Upload
bryan-henry
View
213
Download
0
Tags:
Embed Size (px)
Citation preview
ICPLICPL Institute for Institute for Computer Policy & LawComputer Policy & Law
H. David LambertVice President for Information Services and Chief Information OfficerGeorgetown University
e-Discovery: Early Lessons From the Trenches
July 25, 2007 Twelfth Institute for Computer Policy & Law 2
ICPLICPL
Lesson # 1Lesson # 1Lesson # 1Lesson # 1
Yes...this is for real. The acid test:
“…you may want to talk to our E-Discovery practice...”
E-Discovery: the Arthur Andersen/Enron Prize for
Unfunded Mandates
‘Surviving’ e-discovery requires extensive collaboration between IT and Counsel’s offices.
July 25, 2007 Twelfth Institute for Computer Policy & Law 3
ICPLICPL
Lesson #2Lesson #2Lesson #2Lesson #2 There is no such thing as a
‘departmental’ application any longer. The balance of ‘institutional interest’
has changed forever. Central IT was never funded to
support this radical shift brought about by: E-Discovery Privacy Security Business Continuity
July 25, 2007 Twelfth Institute for Computer Policy & Law 4
ICPLICPL
The changing balance The changing balance of institutional of institutional
interestinterest
The changing balance The changing balance of institutional of institutional
interestinterest
EnterpriseSystems
DepartmentalSystems
Security
Privacy
Business continuity
E-Discovery
Digitalization
Availability
New business requirements
EnterpriseSystems
DepartmentalSystems
July 25, 2007 Twelfth Institute for Computer Policy & Law 5
ICPLICPL
Lesson # 3Lesson # 3Lesson # 3Lesson # 3
E-Discovery impacts every layer and component of university technical architecture and infrastructure
There is no longer such a thing as back-up; only archive
Enterprise architectures and production services often don’t extend to:
Departmental servers Desktops Departmental and personal back-up systems PDAs
Yet that information is equally subject to discovery
July 25, 2007 Twelfth Institute for Computer Policy & Law 6
ICPLICPL
Lesson # 4Lesson # 4Lesson # 4Lesson # 4
Compliance with a request or subpoena implies a level of access to desktop and personal resources that are not consistent with our organizational and operational structures.
July 25, 2007 Twelfth Institute for Computer Policy & Law 7
ICPLICPL
Lesson # 5Lesson # 5Lesson # 5Lesson # 5
Based on our experience so-far, the e-discovery requests have been comprehensive and specific.
E-mail Calendars Files shares (institutional and
personal) Phone records (cell and office) Voice mail Academic records
July 25, 2007 Twelfth Institute for Computer Policy & Law 8
ICPLICPL
Lesson # 6Lesson # 6Lesson # 6Lesson # 6
E-discovery drives up the cost of litigation to the university at a very early stage (often at pre-litigation).
Examples: Replacing back up tapes Acquiring systems to back up
departmental and personal environments Time burned by technical staff and counsel
Including the requirement for supplemental external resources
... and this is at the ‘preservation’ stage
July 25, 2007 Twelfth Institute for Computer Policy & Law 9
ICPLICPL
Lesson # 7Lesson # 7Lesson # 7Lesson # 7
Responding to preservation requests puts enormous burdens on technical staff who are critical to other on-going operations and functions.
Security staff Desktop support Systems administrators Counsel
July 25, 2007 Twelfth Institute for Computer Policy & Law 10
ICPLICPL
Lesson #8Lesson #8Lesson #8Lesson #8
The logistics associated with assuring the preservation process is completed in a timely and effective manner is complex and requires sophisticated controls.
Uniform procedures for collecting and cataloging data.
‘Accountable’ procedures for assuring the preserved data is actually preserved.
Procedures to assure users that the privacy of their data will be respected.
Privacy has been a particularly sensitive issue.
July 25, 2007 Twelfth Institute for Computer Policy & Law 11
ICPLICPL
Lesson # 9Lesson # 9Lesson # 9Lesson # 9
Processing discovery requests raises warranted concerns on the part of involved faculty and staff about privacy…
It makes our security staff appear to be the ‘bad guys’, since they are the ones who show up to do the work.
Procedures have been developed to protect ‘preserved’ data that we hope will make sense to the Faculty Senate.
July 25, 2007 Twelfth Institute for Computer Policy & Law 12
ICPLICPL
Lesson # 10Lesson # 10Lesson # 10Lesson # 10
The individuals involved in the discovery request are nearly always the most politically powerful within the institution.
Executive leadershipDeansFaculty members