decoding the edrm - cdn.ymaws.com€¦ · edrm is the standard for the litigation process...
TRANSCRIPT
2018 ARMA Houston Spring Conference
Decoding the EDRM
Or How to Master the Identification Phase and Conquer the World
Todd L. Dietrich, CCE, EnCE, IGPBDO USA, LLP
2016 ARMA Houston Spring Conference2
Agenda
1. Introduction2. The Electronic Discovery Reference Model3. Litigation Readiness 4. Identification5. GDPR6. Key Takeaways7. Questions
2016 ARMA Houston Spring Conference3
With you today…
[email protected] Direct: 713 548 0791
2929 Allen Parkway20th Floor
Houston, TX 77019
Tel: 713 407 3826Fax: 713 968 7140
www.bdo.com
Todd L. Dietrich, CCE, EnCE, IGP
Todd Dietrich has more than 25 years of experience inproviding governance, risk management and complianceservices for global organizations. As a co-founder of BDO’sData & Information Governance Practice he leads our policyand procedures practice area where he regularly works withclients to evaluate IT, privacy, security, informationmanagement and related documents. Currently, Todd worksclosely with our clients to evaluate their privacy, informationmanagement and GDPR readiness requirements. In the pastTodd has assisted counsel with drafting discovery requests,protective orders and 30(b)(6) queries regarding digitalevidence; and with data collection planning and execution.As the former leader of BDO’s Digital Forensics team he hasa wide array of investigative and litigation support serviceswhere has been called upon to testify a number of times.Additionally, he has conducted digital forensics examinationsinvolving civil, criminal, due diligence, and internal corporatematters. These matters have included theft of intellectualproperty, DMCA/software piracy claims, False Claims Actinvestigations, keylogger detection and tracking, and variousemployment law issues.
2016 ARMA Houston Spring Conference4
EDRM: Electronic Discovery Reference Model
2016 ARMA Houston Spring Conference5
Understanding the EDRMPhase Description
Identification Locating potential sources of ESI & determining its scope, breadth and depth.
Preservation Ensuring that ESI is protected against inappropriate alteration or destruction.
Collection Gathering ESI for further use in the e-discovery process (processing, review, etc.)
Processing Reducing the volume of ESI and converting it, if necessary to forms more suitable for review and analysis.
Review Evaluating ESI for relevance & privilege.
Analysis Evaluating ESI for content & context, including key patterns, topics, people & discussion.
Production Delivering ESI to others in appropriate forms & using appropriate delivery mechanisms.
Presentation Displaying ESI before audiences, especially in native & near-native forms to elicit further information, validate existing facts or positions or persuade an audience.
2016 ARMA Houston Spring Conference6
Litigation Readiness
DEFINITION
Litigation Readiness can be defined as:
Proactive efforts taken by an organization to prepare for the discovery phase of litigation or an investigation. These efforts help to position discovery response as a consistent and defensible business process.
2016 ARMA Houston Spring Conference7
Litigation readiness in the EDRM
2016 ARMA Houston Spring Conference8
Market drivers
Costs Reduce discovery costs
less duplicate or unnecessary information
reduced processing, hosting, and review fees
Optimize discovery workflow
Risks Limit incomplete collections and
risk of spoliation
Reduce legal exposures from over retention of unnecessary records
Avoid inconsistent discovery processes
Drive compliance with regulators
GDPR
2016 ARMA Houston Spring Conference9
Identification
Custodians Relevant Departments
Locations
Current vs. former
Data Sources Email
Workstations
Mobile devices
Network locations
Locating potential sources of ESI & determining its scope, breadth and depth
2016 ARMA Houston Spring Conference10
Challenges to Easy Identification
Unstructured data in organizations
(Source: https://hbr.org/2017/05/whats-your-data-strategy)
50% is used in decision making
1% is analyzed or used at all
70% of employees have improper access to data
Analysts spend 80% of their time just looking for and preparing data
2016 ARMA Houston Spring Conference11
Identification Approach
Smaller Data Volumes
Catalog
Classify Clean-up
2016 ARMA Houston Spring Conference12
People, process, technology
Develop a designated response team
Seek input from business leaders
Users: trust, but verify
Crawl network collecting metadata
Index network content
Federated search Cloud storage
utilities
Optimize legal hold process
Align policies and processes with leading practices
Develop a response plan
2016 ARMA Houston Spring Conference13
More approaches to consider
Standardize data management for discovery Develop discovery vendor requirements Audit discovery vendors Reduce unnecessary data in the discovery process
Once a plan or process is established, memorialize it!
2016 ARMA Houston Spring Conference14
GDPR to the rescue!
Article 5 of the GDPR addresses retention and disposition.
Does not add any significant burdens on organizations with respect to record retention
The wrinkle for organizations is that with respect to personal data, section 5(1)(e) provides that it “be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.”
2016 ARMA Houston Spring Conference15
What is the GDPR?
The General Data Protection Regulation (GDPR) imposes new rules on organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents, no matter where they are located.
Enhanced personal privacy rights
Increased duty for protecting data
Mandatory breach reporting
Significant penalties for non-compliance
Fines are up to 4% of global revenues or €20 million, whichever is greater.
BECOMES EFFECTIVE ON MAY 25, 2018
2016 ARMA Houston Spring Conference16
GDPR Background, Impact & Context
Sensitive personal dataSensitive personal data are special categories of personal data that are subject to additional protections (e.g., genetic data, biometric data, criminal information).
Personal dataApplies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
Data subject rightsThe Right to: access, erasure, to be forgotten, or data portability.
2016 ARMA Houston Spring Conference17
EDRM is THE standard for the litigation process Litigation readiness is about being proactive Reducing costs and mitigating risks push litigation
readiness Identification is the nexus between litigation readiness
and information lifecycle management (ILM) The GDPR is a powerful lever to use to push IG, ILM,
RIM and LR initiatives.
Key takeaways
2016 ARMA Houston Spring Conference18
Questions?
2016 ARMA Houston Spring Conference19
You can contact me at: Email: [email protected] Direct Line: 713 548 0791
Thank you!