June 2009 Blog Archive
EDRM Announces New Project Leadership Teams for 2009-10
On the heels of the EDRM conference that took place last May in St. Paul, the leadership teams for the 2009/2010 campaign have been announced. Recommind continues it leadership role on both the Search and XML project teams, with David Baskin (Vice President of Product Management) continuing to co-lead the XML group and Jason Robman (Director, Legal Solutions and Corporate Counsel) continuing to co-lead the Search group.
The EDRM project, founded roughly five years ago by Tom Gelbmann and George Socha, has proved to be an invaluable industry resource and has brought together thought leaders across the eDiscovery industry.
The leadership teams, who are between them leading eight separate EDRM projects, include the following e-discovery veterans from throughout the industry:
EDRM Evergreen
- Julie Brown - Vorys, Sater, Seymour and Pease LLP
- Babs Deacon - Integreon Managed Solutions, Inc.
EDRM XML
- David Baskin - Recommind
- Will Matos - TCDI, Technology Concepts & Design, Inc.
- Fritz Mueller - i365, A Seagate Company
- Kurt Leafstrand - Clearwell Systems, Inc.
EDRM Metrics
- Greg Buckles - Reason-eD, LLC
- Jack Halprin - Autonomy Corp.
EDRM Model Code of Conduct
- Kevin Esposito - MetaJure, Inc.
- Eric Mandel - Zelle Hoffman Voelbel & Mason LLP
EDRM Search
- Jason Robman - Recommind
- Karen Williams - CT Summation, Inc.
- Venkat Rangan - Clearwell Systems, Inc.
EDRM Data Set
- Vipul Rajpara - @ Legal Discovery LLC
- John Wang
EDRM Jobs
- Kathy Murray - Fios, Inc.
- Jeff Scarpetti - Kennett Group. LLC
EDRM Information Management Reference Model
- Reed Irvin - CA Inc.
- Sandra Song - H5
Further information about the EDRM Project can be found at http://edrm.net . Recommind sends its wishes for a successful year to the project leaders and their teams.
Posted by: Jason Robman on June 30, 2009, 12:41 pm | Permalink | Trackback
Regulatory Reform Is Here…Almost
President Obama today outlined his long-anticipated proposal for massive reform of the financial markets regulatory structure. Some changes, like the abolishment of the Office of Thrift Supervision and increased powers for the Fed, were well telegraphed and surprised no one; others, like the extent to which Treasury would be able to seize large, “systemically important” companies and the fact that Fannie Mae and Freddie Mac are not part of the initial plan, raised a few eyebrows although none were truly shocking to most. More than a few pundits and industry experts have noted that the proposal made no mention of the role of government policy in creating and exacerbating the current economic crisis; alas, such analysis is well beyond the purview of this blog anyway. And we have a long way to go on this topic, as Congress has yet to truly weigh in – which you know they will do early and often before all is said and done.
For our purposes, this proposal is highly relevant to the matter of information risk management (IRM) for several reasons. First, as we have been saying for almost a year now the breadth of industries covered by the proposed regulations is huge, and includes not just the “obvious” targets like hedge funds and credit card companies but any institution – including foreign affiliates – that has a banking charter known as an “industrial loan company”, which would include heretofore unregulated entities like Target, Harley-Davidson, BMW, GE and any venture capital or private equity firm with assets over $30 million (which is essentially all of them). Second and more fundamentally, any increased regulatory oversight is by definition likely to result in more investigations, prosecutions and fines – especially when such outcomes are being overtly mandated by the administration. As we have repeatedly noted, this process has already begun. Add these elements together and you have a recipe for a significant spike in information risk.
Stay tuned – this is one story which will only get more interesting as it unfolds.
Posted by: Craig Carpenter on June 17, 2009, 1:41 pm | Permalink | Trackback
Preview of Future Preservation Obligation or Anomaly?
Phillip M. Adams & Assocs. LLC v. Dell Inc., D. Utah, Case No. 1:05-CV-64 TS, 3/30/09 (2009 WL 91080) is a federal court decision emanating from the U.S. District of Utah is garnering quite a bit of attention in regards to the court’s preservation and information management duties imposed on the defendants. Corporations should watch this case, along with cases that cite Adams as precedent because of the court’s vast expansion of the duty to preserve and manage enterprise data.
The most interesting aspect of the court’s decision discusses preservation obligations and its potential to greatly broaden a litigant’s duty to preserve responsive ESI. The court’s decision sets a new threshold for the duty to arise from a reasonable expectation to a mere “sensitized” view. Specifically, the court rejected ASUS’ assertion that the duty first arose in February 2005 upon receipt of notification from Adams of potential infringement claims. Instead, the court determined that the duty to preserve arose four years earlier “in the 1999-2000 environment” in which companies (other than ASUS) were being sued related to the floppy disk errors.
The implication of the court’s holding is to make the duty to preserve even more broad and ambiguous than the current triggering events. Corporations who feared recycling enterprise ESI in the past are now left with an even more ambiguous standard that will result in continuing overly broad retention practices. The Adams holding raises serious questions such as would a company facing litigation potentially be required to look back when it should have known about pending litigation based on other similar litigation when determining when to trigger preservation? Or, should a company that has not been involved in a stock option backdating case continue to preserve its human resources and stock option records beyond what is required by regulation based on the flurry of stock option backdating cases of a couple years ago? As with most cases that take a deviant turn from established precedent, it will be interesting to see how future cases cite and apply this aspect of the Adams holding. This case and its progeny will surely be worthy of keeping an eye on for while.
Posted by: Jason Robman on June 16, 2009, 2:28 pm | Permalink | Trackback
Wave of Regulation Now More Than Just a Ripple?
Earlier this year, we predicted that 2009 would bring an increase in government regulation and oversight. It appears that a major wave of this increased regulation has just hit. Yesterday, The Washington Post reported that the Department of Justice had begun investigating whether some of the nation’s largest technology companies violated antitrust laws by negotiating the recruiting and hiring of one another’s employees.
The Post cites two sources familiar with the situation. According to the Post, the review is in its preliminary stages and includes some major players in the technology sector, among them Apple, Google and Yahoo. The allegations seem to focus on agreements between companies not to hire away top talent. If true, these alleged activities could violate antitrust laws. Even if the allegations prove false, the target companies will likely need to gear up to respond to various DOJ information requests for many months to come. Based on the preliminary report about the nature of the allegations, the investigation will involve numerous enterprise data sources containing potentially relevant information that the DOJ would pressure to review. Beyond the obvious e-mail systems, the target companies’ human resources, recruiting and training systems may be especially interesting to the DOJ.
We will now see how well these companies have prepared for litigation and regulatory inquiries. Namely, have they implemented effective technology, process and people to allow them to review data in place, initiate preservation of potentially relevant data, collect the data and conduct a review and analysis in-house and/or with their outside counsel? Even if they have taken steps to implement these activities, these recent investigations may be the first time that the tools, process and people are stress tested. We will be closely monitoring how these investigations play out over the coming months.
This recently announced wave of inquiries has prompted Recommind to issue an Information Risk Alert (#2009-5) which can be found at Recommind’s Risk Monitoring Center: http://www.recommind.com/knowledge_resources/rmc
Posted by: Jason Robman on June 4, 2009, 12:38 pm | Permalink | Trackback
Perils of Preservation in Place
By now, many of you have either heard or read about the snafu at the National Archives where a 1TB hard drive containing massive amounts of sensitive data from the Clinton administration, including Social Security numbers, addresses, and Secret Service and White House operating procedures apparently went missing.
One of my first thoughts was what if the hard drive (and the data contained therein) had been subject to a legal hold and the enterprise employed a “preserve in place” strategy? Obviously, a potential spoliation claim just walked in the enterprise’s front door as the hard drive walked out. “Preserve in place” has a catchy marketing ring, but permitting data subject to a legal hold to be preserved at the source location like a laptop, desktop or hard drive when that source is easily susceptible to theft, damage or destruction, may not meet an enterprise’s legal obligation to preserve potentially relevant data and prevent spoliation of said data. Remember, once an enterprise learns it is being sued or reasonably anticipates litigation, it is obliged to preserve all relevant information. And this preservation obligation is ongoing. Once litigation notice is served, all future relevant data should also be preserved as a part of the legal hold.
If your enterprise is considering a “preserve in place” strategy, consider what happens if the target device where relevant ESI is being preserved becomes lost, stolen or damaged. Further, think about how you would defend a “preserve in place” strategy to the court if the other party were to allege spoliation. “Your honor, we know that laptops are susceptible to theft, damage and destruction, as we have experienced, but we chose to preserve data subject to our preservation obligations on the laptop anyway. Since the laptop has been stolen/lost/corrupted, we no longer have the ESI that was being preserved on the stolen/lost/corrupted laptop.”
A more defensible approach is to employ a “collect and copy “ strategy where relevant ESI is sampled, collected (with associated metadata) and placed in a secure repository. In this way a secure copy of the data placed on hold is maintained with its metadata intact. Thereafter, additional crawls of the data source can be conducted on a scheduled or ad-hoc basis to determine if there is a new or altered ESI that should also be copied to the central hold repository and subject to the hold. The technology that the enterprise employs should be able to conduct these types of “delta” crawls for additional data which meet the litigation hold criteria for any given matter.
Finally, “preserve in place” should not be confused with “explore in place”. “ Explore in place” is the ability to conduct an early case assessment of the data at the data source level to determine whether the data is relevant to the matter at hand before applying a legal hold , while also gaining key insight into a case’s strength or weakness from the very outset of the process. For enterprises looking to conduct such analysis, this early case assessment can occur very quickly after a trigger event such as service of a subpoena or complaint, or receipt of a whistleblower letter. By contrast, “preserve in place” is a strategy fraught with risk that should be thoroughly vetted with an enterprise’s in-house and outside counsel.
Posted by: Jason Robman on June 1, 2009, 9:52 am | Permalink | Trackback