This Webcast Will Begin ShortlyIf you have any technical problems with the Webcast or the streaming audio, please contact

us via email at:

accwebcast@commpartners.com

Thank You!

Panel

Moderator

Sonia G. Cudd, Associate Counsel and Assistant Secretary McCormick & Company, Incorporated

Presenters

Alice Lawrence, Principal Jordan Lawrence

Daniel Cooperman, Senior Vice President, General Counsel and Secretary Oracle Corporation

John Patzakis, Esq., Vice Chairman and Chief Legal Officer Guidance Software

Infusing Records Policy into Technology

April 18, 2007Presented by

Association of Corporate Counselwww.acc.com

About Jordan Lawrence

•Twenty years experience helping companies solve real-world records and information management problems

•Objective - client-implemented best-practice standards and benchmarking data

•ACC Alliance Partner

ASSESSING DEVELOPING ENFORCING

•Enforce your policy• Retain

• Protect

• Manage and Dispose

•Make well-informed decisions

•Have a verifiable legal hold process

•Compliance with newly amended Federal Rules• Rule 26 “data map”

Legal and IT Objectives

Better Information for Better Decisions

•What record types you have

•Who owns or controls them

•Where records are held and on what applications or media

•What is the value of information and record types

•When should information and record types be disposed

Records DNA is Critical

People Facts &Metrics

Media &Application

RecordType

Tagging

Record TypeDNA

ManagementSubject Matter Experts

AdvisorsBusiness Representatives

SecurityRapid Production

Secure DestructionRegulatory NeedsBusiness Needs

Record NamesDescriptionsActivity LevelsActive-Use PeriodsVolumes

Content ManagementEmailElectronic: -IT Controlled -User ControlledPaperSystem

•Map personally identifiable information

•Identify redundancies

•Locate where information is shared

•Opportunities to reduce legacy records and information

For more information, see www.jordanlawrence.com/benchmarking

Assessment Value for IT and Data Security

Assessment Value for Legal

•Rule 26 “data map”

•Identify and prioritize risks

•Bridge legal and IT objectives

•Opportunities to reduce legacy records and information

For more information, see www.jordanlawrence.com/benchmarking

Infusing Policy Into Technology

Enforcement Solutions

POLICYEnforcement Solutions TM

Critical Success Factors…

System and media agnosticCover all record typesAddress the enterpriseSeamless to businesspeople

Structured dataIT-controlled recordsEmailUnstructured electronic recordsDocument imagesTape storagePaper records warehousingEmployee discretionary records…

- personal backup media and devices- departmental paper records

Maximize Policy IntegrationRequirements

Retention

Legal hold management

Rights management

Data map maintenance

Disposal management

Other requirements

FullyIntegrate

AuditedNotices

Hold Management

• Enact immediate and verifiable legal holds

• Process must cover all users, all record types, all systems and media

• Dispose of obsolete records and information

• Keep policy and critical information up-to-date

Jordan

• Better information for better decisions

• Bridge legal and IT objectives• Policy must be tied to process and technology

• Must have an effective “hold management” process

alawrence0407@jlgroup.com636.821.2222

Daniel Cooperman

SVP, General Counsel and Secretary

Oracle Corporation

Oracle Corporation Key Facts

• $14 billion revenue FY06 (46% from outside US)

• 275,000 customers• 17,700 partners • 68,000 employees (59% outside US)

• 14,000 developers• Operations in 145 countries• 87 operating subsidiaries

Founded in 1977. Headquarters in Redwood Shores, CA

Database

Middleware

Applications

Evolution of General Counsel’s Role

Source: General Counsel Roundtable, 2006

Legal Technician•Manage Legal Department

•Direct Litigation; Board Secretary

• Provide Regulatory Expertise

Executive Committee Member• Participate in strategy and

operational reviews

• Provide legal advice to senior corporate executives

Phase IIn House Counsel

1970s-1980s

Phase IICorporate Confidante

1990s

Legal Technician•Manage Legal Department

•Direct Litigation; Board Secretary

• Provide Regulatory Expertise

Executive Committee Member• Participate in strategy and

operational reviews

• Provide legal advice to senior corporate executives

Functional Leader• Orient department around business

client satisfaction

• Follow and report on legal trends

• Reassess selection and management of outside counsel with focus on cost-savings

Phase IIICorporate Gatekeeper

2000s - ?

Legal Technician•Manage Legal Department

•Direct Litigation; Board Secretary

• Provide Regulatory Expertise

Executive Committee Member• Participate in strategy and

operational reviews

• Provide legal advice to senior corporate executives

Functional Leader• Orient department around business

client satisfaction

• Follow and report on legal trends

• Reassess selection and management of outside counsel with focus on cost-savings

Activist General Manager • Architect and manage key

enterprise projects, e.g. records management

• Employ marketing strategies to engage clients in critical initiatives

• Resolve disputes “upstream”

• Provide advice to the board on business risk

General Counsel

Responsibility

A Pressure Cooker EnvironmentCompliance is New Normal

Sarbanes-Oxley Act

Fair Credit Reporting Act

Family Education Rights

Privacy Protection Act

Federal Rules of Civil Procedure

Foreign Corrupt Practices Act

Computer Fraud and Abuse Act

Health Insurance Portability and Accountability Act

Children’s Online Privacy Protection Act

Gramm-Leach Bliley Act

Patriot Act

Domestic Security Enhancement Act

… and many more

Increased Responsibilities

80% of general counsels surveyed directly managed the company’s compliance function.”

Source: General Counsel Roundtable, 2005

“Litigation on the Rise

21 to 50Lawsuits

Source: Fulbright & Jaworski, 2006

51 or moreLawsuits

7%11% 11%

23%

2005 2006 2005 2006

First-Year Associate Salaries Skyrocket

New York

California

Chicago

Miami

Boston

$160,000

$160,000

$145,000

$145,000

$145,000

“Lawyers as Gatekeepers

Consistent with Sarbanes-Oxley’s focus on the important role of lawyers as gatekeepers, we have stepped up our scrutiny of the role of lawyers in the corporate frauds we investigate.”

Stephen Cutler, Director,SEC Division of Enforcement, 2004

Legal Spending Increases

Source: BTI Consulting Group, 2006

0

10

20

30

$ Millions

0%

25%

50%

75%

2004 2005

$14.6

$25.4

$16.9

$26.6100%

57.6%

63.4%

A Piecemeal Approach to Compliance Creates Complexity and Inconsistency

IT Governance

Supply ChainTraceability

Financial ReportingCompliance

Compliance &Ethics Programs

Apps Server

Data Warehouse Database Mainframes Mobile DevicesEnterprise

Applications

SOX SB1386 HIPAA CorporatePolicy

EU Directives

PatriotAct Basel II …FCPA Export

ControlMandates

Regions

Technology

People

LegalFinance

HRSalesSuppliers

Customers

R&D Mfg

GRC ProgramsData Privacy& Security

RecordsRetention

LegalDiscovery

Anti-Money Laundering

Business Applications

Structured Data

Content and Records Management

Unstructured Data

Risk and Compliance Management Training and Learning

Business Intelligence, Reporting, Dashboards

Security and Identity Management

Build a Sustainable Platform for Governance, Risk, and Compliance

Unstructured Data: A Significant Risk

Structured Information

Unstructured Data

Contracts, Email, Voicemail, Memos, Web Conferences, Data Sheets, Instant Messages, Planning Documents, Forecasts, Quotes, etc.

Information in Business Systems (ERP, SCM, CRM, etc.)30%

70%

Critical Success Factor Connecting Record Policies to Technology• Establish Retention Policies for Information and Records

• Create the technology infrastructure to support Records and Retention Management Platform across the Enterprise

Reducing the eDiscovery Burden

Enterprise Information Inventory

Legal Review

and Analysis

Information Retention Policies

Records Retention

Broader, Consistent, Enforced Policies

Combined with Technology Reduce

Exposure

Reducing the eDiscovery burden

Keeping What You Need

Keeping What You Want

Knowing What You Have

Base Your Records Retention Policies on “Best Practices” • Capture information from the right people

to design policies that support business and regulatory requirements

• Apply retention policies to all content across multiple repositories, not only records

• Don’t retain more content than is necessary• Apply policies consistently and universally• Centralize policy administration and disposition processing

• Apply legal holds promptly and universally to minimize user disruption

Records Policies

Connecting Record Policies to Technology

FederatedElectronic

Repositories

NotificationEngine

PhysicalRecordsManager

RecordsManager

Universal RecordsManagement

Discovery Services

Central Policy Management

EnterpriseContent

Management

Data Warehouse Database Mainframes DesktopsEnterprise

Applications

Source: http://www.appliedlearninglabs.com/solutions/opexcell.html

Are you working with your IT staff to deploy a technology platform that will make your vision a reality?

Technology

VisionDo you have a long-term vision to reduce reliance on external counsel and prepare for future regulatory requirements?

KnowledgeAre you driving your company’s information management strategy for regulatory compliance and litigation readiness?

Final Considerations

John Patzakis, Esq.

Vice Chairman and Chief Legal Officer

Guidance Software

3 Key Legal Requirements Related to Records Management

1. Need to Actively Enforce Existing Policies

2. Need to Execute Timely and Effective Litigation Holds to Override Retention Procedures

3. Need for Documentation and Transparency of eRecords Enforcement Efforts and Litigation Holds

E-Records Retention Enforcement and The Law1. Enforcement Using a Systemized and Objective Process-Samsung Electronics v. Rambus, 439 F.Supp.2d 524 (E.D. Va. 2006), (Court finds records management policy applied in bad faith and in a non-systemic manner)-Active Enforcement is Key To Establishing Routine Operation and Process Defensibility

2. Must Document and Report eRecords Enforcement Activity-Samsung Electronics v. Rambus, (Rambus kept no records of the kinds of documents that were destroyed,” or the parameters for such destruction)

3. Purging of Records Pursuant to Established Policy Must Be Overriden in Face of Duty to Preserve-Broccoli v. Echostar Communications, 229 F.R.D. 506 (D. Md. 2005)

Safe Harbor: Only Possible with a Process• Rule 37(f): No Penalties for Deleting ESI due to Routine Operation of IT Systems, and if Reasonable Preservation Steps Taken

• Must be Due to Routine Operation and in Good Faith• Procedures Must be: Established, Documented and Operational

• Systemized Framework For Early Attention (Litigation Hold) Must be in Place

• Caveat --- Committee Note: “A party is not permitted to exploit the routine operation of an information system to thwart discovery obligations by allowing that operation to continue in order to destroy (relevant ESI).”

Court Scrutiny of E-Discovery Collection Process• In re NTL, Inc. Securities Litigation, 2007 WL 241344 (S.D.N.Y. Jan. 30 2007)• “Although NTL sent out hold memos in March and June 2002 . . . those hold memos were not sufficient, since they subsequently were ignored. . . The evidence, in fact, is that no adequate litigation hold existed.”

• Samsung Electronics v. Rambus, 439 F.Supp.2d 524 (E.D. Va. 2006) • "It is not sufficient, however, for a company merely to tell employees to 'save relevant documents,' ... this sort of token effort will hardly ever suffice."

• court faults “the lack of specificity in defining what documents would be relevant to litigation”

• Wachtel v. HealthNet, 2006 WL 3538935 (D.N.J.); Court criticizes HealthNet’s “utterly inadequate” eDiscovery process where paralegal merely emails preservation notifications

Would Your Organization’s eDiscovery Search and Collection Efforts Withstand This Scrutiny?

• Peskoff v. Ferber --- F.R.D. ----, 2007 WL 530096 (Feb. 21, 2007 D.D.C.)"Once the search is completed...Defendant must also file a statement under oath by the person who conducts the search, explaining how the search was conducted, of which electronic depositories, and how it was designed to produce and did in fact produce all of the emails I have just described. I must insist that the person performing the search have the competence and skill to do so comprehensively. An evidentiary hearing will then be held, at which I expect the person who made the attestation to testify and explain how he or she conducted the search, his or her qualifications to conduct the search, and why I should find the search was adequate.“

Preservation Only Required For Relevant Data• “Clearly” no duty to “preserve every shred of paper, every e-mail or

electronic document, and every backup tape…Such a rule would cripple large corporations.” Zubulake v. UBS Warburg LLC, 220 F.R.D. 212, 217 (S.D.N.Y. 2004)

• This concept is reflected in the New Federal Rules (FRCP). Committee Notes endorse “narrowly tailored” preservation and the need to “balance between the competing needs to preserve relevant evidence and to continue routine operations critical to ongoing activities” (Note to Rule 26(f).)

• Rule 26(f) also invokes the Manual for Complex Litigation (4th) § 40.25(2); Which Provides for Targeted Collection Based Upon Keywords, Date Ranges, File Types and Specified Custodians

Recent Cases Support Targeted ESI Search and Collection• Flexys Americas v. Kumho Tire: 2006 WL 3526794 (N.D.

Ohio);• Court limits Search to Specific Custodians, Time Frames and Keywords

• Treppel v. Biovail Corporation, 233 F.R.D. 363 (S.D.N.Y. 2006). • Court: defined search strategies are appropriate in cases involving ESI. If meet and confer efforts are refused, producing party should proceed with reasonable search criteria with a clear record of opponent’s refusal.

• Caveat: Without an Established Process with the Right Technology, Collection Efforts Will Be Overly Broad, Resulting in Substantial “Back End” Costs (processing, excess data hosting and review).

About Guidance Software• Founded 1997. (NASD: GUID)• Largest provider of computer investigation software, training and services• Over 24,000 users of EnCase® computer forensic software worldwide

• More than 3,800 trained annually• Over 350 of Global 2000, including over 100 of the Fortune 500, use EnCase® Enterprise software

• Headquartered in Pasadena, CA • Offices in SF, DC, NY, Houston, Chicago (opening Q1 2007) and the UK

• Key Cases That Address “Process Defensibility” and EnCase:• Sanders v. State (Texas), 191 S.W. 3rd 272 (Tex.App., 2006); Cert. Denied, --- S.Ct.---, 2007 WL 91482 (U.S.), (Court takes Judicial Notice of the reliability of EnCase, finding “EnCase is a ‘field standard’ for forensic computer examination; treatises about EnCase have been published.”)

• Krumwiede v. Brighton Assocs., L.L.C., 2006 WL 1308629 (N.D. Ill. May 8, 2006) [Court finds that eDiscovery Consultant “created a forensically valid copy of the laptop's hard drive using EnCase software.” This allowed the consultant “to examine the metadata and the content of the files on the computer...”]

• Williford v. State (Texas), 127 S.W.3d 309 (Tex.App. 2004).• State (Ohio) v. Cook, 777 N.E.2d 882 (Ohio App. 2002)

• Used by the SEC, FBI, Secret Service, FTC, foreign governments, state and local law enforcement, etc.• See, e.g., United States v. Shirazi,  2006 WL 1155945 (N.D.Ill., May 1, 2006)

Key Benefits of The EnCase Enterprise Process• Order of magnitude cost savings. EnCase eDiscovery enables an in-house process that is highly efficient due to its scalability, ability to cull at the point of collection, and integrated processing capabilities.

• Consistent and systemic enterprise-wide processes. Enables implementation of repeatable enterprise-wide eDiscovery process. This facilitates compliance with the new Federal Rules.

• Judicial acceptance of EnCase technology. Company can count on judicial approval of their defensible process for collection and preservation of ESI. EnCase Enterprise is also the Industry Standard for Internal Investigations involving ESI.

• Ability to Enforce eRecords Retention Polices at the Desktop Level on a Global Basis

Further Resources

Request new white paper on eDiscovery Collection Best Practices: Legal@EnCase.com

eDiscovery Resources:www.kenwithers.comwww.thesedonaconference.org

“Digital Discovery & e-Evidence” Pike & Fisherhttp://ddee.pf.com

Infusing Records Policy into Technology

April 18, 2007Presented by

www.jordanlawrence.com636.821.2222