digital documents & e-discovery

Digital law and governance e-discovery

Jacques Folon www.folon.com

Partner Edge Consulting

Maître de conférences Université de Liège Chargé de cours ICHEC Brussels Management School Professeur invité Université de Lorraine (Metz) ESC Rennes

http://www.nyls.edu/institute_for_information_law_and_policy/conferences/visualizing_law_in_the_digital_age/

3

1.where are we now ?

2.Need of an electronic content management

3.E-discovery

4.Sedona Principles

1. Where are we now?

5

Information overload

6

Control ?

Which information ?• Electronically stored information (ESI) • Scannes documents • Fax • Texts, excel sheets, powerpoint (word, pages,

including old versions of the software versions) • Emails in & out • Databases, websites, blogs,… • Hard disks (central, local, pc, external, USB

sticks, …) • CRM, CMS • GSM et PDA • Time sheet • Acounting • Intant messaging • Voice mail • GPS navigation systems • Metadata • social networks (internbal & external) • … 8

9

Increase of data from 2010 ->2014 = + 650% (Gartner)85% of the data are not structured80% of data search gave no result

2. Prerequisite: Electronic data management

10

www.aiim.org/training

Source : https://www.britestream.com/difference.html.

• Most of today’s records start out in electronic form – Letters – Emails – Faxes – Web transactions – Other transactions

Copyright © AIIM | All rights reserved

The importance of records

Source: What is ERM www.aiim.org/training

Electronic records management

• The electronic management of paper records?

• The management of electronic records?

Question: Is ERM

Answer: Both


For each type of content, evaluate the degree of control that exists in your organization in managing it.

Content types and how well managed

All respondents (462)


ERMEff

ective

ness

Conti

nuity

Efficiency

Compliance

What are the main business drivers?

Copyright © AIIM | All rights reservedSource: What is ERM www.aiim.org/training

Driver: Compliance

• Laws • Regulations • Policies • Standards • Good practice


Driver: Effectiveness

• Not losing records • Sharing records • Finding records easily • Getting the complete picture


Driver: Efficiency

• Accessing records quickly • Space savings • Reduced handling costs • Other examples

– Archival costs – Disposal of furniture – Consumables


Driver: Continuity

• Records are vulnerable to loss • Businesses tend to fail if they lose their records • Electronic storage may speed recovery from a disaster


The records lifecycle

Copyright © AIIM | All rights reserved

Source: NARA


Fundamental principles

• Records are created, received, and used in the conduct of organisational activities • Organisations should create and maintain authentic, reliable, and usable records


Access and usage principles

• Records should be accessible to authorised users

• Users should be able to search and access records in usable formats • Records should be organised to support access and management


Retention principles

• Records must be managed through their lifecycle

• Records should be kept as long as required – Statutory requirements – Legal requirements – Business or operational needs

• Retaining records longer than required may increase organisational liability


Disposition principles

• Disposition is an accepted phase of the records lifecycle – Transfer/accession – Destruction

• Records should be disposed of at the end of the lifecycle


What is ‘Capture’

ERM System

Capture


The purpose of capturing records

▪Establish a relationship between the record and its context ▪Place the record into a controlled environment ▪Link the record to other related records ▪Allow the record to be managed effectively


Why not capture everything?

• Hard cost of storage • Volume of non-records to sift through

– Operationally – For legal or audit requirements

• Increased liability for disclosing too much


So, what is metadata?

• Metadata = “Data about data” – For a document or record this means data such

as its author, its title, the issue date, and other information which can usefully be associated with it

• Nothing new or unique • Defined in terms of units called “Elements”

or “Fields.” – Some support “sub-elements” or “attributes”


Perspectives on metadata

• Entering metadata is often called “indexing” • Different users of an ERM system will have

different views of what metadata can do for them, and what metadata is required – Business perspective – Records management perspective – User perspective


Why is access control necessary?

• Ensure ‘systematic control’ and ‘credible evidence’

• Ensure authoritative records • Protect commercially sensitive information • Protect personal information • Limit access to protectively marked information


The objects of user access rights

• Provide or limit access to specific classes,

files or records • Provide or limit access to features • Provide or limit access by security classification

– ‘Need to know’


Retention periods - 1

• Capturing a record implies need for retention

• A record may be retained in different ways – ERM system – Software application – Separate electronic media – Paper


Retention periods - 2

• Records will vary in their intrinsic nature • Some records may need to be retained for

very long periods of time • Other records will need to be retained for shorter periods


The benefits of destroying records

• Keeping everything forever is expensive – Storage costs – Search and retrieval – Discovery

• Courts have held that there is no requirement to keep everything forever

• Destroying records reduces risk – When it is done consistently and in accordance

with the records program


3. After ERM => ediscovery

36

Definition & context

• E-dicovery is a process to search, localise, secure, identify a data in order to have it as an evidence before the court

• Necessity to have a quick result • the right data at the right time • translation sometimes necessary

37Source www.systran.fr

Ediscovery model

38Source for the next 9 slides: http://edrm.net

1/information mgt

39

2/ identification

40

3/ preservation

41

4/ collection

42

Collection is the acquisition of potentially relevant electronically stored information (ESI) as defined in the identification phase of the electronic discovery process. The exigencies of litigation, governmental inquiries, and internal investigations generally require that ESI and its associated metadata should be collected in a manner that is legally defensible, proportionate, efficient, auditable, and targeted.

5/ processing

43

6/ review

44

7/ Analyse

45

8/ Production

46

9/ Presentation

47

GSA IT Quarterly Forum -- Aug 2007

48

4/ The Sedona Principles: Best Practices Recommendations & Principles for Addressing Electronic Document

Production (Second edition, June 2007)

The Sedona Guidelines: Best Practices Guidelines & Commentary for Managing Information and Records in the

Electronic Age (Sept. 2005)

49

The Sedona Guidelines– Second work product of working group

– Draft published in September 2004 for public comment; published in September 2005.

– They are:

• Important background and roadmap of issues

• Link between RIM, IT and Legal Perspectives

• Flexible, Scalable and Reasonable – They are not:

• Standards or minimum requirements

• Unchangeable

50

The Sedona Guidelines

• 1. An organization should have reasonable policies and procedures for managing its information and records.

51


• 2. An organization’s information and records management policies and procedures should be realistic, practical and tailored to the circumstances of the organization.

52


• 3. An organization need not retain all electronic information ever generated or received.

53

The Sedona Guidelines• 4. An organization adopting an information and records

management policy should consider including procedures that address the creation, identification, retention, retrieval and ultimate disposition or destruction of information and records.

54


• 5. An organization’s policies and procedures must mandate the suspension of ordinary destruction practices and procedures as necessary to comply with preservation obligations related to actual or reasonably anticipated litigation, governmental investigation or audit.

5. Conclusion

55

Information security manager

Are we ready to be there?

59

Jacques Folon [email protected]

Any questions ?

digital documents & e-discovery

Education