FRCP changes and the impact on IT
The “E-Discovery amendments” to the Federal Rules for Civil Procedure will have a significant impact on the practice of law. An early point made in “The Discovery Revolution” (Paul & Nearon, 2006). What I find interesting is that the seemingly simple rule change (as in Sarbanes Oxley) carries significant challenges to the information infrastructure and management requirements.
E-mail (archiving, search, retrieval and security) is just the tip of the iceberg. Multiply the requirements over all systems, file types, documents and in some cases database elements. The core elements of this process is only supported fully by a verbose, well embraced security program coupled with tools and process to support the identification, classification and lifecycle of information across an organization.
Point solutions alone may allow attorneys to sort through information but true management of the e-discovery capabilities and risks comes from proper infrastructure and information security program management.
The rule changes begin to recognize “electronically stored information” (ESI) and more importantly the “enveloping systems” as legal concepts. Rule 34 has been the long standing governance of the “Production of Documents and Things”. It has now stepped up to govern the “Production of Documents, Electronically Stored Information and Things”. This recognition opens new areas of responsibilities for attorneys and IT departments.
Attorneys have great expertise in the art of evidence handling but, let’s face it, IT people and process is rarely stringent enough to accommodate. By layering in a comprehensive security program complete with data lifecycle management the IT department turns from enslaved organization, charged with finding the information to the enabling group who makes e-discovery possible.
In preparation for a case litigants will need to examine both what they will and will not share between parties. This must be identified, documented and presented to the court within the first 99 days. The process begins by identifying the data and environment. Your legal department will ask you to:
1. Provide detailed description of computer systems used by the company, including hardware systems, primary operating systems, and major software systems, including any customized software.
2. Provide a detailed description of how those computers are networked or connected to others outside of the company (with a graphical representation if one is available).
3. Provide a detailed description of how your employees can network with your computers from outside of the company.
4. Provide a detailed description of the computer systems used by your employees outside of the corporate system (e.g., from home desktops or laptops, personal digital assistants [PDAs]).
5. Provide a detailed description of the backup processes and schedules, document retention and destruction schedules, organized by type of data. Identify the responsible persons for each process, with contact data. Identify storage locations for all backup data.
6. Provide the company’s document retention policy, e-mail, and Internet-usage policies and litigation-hold policy, to the extent they exist.
7. Describe any monitoring or logging of employees’ computer usage.
8. If any third parties hold or have access to the company’s data, identify those third parties with full contact information.
That seems easy… now they will want to move into the environment questions. They will ask you to provide…
1. The architecture and elements of the technology infrastructure, including, but not limited to, the amount and types of computers, operating systems, and software applications, including customized applications, with graphical representations if available.
2. The topology of the network environment, including, but not limited to, the physical placement of computers and their connectivity within the intranet and Internet, with graphical representations if available.
3. The architecture of the electronic mail system, including, but not limited to, server and workstation software and version, lists of users, and location of e-mail files.
4. Enterprise user information applications, including, but not limited to, contact lists, calendars, to-do lists, word processing, project management, and accounting.
5. Internal and external personnel responsible for the management and maintenance of the technology infrastructure and all of its components, with contact information.
6. Information about any business activity of employees that is not backed up by the company, including the use of home machines, laptops, PDAs, etc.
7. The names of all key players in any actual or potential lawsuit or investigation.
8. The names, addresses, and contact info for any third party that holds or has access to company data.
9. Backup policies and procedures, including, but not limited to, hardware and software used to back up and archive information, documentation of what data is backed up, backup schedules, and locations of all backup media devices.
10. Computer-use policies and procedures, including, but not limited to, employee guidelines, password use, system logging, security controls, data retention, litigation holds, information sharing, and acceptable Internet and electronic message usage.
11. The location and contents of any relevant system and event logs.
A little tougher but wait, there’s more - Now we dig into the actual evidence gathering:
These are simply the major components in the identification, isolation, evaluation, and preservation of electronic evidence and represent a standardized method that will be admissible in court. Other steps and/or technologies may be necessary...
1. Record each media device with a unique identifying number.
2. Write protect each media device.
3. Forensically duplicate each media device to create a true mirror image (note that this does not mean copying or "Ghosting").
4. Mathematically verify and validate that the mirror image is identical to the original by using hashing algorithms (MD5, SHA1, SHA2).
5. Scan media devices for viruses and spyware—document the results.
6. Produce directory structure for each media device.
7. Analyze the electronic media and extract relevant information.
8. Secure each media device.
The following is a list of places you attorneys will want to search for evidence:
Electronic evidence may reside in numerous different locations throughout an organization’s technology infrastructure, your legal team will want to dig into any/all/or even more than the following...
Electronic Information
1. Servers
2. Mainframes
3. Network file systems
4. Workstations
5. Laptop computers
6. Personal digital assistants (PDAs)
7. (Personal home computers
8. Private branch exchange (PBX)
9. Voice mail
10. Digital printers or copiers
11. Cell phones
Backup Media
1. Monthly systemwide backups
2. Weekly systemwide backups
3. Incremental systemwide backups
4. Unscheduled backups
5. Personal backups
Additional Media Devices
1. CD-ROMs
2. DVDs
3. Floppy diskettes
4. Zip disks
5. Tape archives
6. Removable hard drives
7. Thumb drives
8. Digital camera media
So, as you can see the e-discovery process will take a deep and broad look at your information technology environment and the data therewith in. Could you pull this together quickly? Waiting for litigation can be disastrous. Stay ahead of your legal communities expectations by calling an expert in information security, they can lead you to the tools and process necessary to smoothly integrate process, policy and technology to accommodate the challenge e-discovery brings.
E-mail (archiving, search, retrieval and security) is just the tip of the iceberg. Multiply the requirements over all systems, file types, documents and in some cases database elements. The core elements of this process is only supported fully by a verbose, well embraced security program coupled with tools and process to support the identification, classification and lifecycle of information across an organization.
Point solutions alone may allow attorneys to sort through information but true management of the e-discovery capabilities and risks comes from proper infrastructure and information security program management.
The rule changes begin to recognize “electronically stored information” (ESI) and more importantly the “enveloping systems” as legal concepts. Rule 34 has been the long standing governance of the “Production of Documents and Things”. It has now stepped up to govern the “Production of Documents, Electronically Stored Information and Things”. This recognition opens new areas of responsibilities for attorneys and IT departments.
Attorneys have great expertise in the art of evidence handling but, let’s face it, IT people and process is rarely stringent enough to accommodate. By layering in a comprehensive security program complete with data lifecycle management the IT department turns from enslaved organization, charged with finding the information to the enabling group who makes e-discovery possible.
In preparation for a case litigants will need to examine both what they will and will not share between parties. This must be identified, documented and presented to the court within the first 99 days. The process begins by identifying the data and environment. Your legal department will ask you to:
1. Provide detailed description of computer systems used by the company, including hardware systems, primary operating systems, and major software systems, including any customized software.
2. Provide a detailed description of how those computers are networked or connected to others outside of the company (with a graphical representation if one is available).
3. Provide a detailed description of how your employees can network with your computers from outside of the company.
4. Provide a detailed description of the computer systems used by your employees outside of the corporate system (e.g., from home desktops or laptops, personal digital assistants [PDAs]).
5. Provide a detailed description of the backup processes and schedules, document retention and destruction schedules, organized by type of data. Identify the responsible persons for each process, with contact data. Identify storage locations for all backup data.
6. Provide the company’s document retention policy, e-mail, and Internet-usage policies and litigation-hold policy, to the extent they exist.
7. Describe any monitoring or logging of employees’ computer usage.
8. If any third parties hold or have access to the company’s data, identify those third parties with full contact information.
That seems easy… now they will want to move into the environment questions. They will ask you to provide…
1. The architecture and elements of the technology infrastructure, including, but not limited to, the amount and types of computers, operating systems, and software applications, including customized applications, with graphical representations if available.
2. The topology of the network environment, including, but not limited to, the physical placement of computers and their connectivity within the intranet and Internet, with graphical representations if available.
3. The architecture of the electronic mail system, including, but not limited to, server and workstation software and version, lists of users, and location of e-mail files.
4. Enterprise user information applications, including, but not limited to, contact lists, calendars, to-do lists, word processing, project management, and accounting.
5. Internal and external personnel responsible for the management and maintenance of the technology infrastructure and all of its components, with contact information.
6. Information about any business activity of employees that is not backed up by the company, including the use of home machines, laptops, PDAs, etc.
7. The names of all key players in any actual or potential lawsuit or investigation.
8. The names, addresses, and contact info for any third party that holds or has access to company data.
9. Backup policies and procedures, including, but not limited to, hardware and software used to back up and archive information, documentation of what data is backed up, backup schedules, and locations of all backup media devices.
10. Computer-use policies and procedures, including, but not limited to, employee guidelines, password use, system logging, security controls, data retention, litigation holds, information sharing, and acceptable Internet and electronic message usage.
11. The location and contents of any relevant system and event logs.
A little tougher but wait, there’s more - Now we dig into the actual evidence gathering:
These are simply the major components in the identification, isolation, evaluation, and preservation of electronic evidence and represent a standardized method that will be admissible in court. Other steps and/or technologies may be necessary...
1. Record each media device with a unique identifying number.
2. Write protect each media device.
3. Forensically duplicate each media device to create a true mirror image (note that this does not mean copying or "Ghosting").
4. Mathematically verify and validate that the mirror image is identical to the original by using hashing algorithms (MD5, SHA1, SHA2).
5. Scan media devices for viruses and spyware—document the results.
6. Produce directory structure for each media device.
7. Analyze the electronic media and extract relevant information.
8. Secure each media device.
The following is a list of places you attorneys will want to search for evidence:
Electronic evidence may reside in numerous different locations throughout an organization’s technology infrastructure, your legal team will want to dig into any/all/or even more than the following...
Electronic Information
1. Servers
2. Mainframes
3. Network file systems
4. Workstations
5. Laptop computers
6. Personal digital assistants (PDAs)
7. (Personal home computers
8. Private branch exchange (PBX)
9. Voice mail
10. Digital printers or copiers
11. Cell phones
Backup Media
1. Monthly systemwide backups
2. Weekly systemwide backups
3. Incremental systemwide backups
4. Unscheduled backups
5. Personal backups
Additional Media Devices
1. CD-ROMs
2. DVDs
3. Floppy diskettes
4. Zip disks
5. Tape archives
6. Removable hard drives
7. Thumb drives
8. Digital camera media
So, as you can see the e-discovery process will take a deep and broad look at your information technology environment and the data therewith in. Could you pull this together quickly? Waiting for litigation can be disastrous. Stay ahead of your legal communities expectations by calling an expert in information security, they can lead you to the tools and process necessary to smoothly integrate process, policy and technology to accommodate the challenge e-discovery brings.
Cool,
Thanks for bringing this up
Reply to this