of reminders What will be done with preserved data AFTER litigation is over? Document, document, document!
43 Electronic Records Management Makes good business senses; Facilitates easier and more timely access to necessary information; Controls the creation and growth of information, thereby reducing operating and storage costs; Improves efficiency and productivity; Incorporates information and records management technologies as they evolve; Meets statutory and regulatory retention obligations; Meets litigation obligations; Protects the integrity and availability of business critical information; Leverages information capital and making better decisions; and Preserves corporate history and memory, including evidence to support corporate governance and compliance initiatives. The Sedona Guidelines: Best Practice Guideline & Commentary for Managing Information & Records in the Electronic Age (Sept. 2005).
44 Sedona Guidelines for Electronic Records Management An organization should have reasonable policies and procedures for managing its information and records. An organization s information and records management policies and procedures should be realistic, practical and tailored to the circumstances of the organization. An organization need not retain all electronic information ever generated or received. The Sedona Guidelines: Best Practice & Commentary for Managing Information & Records in the Electronic Age (Sept. 2005)
45 Sedona Guidelines for Electronic Records Management An organization adopting an information and records management policy should also develop procedures that address the creation, identification, retention, retrieval, and ultimate disposition or destruction of information and records. (who has access to information, who is responsible for retention, and who has the authority to destroy information?) An organization s policies and procedures must mandate the suspension of ordinary destruction practices and procedures to comply with preservation obligations related to actual or reasonably anticipated litigation, governmental investigation or audit. The Sedona Guidelines: Best Practice & Commentary for Managing Information & Records in the Electronic Age (Sept. 2005)
46 Records Defined Under Federal Records Act All books, papers, maps, photographs, machine readable materials, or other documentary materials Regardless of physical form or characteristics Made or received by an agency of the United States Government under Federal law or in connection with the transaction of public business and preserved or appropriate for preservation by that agency or its legitimate successor as evidence of the organization, functions, policies, decisions, procedures, operations, or other activities of the Government Or because of the informational value of data in them. Library and museum material made or acquired and preserved solely for reference or exhibition purposes, extra copies of documents preserved only for convenience of reference, and stocks of publications and of processed documents are not included. FRA, 44 U.S.C
47 Managing Information & Records Information must be retained when: Local, state or federal law or regulation mandates continued availability and access; Internal organizational requirements, including policies and contracts or other record-keeping requirements, mandate retention; Information must be preserved under a litigation hold; or Information has other value to organization.
48 Getting Started Sedona conference Principles of electronic records discovery & management U.K.National Archives Toolkits, workflows, proposed language (U.S. National Archives S.C. Archives ( archives and records management link) Retention schedules Electronic records program policy components
49 What is E-Discovery? Traditional Discovery Receive Request Locate Documents File Cabinets Personal Storage Trash Bin Review Documents Examine Documents Flag Relevant Files Produce Documents
51 B I G small
52 E-Discovery Cost Savers
53 Cost Saver: Organization Companies whose boxes are organized will significantly reduce costs: Searching entire inbox vs. Organized Folders Reduces: 1. Server Space 2. Number of potentially harmful documents 3. Time spent looking for documents
54 Cost Saver: Data Organization Companies who have document management systems or protocols will have significantly lower costs Costs of data Server space Energy costs Ediscovery processing
55 Cost Saver: Non-Standard Files Companies that use proprietary software will have significantly increased e-discovery costs Addressing these files with plan up front will reduce surprising costs down the road Native production Higher risks (waiver) More intensive attorney-review (experts)
56 Cost Saver: Forensic Examination Mirroring the hard drive is not always necessary. Some cases have nothing at all to do with metadata or deleted files. Forensic imaging costs and quickly add up. Having a plan in place to isolate and secure data will keep you from having knee jerk reactions to data collection!
57 Cost Saver: Searchability Dealing with e-docs means letting the computer do the work Use the computer not people to locate responsive or privileged files Thoughtfully develop document storage policies Use naming conventions for documents being archived
58 Cost Saver: Vendor Selection With large data collections it is often easier to allow third-party help. Suggestions Set a threshold Stick to the plan Have vendors / consultants that can be routinely called on and are familiar with your specific needs E-Discovery vendors are not one size fits all Some do paper/scanning well Some handle MS Office files Some handle computer forensics
59 Cost Saver: Backup Tapes Locate all of your backup tapes Ask everyone Ask again. Companies who use backup tapes as disaster recovery only will significantly reduce their costs day rotation deemed reasonable by the courts Stick to the plan!
60 Cost Saver: Technical Knowledge E-discovery is highly technical Mistakes are very costly HSB E-Discovery Task Force (legal and technical) Litigation Response Team IT people In-house counsel Outside counsel Technical liaison
61 Cost Saver: Security Who walks around with your data? Data Security Plan Sensitive/confidential data must be protected from disclosure Chain of custody is key 1 GB Flash Drive: Can cost $10,000 to process, review, and produce for litigation.
62 Thank You Sarah Michaels Montgomery, Esq. Haynsworth Sinkler Boyd, P.A. Gray Wallington, Haynsworth Sinkler Boyd, P.A.
The Impact of Electronic Discovery on Corporations? Michael J. Powell L. Clint Crosby Look How Far We ve Come ESI ESI = Electronically Stored Information Any information that is stored in a medium from
REED COLLEGE ediscovery GUIDELINES FOR PRESERVATION AND PRODUCTION OF ELECTRONIC RECORDS TABLE OF CONTENTS A. INTRODUCTION... 1 B. THE LANDSCAPE OF ELECTRONIC RECORDS SYSTEMS... 1 1. Email Infrastructure...
Five Rules for Discovery of Electronically Stored Information Eastern North Carolina Inn of Court Spring Meeting New Bern, NC May 17, 2012 M ARK SCRUGGS C LAIMS COUNSEL L AWYERS MUTUAL 5020 Weston Parkway,
Suggested Protocol for Discovery of Electronically Stored Information ( ESI ) In light of the recent amendments to the Federal Rules of Civil Procedure regarding discovery of electronically stored information
HIPAA Security Risk Analysis Toolkit In January of 2013, the Department of Health and Human Services Office for Civil Rights (OCR) released a final rule implementing a wide range of HIPAA privacy and security
Recommendations for Electronically Stored Information (ESI) Discovery Production in Federal Criminal Cases Department of Justice (DOJ) and Administrative Office of the U.S. Courts (AO) Joint Working Group
Office of the Privacy Commissioner of Canada Commissariat à la protection de la vie privée du Canada Access to Information and Privacy Process and Compliance Manual Prepared by The ATIP Unit April 2008
Business Associate Compliance With HIPAA: Findings From a Survey of Covered Entities and Business Associates Deven McGraw, Partner, Healthcare Industry, Manatt, Phelps & Phillips, LLP Susan Ingargiola,
Business Associate Compliance With HIPAA: Findings From a Survey of Covered Entities and Business Associates Deven McGraw, Partner, Healthcare Industry, Manatt, Phelps & Phillips, LLP Susan Ingargiola,
for the December 10, 2010 Contact Point Peter Vincent Principal Legal Advisor 202-732-5000 Reviewing Official Mary Ellen Callahan Chief Privacy Officer Department of Homeland Security (703) 235-0780 Page
Challenges in Managing Records in the 21 st Century Prepared by the NECCC Analysis of State Records Laws Work Group NATIONAL ELECTRONIC COMMERCE COORDINATING COUNCIL Copyright 2004 by The National Electronic
Making Sense of E-Discovery: 10 Plain Steps for Producing ESI The following article provides a practical guide to producing electronically stored information (ESI) that lawyers can apply immediately in
Best Practice For Email Retention Table of Contents Objective 2 Key Considerations 3 Email Retention Overview 5 The Law 6 Email Preservation and Searchability 8 Different Retention Approaches 9 Creating
E-Discovery and the Cloud: Best Practices in the New Frontier 1 US_ADMIN-78232447.1 E-Discovery and the Cloud: Best Practices in the New Frontier Authors Jennifer Yule DePriest, Partner email@example.com
ELECTRONICALLY STORED INFORMATION e-docs and Forensics in the New e-discovery Era www.aplf.org FRAMEWORK Overview of the Rule Changes Pre-Litigation Planning IT Audit Document Retention Policies Planning
MEETING YOUR COMPANY S ELECTRONIC DISCOVERY OBLIGATIONS Thomas A. French* William C. Boak TABLE OF CONTENTS I. INTRODUCTION... 2 II. LEGAL REQUIREMENTS FOR ELECTRONIC DISCOVERY... 5 A. When is the Duty
Litigation Services Getting Ahead of Discovery: Early Case Assessment and ESI The Federal Rules of Civil Procedure (FRCP) relating to electronic discovery highlight the need for early analysis of the facts
E-Discovery Lessons from the Battlefield Mike Williams Wheeler Trigg O Donnell (Denver, CO) firstname.lastname@example.org 303.244.1867 http://www.wtotrial.com/michael-t-williams-1 Introduction Over the past 15
Records Management Best Practices Guide A Practical Approach to Building a Comprehensive and Compliant Records Management Program Protecting and Managing the World s Information. Since 1951, Iron Mountain
Computer Forensic Services and the CPA Practitioner 2010-2012 Forensic Technology Task Force 2010-2012 Forensic Technology Task Force Ron Box Margaret Daley Carl Hoecker Joel Lanz Charles Reid Donna Tamura
E - DISCOVERY Fighting over smoking gun emails: The nightmare begins Part I E-Discovery under the New Federal Rules The federal discovery landscape has changed. The United States Supreme Court on April
Electronic Records Handbook Table of contents Key points to consider 3 Introduction 5 Selecting an appropriate system 7 Regulation of electronic records (erecords) 10 Patient consent and rights to access
THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF KANSAS GUIDELINES FOR CASES INVOLVING ELECTRONICALLY STORED INFORMATION [ESI] These guidelines are intended to facilitate compliance with the provisions
A Privacy Handbook for Lawyers PIPEDA AND YOUR PRACTICE Table of Contents Introduction...1 Privacy Issues in Managing a Law Practice...6 Privacy issues in Civil Litigation...16 Conclusion...26 Endnotes...28
Reducing the Cost and Headache of e-discovery with a Comprehensive Retention Plan for Electronically Stored Information By Fernando A. Bohorquez Alberto Rodriguez Table of Contents I. INTRODUCTION... 3
2013 HIPAA/HITECH AMENDMENTS: HOW THE CHANGES IMPACT THE ediscovery PROCESS Brian Brown Danny Tijerina RenewData, an LDiscovery Company Austin, TX Introduction Maintaining compliance with government regulations
Request for Proposal (RFP) for an Applicant Tracking Solution City of Durham October 2013 Table of Contents General Information 10. Date of RFP. 20. Project Manager and Contact with City; Questions about