Upload
zeheb
View
54
Download
0
Tags:
Embed Size (px)
DESCRIPTION
This Webcast Will Begin Shortly. If you have any technical problems with the Webcast or the streaming audio, please contact us via email at: [email protected] Thank You!. Panel. Moderator - PowerPoint PPT Presentation
Citation preview
This Webcast Will Begin ShortlyIf you have any technical problems with the Webcast or the streaming audio, please contact
us via email at:
Thank You!
Panel
Moderator
Sonia G. Cudd, Associate Counsel and Assistant Secretary McCormick & Company, Incorporated
Presenters
Alice Lawrence, Principal Jordan Lawrence
Daniel Cooperman, Senior Vice President, General Counsel and Secretary Oracle Corporation
John Patzakis, Esq., Vice Chairman and Chief Legal Officer Guidance Software
Infusing Records Policy into Technology
April 18, 2007Presented by
Association of Corporate Counselwww.acc.com
About Jordan Lawrence
•Twenty years experience helping companies solve real-world records and information management problems
•Objective - client-implemented best-practice standards and benchmarking data
•ACC Alliance Partner
ASSESSING DEVELOPING ENFORCING
•Enforce your policy• Retain
• Protect
• Manage and Dispose
•Make well-informed decisions
•Have a verifiable legal hold process
•Compliance with newly amended Federal Rules• Rule 26 “data map”
Legal and IT Objectives
Better Information for Better Decisions
•What record types you have
•Who owns or controls them
•Where records are held and on what applications or media
•What is the value of information and record types
•When should information and record types be disposed
Records DNA is Critical
People Facts &Metrics
Media &Application
RecordType
Tagging
Record TypeDNA
ManagementSubject Matter Experts
AdvisorsBusiness Representatives
SecurityRapid Production
Secure DestructionRegulatory NeedsBusiness Needs
Record NamesDescriptionsActivity LevelsActive-Use PeriodsVolumes
Content ManagementEmailElectronic: -IT Controlled -User ControlledPaperSystem
•Map personally identifiable information
•Identify redundancies
•Locate where information is shared
•Opportunities to reduce legacy records and information
For more information, see www.jordanlawrence.com/benchmarking
Assessment Value for IT and Data Security
Assessment Value for Legal
•Rule 26 “data map”
•Identify and prioritize risks
•Bridge legal and IT objectives
•Opportunities to reduce legacy records and information
For more information, see www.jordanlawrence.com/benchmarking
Infusing Policy Into Technology
Enforcement Solutions
POLICYEnforcement Solutions TM
Critical Success Factors…
System and media agnosticCover all record typesAddress the enterpriseSeamless to businesspeople
Structured dataIT-controlled recordsEmailUnstructured electronic recordsDocument imagesTape storagePaper records warehousingEmployee discretionary records…
- personal backup media and devices- departmental paper records
Maximize Policy IntegrationRequirements
Retention
Legal hold management
Rights management
Data map maintenance
Disposal management
Other requirements
FullyIntegrate
AuditedNotices
Hold Management
• Enact immediate and verifiable legal holds
• Process must cover all users, all record types, all systems and media
• Dispose of obsolete records and information
• Keep policy and critical information up-to-date
Jordan
• Better information for better decisions
• Bridge legal and IT objectives• Policy must be tied to process and technology
• Must have an effective “hold management” process
Daniel Cooperman
SVP, General Counsel and Secretary
Oracle Corporation
Oracle Corporation Key Facts
• $14 billion revenue FY06 (46% from outside US)
• 275,000 customers• 17,700 partners • 68,000 employees (59% outside US)
• 14,000 developers• Operations in 145 countries• 87 operating subsidiaries
Founded in 1977. Headquarters in Redwood Shores, CA
Database
Middleware
Applications
Evolution of General Counsel’s Role
Source: General Counsel Roundtable, 2006
Legal Technician•Manage Legal Department
•Direct Litigation; Board Secretary
• Provide Regulatory Expertise
Executive Committee Member• Participate in strategy and
operational reviews
• Provide legal advice to senior corporate executives
Phase IIn House Counsel
1970s-1980s
Phase IICorporate Confidante
1990s
Legal Technician•Manage Legal Department
•Direct Litigation; Board Secretary
• Provide Regulatory Expertise
Executive Committee Member• Participate in strategy and
operational reviews
• Provide legal advice to senior corporate executives
Functional Leader• Orient department around business
client satisfaction
• Follow and report on legal trends
• Reassess selection and management of outside counsel with focus on cost-savings
Phase IIICorporate Gatekeeper
2000s - ?
Legal Technician•Manage Legal Department
•Direct Litigation; Board Secretary
• Provide Regulatory Expertise
Executive Committee Member• Participate in strategy and
operational reviews
• Provide legal advice to senior corporate executives
Functional Leader• Orient department around business
client satisfaction
• Follow and report on legal trends
• Reassess selection and management of outside counsel with focus on cost-savings
Activist General Manager • Architect and manage key
enterprise projects, e.g. records management
• Employ marketing strategies to engage clients in critical initiatives
• Resolve disputes “upstream”
• Provide advice to the board on business risk
General Counsel
Responsibility
A Pressure Cooker EnvironmentCompliance is New Normal
Sarbanes-Oxley Act
Fair Credit Reporting Act
Family Education Rights
Privacy Protection Act
Federal Rules of Civil Procedure
Foreign Corrupt Practices Act
Computer Fraud and Abuse Act
Health Insurance Portability and Accountability Act
Children’s Online Privacy Protection Act
Gramm-Leach Bliley Act
Patriot Act
Domestic Security Enhancement Act
… and many more
Increased Responsibilities
80% of general counsels surveyed directly managed the company’s compliance function.”
Source: General Counsel Roundtable, 2005
“Litigation on the Rise
21 to 50Lawsuits
Source: Fulbright & Jaworski, 2006
51 or moreLawsuits
7%11% 11%
23%
2005 2006 2005 2006
First-Year Associate Salaries Skyrocket
New York
California
Chicago
Miami
Boston
$160,000
$160,000
$145,000
$145,000
$145,000
“Lawyers as Gatekeepers
Consistent with Sarbanes-Oxley’s focus on the important role of lawyers as gatekeepers, we have stepped up our scrutiny of the role of lawyers in the corporate frauds we investigate.”
Stephen Cutler, Director,SEC Division of Enforcement, 2004
Legal Spending Increases
Source: BTI Consulting Group, 2006
0
10
20
30
$ Millions
0%
25%
50%
75%
2004 2005
$14.6
$25.4
$16.9
$26.6100%
57.6%
63.4%
A Piecemeal Approach to Compliance Creates Complexity and Inconsistency
IT Governance
Supply ChainTraceability
Financial ReportingCompliance
Compliance &Ethics Programs
Apps Server
Data Warehouse Database Mainframes Mobile DevicesEnterprise
Applications
SOX SB1386 HIPAA CorporatePolicy
EU Directives
PatriotAct Basel II …FCPA Export
ControlMandates
Regions
Technology
People
LegalFinance
HRSalesSuppliers
Customers
R&D Mfg
GRC ProgramsData Privacy& Security
RecordsRetention
LegalDiscovery
Anti-Money Laundering
Business Applications
Structured Data
Content and Records Management
Unstructured Data
Risk and Compliance Management Training and Learning
Business Intelligence, Reporting, Dashboards
Security and Identity Management
Build a Sustainable Platform for Governance, Risk, and Compliance
Unstructured Data: A Significant Risk
Structured Information
Unstructured Data
Contracts, Email, Voicemail, Memos, Web Conferences, Data Sheets, Instant Messages, Planning Documents, Forecasts, Quotes, etc.
Information in Business Systems (ERP, SCM, CRM, etc.)30%
70%
Critical Success Factor Connecting Record Policies to Technology• Establish Retention Policies for Information and Records
• Create the technology infrastructure to support Records and Retention Management Platform across the Enterprise
Reducing the eDiscovery Burden
Enterprise Information Inventory
Legal Review
and Analysis
Information Retention Policies
Records Retention
Broader, Consistent, Enforced Policies
Combined with Technology Reduce
Exposure
Reducing the eDiscovery burden
Keeping What You Need
Keeping What You Want
Knowing What You Have
Base Your Records Retention Policies on “Best Practices” • Capture information from the right people
to design policies that support business and regulatory requirements
• Apply retention policies to all content across multiple repositories, not only records
• Don’t retain more content than is necessary• Apply policies consistently and universally• Centralize policy administration and disposition processing
• Apply legal holds promptly and universally to minimize user disruption
Records Policies
Connecting Record Policies to Technology
FederatedElectronic
Repositories
NotificationEngine
PhysicalRecordsManager
RecordsManager
Universal RecordsManagement
Discovery Services
Central Policy Management
EnterpriseContent
Management
Data Warehouse Database Mainframes DesktopsEnterprise
Applications
Source: http://www.appliedlearninglabs.com/solutions/opexcell.html
Are you working with your IT staff to deploy a technology platform that will make your vision a reality?
Technology
VisionDo you have a long-term vision to reduce reliance on external counsel and prepare for future regulatory requirements?
KnowledgeAre you driving your company’s information management strategy for regulatory compliance and litigation readiness?
Final Considerations
John Patzakis, Esq.
Vice Chairman and Chief Legal Officer
Guidance Software
3 Key Legal Requirements Related to Records Management
1. Need to Actively Enforce Existing Policies
2. Need to Execute Timely and Effective Litigation Holds to Override Retention Procedures
3. Need for Documentation and Transparency of eRecords Enforcement Efforts and Litigation Holds
E-Records Retention Enforcement and The Law1. Enforcement Using a Systemized and Objective Process-Samsung Electronics v. Rambus, 439 F.Supp.2d 524 (E.D. Va. 2006), (Court finds records management policy applied in bad faith and in a non-systemic manner)-Active Enforcement is Key To Establishing Routine Operation and Process Defensibility
2. Must Document and Report eRecords Enforcement Activity-Samsung Electronics v. Rambus, (Rambus kept no records of the kinds of documents that were destroyed,” or the parameters for such destruction)
3. Purging of Records Pursuant to Established Policy Must Be Overriden in Face of Duty to Preserve-Broccoli v. Echostar Communications, 229 F.R.D. 506 (D. Md. 2005)
Safe Harbor: Only Possible with a Process• Rule 37(f): No Penalties for Deleting ESI due to Routine Operation of IT Systems, and if Reasonable Preservation Steps Taken
• Must be Due to Routine Operation and in Good Faith• Procedures Must be: Established, Documented and Operational
• Systemized Framework For Early Attention (Litigation Hold) Must be in Place
• Caveat --- Committee Note: “A party is not permitted to exploit the routine operation of an information system to thwart discovery obligations by allowing that operation to continue in order to destroy (relevant ESI).”
Court Scrutiny of E-Discovery Collection Process• In re NTL, Inc. Securities Litigation, 2007 WL 241344 (S.D.N.Y. Jan. 30 2007)• “Although NTL sent out hold memos in March and June 2002 . . . those hold memos were not sufficient, since they subsequently were ignored. . . The evidence, in fact, is that no adequate litigation hold existed.”
• Samsung Electronics v. Rambus, 439 F.Supp.2d 524 (E.D. Va. 2006) • "It is not sufficient, however, for a company merely to tell employees to 'save relevant documents,' ... this sort of token effort will hardly ever suffice."
• court faults “the lack of specificity in defining what documents would be relevant to litigation”
• Wachtel v. HealthNet, 2006 WL 3538935 (D.N.J.); Court criticizes HealthNet’s “utterly inadequate” eDiscovery process where paralegal merely emails preservation notifications
Would Your Organization’s eDiscovery Search and Collection Efforts Withstand This Scrutiny?
• Peskoff v. Ferber --- F.R.D. ----, 2007 WL 530096 (Feb. 21, 2007 D.D.C.)"Once the search is completed...Defendant must also file a statement under oath by the person who conducts the search, explaining how the search was conducted, of which electronic depositories, and how it was designed to produce and did in fact produce all of the emails I have just described. I must insist that the person performing the search have the competence and skill to do so comprehensively. An evidentiary hearing will then be held, at which I expect the person who made the attestation to testify and explain how he or she conducted the search, his or her qualifications to conduct the search, and why I should find the search was adequate.“
Preservation Only Required For Relevant Data• “Clearly” no duty to “preserve every shred of paper, every e-mail or
electronic document, and every backup tape…Such a rule would cripple large corporations.” Zubulake v. UBS Warburg LLC, 220 F.R.D. 212, 217 (S.D.N.Y. 2004)
• This concept is reflected in the New Federal Rules (FRCP). Committee Notes endorse “narrowly tailored” preservation and the need to “balance between the competing needs to preserve relevant evidence and to continue routine operations critical to ongoing activities” (Note to Rule 26(f).)
• Rule 26(f) also invokes the Manual for Complex Litigation (4th) § 40.25(2); Which Provides for Targeted Collection Based Upon Keywords, Date Ranges, File Types and Specified Custodians
Recent Cases Support Targeted ESI Search and Collection• Flexys Americas v. Kumho Tire: 2006 WL 3526794 (N.D.
Ohio);• Court limits Search to Specific Custodians, Time Frames and Keywords
• Treppel v. Biovail Corporation, 233 F.R.D. 363 (S.D.N.Y. 2006). • Court: defined search strategies are appropriate in cases involving ESI. If meet and confer efforts are refused, producing party should proceed with reasonable search criteria with a clear record of opponent’s refusal.
• Caveat: Without an Established Process with the Right Technology, Collection Efforts Will Be Overly Broad, Resulting in Substantial “Back End” Costs (processing, excess data hosting and review).
About Guidance Software• Founded 1997. (NASD: GUID)• Largest provider of computer investigation software, training and services• Over 24,000 users of EnCase® computer forensic software worldwide
• More than 3,800 trained annually• Over 350 of Global 2000, including over 100 of the Fortune 500, use EnCase® Enterprise software
• Headquartered in Pasadena, CA • Offices in SF, DC, NY, Houston, Chicago (opening Q1 2007) and the UK
• Key Cases That Address “Process Defensibility” and EnCase:• Sanders v. State (Texas), 191 S.W. 3rd 272 (Tex.App., 2006); Cert. Denied, --- S.Ct.---, 2007 WL 91482 (U.S.), (Court takes Judicial Notice of the reliability of EnCase, finding “EnCase is a ‘field standard’ for forensic computer examination; treatises about EnCase have been published.”)
• Krumwiede v. Brighton Assocs., L.L.C., 2006 WL 1308629 (N.D. Ill. May 8, 2006) [Court finds that eDiscovery Consultant “created a forensically valid copy of the laptop's hard drive using EnCase software.” This allowed the consultant “to examine the metadata and the content of the files on the computer...”]
• Williford v. State (Texas), 127 S.W.3d 309 (Tex.App. 2004).• State (Ohio) v. Cook, 777 N.E.2d 882 (Ohio App. 2002)
• Used by the SEC, FBI, Secret Service, FTC, foreign governments, state and local law enforcement, etc.• See, e.g., United States v. Shirazi, 2006 WL 1155945 (N.D.Ill., May 1, 2006)
Key Benefits of The EnCase Enterprise Process• Order of magnitude cost savings. EnCase eDiscovery enables an in-house process that is highly efficient due to its scalability, ability to cull at the point of collection, and integrated processing capabilities.
• Consistent and systemic enterprise-wide processes. Enables implementation of repeatable enterprise-wide eDiscovery process. This facilitates compliance with the new Federal Rules.
• Judicial acceptance of EnCase technology. Company can count on judicial approval of their defensible process for collection and preservation of ESI. EnCase Enterprise is also the Industry Standard for Internal Investigations involving ESI.
• Ability to Enforce eRecords Retention Polices at the Desktop Level on a Global Basis
Further Resources
Request new white paper on eDiscovery Collection Best Practices: [email protected]
eDiscovery Resources:www.kenwithers.comwww.thesedonaconference.org
“Digital Discovery & e-Evidence” Pike & Fisherhttp://ddee.pf.com
Infusing Records Policy into Technology
April 18, 2007Presented by
www.jordanlawrence.com636.821.2222