Presentation is loading. Please wait.

Presentation is loading. Please wait.

Litigation Holds: Don’t Live in Fear of Spoliation

Published byJohnathan Cole Modified over 5 years ago

Similar presentations

Presentation on theme: "Litigation Holds: Don’t Live in Fear of Spoliation"— Presentation transcript:

1 Litigation Holds: Don’t Live in Fear of Spoliation
Jason Pufahl @jasonpufahl CISO – University of Connecticut October 30, 2014 Information Security Office

2 Information Security Office
Presentation Materials Information Security Office

3 Information Security Office
Spoliation of evidence The intentional or negligent withholding, hiding, altering, or destroying of evidence relevant to a legal proceeding Information Security Office

4 Information Security Office
Court decisions and rules place substantial obligations on public and private organizations to: (1) preserve all electronic materials that could be relevant to pending or anticipated lawsuits (2) retrieve and produce such materials in litigation Court decisions and rules place substantial obligations on public and private organizations to (1) preserve all electronic materials that could be relevant to pending or anticipated lawsuits, and (2) retrieve and produce such materials in such litigation. These obligations apply to the University of Connecticut. Failure to meet them may subject the university and the individuals involved to sanctions and liability. The scope of these preservation and disclosure duties are broad. They apply to business-related electronic information wherever it is stored – on a University workstation, a laptop or PDA, and even a social networking site or an employee’s home computer– and whatever it is from– , work processing, spreadsheets, calendars, voice or text messages, wiki sites, videos, photographs, or any other type of digital information. Although these legal duties require that information must be preserved, the reserved information need not be disclosed to the other party without first being appropriately reviewed to be sure that legally protected information is removed. The University and its attorneys still can and will take steps to see that information legally protected will not be disclosed to the opposing party. The rules concerning preservation of hard copies of records have not changed. All printed documents under the control of involved individuals must also be preserved. These preservation and retrieval rules do not require the university to change any general records retention policies Information Security Office

5 Information Security Office
Example and Catalyst Doe v. Norwalk Community College, 2007 • Plaintiff sued a community college for injuries suffered as a result of a sexual assault by an employee. • The court found that the college failed to preserve ESI on the computers of key witnesses. • The court held that a duty to preserve arose before the action was filed, when the college received a demand letter announcing plaintiff’s intention to sue. • The court held that the Rule 37(f) good faith exception was not available because it found that the defendant made no effort to put relevant information on “litigation hold.” • The court also said that the good faith exception was not available because the college had no routine system or consistent policy in place regarding the destruction of ESI. UConn’s Process Prior to 2011 : Process for hard drive collection maintained for only one year Information Security Office

6 Information Security Office
Electronic Discovery Committee To help meet its obligations, the University created an Electronic Discovery Committee, made up of representatives from:  Information Security Office The Office of the Attorney General Privacy Office Records Management Human Resources General Counsel Committee serves as a resource to assure approach is: Consistent Compliant with applicable laws and University policies Information Security Office

7 Information Security Office
Additional parties involved in the process: ISO Administrative Assistant (ISO Admin) ISO Rep Mail and File Admin IT Technician (IT Tech) User Services/Accounts Desk IT Staff Information Security Office

8 Information Security Office
Guiding Principles Cease destruction of relevant documents Preservation of relevant documents Ensure data are available for discovery “Reasonableness” When a case enters discovery, we can produce the expected documents consistently and within reason. Information Security Office

9 Information Security Office
Factors to Consider in Records Retention Severity of litigation Operation efficiencies Individual privacy Risk of data loss Information Security Office

10 Data to be Considered Business-related electronic information Location
Content University workstation employee’s home computer mobile device online word processing spreadsheets calendars voice/text messages wiki sites Videos Photographs any other type of digital information Files must be maintained in their original form Information Security Office

11 Information Security Office
Other Requirements Litigation Hold Tracking Legal Files General Counsel's Application Report Tracker (RT) Manages all of UConn’s incoming requests UConn maintains a separate file from the AG’s office. Looking to go to Legal Files as a single clearinghouse for data. Secure Storage Location Physical – Safe/Locked space Electronic - Protected Information Security Office

12 Information Security Office
Process Components: Initial Litigation Hold Notice Process Drive Imaging Process Hard Drive Re-Image Process Departmental IT/3rd Party Vendor Collection Process Voluntary/Involuntary Termination Process Litigation Hold Release Process Information Security Office

13 Initial Litigation Hold Notice
Information Security Office

14 Information Security Office
Highlights/Considerations Every notice originates from the General Counsel’s Office Pre-litigation step captures Notification is sent to custodian It is the custodian's responsibility to ensure all relevant data is maintained regardless of location Initial scope discussion between IT staff and legal staff administrative IT data Collection always errs on side of “reasonable” Information Security Office

15

16 Information Security Office
Drive Imaging Process Information Security Office

17 Information Security Office
Highlights/Considerations Activation is determined by employee separation, computer repair or case severity Flow identifies who is imaging: internal staff or 3rd party Complexity of case Skill set of staff Contracts Encryption keys collected and stored Is the original drive retained or recycled? i.e.: removable hard drives vs. SSD Information Security Office

18 Information Security Office

19 Information Security Office

20 Departmental IT/3rd Party Collection Process
Information Security Office

21 Information Security Office
Highlights/Considerations Activation is determined by case complexity Flow identifies who is collecting: Departmental IT or 3rd party Collection is done based off of completed survey Information Security Office

22 Information Security Office

23 Voluntary/Involuntary Termination Process
Information Security Office

24 Information Security Office
Highlights/Considerations Validates that at separation, relevant data are retained Information Security Office

25 Information Security Office

26 Litigation Hold Release Process
Information Security Office

27 Information Security Office

28 Information Security Office
Highlights/Considerations ISO receives notification from the General Counsel's Office that the case is settled Dispersal of electronic records Information Security Office

29 Information Security Office
Critical Points Relationship with General Counsel Process must satisfy both General Counsel and IT staff Define reasonable processes Adhere to those processes Information Security Office

30 Information Security Office
Attachments Information Security Office

31 Information Security Office

32 Information Security Office

33 Information Security Office

34 Information Security Office

35 Information Security Office

36 Information Security Office

37 Information Security Office

38 Information Security Office

39 Thank You Jason Pufahl CISO jason.pufahl@uconn.edu 860-486-3743
Information Security Office

Download ppt "Litigation Holds: Don’t Live in Fear of Spoliation"

Similar presentations

The Federal Civil Rules & Electronic Discovery: What's It to Me? 2007 Legal Breakfast Briefing Presented to Employers Resource Association by Robert Reid,

The Federal Civil Rules & Electronic Discovery: What's It to Me? 2007 Legal Breakfast Briefing Presented to Employers Resource Association by Robert Reid,
The Evolving Law of E-Discovery Joseph J. Ortego, Esq. Nixon Peabody LLP New York, NY Jericho, NY.

The Evolving Law of E-Discovery Joseph J. Ortego, Esq. Nixon Peabody LLP New York, NY Jericho, NY.
Www.dinslaw.com Saving Your Documents Can Save You Anne D. Harman, Esq. Bethany B. Swaton, Esq. Dinsmore & Shohl LLP 2100 Market Street, Wheeling (304)

Saving Your Documents Can Save You Anne D. Harman, Esq. Bethany B. Swaton, Esq. Dinsmore & Shohl LLP 2100 Market Street, Wheeling (304)
United States District Court for the Southern District of New York, 2004 District Justice Scheindlin Zubulake v. UBS Warburg LLC Zubulake V.

United States District Court for the Southern District of New York, 2004 District Justice Scheindlin Zubulake v. UBS Warburg LLC Zubulake V.
and Electronic Records Retention: IT Requirements Paul Dworak Office of Compliance 565-4906.

and Electronic Records Retention: IT Requirements Paul Dworak Office of Compliance
Considerations for Records and Information Management Programs in Light of the Pension Committee and Rimkus Consulting 2010 Decisions.

Considerations for Records and Information Management Programs in Light of the Pension Committee and Rimkus Consulting 2010 Decisions.
Identification and Disposition of Official University Records University of Texas at Arlington Records Management.

Identification and Disposition of Official University Records University of Texas at Arlington Records Management.
248 F.R.D. 372 (D. Conn. 2007) Doe v. Norwalk Community College.

248 F.R.D. 372 (D. Conn. 2007) Doe v. Norwalk Community College.
Litigation Holds: Don’t Live in Fear of Spoliation Jason CISO – University of Connecticut October 30, 2014 Information Security Office.

Litigation Holds: Don’t Live in Fear of Spoliation Jason CISO – University of Connecticut October 30, 2014 Information Security Office.
© The McCoy Law Firm 2012 James McCoy The McCoy Law Firm 12400 Coit Rd., Ste. 560 Dallas, Texas 75251 (214) 292-2603

© The McCoy Law Firm 2012 James McCoy The McCoy Law Firm Coit Rd., Ste. 560 Dallas, Texas (214)
E-Discovery New Rules of Civil Procedure Presented by Lucy Isaki January 23, 2007.

E-Discovery New Rules of Civil Procedure Presented by Lucy Isaki January 23, 2007.
INFORMATION WITHOUT BORDERS CONFERENCE February 7, 2013 e-DISCOVERY AND INFORMATION MANAGEMENT.

INFORMATION WITHOUT BORDERS CONFERENCE February 7, 2013 e-DISCOVERY AND INFORMATION MANAGEMENT.
Ethical Issues in Data Security Breach Cases www.ScottandScottllp.com Presented by Robert J. Scott Scott & Scott, LLP 800-596-6176.

Ethical Issues in Data Security Breach Cases Presented by Robert J. Scott Scott & Scott, LLP
Www.frostbrowntodd.com Ethical Issues in the Electronic Age Ethical Issues in the Electronic Age Frost Brown Todd LLC Seminar May 24, 2007 Frost Brown.

Ethical Issues in the Electronic Age Ethical Issues in the Electronic Age Frost Brown Todd LLC Seminar May 24, 2007 Frost Brown.
A PROACTIVE APPROACH TO E-DISCOVERY March 4, 2009 Presented to the Corporate Counsel Section of the Tarrant County Bar Association Carl C. Butzer Jackson.

A PROACTIVE APPROACH TO E-DISCOVERY March 4, 2009 Presented to the Corporate Counsel Section of the Tarrant County Bar Association Carl C. Butzer Jackson.
E-Discovery LIMITS ON E-DISCOVERY. No New Preservation Rule When does duty to preserve attach? Reasonably anticipated litigation. Audio sanctions.

E-Discovery LIMITS ON E-DISCOVERY. No New Preservation Rule When does duty to preserve attach? Reasonably anticipated litigation. Audio sanctions.
Records Management What to Keep and What to Toss.

Records Management What to Keep and What to Toss.
Office of Research Oversight. Working Group Report Slide 2.

Office of Research Oversight. Working Group Report Slide 2.
MINNESOTA GOVERNMENT DATA PRACTICES ACT How the law affects University employees and recordkeeping Susan McKinney Records & Information Management.

MINNESOTA GOVERNMENT DATA PRACTICES ACT How the law affects University employees and recordkeeping Susan McKinney Records & Information Management.
1 ELECTRONIC DATA & DISCRIMINATION INVESTIGATIONS Peter J. Constantine U.S. Department of Labor Office of the Solicitor.

1 ELECTRONIC DATA & DISCRIMINATION INVESTIGATIONS Peter J. Constantine U.S. Department of Labor Office of the Solicitor.

Similar presentations

Ads by Google