1 E-Discovery Technology Considerations Presented by: Dave Howard Oregon Department of Justice Deputy CIO
2 Topics E-Discovery Process Overview Sources of Electronically Stored Information (ESI) Data Maps Backups Metadata Social Networking/Web 2.0 Responding to a Request for Production Resources
4 EDRM Stage Descriptions Information Management Getting your electronic house in order to mitigate risk & expenses should electronic discovery become an issue, from initial creation of electronically stored information through its final disposition. Records Management, Data Map, etc. Identification Locating potential sources of ESI & determining its scope, breadth & depth. Preservation (aka Legal/Litigation Hold) Ensuring that ESI is protected against inappropriate alteration or destruction. Collection Gathering ESI for further use in the electronic discovery process (processing, review, etc.).
5 EDRM Stage Descriptions Processing Reducing the volume of ESI and converting it, if necessary, to forms more suitable for review & analysis. Review Evaluating ESI for relevance & privilege. Analysis Evaluating ESI for content & context, including key patterns, topics, people & discussion. Production Delivering ESI to others in appropriate forms & using appropriate delivery mechanisms. Presentation Displaying ESI before audiences (at depositions, hearings, trials, etc.), especially in native & near-native forms, to attempt to persuade or elicit further information.
6 Litigation Hold Notice A Litigation Hold has been issued for the matter described above pursuant to Department Policy. You may have possession, custody, or control of documents and other information, including electronically-stored information (ESI), that relate to this matter. DO NOT DELETE, ALTER OR DESTROY any documents, , or other ESI related to this matter until further notice. Please notify <agency contact> if you think you may have any documents, , or other ESI that is subject to this Litigation Hold.
7 Sources of ESI Sources Server (Exchange, GroupWise, Lotus, etc) PST (Outlook Personal Store typically stored on PC or file server) OST (Outlook Off-line store duplicate of Exchange mailbox stored on PC/Laptop) Archive (PST, usually stored on local PC, that Outlook uses to automatically archive , calendar and other events) MSG (message file stored out of system as regular file on PC or server file share) Blackberry components Message Calendar Tasks Contacts
8 Sources of ESI Agency Document Management (DM) or Electronic Records Management System (ERMS) e.g. Opentext, Filenet, Sharepoint, others File Servers Individual/Group/Public file shares Application Servers Possible sources of data in application servers are as numerous as the applications running on them. Databases (e.g. personnel database, helpdesk system, etc) GIS Web Services (internal & external) Content of web sites (including Intranet) Wikis/Blogs/Forums Collaboration Services (e.g. SharePoint) Social networking (e.g. Govspace, Facebook, MySpace, LinkedIn)
9 Sources of ESI PC/Laptop (work and/or personal, dedicated and/or shared) ESI stored on C: drive Some PC s have multiple hard drives or partitions on a single hard drive. Some have a special partition to save images of C: drive for recovery purposes. Is potentially discoverable information transferred from work to home? (via thumb drive, , CD/DVD, personal laptop, etc) Portable storage devices/media (business and/or personal) Thumb drive Portable USB drive (some up to 1 terabyte) ipod DVD/CD Media cards (e.g. SD card) PDA (Blackberry, cell phone) Business and/or personal , calendar, contacts Text Messages
10 You think it may be too obscure? In Minaya v. Duane Reade a New York State appellate court upheld sanctions resulting from the failure of defendant to preserve video recordings of a stairway that may have shown the condition of the stairs prior to plaintiff's fall and may have even recorded plaintiff's fall.
11 Sources of ESI Security Systems Log on/off records Internet use logs Firewall logs Keycard access system logs Security System Video Legacy Storage Media Floppy disks Tapes Other data sources & considerations Voic (VOIP/Unified Messaging implications) Digital Cameras Multi-Function Copiers Instant Messaging (LAN & Blackberry) SaaS (Software as a Service)
12 Legislation HB3271 (eff January 1, 2010) Part of language changes to ORS (Harassment) include: (5) As used in this section, 'electronic threat' means a threat conveyed by electronic mail, the Internet, a telephone text message or any other transmission of information by wire, radio, optical cable, cellular system, electromagnetic system or other similar means.
13 Data Maps A Data Map provides legal and IT departments with a guide to the employees, processes, technology, types of data, and business areas, along with the physical and virtual location of data throughout the organization. It is a detailed representation or map of electronically stored information within an organization. It typically includes: Relevant information systems, with scope, character, organization, and formats employed in each system; and any limitations of accessibility. A description of the retention policies. Likely data custodians. Don t look for an example..
14 Backups One of the most complex issues (at least from the IT perspective) around e-discovery. Backup vs. Archive: An archive is an actively managed set of information kept as a business record when needed and disposed of when not. Backups are designed for near term disaster recovery and not long term preservation. Many organizations treat backups as an archive. Direction is often unclear about what backups to retain in a litigation hold. Hold the backup tapes Expectations often unrealistic about what can be retrieved from backups. Cost is a big factor in retaining backups. A medium-sized agency could easily spend $2500-$3000/month on backup tapes due to one legal hold.
15 Not reasonably accessible data The Federal Rules do not define not reasonably accessible other than to caution that it turns on the presence or absence of undue burden or cost. Under the emerging case law at the time of the 2006 Amendments, there was a reasonable consensus, as outlined in the introductory remarks in the 2005 Advisory Committee Report, that the following data types were often deemed not to be reasonably accessible without undue burden or cost: information on databases whose retrieval cannot be quickly accomplished because the database software is not capable of extracting the information sought without substantial additional programming; information stored on media that must be transformed into another form before search and retrieval can be achieved; deleted information whose fragments remain only accessible by forensics; and legacy data remaining from obsolete systems that is unintelligible on successor systems. ** The Sedona Conference Commentary on Preservation, Management and Identification of Sources of Information that are Not Reasonably Accessible (July, 2008)
17 Metadata Data about data Data typically stored electronically that describes characteristics of ESI, found in different places in different forms. Can be supplied by applications, users or the file system. Metadata can describe how, when and by whom ESI was collected, created, accessed, modified and how it is formatted. Can be altered intentionally or inadvertently. Certain metadata can be extracted when native files are processed for litigation. Some metadata, such as file dates and sizes, can easily be seen by users; other metadata can be hidden or embedded and unavailable to computer users who are not technically adept. Metadata is generally not reproduced in full form when a document is printed to paper or electronic image. The Sedona Conference Glossary (Second Edition)
18 Metadata Examples System Metadata Create/Modify Date, Document creator, etc. System-generated information out of the control of users MS Office documents Various file property fields (see File/Properties) Macro or VB Script comments Notes in a PowerPoint presentation To/From/CC: Send/receive date Receipt/read acknowledgement Word document Comments Tracked changes Excel Spreadsheet Formulas Cell comments
19 Social Networking Sites Facebook, MySpace, LinkedIn, Twitter, Yammer, Ning, Google Docs, The Blogosphere
20 Social Networking in State Gov. Just a quick search reveals: Secretary of State (Facebook, Twitter) Transportation (Facebook, Twitter, YouTube) Fish & Wildlife (Facebook, YouTube, Twitter) Parks & Rec (Facebook) Forestry (YouTube) DHS (YouTube)
21 Social Networking Management and Policy Considerations Ensure that social networking access is addressed in your acceptable use policy. Workflows need to ensure that relevant social media transactions are recoverable as public records OR for discovery purposes. Develop staff training on network and data risks associated with social networking activities. Clearly identify ownership of content. Clearly identify responsibility for records/archival management.
22 Responding to a Request For Production What is to be actually produced will be determined by counsel. Format to be produced in will also be determined, though typically agency will provide data in native format. Be careful to preserve relevant system metadata. Consider chain-of-custody in producing and handling ESI. May be addressed in deposition. Do you understand what you re being asked for? Does it make sense? Ask questions! Do they understand what you are giving them?
23 How Can I.T. Help? Involvement in the process Translation Expertise on agency IT systems and data Work with legal counsel Advice Awareness/Education
24 Resources The Sedona Conference E-Discovery Reference Model Craig Ball Helping Lawyers Master Technology Fios Inc. e-discovery Knowledge Center The universal tool:
25 Questions? Contact Information: Dave Howard Oregon Department of Justice
Managing digital records without an electronic record management system Crown copyright 2012 You may re-use this information (excluding logos) free of charge in any format or medium, under the terms of
White Paper May 2006 Applying Electronic Records Management in the Document Management Environment: An Integrated Approach Written by: Bud Porter-Roth Porter-Roth Associates Table of Contents Introduction
APR. 08 U.S. Department of Justice Office of Justice Programs National Institute of Justice Special REPORT Electronic Crime Scene Investigation: A Guide for First Responders, Second Edition www.ojp.usdoj.gov/nij
Records Management: NHS Code of Practice Part 1 DH INFORMATION READER BOX Policy HR/Workforce Management Planning Clinical Document Purpose Estates Performance IM & T Finance Partnership Working Best Practice
RECORDS MANAGEMENT MANUAL Date: September, 2007 Authored By: University Archives Contents 1. Records Management at UBC 3 A) Purpose of The Records Manual 3 B) Benefits of Records Management 3 C) Some Records
FIRST Site Visit Requirements and Assessment Document originally produced by CERT Program at the Software Engineering Institute at Carnegie Mellon University And Cisco Systems PSIRT Revision When Who What
Records Management Best Practices Guide A Practical Approach to Building a Comprehensive and Compliant Records Management Program Protecting and Managing the World s Information. Since 1951, Iron Mountain
Office of the Privacy Commissioner of Canada Commissariat à la protection de la vie privée du Canada Access to Information and Privacy Process and Compliance Manual Prepared by The ATIP Unit April 2008
Getting Physical with the Digital Investigation Process Brian Carrier Eugene H. Spafford Center for Education and Research in Information Assurance and Security CERIAS Purdue University Abstract In this
Data protection Subject access code of practice Dealing with requests from individuals for personal information Contents 3 Contents 1. About this code of practice 4 Purpose of the code 4 Who should use
Current Trends in Litigation Involving the Use of Social Media John B. Kearney Partner and Head, New Jersey Litigation Group Ballard Spahr LLP 1 Introduction Social media now affect all phases of litigation
Joint UNECE/Eurostat/OECD Work Session on Statistical Metadata (METIS) Generic Statistical Business Process Model Version 4.0 April 2009 Prepared by the UNECE Secretariat 1 I. Background 1. The Joint UNECE
Special Publication 800-125 Guide to Security for Full Virtualization Technologies Recommendations of the National Institute of Standards and Technology Karen Scarfone Murugiah Souppaya Paul Hoffman NIST
Google Apps as an Alternative to Microsoft Office in a Multinational Company The GAPS Project Thesis presented in order to obtain the Bachelor s degree HES by: Luc BOURQUIN Supervisor: Thierry CEILLIER,
Implementation Guide October 2009 Acknowledgement This guide is based on the lessons learned through DAF pilot projects and early exemplars. We re very grateful to those groups for sharing their experiences
IT Security & Audit Policy Page 1 of 91 Prepared by: - Department Of IT, Govt. Of NCT Of Delhi Prakash Kumar - Special Secretary (IT) Sajeev Maheshwari - System Analyst CDAC, Noida Anuj Kumar Jain - Consultant
Top Ten Technology Tools (And Tips On How to Use Them) By Dan Pinnington Richard G. Ferguson David J Bilinsky and David Masters Are you familiar with the various available legal technology options, and
Cyber Security Planning Guide The below entities collaborated in the creation of this guide. This does not constitute or imply an endorsement by the FCC of any commercial product, service or enterprise
United States Government Accountability Office Report to the Subcommittee on the Legislative Branch, Committee on Appropriations, U. S. Senate March 2015 INFORMATION TECHNOLOGY Copyright Office Needs to
Trusted Digital Repositories: Attributes and Responsibilities An RLG-OCLC Report RLG Mountain View, CA May 2002 2002 Research Libraries Group All rights reserved First published in May 2002 Adobe and Acrobat
State of Florida GENERAL RECORDS SCHEDULE GS1-SL FOR STATE AND LOCAL GOVERNMENT AGENCIES EFFECTIVE: FEBRUARY 19, 2015 R. 1B-24.003(1)(a), Florida Administrative Code Florida Department of State Division
A Cooperative Agreement Program of the Federal Maternal and Child Health Bureau and the American Academy of Pediatrics Acknowledgments The American Academy of Pediatrics (AAP) would like to thank the Maternal
IAPE STANDARDS SECTION 16 DIGITAL EVIDENCE IAPE STANDARD SECTION 16.1 DIGITAL EVIDENCE Standard: Digital evidence is a critical element of modern criminal investigation that should be maintained in strict
[Example] Social Media Acceptable Use Policy Overview The [agency] recognises that there are legitimate business and personal reasons for using social media at work or using corporate computing resources.
The Critical Security Controls for Effective Cyber Defense Version 5.0 1 Introduction... 3 CSC 1: Inventory of Authorized and Unauthorized Devices... 8 CSC 2: Inventory of Authorized and Unauthorized Software...
Data protection Protecting personal data in online services: learning from the mistakes of others May 2014 Contents Introduction... 2 What the DPA says... 4 Software security updates... 5 Software security
Summary of Changes Handbook AS-353, Guide to Privacy, the Freedom of Information Act, and Records Management Handbook AS-353, Guide to Privacy, the Freedom of Information Act, and Records Management, has