Are you prepared for the new electronic discovery rules? 

Electronic Discovery is now receiving its long awaited focus. E-Discovery represents one of the largest uncontrolled costs and makes overdue changes to handling your companies Electronically Stored Information (ESI) difficult, but absolutely necessary. 

Join the Internet Security Alliance and get prepared! Click here to inquire about membership.

In March, 2007 the ISAlliance released a comprehensive multi-disciplinary package on Electronic Discovery to the membership.  It addressed the many considerations presented by the new rules and provided guidance on linking e-discovery to security programs to better manage the production of ESI and mitigate the associated risks.

Jody Westby, Chair of the American Bar Association's Privacy & Computer Crime Committee, CEO Global Cyber Risk, and Distinguished Fellow Carnegie Mellon University

March 8: Data Preservation and Sanction: The Alligator in the Swamp is Alive and Well

March 15: What Data is 'Not Reasonably Accessible

March 22: Technial Discovery Tools: Snake Oil or Silver Bullets?

March 29: Managing E-Discovery: Security and Governance Considerations 

This series is part of the ISAlliance Enterprise Integration Program. 

 
Jeffrey Ritter,  Co-Director Waters Edge Consulting, and recipient of the American Bar Association’s Cyber Space Excellence Award for his work in “providing solutions to legal barriers in electronic commerce.” 

April 5: E-Discovery: Survival Strategies for Information Security Professionals

April 12: Controlling the Risks of Information Security with Outside Law Firms

April 19: Designing Records Hold Programs  

The amended Federal Rules of Civil Procedure, effective December 1, 2006, specifically allow the discovery of electronically stored information (ESI).  Changes to the rules are dramatically impacting the way litigation is managed and discovery is conducted.  

Numerous security and risk issues are associated with e-discovery, requiring a linkage between legal discovery, corporate security programs, and risk management plans.  

The level of risk is reflected by a new disturbing statistic: 64 % of corporate respondents in a recent survey indicated “their companies never have conducted a data inventory to determine the location of customer or employee information contained in various data stores.”      -Jeffrey Ritter, Waters Edge Consulting

Under the new rules, early into any litigation matter, the parties must produce a document setting forth the description and location of all ESI. This means that counsel on both sides will need to know:

• What electronic data they have
• Whether it is relevant to the case
• What data should be preserved
• What data is privileged or requires special protection
• What is not "reasonably accessible"  
• What electronic format (e.g.  Word, Excel, pdf, etc) the data is traditionally kept.   

Most counsel are not prepared for this new requirement, even though this "description and location" document can dramatically impact the outcome of the litigation and result in significant savings or expenditures by the company.  Much of the required information is kept in corporate security programs.  

In complying with the new rules, technical considerations are important, management policies may need to be revised or new ones written, and operations will be impacted.  

Thus, the new rules effectively take discovery out of the exclusive realm of the general counsel and make it an enterprise issue.  

This package includes:

1. A comprehensive white paper
2. 7 individualized training seminars covering the Legal, Policy, Business Operational, and Technical considerations of e-discovery.

April 5

Survival Strategies for Information Security Professionals under the New Federal Rules—This program will focus on the specific functions and tasks facing an information security professional under the new Federal Rules on e-discovery.  The strategies discuss litigation preparedness, preparing for preservation, preparing for depositions, disclosure traps for the unwary, and understanding some legal strategies and their impact on litigation and case management.

April 12

Controlling the Risks of Security with Outside Law Firms—In nearly any lawsuit, outside legal counsel (both on your side and adverse) will receive access to significant volumes of corporate information, including detailed information regarding corporate information systems, security controls and records management practices, as well as potentially sensitive operating information.  Yet most companies have failed to institute any controls to protect their information in the possession or control of law firms.  This program reviews those risks and recommends practical controls to be implemented to improve the integrity and confidentiality with which corporate records are transferred and managed by outside law firms.

April 19

Designing Records Hold Programs—Once a lawsuit begins or litigation is anticipated, a company must establish procedures to identify and hold for later review and production relevant records, including electronically stored information (ESI). These procedures are called “records holds”.  This presentation will review the current risks that courts have identified regarding poorly designed records hold programs and the manner in which effective information security controls can be employed to improve a company’s confidence in its records hold programs.  A representative list of metrics to be employed for measuring the progress of a company’s records hold program will be included. 

On 12/12/06, the ISAlliance delivered a presentation on the amendments to the E-Discovery rules during the IT Risk Management Quarterly work group.

• “These new rules will be of particular significance in product liability litigation, in which potentially relevant electronic data relating to the design, development, manufacturing, marketing, distribution and sale of a single product may be contained in multiple information systems, in different formats, and subject to different protocols, retention policies, and maintenance schedules throughout various divisions, branches or facilities of a single company.”

• Jennifer Smith Finnegan & Aviva Wein, “Coping With the New Rules for E-Discovery,”