Presentation is loading. Please wait.

Presentation is loading. Please wait.

Electronic Evidence: New Challenges for Information Security Officers

Published byJune Wright Modified over 9 years ago

Similar presentations

Presentation on theme: "Electronic Evidence: New Challenges for Information Security Officers"— Presentation transcript:

1 Electronic Evidence: New Challenges for Information Security Officers
Presented by: Tom Greene Chief Assistant Attorney General, Public Rights Division Clark Kelso Chief Information Officer, State of California Tom Introduce panel. Ask audience to introduce themselves. Whether atty or IT and which department.

2 Overview Introduction to the recent FRCP amendments for “Electronically Stored Information” (ESI) Implications for Information Security Officers Resources Questions

3 E-Data has been Discoverable and Admissible for Some Time
“Fed. R. Civ. P. 34(a): “document” includes “data compilations from which information can be obtained, translated, if necessary, by the respondent through detection devices into reasonably usable form” “Today it is black letter law that computerized data is discoverable if relevant … The law is clear that data in computerized form is discoverable even if paper ‘hard copies’ of the information have been produced….” Anti-Monopoly, Inc. v. Hasbro, Inc., 94 Civ.2120, 1995 WL (S.D.N.Y. 1995) Jacob

4 FRCP Amendments and E-Evidence
Amendments to the Federal Rules of Civil Procedure address “electronically stored information” (ESI) Apply to cases brought on or after 12/1/06 and all other cases unless “would not be feasible or would work injustice.” Rule 86. Jacob

5 Amended Rule 34(a): “Electronically Stored Information”
“Any party may serve…a request…to produce designated documents, electronically stored information—including writings, drawings, graphs, charts, photographs, sound recordings, images, and other data or data compilations stored in any medium from which information can be obtained—translated, if necessary, …into reasonably useful form…”

6 Four Concepts in the New Rules
Early Consideration of ESI issues Two-Tier Approach to Back-up Media Practical Adjustments Shallow Safe Harbor for E-Document Destruction

7 Critical Decisions Come Early!
Rule 26(f) Conference Among Counsel ASAP but not later than 16 days before Rule 16 conference or issuance of scheduling order. Rule 26(a) disclosures of ESI At or w/in 14 days of 26(f) conference unless a different schedule per stipulation or order. Rule 16 Conference Order ASAP but at least w/in 90 days of appearance of defendant or 120 days from service of complaint.

8 Rule 26(f) Meet and Confer Obligation
Discuss “any issues relating to preserving discoverable information”. “changes in the timing, form or requirement for disclosures under Rule 26(a)” “[A]ny issues” relating to ESI including the “form or forms” of production. New Form 35 for report to court. Consider bringing a consultant/expert.

9 Rule 26(a) Initial Disclosures
26(a)(1)(A)—Witnesses May need to include e-evidence custodian(s); might well be an ISO. 26(a)(1)(B)—”a copy of, or a description by category of, all documents, electronically stored information….that the disclosing party may use to support its claims or defenses”

10 Rule 26(a); Sanctions If fail to “make a disclosure under Rule 26(a), any other party may” move to compel and for “appropriate sanctions”. Rule 37(a)(2)(A). May not be “permitted to use” the undisclosed information “at a trial, at a hearing, or on a motion”. Rule 37(c)(1).

11 Rule 16 Conference Per Advisory Committee, Court is to start w/ 26(f) Report of Counsel. Order is to include “provisions for disclosure or discovery of” ESI. Rule 16(b)(5). Order may include “any agreements the parties reach for asserting claims of privilege or of protection of trial-preparation material after production.” Rule 16(b)(6).

12 Local Rules N.D. Cal. Civil Local Rule 16-9 requires a description of:
“Steps taken to preserve evidence relevant to the issues reasonably evident in the action, including interdiction of any document-destruction program and any ongoing erasures of s, voic s, and any other electronically-stored material.”

13 Duties of Litigation Counsel
Communicate discovery obligations to client Identify sources of discoverable information Speak directly with key players in litigation as well as IT personnel Put in place a litigation hold Reiterate instructions for litigation hold and monitor compliance Call for employees to produce copies of e-evidence Arrange for segregation and safeguarding of archival media (backup tapes) (Zubulake V, 229 F.R.D. 422 (S.D.N.Y. 2004) Monica Zubulake V: adverse inference sanctions

14 Potential Role(s) of ISOs
Consultant (How do your systems work?) Informal Advice; Attend 26(f) session or 16(b) conference Witness Persons Most Knowledgeable (PMK) Depositions Design/Implement Litigation Hold; Search for Information

15 What Should You Explain to Your Lawyers?
Discuss System Hardware, Software, Versions, Location, etc. Discuss File Servers Discuss PCs O/S, Recent Upgrades, Applications, Versions Discuss PDAs Blackberry, Treo, Palm, etc.

16 Talking to Your Lawyers, Part 2
Backup Policy Retention Policy Destruction Policy Capable of Litigation Holds? Other considerations: Thumb drives Working from home Personal Archives

17 Special Problems with Voice Mail
Voice mail typically Not under Your Direct Control Contact 3rd-Party Vendor ASAP Secure hold on Voice Mails for “Key Players”

18 Two-Tier Approach; Rule 26(b)(2)(C)
“A party need not provide discovery of [ESI]from sources that the party identifies as not reasonably accessible” Committee note states that fact that archived data expensive to access does not mean don’t have to preserve back-up media. Demanding party can motion for production if value outweighs burden taking into account amount in controversy, parties’ resources, issues in case and importance of the proposed discovery.

19 States of Data: Cheap to Expensive
Active data ($) Metadata ($) System data ($) Backup tapes ($$$) Deleted and altered files ($$$$) Legacy data ($$$$$) Tony. The significance of the slide is that data goes through stages in terms of where it is stored. The less “active” the data, the more costly and difficult to restore and produce it. However, each of the states contains potentially discoverable information, depending on your case and its facts. The more costly and inaccessible the data, the bigger the chance that the costs can be shared between the parties. The more inaccessible the data, the more likely that the court will listen to arguments for cost sharing, denying a motion to compel, or ordering a sample of data to be preserved and reviewed. Active Data: files or programs readily available to users (word processing) Metadata: more later on other slides – data, or information, about the data. E.g., date created, date modified, etc. System data: Computer’s internal management system, aka Log files, which operate outside the user’s control. E.g., registry tracks configurations and recent activities and is often used for authenticating a user’s whereabouts and actions on a PC. (E.g., a user who set her computer clock back one hour for fraudulent purposes.) Archival Data: data intentionally archived to disk, tape, CD/DVD, storage servers Backup Data: Info copied by IT staff for disaster recovery Deleted/Residual Data: Still present on electronic medium but not readily available except by using computer forensics techniques. Legacy Data: ancient enterprise wide database systems; ancient backup tape systems; ancient computer systems, both servers and personal computers.

20 Budget Issues: Costs for Managing E-Evidence
Collect data $ per hard drive or backup tape $2,000-3,000 per server Cull and Search for Relevant Data using Tech Tools $1,800 per hard drive; more for backup tapes. $450 per box Produce Relevant Data $750 per hard drive to prepare data for production in proper format Convert data to litigation support repository for privilege review $4 per Megabyte plus $.10/page for Bates numbering and tiffing the images Tony: Collecting the data is the second most expensive part of e-discovery. (Reviewing for responsiveness and privileging is the most expensive part.) This slide provides estimates for the cost of using an outsource vendor to collect the data, if you do not have internal staff to do so and if you prefer to rely on experts to be able to testify to the chain of custody. Tab 12.1: checklist Tab 12.4: top 10 data collection pitfalls

21 Practical Adjustments: Form(s) of Production
FRCP 34(b) authorizes demanding party to “specify the form or forms in which [ESI] is to be produced”; subject to challenge. Per Advisory Note, can specify different forms for spreadsheets and documents. Tony

22 Metadata and Why It May Be Important in a Lawsuit
Classic metadata fields From, To, Subject, Date, cc, bcc, Text of Date and time and/or attachment opened 50-60 other types of fields are available Embedded data (e.g., Excel formulas, Word Processing prior versions) Expensive to manage and produce; relevance depends on the nature of your case. Chris (technical issues) & Monica (ethical issues) What is it? Data about data. Includes how, when and by whom the data was collected, created, accessed, or modified and how it is formatted (size, location, storage requirements, media). Some metadata can be viewed by the user; other metadata is hidden. Metadata is not reproduced in full form when a document is printed. Example of metadata include file name, location (directory structure and path name), file format or type, file size, file dates (date created, last modified, last accessed, forwarded), file permissions. Also includes user-input such as subject, key words, content description, business purpose, retention codes, classifications, person responsible for records retention. What it does? Used to certify scope, authenticity, and integrity of active or archival information or records. Certain metadata is critical in information management and for ensuring effective retrieval. Why is it often requested during discovery and PRA? The reason for seeking e-documents in native format, their original format, especially for is to acquire the metadata. With native we can extract the metadata directly into a searchable litigation support software tool for review by attys. Or, for humongous collections, contract with an e-discovery company to host the and its metadata on the internet. Other side of the coin: metadata can reveal prior versions of documents or other information such as comments. Difficult to remove metadata. If sending an , best to save the document to a PDF format which also includes metadata, but far fewer fields of metadata. Alternatively, saving the document will also save the metadata. Cut and paste document into a new document will get rid of most metadata, but you might also lose some codes.

23 Typical Forms of Production
Native Format – ESI is produced as it was maintained and used; contains metadata. Quasi-Native – ESI is produced in a format similar to, but not the same as, the format in which it was maintained and used. Proprietary software Large databases Borrowed from Socha Consulting LLC

24 Forms of Production, Part 2
Quasi-Paper – ESI is converted to image files, typically TIFF or PDF; meta data and full text are extracted. Quasi-Paper Hybrid – Meta data and text are extracted with a link to the native file. Paper What do you really need? Be careful what you ask for. . .

25 Rule 37: “Shallow Safe Harbor”
FRCP 37(f) provides that “absent exceptional circumstances, a court may not impose sanctions…[for ESI]… lost as a result of the routine, good-faith operation of an electronic information system.” Good faith per Committee Note includes retention under common law, etc. and existence of effective litigation hold. Jacob

26 Retention Obligation: Practice Tips
Normal business destruction will not yield sanctions under FRCP. But Improper Destruction Creates Major Risks for Your Agency. Written Litigation Hold Policies are Highly Recommended. Jacob

27 What is “spoliation”? “the destruction or significant alteration of evidence, or the failure to preserve…evidence in pending or reasonably foreseeable litigation.” West v. Goodyear, 167 F.3d 776,779 (2nd Cir.1999) contra spoliatorem omnia proesumuntur. Black’s Law Dictionary4th Tom

28 Sources of Duty to Preserve
Knew or should have known of possible litigation Specific statutes, e.g. Sarbanes-Oxley; SEC Rules Court order Agreement Tom

29 When Does Duty Attach? Based on common law “knew or should have known” standard: When Product Designed. Carlucci, 102 F.R.D. 472 (S.D.Fl.1984) When Complaints Received. Remington, 836 F.2d 1104 (8th Cir.1988) When litigation suspected. Zubulake IV, 220 F.R.D. 212 (S.D.N.Y.2003) When major accident occurs. Union Pac. R.R., 2004 U.S.App.LEXIS 6 (8th Cir.2004)

30 Preservation of Metadata May Be Required
Relevance of metadata depends on the case. Burden of disclosing metadata on the producing party. Williams v. Sprint, 2005 U.S. Dist. Lexis (D.Md. 11/22/05) Discuss at 16(b) conference.

31 What remedies? “Most potent” is the adverse inference instruction. Cedars-Sinai, 18 Cal.4th 1, 11(1998) Example: New CA standard instruction 205 reads: “You may consider whether one party intentionally concealed or destroyed evidence. If you decide that a party did so, you may decide that the evidence would have been unfavorable to that party.” Tom Morgan Stanley adverse inference instruction is on the CD.

32 Other Sanctions Monetary Evidence Issue Terminating

33 A Few Examples Leon v. IDX (9th Cir. 2006) 464 F.3d 951 (files deleted from laptop; dismissal) U.S. v. Gordon (9th Cir.2004) 393 F.3d 1044 (use of “Evidence Eliminator to scrub drive; pay costs and conviction affirmed) In re Napster (N.D.Cal. 10/25/06) 2006 WL (deletion of ; adverse inference instruction)

34 More Examples World Courier v. Barone (N.D.Cal., No. C THE, 4/13/07) (destruction of hard drive in IP case by non-party husband; adverse inference instruction, costs; relies on Residential Funding v. DeGeorge Fin. (2d Cir. 2002) 306 F.3d 99, 105) People v. Hanson Building Materials (Contra Costa County, No. MSC , 5/3/07) (Failure to retain ; CA state agency ordered to pay $79K in fees/costs + adverse inference instruction; writ pending)

35 Litigation Hold Requirement: Policy and Implementation
Create Policy to: Determine When Hold is to be Imposed Define what is to be preserved Staff responsibilities Implementation Issues: ID key players who are involved ID relevant records/docs/systems/computers Contact and interview all key players Will metadata be material? A forensics snapshot? Will legacy data or backup media need to be preserved? When do we need an outside expert? Jacob

36 Litigation Hold Procedures: Training and Follow-up
Meetings and regular reminders Individual Interviews Determine if staff requires further clarification Document the process Jacob: Organization should consider ways in which litigation hold processes are recorded. Documenting legal hold process is not a legal requirement, but it is considered to be a “best practice.” The absence of a documentation or paper trail does not automatically mean bad faith, but having the steps recorded makes life easier.

37 Resources Sedona Guidelines (sedonaconference.com) Zubulake decisions
Michael Arkfeld ,Electronic Discovery and Evidence (All AGO libraries) BNA, Digital Discovery and E-Evidence Internet resources Discoveryresources.org; krollontrack.com; FIOS.com; applieddiscovery.com; Note webinars. Jacob

38 Take-Aways? E-Discovery Presents Serious Risks to Your Agencies.
ISOs Will Have Important Roles in Future Litigation Need to Partner Early with your CIO, the AG and your General Counsel’s Office. Need for Standards and Guidelines (Which You Should Help Write). Monica

39 Thanks and Questions

Download ppt "Electronic Evidence: New Challenges for Information Security Officers"

Similar presentations

Williams v. Sprint/United Management Co.

Williams v. Sprint/United Management Co.
Zubulake v. UBS Warburg LLC “Zubulake IV”

Zubulake v. UBS Warburg LLC “Zubulake IV”
The Evolving Law of E-Discovery Joseph J. Ortego, Esq. Nixon Peabody LLP New York, NY Jericho, NY.

The Evolving Law of E-Discovery Joseph J. Ortego, Esq. Nixon Peabody LLP New York, NY Jericho, NY.
United States District Court for the Southern District of New York, 2004 District Justice Scheindlin Zubulake v. UBS Warburg LLC Zubulake V.

United States District Court for the Southern District of New York, 2004 District Justice Scheindlin Zubulake v. UBS Warburg LLC Zubulake V.
Considerations for Records and Information Management Programs in Light of the Pension Committee and Rimkus Consulting 2010 Decisions.

Considerations for Records and Information Management Programs in Light of the Pension Committee and Rimkus Consulting 2010 Decisions.
Litigation Holds: Don’t Live in Fear of Spoliation Jason CISO – University of Connecticut October 30, 2014 Information Security Office.

Litigation Holds: Don’t Live in Fear of Spoliation Jason CISO – University of Connecticut October 30, 2014 Information Security Office.
E-Discovery New Rules of Civil Procedure Presented by Lucy Isaki January 23, 2007.

E-Discovery New Rules of Civil Procedure Presented by Lucy Isaki January 23, 2007.
INFORMATION WITHOUT BORDERS CONFERENCE February 7, 2013 e-DISCOVERY AND INFORMATION MANAGEMENT.

INFORMATION WITHOUT BORDERS CONFERENCE February 7, 2013 e-DISCOVERY AND INFORMATION MANAGEMENT.
Ronald J. Shaffer, Esq. Beth L. Weisser, Esq. Lorraine K. Koc, Esq., Vice President and General Counsel, Deb Shops, Inc. © 2010 Fox Rothschild DELVACCA.

Ronald J. Shaffer, Esq. Beth L. Weisser, Esq. Lorraine K. Koc, Esq., Vice President and General Counsel, Deb Shops, Inc. © 2010 Fox Rothschild DELVACCA.
E-Discovery in Government Investigations Jeane Thomas, Crowell & Moring LLP February 9, 2009.

E-Discovery in Government Investigations Jeane Thomas, Crowell & Moring LLP February 9, 2009.
William P. Butterfield February 16, 2012. Part 1: Why Can’t We Cooperate?

William P. Butterfield February 16, Part 1: Why Can’t We Cooperate?
1 BENCH-BAR DIALOGUE on Federal Civil Discovery Practices: The New Federal e-Discovery Rules Damon W.D. Wright Venable LLP (202) 344-4937

1 BENCH-BAR DIALOGUE on Federal Civil Discovery Practices: The New Federal e-Discovery Rules Damon W.D. Wright Venable LLP (202)
Ethical Issues in Data Security Breach Cases www.ScottandScottllp.com Presented by Robert J. Scott Scott & Scott, LLP 800-596-6176.

Ethical Issues in Data Security Breach Cases Presented by Robert J. Scott Scott & Scott, LLP
Www.frostbrowntodd.com Ethical Issues in the Electronic Age Ethical Issues in the Electronic Age Frost Brown Todd LLC Seminar May 24, 2007 Frost Brown.

Ethical Issues in the Electronic Age Ethical Issues in the Electronic Age Frost Brown Todd LLC Seminar May 24, 2007 Frost Brown.
A PROACTIVE APPROACH TO E-DISCOVERY March 4, 2009 Presented to the Corporate Counsel Section of the Tarrant County Bar Association Carl C. Butzer Jackson.

A PROACTIVE APPROACH TO E-DISCOVERY March 4, 2009 Presented to the Corporate Counsel Section of the Tarrant County Bar Association Carl C. Butzer Jackson.
1 A Practical Guide to eDiscovery in Litigation Presented by: Christopher N. Weiss Aric H. Jarrett Stoel Rives LLP Public Risk Management Association (PRIMA),

1 A Practical Guide to eDiscovery in Litigation Presented by: Christopher N. Weiss Aric H. Jarrett Stoel Rives LLP Public Risk Management Association (PRIMA),
E-Discovery for System Administrators Russell M. Shumway.

E-Discovery for System Administrators Russell M. Shumway.
Project Planning and Management in E-Discovery DAVID A. ELLIS – MAYER BROWN BROWNING E. MAREAN – DLA PIPER.

Project Planning and Management in E-Discovery DAVID A. ELLIS – MAYER BROWN BROWNING E. MAREAN – DLA PIPER.
1 Records Management and Electronic Discovery Ken Sperl (614) 360-2023 Martin.

1 Records Management and Electronic Discovery Ken Sperl (614) Martin.
E-Discovery LIMITS ON E-DISCOVERY. No New Preservation Rule When does duty to preserve attach? Reasonably anticipated litigation. Audio sanctions.

E-Discovery LIMITS ON E-DISCOVERY. No New Preservation Rule When does duty to preserve attach? Reasonably anticipated litigation. Audio sanctions.

Similar presentations

Ads by Google