1 / 37

This Webcast Will Begin Shortly

This Webcast Will Begin Shortly. If you have any technical problems with the Webcast or the streaming audio, please contact us via email at: accwebcast@commpartners.com Thank You!. Panel. Moderator

zeheb
Télécharger la présentation

This Webcast Will Begin Shortly

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. This Webcast Will Begin Shortly If you have any technical problems with the Webcast or the streaming audio, please contact us via email at: accwebcast@commpartners.com Thank You!

  2. Panel Moderator Sonia G. Cudd, Associate Counsel and Assistant Secretary McCormick & Company, Incorporated Presenters Alice Lawrence, Principal Jordan Lawrence Daniel Cooperman, Senior Vice President, General Counsel and Secretary Oracle Corporation John Patzakis, Esq., Vice Chairman and Chief Legal Officer Guidance Software

  3. Infusing Records Policy into TechnologyApril 18, 2007Presented byAssociation of Corporate Counselwww.acc.com

  4. About Jordan Lawrence • Twenty years experience helping companies solve real-world records and information management problems • Objective - client-implemented best-practice standards and benchmarking data • ACC Alliance Partner ASSESSING DEVELOPING ENFORCING

  5. Legal and IT Objectives • Enforce your policy • Retain • Protect • Manage and Dispose • Make well-informed decisions • Have a verifiable legal hold process • Compliance with newly amended Federal Rules • Rule 26 “data map”

  6. Better Information for Better Decisions • What record types you have • Who owns or controls them • Where records are held and on what applications or media • What is the value of information and record types • When should information and record types be disposed

  7. Records DNA is Critical Record Names Descriptions Activity Levels Active-Use Periods Volumes Management Subject Matter Experts Advisors Business Representatives Facts & Metrics People Record Type DNA Content Management Email Electronic: -IT Controlled -User Controlled Paper System Security Rapid Production Secure Destruction Regulatory Needs Business Needs Record Type Tagging Media & Application

  8. Assessment Value for IT and Data Security • Map personally identifiable information • Identify redundancies • Locate where information is shared • Opportunities to reduce legacy records and information • For more information, see www.jordanlawrence.com/benchmarking

  9. Assessment Value for Legal • Rule 26 “data map” • Identify and prioritize risks • Bridge legal and IT objectives • Opportunities to reduce legacy records and information • For more information, see www.jordanlawrence.com/benchmarking

  10. Infusing Policy Into Technology Enforcement Solutions

  11. Hold Management • Enact immediate and verifiable legal holds • Process must cover all users, all record types, all systems and media • Dispose of obsolete records and information • Keep policy and critical information up-to-date

  12. Jordan • Better information for better decisions • Bridge legal and IT objectives • Policy must be tied to process and technology • Must have an effective “hold management” process alawrence0407@jlgroup.com 636.821.2222

  13. Daniel Cooperman SVP, General Counsel and Secretary Oracle Corporation

  14. Applications Middleware Founded in 1977. Headquarters in Redwood Shores, CA • $14 billion revenue FY06 (46% from outside US) • 275,000 customers • 17,700 partners • 68,000 employees (59% outside US) • 14,000 developers • Operations in 145 countries • 87 operating subsidiaries Database Oracle Corporation Key Facts

  15. Phase IIICorporate Gatekeeper 2000s - ? General Counsel Responsibility • Activist General Manager • Architect and manage key enterprise projects, e.g. records management • Employ marketing strategies to engage clients in critical initiatives • Resolve disputes “upstream” • Provide advice to the board on business risk Phase IICorporate Confidante1990s • Functional Leader • Orient department around business client satisfaction • Follow and report on legal trends • Reassess selection and management of outside counsel with focus on cost-savings • Functional Leader • Orient department around business client satisfaction • Follow and report on legal trends • Reassess selection and management of outside counsel with focus on cost-savings Phase IIn House Counsel1970s-1980s • Executive Committee Member • Participate in strategy and operational reviews • Provide legal advice to senior corporate executives • Executive Committee Member • Participate in strategy and operational reviews • Provide legal advice to senior corporate executives • Executive Committee Member • Participate in strategy and operational reviews • Provide legal advice to senior corporate executives • Legal Technician • Manage Legal Department • Direct Litigation; Board Secretary • Provide Regulatory Expertise • Legal Technician • Manage Legal Department • Direct Litigation; Board Secretary • Provide Regulatory Expertise • Legal Technician • Manage Legal Department • Direct Litigation; Board Secretary • Provide Regulatory Expertise Evolution of General Counsel’s Role Source: General Counsel Roundtable, 2006

  16. Compliance is New Normal Increased Responsibilities Litigation on the Rise “ 80% of general counsels surveyed directly managed the company’s compliance function.” Source: General Counsel Roundtable, 2005 Health Insurance Portability and Accountability Act Children’s Online Privacy Protection Act Gramm-Leach Bliley Act Patriot Act Domestic Security Enhancement Act … and many more Sarbanes-Oxley Act Fair Credit Reporting Act Family Education Rights Privacy Protection Act Federal Rules of Civil Procedure Foreign Corrupt Practices Act Computer Fraud and Abuse Act 51 or moreLawsuits 23% 21 to 50Lawsuits 11% 11% 7% 2005 2006 2005 2006 Source: Fulbright & Jaworski, 2006 First-Year Associate Salaries Skyrocket Legal Spending Increases Lawyers as Gatekeepers “ $ Millions Consistent with Sarbanes-Oxley’s focus on the important role of lawyers as gatekeepers, we have stepped up our scrutiny of the role of lawyers in the corporate frauds we investigate.” Stephen Cutler, Director,SEC Division of Enforcement, 2004 100% 30 $26.6 $25.4 75% New York California Chicago Miami Boston $160,000 $160,000 $145,000 $145,000 $145,000 20 63.4% 57.6% 50% 10 $14.6 $16.9 25% 0 0% 2004 2005 Source: BTI Consulting Group, 2006 A Pressure Cooker Environment

  17. Compliance & Ethics Programs RecordsRetention IT Governance Anti-Money Laundering Data Privacy & Security Supply ChainTraceability Financial ReportingCompliance LegalDiscovery EU Directives SOX SB1386 HIPAA … EnterpriseApplications Data Warehouse Apps Server Database Mainframes Mobile Devices A Piecemeal Approach to Compliance Creates Complexity and Inconsistency GRC Programs People Customers Finance Suppliers R&D Mfg Sales HR Legal Technology Regions PatriotAct ExportControl CorporatePolicy Basel II FCPA Mandates

  18. Build a Sustainable Platform for Governance, Risk, and Compliance Business Intelligence, Reporting, Dashboards Risk and Compliance Management Training and Learning Business Applications Structured Data Content and Records Management Unstructured Data Security and Identity Management

  19. Information in Business Systems (ERP, SCM, CRM, etc.) 30% Structured Information Contracts, Email, Voicemail, Memos, Web Conferences, Data Sheets, Instant Messages, Planning Documents, Forecasts, Quotes, etc. Unstructured Data 70% Unstructured Data: A Significant Risk

  20. Critical Success Factor Connecting Record Policies to Technology • Establish Retention Policies for Information and Records • Create the technology infrastructure to support Records and Retention Management Platform across the Enterprise

  21. Broader, Consistent, Enforced Policies Combined with Technology Reduce Exposure Enterprise Information Inventory Knowing What You Have Information Retention Policies Keeping What You Want Records Retention Keeping What You Need Legal Review and Analysis Reducing the eDiscovery burden Reducing the eDiscovery Burden

  22. Base Your Records Retention Policies on “Best Practices” • Capture information from the right people to design policies that support business and regulatory requirements • Apply retention policies to all content across multiple repositories, not only records • Don’t retain more content than is necessary • Apply policies consistently and universally • Centralize policy administration and disposition processing • Apply legal holds promptly and universally to minimize user disruption

  23. Connecting Record Policies to Technology Records Policies Central Policy Management Universal RecordsManagement Discovery Services FederatedElectronicRepositories PhysicalRecordsManager NotificationEngine RecordsManager EnterpriseApplications Data Warehouse EnterpriseContentManagement Database Mainframes Desktops

  24. Final Considerations Are you driving your company’s information management strategy for regulatory compliance and litigation readiness? Knowledge Do you have a long-term vision to reduce reliance on external counsel and prepare for future regulatory requirements? Vision Are you working with your IT staff to deploy a technology platform that will make your vision a reality? Technology Source: http://www.appliedlearninglabs.com/solutions/opexcell.html

  25. John Patzakis, Esq. Vice Chairman and Chief Legal Officer Guidance Software

  26. 3 Key Legal Requirements Related to Records Management 1.Need to Actively Enforce Existing Policies 2. Need to Execute Timely and Effective Litigation Holds to Override Retention Procedures 3. Need for Documentation and Transparency of eRecords Enforcement Efforts and Litigation Holds

  27. E-Records Retention Enforcement and The Law 1. Enforcement Using a Systemized and Objective Process -Samsung Electronics v. Rambus, 439 F.Supp.2d 524 (E.D. Va. 2006), (Court finds records management policy applied in bad faith and in a non-systemic manner) -Active Enforcement is Key To Establishing Routine Operation and Process Defensibility 2. Must Document and Report eRecords Enforcement Activity -Samsung Electronics v. Rambus, (Rambus kept no records of the kinds of documents that were destroyed,” or the parameters for such destruction) 3. Purging of Records Pursuant to Established Policy Must Be Overriden in Face of Duty to Preserve -Broccoli v. Echostar Communications, 229 F.R.D. 506 (D. Md. 2005)

  28. Safe Harbor: Only Possible with a Process • Rule 37(f): No Penalties for Deleting ESI due to Routine Operation of IT Systems, and if Reasonable Preservation Steps Taken • Must be Due to Routine Operation and in Good Faith • Procedures Must be: Established, Documented and Operational • Systemized Framework For Early Attention (Litigation Hold) Must be in Place • Caveat --- Committee Note: “A party is not permitted to exploit the routine operation of an information system to thwart discovery obligations by allowing that operation to continue in order to destroy (relevant ESI).”

  29. Court Scrutiny of E-Discovery Collection Process • In re NTL, Inc. Securities Litigation, 2007 WL 241344 (S.D.N.Y. Jan. 30 2007) • “Although NTL sent out hold memos in March and June 2002 . . . those hold memos were not sufficient, since they subsequently were ignored. . . The evidence, in fact, is that no adequate litigation hold existed.” • Samsung Electronics v. Rambus, 439 F.Supp.2d 524 (E.D. Va. 2006) • "It is not sufficient, however, for a company merely to tell employees to 'save relevant documents,' ... this sort of token effort will hardly ever suffice." • court faults “the lack of specificity in defining what documents would be relevant to litigation” • Wachtel v. HealthNet, 2006 WL 3538935 (D.N.J.); Court criticizes HealthNet’s “utterly inadequate” eDiscovery process where paralegal merely emails preservation notifications

  30. Would Your Organization’s eDiscovery Search and Collection Efforts Withstand This Scrutiny? • Peskoff v. Ferber --- F.R.D. ----, 2007 WL 530096 (Feb. 21, 2007 D.D.C.) "Once the search is completed...Defendant must also file a statement under oath by the person who conducts the search, explaining how the search was conducted, of which electronic depositories, and how it was designed to produce and did in fact produce all of the emails I have just described. I must insist that the person performing the search have the competence and skill to do so comprehensively. An evidentiary hearing will then be held, at which I expect the person who made the attestation to testify and explain how he or she conducted the search, his or her qualifications to conduct the search, and why I should find the search was adequate.“

  31. Preservation Only Required For Relevant Data • “Clearly” no duty to “preserve every shred of paper, every e-mail or electronic document, and every backup tape…Such a rule would cripple large corporations.” Zubulake v. UBS Warburg LLC, 220 F.R.D. 212, 217 (S.D.N.Y. 2004) • This concept is reflected in the New Federal Rules (FRCP). Committee Notes endorse “narrowly tailored” preservation and the need to “balance between the competing needs to preserve relevant evidence and to continue routine operations critical to ongoing activities” (Note to Rule 26(f).) • Rule 26(f) also invokes the Manual for Complex Litigation (4th) § 40.25(2); Which Provides for Targeted Collection Based Upon Keywords, Date Ranges, File Types and Specified Custodians

  32. Recent Cases Support Targeted ESI Search and Collection • Flexys Americas v. Kumho Tire: 2006 WL 3526794 (N.D. Ohio); • Court limits Search to Specific Custodians, Time Frames and Keywords • Treppel v. Biovail Corporation, 233 F.R.D. 363 (S.D.N.Y. 2006). • Court: defined search strategies are appropriate in cases involving ESI. If meet and confer efforts are refused, producing party should proceed with reasonable search criteria with a clear record of opponent’s refusal. • Caveat: Without an Established Process with the Right Technology, Collection Efforts Will Be Overly Broad, Resulting in Substantial “Back End” Costs (processing, excess data hosting and review).

  33. About Guidance Software • Founded 1997. (NASD: GUID) • Largest provider of computer investigation software, training and services • Over 24,000 users of EnCase® computer forensic software worldwide • More than 3,800 trained annually • Over 350 of Global 2000, including over 100 of the Fortune 500, use EnCase® Enterprise software • Headquartered in Pasadena, CA • Offices in SF, DC, NY, Houston, Chicago (opening Q1 2007) and the UK

  34. Key Cases That Address “Process Defensibility” and EnCase: • Sanders v. State (Texas), 191S.W. 3rd 272 (Tex.App., 2006); Cert. Denied, --- S.Ct.---, 2007 WL 91482 (U.S.), (Court takes Judicial Notice of the reliability of EnCase, finding “EnCase is a ‘field standard’ for forensic computer examination; treatises about EnCase have been published.”) • Krumwiede v. Brighton Assocs., L.L.C., 2006 WL 1308629 (N.D. Ill. May 8, 2006) [Court finds that eDiscovery Consultant “created a forensically valid copy of the laptop's hard drive using EnCase software.” This allowed the consultant “to examine the metadata and the content of the files on the computer...”] • Williford v. State (Texas), 127 S.W.3d 309 (Tex.App. 2004). • State (Ohio) v. Cook, 777 N.E.2d 882 (Ohio App. 2002) • Used by the SEC, FBI, Secret Service, FTC, foreign governments, state and local law enforcement, etc. • See, e.g., United States v. Shirazi,  2006 WL 1155945 (N.D.Ill., May 1, 2006)

  35. Key Benefits of The EnCase Enterprise Process • Order of magnitude cost savings. EnCase eDiscovery enables an in-house process that is highly efficient due to its scalability, ability to cull at the point of collection, and integrated processing capabilities. • Consistent and systemic enterprise-wide processes. Enables implementation of repeatable enterprise-wide eDiscovery process. This facilitates compliance with the new Federal Rules. • Judicial acceptance of EnCase technology. Company can count on judicial approval of their defensible process for collection and preservation of ESI. EnCase Enterprise is also the Industry Standardfor Internal Investigations involving ESI. • Ability to Enforce eRecords Retention Polices at the Desktop Level on a Global Basis

  36. Further Resources Request new white paper on eDiscovery Collection Best Practices: Legal@EnCase.com eDiscovery Resources: www.kenwithers.com www.thesedonaconference.org “Digital Discovery & e-Evidence” Pike & Fisher http://ddee.pf.com

  37. Infusing Records Policy into TechnologyApril 18, 2007Presented bywww.jordanlawrence.com636.821.2222

More Related