organizing your e-data in a paperless and e-discovery world · organizing your e-data in a...
TRANSCRIPT
Organizing Your E-Data in a Paperless and
E-Discovery World
David Bilinsky
LL.B. , Deborah Gillis QC
and Darlene Jamieson QC
November 30th, 2009
Introduction
New Civil Procedural Rules Highlight the Importance and
the Need for Good Electronic Records Management Systems
G
Paper Paradigm
B
Paper Continued…
B
Paper Continued…
B
E-Docs Paradigm
B
E-Docs Paradigm
B
E-Docs Paradigm
B
E-Docs Continued…
B
E-DiscoveryMajority of lawyers and their clients are not prepared for the expense, disruption of operations and time commitment required for the many issues arising from e-discovery
By some estimates, more than 90% of all information is created in electronic format. 92% of new information is stored on magneticmedia, primarily hard disks, compared to 0.01% for paper¹
Most estimates indicate the amount of data held by a corporationdoubles every two years
Costs associated with e-discovery/related litigation support is one of the fastest-growing areas of legal services in the United States approaching $4.1 billion by the end of 2010²
¹
Sedona Canada Principles: Addressing Electronic Discovery, January 2008
²6th
Annual Electronic Discovery Survey –
Projected Electronic Discovery Market Growth –
www.sochaconsulting.com/2008survery/ results_001.php
J
Electronically Stored Information (ESI) can include:
Spreadsheets
Text files (including word processing documents)
Internet history files
Graphical image files including .jpg, .gif, .tiff files
Databases
Calendar and scheduling information
Social networking sites
Blackberry messages
Presentation files (such as PowerPoint)
GPS data
J
Checklist of Sources for Electronic Evidence
Electronic Information
Servers
Mainframes
Network file systems
Workstations
Laptop computers
Personal digital assistants (PDAs)
Personal home computers
Private branch exchange (PBX) Voice mail
Digital printers or copiers
Cell phones
Backup Media
Monthly system-wide backups
Weekly system-wide backups
Incremental system-wide backups
Unscheduled backups
Personal backups
Tape archives
Removable hard drives
Thumb drives
Digital camera media
Additional Media Devices
CD-ROMs
DVDs
Floppy diskettes
Zip disks
Source:
The Electronic Evidence and Discovery Handbook; S. Nelson, B. Olson, J. Simek
J
Challenges: ESIElectronic discovery adds an additional layer of expense to the often burdensome cost of litigation –
essential as long we use
computers and other technologies
Easy to accumulate large quantities of ESI
Small organizations can accumulate significant data in short periods
Electronic documents are created in numerous formats
The ESI is often managed by multiple custodians in varying locations
E-discovery is a potentially expensive proposition
Processing fees for collection
Fees for production
Fees for legal review of relevant material
J
Nova Scotia Civil Procedure Rules 14, 15 and 16
Rule 14: Disclosure includes “electronic information”
Rule 15: Requirement for counsel certificate confirming affiant has been advised of requirements in Rules 14, 15 and 16
Rule 16: The electronic discovery provisions are based on the Sedona Principles
(Rule 16 has not yet been interpreted by our courts.) G
Litigation ReadinessLitigation readiness = limiting risk by planning and being
prepared
Objectives:
Perform a risk assessment
Establish ESI management policies and procedures (including data retention/destruction protocols)
Design and implement procedures for a legal hold
Compliance monitoring/reminders to custodians
J
Litigation Hold: Preservation of relevant information when litigation is
reasonably anticipated
Prevent spoilation
Meet legal requirements (Civil Procedure Rules)
Assemble a litigation response team that should include:
In-house counsel
IT department/litigation paralegals
External counsel
Issue litigation hold notices to:
Anyone within the client organization with direct knowledge of or involvement in the matters at issue in the litigation
Anyone likely to possess relevant records (including office assistants)
IT personnel
Individuals responsible for archiving client records
Identify external consultants and vendors
Identify the information you need and why (native files/images/metadata)
It is essential to work with opposing counsel to reach agreement regarding the scope of preservation and process for production of electronically stored information (meet and confer)
The more work done up front in the early stages to narrow requests, the more manageable the exercise
J
Ensuring ComplianceEducate your clients about the new Rules
Educate yourselfEnsure lawyers and legal staff document all steps taken in the discovery process
Ensure preservation of data to avoid claims of spoilation
Assemble appropriate litigation response teams
Know your own limitations – know when to call in a specialist
J
E-Discovery in Smaller Cases
Advising the client:
A single meeting can encompass preservation advice, collection of records and gathering of facts
The cost of preservation should be proportionate to the dollar value of the claim
Documents can be effectively and cheaply produced in smaller cases where counsel does not have litigation case management software (Adobe, PDF, Scanner)
Develop precedents for litigation readiness, preservation of data and litigation hold (sources)
J
oba.org
J
practicePro.ca
J
lexum.org
J
Our ChallengesComputer literacy is essential for a level playing field
Education will be ongoing
Planning needed to manage the data retrieved and to review it
Increased use of paralegals/litigation support staff in the discovery process
Outsourcing in large cases will be essential
Management of suppliers and vendors
Forensic investigation may be necessary
E-discovery suppliers are not yet established in Nova ScotiaJ
1.
As Electronically stored information (ESI) is subject to discovery in litigation, proper and effective information management and retention strategies are required by organizations and individuals
2.
Clients need to realize the importance of knowing where their data is located and the need to be able to respond to e-discovery and document disclosure requirements in a timely fashion
3.
Clients will want to know of efficient and cost-effective solutions for navigating the requirements of electronic discovery (e-discovery). For them, being prepared will be a huge cost saving and advantage
4.
They will need to make diligent efforts to inform themselves about relevant electronic information currently or previously in their control
What Your Clients Need to Know
G
E-Discovery in a Small Case
Cost/Time considerations
Software platform:
Summation
CaseMap
SearchLight
PrimaFact
MasterFile
Or Adobe Acrobat and a file / folder structure
B
MasterFile
B
PrimaFact
B
PrimaFact
B
Organizing Files for e- Discovery
“Roll Your Own” method
Adobe Acrobat and desktop search
Adobe can take entire folders and create a PDF
Folders:
Pleadings
Correspondence
Emails etc…
Adopt a file naming convention
B
Metadata
“Data about Data”
Non-native disclosure maydestroy metadata:
File designation
Creation and edit dates
Authorship
Edit history
Email: sent, received, bcc’s, cc’s, routing history etc.
Search histories, logs, cookies etc.
E-docs are dynamic – info can be overwritten
B
Metadata
Litigation:
Metadata is discoverable if relevant
Should not be privileged
May be more relevant than the document itself!
Paper discovery eliminates any chance of obtaining the metadata
“native format” discovery may be the only appropriate form
B
Metadata
Office Communications:
Adobe Acrobat v. 8 Professional
‘Examine Document’ feature
Determine if there is any metadata in a document and allows you to take action
B
Metadata
WordPerfect offers “Save Without Metadata”feature
Payne Consulting: www.payneconsulting.com
Metadata Assistant removes metadata from Word/Excel/PowerPoint 97 and higher files
B
Metadata
Microsoft 2003+
Free metadata removal tool
Google Microsoft “Hidden Data Removal Tool” and install...
B
Securing Your e-Data
Steven J. Barnes
IT Manager for a Co. - responsible for the Co’s network - had the highest level of access
Was fired
Then gained unauthorized access to the Co’s computer system
Caused mail system to be blacklisted as a SPAM generator
Deleted MS Exchange email databases and the core boot files
B
Protect & Secure e-Data
Antivirus, Anti-Malware Protection
Hit with malware...who you gonna call?
Trend Micro’s “HouseCall”
http://housecall.trendmicro.com
Free scan – tells you what it found...can then go searching for a removal tool
www.majorgeeks.com
SpyBot Search and Destroy *USED TO BE GOOD www.safer-networking.org/en/index.html
Trashed by PC Mag: Worst Tech Products of Q1 2008
B
AntiAnti--SpywareSpyware2Spyware.com tested anti-spyware products
Their results are at:
http://www.2-spyware.com/compare.php
Winner was:
PC Tools Spyware Doctor
Also been top rated by other reviewers
Also make iAntiVirus for the Mac
B
Antivirus, Anti-Malware Protection
CounterSpy v2
http://www.sunbeltsoftware.com
Norton Internet Security
http://www.symantec.com
*beware* of rogue software:
www.spywarewarrior.com/rogue_anti-spyware.htm.
Also lists trustworthy software!
B
Firewalls
See www.matousec.com – Firewall Ratings
Excellent rated software firewalls:
Comodo Firewall Pro (free!)
www.personalfirewall.comodo.com
OnLine Armour Personal Firewall
PC Tools Firewall
B
Firewalls
Hardware firewalls:
Usually built into cable and wireless modems available from:
Linksys
D-Link
Netgear
SMC
Gibson Research:
“ShieldsUP!!” tests a firewall and its ability to block incoming attacks.
“Leaktest” will check your firewall for outbound data security.
Both are available at: www.grc.com
B
AntiAnti--virus Softwarevirus Software
Certified Anti-virus software:
ICSA labs tests a-v softwareResults can be found at:http://tinyurl.com/aoyns
B
Learn and TestForewarned is forearmed
Bruce Schneier – CTO Counterpane Security
www.schneier.com/crypto-gram.html
Steve Gibson – Gibson Research Corp
www.grc.com – ShieldsUp!, “Perfect Password Generator”, LeakTest
Norton Security Check
http://security.symantec.com
B
Protecting Data
12 Security & Privacy Tips
1.
Passwords:
1.
Have strong ones!
2.
Change regularly
3.
Don’t sticky-note them to computer screens!
B
Passwords and Encryption
What do:
“Sweetie”, “070956”, “Dalhousie”, “Admin”, “Password” or a note stuck to your monitor have in common?
They are all really really bad passwords!!
Don’t store your passwords in a Word or Excel file...easily found!
B
Passwords and Encryption
Good Passwords:
Have upper, lower case letters and characters
Are not names, dates or words in a dictionary
Change frequently
Are kept *Secret*
~#mIck3yM0u5e!~
B
Passwords and EncryptionPassword Storage Applications:
Logon King (www.loginking.com)
RoboForm Pro (www.roboform.com)
Account Logon (www.accountlogon.com)
Password Safe - *free*
http://passwordsafe.sourceforge.net/index.shtml
Some allow your to store your passwords on a USB drive
B
12 Security & Privacy Tips2.
Encryption:
1.
Have on all laptops, cell phones, Blackberrys, USB flash drives etc…
2.
www.pgp.com
or www.truecrypt.org
-
whole disk encryption (PC/Mac)
3.
MS Bitlocker
–
Vista Enterprise & Ultimate
4.
FireVault
–
Mac OS/X
5.
Rohos
Mini Drive –
for USB drives
B
12 Security & Privacy Tips
3.
Office Policy on what can, and can not, leave the office on a portable device
4.
Internet Security
1.
PCMag: best security suites for 2009
2.
www.pcmag.com/article2/0,2817,2333448,00.asp
3.
Gibson’s Research1
“ShieldsUP!!”
tests a firewall and its ability to block
incoming attacks. 2
“Leaktest”
will check your firewall for outbound
data security. 3
Both are available at: www.grc.com
B
12 Security & Privacy Tips
5
Thumbdrives:
1
Use encrypted USB drives or biometric protected drives
2
These are lost far too easily!
B
12 Security & Privacy Tips
6
Wipe old Computers!
1
Darik’s
Boot and Nuke
2
“Securely wipes the hard drives of most computers”
3
http://www.dban.org/downlo
ad
1
Reviewed by the RCMP and used by the Government of Canada
B
12 Security & Privacy Tips
7
Remote Access:
1
Set up your remote access securely
2
Ensure that hackers can’t use a ‘dictionary attack’
B
12 Security & Privacy Tips
8
Email and Internet Use Policies:
1
www.lawsociety.bc.ca/practice_support/a
rticles/policy-internet.html
9
Consent to use eMail:
1
Get client’s written consent to communicate by email (in your retainer!)
2
Don’t want to send confidential stuff to their office that can be read etc…
B
12 Security & Privacy Tips
10
File Sharing:
1
Applications and/or files that are downloaded are prone to infection
2
FBI: Risks of file sharing:
1
Installation of malicious code
2
Exposure of personal information
3
Susceptibility to attack
4
Denial of service
5
Prosecution (pirated software etc..)
B
12 Security & Privacy Tips
11
Remote Access
1
GoToMyPC
(www.gotomypc.com)
2
VPN
3
Microsoft Terminal Services
B
GOToMyPCInstalls on your office computer
Leave your office computer running
Log onto www.GoToMyPC.com
Encrypted data transfer AES 128 bit
Works with most firewallsdon’t have to modify the office security settings
Works with PocketPC wireless devices and virtually any internet-enabled computer
No additional costs beyond your internet connection and software $179.40 US/year or $19.95/mth
B
12 Security & Privacy Tips
12
Misaddressed Email:
1
Have a signature block with a claim of privilege
2
Advise a client if an email was misaddressed
3
Recall PCH Chapter 5 s. 15 –
Use of Opponent’s Documents:
1
Not to read, return the document and advise what use you intend to make of the contents of which you are aware.
B
Backup & Security
CRUCIAL!!
Most data is lost due to user error
Also better protection from casualty loss
Easy now with portable USB hard disks, RAID drives and mirrored drives
BACKUPS!
B
BackupsGood review of backup software:
www.backup-software-reviews.com/
Do a full backup
Do backups daily
Establish one person responsible for ensuring that the backups are done
Do regular tests on the backups
Rotate and retire tapes
Do an off-site backup
Have written instructions on how to restore the data
Buy an external hard drive B
Condor DataVault
Secure off-site backup
1024 bit security
Up to 14 days of backups
Data is in your hands
Backs up: all data including IMs, applications, video and sound files etc.
B
E-Use Policies
Authorized Use Policies
SANS Organization
Good source of precedents
Law Society of BC:
http://www.lawsociety.bc.ca/practice_support/articles/policy-internet.html
B
Records Management
YOU must be able to find docs quickly
Example: Discovery should have the word Discovery as the first word of the name, with appropriate identifying information.
Discovery – Plaintiff first Interrogatories to Defendant XYZ served 7-26-04.
You can also scan or combine all related documents into a single PDF file, such as “accounting motion - complete”.
Joe’s File Convention:
B
Current Cases
Client XYZ
Correspondence
Discovery and Disclosures
Work product
Research
Investigation
Internal notes
Pleadings
Witnesses
Liability
Damages
Economic
Medical bills
Lost income
Medical records
Use Simplest Feasible Structure
B
You *need* a good file/folder naming structure
Suggest date-first format:
year/month/day/time “title of document”i.e. “2009 11 30 0945 email Deborah Gillis Contract.pdf”for 2009 Nov 30 at 9:45 am (use a 24 hour clock)
All documents then appear in proper chronological order
DaveDave’’s File Naming Conventions File Naming Convention
B
Email Management
SimplyFile
The best tool I have found this year... ☺
Intelligent filing assistant for Microsoft Outlook
“Guesses” the folder that an email should go
One click – and it is filed!
Speeds up handling the email avalanche!
B
Resources Making and Responding to E-discovery Requests by Martin Felsky and Peg Duncan (Law Pro Magazine, Sept 2005)
www.practicepro.ca/LawProMag/ElectronicDiscoveryRequests.pdf
Digging for Data 39 Trial 56 (January 2003) Kristin M. Nimsger
Clamping Down on Discovery – The New Rules Civil Procedure by Cathy Dalziel (Lawyers Weekly June 6, 2008 Volume 28 No. 6)
http://www.lawyersweekly.ca/index.php?section=article&articleid=696
The Lawyers Guide to Adobe Acrobat, 3rd ed., by David L. Masters (American Bar Association 2008)
Resources
NS Civil Procedures Rules – http://nslaw.nsbs.org/nslaw/
E-Discovery Canada - An educational website dedicated to the law, strategy and technology of electronic discovery in Canada http://www.ediscoverycanada.com/
Sedona Canada’s Report
From the Sedona Conference, January 2008 - available online: www.thesedonaconference.org
Lexum is an online e-discovery portal at that includes regularly updated digests of Canadian e-discovery cases. www.lexum.umontreal.ca/ediscovery
PracticePRO offers an extensive e-discovery reading list at www.practicepro.ca/practice/SuppRes2eDiscov.asp
Ontario Bar Association e-discovery portal can be found: http://oba.org/en/publicaffairs_en/e-discovery/e_discovery_en.aspx
Canadian e-discovery expert Martin Felsky’s e-discovery blog tracks the latest developments in the field. It is located at www.ediscoverycanada.com
Todd J. Burke et. al., E-Discovery in Canada (Markham: LexisNexis, 2008) is a useful collection of essays addressing the American experience, Canadian case law, and key e-discovery issues including spoliation, privilege, and cost, along with a lawyer’s IT primer.
Resources
The Electronic Evidence and Discovery Handbook – Forms, Checklists, and Guidelines by Sharon D. Nelson, Bruce A. Olson, and John W. Simek (American Bar Association 2006)
The Lawyers Guide to Records Management and Retention by George C. Cunningham, John C. Montana (American Bar Association 2006)
And Thanks To…
Tom Donovan, Q.C., Cox & Palmer, for his contribution to this educational material