Upload
eric-means
View
219
Download
0
Embed Size (px)
Citation preview
8/10/2019 EDRM
1/6
EDRM - Records Management
The business policy regarding retention and control of data,
documents, images, graphics, confidential information, etc.
The document at minim explains who can access information
both outside and inside the company and how it will besecured to ensure only defined authorized user can access.
Federal Regulations such as:Sarbanes-Oxley Act (SOX), HIPPA Regulations
State laws may also need to be considered:Conneticut
General Statues 31-48d - requires employee notification
before email monitoring.
General Statues 42-471 - Requires any person who collectsSocial Security numbers in the course of business to create a
privacy protection policy.
The Connecticut Insurance Department Bulletin IC-25 -
Requires all entities doing business in the state report anyinformation security incident within five days of discovery.
All entities doing business in Connecticut that are licensed or registered with TheConnecticut Insurance Department are required to notify The Connecticut Insurance
Department of any information security incident within five days of discovery.
such as
EXAMPLES:
A ecommerce business will need to have a documented policy that defines howconfidential information is secured and obtain 3rd party certification to win consumer
trust or run the risk of failure, .
Questions that the documentation should answer are:
Who needs access to confidential information?
How do they pass information to the warehouse so they can pick and package thecustomers item without including confidential information?
How is the information secured from outside the company?
How long is the data stored?How do they ensure the data is safe when it is no longer going to be stored?
Does the business have any specific regulations they must follow? If so the policy needs
to explain how it meets those requirements.
Nest the business needs to educate employees regarding the policy and implement
verification process to ensure the documented plan is being followed.
8/10/2019 EDRM
2/6
What steps are taken to ensure accounting has enough information to charge the client'scredit card but p
Document retention policies are fundamental business tools
that appropriately address the creation, retention and disposition
of corporate actions. The United States Supreme Court recently
noted: "Document retention policies, which are created in part to
keep certain information from getting into the hands of others,
including the Government, are common in business . . .
It is, of course, not wrongful for a manager to instruct his
employees to comply with a valid document retention policy
under ordinary circumstances.
" Arthur Andersen v. U.S., 125 S.Ct. 2129, 2135 (U.S. May 31, 2005).
The failure to properly maintain and monitor a corporate
electronic records retentionpolicy can create substantial risk
for both the corporation and its employees, particularly in light of
the Sarbanes-Oxley Act and expanded interest in corporate conduct.
In today's corporate world, more than 90% of communications and
business activities take place in an electronic environment.
Current trends in pre-trial discovery also have focused on
electronic communications, substantially increasing costs and risks.
However, many corporate electronic records retentionprograms do
not adequately address the creation, management and disposition of
electronic records. Therefore, it is increasingly important for
8/10/2019 EDRM
3/6
companies to evaluate and consider how their records management
programs impact electronic records.
Source: EDRM.
IDENTIFICATION:
Learn the location of all data which your client
may have a duty to preserver and potentially disclose
in a pending or prospective legal proceeding.
Required for Rule 26(f) Conference
Legal Hold - which over rules Record Management
policy of the organization
held within 30 day's after being served or joined
Initial disclosers - 14 days after the Rule 26(f) conference
Identification refers to the process of learning the location of all data which you or your
client may have a duty to preserve and potentially disclose in a pending or prospectivelegal proceeding
The duty to preserve and disclose data may be triggered by a judicial order, a discovery
request, or mere knowledge of a pending or future legal proceeding likely to require the
data. The scope of data to be preserved or disclosed is determined by the subject matterof the dispute and the law and procedural rules that a court or other authority will
ultimately apply to resolve it
In general, data is potentially discoverable if it is relevant to the disputed transaction or
may lead to relevant data. Failure to preserve or disclose discoverable data may result in
serious penalties. To minimize this risk, diligent steps must be taken to identify allpotentially e-discovery datain your possession or control.
Ensuring that all critical legal and business records are retained;
Allowing the company to meet legal requirements;
Preserving the records in authentic format in the event of litigation;
Avoiding liability (for example, through spoliation improperly destroying or
altering evidence or failing to preserve it);
8/10/2019 EDRM
4/6
Reducing or limiting costs during discovery;
Keeping internal documents confidential.
A document-retention policy will necessarily be unique to an organization. Creating such
a policy can be painstaking and time-consuming and requires, at a minimum, input from
the business, legal and technical input, along with guidance from records-retentionspecialists. An effective policy using ediscovery datawill describe the scope of thepolicy are individual departments affected differently, or does the policy apply to the
organization as a whole? responsible individuals, exceptions to the policy, retention
periods, retention methodologies (e.g., storage, format and location), how to handle
confidential materials and communications and privacy considerations for employees.
Source: EDRM.
PRESERVATION
Litigation hold process (accurately describedas herding of cats). A delicate process that ensures
evidences is preserved, protect against spoliation
and sanctions related to destruction of evidence,while at the same time allowing day-to-day normal
business to continue.
COLLECTION
The acquisition of electronic information (data)
marked as potentially relevant in the identification
phase.This data will need to be reviewed before productionto the opposing parties.
PROCESSING
The process of making all the data collected uniform
to allow for easy and efficient review.
REVIEW
At its most basic level the document review is usedto sort out responsive documents to produce and
privileged documents to withhold.
Typically the time legal strategies emerge and beginto develop based on the type of information that is
found within the collection of documents.
8/10/2019 EDRM
5/6
ANALYSIS
The process of evaluating a collection of electronic
discovery materials to determine relevant summary
information, such as key topics of the case, important
people, specific vocabulary and jargon, and importantdocuments.
PRODUCTION
The act of meeting the agreed upon format for the
sharing of reviewed documents with the opposing sideand entering documents evidence with the court.
EXAMPLE of Formats:
Native - producing documents in the format in which they
were created and maintained.
Near Native- Most email cannot be viewed without someconversion. Large databases are also commonly produced
in near native format.
Image- Single or multi-page Tiff (Group IV) or PDF. The
most commonly used format.
Paper - Printed on paper.Production Options:
Searchable Text, Meta data provided
PRESENTATION
The last phase of the e-discovery process is the presentation phase.The act of presenting information that has been uncovered -
whether it's to a jury, opposing counsel in settlement negotiations,
an arbitrator, or judge. Having the best-looking and most easily
understood presentation could make all the difference.
Welcome to e-discovery intro
Electronic Discovery Reference Model (EDRM)
Electronic Discovery Reference Model (EDRM)
Carmody & Torrance e-discovery Team
8/10/2019 EDRM
6/6
What is e-discovery?
Electronic discovery (also called e-discovery,
ediscovery or edisco) refers to any process in which
electronic data is sought, located, secured, and
searched with the intent of using it as evidence in acivil or criminal legal case. E-discovery can be carried
out offline on a particular computer or it can be done in
a network. Court-ordered or government sanctionedhacking for the purpose of obtaining critical evidence
is also a type of e-discovery.
E-discovery is an evolving field that goes far beyond
mere technology. It gives rise to multiple legal,
constitutional, political, security and personal privacy
issues, many of which have yet to be resolved.