1 The Impact of Electronic Discovery on Corporations? Michael J. Powell L. Clint Crosby
2 Look How Far We ve Come
3 ESI ESI = Electronically Stored Information Any information that is stored in a medium from which it can be retrieved and examined. FRCP 34 Electronic Discovery = The process of collecting, preparing, reviewing, and producing electronic documents in the context of the legal process
4 Basic Problems with Electronic Discovery Collecting the data Figuring out how to find what you need in the raw data Inadvertent disclosure of privileged information The attorney is responsible
5 Keys to Navigating Electronic Discovery Communication Attorney Internal Cooperation Attorney Opposing Party Vendors Consistency Litigation Holds Establish an Electronic Discovery Team
6 Team effort
7 New FRCP on ESI Early discussion of ESI issues required Scope of discovery (reasonably accessible) Assertion of privilege after production Form of production Spoliation Non-party production of ESI
8 2006 Amendments to Federal Rules of Civil Procedure Rule 16(b) Scheduling conference includes provisions for disclosure or discovery of ESI and any agreements of the parties for asserting claims of privilege or of production of trial preparation materials. Court includes in scheduling order any agreements between the parties regarding preservation of privilege.
9 2006 Amendments to Federal Rules of Civil Procedure, continued Rule 26 Addresses treatment of ESI that is not reasonably accessible due to undue burden or cost Producing party bears burden to show burden of production Court may compel discovery upon requesting party s showing of good cause Court may limit scope of discovery Clawback provision 26(b)5(b) Initial discovery planning conference to include discussion of forms of production
10 2006 Amendments to Federal Rules of Civil Procedure, continued Rule 33 Interrogatories can address ESI Rule 34 Form of production Rule 37(f) Safe harbor provision Rule 45 Provides electronic discovery can be sought from third parties
11 Scope of ESI in Business Today 17.5 trillion - Total e- documents created by businesses each year 70% of 17.5 trillion e- documents never exist in paper form % of ALL discoverable information is 60% of all companies have retention policies
12 Cost Impact of E-discovery $1.5 million Average cost of e-discovery in litigation $40 million Spent on e-discovery vendors in 1999 $2.9 billion 5% Estimated spent on e-discovery vendors in 2007 Very satisfied with e-discovery vendor Fulbright & Jaworski, LLP 2006 General Counsel Survey
13 Volume 1 gigabyte = approximately 75,000 pages or 30 bankers boxes
15 Records Management
16 Records Management Management of documents starts with a document retention policy. Every client that has ESI has a document retention plan of some sort. It may be one that is haphazard, unofficial or unenforced. A well managed plan helps control the volume of data that must be sorted through to find relevant information. Management extends over to having a litigation team in place that has the company and its computer system prepared for litigation.
17 In re Prudential Ins. Co. of America Sales Litig., 169 F.R.D. 598 (D.N.J. 1997) Class action against life insurer for deceptive sales practices In 1995, Prudential initiated a document retention plan to get rid of unauthorized sales documents but senior management did not guide its creation. Opinion addressed destruction of documents by agents and employees of Prudential in field offices Responsibility for creating, implementing and enforcing the document retention plan was put on the shoulders of senior management Prudential was not excused from being sanctioned because of field office actions Fined $1M and required to pay attorneys fees
20 Identification = Focus
21 Locate the Data Learn about your client s computer system IT/Custodian interviews (get help if you do not understand the lingo) Remember Rule 30(b)(6) deposition on ESI Good interview tool
22 IT Interview Outline Establish general case parameters Identify key people and resources Determine broad technical profile Document company data policies and procedures Discuss cost factors Sketch out implementation policy
23 Did we mention witness?
24 The reality of electronic discovery is that it starts off as the responsibility of those who don t understand the technology and ends up as the responsibility of those who don t understand the law. Craig Ball
25 Electronic categories Server Spaces Workstations Back-Up Media
26 Electronic categories, continued Cell Phones/PDAs External Storage Media Miscellaneous Other
27 Electronic categories, continued Legacy Systems
28 The IT Department is Busy
29 Cooperation: the Electronic Discovery Team
31 Preservation is Reactionary
32 Preservation Triggers Lawsuit Subpoena Notice/Request to preserve data Preservation is much easier if company is consistent in how it maintains its data
33 Preparation for ESI Discovery Forming a litigation response team Dedication of I.T. and administrative staff to litigation hold tasks Outline collection/harvest policy Outline chain of custody policy
34 Preserve the Data Communicate with attorney and employees Litigation hold notices People Subject matter Time frame Relevant data Consider preservation notice to adversary
35 Danis v. USN Communications 2000 WL (N.D. Ill.) Securities class action involving two groups of purchasers of common stock issued by USN Communications. The suit specifically named USN, Mr. Elliott (the CEO) and the Board of Directors, in addition to others. Prior to the commencement of the action, USN did not have a formal document retention policy covering the categories of documents and electronic information USN regularly created and received.
36 The Danis Court held: When senior management fails to establish and distribute a comprehensive document retention policy, it cannot shield itself from responsibility because of field office actions. Danis, 2000 WL at 32.
37 Danis Court Sanctions Adverse inference that instructed the jury it may infer the documents destroyed were helpful to the case of the prejudiced party. $10,000 fine assessed against CEO Elliott.
38 Zubulake v. UBS Warburg, LLC, 2004 U.S. Dist. LEXIS (S.D.N.Y. July 20, 2004) (5 th order on discovery) Failure to preserve electronic records ( ) was deemed to be willful spoliation. The court also held that production of documents only after re-deposing certain company employees was untimely. Sanctions included cost of retrieving electronic records and an adverse inference jury instruction
39 Zubulake Case Verdict, March 2005 $9 million in compensatory damages $20.1 million in punitive damages
40 Qualcomm v. Broadcom, (S.D. CA. January 7, 2008) Qualcomm sued for patent infringement but failed to locate and produce 46,000 highly relevant s until after the trial was over. Qualcomm s patent was declared invalid and Qualcomm was required to pay Broadcom over $8.5M in legal expenses. 6 of Qualcomm s outside attorneys were sanctioned and referred to their disciplinary board.
41 What the Court Had to Say For the current good faith discovery system to function in the electronic age, attorneys and clients must work together to ensure that both understand how and where electronic documents, records and s are maintained and to determine how best to locate, review, and produce responsive documents. Attorneys must take responsibility for ensuring that their clients conduct a comprehensive and appropriate document search.
42 One or more of the retained lawyers chose not to look in the correct locations for the correct documents, to accept the unsubstantiated assurances of an important client that its search was sufficient, to ignore the warning signs that the document search and production were inadequate, not to press Qualcomm employees for the truth These choices enabled Qualcomm to withhold hundreds of thousands of pages of relevant discovery and to assert numerous false and misleading arguments to the court and jury. This conduct warrants the imposition of sanctions.
44 Early Meet and Confer The 26(f) Conference
45 Meet and Confer Meet with opposing counsel ASAP to discuss ESI issues and be candid Rule 26 conference Data sources and production format Data volume Search terms/time frame Clawback Metadata Production format (native of tiff) Document any agreements reached and submit as an agreed order to the court
46 Collect the Data Use a professional (outside vendor) to collect/harvest the client s data. Chain of custody Prevent alteration of data Third party witness Insulate company Mirror imaging
47 Processing, Review, Analysis and Production
48 Rule 26(b) - Two Tiered Discovery: Reasonably Accessible v. Not Reasonably Accessible Must produce reasonably accessible electronically stored information Refers to documents and information actively used for information retrieval, Zubulake, 220 F.R.D. at 218 No duty to provide not reasonably accessible electronically stored information absent a court order (but still must preserve)
49 Accessibility of Information More accessible Less accessible Active data (information accessible when booting up workstation) Near-Line data (computer accessible optical drives) On-line storage: The storage of electronic data as fully accessible information in daily use on the network or elsewhere. Offline storage/archives (indexed by custodian name or organized back up tapes) Archive/Electronic Archive: Archives are long term repositories for the storage of records. Electronic archives preserve the content, prevent or track alterations and control access to electronic records. Offline storage/archives (disaster recovery tapes) Erased or fragmented data (not intended to be saved, capable of restoration) Legacy data/back up tapes for systems no longer supported
50 Not Reasonably Accessible Undue burden and cost determine if not reasonably accessible. Responding party must describe the category and type of information it claims is not reasonably accessible. Responding party has burden of proof. Court can shift discovery costs of not reasonably accessible to requesting party.
51 Discovery Database Management & Production Case Management Software CaseLogistix RingTail Summation Vendor Software
52 The Finish Line Communication Cooperation Consistency
53 The Impact of Electronic Discovery on Corporations? Michael J. Powell L. Clint Crosby
54 THE IMPACT OF ELECTRONIC DISCOVERY ON CORPORATIONS Michael J. Powell (678) L. Clint Crosby (678) BAKER, DONELSON, BEARMAN, CALDWELL & BERKOWITZ, P.C. Six Concourse Parkway, Suite 3100 Atlanta, Georgia (678)
55 I. INTRODUCTION. On December 1, 2006, the Federal Rules of Civil Procedure ( FRCP ) were substantively amended to account for the emergence of issues with the discovery and production of electronically stored information ( ESI ). While these ESI issues were not new to companies or counsel involved in litigation, the rule changes moved ESI to the forefront as one of the key issues for parties to address during the discovery process. The purpose of this paper and accompanying presentation is to provide an overview of ESI, what it is, where it is, how it can be a factor in litigation and how the revised Federal Rules of Civil Procedure interact with these issues. A. A Brief Background on ESI Related Amendments to the Federal Rules of Civil Procedure. 1. FRCP 16 Rule 16 was amended to encourage the parties and the court to address ESI issues at the beginning of the case and include any agreements reached in the initial case management scheduling order. In any case with ESI issues, a detailed agreement addressing ESI production and privilege issues should be a fundamental requirement. 2. FRCP 26 Rule 26 was amended to require the parties to confer early in the litigation about ESI discovery issues, including form of production and clawback agreements. This initial conference can no longer be a perfunctory exercise and counsel should give special attention to the timing of initial disclosures as locating, reviewing and producing ESI can be a time consuming process. Rule 26 also addresses limitations on discovery of not reasonably accessible ESI and the procedure for challenging the assertion that data is inaccessible. If the parties do not reach an agreement on how to treat the inadvertent production of privileged information, Rule 26(b)(5)(B) provides a procedure for the producing party to retrieve the privileged information. However, Rule 26 does not address the problems with privilege waiver, so a new evidence rule, Rule 502, has been proposed to preserve the privilege for information that is inadvertently produced. 3. FRCP 33 Rule 33 was updated to include a reference that interrogatory responses can refer to ESI as a source of the requested information. 1
56 4. FRCP 34 Rule 34 was amended to broadly define electronically stored information and to provide procedures for requesting and producing ESI. Sampling of ESI is now specifically allowed and ESI may be requested in a particular form or forms. The producing party may object to the requested form of production, but in its response, it must state the form in which the ESI is going to be produced. If no form of production is requested, the responding party must produce the information in the form in which it is normally kept or in a form that is reasonably useable. 5. FRCP 37 Rule 37 was amended to provide a safe harbor for litigants who inadvertently destroy electronic data through the good faith operation of their electronic information system. 6. FRCP 45 Rule 45 was amended to specifically provide that ESI can be obtained from nonparties. Many of the procedures for dealing with ESI production from Rules 26 and 34 are carried over into Rule 45. B. Fundamental ESI Issues. ESI includes the whole range of electronic information that a company generates and uses in its business. It is easy to lose your way because (1) many people are scared off by the technical terms and (2) people are naturally afraid of missing something. Moreover, the nature of the subject matter (electronic data storage) makes it more so, specifically: 1. Design. Information Technology ( IT ) network systems, and computers in general, are not designed for e-discovery. Rather, they are designed to run efficiently and dynamically without loss of important data (but not by preserving all data). 2. Location. Data can reside in many locations, some of them are not obvious and there may be emergency backup data storage media that hold data in formats that are not readily searchable. 3. Scale. A 40GB computer hard drive can hold as many as 7.5 million pages of data in standard office productivity file types. Companies typically quantify their data in Terabytes. (A Terabyte is 1000 Gigabytes; 1 Gigabyte is approximately 100,000 pages depending on file format). 2
57 C. A Roadmap Through The Electronic Discovery Process. E-discovery is part of the litigation process and is a process within itself. The e- discovery process begins with the company s document/data retention policies (or lack thereof) and continues through the presentation of electronic information at the actual trial or other adjudication of the underlying dispute. It is critical to know where counsel and the company are in the ESI discovery process in order to reduce the risks of mistakes and unnecessary cost. The Electronic Discovery Reference Model ( EDRM ) is a roadmap through the ESI discovery process. 1 It was designed to show the interplay of the various stages of electronic discovery and explain the process from a high-level view. As the model (below) indicates, from left to right, the process starts with the extraordinary volume of data that any company will have, and ends up with the data that has relevance to the lawsuit after the various steps have been completed. II. RECORDS MANAGEMENT. A. A Necessary Part of Business. A partial solution to the problems massive amounts of electronic data present in e- discovery is for the company to have a well-thought-out document retention plan that is put in place long before there is a hint of litigation, and that is uniformly enforced. This accomplishes a significant reduction in the amount of raw data that needs to be located and processed for reviewing. Document retention plans should address the creation, retention and disposition of corporate records and data. 1 The EDRM was created by an industry group created to develop and establish practical guidelines and standards for electronic discovery. Citations to this source are noted simply as EDRM. 3
58 In addition to controlling the retention of electronic data, companies should also be careful to control the content of electronic data. It is estimated that in North America 4 trillion s are sent each day. The casual nature of s leads authors to write things they might not say directly, or might phrase differently if the author was on the telephone, in a meeting or writing a letter. Therefore it is important that corporations educate their employees on what information should be put in s and how it should be phrased. What might seem innocuous at the time of writing can later make an excellent exhibit for your opponent at trial. The United States Supreme Court has encouraged document retention policies stating: Document retention policies, which are created in part to keep certain information from getting into the hands of others, including the Government, are common in business.... It is, of course, not wrongful for a manager to instruct his employees to comply with a valid document retention policy under ordinary circumstances." Arthur Andersen v. U.S., 125 S.Ct. 2129, 2135 (U.S. May 31, 2005). However, the failure to properly maintain and monitor a records retention policy can create substantial risk for both the business and its employees, particularly in light of the Sarbanes-Oxley Act and expanded interest in corporate conduct. Recent studies indicate that approximately 80% of companies have document retention policies and 75% have litigation hold policies. However, the adequacy of these policies, whether they are periodically revised to remain current and whether the policies are appropriately followed and enforced remains a substantial question. B. Some Level of Protection? Federal Rule of Civil Procedure 37 was amended to provide a safe harbor for litigants who inadvertently destroy electronic data through the good faith operation of their electronic information system. Although the good faith boundaries of this safe harbor have yet to be tested, it seems to be generally accepted at this time that relevant data lost after a litigation hold should have been put in place falls outside the protection of the safe harbor. Therefore, a company cannot blindly administer its document retention policy in the face of litigation and expect safe harbor protection. III. IDENTIFICATION. A. The Purpose of Identification. Identification concerns the process of learning the location of all data which counsel or corporate litigants may have a duty to preserve and potentially disclose in a pending or prospective litigation. B. It Really Helps to Have Some Understanding of Technology A Layman s Explanation. At least by this time in the process, counsel will need to meet with the company s IT staff to determine what data exists within the organization, and where it resides. To do that, counsel will need to know some ABCs of computer technology. 4
59 1. Network Basics. a. Servers. Most companies have a network, which is usually a group of independent computers ( clients or workstations ) that are connected so that they can exchange information. Network operations frequently contain servers (or big computers that facilitate information flow, provide storage or do other digital work for the organization). Note that when most people say on the network they are referring to information stored on a server. (i.) (ii.) (iii.) There can be huge, geographically-distributed networks (with hundreds of servers) and small networks (with only interconnected workstations). Servers can house specific types of data (such as a Microsoft Exchange server, which manages and hosts communications, or a file server, which stores documents and other information on it). Some types of servers can act simply as workers on the system and not have any active data stored on them. Examples are a spam-filter server (dedicated to catching unwanted before it makes it to the Exchange Server) and a Citrix server (allows remote access to the network). b. Back-up Systems. Back-up (or disaster recovery) is the IT department s way of ensuring that, if there should be a cataclysmic event that destroyed the data on one or more systems, the data could be recreated. It is a fall-back system and not typically utilized. (i.) (ii.) (iii.) There are any number of back-up media (such as digital tape, or externally-hosted servers like an evault system). Active backup media is typically stored off-site and rotated at fixed intervals. Backup jobs can be full (backing up the whole system), differential (backing up all files that have changed since the last full backup) or incremental (backing up new or changed data since the last full, differential or incremental backup). The point is to determine how the company s back-up system is configured and to catalogue what types of data are contained within it. 5
60 c. Computers (the actual workstations). Workstation computers are connected together and to servers through the network, but they can also act as data repositories (both in conjunction with the servers, or independently). (i.) (ii.) Workstation computers have a local C drive, where the user usually is able to store information at will (rather than on a file server). Workstation computers may contain copies of files stored on the server. Also, in most environments, users can create local copies or archives of mailbox data on their workstations (an example of this are Outlook PST files). d. Other Data Storage devices. The possibilities are virtually endless and could include: (i.) (ii.) (iii.) (iv.) (v.) (vi.) Cell phones Digital Cameras Digital dictation devices Voic Systems Blackberries and Tréos and other mobile communications devices Portable Storage Mediums (such as CDs, DVDs, Floppy disks, zip drives, thumb drives, etc.) e. A simple diagram of a company s data repositories might look like this: 2. Some Obvious Places to Look. There is no master list, but many companies have some similar locations for ESI such as: a. Data Shared on the Network. These are places where users are allowed to store information. Here are some easy ones: 6
61 (i.) (ii.) (iii.) Company-wide shared directories a common area where anyone in the company can store information. Departmental shared directories space where some segment of the company can store information (such as a department). Personal folders (not to be confused with the Outlook nomenclature) space where an individual employee can store information and only he/she (or another user with administrative rights) controls access to it. b. Servers. The most common are Microsoft Exchange servers (Outlook), Lotus Domino servers (Lotus Notes) and the Novell GroupWise platform. Companies might also use POP3 servers (akin to a Comcast, RoadRunner or AT&T account) in which the workstation and mail client is often the only location for mail data. A full exploration of the system should be made since is typically a major focus of ESI discovery. c. Database or Application Servers. Enterprise or department-wide databases or software may run on dedicated servers. An example of this would be an enterprise resource planning suite such as SAP, PeopleSoft or Lawson. Individual departments, such as accounting, might also have specialized applications. Counsel will need to determine the relevance of this material to the litigation. d. Employee Hard Drives. What are the key people storing on their workstation computers? Do they use the network space, or store data on their hard drive? e. Other Sources Outside the Company. (i.) (ii.) (iii.) Consider issuing early subpoenas to third parties, such as AOL, that may have relevant data. Employee home computers. Off-site data storage vendors. 7
62 3. Data Basics. a. Data is both fragile and durable. It is fragile in the sense that employees could permanently delete data from their computer (i.e. double-delete or hard delete an when it may not exist in another readily-accessible format), or the system may automatically alter metadata as a file is accessed. It is durable in the sense that computer systems may make many copies of files during ordinary operations and in the sense that many types of data, such as , may be widely distributed and stored in numerous locations. b. Metadata. Metadata is the data that lives underneath what you can readily see on the computer screen. System metadata is automatically generated, while substantive metadata reflects what changes were made to a document. Depending on the file type, metadata may contain a long list of information about the author, edits, creation date, etc. Metadata is not infallible and, many times, is not important, but it can be helpful and very important in certain kinds of matters. c. Forensics. Forensics refers to the computer sleuthing that is sometimes done to find deleted data or otherwise determine what happened to particular data (for instance, whether and when a wiping program was run). Computer forensics may be particularly useful when an individual s digital behavior is at issue. d. Hash Value. Each data file, group of files, or portion of a file can be assigned a unique number using a mathematical algorithm. This hash value can be used to identify and authenticate a data set with relative certainty. It can also be used as the digital equivalent of a Bates label for data produced in native format. 4. Determine What Data is Reasonably Accessible. Assess which data sources are reasonably accessible versus those that are not reasonably accessible develop estimates of cost to retrieve, process and review. This will give counsel the information necessary to support future claims that data from certain sources should not have to be searched and/or produced in discovery. Generally active data that a company is using every day is considered accessible; i.e. . Data that is typically not accessed such as uncataloged catastrophic backup media might not be considered reasonably accessible. C. Disclosure of Identified ESI. 8
63 Rules 16 and 26 were amended to require the parties to meet and confer early in the case about ESI discovery issues, including form(s) of production and clawback agreements. Local court rules often provide specific requirements for the ESI matters to be covered at early planning conferences. In general, these Rules distinguish ESI discovery that is reasonably accessible from that which is not reasonably accessible and provide procedures for challenging the assertion that data is inaccessible. The parties must address ESI issues at the beginning of the case and include in the initial case management scheduling order to courts any agreements reached by the parties. (The order should also provide that the initial disclosures required by Rule 26 will be made after those parties with ESI have had a realistic amount of time to determine what they have and where it is located.) With these rule changes, counsel is required to meet and talk to opposing counsel about the computer system of your client, what has been or will be done for preservation, and the production of ESI. It is important at this stage to be candid with opposing counsel about the company s computer system, how much raw data exists, what sources are or are not reasonably accessible, production format, etc. The e-discovery process can be much less expensive and require less court intervention if an agreement can be worked out in advance with opposing counsel. If practical, counsel should try to agree on (and incorporate into an agreement/order) issues such as the following: 1. Data sources to be searched; 2. Identity of key individuals; 3. Search terms to be used; 4. Relevant, limited time frame; 5. Data production format(s); 6. Whether and what metadata will be produced; 7. Clawback agreements; 8. Quick peek provisions; 9. Cost shifting, if inaccessible sources are to be searched; and 10. Authenticity of data produced. IV. PRESERVATION. A. The Preservation Purpose. 9
64 One of the purposes of the Identification stage of the electronic discovery process is to determine what the company should or should not preserve. There are duties incumbent on parties and counsel to ensure that this is done effectively. These duties include: 1. Preservation Trigger: The duty to preserve is triggered when litigation is reasonably anticipated. This can occur upon service of a lawsuit, or receipt of a demand letter or subpoena. 2. Counsel s Duties: Current case law requires attorneys (in-house and outside) to take personal responsibility for seeing that relevant data is preserved and produced. B. The First Litigation Hold Notice. The first litigation hold notice is typically sent by outside counsel to the in-house counsel or company contact upon a preservation trigger e.g. receipt of complaint, demand letter, subpoena, etc. 1. The first notice should go from outside counsel to the company and be as specific as possible regarding what the company s legal obligations are, what date is potentially relevant, and how the company should go about preserving its ESI. 2. If the company has a document retention program, this program likely will need to be suspended as to potentially relevant data, at least temporarily, until the issues and relevant information in the case can be identified. C. The Second Litigation Hold Notice. Working with the company and its IT staff, counsel should then make sure that hold notices are sent to all persons who are likely document custodians within the company. 1. This could include key employees and outside vendors who store information for the company. 2. The hold notices should be as specific as possible regarding how the custodian should go about preserving the data in its possession. The company should have a protocol in effect that could be implemented in this situation, but it is advisable for counsel to review protocol to ensure it will be effective. D. Utilize Guidance from the Meet & Confer. Discussion with the opposing counsel can be critical for defining the type and scope of litigation hold that is appropriate. Reach an agreement, if possible, on what data needs to be preserved and searched. If both sides are computer savvy, it is more likely this will happen (i.e., 10
Data protection Subject access code of practice Dealing with requests from individuals for personal information Contents 3 Contents 1. About this code of practice 4 Purpose of the code 4 Who should use
Guide for taxpayers Our approach to information gathering This publication is current at November 2013. For the most current version, visit our website at ato.gov.au/infogathering OUR COMMITMENT TO YOU
Office of the Privacy Commissioner of Canada Commissariat à la protection de la vie privée du Canada Access to Information and Privacy Process and Compliance Manual Prepared by The ATIP Unit April 2008
White Paper May 2006 Applying Electronic Records Management in the Document Management Environment: An Integrated Approach Written by: Bud Porter-Roth Porter-Roth Associates Table of Contents Introduction
Data Breach Response Guide By Experian Data Breach Resolution 2013-2014 Edition Trust the Power of Experience. 2013 ConsumerInfo.com, Inc. Table of Contents Introduction 3... Data Breach Preparedness 4...
GSA Federal Citizen Information Center Your Right To Federal Records Questions and Answers on the Freedom of Information Act and Privacy Act Table of Contents Introduction...i The Freedom of Information
Records Management Best Practices Guide A Practical Approach to Building a Comprehensive and Compliant Records Management Program Protecting and Managing the World s Information. Since 1951, Iron Mountain
Audit Manual PART TWO SYSTEM BASED AUDIT Table of content 1. Introduction...3 2. Systems based audit...4 2.1. Preparing for & planning the audit assignment...5 2.2. Ascertaining and recording the system...7
STANDARD FORM OF AGREEMENT FOR DESIGN SERVICES Every design project is different and the best will result from trust between the client and the designer. The most effective way to assure trust meets both
THE JAMAICA HOSPITAL MEDICAL CENTER DIAGNOSTIC AND TREATMENT CENTER COMMITMENT TO COMPLIANCE CODE OF CONDUCT AND COMPLIANCE PROGRAM SUMMARY OCTOBER 2009 REVIEWED: 4/12, 10/13, 5/14, 6/15 REVISED: AUGUST
Standards for Internal Control in New York State Government October 2007 Thomas P. DiNapoli State Comptroller A MESSAGE FROM STATE COMPTROLLER THOMAS P. DINAPOLI My Fellow Public Servants: For over twenty
SPECIAL REPORT 5 Mistakes Everyone Makes with Job Descriptions And How to Avoid Them 30611060 SPECIAL REPORT 5 Mistakes Everyone Makes with Job Descriptions And How to Avoid Them 30611000 Publisher and
Climate Surveys: Useful Tools to Help Colleges and Universities in Their Efforts to Reduce and Prevent Sexual Assault Why are we releasing information about climate surveys? Sexual assault is a significant
Ethical Considerations in Personal Injury Settlements and Lien Resolution by Martin Jacobson, Esq. & Robert Schweers, Esq. This article discusses what every personal injury trial lawyer in New York State
ARTICLE 29 DATA PROTECTION WORKING PARTY 01037/12/EN WP 196 Opinion 05/2012 on Cloud Computing Adopted July 1 st 2012 This Working Party was set up under Article 29 of Directive 95/46/EC. It is an independent
The Guide to Data Protection Contents Introduction 1 Key definitions of the Data Protection Act 4 The Data Protection Principles 19 1. Processing personal data fairly and lawfully (Principle 1) 20 2. Processing
Global Network Initiative Public Report on the Independent Assessment Process for Google, Microsoft, and Yahoo Global Network Initiative Protecting and Advancing Freedom of Expresssion and Protecting and
Cyber Security Planning Guide The below entities collaborated in the creation of this guide. This does not constitute or imply an endorsement by the FCC of any commercial product, service or enterprise
275 Tips About Medical Records: A Guide for Legal Nurse Consultants Pat Iyer, MSN, RN, LNCC The Pat Iyer Group, LLC 908-237-0278 The Pat Iyer Group Pat Iyer The Pat Iyer Group, LLC. 260 Route 202/31, Suite
HANDBOOK FOR ACQUIRING A RECORDS MANAGEMENT SYSTEM (RMS) THAT IS COMPATIBLE WITH THE NATIONAL INCIDENT-BASED REPORTING SYSTEM (NIBRS) May 2002 TABLE OF CONTENTS INTRODUCTION 1 1 MAKE THE NIBRS RMS DECISION
Chapter 2 Fields of Intellectual Property Protection Patents Introduction Conditions of Patentability Drafting and Filing a Patent Application Examination of a Patent Application Infringement Exploitation
Top Ten Technology Tools (And Tips On How to Use Them) By Dan Pinnington Richard G. Ferguson David J Bilinsky and David Masters Are you familiar with the various available legal technology options, and
CODE OF PROFESSIONAL RESPONSIBILITY (Superseded February 1, 2007) View the Ohio Rules of Professional Conduct (effective February 1, 2007) Preface Canon 1 A Lawyer Should Assist in Maintaining the Integrity