Cloud Privacy and Information Governance from Both Sides Now: Emerging Trends in Law and Public Policy Out of the Private and Public Sectors
|
|
- Aron Mitchell
- 8 years ago
- Views:
Transcription
1 Cloud Privacy and Information Governance from Both Sides Now: Emerging Trends in Law and Public Policy Out of the Private and Public Sectors Cloud Standards Customer Council (CSCC) Cloud Privacy Summit Reston, Virginia March 26, 2015 Jason R. Baron, Esq. Information Governance and ediscovery Group Drinker Biddle & Reath LLP Washington, D.C Jason R. Baron 2015
2 Overview Big Data, Privacy, and the Cloud Sectoral Basis of US Privacy Law - Public Sector - Private Sector Cloud Governance Best Practices Privacy & Recordkeeping: OMB/NARA Memorandum on Managing Govt Records Public Policy Challenges (c) Jason R. Baron 2015
3 Post-Snowden (c) Jason R. Baron 2015
4 Post-Sony (c) Jason R. Baron 2015
5 Shadow IT
6
7 (c) Jason R. Baron 2013
8 Tomorrow For Everyone: Moving to the Cloud (c) Jason R. Baron 2015
9 We have entered the era where Big Data is. (c) Jason R. Baron 2015
10 The World Has Changed We are not just managing thousands or millions of paper files We are at an inflection point in history in terms of data volume IDC Report: 1800 new exabytes this year (1 exabyte=data equivalent of 50,000 yrs of continuous movies) Open data policies vs. the iceberg : a vast amount of information is hidden underneath the web how is it to be reliably preserved and accessed? (c) Jason R. Baron 2015
11 Information governance is needed in a world where % of enterprise data is unstructured - 60% of documents are obsolete - 50% of documents are duplicate - 80% documents are not retrieved by traditional search (c) Jason R. Baron 2013
12 Congressional Research Service Report (2015) Privacy is a concern, especially for public and hybrid cloud services. The greater direct control that private clouds give to users over hardware and software may provide them more control over management of privacy. Establishing an effective and appropriate legal structure for regulating cloud computing services is imperative, as cloud usage is expected to represent more than half of all Internet use by the end of this decade. Globally, advances in technology services such as cloud computing paired with how those services are used by consumers have increased the difficulty of maintaining the appropriate legal balance between individual rights and the needs of law enforcement. As the depth and breadth with which consumers incorporate cloud services into their daily lives increases, the need for balance becomes even more important, but also more difficult to attain. Source: (
13 From the White House Big Data Report (2014) Th[e] trend toward ubiquitous collection is in part driven by the nature of technology itself. Whether born analog or digital, data is being reused and combined with other data in ways never before thought possible, including for uses that go beyond the intent motivating initial collection. The potential future value of data is driving a digital land grab, shifting the priorities of organizations to collect and harness as much data as possible. Companies are now constantly looking at what kind of data they have and what data they need in order to maximize their market position. In a world where the cost of data storage has plummeted and future innovation remains unpredictable, the logic of collecting as much data as possible is strong. Source: _may_1_2014.pdf
14 WH Big Data Report (con t): The Challenge Together, these trends may require us to look closely at the notice and consent framework that has been a central pillar of how privacy practices have been organized for more than four decades. In a technological context of structural over-collection, in which reidentification is becoming more powerful than deidentification, focusing on controlling the collection and retention of personal data, while important, may no longer be sufficient to protect personal privacy. In the words of the President s Council of Advisors for Science & Technology, The notice and consent is defeated by exactly the positive benefits that big data enables: new, non-obvious, unexpectedly powerful uses of data. (c) Jason R. Baron 2015
15 FIPPs The Fair Information Practice Principles, adopted by the Federal Trade Commission in 1998 as nonenforceable best practices for online privacy. The five pillars of the FIPPs address notice, choice, access, security and enforcement: There must be no personal data recordkeeping system whose existence is secret. There must be a way for individuals to find out what information about them is recorded and how it is used. There must be a way for individuals to prevent information that was obtained for one purpose from being used or made available for other purposes without their consent. There must be a way for individuals to correct or amend records of identifiable information about themselves. Any organization creating, maintaining, using or disseminating identifiable personal data must assure the reliability of the data for the intended use and must take precautions to prevent its misuse. (c) Jason R. Baron 2015
16 Cloud Procurement White Paper Overview Top 10 areas Federal agencies need to address when procuring cloud Gives description of issues along with ways to address issues within contracts Provides tactical guidance through a questionnaire checklist Available at 16
17 Privacy Questions to Ask in Federal Cloud Environment 1. When implementing a cloud solution, did the agency consider whether any personally identifiable information (PII) would be involved? 2. Did the agency consider whether any other categories of personal information, such as those protected by special privacy legislation and regulations like protected health information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, would be involved? 3. If there is PII at issue, did the agency assess whether the Privacy Act of 1974 applied to the PII in question? - If so, did the agency ensure that the agreement included mandatory FAR language on operating Privacy Act systems of records? 4. If there is PII at issue, did the agency conduct a Privacy Impact Assessment in accordance with section 208 of the E-Government Act of 2002 and OMB Memorandum M-03-22? 5. If there is PII at issue, does the agreement provide instruction and requirements on what to do in the event of a breach or unintentional release of PII? (
18 Privacy Questions To Ask in a Federal Cloud Environment (con t) 6. If there is PII at issue, did the agency make any arrangements to ensure that either agency staff created appropriate PII training guidelines or actually delivered PII training to the cloud providers? 7. If there is PII at issue, does the agency agreement provide instruction and requirements on what to do in the event of any request for disclosure, subpoena, or other judicial process seeking access to the records which may include USG PII? 8. If there is PII at issue, does the agency agreement limit uses strictly to support the agency and prohibit uses for other purposes? 9. If there is PII at issue, does the agency agreement provide instruction and requirements on terminating storage and deleting data upon expiration of the agreement term and option extensions? 10. If there is PII at issue, does the agency agreement specify whether the data servers, including redundant servers, may be located outside the United States?
19 HIPAA* in the Cloud *Health Insurance Portability and Accountability Act Where is the data physically stored? How many copies of the data have been made? Has the data been changed? Has the data actually been deleted when requested? (index file only or actual data blocks?) How will the data be stored on the cloud provider s server? Encrypted? Will details be shared with patients on details of third party cloud provider information handling or security practices? How do patients exercise their right to access to any information stored about them, so as to correct any inaccuracies, when dealing with third party cloud providers? (c) Jason R. Baron 2015
20 Gramm-Leach-Bliley Act Requires financial institutions to establish standards for protecting confidentiality of customer non-public financial information. Encourages use of encryption techniques Restricts financial institutions from disclosing consumer financial information to non-affiliated third parties (although disclosure to a cloud service provider generally not restricted). (c) Jason R. Baron 2015
21 Forrester Research: Cloud Computing Checklist: How Secure Is Your Cloud (Chenxi Wang, Oct 30, 2009) Show me how you protect digital identities and credentials and use them in cloud applications? What data do you collect about me (logs, etc.)? How is it stored? How is the data used? How long will it be stored? Under what conditions might third parties, including government agencies, have access to my data? Can you guarantee that third-party access to shared logs and resources won t reveal critical information about my organization? Source: (c) Jason R. Baron 2013
22 Federal Cloud Computing Strategy Document Vivek Kundra, Feb. 8, 2011 Storing information in the cloud will require a technical mechanism to achieve compliance with records management laws, policies and regulations promulgated by both the National Archives and Records Administration (NARA) and the General Services Administration (GSA). The cloud solution has to support relevant record safeguards and retrieval functions, even in the context of a provider termination. (page 14) See
23 A New Era of Government [P]roper records management is the backbone of open Government. President Obama s Memorandum dated November 28, 2011 re Managing Government Records governmentrecords (c) Jason R. Baron 2015
24 Presidential Memorandum From President Obama s Memorandum on Managing Government Records, dated 11/28/11: Decades of technological advances have transformed agency operations, creating challenges and opportunities for agency records management. Greater reliance on electronic communication and systems has radically increased the volume and diversity of information that agencies must manage. With proper planning, technology can make these records less burdensome to manage and easier to use and share. But if records management policies and practices are not updated for a digital age, the surge in information could overwhelm agency systems, leading to higher costs and lost records. 24
25 Presidential Memorandum, November 2011 Within 120 days of the date of this memorandum, each agency head shall submit a report to the Archivist and the Director of the Office of Management and Budget (OMB) that: (i) describes the agency's current plans for improving or maintaining its records management program, particularly with respect to managing electronic records, including and social media, deploying cloud based services or storage solutions, and meeting other records challenges; * * * * (c) Jason R. Baron 2015
26 Archivist/OMB Directive M-12-18, Managing Government Records Directive, dated 8/24/12: 1.1 By 2019, Federal agencies will manage all permanent records in an electronic format. 1.2 By 2016, Federal agencies will manage both permanent and temporary records in an accessible electronic format. (c) Jason R. Baron 2015
27 Managing Govt Records Directive on Cloud Storage A5. Evaluate the feasibility for secure "data at rest" storage and management services for Federal agency-owned electronic records By December 31,2013, NARA will determine the feasibility of establishing a secure cloud-based service to store and manage unclassified electronic records on behalf of agencies. This basic, shared service will adhere to NARA records management regulations and provide standards and tools to preserve records and make them accessible within their originating agency until NARA performs disposition. (c) Jason R. Baron 2015
28 is still the 800 lb. gorilla of ediscovery & therefore important to get right in the cloud (c) Jason R. Baron 2015
29 Beyond text messaging, social media, etc. (c) Jason R. Baron 2015
30 The demise of RM. John Mancini, President of AIIM: If by traditional records management you mean manual systems even if they are computerized then I would say traditional records management is dead. The idea that we could get busy people to care about our complicated retention schedules, and drag and drop documents into folders, and manually apply metadata document by document according to an elaborate taxonomy will soon seem as ridiculous as asking a blacksmith to work on a Ferrari. (c) Jason R. Baron 2015
31 RM wish list for RM s easy button : the elusive goal of zero extra keystrokes to comply with RM requirements (capture) A technology app that automatically tags records in compliance with RM policies and practices (categorize) Supervised learning RM with minimal records officer or end user involvement (learn) Rule-based and role-based RM Advanced search (c) Jason R. Baron 2013
32 NARA s Capstone Policy: The Path Forward archiving in short term, synced to existing proprietary software on system Designation of key senior officials as creating permanent records, consistent with existing records schedules Additional designations of permanent records by agency component Smart filters/categorical rules built in based on content, to the extent feasible to do Non-senior official records and non-tagged records designated as temporary to be held for set retention period. (c) Jason R. Baron 2013
33 Capstone Officials Capstone officials may include: Officials at or near the top of an agency or an organizational subcomponent Capstone accounts Key staff accounts Key staff members that may be in positions that create or receive presumptively permanent records Other accounts Other accounts (c) Jason R. Baron 2015
34 NARA on Cloud Computing NARA Bulletin Defines cloud models in accordance with NIST definitions + Discusses records mgmt challenges + Details how agencies can meet records mgmt responsibilities
35 NARA on Cloud Computing: RM Challenges NARA Bulletin Lacking the capability to implement records disposition schedules, including the ability to transfer permanent records to archives and/or delete temporary records --are records maintained in a way that preserves functionality and integrity throughout the records life cycle? --are links maintained between records and metadata?
36 NARA on Cloud Computing: RM Challenges NARA Bulletin Lacking the capability to implement records disposition schedules, including the ability to transfer permanent records to archives and/or delete temporary records --are records maintained in a way that preserves functionality and integrity throughout the records life cycle? --are links maintained between records and metadata?
37 NARA on Cloud Computing: More Challenges NARA Bulletin Agencies need to be able to control proposed deletion of records, wherever they be located + Agencies must ensure records are accessible for all purposes of access (e-discovery, FOIA, etc.)
38 NARA on Cloud Computing: Still More Challenges NARA Bulletin Cloud architecture may lack formal technical standards governing storage and manipulation of data, threatening longterm trustworthiness and sustainability of data
39 NARA on Cloud Computing: Still More Challenges NARA Bulletin Lack of portability complicating transferring/exporting permanent records to archival environment + Agencies should anticipate how continued preservation and access issues will be resolved where cloud provider business operations materially change
40 NARA on Cloud Computing: How can agencies meet their RM responsibilities? NARA Bulletin ) Include records officer in planning & deployment of cloud computing solutions 2) Declare which copy of records will be the official record copy (value of cloud version may be greater). 3) Determine if cloud data covered under existing records schedules 4) Include instructions on how records will be captured, managed, retained, made available to users
41 NARA on Cloud Computing: How can agencies meet their RM responsibilities? NARA Bulletin ) Instructions on conducting a records analysis, including on system documentation & metadata 6) Instructions to periodically test transfers of Federal records to other environments, including agency servers, to ensure portability 7) Instructions on how data will be migrated to new formats, so records are readable thru their life cycle 8) Resolve portability and accessibility thru good RM policies and data governance practices (interoperability, security, access, etc.)
42 NARA on Cloud Computing: Contractors & Service Level Agreements (SLAs) NARA Bulletin Agencies maintain responsibility for managing records whether they reside in an agency s physical custody or if maintained by a 3 rd party contractor. + When dealing with 3 rd parties, include RM clause to ensure that contractor must manage records in accordance with Federal Records Act, 44 USC Chapters 21, 29, 31, 33, and NARA Regs, 36 CFR Chapter XII Subchapter B.
43 Sample RFQ Language The Quoter shall provide common Application Program Interfaces (APIs) allowing integration with third party tools such as archiving solutions, E-Discovery solutions, and Electronic Records Management Software Applications. The Quoter shall support an immutable management solution integrated with the messaging system in accordance with the requirement for Federal agencies to manage their messages and attachments as electronic records in accordance with 36 CFR , including capabilities such as those identified in: DoD STD V3, Electronic Records Management Software Applications Design Criteria Standard, NARA Bulletin , July 31, 2008, Guidance concerning the use of archiving applications to store , and NARA Bulletin September 8, 2010, Guidance on Managing Records in Cloud Computing Environments.
44 Cloudy thoughts on information governance challenges
45 Process Optimization Problem: The transactional toll of user-based recordkeeping schemes ( as is RM) (c) Jason R. Baron 2013
46 . and the need for better, automated solutions. (c) Jason R. Baron 2013
47 The Coming Age of Dark Archives (i.e., the inability to provide access unless we have smart ways of extracting signal from noise, including use of privacy filters) (c) Jason R. Baron 2015
48 Abandoning Sole Reliance on Practicing Black Swan IG
49 Emerging New Strategies: Predictive Analytics Improved review and case assessment: cluster docs thru use of software with minimal human intervention at front end to code seeded data set Slide adapted from Gartner Conference June 23, 2010 Washington, D.C. (c) Jason R. Baron 2015
50 Judicial endorsement of predictive analytics in document review by Judge Peck in da Silva Moore v. Publicis Groupe (SDNY Feb. 24, 2012) This opinion appears to be the first in which a Court has approved of the use of computer-assisted review.... What the Bar should take away from this Opinion is that computer-assisted review is an available tool and should be seriously considered for use in large-data-volume cases where it may save the producing party (or both parties) significant amounts of legal fees in document review. Counsel no longer have to worry about being the first or guinea pig for judicial acceptance of computer-assisted review... Computer-assisted review can now be considered judiciallyapproved for use in appropriate cases. (c) Jason R. Baron 2015
51 Emerging Autocategorization (c) Jason R. Baron 2015
52 Remarks Preceding the White House Big Data Report Can we build in additional privacy protection into the architecture of big data analytics and should the government and the private sector be investing more in research toward that end? -- John Podesta, Remarks at White House/MIT Big Data Privacy Workshop, March 3, 2014 (c) Jason R. Baron 2015
53 What is the IGI? The IGI is a cross-disciplinary think tank and consortium dedicated to advancing the adoption of Information Governance practices and technologies through research, publishing, advocacy, and peer-to-peer networking. It provides industry thought leadership and benchmarking designed to foster consensus and conversation It is a connector among the stakeholders of information governance It is a promoter of industry best practices and standards
54 Why is the IGI Needed? We believe that IGI is needed because there is an acute lack of clarity in the marketplace regarding the contours and implications of IG. Technical capabilities have advanced more quickly than awareness of those capabilities amongst practitioners and purchasers. The IG workforce is nascent and management responsibility for IG is unclear or unassigned at most organizations.
55 What is Our Mission? The mission of the IGI is to sound the clarion call that current information management practices are unsustainable. Unless corporations and government agencies take serious action, information overload and mismanagement will become a serious threat to the economy, delivery of government services, and to the justice system itself. We need to work with stakeholders across the IG spectrum to architect a better path forward.
56
57
58
59 How to become a member..
60 Rosetta Stone Approach: The Need To Master 3 Languages: Legal, RM, IT 60
61 The future is here. It is just not evenly distributed. --William Gibson 61
62 Jason R. Baron, Esq. Drinker Biddle & Reath LLP 1500 K Street N.W. Washington, D.C (202) jason.baron@dbr.com (c) Jason R. Baron 2015
Allison Stanton Director of E-Discovery U.S. Department of Justice, Civil Division
Allison Stanton Director of E-Discovery U.S. Department of Justice, Civil Division Jason R. Baron Director of Litigation National Archives and Records Administration 1 Overview Cloud Computing Defined
More informationWhat Does Information Governance Mean To An E-Discovery Lawyer?
What Does Information Governance Mean To An E-Discovery Lawyer? ARMA Northern New Jersey Chapter Meeting Florham Park, N.J. April 23, 2014 Jason R. Baron, Esq. Information Governance and ediscovery Group
More informationE-mail Archiving: What to Keep, What to Purge, and How To Tell
E-mail Archiving: What to Keep, What to Purge, and How To Tell Digital Government Institute E-Discovery, Records & Information Mgmt. Conference Washington, D.C. March 4, 2010 Jason R. Baron Director of
More informationSMARTER. Jason R. Baron. Revolutionizing how the world handles information
COVER STORY ] THINKING SMARTER Jason R. Baron Revolutionizing how the world handles information It is common knowledge that we are living in what has been termed The Information Age. With the advent of
More informationJason R. Baron Director of Litigation Office of General Counsel National Archives and Records Administration
NARA RACO 2010 Ronald Reagan Bldg., Washington, D.C. May 12, 2010 Jason R. Baron Director of Litigation Office of General Counsel National Archives and Records Administration Email is still the 800 lb.
More informationCloud Computing: Implications and Guidelines for Records Management in Kentucky State Government
Cloud Computing: Implications and Guidelines for Records Management in Kentucky State Government (Version 1.0 August 2012) Many information technology (IT) departments and resource allocators are considering
More informationI. U.S. Government Privacy Laws
I. U.S. Government Privacy Laws A. Privacy Definitions and Principles a. Privacy Definitions i. Privacy and personally identifiable information (PII) b. Privacy Basics Definition of PII 1. Office of Management
More informationINFORMATION MANAGEMENT
United States Government Accountability Office Report to the Committee on Homeland Security and Governmental Affairs, U.S. Senate May 2015 INFORMATION MANAGEMENT Additional Actions Are Needed to Meet Requirements
More informationInteragency Science Working Group. National Archives and Records Administration
Interagency Science Working Group 1 National Archives and Records Administration Establishing Trustworthy Digital Repositories: A Discussion Guide Based on the ISO Open Archival Information System (OAIS)
More informationMANAGING GOVERNMENT RECORDS DIRECTIVE
MANAGING GOVERNMENT RECORDS DIRECTIVE AUTOMATED ELECTRONIC RECORDS MANAGEMENT REPORT/PLAN National Archives and Records Administration Office of the Chief Records Officer for the U.S. Government September
More informationCutting Edge Issues in Information Governance: A Lawyer s Perspective
Cutting Edge Issues in Information Governance: A Lawyer s Perspective ARMA NOVA Chapter Meeting West Vienna, VA September 21, 2011 Jason R. Baron Director of Litigation Office of General Counsel National
More informationAndroid Developer Applications
Android Developer Applications January 31, 2013 Contact Departmental Privacy Office U.S. Department of the Interior 1849 C Street NW Mail Stop MIB-7456 Washington, DC 20240 202-208-1605 DOI_Privacy@ios.doi.gov
More informationAllison Stanton, Director of E-Discovery U.S. Department of Justice, Civil Division. U.S. Department of Agriculture
Allison Stanton, Director of E-Discovery U.S. Department of Justice, Civil Division Benjamin Young, Assistant General Counsel U.S. Department of Agriculture 1 Disclaimer The views expressed in this presentation
More informationDepartment of the Interior Privacy Impact Assessment
Department of the Interior August 15, 2014 Name of Project: email Enterprise Records and Document Management System (eerdms) Bureau: Office of the Secretary Project s Unique ID: Not Applicable A. CONTACT
More informationDepartment of Defense INSTRUCTION
Department of Defense INSTRUCTION NUMBER 5015.02 February 24, 2015 DoD CIO SUBJECT: DoD Records Management Program References: See Enclosure 1 1. PURPOSE. This instruction reissues DoD Directive (DoDD)
More informationRecords Management Implications of Implementing Social Media Tools: Thoughts From the Archivists Legal Counsel
Records Management Implications of Implementing Social Media Tools: Thoughts From the Archivists Legal Counsel RACO 2009 Ronald Reagan Building, Washington, D.C. March 5, 2009 Jason R. Baron Director of
More informationHow To Manage Records At The Exceeda Agency
Table of Contents Table of Contents... i I. Introduction and Background... 1 A. Challenges... 1 B. Vision and Goals... 1 II. Approach and Response... 2 A. Set up a Governance Structure... 2 B. Established
More informationSeptember 15, 2014 MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES AND INDEPENDENT AGENCIES
, 0.. EXECUTIVE OFFICE OF THE PRESIDENT \ OFFICE OF MANAGEMENT AND BUDGET :t WASHINGTON, D.C. 20503 IIIIIII NATIONAL ARCHIVES AND RECORDS ADM INISTRATION WASHINGTON, D.C. 20408 September 15, 2014 '.~ ~...,,.
More informationBPA Policy 236-1 Information Governance & Lifecycle Management
B O N N E V I L L E P O W E R A D M I N I S T R A T I O N BPA Policy 236-1 Table of Contents 236-1.1 Purpose & Background... 2 236-1.2 Policy Owner... 2 236-1.3 Applicability... 2 236-1.4 Terms & Definitions...
More informationPrivacy Recommendations for the Use of Cloud Computing by Federal Departments and Agencies. Privacy Committee Web 2.0/Cloud Computing Subcommittee
Privacy Recommendations for the Use of Cloud Computing by Federal Departments and Agencies Privacy Committee Web 2.0/Cloud Computing Subcommittee August 2010 Introduction Good privacy practices are a key
More informationHow To Write A Request For Information (Rfi)
Request for Information No. 15-200-ACCO Litigation Hold & ediscovery Tool Posting Date: November 14, 2014 Event Timeline: This Request for Information (RFI) is issued by Washington State Department of
More informationMarket Research in the Field v.1
PRIVACY IMPACT ASSESSMENT DECEMBER 10, 2014 Market Research in the Field v.1 Does the CFPB use the information to benefit or make a determination about an individual? No. What is the purpose? Conduct research
More informationAugust 24, 2012 MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES AND INDEPENDENT AGENCIES
EXECUTIVE OFFICE OF THE PRESIDENT OFFICE OF MANAGEMENT AND BUDGET WASHINGTON, D.C. 20503 NATIONAL ARCHIVES AND RECORDS ADMINISTRATION WASHINGTON, D.C. 20408 August 24, 2012 M-12-18 MEMORANDUM FOR THE HEADS
More informationBig Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
More informationGRS 6.1 Email Managed Under a Capstone Approach
GRS 6.1 Email Managed Under a Capstone Approach This file contains three documents. The Draft Schedule is the proposed text of the new GRS in publication format. The FAQ supplements the new GRS, and will
More informationPROCEDURES FOR ELECTRONIC MANAGEMENT OF RULEMAKING AND OTHER DOCKETED RECORDS IN THE FEDERAL DOCKET MANAGEMENT SYSTEM
Issued by the EPA Chief Information Officer, Pursuant to Delegation 1-19, dated 07/07/2005 PROCEDURES FOR ELECTRONIC MANAGEMENT OF RULEMAKING AND OTHER DOCKETED RECORDS IN THE FEDERAL DOCKET MANAGEMENT
More informationNARA s Capstone Email Management Implementation: Technical Perspective
NARA s Capstone Email Management Implementation: Technical Perspective Susan J. Sullivan, CRM Director Corporate Records Management February, 2014 NARA Corporate Records Management Overview How procured
More informationGuide to Information Governance: A Holistic Approach
E-PAPER DECEMBER 2014 Guide to Information Governance: A Holistic Approach A comprehensive strategy allows agencies to create more reliable processes for ediscovery, increase stakeholder collaboration,
More informationERA Challenges. Draft Discussion Document for ACERA: 10/7/30
ERA Challenges Draft Discussion Document for ACERA: 10/7/30 ACERA asked for information about how NARA defines ERA completion. We have a list of functions that we would like for ERA to perform that we
More informationEPA Classification No.: CIO 2155-P-3.0 CIO Approval Date: 04/04/2014 CIO Transmittal No.: 13-011 Review Date: 04/04/2017
EPA Classification No.: CIO 2155-P-3.0 CIO Approval Date: 04/04/2014 CIO Transmittal No.: 13-011 Review Date: 04/04/2017 Collection and Retention Procedures for Electronically Stored Information (ESI)
More informationIntroduction to The Privacy Act
Introduction to The Privacy Act Defense Privacy and Civil Liberties Office dpclo.defense.gov 1 Introduction The Privacy Act (5 U.S.C. 552a, as amended) can generally be characterized as an omnibus Code
More informationCLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS. Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE. October 2, 2013
CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE October 2, 2013 By: Diane M. Gorrow Soule, Leslie, Kidder, Sayward & Loughman, P.L.L.C. 220 Main Street
More informationU.S. DEPARTMENT OF COMMERCE UNITED STATES PATENT AND TRADEMARK OFFICE. Privacy Impact Assessment
U.S. DEPARTMENT OF COMMERCE UNITED STATES PATENT AND TRADEMARK OFFICE Privacy Impact Assessment Enterprise Data Warehouse (EDW) PTOC-003-00 August 5, 2015 Privacy Impact Assessment This Privacy Impact
More informationFederal Trade Commission Privacy Impact Assessment. Conference Room Scheduling PIA
Federal Trade Commission Privacy Impact Assessment Conference Room Scheduling PIA July 2014 1. System Overview The Federal Trade Commission (FTC) uses conference spaces in various FTC facilities and FTC-leased
More informationGeneral Records Management Training
General Records Management Training 1 Objectives Upon completion of this training, you will understand how to: Determine Federal records from non-records Manage Federal records throughout their lifecycle
More informationAHIMA: Leading Information Governance for Healthcare
AHIMA: Leading Information Governance for Healthcare 2014 AHIMA Panelists Moderator: Margarita L. Valdez, Director, Congressional Relations, AHIMA Angela Kennedy, EdD, MBA, RHIA, President AHIMA Meryl
More informationFederal Trade Commission Privacy Impact Assessment. for the: Secure File Transfer System
Federal Trade Commission Privacy Impact Assessment for the: Secure File Transfer System June 2011 1 System Overview The Federal Trade Commission (FTC, Commission or the agency) is an independent federal
More informationOFFICE OF THE INSPECTOR GENERAL SOCIAL SECURITY ADMINISTRATION
OFFICE OF THE INSPECTOR GENERAL SOCIAL SECURITY ADMINISTRATION CONTRACTOR SECURITY OF THE SOCIAL SECURITY ADMINISTRATION S HOMELAND SECURITY PRESIDENTIAL DIRECTIVE 12 CREDENTIALS June 2012 A-14-11-11106
More informationFederal Trade Commission Privacy Impact Assessment. for the: Analytics Consulting LLC Claims Management System and Online Claim Submission Website
Federal Trade Commission Privacy Impact Assessment for the: Analytics Consulting LLC Claims Management System and Online Claim Submission Website January 2015 Page 1 of 14 1 System Overview The Federal
More informationConsiderations for Outsourcing Records Storage to the Cloud
Considerations for Outsourcing Records Storage to the Cloud 2 Table of Contents PART I: Identifying the Challenges 1.0 Are we even allowed to move the records? 2.0 Maintaining Legal Control 3.0 From Storage
More informationNOTES SOCIAL MEDIA: ITS CHALLENGES AND OPPORTUNITIES. Cohasset Associates, Inc. 2014 Managing Electronic Records Conference 27.1
SOCIAL MEDIA: ITS CHALLENGES AND OPPORTUNITIES Jonathan M. Redgrave, Redgrave LLP Rakesh Madhava, Nextpoint May 21, 2014 SOCIAL MEDIA: UBIQUITOUS & OMNIPRESENT SOCIAL MEDIA: INTERNAL 3 2014 Managing Electronic
More informationRecommendations for the PIA. Process for Enterprise Services Bus. Development
Recommendations for the PIA Process for Enterprise Services Bus Development A Report by the Data Privacy and Integrity Advisory Committee This report reflects the consensus recommendations provided by
More informationHIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT
HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.
More informationIn order to adjudicate an appeal, OPM requires claimants or their authorized representatives to submit the following information:
SYSTEM NAME: Health Claims Disputes External Review Services. SYSTEM LOCATION: Office of Personnel Management, 1900 E Street NW., Washington, DC 20415. CATEGORIES OF INDIVIDUALS COVERED BY THE SYSTEM:
More informationPBGC-19: Office of General Counsel Case Management System
PBGC-19: Office of General Counsel Case Management System Excerpted from Federal Register: Sept. 9, 2014 (Volume 79, Number 174) General Routine Uses System Name: Office of General Counsel Case Management
More informationGaming System Monitoring and Analysis Effort
for the Gaming System Monitoring and Analysis Effort DHS/S&T/PIA-025 October 11, 2012 Contact Point Douglas Maughan DHS S&T Cyber Security Division 202-254-6145 Reviewing Official Jonathan R. Cantor Acting
More informationFHFA. Privacy Impact Assessment Template FM: SYSTEMS (SYSTEM NAME)
FHFA Privacy Impact Assessment Template FM: SYSTEMS (SYSTEM NAME) This template is used when the Chief Privacy Officer determines that the system contains Personally Identifiable Information and a more
More informationOffice of IT Planning, Architecture, and E-Government Office of the Chief Information Officer
Your Records Management Responsibilities Office of IT Planning, Architecture, and E-Government Office of the Chief Information Officer July 2010 Table of Contents INTRODUCTION RECORDS MANAGEMENT IN THE
More informationWHITE PAPER. Deficiencies in Traditional Information Management
WHITE PAPER Deficiencies in Traditional Information Management Table of Contents 3 Abstract 3 Information Management Defined 7 Problems with Traditional Approaches 8 Conclusion Table of Figures 5 Figure
More informationCloud Service Contracts: An Issue of Trust
Cloud Service Contracts: An Issue of Trust Marie Demoulin Assistant Professor Université de Montréal École de Bibliothéconomie et des Sciences de l Information (EBSI) itrust 2d International Symposium,
More informationCapstone for Records Management
Capstone for Records Management Patrick Bland, Esq. ediscovery & Information Governance Specialist DLT Solutions Capstone for Records Management 1 DLT Solutions Company Background Provider of best of breed
More informationDepartment of State SharePoint Server PIA
1. Contact Information A/GIS/IPS Director Department of State SharePoint Server PIA Bureau of Administration Global Information Services Office of Information Programs and Services 2. System Information
More informationGeneral Support System
PRIVACY IMPACT ASSESSMENT JUNE 30, 2015 General Support System Does the CFPB use the information to benefit or make a determination about an individual? No. What is the purpose? Store and Transmit all
More informationHow to Manage Your SharePoint Cloud Based Business
Enhancing SharePoint's Records Capabilities Real Life Cases for 3rd Party Solutions December 9, 2013 Agenda About the Speaker and his Company What is Driving Information Management Why SharePoint? Why
More informationArticle 29 Working Party Issues Opinion on Cloud Computing
Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,
More informationUNITED STATES DEPARTMENT OF THE INTERIOR BUREAU OF LAND MANAGEMENT MANUAL TRANSMITTAL SHEET. 1283 Data Administration and Management (Public)
Form 1221-2 (June 1969) Subject UNITED STATES DEPARTMENT OF THE INTERIOR BUREAU OF LAND MANAGEMENT MANUAL TRANSMITTAL SHEET 1283 Data Administration and Management (Public) Release 1-1742 Date 7/10/2012
More informationRECORDS MANAGEMENT POLICY
RECORDS MANAGEMENT POLICY POLICY STATEMENT The records of Legal Aid NSW are a major component of its corporate memory and risk management strategies. They are a vital asset that support ongoing operations
More informationTSA Advanced Imaging Technology
for TSA Advanced Imaging Technology DHS/TSA/PIA-032(d) December 18, 2015 Contact Point Jill Vaughan Assistant Administrator Office of Security Capabilities OSCCommunications@dhs.gov Reviewing Official
More informationCertified Information Professional 2016 Update Outline
Certified Information Professional 2016 Update Outline Introduction The 2016 revision to the Certified Information Professional certification helps IT and information professionals demonstrate their ability
More informationGENERAL RECORDS SCHEDULE 3.1: General Technology Management Records
GENERAL RECORDS SCHEDULE 3.1: General Technology Management Records This schedule covers records created and maintained by Federal agencies related to the general management of technology. It includes
More informationThe Cloud Seen from the U.S.A.
The Cloud Seen from the U.S.A. Stephen R. Bell, Counselor to the U.S. Coordinator, International Communications and Information Policy, U.S. Department of State OUTLINE Commercial drivers of Cloud services
More informationManaging Email Records Strategies That Work
Autonomy an HP Company Managing Email Records Strategies That Work Bill Manago, CRM VP, Information Governance Solutions Copyright 2012 Autonomy Inc., an HP Company. All rights reserved. Other trademarks
More informationREMEDY Enterprise Services Management System
for the Enterprise Services Management System April 28, 2016 Contact Point Marshall Nolan Border Enforcement and Management Systems Division Office of Information Technology U.S. Customs & Border Protection
More informationTransmittal Memo. SUBJECT: AGENCY POLICY 801 Capstone Email Records Management Policy
AGENCY NAME Transmittal Memo DATE: agencyname801_2-11-14_draft.docx TO: All Staff SUBJECT: AGENCY POLICY 801 Capstone Email Records Management Policy Purpose: This policy implements the Capstone approach
More informationDepartment of Homeland Security Management Directives System MD Number: 4500.1 Issue Date: 03/01/2003 DHS E-MAIL USAGE
Department of Homeland Security Management Directives System MD Number: 4500.1 Issue Date: 03/01/2003 DHS E-MAIL USAGE I. Purpose This directive establishes Department of Homeland Security (DHS) policy
More informationNETWORK AND AIS AUDIT, LOGGING, AND MONITORING POLICY OCIO-6011-09 TABLE OF CONTENTS
OFFICE OF THE CHIEF INFORMATION OFFICER NETWORK AND AIS AUDIT, LOGGING, AND MONITORING POLICY OCIO-6011-09 Date of Issuance: May 22, 2009 Effective Date: May 22, 2009 Review Date: TABLE OF CONTENTS Section
More informationHIPAA Privacy & Security White Paper
HIPAA Privacy & Security White Paper Sabrina Patel, JD +1.718.683.6577 sabrina@captureproof.com Compliance TABLE OF CONTENTS Overview 2 Security Frameworks & Standards 3 Key Security & Privacy Elements
More informationRecords Management Policy. EPA Classification No.: CIO 2155.3 CIO Approval Date: 02/10/2015. CIO Transmittal No.: 15-005 Review Date: 02/10/2018
INFORMATION POLICY Records Management Policy Issued by the EPA Chief Information Officer, Pursuant to Delegation 1-19, dated 07/07/2005 Records Management Policy 1. PURPOSE To advance a focus on overall
More informationCHAPTER 9 RECORDS MANAGEMENT (Revised April 18, 2006)
CHAPTER 9 RECORDS MANAGEMENT (Revised April 18, 2006) WHAT IS THE PURPOSE OF RECORDS MANAGEMENT? 1. To implement a cost-effective Department-wide program that provides for adequate and proper documentation
More informationPrivacy Impact Assessment
Technology, Planning, Architecture, & E-Government Version: 1.1 Date: April 14, 2011 Prepared for: USDA OCIO TPA&E Privacy Impact Assessment for the April 14, 2011 Contact Point Charles McClam Deputy Chief
More informationELECTRONIC SIGNATURES AND MANAGEMENT OF ELECTRONICALLY SIGNED RECORDS
Commandant United States Coast Guard 2100 Second Street, S.W. STOP 7101 Washington, DC 20593-7101 Staff Symbol: CG-6 Phone: (202) 475-3518 Fax: (202) 475-3929 COMDTINST 5200.5 FEB 3 2011 COMMANDANT INSTRUCTION
More informationSecure Cloud Computing Concepts Supporting Big Data in Healthcare. Ryan D. Pehrson Director, Solutions & Architecture Integrated Data Storage, LLC
Secure Cloud Computing Concepts Supporting Big Data in Healthcare Ryan D. Pehrson Director, Solutions & Architecture Integrated Data Storage, LLC Learning Objectives After this session, the learner should
More informationVirginia Systems Repository (VSR): Data Repositories DHS/FEMA/PIA 038(a)
for the (VSR): DHS/FEMA/PIA 038(a) May 12, 2014 Contact Point Tammy Rinard Recovery Directorate (540) 686-3754 Reviewing Official Karen L. Neuman Chief Privacy Officer Department of Homeland Security (202)
More informationSeeing Though the Clouds
Seeing Though the Clouds A PM Primer on Cloud Computing and Security NIH Project Management Community Meeting Mark L Silverman Are You Smarter Than a 5 Year Old? 1 Cloud First Policy Cloud First When evaluating
More informationCloud Computing Best Practices. Creating Effective Cloud Computing Contracts for the Federal Government: Best Practices for Acquiring IT as a Service
Cloud Computing Best Practices Cloud Computing Best Practices Creating Effective Cloud Computing Contracts for the Federal Government: Best Practices for Acquiring IT as a Service Overview Cloud Computing
More informationFederal Trade Commission Privacy Impact Assessment
Federal Trade Commission Privacy Impact Assessment for the: W120023 ONLINE FAX SERVICE December 2012 1 System Overview The Federal Trade Commission (FTC, Commission or the agency) is an independent federal
More informationAUDIT REPORT. The Energy Information Administration s Information Technology Program
U.S. Department of Energy Office of Inspector General Office of Audits and Inspections AUDIT REPORT The Energy Information Administration s Information Technology Program DOE-OIG-16-04 November 2015 Department
More informationHIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER
HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER With technology everywhere we look, the technical safeguards required by HIPAA are extremely important in ensuring that our information
More informationFederal Trade Commission Privacy Impact Assessment
Federal Trade Commission Privacy Impact Assessment for the: StenTrack Database System September, 2011 1 System Overview The Federal Trade Commission (FTC) protects America s consumers. As part of its work
More informationPrivacy Impact Assessment
MAY 24, 2012 Privacy Impact Assessment matters management system Contact Point: Claire Stapleton Chief Privacy Officer 1700 G Street, NW Washington, DC 20552 202-435-7220 claire.stapleton@cfpb.gov DOCUMENT
More informationUnited States Department of the Interior
United States Department of the Interior NATIONAL PARK SERVICE 1849 C Street, N.W. Washington, D.C. 20240 DIRECTOR'S ORDER #lld: RECORDS AND ELECTRONIC INFORMATION MANAGEMENT Effective Date: \ Duration:
More informationE-Discovery. Counsel for Procurement and Employment Law Office of General Counsel National Archives and Records Administration
E-Discovery Stephani L. Abramson Counsel for Procurement and Employment Law Office of General Counsel National Archives and Records Administration Jeremy D. Wright Kator, Parks, Weiser & Harris, P.L.L.C.
More informationHow To Manage Cloud Data Safely
Information Governance In The Cloud Galina Datskovsky, Ph. D., CRM President of ARMA International SVP Information Governance Solutions Topics Cloud Characteristics And Risks Information Management In
More informationOffice of the Chief Information Officer
Office of the Chief Information Officer Online File Storage BACKGROUND Online file storage services offer powerful and convenient methods to share files among collaborators, various computers, and mobile
More informationFederal Trade Commission Privacy Impact Assessment. for the: Gilardi & Co., LLC Claims Management System and Online Claim Submission Website
Federal Trade Commission Privacy Impact Assessment for the: Gilardi & Co., LLC Claims Management System and Online Claim Submission Website January 2015 Page 1 of 14 1 System Overview The Federal Trade
More informationState of Florida ELECTRONIC RECORDKEEPING STRATEGIC PLAN. January 2010 December 2012 DECEMBER 31, 2009
State of Florida ELECTRONIC RECORDKEEPING STRATEGIC PLAN January 2010 December 2012 DECEMBER 31, 2009 Florida Department of State State Library and Archives of Florida 850.245.6750 http://dlis.dos.state.fl.us/recordsmanagers
More informationUNITED STATES OF AMERICA FEDERAL TRADE COMMISSION WASHINGTON, D.C. 20580
UNITED STATES OF AMERICA FEDERAL TRADE COMMISSION WASHINGTON, D.C. 20580 Office of Inspector General October 14, 2014 MEMORANDUM TO: FROM: SUBJECT: Edith Ramirez Chairwoman, Federal Trade Commission Kelly
More informationCloud Computing and Records Management
GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version
More informationElectronic Documents: is any electronic media content that is intended to be used in either an electronic form or as printed output.
Information Governance (IG) encompasses sets of multi disciplinary structures, policies, procedures, processes and controls implemented to manage records and information at an enterprise level, supporting
More informationCloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
More informationIdentity and Access Management Initiatives in the United States Government
Identity and Access Management Initiatives in the United States Government Executive Office of the President November 2008 Importance of Identity Management within the Federal Government "Trusted Identity"
More informationEPA Classification No.: CIO-2150.3-P-09.1 CIO Approval Date: 08/06/2012 CIO Transmittal No.: 12-003 Review Date: 08/06/2015
Issued by the EPA Chief Information Officer, Pursuant to Delegation 1-19, dated 07/07/2005 INFORMATION SECURITY INTERIM MAINTENANCE PROCEDURES V1.8 JULY 18, 2012 1. PURPOSE The purpose of this procedure
More informationHow To Manage Email Records
Case Study Taming The Email Gorilla In The Room - From Concept To Reality Susan Sullivan, NARA Jason Baron, NARA Kon Leong, ZL Technologies MER 2013 Conference, Chicago NARA National Archives & Records
More informationRealizing the ROI of Information Governance. Gregory P. Kosinski Director, Product Marketing EMC
Realizing the ROI of Information Governance Gregory P. Kosinski Director, Product Marketing EMC Copyright 2009 2010 EMC Corporation. All rights reserved. 1 2 Just How Important IS this? Technologies That
More informationCloud Computing Questions to Ask
Cloud Computing Questions to Ask Pursuant to the Federal Cloud Computing Strategy 1 and the Cloud First policy, agencies are required to evaluate safe, secure cloud computing options before making any
More informationDepartment of Defense INSTRUCTION
Department of Defense INSTRUCTION NUMBER 7750.07 October 10, 2014 DoD CIO SUBJECT: DoD Forms Management Program References: See Enclosure 1 1. PURPOSE. This instruction: a. Reissues DoD Instruction (DoDI)
More informationRecord Retention and Digital Asset Management Tim Shinkle Perpetual Logic, LLC
Record Retention and Digital Asset Management Tim Shinkle Perpetual Logic, LLC 1 Agenda Definitions Electronic Records Management EDMS and ERM ECM Objectives Benefits Legal and Regulatory Requirements
More informationTHIS WEBCAST WILL BEGIN SHORTLY
If you have any technical problems with the Webcast or the streaming audio, please contact us via email at: webcast@acc.com Thank You! THIS WEBCAST WILL BEGIN SHORTLY Cloud-Based vs. On-Premise ediscovery
More informationUnited States Trustee Program
United States Trustee Program Privacy Impact Assessment for the Credit Counseling/Debtor Education System (CC/DE System) Issued by: Larry Wahlquist, Privacy Point of Contact Reviewed by: Approved by: Vance
More informationDHS SharePoint and Collaboration Sites
for the March 22, 2011 Robert Morningstar Information Systems Security Manager DHS Office of the Chief Information Officer/Enterprise Service Delivery Office (202) 447-0467 Reviewing Official Mary Ellen
More information