E-discovery conference in NYC to address application of new technologies and conceptual searches
I just read a PRNewswire press release on a website called Earth Times saying that an “expert panel of electronic data discovery thought leaders” will convene at 1:30 pm on February 6th at the Hilton New York Hotel to take part in a discussion entitled: “The End of E-Discovery As We Know It: Applying New Technologies and Conceptual Search to EDD.” Academics listed to lead the discussion include: Jay Brudz, Senior Counsel of Legal Technology at GE; Mark Sidoti, Chair of the Gibbons PC Electronic Discovery Task Force; John Sweeney, President of Thomson Litigation Consulting; and Nicholas Croce, President of Inference Data. This impressive collection of professionals will discuss how “new data collection and conceptual search technologies are transforming the electronic discovery process and how they are being applied in real-world, large-scale litigation.”
With 37 United States District Courts now requiring compliance with special eDiscovery rules, as well as consistent modifications to corporate data retention technology, the eDiscovery movement is beginning to surge. Since email management remains one of the dominant staples of current eDiscovery issues, if you are a CEO or a CIO this conference provides a great opportunity to integrate the solutions you need to maintain email compliance.
Email Insurance: have you got it? [part 3]
This is part 3 of a series on Email Insurance, focusing on why U.S. Businesses are not developing email retention policies. Part 1 can be found HERE and part 2 can be found HERE.
Apprehension about an unfamiliar corporate practice. “Email Archiving? Never heard of it before, I’m fine with paper copies.” Believe it or not, this is a common line from many business professionals that have not made the adjustment to an entirely new generation of email storage techniques and methods. The problem here is that with email becoming the official “voice” of the 21st century, paper copies are not as relevant or important as they once were. If Email archiving sounds like a foreign phrase to you, this following explanation should make it easier to understand. An email archiver captures and catalog’s your email when it enters and leaves your mailbox. It sorts all of your emails into a comprehensive index which you can use to search for specific key words. For instance, if you are looking for the word “email,” you use the advanced search functions to sort through all of your emails to find every mentioning of the phrase “email.” Why is this important? Well, there are several reasons, but one of the most critical is that during FRCP eDiscovery the opposing litigant in a federal law suit can ask you to present specific electronic evidence before the court. Email archiving allows you to find what you are looking for within minutes versus spending endless hours sifting through email backup tapes.
Professional disinterest. “When it happens to me, I’ll deal with it.” Famous last words, as some might say. There is nothing inherently wrong with this attitude, but those who have it are walking a fine line. All U.S. Companies and organizations run the risk of entering into litigation at some point in the course of their daily business operations. Email insurance is much the same as auto insurance, health insurance, and life insurance. It is making sure you are covered just in case something happens to go wrong. It might seem like an avoidable and escapable expense, but with email compliance regulations just in place for a few short years now, the tolerance had by courts will just continue to drop down to zero.
Why are U.S. Businesses not developing email retention policies? Well, as outlined above, the answer is spread out over a number of pertinent issues that many CEO’s and CIO’s have still not resolved. Cost, complexity, satisfaction with email backups, corporate apprehension, and professional disinterest are all playing a hand in explaining the results delivered by Osterman Research. Perhaps the real question boils down to the issue of: when? When will organizations treat HIPAA, SOX, NYSE, NASD, SEC, FINRA, GLB, and FRCP eDiscovery regulations as an item that remains at the top of the business agenda? Perhaps this would be a good topic for another blog entry. Stay tuned.
New eDiscovery reference promotes necessity of email archiving
I noticed earlier today on e-Discovery Team that just last week the ABA (American Bar Association) released a book entitled: “e-Discovery: current trends and cases.” Authored by eDiscovery attorney Ralph C. Losey, this fresh industry resource “outlines the new interdisciplinary team approach to solving the unique problems of eDiscovery—where the talents of law, IT, and management are combined.” He encourages the eDiscovery guide as a reference “for all levels of readers,” while being particularly useful to lawyers, judges, law students, academics, paralegals, IT professionals, E-discovery vendors, business executives, and the general reader with an interest in technology and law.
On Losey’s blog he mentions that the book has already been cited by Magistrate Judge John M. Facciola of Washington D.C. in a recent eDiscovery opinion. For those that want to learn more the citation can be found at page 10 of the Memorandum Opinion rendered on January 23rd, 2008 in D’Onofrio v. SFX Sports Group, Inc.,__FRD_, 2008 WL 189842, or or 2008 U.S. Dist. LEXIS 4252, (D.D.C., 2008). Losey was referenced in part of the eDiscovery order which “denied the plaintiffs motion to compel production of metadata largely because the plaintiff did not ASK for it in the original production request.”
Additionally, Losey has received an abundance of praise from fellow legal practitioners and scholars. One comment which stuck out to me was written by Jason R. Baron, Esq., who is Editor in Chief of The Sedona Best Practices Commentary on The Use of Search and Retrieval Methods in E-Discovery. He said: “Ralph Losey’s book is an e-discovery tour-de-force. For every litigator who thinks he or she has heard enough about e-discovery already, I suggest that the book will be eye-opening. For every CEO and CIO who hasn’t heard about the e-discovery tsunami engulfing the profession, I recommend that he or she be given a copy as a holiday present this year.”
My thoughts: While I have not personally obtained a copy of Losey’s book, I am excited to get my hands on one. Losey appears to have made a significant accomplishment in the field of eDiscovery and electronic data retention. With its straightforward writing and enhanced target audience, will this book finally shed some light on the corporate necessity to archive email? I think there is an excellent chance it will. While it is unlikely for business executives to run to the ABA and order a copy of their own, there is a great chance that corporate lawyers will purchase the book and relay the information back to their clients as a “number one priority.” As is the case with all substantial legal renovations, it takes both time and explosive attention to generate serious reactions. The FRCP amendments of December 2006 currently affect all organizations in the United States, but they are just over one year old. Only recently have some high profile eDiscovery violations finally begun to make the news. Both of these factors help to explain why such a minimal amount of U.S. Businesses currently have an email archiving solution in place. However, they also might mean that the timing of this eDiscovery publication will finally create the necessary buzz to catapult the email management phenomenon onto the corporate radar.
Did poor email management cost “French financial giant” $7 billion?
Societe Generale, France’s second largest bank, recently discovered that a rogue trader cost the bank at least $7 billion in U.S. Dollars. No, that is not a mistake. $7 billion dollars. Regarded as a fraud of historic proportions, this scheme will surely draw some attention to the bank’s internal procedures and monitoring of electronic communications. In other words, how could the bank let this happen? Was there an email management system in place? Did the trader ever contact anyone at the bank and let them know of his plan? According to an article by James Rogers of ByteandSwitch, the answer might be no. He reports that the “precise details of what happened at Societe Generale are yet to emerge, although intial media reports say that the alleged rogue trader acted alone.” Neither ByteandSwitch nor a few other related sources indicate that the bank had an email archiving solution in place. Would that have made a difference in this particular scenario? If the trader really did act alone, then probably not. However, perhaps the better question is: would it USUALLY make a difference in a situation like this? The answer to that is an overwhelming yes. It is rare for a solo operation of this magnitude to be carried out without any co-conspirators or helping hands, no matter how big or small the role might be. A comprehensive review of archived email more often than not reveals that there was something going on behind the scenes that just managed to stay quiet.
So, what is the big picture here? In my humble opinion, if email retention was truly not a factor for Societe Generale, the bank must realize that it could have been. I would even go so far as to say it SHOULD have been. I am blown away that Jerome Kerviel managed to supposedly pull this off without any assistance. Whether poor email management is responsible for allowing Jerome Kerviel to slip through the cracks or not, there is no doubt that something like this will happen again. And next time, there is a good chance it wil be at the hands of poor email management.
My advice: begin treating email management just like any other form of insurance. What do auto insurance, health insurance, life insurance, and travel insurance have in common? They are each highly important policies in modern society that guard against potential tragedy? At this point, email insurance really should not be considered any different. E-discovery proceedings, email audit inquiries, political scandals, and criminal activity are just a few of the essential reasons why it is time for ALL organizations to integrate an email archiving solution.
Hospitals get ready for HIPAA security compliance
Play time is over? That is the word on the block regarding 10 to 20 hospitals to be reviewed by the CMS (Centers for Medicare and Medicaid Services) over the next nine months. Last week I wrote in a blog entry that hospital privacy and security professionals got a stern warning during their attendance at the HIPAA Compliance Summit in December. I said that HSS (Health and Human Services Department) speakers from the Office for Civil Rights warned that when their hospital becomes the target of a HIPAA compliance audit they should not expect to have a good day. However, this information was enhanced by Nancy Ferris of Government IT Health in a January 17th article on HIPAA security compliance. She provided some pertinent information from Tony Trenkle, director of CMS’s Office of E-health Standards and Service.
According to Trenkle, “CMS has contracted with PriceWaterhouseCoopers, an accounting and consulting firm, to help with the reviews.” Hospitals will have access to a check list posted on the CMS web site “of security practices and issues covered in the rules.” Although not all of the criteria was revealed completely, Trenkle did indicate that “remote access to data and use of portable storage devices are among the issues covered in the rules.” The CMS mentioned that it would start out with larger hospitals that have received complaints before moving onto smaller operations. He said that “his office wants to work with the industry and strike a balance between achieving information security and making sound business decisions.
Ferris distinguishes between HIPAA security rules, which are enforced by the CMS, and HIPAA privacy rules, which are enforced by the Office for Civil Rights. Trenkle said that while most HIPAA complaints arise from matters of privacy versus security, if BOTH privacy AND security present a problem, then the Office for Civil Rights and the CMS will work together cooperatively to handle the issue.
I firmly believe that the protection of electronic patient health care data and email management in hospitals has now reached a level of critical importance. The Office for Civil Rights and the Centers for Medicare and Medicaid Services have until now tried to lend a helping hand in letting hospitals and health care providers become HIPAA compliant. However, this age of friendship and guidance appears to be tightening up a bit, if not coming to a close completely. The HHS seems to think that HIPAA laws and regulations have been established enough to begin enforcement. Are they right? There is no right or wrong answer here, but they certainly have a strong case working for them. HIPAA violations have been known to occur, but we might start seeing them on a much grander scale in the coming months. My personal thoughts? I would not at all be surprised if sometime in the next 9 months a few hospitals make the news in a very big way for violating HIPAA security and HIPAA privacy compliance.
Electronic discovery case research? Look no further.
A great new feature added to the Arkfeld and Associates website will be a significant asset if you find yourself involved in the process of researching electronic discovery cases by state. The comprehensive case index has summaries of the issues, judgments, and reasoning provided by the court in each particular circumstance. The case index also includes proposals by advisory committees and courts to amend the law regarding electronic discovery proceedings. If you briefly scan through some of these cases you will quickly notice how electronic data storage, email archiving, and email retention policies are thoroughly addressed and expected as part of state court procedure. If you or your company is on the fringe of integrating an electronic discovery solution, some of these cases might push you towards taking the final step.
Several states propose adoption of FRCP eDiscovery court rules
There has been a bit of electronic discovery buzz lately as a number of state supreme courts are proposing changes to align with the FRCP amendments of December 2006. K & L Gates at the eDiscovery law blog reveals that 7 states: Alaska, California, Iowa, Maryland, Nebraska, Ohio, and Virginia have published proposed rule changes for public comment. I noticed that the Arkansas Supreme Court has submitted changes to address the “inadvertent disclosure of information protected by the attorney-client privilege, or any other evidentiary privilege, or the work product doctrine.” With electronic discovery rules and e-discovery software still being integrated into the corporate world and legal foundation of our society, potential issues and subsequent modifications are bound to be part of the process.
Is Ireland ready for email compliance with the E.U.?
Conor Ryan of the Irish Examiner reports that the answer is: yes. He states that the Irish government “is to implement controversial European rules for retaining electronic data, including all email and internet traffic, but said it will not rush legislation through this month.” Legislation would entitle the government to “see the basic details of when emails were sent, by whom and to whom, stored by internet service providers between six months and two years.” The article states that the E.U. Directive “was adopted by an overwhelming majority in the European parliament three years ago.”
Am I missing something here? I find this deeply concerning. What has happened to a persons right to privacy? Why does the Irish government need to keep track of when and where your emails are sent? Email archiving and e mail retention have several important reasons to be integrated in society, but needless government control is not one of them. For instance, HIPAA (the U.S. health insurance portability and accountability act) binds health care professionals to specific email compliance regulations in dealing with patient privacy. Laws set forth by HIPAA security and HIPAA privacy ensure that the privileged relationship between doctor and patient is retained by protecting the exchange of electronic health care data and email communications. Another example can be found in the amendments of the FRCP (U.S. Federal rules of civil procedure) in December of 2006. The inclusion of electronic discovery proceedings in civil litigation has enabled organizations to justify corporate disputes and prevent illegal scandals from taking place. But how does email management play a role in European Union governance?
TJ McIntyre, Chairman of Digital Rights Ireland, has been vocal on this issue and also appeared in an article in the Irish Examiner. He warns of some potentially serious risks to be associated with E.U. email compliance. I think what he had to say is important and I am going to close with an excerpt from his blog.
“Laws requiring monitoring of the entire population are astonishing in a democracy. Yet so far there has been very little public debate. One reason might be that his surveillance happens invisibly in the background. But compared to traditional surveillance it is potentially far more intrusive, and carries much greater risks of abuse. In the United Kingdom we have seen the loss of data on many millions of individuals. Here officials in the Department of Social Welfare have been found to be engaged in the systematic leaking and selling of personal information from government databases. There is no reason to think that this information will be treated any differently.”
Did a Texas Sheriff violate email compliance laws?
Bill Murphy and Mike Glenn of the Houston chronicle had an interesting write up on January 17th about potential email compliance regulations in Texas? About two weeks ago the sheriffs office in Harris County instituted a new policy that all emails are automatically deleted after 14 days. At least one Sargent, Richard Newby, was caught off guard when he showed up to work and saw the email warning message flashing on his screen. Newby called the new policy “unsettling,” as personnel rosters and commander tasks were simply wiped clean. Officials stated that the reason for the new policy was to help ease a “severe shortage” of email storage capacity on the offices system. The question is: does the new policy comply with state law?
This is a question that has been assigned to the office of John Barnhill, assistant attorney of Harris County, to answer. Barnhill has been asked to review the sheriff’s new policy to see if it meets Texas email compliance regulations. Murphy and Glenn cite that under Texas state law, “local governments and their departments must retain correspondence related to the departments administration for two years and correspondence about policies and program development for five years.”
How can this new policy possibly meet the email retention guidelines set forth by the state? The sheriff’s office is an integral county operation that surely encompasses a great deal of correspondence with local administration. Two weeks? I understand that email storage space is a primary concern for most businesses regardless of size, but intentionally deleting electronic communication is bound to have some serious consequences down the road. The Texas Public Information Act and the Freedom of Information Foundation of Texas are two organizations referenced in the article that will certainly have opinions on the matter if the sheriff’s office is indeed deemed email compliant. Is the sheriff’s office even aware of email compliance regulations in Texas? That is my final thought on the matter, becasue I find the quick fix solution they are using to be puzzling.
Simplicato's Weblog 