8/10/2019 EDRM

1/6

EDRM - Records Management

The business policy regarding retention and control of data,

documents, images, graphics, confidential information, etc.

The document at minim explains who can access information

both outside and inside the company and how it will besecured to ensure only defined authorized user can access.

Federal Regulations such as:Sarbanes-Oxley Act (SOX), HIPPA Regulations

State laws may also need to be considered:Conneticut

General Statues 31-48d - requires employee notification

before email monitoring.

General Statues 42-471 - Requires any person who collectsSocial Security numbers in the course of business to create a

privacy protection policy.

The Connecticut Insurance Department Bulletin IC-25 -

Requires all entities doing business in the state report anyinformation security incident within five days of discovery.

All entities doing business in Connecticut that are licensed or registered with TheConnecticut Insurance Department are required to notify The Connecticut Insurance

Department of any information security incident within five days of discovery.

such as

EXAMPLES:

A ecommerce business will need to have a documented policy that defines howconfidential information is secured and obtain 3rd party certification to win consumer

trust or run the risk of failure, .

Questions that the documentation should answer are:

Who needs access to confidential information?

How do they pass information to the warehouse so they can pick and package thecustomers item without including confidential information?

How is the information secured from outside the company?

How long is the data stored?How do they ensure the data is safe when it is no longer going to be stored?

Does the business have any specific regulations they must follow? If so the policy needs

to explain how it meets those requirements.

Nest the business needs to educate employees regarding the policy and implement

verification process to ensure the documented plan is being followed.

8/10/2019 EDRM

2/6

What steps are taken to ensure accounting has enough information to charge the client'scredit card but p

Document retention policies are fundamental business tools

that appropriately address the creation, retention and disposition

of corporate actions. The United States Supreme Court recently

noted: "Document retention policies, which are created in part to

keep certain information from getting into the hands of others,

including the Government, are common in business . . .

It is, of course, not wrongful for a manager to instruct his

employees to comply with a valid document retention policy

under ordinary circumstances.

" Arthur Andersen v. U.S., 125 S.Ct. 2129, 2135 (U.S. May 31, 2005).

The failure to properly maintain and monitor a corporate

electronic records retentionpolicy can create substantial risk

for both the corporation and its employees, particularly in light of

the Sarbanes-Oxley Act and expanded interest in corporate conduct.

In today's corporate world, more than 90% of communications and

business activities take place in an electronic environment.

Current trends in pre-trial discovery also have focused on

electronic communications, substantially increasing costs and risks.

However, many corporate electronic records retentionprograms do

not adequately address the creation, management and disposition of

electronic records. Therefore, it is increasingly important for

8/10/2019 EDRM

3/6

companies to evaluate and consider how their records management

programs impact electronic records.

Source: EDRM.

IDENTIFICATION:

Learn the location of all data which your client

may have a duty to preserver and potentially disclose

in a pending or prospective legal proceeding.

Required for Rule 26(f) Conference

Legal Hold - which over rules Record Management

policy of the organization

held within 30 day's after being served or joined

Initial disclosers - 14 days after the Rule 26(f) conference

Identification refers to the process of learning the location of all data which you or your

client may have a duty to preserve and potentially disclose in a pending or prospectivelegal proceeding

The duty to preserve and disclose data may be triggered by a judicial order, a discovery

request, or mere knowledge of a pending or future legal proceeding likely to require the

data. The scope of data to be preserved or disclosed is determined by the subject matterof the dispute and the law and procedural rules that a court or other authority will

ultimately apply to resolve it

In general, data is potentially discoverable if it is relevant to the disputed transaction or

may lead to relevant data. Failure to preserve or disclose discoverable data may result in

serious penalties. To minimize this risk, diligent steps must be taken to identify allpotentially e-discovery datain your possession or control.

Ensuring that all critical legal and business records are retained;

Allowing the company to meet legal requirements;

Preserving the records in authentic format in the event of litigation;

Avoiding liability (for example, through spoliation improperly destroying or

altering evidence or failing to preserve it);

8/10/2019 EDRM

4/6

Reducing or limiting costs during discovery;

Keeping internal documents confidential.

A document-retention policy will necessarily be unique to an organization. Creating such

a policy can be painstaking and time-consuming and requires, at a minimum, input from

the business, legal and technical input, along with guidance from records-retentionspecialists. An effective policy using ediscovery datawill describe the scope of thepolicy are individual departments affected differently, or does the policy apply to the

organization as a whole? responsible individuals, exceptions to the policy, retention

periods, retention methodologies (e.g., storage, format and location), how to handle

confidential materials and communications and privacy considerations for employees.

Source: EDRM.

PRESERVATION

Litigation hold process (accurately describedas herding of cats). A delicate process that ensures

evidences is preserved, protect against spoliation

and sanctions related to destruction of evidence,while at the same time allowing day-to-day normal

business to continue.

COLLECTION

The acquisition of electronic information (data)

marked as potentially relevant in the identification

phase.This data will need to be reviewed before productionto the opposing parties.

PROCESSING

The process of making all the data collected uniform

to allow for easy and efficient review.

REVIEW

At its most basic level the document review is usedto sort out responsive documents to produce and

privileged documents to withhold.

Typically the time legal strategies emerge and beginto develop based on the type of information that is

found within the collection of documents.

8/10/2019 EDRM

5/6

ANALYSIS

The process of evaluating a collection of electronic

discovery materials to determine relevant summary

information, such as key topics of the case, important

people, specific vocabulary and jargon, and importantdocuments.

PRODUCTION

The act of meeting the agreed upon format for the

sharing of reviewed documents with the opposing sideand entering documents evidence with the court.

EXAMPLE of Formats:

Native - producing documents in the format in which they

were created and maintained.

Near Native- Most email cannot be viewed without someconversion. Large databases are also commonly produced

in near native format.

Image- Single or multi-page Tiff (Group IV) or PDF. The

most commonly used format.

Paper - Printed on paper.Production Options:

Searchable Text, Meta data provided

PRESENTATION

The last phase of the e-discovery process is the presentation phase.The act of presenting information that has been uncovered -

whether it's to a jury, opposing counsel in settlement negotiations,

an arbitrator, or judge. Having the best-looking and most easily

understood presentation could make all the difference.

Welcome to e-discovery intro

Electronic Discovery Reference Model (EDRM)

Electronic Discovery Reference Model (EDRM)

Carmody & Torrance e-discovery Team

8/10/2019 EDRM

6/6

What is e-discovery?

Electronic discovery (also called e-discovery,

ediscovery or edisco) refers to any process in which

electronic data is sought, located, secured, and

searched with the intent of using it as evidence in acivil or criminal legal case. E-discovery can be carried

out offline on a particular computer or it can be done in

a network. Court-ordered or government sanctionedhacking for the purpose of obtaining critical evidence

is also a type of e-discovery.

E-discovery is an evolving field that goes far beyond

mere technology. It gives rise to multiple legal,

constitutional, political, security and personal privacy

issues, many of which have yet to be resolved.