The business policy regarding retention and control of data,
documents, images, graphics, confidential information, etc. The document at minim explains who can access information both outside and inside the company and how it will be secured to ensure only defined authorized user can access.
Federal Regulations such as: Sarbanes-Oxley Act (SOX), HIPPA Regulations
State laws may also need to be considered: Conneticut General Statues 31-48d - requires employee notification before email monitoring.
General Statues 42-471 - Requires any person who collects Social Security numbers in the course of business to create a privacy protection policy.
The Connecticut Insurance Department Bulletin IC-25 - Requires all entities doing business in the state report any information security incident within five days of discovery.
All entities doing business in Connecticut that are licensed or registered with The Connecticut Insurance Department are required to notify The Connecticut Insurance Department of any information security incident within five days of discovery.
such as EXAMPLES: A ecommerce business will need to have a documented policy that defines how confidential information is secured and obtain 3rd party certification to win consumer trust or run the risk of failure, .
Questions that the documentation should answer are: Who needs access to confidential information? How do they pass information to the warehouse so they can pick and package the customers item without including confidential information? How is the information secured from outside the company? How long is the data stored? How do they ensure the data is safe when it is no longer going to be stored? Does the business have any specific regulations they must follow? If so the policy needs to explain how it meets those requirements.
Nest the business needs to educate employees regarding the policy and implement verification process to ensure the documented plan is being followed.
What steps are taken to ensure accounting has enough information to charge the client's credit card but p
Document retention policies are fundamental business tools that appropriately address the creation, retention and disposition of corporate actions. The United States Supreme Court recently noted: "Document retention policies, which are created in part to keep certain information from getting into the hands of others, including the Government, are common in business . . . It is, of course, not wrongful for a manager to instruct his employees to comply with a valid document retention policy under ordinary circumstances. " Arthur Andersen v. U.S., 125 S.Ct. 2129, 2135 (U.S. May 31, 2005). The failure to properly maintain and monitor a corporate electronic records retention policy can create substantial risk for both the corporation and its employees, particularly in light of the Sarbanes-Oxley Act and expanded interest in corporate conduct. In today's corporate world, more than 90% of communications and business activities take place in an electronic environment. Current trends in pre-trial discovery also have focused on electronic communications, substantially increasing costs and risks. However, many corporate electronic records retention programs do not adequately address the creation, management and disposition of electronic records. Therefore, it is increasingly important for companies to evaluate and consider how their records management programs impact electronic records. Source: EDRM. IDENTIFICATION: Learn the location of all data which your client may have a duty to preserver and potentially disclose in a pending or prospective legal proceeding. Required for Rule 26(f) Conference Legal Hold - which over rules Record Management policy of the organization
held within 30 day's after being served or joined Initial disclosers - 14 days after the Rule 26(f) conference Identification refers to the process of learning the location of all data which you or your client may have a duty to preserve and potentially disclose in a pending or prospective legal proceeding The duty to preserve and disclose data may be triggered by a judicial order, a discovery request, or mere knowledge of a pending or future legal proceeding likely to require the data. The scope of data to be preserved or disclosed is determined by the subject matter of the dispute and the law and procedural rules that a court or other authority will ultimately apply to resolve it In general, data is potentially discoverable if it is relevant to the disputed transaction or may lead to relevant data. Failure to preserve or disclose discoverable data may result in serious penalties. To minimize this risk, diligent steps must be taken to identify all potentially e-discovery data in your possession or control. Ensuring that all critical legal and business records are retained; Allowing the company to meet legal requirements; Preserving the records in authentic format in the event of litigation; Avoiding liability (for example, through spoliation improperly destroying or altering evidence or failing to preserve it); Reducing or limiting costs during discovery; Keeping internal documents confidential. A document-retention policy will necessarily be unique to an organization. Creating such a policy can be painstaking and time-consuming and requires, at a minimum, input from the business, legal and technical input, along with guidance from records-retention specialists. An effective policy using ediscovery data will describe the scope of the policy are individual departments affected differently, or does the policy apply to the organization as a whole? responsible individuals, exceptions to the policy, retention periods, retention methodologies (e.g., storage, format and location), how to handle confidential materials and communications and privacy considerations for employees. Source: EDRM. PRESERVATION
Litigation hold process (accurately described as herding of cats). A delicate process that ensures evidences is preserved, protect against spoliation and sanctions related to destruction of evidence, while at the same time allowing day-to-day normal business to continue.
COLLECTION
The acquisition of electronic information (data) marked as potentially relevant in the identification phase. This data will need to be reviewed before production to the opposing parties.
PROCESSING
The process of making all the data collected uniform to allow for easy and efficient review.
REVIEW
At its most basic level the document review is used to sort out responsive documents to produce and privileged documents to withhold. Typically the time legal strategies emerge and begin to develop based on the type of information that is found within the collection of documents.
ANALYSIS
The process of evaluating a collection of electronic discovery materials to determine relevant summary information, such as key topics of the case, important people, specific vocabulary and jargon, and important documents.
PRODUCTION
The act of meeting the agreed upon format for the sharing of reviewed documents with the opposing side and entering documents evidence with the court. EXAMPLE of Formats: Native - producing documents in the format in which they were created and maintained. Near Native - Most email cannot be viewed without some conversion. Large databases are also commonly produced in near native format. Image - Single or multi-page Tiff (Group IV) or PDF. The most commonly used format. Paper - Printed on paper. Production Options: Searchable Text, Meta data provided
PRESENTATION The last phase of the e-discovery process is the presentation phase. The act of presenting information that has been uncovered - whether it's to a jury, opposing counsel in settlement negotiations, an arbitrator, or judge. Having the best-looking and most easily understood presentation could make all the difference.
Welcome to e-discovery intro
Electronic Discovery Reference Model (EDRM)
Electronic Discovery Reference Model (EDRM)
Carmody & Torrance e-discovery Team
What is e-discovery?
Electronic discovery (also called e-discovery, ediscovery or edisco) refers to any process in which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a civil or criminal legal case. E-discovery can be carried out offline on a particular computer or it can be done in a network. Court-ordered or government sanctioned hacking for the purpose of obtaining critical evidence is also a type of e-discovery.
E-discovery is an evolving field that goes far beyond mere technology. It gives rise to multiple legal, constitutional, political, security and personal privacy issues, many of which have yet to be resolved.