EDRM - Records Management

The business policy regarding retention and control of data,

documents, images, graphics, confidential information, etc.
The document at minim explains who can access information
both outside and inside the company and how it will be
secured to ensure only defined authorized user can access.

Federal Regulations such as:
Sarbanes-Oxley Act (SOX), HIPPA Regulations

State laws may also need to be considered:
Conneticut
General Statues 31-48d - requires employee notification
before email monitoring.

General Statues 42-471 - Requires any person who collects
Social Security numbers in the course of business to create a
privacy protection policy.

The Connecticut Insurance Department Bulletin IC-25 -
Requires all entities doing business in the state report any
information security incident within five days of discovery.

All entities doing business in Connecticut that are licensed or registered with The
Connecticut Insurance Department are required to notify The Connecticut Insurance
Department of any information security incident within five days of discovery.

such as
EXAMPLES:
A ecommerce business will need to have a documented policy that defines how
confidential information is secured and obtain 3rd party certification to win consumer
trust or run the risk of failure, .

Questions that the documentation should answer are:
Who needs access to confidential information?
How do they pass information to the warehouse so they can pick and package the
customers item without including confidential information?
How is the information secured from outside the company?
How long is the data stored?
How do they ensure the data is safe when it is no longer going to be stored?
Does the business have any specific regulations they must follow? If so the policy needs
to explain how it meets those requirements.

Nest the business needs to educate employees regarding the policy and implement
verification process to ensure the documented plan is being followed.

What steps are taken to ensure accounting has enough information to charge the client's
credit card but p

Document retention policies are fundamental business tools
that appropriately address the creation, retention and disposition
of corporate actions. The United States Supreme Court recently
noted: "Document retention policies, which are created in part to
keep certain information from getting into the hands of others,
including the Government, are common in business . . .
It is, of course, not wrongful for a manager to instruct his
employees to comply with a valid document retention policy
under ordinary circumstances.
" Arthur Andersen v. U.S., 125 S.Ct. 2129, 2135 (U.S. May 31, 2005).
The failure to properly maintain and monitor a corporate
electronic records retention policy can create substantial risk
for both the corporation and its employees, particularly in light of
the Sarbanes-Oxley Act and expanded interest in corporate conduct.
In today's corporate world, more than 90% of communications and
business activities take place in an electronic environment.
Current trends in pre-trial discovery also have focused on
electronic communications, substantially increasing costs and risks.
However, many corporate electronic records retention programs do
not adequately address the creation, management and disposition of
electronic records. Therefore, it is increasingly important for
companies to evaluate and consider how their records management
programs impact electronic records.
Source: EDRM.
IDENTIFICATION:
Learn the location of all data which your client
may have a duty to preserver and potentially disclose
in a pending or prospective legal proceeding.
Required for Rule 26(f) Conference
Legal Hold - which over rules Record Management
policy of the organization

held within 30 day's after being served or joined
Initial disclosers - 14 days after the Rule 26(f) conference
Identification refers to the process of learning the location of all data which you or your
client may have a duty to preserve and potentially disclose in a pending or prospective
legal proceeding
The duty to preserve and disclose data may be triggered by a judicial order, a discovery
request, or mere knowledge of a pending or future legal proceeding likely to require the
data. The scope of data to be preserved or disclosed is determined by the subject matter
of the dispute and the law and procedural rules that a court or other authority will
ultimately apply to resolve it
In general, data is potentially discoverable if it is relevant to the disputed transaction or
may lead to relevant data. Failure to preserve or disclose discoverable data may result in
serious penalties. To minimize this risk, diligent steps must be taken to identify all
potentially e-discovery data in your possession or control.
Ensuring that all critical legal and business records are retained;
Allowing the company to meet legal requirements;
Preserving the records in authentic format in the event of litigation;
Avoiding liability (for example, through spoliation improperly destroying or
altering evidence or failing to preserve it);
Reducing or limiting costs during discovery;
Keeping internal documents confidential.
A document-retention policy will necessarily be unique to an organization. Creating such
a policy can be painstaking and time-consuming and requires, at a minimum, input from
the business, legal and technical input, along with guidance from records-retention
specialists. An effective policy using ediscovery data will describe the scope of the
policy are individual departments affected differently, or does the policy apply to the
organization as a whole? responsible individuals, exceptions to the policy, retention
periods, retention methodologies (e.g., storage, format and location), how to handle
confidential materials and communications and privacy considerations for employees.
Source: EDRM.
PRESERVATION

Litigation hold process (accurately described
as herding of cats). A delicate process that ensures
evidences is preserved, protect against spoliation
and sanctions related to destruction of evidence,
while at the same time allowing day-to-day normal
business to continue.

COLLECTION

The acquisition of electronic information (data)
marked as potentially relevant in the identification
phase.
This data will need to be reviewed before production
to the opposing parties.

PROCESSING

The process of making all the data collected uniform
to allow for easy and efficient review.

REVIEW

At its most basic level the document review is used
to sort out responsive documents to produce and
privileged documents to withhold.
Typically the time legal strategies emerge and begin
to develop based on the type of information that is
found within the collection of documents.


ANALYSIS

The process of evaluating a collection of electronic
discovery materials to determine relevant summary
information, such as key topics of the case, important
people, specific vocabulary and jargon, and important
documents.

PRODUCTION

The act of meeting the agreed upon format for the
sharing of reviewed documents with the opposing side
and entering documents evidence with the court.
EXAMPLE of Formats:
Native - producing documents in the format in which they
were created and maintained.
Near Native - Most email cannot be viewed without some
conversion. Large databases are also commonly produced
in near native format.
Image - Single or multi-page Tiff (Group IV) or PDF. The
most commonly used format.
Paper - Printed on paper.
Production Options:
Searchable Text, Meta data provided

PRESENTATION
The last phase of the e-discovery process is the presentation phase.
The act of presenting information that has been uncovered -
whether it's to a jury, opposing counsel in settlement negotiations,
an arbitrator, or judge. Having the best-looking and most easily
understood presentation could make all the difference.

Welcome to e-discovery intro

Electronic Discovery Reference Model (EDRM)

Electronic Discovery Reference Model (EDRM)

Carmody & Torrance e-discovery Team







What is e-discovery?

Electronic discovery (also called e-discovery,
ediscovery or edisco) refers to any process in which
electronic data is sought, located, secured, and
searched with the intent of using it as evidence in a
civil or criminal legal case. E-discovery can be carried
out offline on a particular computer or it can be done in
a network. Court-ordered or government sanctioned
hacking for the purpose of obtaining critical evidence
is also a type of e-discovery.

E-discovery is an evolving field that goes far beyond
mere technology. It gives rise to multiple legal,
constitutional, political, security and personal privacy
issues, many of which have yet to be resolved.