Future Proof Your ediscovery Practices

Similar documents
Recent Developments in Cybersurveillance

DOCSVAULT WhitePaper. Concise Guide to E-discovery. Contents

E-Discovery in Practice: A Roadmap for Financial Institutions

LSSA Guidelines on the Use of Internet-Based Technologies in Legal Practice

(2) For production of public records or hospital medical records. Where the subpoena commands any custodian of public records or any custodian of hosp

DISCOVERY ABROAD HOW TO OBTAIN EVIDENCE LOCATED OUTSIDE THE UNITED STATES

NLRB: NxGen Case Management, E-Government and E-Discovery

BILL ANALYSIS. Senate Research Center H.B By: Frullo et al. (Carona) Criminal Justice 5/12/2013 Engrossed

TECHNOLOGY S INCREASING ROLE IN ANTI-FRAUD EFFORT ELECTRONIC DISCOVERY IN A CLOUD COMPUTING ENVIRONMENT

Corporate Counsel Beware: Limits Of 'No Contact Rule'

US DISCOVERY PROCEEDINGS: IMPLICATIONS FOR FRENCH BUSINESSES

BYOD At Your Own Risk Working in the BYOD Era. Shane Swilley (503)

A Brief Overview of ediscovery in California

E-Discovery and EU Data Protection laws

Preparing For and Responding to Government Investigations. Presented by Jeffrey Coopersmith

plantemoran.com What School Personnel Administrators Need to know

ESI in the Criminal Justice System: From Pre-Indictment Investigation to Trial

Case 1:05-cr GAO Document 459 Filed 09/24/14 Page 1 of 6 UNITED STATES DISTRICT COURT DISTRICT OF MASSACHUSETTS CRIMINAL NO.

Introduction to Data Privacy & ediscovery Intersection of Data Privacy & ediscovery

Legal Issues in the Cloud: A Case Study. Jason Epstein

DEPARTMENT OF JUSTICE WHITE PAPER. Sharing Cyberthreat Information Under 18 USC 2702(a)(3)

DISCOVERY OF ELECTRONICALLY-STORED INFORMATION IN STATE COURT: WHAT TO DO WHEN YOUR COURT S RULES DON T HELP

UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF TEXAS HOUSTON DIVISION

Location and Cell Phone Tracking: Technology, Law, and Defense Strategy

E-DISCOVERY & PRESERVATION OF ELECTRONIC EVIDENCE. Ana Maria Martinez April 14, 2011

An Investigator Appears: Are You Ready? Presentation Slides

UNITED STATES DISTRICT COURT WESTERN DISTRICT OF NORTH CAROLINA CHARLOTTE DIVISION

Antivirus and Malware Prevention Policy and Procedures (Template) Employee Personal Device Use Terms and Conditions (Template)

Drafting and Issuing Subpoenas: New Jersey

TODAY S AGENDA. Trends/Victimology. Incident Response. Remediation. Disclosures

Electronic Communications Privacy Protection Act. SECTION 1. {Title} This Act may be cited as the Electronic Communications Privacy Protection Act.

Large Law Firm structure

Information For Tenants. About Evictions. And the Court Process

Digital Evidence Collection and Use. CS 585 Fall 2009

INFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013

Case 2:11-cv TS-PMW Document 257 Filed 02/03/15 Page 1 of 5 IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF UTAH CENTRAL DIVISION

Assembly Bill No. 5 CHAPTER 5

Friday 31st October, 2008.

California State University, Sacramento INFORMATION SECURITY PROGRAM

WHAT MATTERS MOST TO CORPORATE COUNSEL IN E-DISCOVERY MANAGEMENT. Presenting the results from BDO s inaugural Inside E-Discovery Survey

Ethics in Technology and ediscovery Stuff You Know, But Aren t Thinking About

THE NEW WORLD OF E-DISCOVERY

Department, Board, Or Commission Author Bill Number

Electronic Communications: , Voic , Telephones, Internet and Computers

E-Discovery: New to California 1

NC General Statutes - Chapter 15A Article 17 1

Guilford Medical Associates, P.A.

CLOUD COMPUTING & THE PATRIOT ACT: A RED HERRING?

UNITED STATES DISTRICT COURT WESTERN DISTRICT OF WASHINGTON ) ) ) ) ) ) ) ) ) ) STIPULATION

HIPAA and HITECH Compliance Simplification. Sol Cates

Standard: Information Security Incident Management

Fairfax County Circuit Court Preferred Criminal Law Practices

Bring Your Own Device Security and Privacy Legal Risks

Addressing Information Protection, Privacy & Sovereignty Concerns in Cloud Applications

CCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING

UNDERSTANDING E DISCOVERY A PRACTICAL GUIDE. 99 Park Avenue, 16 th Floor New York, New York

Counsel must be fully familiar with the Uniform Civil Rules for the Supreme Court 22 NYCRR Part 202.

Privacy Recommendations for the Use of Cloud Computing by Federal Departments and Agencies. Privacy Committee Web 2.0/Cloud Computing Subcommittee

3 "C" Words You Need to Know: Custody - Control - Cloud

The need for companies to have a predetermined plan in place in the

Labor and Employment 2015 Conference

An Introduction to the Federal Public Defender=s Office and the Federal Court System

Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston

The False Claims Act: A Primer

MASSACHUSETTS IDENTITY THEFT RANKING BY STATE: Rank 23, 66.5 Complaints Per 100,000 Population, 4292 Complaints (2006) Updated January 17, 2009

Cloud Service Agreements: Avoiding the Pitfalls of the Cloud as a Commodity. Amy Mushahwar, Esq.

Case 3:12-cv HRH Document 521 Filed 10/27/14 Page 1 of 7 FOR THE DISTRICT OF ARIZONA

Security and Privacy Considerations for BYOD

Employee Relations. Howard S. Lavin and Elizabeth E. DiMichele

ANALYSIS OF ORIGINAL BILL

Electronic Discovery Rules & Social Media

Electronic Discovery and the New Amendments to the Federal Rules of Civil Procedure: A Guide For In-House Counsel and Attorneys

IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLORADO

IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF MARYLAND

CHAPTER 13 RULES FOR INVOLUNTARY COMMITMENT OR TREATMENT OF CHRONIC SUBSTANCE ABUSERS

United States Attorney s Office for the District of Oregon. Criminal Discovery Policy

Transcription:

FEBRUARY 3 5, 2015 / THE HILTON NEW YORK Future Proof Your ediscovery Practices Plenary Session February 4, 2015 Patrick Collins, Partner, Perkins Coie Bruce Hartley, Vice President, Celerity Consulting Jessica Watts, AGC and Discovery Counsel, HP George T. Tziahanas, VP Strategy, HP SaaS

Agenda Introductions Rise of the Machines Information Border Wars Criminal Investigations in a Digital World Model of Discovery in the Future

RISE OF THE MACHINES

History of Discovery Even with the advent of ediscovery ~20 years ago, a majority of relevant discoverable content has been human generated; that is likely to change. Pierson v. Post, 3 Cai. R. 175, 2 Am. Dec. 264 (N.Y. 1805)

Rise of the Machines Gartner Analytics Trends: The Internet of Things Really Matters for Communications Service Providers, December 2014

Wikipedia Launch Rise of the Machines Phases of the digital revolution Web 1.0: Destruction Web 2.0: User Creation? 1990 1992 1994 1996 1998 2000 2002 2004 2006 2008 2010 2012 2014 2016 A 100 fold multiplication in the amount of data is a 10,000 fold multiplication in the number of patterns we can see in that data Philip Evans: Boston Consulting Group Fellow, Ted Talk

Rise of the Machines

Rise of the Machines Discovery tomorrow will rely less on what people said, and more on what their machines tell us

INFORMATION BORDER WARS

Microsoft Case Summary (In re Warrant) Dec 2013 Magistrate issues a warrant under the Stored Communications Act to Microsoft to produce content and non-content information about a user. The customer emails were stored in Ireland on Microsoft servers. The non-content information about the email (metadata about the account), is stored in the US. MS objected to producing data stored in Ireland, arguing that the warrant would require an extraterritorial search and seizure of data. The Government responded the issue is whether the content is in MS s custody or control. Magistrate rejected the motion to vacate. Found that warrants issued under the SCA are hybrids part warrant and part subpoena. Therefore the extraterritorial limits on warrants are not implicated and the relevant question is whether the data is in the provider s control. Further the search does not occur until the data is reviewed by US law enforcement, which would not happen until the data is in the US. MS appealed. The District Court upheld the Magistrate s ruling. The case is now before the 2 nd Circuit: 28 technology and media companies, 23 trade associations and advocacy groups and 35 professors of computer science filed legal papers in support of MS s opposition to the warrant.

Information Border Wars The US government s unilateral use of a search warrant to reach email in another country puts both fundamental privacy rights and cordial international relations at risk. -Brad Smith, Microsoft GC It s a question of control, not a question of location of that information. U.S. District Judge Loretta Preska In this case, no such exposure takes place until the information is reviewed in the United States, and consequently no extraterritorial search has occurred. Magistrate's Decision The refusal of the U.S. Attorney to recognize that the email account at issue is located in a foreign jurisdiction and subject to foreign data protection rules is not only offensive to the sensitivities of European citizens but also reinforces the already strong sentiment of many EU citizens that their data is not 'safe' when they use IT services offered by U.S. corporations. Jan Phillip Albrecht, EU MP

Not entirely new Societe Nationale Industrielle Aerospatiale v U.S. 1987 Supreme Court held that a litigant must produce information located overseas even if it violates a blocking statute. Five factor test (1) the importance of the documents to the litigation; (2) the degree of specificity of the request; (3) whether the information originated in the United States; (4) the availability of alternative means of obtaining the information; and (5) the extent to which noncompliance with the request would undermine important interests of the United States, or undermine the interests of the state where the information is located.

What is new The Cloud, the WWW, users connected everywhere/ all of the time. Compelling production of someone else s data High sensitivities around the world to privacy concerns

Information Border Wars What is location Physical Virtual Access privileges Third-party When will you need information Prior to litigation (broader info. governance) ediscovery Law firm practices

Information Border Wars Important Considerations & Questions Companies should have a data map of what is stored in Europe on servers belonging to US cloud providers. Keep it up to date. Does this open demands from foreign countries to US companies that have presence in that country to information kept in the US Contract with cloud providers stipulate that the data must not be accessible from the US. If storing information abroad make it inaccessible in the US? Use partner company so not subject to US law? Encryption of data with customer having only encryption key

CRIMINAL INVESTIGATIONS IN THE DIGITAL AGE SEARCH FIRST ASK QUESTIONS LATER

Government Right to Corporate Data Government has broad rights to obtain corporate data in connection with criminal matters Rights subject to 4 th Amendment and ECPA Generally require facially valid legal process, which varies depending on type of data sought Government may also request Grand Jury or trial testimony from records custodians

Government Requests for Data Requests for Your Data Domestic Abroad (e.g. FCPA investigations) Requests for Third Party Data Your vendors or service partners Your customers or clients Requests to Third Parties for Your Data? Who has your data? Are they obligated to protect it?

More Data More Problems Government may search first ask questions later Recent circuit court decisions support broad, warrantless access to stored data Govt. using third-parties to conduct searches on their behalf (e.g. In re Microsoft, United States v. Warshak, 631 F.3d 266, 286 (6th Cir. 2010)) Govt. using new technologies with unclear precedent (e.g. cell signal tracking in United States v. Skinner, No. 09-6497 (6th Cir. 2012)) But SCOTUS says there are limits The 4 th amendment still matters (Riley v. California, 134 S. Ct. 2473, 189 L. Ed. 2d 430, (2014))

Responding to Government Requests Have a process in place Point person Prompt attention/triage Assess facial validity and identify issues Pick Your Battles Consider: PR, Customer Relations, Risk of Poking the Bear Example: Google NSL fight re: notice to user Negotiate to limit scope To contain costs To avoid collateral issues

MODEL OF DISCOVERY IN THE FUTURE (AKA NOW)

Model of Discovery in the Future Case Study Facts Large multinational corporation engaged in business in the US, Europe and in Asia was the subject of a significant security breach. Hackers accessed and downloaded large volumes of protected information (PII, PHI, HR, confidential, etc.). In many instances, once downloaded, the data was completely wiped from the company systems. The information was not only stolen, but large parts were published on various public websites and in the press. Eventually the corporation secured its environment, but is now subject to several types of actions.

Model of Discovery in the Future Case Study Questions Based on high likelihood of civil and potentially criminal action, what data sources should be preserved? Given the case specifics, must we consider additional, less standard data sources? System Security Settings DNS Logs Server Logs Security Logs System/Security Patch and Update Histories Malware and Virus Protection Software Update and Incident Logs Firewall Logs, etc. Given these additional data sources may be large and mostly unstructured text files, how do they impact discovery (preservation, collection, and review)?

Model of Discovery in the Future Additional Questions Where is the Network Boundary? Third-Party or Partner Networks? Propagation of Local Risks? Additional Data Sources? Potential Liability? The U.S. DOJ has issued a subpoena to a third-party service provider hosting your communications information under the SCA; do you intervene? An EU sovereign entity has sent you a letter precluding you from sharing any non-public information transmitted under Safe Harbor in any civil or criminal proceeding; how do you respond?

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information