Electronic Information Management (EIM)

Technology Assisted Review (TAR) / Predictive Coding — New Decision

Thanks to Hon. (Ret.)  Andrew J. Peck, now Senior Counsel at DLA Piper, I just learned of a hot-off-the-presses (yesterday) Technology Assisted Review decision by the Utah federal district court.

For a quote from, and link to, the Entrata decision, check out the recent updates to the TAR / Predictive Coding Library I maintain at this blog site.

And while you’re there, you’ll see another new link — to another predictive coding online resource maintained for CTRL by Driven, Inc.’s Phil Favro.

Of course, if you can implement a more high tech eSignatures regime, do so. 

For examples of available platforms, see the “Vendors” links in my eSignatures Bibliography.

In any event, here is a lower tech method  . . .

Continue Reading Adobe Acrobat Tech Tip — Inserting Scanned Signature Page(s) into an Agreement — a Low-Tech eSignatures Regime

In this colorful 6-minute Records Retention video, I provide an overview of how a well-organized Electronic Information Management (“EIM”) environment can help a company of any shape or size:

  • improve efficiency;
  • save money on storage;
  • reduce risk; and
  • prepare for litigation and eDiscovery.

Fenwick & West’s  EIM Practice Group, which I lead, is now in its second decade.   In at least 50 matters, my EIM teammates and I have provided practical and economical hybrid legal / IT / information-security advice.

 Heartbleed — The “Data Map” Lesson — Intro

The Heartbleed vulnerability is, by now, an item about which we have all assuredly heard a lot.   To get caught up on your reading on the technology aspects of this issue, see the linked articles I have compiled in the “To Learn More” section at the end of this post.    Note, though, that one key lesson is much more of a common-sense, communication and organizational one.  Most every organization could readily beef up its information-security by creating and then maintaining an up-to-date chart or “ data map” of the who/what/when/why/where of its electronically stored information (ESI).


  Where’s Your Organization’s Data?

In the 1960’s, a local New York City TV station came up with the phrase “It’s 10 PM. Do you know where your children are?”   In the 21st century, any organization would do itself a favor by asking the same question about its electronically stored information (ESI).  No matter its shape or size, many a company diffuses its information-management and information-security among various people, systems and locations.   So, generating a chart listing every key vat inside and outside the company’s physical and virtual walls is a must.

A simple spreadsheet is better than nothing and also better than having a disparate set of protocols/lists.   There should be a row for each key repository, e.g., each:

  • Database
  • Website
  • Cloud environment

And the columns (some of which would entail YES/NO) could include:

  • System Name
  • Content Type
  • In-House or Cloud
  • Owner Name (point of contact)
  • Owner Contact Info.
  • Encrypted at Rest
  • Encrypted in Transit
  • Retention/Deletion Rule(s)
  • Back-up Schedules
  • DR/BC Status (Disaster-Recovery/Business-Continuity)

For Cloud-stored data, additional columns could be:

  • Segregation from Others’ Data
  • Notice-of-Breach Duty Shifted

Finally, to paraphrase George Orwell in “Animal Farm,” some data is more private than other data.  Several categories of information thus warrant special in-the-trenches attention once their locations have been idenitfied:

  • Personally identiable information (PII)
  • Protected health information (PHI)
  • Payment card industry information (PCI)

Now, it’s time to begin charting . . . and to start mapping . . .


  

To Learn More

 

Some resources as to ESI data-mapping:

—  Brownstone, Electronic Records Retention, Nat’l Const. Confs. Webinar Slides, at 25 (Mar. 20, 2014)

—  Stephenson, Streamline electronic discovery using a data map, Lawyers USA (Jan. 12, 2012) [quoting me 🙂 ]

—  Brownstone, Data-Mapping & Electronic Information Management, Lorman Webinar Slides (Nov. 4, 2009)

                                        And even more as to “Heartbleed”:

—  Codenomicon, The Heartbleed Bug (last visited 5/6/14)

—  Qualys, SSL Server Test (last visited 5/6/14)

—  Valsorda, Heartbleed test (last visited 5/6/14)

—  Goodin, Confirmed: Nasty Heartbleed bug exposes OpenVPN private keys, too, ars technica (4/16/14)

—  Lee, Here’s why it took 2 years for anyone to notice the Heartbleed bug, Vox (4/12/14)

—  Geuss, Private crypto keys are accessible to Heartbleed hackers, new data shows, ars technica (4/12/14)

—  Schneier, Heartbleed is a catastrophic bug in OpenSSL, Schneier on Security (4/11/14)

—  Felten, How to protect yourself from Heartbleed, Freedom to Tinker (4/11/14)

—  Grant, The Bleeding Hearts Club: Heartbleed Recovery for System Administrators, EFF (4/10/14)

—  Cipriani, Heartbleed bug: Check which sites have been patched, CNET (4/9/14)

—  Shankland, ‘Heartbleed’ bug undoes Web encryption, reveals Yahoo passwords, CNET (4/8/14)

—  Kumparak, Massive Security Bug In OpenSSL Could Affect A Huge Chunk Of The Internet, TechCrunch (4/7/14)

—  Timson, Who is Robin Seggelmann and did his Heartbleed break the internet?  Sidney Morning Herald (4/11/14)

Amended Federal Rule of Civil Procedure 45 to take effect

When we all return to work from Thanksgivukkah weekend, Federal Rule of Civil Procedure (FRCP) 45, governing non-party subpoenas, will have changed, effective December 1, 2013.  To review the new content, follow one or both of these links:

A set of accompanying changes will also have been made to FRCP 37(b)(1), as reflected at these other links:

And, the all important Advisory Committee Notes can be accessed here:


 

Overview of Several of the Key Changes

 

1.  Issuance from Court Handling Underlying Case

  • Now a subpoena not only can but “must be issued from the court where the action is pending.” (emphasis added)
  • No longer must it issue from a court located in the geographical area for compliance.

2.  Nationwide-Service and Compliance-Location Clarification

  • Now “[a] subpoena  may be served at any place within the United States,” even though the compliance location must be tethered to the recipient’s place of residence, work or business.
  • No longer does one ever need to refer to state law — as to, e.g., compliance location.

3.  Forum for Subpoena-Related Motions/Disputes — a Change but With Some Flexibility

  • Now, subpoena-related disputes will typically be resolved in the district court in the compliance location; however, there is a possibility of transfer of a pertinent motion to the issuing court.
    • FRCP 45(d)(3) [formerly (c)(3)]
    • FRCP 45(f) [NEW subsection]
    • Advisory Committee Note to 45(f)
      • “In some circumstances . . . transfer may be warranted in order to avoid disrupting the issuing court’s management of the underlying litigation, as when that court has already ruled on issues presented by the motion or the same issues are likely to arise in discovery in many districts[; t]ransfer is appropriate only if such interests outweigh the interests of the nonparty served with the subpoena in obtaining local resolution of the motion.”
  •  No longer does one have to bring such a motion before the issuing court; however, “the court where compliance is required . . .  may transfer a motion . . . if the person subject to the subpoena consents or if the court finds exceptional circumstances.”

To Learn More

As to a range of eDiscovery issues related to non-party subpoenas, see:

—  eDiscovery: Subpoenas and Non-Party Production Issues (lengthy slide deck from a webinar I did for Lorman Education Services 5/20/13)

   —  Obligations When Third Parties Control Data, by Barry M. Kazan & Emily J. Mathieu of Thompson Hine, N.Y.L.J. (10/7/13)

 As to the brand new FRCP changes (including ones not touched on in this post), see these excellent resources:

—  Changes to [FRCP] 45  . . .  Promise To Simplify Federal Subpoena Practive, by Christopher Tompkins & Ethan E. Kent, Jenner & Block (11/14/13)

—  Rule 45 Changes in Motion, by Richard Marcus, Distinguished Professor of Law, UC Hastings College of the Law, Recorder (8/8/11) (LEXIS ID & Password required)

—  Rule 45 Third‐Party Subpoenas and Upcoming Amendments, by Jonathan E. Goldberg of SNR Denton and Darren A. Craig of Frost Brown Todd, Strafford Publications (7/11/13)

—  Report of the Civil Rules Advisory Committee  (6/6/11)

—  Survey of Issues Regarding [FRCP] 45, by Prof. Richard Marcus, Associate Reporter to the Advisory Committee on Civil Rules of the Judicial Conference of the U.S. (3/14/09)

Just a quick note to remind (?or first-mind?) everyone that this site’s Resources page is an ever-expanding universe.

Some highlights of recent additions and changes include:

  • Brand new eSignatures Bibliography posted on 9/11/13
  • New/replacement Records-Retention slide deck from a webinar I did for NCC on 9/10/13
  • Revised/updated Predictive Coding & T-A-R slide deck — as revised 5/11/13

Keep visiting ITLawToday’s Resources page and the rest of this site to stay up to date on the intersection of law and IT.