eDiscovery - Turning Risks into Rewards: Developing a Comprehensive Records and

Information Management Framework

Event: ARMA 2011 Annual Symposium Toronto, Ontario, Canada June 1, 2011

Presented by; Keith Atteck Supervisor, Information Management Vale

2

VALE - (NYSE: VALE) www.vale.com Vale was born in 1942 in Brasil

Vale Canada Limited, a wholly-owned subsidiary of Vale Vale's nickel business, formerly known as Inco, has a rich history

dating back more than 100 years in Canada.

What we do Worlds largest producer of Iron Ore and one of the worlds largest producers of

nickel Vale also produces copper, manganese, ferroalloys, bauxite, alumina,

aluminum, coal, cobalt, PGMs, fertilizers, steel, and energy Vale operates on six continents through its mining operations, mineral research

plants, and commercial offices Employ > 100,000 employees, including outsourced workers worldwide

3

Topic:

eDiscovery - Turning Risks into Rewards: Developing a Comprehensive Records and Information Management Framework

Implementing a comprehensive RIM Framework and why it is the best defense in Discovery

Mitigating risk while maintaining record-keeping compliance

Applying Canadian General Standards Board standards to keep records with integrity

4

Disclaimer

The views expressed in this presentation are those of the author.

5

Source: http://edrm.net/

IM is the source for discovery Poor IM = Hard Discovery Good IM = Easy Discovery

Goal

6

Risk: Information Management (IM)

Why must information be systematically managed and protected?

Now, where did I put

that document?

eRecords on Servers make the job more critical?

7

Risk: Information Management (IM)

Source: ARMA Drafting a ‘Dream Team’ to Prevent E-Discovery Nightmares NOVEMBER/DECEMBER 2010 INFORMATIONMANAGEMENT

8

Risk: IM Technology Evolution Paper Record, Blue Print Drawing

1. Print, Index, Folder, Cabinet, Box, Binder, Stick File, etc.

Electronic File – Name.doc, xls, ppt, pdf, dgn, dwg, etc.

2. Hard Drive – PC or Laptop, C:\ Folders

3. Network Shared Drive, S:\ I:\ Folders

4. E-mail, Personal Folders - Outlook

5. Floppy, CD, DVD, PDA, Flash Drives, iPad etc.

6. Web Sites - Intranet, FTP, Extranet, Portals – SharePoint

7. Tracking Databases – ERP, etc.

• Enterprise Content Management (ECM) & Imaging

• Wikis, Blogs, IM, Web 2.0, Cloud Computing, etc. Futu

re,

Cu

rren

t P

rese

nt

& P

ast

9

RIM: Solving Business Issues

Paper to electronic records paradigm shift Paper the record – electronic the convenience Paradigm Shift Electronic the record – Paper the convenience

Technology Systems Differentiation Systems of Record – Official Corporate Records Vs. Systems of Engagement – Sharing and Messaging Vs. Systems of Management – Dynamic Databases Etc.

All

may be deemed Records

& All

may be Relevant

In Discovery

10

Risk: IM is Global!

Think Globally and Act Locally

11

Risk: Evidence Canada Evidence Act

“31.1 Any person seeking to admit an electronic document as evidence has the burden of proving its authenticity by evidence capable of supporting a finding that the electronic document is that which it is purported to be.”

“31.2 (1) The best evidence rule in respect of an electronic document is satisfied

• (a) on proof of the integrity of the electronic documents system by or in which the electronic document was recorded or stored; or

• (b) if an evidentiary presumption established under section 31.4 applies.”

“31.5 For the purpose of determining under any rule of law whether an electronic document is admissible, evidence may be presented in respect of any standard, procedure, usage or practice concerning the manner in which electronic documents are to be recorded or stored, having regard to the type of business, enterprise or endeavour that used, recorded or stored the electronic document and the nature and purpose of the electronic document.”

Source: Department of Justice - http://laws.justice.gc.ca/eng/StatutesByTitle/C.html

Application of best evidence rule — electronic documents

Authentication of electronic documents

Standards may be considered

12

Best Practice: Evidence Canada CAN/CGSB 72.34-2005 - Electronic Records as Documentary Evidence

“5.2.1 Those who wish to present an electronic record as evidence in legal proceedings shall be able to prove

a) authenticity of the record;

b) integrity of the Records Management System that a record was recorded or stored in; and

c) that it is "a record made in the usual and ordinary course of business" or that it is otherwise exempt from the legal rule barring hearsay evidence.”

Source: CGSB - http://www.tpsgc-pwgsc.gc.ca/ongc/home/index-e.html

13

Best Practices: Standards ISO 15489:2001 – Information and Documentation – Records Management – Guidelines

ANSI/AIIM TR31-2004 – Legal Acceptance of Records Produced by Information Technology Systems

CAN/CGSB 72.34-2005 - Electronic Records as Documentary Evidence

BIP 0008-2004 – Code of Practice for Legal Admissibility and evidentiary weight of information stored electronically

MoReq2 Specification – Model Requirements for the Management of Electronic Records

PROS 99/007: Version 2: 2005 Management of Electronic Records - Victorian Electronic Records Strategy (VERS)

GARP – Generally Accepted Recordkeeping Principles (ARMA)

International

United States

Canada

United Kingdom

Europe

Australia

Other

14

Best Practice: ISO15489 ISO15489-1:2001 – Information and documentation – Records management

Applies to records, in all formats, created or received by any public or private organization in the conduct of its activities, or any individual with a duty to create and maintain records.

Supports: • Electronic Records Management (ERM) & Physical Records • ISO9001 – Quality Management Systems • ISO14001 – Environmental Management Systems • ISO/IEC 17025: 2005 General requirements for the competence of testing and

calibration laboratories Sets principles of Records & Information Management practice

• Organization institute comprehensive program • Characteristics, Authenticity, and Integrity of a record • Based on Functional Classification

Design and implementation of record systems • Integrity of the system • Compliance to legal and regulatory environment • Documenting records transactions

Source: ISO http://www.iso.org/iso/catalogue_detail?csnumber=31908

15

Best Practice: GARP

Information Governance with Generally Accepted Recordkeeping Principles (GARP)

8 Principles Principle of Accountability Principle of Integrity Principle of Protection Principle of Compliance Principle of Availability Principle of Retention Principle of Disposition Principle of Transparency

GARP Capability Maturity Model

Source: ARMA http://www.arma.org/garp/index.cfm

GARP Maturity Level

Colour Status

1 Sub-standard RED

2 In Development ORANGE

3 Essential AMBER

4 Proactive BLUE

5 Transformational GREEN

16

RIM: Vision Ecosystem of Information Working in one environment where all records are;

Created or Captured – once, Collaborated Globally – version controlled, and Managed – as records.

Being Confident that; You can find the original record – every time, You know who worked on it – who used it, and You know what it was used for – related to activity.

Know that: One never has to search any other system, One can leverage the collective wisdom and knowledge of the organization, and Everyone’s efforts will not be lost or misplaced.

17

RIM: Guiding Principles SINGLE authoritative source of information

All documents will be filed electronically Into one system as a normal course of business Everyone depends on the system

Manage only ONE COPY File once – use many times - in many ways All transacted records made from the document management system

FIRST point of contact principle The person who is first point of contact with documentation is

responsible for determining and ensuring that documentation is appropriately filed

18

RIM: Program Framework

Fundamentals of Records & Information Management Uses GARP, ISO15489, CGSB,

ARMA, AIIM Standards, etc. Technology agnostic Conforms to Laws, Regulations

All must be developed and in place to implement ECM RIM is the core – the foundation Everything else is an output of RIM Including eDiscovery

Classification Retention

Metadata

Security

Vital Records Electronic Messages

Legal Hold & Discovery Imaging

Technology Change Organization Change

Etc.

19

RIM: Program Framework

Record Decision Record Classification & Retention Business Rules

20

Enterprise Content Management (ECM)

RIM Framework Governs ECM Technology Deployments

21

RIM: Compliance Auditing

General - Benefits of Auditing Test the degree of integrity of systems and procedures Understanding degree and extent of compliance Identifying gaps in procedures and training

Local - Due Diligence Reviews Conduct regular reviews of all record classifications & metadata Identify change issues of employees and management Identifies changes in the business environment and gaps in training

Global - Quality Assurance Reviews Critical for demonstrating integrity of systems, tools and procedures Management knows if the systems, tools and procedures are working Important for Litigation support – Safe Harbour

22

Risk Vs. Rewards for Business Risk – The Blind

Lack of Governance - ad hoc IT is in charge?????? Don’t know what are records Don’t know the custodians Inability to audit Number of uncontrolled information

types and sources Volume of duplication Lack of information category structure Too much technology Can’t find anything easily Poor basis for business decisions No idea what is really happening ECM deployments tend to fail Etc.

Rewards – Clear Vision Good governance & transparency RIM Manager is in charge Can identify a record and a copy Can identify record authors, custodians and users Auditable - demonstrates due diligence Controlled record types and sources Avoids uncontrolled repositories Reduced volume – original records Global search categories – relevancy Integration of Knowledge Management Can find everything quickly and efficiently – better decisions Controlled technology evolution Reduced stress to the organization and its personnel ECM has a solid foundation and can succeed Etc.

ROI – Risk of Incarceration (reduced)

Which version do you want to present in

court?

23

RIM Professionals “RIM professionals can offer a safe harbor of sorts….

This requires that RIM professionals understand the key legal and IT issues and for them to collaborate effectively with staff in those departments to ensure the implementation and management of a solid, documented, and explainable records management program.

When a RIM program is in effect and adhered to as it is written – and the organization can show proof of compliance with the program – the organization’s attorneys are in a much better position to defend its ediscovery processes and the information it did – or didn’t produce.”

Resources: American Records Management Association (ARMA)

• http://www.arma.org/ • Chapters in Canada

Association of Imaging and Information Management (AIIM) • http://www.aiim.org/ • Chapters in Canada

Source: ARMA Drafting a ‘Dream Team’ to Prevent E-Discovery Nightmares NOVEMBER/DECEMBER 2010 INFORMATIONMANAGEMENT

24

Source: http://edrm.net/

IM is the source for discovery Poor IM = Hard Discovery Good IM = Easy Discovery

Goal

25

Questions ?????

Contact: Keith Atteck C.Tech. ERMm Supervisor, Information Management Vale Corporate Office Base Metals 2101 Hadwen Road Mississauga, Ontario, Canada, L5K 2L3 T: 1 (905) 403 3179 F: 1 (905) 403 1098 keith.atteck@vale.com

Turning Risks into Rewards: Building a Comprehensive Records and

Information Management Framework

Event: ARMA 2011 Annual Symposium Toronto, Ontario, Canada June 1, 2011

Presented by; Keith Atteck Supervisor, Information Management Vale