Icpl 7 25 2007
This presentation is the property of its rightful owner.
Sponsored Links
1 / 32

ICPL 7/25/2007 PowerPoint PPT Presentation


  • 53 Views
  • Uploaded on
  • Presentation posted in: General

X Me. ICPL 7/25/2007. What the New E-Discovery Rules Mean to You H. Morrow Long, MS, CISSP, CISM, CEH Director of Information Security Yale University. FRPC 2006 E-Discovery terms & points. ESI is now a separate category of discoverable info.

Download Presentation

ICPL 7/25/2007

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Icpl 7 25 2007

X Me

ICPL 7/25/2007

What the New E-Discovery Rules Mean to You

H. Morrow Long, MS, CISSP, CISM, CEH

Director of Information Security

Yale University


Frpc 2006 e discovery terms points

FRPC 2006 E-Discovery terms & points

  • ESI is now a separate category of discoverable info.

  • You must know what you have -- Sloppiness is no longer an excuse. Hire records management personnel?

  • You must respond to a request by a finite time frame.

  • Data is now delivered in electronic form as specified.

  • Don’t panic: “Good faith” efforts provide a “safe harbor”.

  • You will not be in trouble as long as you follow your repeatable (and documented) policies & practices. ILM!

  • You can face fines, adverse jury instructions or business disruption.

  • Plan and prepare. Set up arrangements between general counsel and IT as well as with outside firms if you are going to need their assistance (outsourced provider, forensics firm).


National environment ig audits are gaining momentum

National Environment…IG Audits are gaining momentum

HHS audit of Yale subcontract from UMass Medical School (February 2006)

Major signal about responsibilities relating to subcontracts

$194K of a $572K NIH award was disallowed by HHS

Cost transfers (preaward, accounts in deficit), effort, cost allocation methodology

NIH, DoD and NSF serve Yale with subpoenas (July 2006)

FBI agents went at night to faculty and staff homes (and to one vacation destination!) to question them

All information related to 47 grants from 13 departments (many closed) were subpoenaed

Issues thus far…allocation of research expenses, the reporting of faculty effort devoted to grants, and numerous other matters relating to grant administration.

“Just zero out the grant…”

Whistleblower…?

IG focus is on cost transfers, allocation of expenses, effort, administrative charging and subaward monitoring, conflict of interest

3

http://ora.stanford.edu/supporting_files/abc_0207_compliance.ppt


Yale university federal g c investigation

Yale University - Federal G&C Investigation

June 26, 2006 - Yale is served with subpoenas from four federal agencies : HHS, NIH, DoD, NSF - 47 grants and contracts for $47 million in 14 Depts.

“The amount of documents that have been requested by the federal government amounts to … hundreds of thousands, even millions of pages,” - Yale President Levin

Yale Daily News, September 11, 2006

May 2007 - NASA investigation into Grant and Contract Accounting.


Yale university response and actions

Yale University Response and Actions

  • Mobilizes to inventory, preserve, examine, catalog and index data to fulfil the subpoenas doc requests.

  • “100 Day Plan” to re-engineer accounting @ Yale.

  • New Research Administration department created.

  • Space reserved to store investgation’s paper documents

  • Floor of Class A office space reserved for the auditors and lawyers to sort through documents.

  • Communications: Sends e-mail and posts official message to the Yale Community on June 30, 2007 notifying employees (and others) what has occurred and what they should do.


Official yale communications

Official Yale Communications

  • VP General Counsel June 30, 2006 memo to Yale

  • July 25, 2006 guidance on how this policy applies to newly created research data,

  • Reminders sent out on 11/2/2006, 3/30/2007.

  • May 9, 2007 Memo on NASA Investigation


Issues

Issues

  • Everyone began to ask what they could/should do before they :

    • Repurposed PCs

    • Disposed of computers and disks and tapes

    • Erased large datasets of research files…

  • Now there was ‘The List’ of “Persons of Interest”.

  • Over time the rule in IT became that you had to check ‘The List’ to see if a user was a named ‘Person of Interest’.

  • Our Remedy trouble ticket system even had a ‘Red flag’ tag added to display when a ticket was a “Person of Interest”.

  • Yale’s IT AUP (Policy 1607) provides a process for access to data on University owned systems without the user’s consent under a procedure with checks and balances (Section 2.B).


Yale policy 1607 section 2 b conditions of university access

Yale Policy 1607 Section 2.BConditions of University Access

B. Process. Consistent with the privacy interests of Users, University access without the consent of the User will occur only with the approval of the Provost and cognizant Dean (for faculty users), the Vice President for Finance and Administration (for staff users), the Dean of Yale College or of one of the graduate or professional schools, as appropriate (for student users), or their respective delegatees, except when an emergency entry is necessary to preserve the integrity of facilities or to preserve public health and safety. The University, through the Systems Administrators, will log all instances of access without consent. Systems Administrators will also log any emergency entry within their control for subsequent review by the Provost, Vice President for Finance and Administration, dean, or other appropriate University authority. A User will be notified of University access to relevant IT Systems without consent, pursuant to 1607.2, section A (1-5) depending on the circumstances, such notification will occur before, during, or after the access, at the University's discretion.


Problems

Problems

  • We ran out of tape and disk in our central TSM network backup system servers.

  • Research and administrator users ran out of disk space.

  • People became afraid to delete any files at all…

  • Eventually there was some tension between the Faculty and the Yale administration regarding :

    • Mandatory faculty training in research administration.

    • The process of accomodating the document preservation and production to the government in fullfilling the subpoenas.


Its involvement

ITS Involvement

  • 600+ Individuals named

  • 400+ accounts preserved (“held”)

  • 100 individual’s disks restored or ‘captured’

    • 20+ 200GB disks shipped to internal investigators

  • Additional tape units, disks and computers to handle ePreservation and restorals/capture.

  • H/W Drive Encryption units for xfer to 3rd party firms.

  • 8 TB of disk space used for e-Preservation “SAFE” TSM vault.

  • Many hard disks, tapes and other media physically preserved (stored in my office, moved to cabinets)

  • Cataloging/indexing system for preserved ESI.

  • Wrote software to automate cataloging and restoring inactive (deleted/overwritten) files, tracking and reporting progress.


Timeline 2006 7

Timeline - 2006-7

  • July - Preservation

  • August - Project Planning

  • September - Inventory

  • October - December - Restores and Captures

  • January - March - Clean up of outliers

  • June - we’ve returned to regular mode operation of disabling/deleting accounts not on ‘the list’ (now we have a new ‘list’ which includes all of the accounts in ‘holds’

    The University negotiated with the Federal gov’t as to how many and who they needed to supply documents for, reducing the number of individual’s files affected


E collection philosophy

E-Collection Philosophy

The University negotiated with the Federal gov’t as to how many and who they needed to supply documents for, reducing the number of individual’s files affected

We’ve taken the concept of undue administrative burden to heart (pre E-Discovery 2-tier), restoring data which is not unduly difficult to restore.

We have collected data from backups rather than directly from systems to reduce inconvenience to users.

We usually only do forensic capture when a legal or internal (e.g. HR) investigation will require it.


December 2006 present e discovery

December 2006 - Present E-Discovery

  • E-Discovery takes affect : New Federal Rules of Evidence for “ESI”

  • ITS and General Counsel discusses and determines:

    • We will use the procedures and processes we have been using for the G&C Investigation to handle eDiscovery “holds”.

    • General Counsel will send InfoSec a formal confidential request to preserve all centrally held data (E-Mail, PC backups and Pantheon home directory) for individuals/accounts.

    • InfoSec will coordinate tracking the preservation requests and responses.

  • We’ve had a dozen “Hold” requests from General Counsel.

  • We’re solidifying the P&P which has been hammered out.

  • We’ve taken one set of “frozen” files/archives off of “hold” (case was settled).

  • We’ve not unfrozen any of the G&C material (current case).


Frpc 2006 e discovery terms points1

FRPC 2006 E-Discovery terms & points

  • ESI is now a separate category of discoverable info.

  • You must know what you have -- Sloppiness is no longer an excuse. Hire records management personnel?

  • You must respond to a request by a finite time frame.

  • Data is now delivered in electronic form as specified.

  • Don’t panic: “Good faith” efforts provide a “safe harbor”.

  • You will not be in trouble as long as you follow your repeatable (and documented) policies & practices. ILM!

  • You can face fines, adverse jury instructions or business disruption.

  • Plan and prepare. Set up arrangements between general counsel and IT as well as with outside firms if you are going to need their assistance (outsourced provider, forensics firm).


Issues for e discovery e preservation

Issues for e-Discovery & e-Preservation

  • Data Formats - programs used, data formats change and many law firms can only handle certain files. Conversion is needed.

  • De-duplication of messages & documents is major.

  • Outsourcing is $$$ but really helps with the 2 tasks above.

  • There needs to be a formal policy and process / procedure for both preserving and eliminating ESI (taking files off of a “hold”). Retention period? Should U have a ILM policy?

  • Know what data you have and where it is (& how to get to it)

  • Buy or build tools to archive and restore any data needed to reduce the $$ and time, remove manual steps & add accuracy

  • Always have General Counsel contact faculty and staff first before an IT or InfoSec staffer is sent to secure or capture data from an end user’s system.


Conclusions

Conclusions


References yale daily news articles

References - Yale Daily News Articles

  • Univ. reviews accounting - 100 Day Planhttp://www.yaledailynews.com/articles/view/17801

  • YDN 2006/12/7 Univ. alters accounting for grantshttp://www.yaledailynews.com/articles/view/19258

  • Faculty object to searcheshttp://www.yaledailynews.com/articles/view/19728


References yale official announcements

References - Yale Official Announcements

  • 2006/06/30 - Announcement of Investigationhttps://light.its.yale.edu/messages/UnivMsgs/detail.asp?Msg=17885

  • 2006/07/25 - Guidance on Research Data https://light.its.yale.edu/messages/UnivMsgs/detail.asp?Msg=18018

  • 2006/11/02 - Reminder on document retentionhttps://light.its.yale.edu/messages/UnivMsgs/detail.asp?Msg=20321


This has been a chalk outline production

This has been a chalk outline™ production.


  • Login