9/20/2013. Michael Salvarezza & Virginia MacSuibhne SCCE Conference, Washington D.C. October 2013. Need a picture of data volume

Similar documents
Managing Mobility in the BYOD Era:

Information Governance in the Cloud

"Bring Your Own Device" Brings its Own Challenges

SOUTHWEST VIRGINIA COMMUNITY COLLEGE RECORDS MANAGEMENT POLICY

Amendments to Federal Rules of Civil Procedure. electronically stored information. 6 Differences from Paper Documents

Information Archiving

Hosted ediscovery: Adoption, Use, and Results. September, 2011

Global Headquarters: 5 Speen Street Framingham, MA USA P F

3 "C" Words You Need to Know: Custody - Control - Cloud

Legal Issues in the Cloud: A Case Study. Jason Epstein

LAWYERING IN THE CLOUD CRIB NOTES 2012 Charles F. Luce, Jr. coloradolegalethics.com/ (alpha release)

Meeting E-Discovery Challenges with Confidence

Cloud Computing Questions to Ask

THIS WEBCAST WILL BEGIN SHORTLY

Every Cloud Has A Silver Lining. Protecting Privilege Data In A Hosted World

THE TOP LEGAL TECHNOLOGIES

Separation of Corporate and Personal: Best Practices for Securing Data on Employee-owned Devices

Fundamentals of Information Governance:

Business white paper. Lower risk and cost with proactive information governance

NightOwlDiscovery. EnCase Enterprise/ ediscovery Strategic Consulting Services

Use of Mobile Apps in the Workplace:

How To Manage Cloud Data Safely

BDO CONSULTING FORENSIC TECHNOLOGY SERVICES

How To Make Bring Your Own Device A Plus, Not A Risk

BYOD Policies: A Litigation Perspective

A CIO s Guide To Mobility Management

# Is ediscovery eating a hole in your companies wallet?

White Paper. Why Should You Archive Your With a Hosted Service?

CA Records Manager. Benefits. CA Advantage. Overview

Data Management: Considerations for Integrating Compliance Requirements At Home and Abroad. Toronto, Ontario June 14, 2005

Enabling and Protecting the Open Enterprise

INTERNATIONAL SOS. Data Retention, Archiving and Destruction Policy. Version 1.07

Risk Management of Outsourced Technology Services. November 28, 2000

CORPORATE RECORD RETENTION IN AN ELECTRONIC AGE (Outline)

New E-Discovery Rules: Is Your Company Prepared?

Electronic Discovery

CISM (Certified Information Security Manager) Document version:

CA Enterprise Mobility Management MSO

UNDERSTANDING E DISCOVERY A PRACTICAL GUIDE. 99 Park Avenue, 16 th Floor New York, New York

39C-1 Records Management Program 39C-3

Information Governance

REED COLLEGE. ediscovery GUIDELINES FOR PRESERVATION AND PRODUCTION OF ELECTRONIC RECORDS

Todd Heythaler Information Governance & ediscovery. Emerging Technologies Work Group

Security and Privacy Considerations for BYOD

Information Governance

FIVE TIPS TO ENSURE SALESFORCE CHATTER MEETS COMPLIANCE REQUIREMENTS

Choosing an MDM Platform

OUTLINE AND OBJECTIVES

Information Governance, Risk, Compliance

ARCHIVING FOR EXCHANGE 2013

TO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel

GUIDANCE FOR MANAGING THIRD-PARTY RISK

Director, Value Engineering

Why cloud backup? Top 10 reasons

Enhancing Cybersecurity with Big Data: Challenges & Opportunities

CHOOSING AN MDM PLATFORM

Privacy and Security Law Report

MANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS

MobileIron for ios. Our Mobile IT Platform: Purpose-Built for Next Gen Mobility. MobileIron Platform: Accelerating ios Adoption in the Enterprise

Policy Outsourcing and Cloud Based File Sharing

Key Considerations of Regulatory Compliance in the Public Cloud

Legal Project Management: A Tool for Corporate Counsel Topic #1

ENVIRONMENTAL PRESSURES DRIVING AN EVOLUTION IN FILE STORAGE

Journal of Digital Forensic Practice

how can I comprehensively control sensitive content within Microsoft SharePoint?

RE: PCAOB Rulemaking Docket Matter No. 041: Concept Release on Audit Quality Indicators

IMPLEMENTING YOUR BYOD MOBILITY STRATEGY

Data Encryption in the cloud A Handy Guide

Archiving for Compliance and Competitive Advantage

Veritas AdvisorMail. archiving, compliance, and ediscovery solution designed specifically for U.S. financial services companies

How to Avoid the Headache of User Mailbox Quotas

Putting Operators at the Centre of

TRENDS AND DEVELOPMENTS IN INFORMATION GOVERNANCE AND RECORDS MANAGEMENT. Key Concepts Defined. Key Concepts Defined 4/30/2015

BYOD Privacy and Security in Europe

What Is BYOD? Challenges and Opportunities

The Next Frontier. for Records Managers. Retention and Disposition of Structured Data:

Don t Lose the Data: Six Ways You May Be Losing Mobile Data and Don t Even Know It

IBM Endpoint Manager for Mobile Devices

CIOs: How to Become the CEO s Business Partner

Can CA Information Governance help us protect and manage our information throughout its life cycle and reduce our risk exposure?

Report on Hong Kong SME Cloud Adoption and Security Readiness Survey

Book Review THE ELECTRONIC EVIDENCE AND DISCOVERY HANDBOOK: FORMS, CHECKLISTS, AND GUIDELINES

Privacy Policy & Identity Theft Prevention Program

Office of the Chief Information Officer

A White Paper from AccessData Group. The Future of Mobile E-Discovery

Preservation and Production of Electronic Records

GAO. Standards for Internal Control in the Federal Government. Internal Control. United States General Accounting Office.

Seven Essential Strategies for Effective Archiving

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:

IG1: Information Management in the Age of the New Attorney

A White Paper from AccessData Group. The Future of Mobile E-Discovery

Cloud Computing. Cloud Computing An insight in the Governance & Security aspects

Rethinking Archiving: Exploring the path to improved IT efficiency and maximizing value of archiving solution investments

samsung mobility solutions discover business built in

CAUSE& EFFECT: Cloud Decentralization Leads to Confusion and Risk

RECORDS MANAGEMENT SERVICES. Cost-Effective, Legally Defensible Records Management

Module 1: Facilitated e-learning

Partner / E-Discovery Team Chair. Craig Roy Director of IT & E-Litigation Services

B. Preservation is not limited to simply avoiding affirmative acts of destruction because day-to-day operations routinely alter or destroy evidence.

The Benefits of Virtualization for Small and Medium Businesses. VMware SMB Survey Results

Transcription:

Michael Salvarezza & Virginia MacSuibhne SCCE Conference, Washington D.C. October 2013 3 Need a picture of data volume 4 1

5 6 Complexity of Information Governance Requirements Complexity of rapidly changing compliance landscape Complexity of corporate/legal structure Complexity of content/context Complexity of infrastructure Complexity due to sheer volume of information Small SMEs Current Generation Solutions Large SMEs Complexity of requirements grows exponentially with size of organization Fortune 2000 Fortune 550 Fortune 100 7 2

Social media and business transformation Explosive growth in volume of content creation Growing urgency to gain control of this dynamic Rapid expansion in laws and compliance regulations MiFID Title 21 CFR 11 PATRIOT ACT 8 Social Media promotes: Sharing Collaboration Open Rapid access to information Casual, informal, spontaneous communication Records Management is about: Governance Litigation Support Businesses care about: Agility Complexity Access to information Insights derived from information Speed and results 9 Policies might cover: social media, BYOD, mobile computing, cloud computing No policy can address all instances, so focus on principles and extend trust Focus on what is critical to the business to keep Recreate vs. capture 10 3

Lead with trust and then provide guidelines Encourage responsible use Frame policies to address responsibility, not productivity Grant equal access Provide training 11 The trouble with rules Copyright 2011 LRN Group Inc. All rights reserved Understand the benefits, and the risks of using social media, and include them in Record Management policy, procedures, and guidelines Understand the regulations that govern your company s use of social media FINRA, SEC, and other government agencies have regulations requiring the preservation of data on social media sites Privacy considerations Maintain any business records under your corporate records policies and procedures 13 4

Consider where the business record is created: If the record is created outside of the social media site, the copy posted to the social media site could be considered a convenience copy If transactional information created on a social media site is a business record under your policy, then have a mechanism in place to capture, store, search, and retrieve those records Ensure procedures specify that Records Managers review the social media site framework before the site is launched to assess capability for proper handling of business records Educate employees through training sessions and communications 14 Make sure the policy is enforceable. Do not rely on device specificity, make sure the policy is broad and general (devices become obsolete). Orient the policy from the business value perspective. Provide training on appropriate use of devices, proper management and security of information, segregation of personal and business data and IT information management controls. 15 Define accountabilities for control (user, IT, business unit, etc.) Address the distinction between personal and business data Ensure proper controls in the event of theft or loss of the device Provide coverage for business provided devices and personally owned devices Address funding of devices or the cost of controls, especially for personally owned devices Address different geographies Focus on both employees and contracted resources 16 5

Define the appropriate use of business records on mobile devices and address requirements for retention of records Security Awareness/Privacy Awareness/Compliance Human Resource considerations Use of devices for personal use Use of devices after hours and on personal time Use of devices while engaged in travel Inappropriate data and website access 17 Ease of deployment Application Whitelists & Blacklists App Security Screening Browser security Encryption Data wiping Business vs. Personal? Auto-provisioning? Location capabilities Inventory Reporting 18 1. Service definition 2. Key legal concerns: indemnification, warranties, production of data 3. Security 4. Privacy 5. Contract renewal provisions and termination clauses 6. Disaster recovery and business continuity 7. Service Level Agreements and penalties 19 6

Information in social media, on mobile devices and in the cloud, like any electronic information, is discoverable Increasingly a target for discovery Contains candid discussions of thoughts, activities, intentions, photos, videos Information covered by legal holds must be preserved Includes social media potentially relevant to pending or reasonably anticipated litigation In company s possession, custody, or control 20 Early cases may confuse discoverability, accessibility, and privacy, but will evolve Companies will need to preserve information in their possession, custody, and control Employers will control information on company systems Employers will have authority over company information on employee systems Privacy considerations won t protect responsive information Employee privacy will not protect corporate information Employee privacy will not protect employee information from production by employees when relevant Third parties will have to respond to subpoenas 21 Data is scattered on many sites internal and external: Information on external sites is decentralized Social media sites present new retrieval and search challenges: Each third party maintains data differently and provides different rights to access Third parties are not subject to their clients preservation requirements, which may accelerate a company s need to retrieve information to which company has access that is covered by a legal hold Technical tools to capture social media sites or content lags behind need Search expertise is required to successfully query in the dialect of social media users 22 7

Work with your IT management to understand your internal capability to preserve information on social media sites and in the cloud Work with your lawyers regarding the contract terms that govern use of and retrieval from each site Investigate new software capabilities that can aid in preserving data by capturing dynamic web pages Learn what the tools can and cannot do to make the social media information available Learn what expertise is required to search this data effectively Demonstrate that the company has been thoughtful in preparation, has procedures, and methodically executes with a consistent, repeatable process that produces measurable results 23 New tools are tackling the capture of dispersed content The National Institute of Standards and Technology sponsors research into the effectiveness of search The Text Retrieval Conference (TREC) Legal Track is a research forum measuring the effectiveness of search in a legal context since 2006 Mock litigation context; applicable to compliance and records management Mock complaint and document requests Using publically available data sets Participants submit responsive documents Results are measured for: Precision how much of what is retrieve is on target Recall how much of the relevant information was retrieved 24 Search results vary widely Define procedures to locate, preserve, retrieve, and search content Internal sites External sites: contracts may control accessibility and timing Mobile devices Cloud infrastructure 25 8

Rethink We cannot solve our problems with the same thinking we used when we created them. Albert Einstein Corporate IT: Manage corporate information and IT infrastructure Corporate RM: Manage process of creating, maintaining, training and enforcing reasonable policies Legal Counsel: Manage organizational legal challenges in defensible manner Risk Officer: Manage risk matters within organization Privacy Officer: Oversee and manage compliance with Privacy laws and regulations Compliance Officer: Oversee and manage compliance issues within organization Security Officer: Manage security matters within organizations, including data security BOD: Board of Directors with primary responsibility for overseeing program and policies Other: Depends on organization. 27 Ambiguity is actually OK Take risks go on a TRIP Challenge the status quo try something different Find the value proposition Elevate the conversation 28 9

Leadership framework Copyright 2011 LRN Group Inc. All rights reserved It s a Journey Copyright 2011 LRN Group Inc. All rights reserved 10

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information