slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
May 2006 PowerPoint Presentation
Download Presentation
May 2006

Loading in 2 Seconds...

play fullscreen
1 / 49

May 2006 - PowerPoint PPT Presentation


  • 127 Views
  • Uploaded on

eDocument Retention. May 2006. Agenda:. What is Email Archive/Audit? The Current Environment The Ideal Compliant Email Archive Proactive Approach - Live Capture System Data Flow Adaptable Compliance. What is an Email Archive. An offsite or onsite copy of company emails

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'May 2006' - thi


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
agenda
Agenda:
  • What is Email Archive/Audit?
  • The Current Environment
  • The Ideal Compliant Email Archive
  • Proactive Approach - Live Capture
  • System Data Flow
  • Adaptable Compliance
what is an email archive
What is an Email Archive
  • An offsite or onsite copy of company emails
  • Automatically collected
    • In an intelligent fashion
  • Stored securely
  • Fully Searchable and Auditable
    • Eliminating data collection/harvesting during eDiscovery
    • Admissible in court
agenda1
Agenda:
  • What is Email Archive/Audit?
  • The Current Environment
  • Data Retention Implementation
  • The Ideal Compliant Email Archive
  • Proactive Approach - Live Capture
  • System Data Flow
  • Adaptable Compliance
the situation today
The Situation Today
  • Business documents are being generated at such a rate that economic retrieval is extremely challenging.
    • During 2004, enough information was produced worldwide to fill 500,000 libraries of congress.
    • 64 billion emails were sent in 2005 with 108 billion expected in 2008.
    • Global email traffic has grown to some 171 billion messages per day, of which 71 percent is spam.
  • The average corporate user sends and receives 113 email messages a day. That translates into nearly 300MB per month.*
    • By the end of the decade, that number is expected to grow to 160 messages and 417 MB per month.*
  • As much as 85% of all email data is due to attachments.*
  • Gartner Group: We spend as much as 20% of our time searching through our email and files.

A medium-sized company could exceed Google’s capacity within 2 years

The Library of Congress

*Radicati Group

the elephant in the living room
The Elephant in the Living Room
  • Let’s not forget why we have to be compliant –
  • THE THREAT OF LITIGATION

Only 30% of companies consider search and discovery to be a top priority when choosing an email archiving solution. Of these, 25% said that the main driver for search and discovery functionality was to expedite review and audit processes,

and still more to reduce legal discovery costs.

Companies should be ready to do eDiscovery at all times

war stories
War Stories
  • 90% of U.S. corporations are involved in litigation and 20% of all companies are sued every year.
  • Bank of America was fined $50,000 per each email they failed to produce in court. Total penalty: $10 Million.
  • Morgan Stanley lost $1.45 Billion in damages and was sanctioned for its failure to preserve and produce certain electronic records.
    • The SEC piled on an additional $15 M penalty, so far…
  • US corporate financial restatements soared 28% from 2003 to 2004, and 10 to 30% of financial data is erroneous. The cost of erroneous data is $600 Billion in the US.
  • Schering Plough fined $500 Million for noncompliance in 2002
  • The typical large corporation paid $16 million in corporate governance costs.
  • The average company with over $1 Billion in revenues has 147 lawsuits and 48 different financial systems.
  • The average cost for companies with less than $1 billion in revenue increased by more than 230% since Sarbanes-Oxley went into effect.
war stories1
War Stories

However, by far the largest penalty for failing to comply

is the devastating impact on a company’s market capitalization

when shareholders find out that a company is not compliant.

corporate compliance progress
Corporate Compliance Progress
  • From ARMA Survey 2005:
  • “Nearly one-half of the respondents (49%) are
  • either:
  • ‘not at all confident’,

or only

  • ‘slightly confident’,
  • that their organizations
  • could demonstrate that their electronic records were
  • accurate, reliable and trustworthy.”

(randomly selected logos)

agenda2
Agenda:
  • What is Email Archive/Audit?
  • The Current Environment
  • Data Retention Implementation
  • The Ideal Compliant Email Archive
  • Proactive Approach - Live Capture
  • System Data Flow
  • Adaptable Compliance
an implementation roadmap
An Implementation Roadmap
  • Establish Policies for:
    • Email
    • Unstructured Data
    • Financial Reports
    • Training Materials, etc.
  • Identify data value for all data under management
    • Relational by subject area
    • Content Managed as Related to Relational
    • Email, Backup and Offsite
  • Dispose of non-regulated, low-value, low-access data with an appropriate audit trail.
  • Develop processes to periodically dispose of expendable data with audit and reporting systems.
establishing the retention policy
Establishing the Retention Policy
  • Establishing the Data and Information Retention Policy
    • Preservation and Retention
    • Retention Policy
    • Preservation and Retention Duty
  • Compliance
  • Litigation
  • Creating Your Policy – This is not an IT Problem
  • Document Destruction
  • Retention Policy and The Litigation Hold
  • Information Security
preservation vs retention duty
Preservation -

Time: foreseeable dispute (shorter than retention)

Bases: rules, tort, inherent power

Breach: spoliation

Penalties: default or dismissal, evidence, fines

Retention -

Time: statute or regulation

Bases: statutes and regulations

Breach: spoliation

Penalties: default or dismissal, evidence, fines, statutory penalties

Preservation vs. Retention Duty
purpose of retention destruction
Retention -

Legal compliance

Litigation preparedness

Company’s reputation

Destruction

Reduce Operational Cost

Asset protection

Privacy

Purpose of Retention/Destruction
compliance
20,000+ statutes and regs require retention

Consider impact of foreign retention requirements

Harm of retention spoliation similar to harm of preservation spoliation

Compliance
four legs of compliance
Four Legs of Compliance

Compliance is the result of integrated Policies and Processes

The Policy - Information Records Management Policy is established by corporate Legal. Specific measure for compliance are tied to the policy. What’s the policy and how do you measure compliance?

The Leadership – The Policy is reflected in the visibility, adoption, enforcement and compensation by and for senior management. Does Leadership walk the walk?

The Technology – The Policy is reflected in all aspects of data management. IT is using and NOT establishing The Policy. Does the Procedure tie to the policy?

The Training – The Policy reflected in all aspects of training, education, procedure and compensation. Does everyone understand their responsibility, liability and consequences?

the compliance team
The Compliance Team

The Compliance Team is Composed of:

    • General Counsel
    • Compliance Officer
    • Information Architect
    • Application Architect
    • Content and Messaging Manager
    • Training Supervisor
  • The Compliance Team provides an enterprise understanding of data retention through:
    • Comprehensive understanding of corporate policy and procedures related to regulatory compliance.
    • Elimination a fragmented responses to regulatory inquiry
    • Optimizes response to Litigation Discovery
statutes and retention
Statutes and Retention
  • SEC Rule 17a-4 Electronic Storage of Broker Dealer Records
  • Graham-Leach-Bliley Act - Financial Services Modernization Act -1999
  • Sarbanes – Oxley Act of 2002
  • FDA 21 CFR Part 11
  • DOD 5015.2 Department of Defense
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Fair Labor Standards Act
  • Occupations Safety and Health Administration (OSHA) Act
  • Internal Revenue Service Reform Act
  • Food and Drug Administration
  • Health and Human Services
statutes and retention1
Statutes and Retention

SEC Rule 17a-4 Electronic Storage of Broker Dealer Records

  • Retention – Minimum of 3 Years
  • Related to the retention of correspondence between the securities company and its customers.
      • Purchase and sale documents,
      • Customer and associated persons’ records,
      • Customer complaint records
      • Written supervisory procedures
  • Additional rules have been established by both the NASD (sect 2210 and 3010) and NYSE(SECT 342 ) that require members to comply with SEC 17a-4 or risk fines by both the SEC and the members SRO.
statutes and retention2
Statutes and Retention
  • "preserve the records exclusively in a non-rewriteable, non-erasable format.“ This requirement does not mean that the records must be preserved indefinitely. Like paper and microfilm, electronic records need only be maintained for the relevant retention period specified in the rule.
  • The electronic storage media must verify automatically the quality and accuracy of the storage media recording process; serialize the original and, if applicable, duplicate units of storage media, and time-date for the required period of retention the information placed on such electronic storage media; and have the capacity to readily download indexes and records preserved on the electronic storage media to any medium acceptable under paragraph (f) as required by the Commission or the self-regulatory organizations of which the member, broker, or dealer is a member.
statutes and retention3
Statutes and Retention

Graham-Leach-Bliley Act or Financial Services Modernization Act of 1999

  • Retention Period – 6 Years or “Best Practices”
  • Related to limited privacy protection against the sale of private financial information to third parties.
      • Personal financial information must be securely retained.
      • Customers must be advised of the policies in place for sharing personal financial data.
      • Customers must be able to easily opt out of the sharing of some financial data
statutes and retention4
Statutes and Retention

Name - Health Insurance Portability and Accountability Act

  • Retention Periods
    • Complaints – 6 Years
    • Medical and Diagnostic Records – 6 Years
    • Medicare Records – 5 Years
    • Special Consideration for Minors
    • Records must be retained for 2 years after a patients death
  • Relates to documents on uses and disclosures, authorization forms, business partner contracts, notices of your information practice, responses to a patient who wants to amend or correct their information, the patient's statement of disagreement, and a complaint record.
statutes and retention5
Statutes and Retention

The Sarbanes-Oxley Act of 2002

  • Retention Period – 7 Years
  • Deals with the falsification, destruction, alteration of documents or data with the intent to impede, obstruct or mislead an investigation by any federal agency. Includes the destruction of materials used in the creation of audits or financial assessments
  • Applies directly to publicly held companies
  • US Companies valued at over 100 million dollars will spend a combined 2 Billion dollars on implementing SOX 4
  • Privately held companies with US ties are adopting SOX as well.
new sox data sources
New SOX “Data” Sources
  • Website Records - Section 403 - Posting stock ownership changes
  • Internal Control Reports – Section 404 - Audit notes on how the internal control reports are created
  • Corporate Officer Certification – Section 302 – Who certified which reports and audits and when.
  • Complaints – Section 301 – The collection, retention and treatment of complaints, external, internal, anonymous as they relate to financial audit and disclosure. Also, a description of how the complaint was addressed.
  • Penalties – Section 906 – False certification can result in $5,000,000 in penalties and/or 20 years in prison.
memorable i wish i d deleted that emails
Memorable I-Wish-I’d-Deleted-That Emails

“…How much do we need to pay you to screw Netscape?...”

Warm Regards,

Bill Gates

Microsoft Corporation

memorable i wish i d deleted that emails1
Memorable I-Wish-I’d-Deleted-That Emails

“…Let’s clean up those files…”

Memorable Wish-I’d-Deleted-That Emails:

“How much do we need to pay you to screw Netscape?”

Fondly,

Frank Quattrone

Credit Suisse First Boston

agenda3
Agenda:
  • What is Email Archive/Audit?
  • The Current Environment
  • Data Retention Implementation
  • The Ideal Compliant Email Archive
  • Proactive Approach - Live Capture
  • System Data Flow
  • Adaptable Compliance
requirements
Requirements
  • Speed – The system must provide sub-second respond time for most queries.
  • Cost efficiency - The system must be inexpensive.
  • Regulatory compliance – The system must be conformant.
  • Reliable – The system can never lose or corrupt data.
  • Litigation Readiness – Must be continually ready to produce documents with a verifiable Chain of Custody and no spoliation.
litigation ready system the hardware
Litigation-Ready System – The Hardware
  • Utilize a cluster-computing architecture as the basis for a Web-based solution
  • Excellent Price / Performance
  • Excellent Scalability
  • Excellent Reliability
  • Extremely Fast Response Times
litigation ready system the interface
Litigation-Ready System – The Interface
  • Design an easy-to-use human interface
  • Minimize the learning curve
  • Keep employee morale high
  • Maximize productivity
litigation ready system
Litigation Ready System
  • Support most file types with real-time capture
  • Export to major third-party litigation systems

Live capture,

Outlook,

Lotus Notes,

Financial Reports,

Excel,

Word,

PDFs…

TIFF/PDF

Other…

  • Minimize operational problems
  • Optimize responsiveness to courts
  • Handle exceptions
  • Talk to other systems
agenda4
Agenda:
  • What is Email Archive/Audit?
  • The Current Environment
  • Data Retention Implementation
  • The Ideal Compliant Email Archive
  • Proactive Approach - Live Capture
  • System Data Flow
  • Adaptable Compliance
a litigation ready archival solution
A Litigation-Ready Archival Solution
  • Searchable / Compliant Email Archival
    • Real-time data collection, Intelligent filtering for compliance
  • Benefits:
    • Off-site email archiving
    • Adaptable compliance
    • Easy retrieval of emails for all users
    • Continuous litigation readiness

Repository

Live Capture

Live capture of data

litigation ready solution
Litigation-Ready Solution

Benefits:

  • Secure off-site email archive
  • Compliance conformance
  • Find any email quickly and easily
  • Elimination of the data collection/harvesting task
  • Litigation readiness with chain of custody and spoliation functions

Repository

Live Capture

Live capture of data

Support major email systems

Powerful Search

Email/File Management

Full Access Control

WORM Archive

agenda5
Agenda:
  • What is Email Archive/Audit?
  • The Current Environment
  • Data Retention Implementation
  • The Ideal Compliant Email Archive
  • Proactive Approach - Live Capture
  • System Data Flow
  • Adaptable Compliance
system data flow
System Data Flow

Message

Servers

Live Capture

Data Life Cycle

system data flow1
System Data Flow

Deduplication

Intelligent Filtering

Message

Servers

Live Capture

Data Life Cycle

system data flow2
System Data Flow

Deduplication

Intelligent Filtering

Compliant

Searchable

Repository

Message

Servers

Live Capture

Data Life Cycle

system data flow3
System Data Flow

Deduplication

Intelligent Filtering

Compliant

Searchable

Repository

Message

Servers

Live Capture

Delete

Data Life Cycle

system data flow4
System Data Flow

Deduplication

Intelligent Filtering

Compliant

Searchable

Repository

Message

Servers

Live Capture

Delete

3rd-Parties:

KVS, Ziplip,

MessageGate

Data Life Cycle

system data flow5
System Data Flow

NAS, SAN,

other servers

Deduplication

Intelligent Filtering

Compliant

Searchable

Repository

Message

Servers

Live Capture

Delete

3rd-Parties:

KVS, Ziplip,

MessageGate

Data Life Cycle

system data flow6
System Data Flow

WORM

Option

Fully

Tailorable

ASP or

In-House

Multi-Pass

Wipe Delete

NAS, SAN,

other servers

Deduplication

Intelligent Filtering

Compliant

Searchable

Repository

Message

Servers

Live Capture

Delete

3rd-Parties:

KVS, Ziplip,

MessageGate

Data Life Cycle

system data flow7
System Data Flow

WORM

Option

Fully

Tailorable

ASP or

In-House

Multi-Pass

Wipe Delete

NAS, SAN,

other servers

Deduplication

Intelligent Filtering

Compliant

Searchable

Repository

Message

Servers

Live Capture

Delete

3rd-Parties:

KVS, Ziplip,

MessageGate

Data Life Cycle

Cull

Search

Produce

Audit/

Report

Administer

slide44

Live Capture – LITIGATION HOLD

WORM

Option

Fully

Tailorable

ASP or

In-House

Multi-Pass

Wipe Delete

NAS, SAN,

other servers

Deduplication

Intelligent Filtering

Compliant

Searchable

Repository

Message

Servers

Live Capture

Delete

3rd-Parties:

KVS, Ziplip,

MessageGate

Data Life Cycle

Cull

Search

Produce

Audit/

Report

Administer

agenda6
Agenda:
  • What is Email Archive/Audit?
  • The Current Environment
  • Data Retention Implementation
  • The Ideal Compliant Email Archive
  • Proactive Approach - Live Capture
  • System Data Flow
  • Adaptable Compliance
intelligent filtering compliance and more
Intelligent Filtering – Compliance and More

IF

Condition

THEN

Captured

Emails,

Files, etc.

Action

Any file stored

in the Repository

Multiple

File Types

Emails

Office Documents

Financial Reports

Etc.

Any Search

Result

File “Age”

Content

Boolean

Concept

Etc.

Actions

Send an Email

Place into Folder

Adjust Permission

Level

Change Attribute

Delete

Etc.

slide47
Thank You For Your Time

E. Casey Roche – Discovery Mining Inc.

415-561-6780 X116

www.discoverymining.com

Suzanne Riddell – DataForeSight Inc.

sriddell@dataforesight.com

303-278-2150

return on investment considerations
Return On Investment Considerations

Elements:

  • Value of risk mitigation
    • Avoid detrimental affect of failure to comply on company’s market capitalization
    • Avoid potential penalties
      • Missed deadlines, failure to produce
  • Cost of live capture versus simple tape back-up
    • Tape restoration is extremely expensive
    • Having live capture in place can save 50% to 80% in the event of litigation
      • 20% of all US companies are litigated against every year
  • Quantifiable Side Benefits
    • Having a secure off-site archive
    • Providing searchable email archive
    • Avoiding the cost of data collection/harvesting
      • Time and money
backups vs archives
Backups vs. Archives
  • “But we have a backup!” …sorry, not enough.
  • Failings:
  • No security
  • No authenticity
  • No search capability
  • No easy restore
  • No audit
  • …backups are a legal time bomb

“The defendants did not show any policy that defined what e-mail should be reduced to hard copy because of its importance.”

Murphy Oil USA v. Fluor Daniel