Electronic evidence new challenges for information security officers l.jpg
This presentation is the property of its rightful owner.
Sponsored Links
1 / 39

Electronic Evidence: New Challenges for Information Security Officers PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

Electronic Evidence: New Challenges for Information Security Officers. Presented by: Tom Greene Chief Assistant Attorney General, Public Rights Division Clark Kelso Chief Information Officer, State of California. Overview.

Download Presentation

Electronic Evidence: New Challenges for Information Security Officers

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

Electronic evidence new challenges for information security officers l.jpg

Electronic Evidence: New Challenges for Information Security Officers

Presented by:

Tom Greene

Chief Assistant Attorney General, Public Rights Division

Clark Kelso

Chief Information Officer, State of California

Overview l.jpg


  • Introduction to the recent FRCP amendments for “Electronically Stored Information” (ESI)

  • Implications for Information Security Officers

  • Resources

  • Questions

E data has been discoverable and admissible for some time l.jpg

E-Data has been Discoverable and Admissible for Some Time

  • “Fed. R. Civ. P. 34(a): “document” includes “data compilations from which information can be obtained, translated, if necessary, by the respondent through detection devices into reasonably usable form”

  • “Today it is black letter law that computerized data is discoverable if relevant … The law is clear that data in computerized form is discoverable even if paper ‘hard copies’ of the information have been produced….” Anti-Monopoly, Inc. v. Hasbro, Inc., 94 Civ.2120, 1995 WL 649934 (S.D.N.Y. 1995)

Frcp amendments and e evidence l.jpg

FRCP Amendments and E-Evidence

  • Amendments to the Federal Rules of Civil Procedure address “electronically stored information” (ESI)

  • Apply to cases brought on or after 12/1/06 and all other cases unless “would not be feasible or would work injustice.” Rule 86.

Amended rule 34 a electronically stored information l.jpg

Amended Rule 34(a): “Electronically Stored Information”

“Any party may serve…a request…to produce designated documents, electronically stored information—including writings, drawings, graphs, charts, photographs, sound recordings, images, and other data or data compilations stored in any medium from which information can be obtained—translated, if necessary, …into reasonably useful form…”

Four concepts in the new rules l.jpg

Four Concepts in the New Rules

  • Early Consideration of ESI issues

  • Two-Tier Approach to Back-up Media

  • Practical Adjustments

  • Shallow Safe Harbor for E-Document Destruction

Critical decisions come early l.jpg

Critical Decisions Come Early!

  • Rule 26(f) Conference Among Counsel

    • ASAP but not later than 16 days before Rule 16 conference or issuance of scheduling order.

  • Rule 26(a) disclosures of ESI

    • At or w/in 14 days of 26(f) conference unless a different schedule per stipulation or order.

  • Rule 16 Conference Order

    • ASAP but at least w/in 90 days of appearance of defendant or 120 days from service of complaint.

Rule 26 f meet and confer obligation l.jpg

Rule 26(f) Meet and Confer Obligation

  • Discuss “any issues relating to preserving discoverable information”.

  • “changes in the timing, form or requirement for disclosures under Rule 26(a)”

  • “[A]ny issues” relating to ESI including the “form or forms” of production.

  • New Form 35 for report to court.

  • Consider bringing a consultant/expert.

Rule 26 a initial disclosures l.jpg

Rule 26(a) Initial Disclosures

  • 26(a)(1)(A)—Witnesses

    • May need to include e-evidence custodian(s); might well be an ISO.

  • 26(a)(1)(B)—”a copy of, or a description by category of, all documents, electronically stored information….that the disclosing party may use to support its claims or defenses”

Rule 26 a sanctions l.jpg

Rule 26(a); Sanctions

  • If fail to “make a disclosure under Rule 26(a), any other party may” move to compel and for “appropriate sanctions”. Rule 37(a)(2)(A).

  • May not be “permitted to use” the undisclosed information “at a trial, at a hearing, or on a motion”. Rule 37(c)(1).

Rule 16 conference l.jpg

Rule 16 Conference

  • Per Advisory Committee, Court is to start w/ 26(f) Report of Counsel.

  • Order is to include “provisions for disclosure or discovery of” ESI. Rule 16(b)(5).

  • Order may include “any agreements the parties reach for asserting claims of privilege or of protection of trial-preparation material after production.” Rule 16(b)(6).

Local rules l.jpg

Local Rules

  • N.D. Cal. Civil Local Rule 16-9 requires a description of:

    • “Steps taken to preserve evidence relevant to the issues reasonably evident in the action, including interdiction of any document-destruction program and any ongoing erasures of e-mails, voice-mails, and any other electronically-stored material.”

Duties of litigation counsel l.jpg

Duties of Litigation Counsel

  • Communicate discovery obligations to client

  • Identify sources of discoverable information

  • Speak directly with key players in litigation as well as IT personnel

  • Put in place a litigation hold

  • Reiterate instructions for litigation hold and monitor compliance

  • Call for employees to produce copies of e-evidence

  • Arrange for segregation and safeguarding of archival media (backup tapes) (Zubulake V, 229 F.R.D. 422 (S.D.N.Y. 2004)

Potential role s of isos l.jpg

Potential Role(s) of ISOs

  • Consultant (How do your systems work?)

    • Informal Advice; Attend 26(f) session or 16(b) conference

  • Witness

    • Persons Most Knowledgeable (PMK) Depositions

  • Design/Implement Litigation Hold; Search for Information

What should you explain to your lawyers l.jpg

What Should You Explain to Your Lawyers?

  • Discuss Email System

    • Hardware, Software, Versions, Location, etc.

  • Discuss File Servers

    • Hardware, Software, Versions, Location, etc.

  • Discuss PCs

    • O/S, Recent Upgrades, Applications, Versions

  • Discuss PDAs

    • Blackberry, Treo, Palm, etc.

Talking to your lawyers part 2 l.jpg

Talking to Your Lawyers, Part 2

  • Backup Policy

  • Retention Policy

  • Destruction Policy

  • Capable of Litigation Holds?

  • Other considerations:

    • Thumb drives

    • Working from home

    • Personal Archives

Special problems with voice mail l.jpg

Special Problems with Voice Mail

  • Voice mail typically Not under Your Direct Control

  • Contact 3rd-Party Vendor ASAP

  • Secure hold on Voice Mails for “Key Players”

Two tier approach rule 26 b 2 c l.jpg

Two-Tier Approach; Rule 26(b)(2)(C)

  • “A party need not provide discovery of [ESI]from sources that the party identifies as not reasonably accessible”

  • Committee note states that fact that archived data expensive to access does not mean don’t have to preserve back-up media.

  • Demanding party can motion for production if value outweighs burden taking into account amount in controversy, parties’ resources, issues in case and importance of the proposed discovery.

States of data cheap to expensive l.jpg

States of Data: Cheap to Expensive

  • Active data ($)

  • Metadata ($)

  • System data ($)

  • Backup tapes ($$$)

  • Deleted and altered files ($$$$)

  • Legacy data ($$$$$)

Budget issues costs for managing e evidence l.jpg

Budget Issues: Costs for Managing E-Evidence

  • Collect data

    • $250-500 per hard drive or backup tape

    • $2,000-3,000 per server

  • Cull and Search for Relevant Data using Tech Tools

    • $1,800 per hard drive; more for backup tapes.

    • $450 per e-mail box

  • Produce Relevant Data

    • $750 per hard drive to prepare data for production in proper format

  • Convert data to litigation support repository for privilege review

    • $4 per Megabyte plus $.10/page for Bates numbering and tiffing the images

Practical adjustments form s of production l.jpg

Practical Adjustments: Form(s) of Production

  • FRCP 34(b) authorizes demanding party to “specify the form or forms in which [ESI] is to be produced”; subject to challenge.

  • Per Advisory Note, can specify different forms for spreadsheets and documents.

Metadata and why it may be important in a lawsuit l.jpg

Metadata and Why It May Be Important in a Lawsuit

  • Classic e-mail metadata fields

    • From, To, Subject, Date, cc, bcc, Text of email

    • Date and time e-mail and/or attachment opened

  • 50-60 other types of fields are available

  • Embedded data (e.g., Excel formulas, Word Processing prior versions)

  • Expensive to manage and produce; relevance depends on the nature of your case.

Typical forms of production l.jpg

Typical Forms of Production

  • Native Format – ESI is produced as it was maintained and used; contains metadata.

  • Quasi-Native – ESI is produced in a format similar to, but not the same as, the format in which it was maintained and used.

    • Proprietary software

    • Large databases

Forms of production part 2 l.jpg

Forms of Production, Part 2

  • Quasi-Paper – ESI is converted to image files, typically TIFF or PDF; meta data and full text are extracted.

  • Quasi-Paper Hybrid – Meta data and text are extracted with a link to the native file.

  • Paper

  • What do you really need?

  • Be careful what you ask for. . .

Rule 37 shallow safe harbor l.jpg

Rule 37: “Shallow Safe Harbor”

  • FRCP 37(f) provides that “absent exceptional circumstances, a court may not impose sanctions…[for ESI]… lost as a result of the routine, good-faith operation of an electronic information system.”

  • Good faith per Committee Note includes retention under common law, etc. and existence of effective litigation hold.

Retention obligation practice tips l.jpg

Retention Obligation: Practice Tips

  • Normal business destruction will not yield sanctions under FRCP.

  • But Improper Destruction Creates Major Risks for Your Agency.

  • Written Litigation Hold Policies are Highly Recommended.

What is spoliation l.jpg

What is “spoliation”?

  • “the destruction or significant alteration of evidence, or the failure to preserve…evidence in pending or reasonably foreseeable litigation.” West v. Goodyear, 167 F.3d 776,779 (2nd Cir.1999)

  • contra spoliatorem omnia proesumuntur. Black’s Law Dictionary4th

Sources of duty to preserve l.jpg

Sources of Duty to Preserve

  • Knew or should have known of possible litigation

  • Specific statutes, e.g. Sarbanes-Oxley; SEC Rules

  • Court order

  • Agreement

When does duty attach l.jpg

When Does Duty Attach?

  • Based on common law “knew or should have known” standard:

    • When Product Designed. Carlucci, 102 F.R.D. 472 (S.D.Fl.1984)

    • When Complaints Received. Remington, 836 F.2d 1104 (8th Cir.1988)

    • When litigation suspected. Zubulake IV, 220 F.R.D. 212 (S.D.N.Y.2003)

    • When major accident occurs. Union Pac. R.R., 2004 U.S.App.LEXIS 6 (8th Cir.2004)

Preservation of metadata may be required l.jpg

Preservation of Metadata May Be Required

  • Relevance of metadata depends on the case.

  • Burden of disclosing metadata on the producing party. Williams v. Sprint, 2005 U.S. Dist. Lexis 29882 (D.Md. 11/22/05)

  • Discuss at 16(b) conference.

What remedies l.jpg

What remedies?

  • “Most potent” is the adverse inference instruction. Cedars-Sinai, 18 Cal.4th 1, 11(1998)

  • Example: New CA standard instruction 205 reads: “You may consider whether one party intentionally concealed or destroyed evidence. If you decide that a party did so, you may decide that the evidence would have been unfavorable to that party.”

Other sanctions l.jpg

Other Sanctions

  • Monetary

  • Evidence

  • Issue

  • Terminating

A few examples l.jpg

A Few Examples

  • Leon v. IDX (9th Cir. 2006) 464 F.3d 951 (files deleted from laptop; dismissal)

  • U.S. v. Gordon (9th Cir.2004) 393 F.3d 1044 (use of “Evidence Eliminator to scrub drive; pay costs and conviction affirmed)

  • In re Napster (N.D.Cal. 10/25/06) 2006 WL 3050864 (deletion of e-mail; adverse inference instruction)

More examples l.jpg

More Examples

  • World Courier v. Barone(N.D.Cal., No. C 06-3072 THE, 4/13/07) (destruction of hard drive in IP case by non-party husband; adverse inference instruction, costs; relies on Residential Funding v. DeGeorge Fin. (2d Cir. 2002) 306 F.3d 99, 105)

  • People v. Hanson Building Materials(Contra Costa County, No. MSC04-00424, 5/3/07) (Failure to retain e-mail; CA state agency ordered to pay $79K in fees/costs + adverse inference instruction; writ pending)

Litigation hold requirement policy and implementation l.jpg

Litigation Hold Requirement:Policy and Implementation

  • Create Policy to:

    • Determine When Hold is to be Imposed

    • Define what is to be preserved

    • Staff responsibilities

  • Implementation Issues:

    • ID key players who are involved

    • ID relevant records/docs/systems/computers

    • Contact and interview all key players

    • Will metadata be material? A forensics snapshot?

    • Will legacy data or backup media need to be preserved?

    • When do we need an outside expert?

Litigation hold procedures training and follow up l.jpg

Litigation Hold Procedures:Training and Follow-up

  • Follow-up

    • Meetings and regular reminders

    • Individual Interviews

    • Determine if staff requires further clarification

  • Document the process

Resources l.jpg


  • Sedona Guidelines (sedonaconference.com)

  • Zubulake decisions

  • Michael Arkfeld ,Electronic Discovery and Evidence (All AGO libraries)

  • BNA, Digital Discovery and E-Evidence

  • Internet resources

    • Discoveryresources.org; krollontrack.com; FIOS.com; applieddiscovery.com; Note webinars.

Take aways l.jpg


  • E-Discovery Presents Serious Risks to Your Agencies.

  • ISOs Will Have Important Roles in Future Litigation

  • Need to Partner Early with your CIO, the AG and your General Counsel’s Office.

  • Need for Standards and Guidelines (Which You Should Help Write).

Thanks and questions l.jpg

Thanks and Questions

  • Login