IT Law Today

IT Law Today

News & Updates on the Lifecycle of Electronic
Information Management

About IT Law Today

From insight into hot button issues like BYOD and PII to EIM industry news, IT Law Today is specifically geared toward the in-house counsel or professional seeking to keep abreast of the latest legal, IT and practical developments....More...

Sarbanes Oxley (SOX) Criminal Prosecutions — a Library

Posted in eDiscovery Law & Process, Preservation and Spoliation

Sarbanes Oxley (SOX) Criminal Prosecutions — a Library

Check out the new SOX Obstruction of Justice Resources Page now live at <http://www.itlawtoday.com/sarbanes-oxley-sox-criminal-prosecutions-a-library/>.

Let me know of additional links to other statutes, decisions, articles, etc.

And let’s be careful out there . . . . .

 

Technology Assisted Review ( TAR ) — Another Peck Decision

Posted in Culling and T.A.R., eDiscovery Law & Process

Check out the following items issued this week by Magistrate Judge Andrew J. Peck in Rio Tinto PLC v. Vale S.A., No. 14 Civ. 3042 (RMB) (AJP) (S.D.N.Y):

Both are discussed in this hot off the presses article by @LTNSeanDoherty in Law Technology News:  Federal Court Approves Parties’ Technology-Assisted Review Protocol, LTN (3/4/15) (“New York district court approves TAR process agreed to by parties, but acknowledges the protocol used may not apply to all TAR cases.”)

Also, in general, be sure to check out my now-updated TAR and Predictive Coding Library.

Electronic Signature (eSignature) Court Decision — a rare one

Posted in eSignatures

In an odd electronic signature (eSignature) context, on December 30, 2014 a California appellate court reversed a trial court’s upholding of a settlement agreement based on a typewritten name in an email string.    See J.B.B. Investment Partners v. Fair, 2014 WL 7421609 (Cal. App. 1st Dist. 12/30/14).

The circumstances made clear to the appeals court that the parties were anticipating a wet signature on a line on the email attachment; and the gist of the string was that there had not been an expressed intent to formalize the settlement agreement.   In part, the J.B.B. court interepreted the California version of the Uniform Electronic Transactions Act

However, this recent California decision did cite with approval other states’ decisions holding that “names typed at the end of e-mails can be electronic signatures.” (emphasis added).

To learn more about eSignatures law and technology, please visit my eSignatures Bibliography (online library).

 

 

Adobe Acrobat Tech Tip — Inserting Scanned Signature Page(s) into an Agreement — a Low-Tech eSignatures Regime

Posted in Acrobat, Electronic Information Management (EIM), eSignatures, Tuesday Tech Tips

Of course, if you can implement a more high tech eSignatures regime, do so. 

For examples of available platforms, see the “Vendors” links in my eSignatures Bibliography.

In any event, here is a lower tech method  . . .

 

  • STEP ONE

If the final content of the agreement is available in Word format, convert the agreement into .PDF:

  • Open the relevant Word file.
  • Choose Create PDF from the Acrobat drop-down menu
  • Agree to save the .pdf by, in the “Save” window by navigating to the desired drive location.
  • Once conversion is complete, page through the PDF file and make sure that the content and pagination are correct.
  • Scrub the metadata in Adobe Acrobat Standard or Professional via:

 

  • STEP TWO
    • Scan the signature page(s) (and then convert) into .pdf
    • OCR the signature page(s)  by using Acrobat’s built-in Recognize Text tool
    • If there is only one signature page, once you get the Recognize Text window, press the Enter key or click on OK
    • With multiple signature pages, click to fill the radio button to the left of All Pages
    • Press the Enter key or click on OK
    • Once all the pages have been OCR’d, SAVE THE FILE

 

  • STEP THREE
    • Open the converted-from-Word file
    • Click on the Pages tab
    • Right click on the thumbnail of the unsigned version of the signature page and choose Replace Pages . . .

[If there are multiple signature pages, you can select them all via Shift+Click or Ctrl+Click]

  • Navigate to the .PDF file having the scanned signature page(s)
  • Follow the prompts until you have replaced the unsigned version of the signature page(s) with the scanned signed version(s)
  • SAVE THE NOW-MODIFIED CONVERTED-FROM-WORD FILE

 

  • STEP FOUR
    • Document > Reduce File Size in Acrobat version 9 or lower;  OR
    • “File > Save As > Optimized PDF…” in Acrobat version X (a/k/a) 10 or lower
    • Then follow the prompts to re-save the file.

 

 

Records Retention Projects: ‘Clean That ESI Garage!’

Posted in Backups, eDiscovery Law & Process, Electronic Information Management (EIM), Information Security, Records Retention/Destruction

In this colorful 6-minute Records Retention video, I provide an overview of how a well-organized Electronic Information Management (“EIM”) environment can help a company of any shape or size:

  • improve efficiency;
  • save money on storage;
  • reduce risk; and
  • prepare for litigation and eDiscovery.

Fenwick & West’s  EIM Practice Group, which I lead, is now in its second decade.   In at least 50 matters, my EIM teammates and I have provided practical and economical hybrid legal / IT / information-security advice.

Heartbleed: It’s 10 PM; Do You Know Where Your Data is?

Posted in Cloud, Data Privacy, Electronic Information Management (EIM), Encryption, Information Security

 Heartbleed — The “Data Map” Lesson — Intro

The Heartbleed vulnerability is, by now, an item about which we have all assuredly heard a lot.   To get caught up on your reading on the technology aspects of this issue, see the linked articles I have compiled in the “To Learn More” section at the end of this post.    Note, though, that one key lesson is much more of a common-sense, communication and organizational one.  Most every organization could readily beef up its information-security by creating and then maintaining an up-to-date chart or “ data map” of the who/what/when/why/where of its electronically stored information (ESI).


  Where’s Your Organization’s Data?

In the 1960’s, a local New York City TV station came up with the phrase “It’s 10 PM. Do you know where your children are?”   In the 21st century, any organization would do itself a favor by asking the same question about its electronically stored information (ESI).  No matter its shape or size, many a company diffuses its information-management and information-security among various people, systems and locations.   So, generating a chart listing every key vat inside and outside the company’s physical and virtual walls is a must.

A simple spreadsheet is better than nothing and also better than having a disparate set of protocols/lists.   There should be a row for each key repository, e.g., each:

  • Database
  • Website
  • Cloud environment

And the columns (some of which would entail YES/NO) could include:

  • System Name
  • Content Type
  • In-House or Cloud
  • Owner Name (point of contact)
  • Owner Contact Info.
  • Encrypted at Rest
  • Encrypted in Transit
  • Retention/Deletion Rule(s)
  • Back-up Schedules
  • DR/BC Status (Disaster-Recovery/Business-Continuity)

For Cloud-stored data, additional columns could be:

  • Segregation from Others’ Data
  • Notice-of-Breach Duty Shifted

Finally, to paraphrase George Orwell in “Animal Farm,” some data is more private than other data.  Several categories of information thus warrant special in-the-trenches attention once their locations have been idenitfied:

  • Personally identiable information (PII)
  • Protected health information (PHI)
  • Payment card industry information (PCI)

Now, it’s time to begin charting . . . and to start mapping . . .


  

To Learn More

 

Some resources as to ESI data-mapping:

—  Brownstone, Electronic Records Retention, Nat’l Const. Confs. Webinar Slides, at 25 (Mar. 20, 2014)

—  Stephenson, Streamline electronic discovery using a data map, Lawyers USA (Jan. 12, 2012) [quoting me :) ]

—  Brownstone, Data-Mapping & Electronic Information Management, Lorman Webinar Slides (Nov. 4, 2009)

                                        And even more as to “Heartbleed”:

—  Codenomicon, The Heartbleed Bug (last visited 5/6/14)

—  Qualys, SSL Server Test (last visited 5/6/14)

—  Valsorda, Heartbleed test (last visited 5/6/14)

—  Goodin, Confirmed: Nasty Heartbleed bug exposes OpenVPN private keys, too, ars technica (4/16/14)

—  Lee, Here’s why it took 2 years for anyone to notice the Heartbleed bug, Vox (4/12/14)

—  Geuss, Private crypto keys are accessible to Heartbleed hackers, new data shows, ars technica (4/12/14)

—  Schneier, Heartbleed is a catastrophic bug in OpenSSL, Schneier on Security (4/11/14)

—  Felten, How to protect yourself from Heartbleed, Freedom to Tinker (4/11/14)

—  Grant, The Bleeding Hearts Club: Heartbleed Recovery for System Administrators, EFF (4/10/14)

—  Cipriani, Heartbleed bug: Check which sites have been patched, CNET (4/9/14)

—  Shankland, ‘Heartbleed’ bug undoes Web encryption, reveals Yahoo passwords, CNET (4/8/14)

—  Kumparak, Massive Security Bug In OpenSSL Could Affect A Huge Chunk Of The Internet, TechCrunch (4/7/14)

—  Timson, Who is Robin Seggelmann and did his Heartbleed break the internet?  Sidney Morning Herald (4/11/14)

European (EU) Data Protection Law Handbook now live (REVISED 6/12/15)

Posted in Cross-Border (International) Privacy Issues, Data Privacy, European Union (EU), International Law and Cross-Border Data Transfers

This 214-page document, “Handbook on European data protection law,” looks incredibly comprehensive.  It ends with 13 pages of citations to European case law on various issues.

The resource was “jointly prepared by the European Union Agency for Fundamental Rights and the Council of Europe together with the Registry of the European Court of Human Rights.”

Note also that, since 2012, the Euriopean Union has been working on major proposed amendments to the “Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995″.   A revised EU Directive was “adopted” in January 2012, and ostensibly implementation in 2015 is still the goal.  See this home page for the EU Directive amendments.

For some pertinent developments last fall, including backlash from Edward Snowden’s NSA revelations,  see:

To learn about the inherent conflicts between: on the one hand, U.S. discovery rules/scope; and, ont the other hand, data-privacy laws promulgated by the EU Parliament as well as by various individual countries in the EU (e.g., France, Germany, Italy and the UK . . .  check out these resources:

And also these excellent compilations:

While You Are Gorging — FRCP 45 (Non-Party Subpoenas) Changes Take Effect 12/1/13

Posted in eDiscovery Law & Process, Electronic Information Management (EIM), Federal Rules Changes, FRCP 45, Non-Party Subpoenas, Third-Party Subpoenas

Amended Federal Rule of Civil Procedure 45 to take effect

When we all return to work from Thanksgivukkah weekend, Federal Rule of Civil Procedure (FRCP) 45, governing non-party subpoenas, will have changed, effective December 1, 2013.  To review the new content, follow one or both of these links:

A set of accompanying changes will also have been made to FRCP 37(b)(1), as reflected at these other links:

And, the all important Advisory Committee Notes can be accessed here:


 

Overview of Several of the Key Changes

 

1.  Issuance from Court Handling Underlying Case

  • Now a subpoena not only can but “must be issued from the court where the action is pending.” (emphasis added)
  • No longer must it issue from a court located in the geographical area for compliance.

2.  Nationwide-Service and Compliance-Location Clarification

  • Now “[a] subpoena  may be served at any place within the United States,” even though the compliance location must be tethered to the recipient’s place of residence, work or business.
  • No longer does one ever need to refer to state law — as to, e.g., compliance location.

3.  Forum for Subpoena-Related Motions/Disputes — a Change but With Some Flexibility

  • Now, subpoena-related disputes will typically be resolved in the district court in the compliance location; however, there is a possibility of transfer of a pertinent motion to the issuing court.
    • FRCP 45(d)(3) [formerly (c)(3)]
    • FRCP 45(f) [NEW subsection]
    • Advisory Committee Note to 45(f)
      • “In some circumstances . . . transfer may be warranted in order to avoid disrupting the issuing court’s management of the underlying litigation, as when that court has already ruled on issues presented by the motion or the same issues are likely to arise in discovery in many districts[; t]ransfer is appropriate only if such interests outweigh the interests of the nonparty served with the subpoena in obtaining local resolution of the motion.”
  •  No longer does one have to bring such a motion before the issuing court; however, “the court where compliance is required . . .  may transfer a motion . . . if the person subject to the subpoena consents or if the court finds exceptional circumstances.”

To Learn More

As to a range of eDiscovery issues related to non-party subpoenas, see:

—  eDiscovery: Subpoenas and Non-Party Production Issues (lengthy slide deck from a webinar I did for Lorman Education Services 5/20/13)

   —  Obligations When Third Parties Control Data, by Barry M. Kazan & Emily J. Mathieu of Thompson Hine, N.Y.L.J. (10/7/13)

 As to the brand new FRCP changes (including ones not touched on in this post), see these excellent resources:

–  Changes to [FRCP] 45  . . .  Promise To Simplify Federal Subpoena Practive, by Christopher Tompkins & Ethan E. Kent, Jenner & Block (11/14/13)

–  Rule 45 Changes in Motion, by Richard Marcus, Distinguished Professor of Law, UC Hastings College of the Law, Recorder (8/8/11) (LEXIS ID & Password required)

–  Rule 45 Third‐Party Subpoenas and Upcoming Amendments, by Jonathan E. Goldberg of SNR Denton and Darren A. Craig of Frost Brown Todd, Strafford Publications (7/11/13)

–  Report of the Civil Rules Advisory Committee  (6/6/11)

–  Survey of Issues Regarding [FRCP] 45, by Prof. Richard Marcus, Associate Reporter to the Advisory Committee on Civil Rules of the Judicial Conference of the U.S. (3/14/09)