Вы находитесь на странице: 1из 6

EDRM - Records Management

The business policy regarding retention and control of data, documents, images, graphics, confidential information, etc. The document at minim explains who can access information both outside and inside the company and how it will be secured to ensure only defined authorized user can access.

Federal Regulations such as:

Sarbanes-Oxley Act (SOX), HIPPA Regulations

State laws may also need to be considered:

Conneticut General Statues 31-48d - requires employee notification before email monitoring.

General Statues 42-471 - Requires any person who collects Social Security numbers in the course of business to create a privacy protection policy.

The Connecticut Insurance Department Bulletin IC-25 - Requires all entities doing business in the state report any information security incident within five days of discovery.

All entities doing business in Connecticut that are licensed or registered with The Connecticut Insurance Department are required to notify The Connecticut Insurance Department of any information security incident within five days of discovery.

such as

EXAMPLES:

A ecommerce business will need to have a documented policy that defines how

confidential information is secured and obtain 3rd party certification to win consumer

trust or run the risk of failure, .

Questions that the documentation should answer are:

Who needs access to confidential information? How do they pass information to the warehouse so they can pick and package the customers item without including confidential information? How is the information secured from outside the company? How long is the data stored?

How do they ensure the data is safe when it is no longer going to be stored? Does the business have any specific regulations they must follow? If so the policy needs

to explain how it meets those requirements.

Nest the business needs to educate employees regarding the policy and implement verification process to ensure the documented plan is being followed.

What steps are taken to ensure accounting has enough information to charge the client's credit card but p

Document retention policies are fundamental business tools

that appropriately address the creation, retention and disposition

of corporate actions. The United States Supreme Court recently

noted: "Document retention policies, which are created in part to

keep certain information from getting into the hands of others,

including the Government, are common in business

It is, of course, not wrongful for a manager to instruct his

employees to comply with a valid document retention policy

under ordinary circumstances.

" Arthur Andersen v. U.S., 125 S.Ct. 2129, 2135 (U.S. May 31, 2005).

The failure to properly maintain and monitor a corporate

electronic records retention policy can create substantial risk

for both the corporation and its employees, particularly in light of

the Sarbanes-Oxley Act and expanded interest in corporate conduct.

In today's corporate world, more than 90% of communications and

business activities take place in an electronic environment.

Current trends in pre-trial discovery also have focused on

electronic communications, substantially increasing costs and risks.

However, many corporate electronic records retention programs do

not adequately address the creation, management and disposition of

electronic records. Therefore, it is increasingly important for

companies to evaluate and consider how their records management

programs impact electronic records.

Source: EDRM.

IDENTIFICATION:

Learn the location of all data which your client

may have a duty to preserver and potentially disclose

in a pending or prospective legal proceeding.

Required for Rule 26(f) Conference

Legal Hold - which over rules Record Management

policy of the organization

held within 30 day's after being served or joined

Initial disclosers - 14 days after the Rule 26(f) conference

Identification refers to the process of learning the location of all data which you or your client may have a duty to preserve and potentially disclose in a pending or prospective legal proceeding

The duty to preserve and disclose data may be triggered by a judicial order, a discovery request, or mere knowledge of a pending or future legal proceeding likely to require the data. The scope of data to be preserved or disclosed is determined by the subject matter of the dispute and the law and procedural rules that a court or other authority will ultimately apply to resolve it

In general, data is potentially discoverable if it is relevant to the disputed transaction or may lead to relevant data. Failure to preserve or disclose discoverable data may result in serious penalties. To minimize this risk, diligent steps must be taken to identify all potentially e-discovery data in your possession or control.

Ensuring that all critical legal and business records are retained;

Allowing the company to meet legal requirements;

Preserving the records in authentic format in the event of litigation;

Avoiding liability (for example, through spoliation — improperly destroying or altering evidence or failing to preserve it);

Reducing or limiting costs during discovery;

Keeping internal documents confidential.

A document-retention policy will necessarily be unique to an organization. Creating such

a policy can be painstaking and time-consuming and requires, at a minimum, input from the business, legal and technical input, along with guidance from records-retention specialists. An effective policy using ediscovery data will describe the scope of the policy — are individual departments affected differently, or does the policy apply to the organization as a whole? — responsible individuals, exceptions to the policy, retention periods, retention methodologies (e.g., storage, format and location), how to handle

confidential materials and communications and privacy considerations for employees.

Source: EDRM.

PRESERVATION

Litigation hold process (accurately described

as herding of cats). A delicate process that ensures

evidences is preserved, protect against spoliation

and sanctions related to destruction of evidence, while at the same time allowing day-to-day normal business to continue.

COLLECTION

The acquisition of electronic information (data) marked as potentially relevant in the identification phase.

This data will need to be reviewed before production

to the opposing parties.

PROCESSING

The process of making all the data collected uniform

to allow for easy and efficient review.

REVIEW

At its most basic level the document review is used

to sort out responsive documents to produce and

privileged documents to withhold.

Typically the time legal strategies emerge and begin

to develop based on the type of information that is

found within the collection of documents.

ANALYSIS

The process of evaluating a collection of electronic discovery materials to determine relevant summary information, such as key topics of the case, important people, specific vocabulary and jargon, and important documents.

PRODUCTION

The act of meeting the agreed upon format for the sharing of reviewed documents with the opposing side and entering documents evidence with the court. EXAMPLE of Formats:

Native - producing documents in the format in which they were created and maintained. Near Native - Most email cannot be viewed without some conversion. Large databases are also commonly produced in near native format. Image - Single or multi-page Tiff (Group IV) or PDF. The most commonly used format. Paper - Printed on paper. Production Options:

Searchable Text, Meta data provided

PRESENTATION The last phase of the e-discovery process is the presentation phase. The act of presenting information that has been uncovered - whether it's to a jury, opposing counsel in settlement negotiations, an arbitrator, or judge. Having the best-looking and most easily understood presentation could make all the difference.

Welcome to e-discovery intro

Electronic Discovery Reference Model (EDRM)

Electronic Discovery Reference Model (EDRM)

Carmody & Torrance e-discovery Team

What is e-discovery?

Electronic discovery (also called e-discovery, ediscovery or edisco) refers to any process in which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a civil or criminal legal case. E-discovery can be carried out offline on a particular computer or it can be done in a network. Court-ordered or government sanctioned hacking for the purpose of obtaining critical evidence is also a type of e-discovery.

E-discovery is an evolving field that goes far beyond mere technology. It gives rise to multiple legal, constitutional, political, security and personal privacy issues, many of which have yet to be resolved.