1 © copyright 2009 emc corporation. all rights reserved. electronic discovery & compliance:...

1© Copyright 2009 EMC Corporation. All rights reserved.

Electronic Discovery & Compliance:Meeting the Challenges -“Avoiding a Trial by Fire….”

Timothy WellsInformation Governance SpecialistEMC [email protected]


Who Are We and How Did We Get Here? – A Brief Background of e-Data, Compliance, the FRCP and eDiscovery

What's Next and Why Should I Care? – 2010 Drivers and Landscape– Costs and Risks of e-Information

What's An Enterprise To Do? – Information Management (Email, Archives, Records, etc.)– eDiscovery Process and Infrastructure

How Can We Justify Our Spend? – The Road To ROI

What's Our Next Step? – Conclusions and Next Steps

How About Some Free Advice? – Q&A

Agenda


EMC eDiscovery & Compliance Team

An Expert, Diverse Team of 90+ Professionals

– Industry-leader Kazeon & SourceOne Family– Focused on eDiscovery

Industry best, dedicated sales team Dedicated Legal / SME Team Product management and support

Leading-Edge Activities– The Sedona Conference– Electronic Discovery Reference Model (EDRM)– ARMA– Webcasts, Podcasts, Articles, Speaking

engagements

MA

COCA

TX

CT

NY

GA


0

200

400

600

800

1,000

1,200

1,400

1,600

1,800

2,000

2,200

2,400

2,600

2009 2010 2011 2012

Exabytes

5-fold Growth in 4 Years!

DVDRFID

Digital TVMP3 players

Digital camerasCamera phones, VoIP

Medical imaging, Laptops,Data center applications, Games

Satellite images, GPS, ATMs, ScannersSensors, Digital radio, DLP theaters, Telematics

Peer-to-peer, Email, Instant messaging, Videoconferencing,CAD/CAM, Toys, Industrial machines, Security systems, Appliances

Source: IDC Digital Universe White Paper, Sponsored by EMC, May 2009

Digital Information Created, Captured, Replicated Worldwide

487 exabytes487 exabytes

1,713 exabytes

2501 exabytes


Perfect Storm Drives the Need for Efficiency

Information explosion– 70% of information is created by individuals but enterprises are

responsible for the security, privacy, reliability, and compliance of 85% – Your “digital shadow” is larger than the digital information you actively

create about yourself

More lawsuits and regulation– Widespread belief that deregulation was a failure– Food and drug safety– Climate change, and environmental concerns and sustainability efforts– Financial meltdown– Workplace/unions

No New Budget– Do more with less

Enterprise Information Management – How do you get started?


Years After FRCP Amendments…

State of Readiness: Unprepared

57% of law firms: Clients are not ready to find and produce information relevant to litigation

39% of In-house: Company is not prepared for e-discovery

Errors Generate Sanctions and Headlines

Scenario 1:

Lawyers for a company produced a small batch of relevant e-mails about

10 hours before trial. U.S. District Court Judge Marilyn Hall Patel

declares “Heads will have to roll.” According to reports, the punished

company had reviewed terabytes of information for this case.

Scenario 2:

Company hit with an $8.5 million penalty for mistakes with its own discovery of e-mail relevant to a patent lawsuit. As federal courts emphasize the responsibility of

parties to conduct thorough discovery searches, more such

mishaps are likely.

“Companies Not Ready For E-Discovery”, http://www.informationweek.com/blog/main/archives/2008/09/ companies_not_r.html, posted 9/23/08 (Andrew Conry-Murray, Information Week). Survey from Oce Business Services.


Pension Committee CaseGuidance from the Bench

Some insight from Judge Scheindlin:

Courts cannot expect perfection. They do expect that litigants and counsel take necessary steps to ensure that relevant records are preserved when litigation is reasonably anticipated. One requirement noted by the judge is written hold notifications be issued to and acknowledged by all potential custodians.

Failure to preserve evidence, electronic or paper, resulting in the loss or destruction of relevant information is "surely negligent" and depending on the circumstances, may be "grossly negligent" or "willful."

Preservation of backup tapes can be required if they are the sole source of relevant information related to the matter.

Pension Committee provides guidance related to litigation holds, preservation and search methods, and appropriate behavior by organizations charged with delivering relevant data as part of a civil litigation matter.


What is eDiscovery?

8

State and federal regulators, IRS, OSHA, SEC, NASD, FINRA, HIPAA, Data Privacy & Protection

InvestigationInternal and external audits of books and records, Defense Contractor Audit, Govt Contract Audits,etc.

Audit

Current and reasonably anticipated state and federal litigation

LitigationPublic

DisclosureFederal, State and Local - Freedom of Information Act, Open/Public Records Acts

Electronic discovery (eDiscovery) is the process in which electronically stored information (“ESI”) is searched,

collected, preserved, analyzed, and reviewed for legal and regulatory proceedings.


Who Are You and How Did We Get Here? – A Brief History


What's An Enterprise To Do? – Recommendations and Initiatives– eDiscovery Process and Infrastructure

How Do We Justify That? – The Road To ROI



Agenda


2009 OutlookHint: It hasn’t changed much for 2010….

Regulatory investigations– Fallout from the financial crisis = enhanced regulation

Employee Litigation – Layoffs generate lawsuits and investigations

Shareholder derivative actions– Reporting, drop in stock, financial crisis

Aggressive IP Practices– Seeking additional revenue sources

CFO Oversight– Weaker economy results in pressure on expenses - including legal

Sources: Forrester: “Trends 2009: eDiscovery”, Brian Hill, 1/15/2009“As companies increase layoffs, lawsuits are likely to follow”, Carol Williams, Los Angeles Times, 12/28/08

Forrester: “As one outcome of the current macro-economic environment… expect more litigation and regulation in 2009.”


10xIncreased Costs

To Outsource

$1.5MAverage CostPer Incident

The Costs of eDiscovery

$34MAverage Annual

Legal Costs

89%Of CompaniesFace Litigation

$18M+Cost to Review

1 TB of Info


E-mail Is Most Requested Content in Legal Proceedings and Regulatory Investigations…But Not the Only Electronic Information requested

To the best of your knowledge, which of the following record types has your organization been asked to produce in a legal proceeding or regulatory inquiry?

Source: ESG Research Report: 2007 E-mail Archiving Survey, November 2007; based on 107 respondents

E-mail and attachments

General office productivity

Database records

Invoices and other customer records

Financial statements

Phone call recordings and other

Digital images

Instant messages

Video files

Other

E-mail residing on:

File servers

Desktops

E-mail servers

Laptops

80%

60%

49%

41%

25%

21%

16%

5%

36%

29%

80%70%60%50%40%30%20%10% 90%0%


Web 2.0 On the Horizon

Blogs: 48% for industry, 33% in government

Wikis: 44% industry; 38% in government.

Facebook: 44% industry; 28% government

YouTube: 26% of government responders; 25% of industry

Virtual World / Second Life (typically used for recruitment or web conferences): 13% of industry responders and 10% of government responders.

IDC, Survey Shows Glimmers of Hope for Government Web 2.0, Adelaide O'Brien, August 26, 2009








Agenda


Establish Boundaries Around Information Management…Use the appropriate process for cost & risk management

Enterprise Content Subject to Compliance Control

Unstructured Content

Structured Content

Unmanaged Unstructured Content

Network File Shares

Desktops & Laptops

Manage In-place Fixed Content

LegacySystems

Physical Records

Structured Content

Page-Oriented Data

Database Content

Line-oriented Data

Managed Unstructured Content

Custom

?

Custom

?

Custom

?Collaboration

Content Management

Custom

Common Services

Classify/ArchiveeDiscovery

Policy EnforcementDisposition

Email Archive

Email Systems


Electronic Discovery Reference Model (EDRM)

eDiscovery ProcessBring eDiscovery in-house

InformationManagement

Retain or delete based

on value

Collection

Preservation

Review Production Presentation

Processing

Analysis

IdentificationInformation

Management

“IT organizations that have an electronic

information inventory, active policy management and archiving

solutions, and a repeatable process in place for e-discovery will spend up to 50% less on e-discovery … than those that do

not.” ~ Gartner


Segment Data by Business Value

Business records

(e.g., automated message capture

of strategic departments/users)

Business important e-mails/docs

(e.g., automated message capture of strategic departments/users or

as part of a Discovery Manager search)

Large-volume e-mails / docs(e.g., routine business e-mail archived as part of

good information governance and regulatory compliance)

Compliance Archive

Compliance orNative Archive

Native Archive

Referential Modest retention Required for discovery

Official business record Long-term retention

Non-record Compliance-driven Enforced deletion


Potential ESI

Enterprise Email Server(s)

Local Email stores (pst, etc.)

Relational databases– CRM– Accounting / Financial Data

Fileshares

Content Management

Instant Messaging

Video and voice captures

Backup / DR tapes

Wikis & Blogs

Legacy data

User desktops

CDs, DVDs

PDAs / Wireless phones

Flash drives

Home offices

Legacy / stray tapes

Decommissioned servers

Computer graveyard

Stray drives

Archives


Common Questions for IT Infrastructure

What content do I have on my storage? Microsoft SharePoint, file shares, laptops? Is it appropriate? Is it where it should be?

What kind of resources is unmanaged content consuming?

What does it cost me? Is it on the right tier? Should I archive it?

What business records are out there that I don’t know about?

What kind of risk are we carrying? What if there is confidential or private content or content

subject to regulation out there?

How can I clean up my storage? Can I safely delete content that doesn’t have business value? What information do I need to archive and retain?


Contracts, Invoices, PII, etcMove to RM System

Mkt. PowerPoint, Meeting Notices, etc.Short RetentionReferential Record

AttributesActionClassification

Lunch, Gym, emails, MP3s, etcDeleteNon Record

Infrastructure

File Remediation / Classification

Record


MicrosoftSharePoint

Documentum

Intelligent Information Governance with EMC

Enables educated decision-making and policy creation

EMC Celerra,Data Domain,

Centera

The cloud

Copy/move to archive storage

Identify content to migrate to

Copy/move to cloud storage

EMC SourceOne File Intelligence

Copy/move to enable records

File systems

E-mail servers

Laptops and desktops

Documentum

Microsoft SharePoint

Third-party archives


SourceOne File Intelligence: How It Works

Crawl data sources

Build index– Metadata basic– Metadata with

document type– Metadata with

hash– Deep crawl full

text– Deep crawl with

classification

Catalog Analyze Act

Classify files based on metadata, keyword content, and pattern matching

Age, owner, location, file type, etc.

Business value, security risk, intellectual property, PII, PCI

Analyze data with search and report tools– Semantic search with Boolean, proximity, stemming,

phrase support– More than 30 pre-built reports out of the box– Custom reports as needed

Robust action set

– Move, copy, delete, retain, export, tag

Policy-based actions

– One-time– Scheduled– Recurring

Classify Search Report


Rich Data Classification

Classify files by attributes– High business value

Files created or modified in the last 30 days Files owned by company executives

– Medium business value Files not accessed in the last 90 days and not modified in the last 180 days .PST files

– Low business value Files not accessed in the last 180 days MP3/MP4, JPEG, MOV files

Classify selected files based on file content and metadata– Files with “Confidential” content

e.g., source code files, patents, product manuals, contracts, etc.

– Files containing non-public information e.g., Social Security numbers, credit card numbers etc.

Classify files based on IT or business input– Administrator tags– Line-of-business tags– User tags


File Visibility and Remediation

Reduce risk, lower costs, and improve efficiency

Gain insight into unmanaged file content through granular file-level visibility and reporting

Identify opportunities to optimize storage environments where static data is consuming valuable IT resources

Locate and safely delete content to reduce risk, reduce data volume, and improve operational performance

Reduce risk by migrating content to a secure archive or repository for ongoing policy management

Migrate content to virtualized, deduplicated, and cloud platforms to improve performance and reduce costs


Litigation Hold / Collection Spectrum

Tape

Last resort

Pull daily / weekly monthly tapes

Deceptively easy and simple (it’s not!)

Cons: (Not enough room)

Forensics

Focused Use As Needed

Take images of all targeted devices

Very complete Expensive Significant over-

collection Scalability Good tool to have –

not in all cases

Custodian–Driven Holds & Collection

Moderate risk / lowESI Complexity

Custodians do hold/collection of own items

Cheap, simple Shifts burden of work Risk of “Faux

eDiscovery” Can be difficult to do

correctly(e.g. Cache La Poudre)

Loss of metadata

Enterprise / Automation

Best practice

System-based collection of main repositories

Fast, efficient Great ECA Justify initial

investment


EMC eDiscovery - Data Flow

Knowledge workers create electronically stored information (ESI) on data sources as usual; this solution requires no changes to data creation processes and no agents to be deployed on data sources

The solution indexes (harvests) the ESI on the data sources to gather intelligence about the stored data

Investigative users search the indexes to determine what ESI is relevant

Relevant ESI is secured and placed on legal hold on immutable storage

Investigator culls through held data and generates production sets for use in legal review by outside counsel or hosted review vendor

Step 2

Fileshares

Exchange Server

Desktops

Microsoft SharePoint

EMC Documentum

Step 1 Step 3 Step 5Step 4


EMC SourceOne eDiscovery Kazeon

•Legal Hold reporting dashboard•Legal Hold workflow management•Segregate data and cases by role•Built-in and custom reports

Case Management

•Agent-based & agent-less collection•Full and incremental collections•Laptop / Desktop Collection•Single-step targeted collection•Multiple target repositories

Preservationand Collection

•Distributed and collaborative review•Email analytics and threading•Concept search and analysis•Interactive tagging and review•Highly scalable for multiple case support

Analysis and Review


Enterprise Information Governance Solution

Desktops, Remote Offices, and Laptops

TargetLegal Hold

Legal Hold /Legal Store or

Preservation Store – Celerra, Centera, Data Domain &

others

PreservationServer

CollectLegal Store

In-place Legal Hold

FileShares

Avamar BackupsSnapshots

DocumentRepositoriesSharePoint

Documentum

MS Exchange 2003 / 2007 / 2010Lotus Notes / Domino Messaging Servers

SourceOneArchive

S1 Supervisor Regulatory Compliance

Review Sampled Messages

S1 eDiscovery – KazeonIncludes Connectors for:

File SharesHome Drives (laptops & desktops)Exchange & Notes / PSTs & NSFs

DocumentumSharePoint

S1 Email Archive

Other Content RepositoriesCurrently two step collection and unified matter management for:

FileNet, Content Manager, GroupWise and other sources

Email & IMMS SharePointFile Archiving





How Do We Justify Purchases in 2010? – The Road To ROI



Agenda


Challenges

IT• FTEs spending time on restores of historic

data based on vague requests by Legal• No ability to delete because of a lack of

insight into data, and unrealistic policies from Legal

Legal• Massive over-collection (“screw drivers and

wheel barrels”), leads to huge legal review and processing costs by outsourcers (1 gig = 50,000 files for review)

• Risk of sanctions for deleting the wrong thing leads to over-preservation (“save everything”)

*“Global purchases of IT goods and services … will equal $1.66 trillion in 2009, declining by 3%

after an 8% rise in 2008.” Global IT Market Outlook: 2009, Forrester Research, 1/12/2009

In 2010 IT Budgets are flat or declining *, but eDiscovery is not discretionary and the money is already being spent


eDiscovery and RIM ROI

“Organizations unprepared for e-discovery in 2009 will be at a disadvantage … open to potential sanctions from an increasingly technically literate U.S. judiciary. As defendants, organizations need to respond quickly and effectively ... As plaintiffs, organizations must have their ESI house in order and be prepared for reciprocal discovery requests…”Gartner, “Reduce the Cost and Risk of E-Discovery in 2009”, D.Logan & J. Bace, 1/9/09

“Between 10% and 90% of what [clients] have does not need to be retained for any reason.”

Budget roughly $500,000 on IT

support for cases involving 10 or

more custodians and/or more than

three different systems

One terabyte of data can

result in $18.75M in

legal review costs

Unprepared companies will spend 1/3 more on e-discovery than those with content archiv-ing solutions.

RO

I Fa

ctors


The Cost of eDiscovery

Produce

Notice

Collection

Hold

Inspect/Review

* Source: Enterprise Strategy Group, 2007

Cost of holding massive volumes Unanticipated legal risk Spoliation risk

Percentage of discovery costs when proceedingsor investigations involve the discovery of ESI:*

28%

20%

35%

17%

Costs associated with document collection from inaccessible locations

Cost directly related to number of documents to review

Cost of delivering ESI to various recipients on various media (e.g., CD, DVD, or paper)


Straightforward ROI

[1] “MarketScope for E-Discovery Software Product Vendors”, Gartner, Inc., 12/17/08.

“T]he payback period for an e-discovery investment is very short, on the order of three to six months after implementation takes place.” [1]








Agenda


Get Cross-Functional– IT Meet Legal; Legal Meet IT

Assemble Your Case– Collect data, anecdotes, research

Top-Down– Focus initial work on high impact areas

Let EMC Help– We know your information– Our team can facilitate next steps

Knowledge Is Power– EMC eDiscovery and Compliance (www.emc.com/ediscovery)– Bringing eDiscovery In-House (For Dummies): (www.emc.com/ediscovery4dummies)– The Sedona Conference (www.SedonaConference.net)– EDRM (www.edrm.net)

Next Steps








Agenda

1 © copyright 2009 emc corporation. all rights reserved. electronic discovery & compliance:...

Documents

digital information

information relevant

information whats

information act

information week

terabytes of information

information management

emc ediscovery compliance