1 / 37

Electronic Discovery & Compliance: Meeting the Challenges - “Avoiding a Trial by Fire….”

Electronic Discovery & Compliance: Meeting the Challenges - “Avoiding a Trial by Fire….”. Timothy Wells Information Governance Specialist EMC Corporation wells_tim@emc.com. Agenda. Who Are We and How Did We Get Here? A Brief Background of e-Data, Compliance, the FRCP and eDiscovery

garson
Download Presentation

Electronic Discovery & Compliance: Meeting the Challenges - “Avoiding a Trial by Fire….”

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Electronic Discovery & Compliance:Meeting the Challenges -“Avoiding a Trial by Fire….” Timothy Wells Information Governance Specialist EMC Corporation wells_tim@emc.com

  2. Agenda • Who Are We and How Did We Get Here? • A Brief Background of e-Data, Compliance, the FRCP and eDiscovery • What's Next and Why Should I Care? • 2010 Drivers and Landscape • Costs and Risks of e-Information • What's An Enterprise To Do? • Information Management (Email, Archives, Records, etc.) • eDiscovery Process and Infrastructure • How Can We Justify Our Spend? • The Road To ROI • What's Our Next Step? • Conclusions and Next Steps • How About Some Free Advice? • Q&A

  3. EMC eDiscovery & Compliance Team • An Expert, Diverse Team of 90+ Professionals • Industry-leader Kazeon & SourceOne Family • Focused on eDiscovery • Industry best, dedicated sales team • Dedicated Legal / SME Team • Product management and support • Leading-Edge Activities • The Sedona Conference • Electronic Discovery Reference Model (EDRM) • ARMA • Webcasts, Podcasts, Articles, Speaking engagements CT TX CA NY CO GA MA

  4. Digital Information Created, Captured, Replicated Worldwide Exabytes 2501 exabytes 5-fold Growth in 4 Years! DVD RFID Digital TV MP3 players Digital cameras Camera phones, VoIP Medical imaging, Laptops, Data center applications, Games Satellite images, GPS, ATMs, Scanners Sensors, Digital radio, DLP theaters, Telematics Peer-to-peer, Email, Instant messaging, Videoconferencing, CAD/CAM, Toys, Industrial machines, Security systems, Appliances 1,713 exabytes 487 exabytes 487 exabytes Source: IDC Digital Universe White Paper, Sponsored by EMC, May 2009

  5. Perfect Storm Drives the Need for Efficiency Information explosion 70% of information is created by individuals but enterprises are responsible for the security, privacy, reliability, and compliance of 85% Your “digital shadow” is larger than the digital information you actively create about yourself More lawsuits and regulation Widespread belief that deregulation was a failure Food and drug safety Climate change, and environmental concerns and sustainability efforts Financial meltdown Workplace/unions No New Budget Do more with less Enterprise Information Management – How do you get started?

  6. Years After FRCP Amendments… Errors Generate Sanctions and Headlines Scenario 1: Lawyers for a company produced a small batch of relevant e-mails about 10 hours before trial. U.S. District Court Judge Marilyn Hall Patel declares “Heads will have to roll.” According to reports, the punished company had reviewed terabytes of information for this case. Scenario 2: Company hit with an $8.5 million penalty for mistakes with its own discovery of e-mail relevant to a patent lawsuit. As federal courts emphasize the responsibility of parties to conduct thorough discovery searches, more such mishaps are likely. State of Readiness: Unprepared • 57% of law firms: Clients are not ready to find and produce information relevant to litigation • 39% of In-house: Company is not prepared for e-discovery “Companies Not Ready For E-Discovery”, http://www.informationweek.com/blog/main/archives/2008/09/ companies_not_r.html, posted 9/23/08 (Andrew Conry-Murray, Information Week). Survey from Oce Business Services.

  7. Pension Committee CaseGuidance from the Bench Pension Committee provides guidance related to litigation holds, preservation and search methods, and appropriate behavior by organizations charged with delivering relevant data as part of a civil litigation matter. Some insight from Judge Scheindlin: • Courts cannot expect perfection. They do expect that litigants and counsel take necessary steps to ensure that relevant records are preserved when litigation is reasonably anticipated. One requirement noted by the judge is written hold notifications be issued to and acknowledged by all potential custodians. • Failure to preserve evidence, electronic or paper, resulting in the loss or destruction of relevant information is "surely negligent" and depending on the circumstances, may be "grossly negligent" or "willful." • Preservation of backup tapes can be required if they are the sole source of relevant information related to the matter.

  8. Audit Litigation Investigation Public Disclosure State and federal regulators, IRS, OSHA, SEC, NASD, FINRA, HIPAA, Data Privacy & Protection Internal and external audits of books and records, Defense Contractor Audit, Govt Contract Audits,etc. Federal, State and Local - Freedom of Information Act, Open/Public Records Acts Current and reasonably anticipated state and federal litigation What is eDiscovery? Electronic discovery (eDiscovery) is the process in which electronically stored information (“ESI”) is searched, collected, preserved, analyzed, and reviewed for legal and regulatory proceedings. 8

  9. Agenda • Who Are You and How Did We Get Here? • A Brief History • What's Next and Why Should I Care? • 2010 Drivers and Landscape • Costs and Risks of e-Information • What's An Enterprise To Do? • Recommendations and Initiatives • eDiscovery Process and Infrastructure • How Do We Justify That? • The Road To ROI • What's Our Next Step? • Conclusions and Next Steps • How About Some Free Advice? • Q&A

  10. 2009 OutlookHint: It hasn’t changed much for 2010…. Forrester: “As one outcome of the current macro-economic environment… expect more litigation and regulation in 2009.” • Regulatory investigations • Fallout from the financial crisis = enhanced regulation • Employee Litigation • Layoffs generate lawsuits and investigations • Shareholder derivative actions • Reporting, drop in stock, financial crisis • Aggressive IP Practices • Seeking additional revenue sources • CFO Oversight • Weaker economy results in pressure on expenses - including legal "A tidal wave of wrongful termination lawsuits is expected in the coming months..." Los Angeles Times Sources: Forrester: “Trends 2009: eDiscovery”, Brian Hill, 1/15/2009 “As companies increase layoffs, lawsuits are likely to follow”, Carol Williams, Los Angeles Times, 12/28/08

  11. The Costs of eDiscovery $1.5M Average Cost Per Incident 89% Of Companies Face Litigation 10x Increased Costs To Outsource $34M Average Annual Legal Costs $18M+ Cost to Review 1 TB of Info

  12. E-mail Is Most Requested Content in Legal Proceedings and Regulatory Investigations…But Not the Only Electronic Information requested E-mail and attachments 80% General office productivity 60% E-mail residing on: Database records 49% Invoices and other customer records 41% Financial statements 36% Phone call recordings and other 29% Digital images 25% Laptops Desktops Instant messages 21% File servers Video files 16% E-mail servers Other 5% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% Source: ESG Research Report: 2007 E-mail Archiving Survey, November 2007; based on 107 respondents To the best of your knowledge, which of the following record types has your organization been asked to produce in a legal proceeding or regulatory inquiry?

  13. Web 2.0 On the Horizon • Blogs: 48% for industry, 33% in government • Wikis: 44% industry; 38% in government. • Facebook: 44% industry; 28% government • YouTube: 26% of government responders; 25% of industry • Virtual World / Second Life (typically used for recruitment or web conferences): 13% of industry responders and 10% of government responders. IDC, Survey Shows Glimmers of Hope for Government Web 2.0, Adelaide O'Brien, August 26, 2009

  14. Agenda • Who Are You and How Did We Get Here? • A Brief History • What's Next and Why Should I Care? • 2009 Drivers and Landscape • Costs and Risks of e-Information • What's An Enterprise To Do? • Recommendations and Initiatives • eDiscovery Process and Infrastructure • How Do We Justify That? • The Road To ROI • What's Our Next Step? • Conclusions and Next Steps • How About Some Free Advice? • Q&A

  15. Establish Boundaries Around Information Management…Use the appropriate process for cost & risk management Enterprise Content Subject to Compliance Control Unstructured Content Unmanaged Unstructured Content Managed Unstructured Content Email Systems Content Management Network File Shares Collaboration Common Services Desktops & Laptops Custom Classify/Archive eDiscovery Structured Content Policy Enforcement Page-Oriented Data LegacySystems Disposition Database Content Physical Records Line-oriented Data Email Archive Structured Content Manage In-place Fixed Content

  16. Electronic Discovery Reference Model (EDRM) “IT organizations that have an electronic information inventory, active policy management and archiving solutions, and a repeatable process in place for e-discovery will spend up to 50% less on e-discovery … than those that do not.” ~ Gartner Information Management Retain or delete based on value eDiscovery Process Bring eDiscovery in-house Processing Preservation Information Management Identification Review Production Presentation Collection Analysis

  17. Segment Data by Business Value Compliance Archive • Official business record • Long-term retention Compliance or Native Archive • Referential • Modest retention • Required for discovery Native Archive • Non-record • Compliance-driven • Enforced deletion

  18. Enterprise Email Server(s) Local Email stores (pst, etc.) Relational databases CRM Accounting / Financial Data Fileshares Content Management Instant Messaging Video and voice captures Backup / DR tapes Wikis & Blogs Legacy data User desktops CDs, DVDs PDAs / Wireless phones Flash drives Home offices Legacy / stray tapes Decommissioned servers Computer graveyard Stray drives Archives Potential ESI

  19. Common Questions for IT Infrastructure What content do I have on my storage? Microsoft SharePoint, file shares, laptops? Is it appropriate? Is it where it should be? What kind of resources is unmanaged content consuming? What does it cost me? Is it on the right tier? Should I archive it? What business records are out there that I don’t know about? What kind of risk are we carrying? What if there is confidential or private content or content subject to regulation out there? How can I clean up my storage? Can I safely delete content that doesn’t have business value? What information do I need to archive and retain?

  20. Classification Action Attributes Non Record Delete Lunch, Gym, emails, MP3s, etc Referential Record Short Retention Mkt. PowerPoint, Meeting Notices, etc. Move to RM System Contracts, Invoices, PII, etc File Remediation / Classification Record Infrastructure

  21. Intelligent Information Governance with EMC EMC Celerra,Data Domain, Centera Laptops and desktops File systems E-mail servers Documentum Documentum Microsoft SharePoint Microsoft SharePoint Third-party archives The cloud EMC SourceOne File Intelligence Enables educated decision-making and policy creation Copy/move to archive storage Copy/move to enable records Identify content to migrate to Copy/move to cloud storage

  22. SourceOne File Intelligence: How It Works Catalog Analyze Act Classify Search Report • Crawl data sources • Build index • Metadata basic • Metadata with document type • Metadata with hash • Deep crawl full text • Deep crawl with classification • Classify files based on metadata, keyword content, and pattern matching • Age, owner, location, file type, etc. • Business value, security risk, intellectual property, PII, PCI • Analyze data with search and report tools • Semantic search with Boolean, proximity, stemming, phrase support • More than 30 pre-built reports out of the box • Custom reports as needed • Robust action set • Move, copy, delete, retain, export, tag • Policy-based actions • One-time • Scheduled • Recurring

  23. Rich Data Classification Classify files by attributes High business value Files created or modified in the last 30 days Files owned by company executives Medium business value Files not accessed in the last 90 days and not modified in the last 180 days .PST files Low business value Files not accessed in the last 180 days MP3/MP4, JPEG, MOV files Classify selected files based on file content and metadata Files with “Confidential” content e.g., source code files, patents, product manuals, contracts, etc. Files containing non-public information e.g., Social Security numbers, credit card numbers etc. Classify files based on IT or business input Administrator tags Line-of-business tags User tags

  24. File Visibility and Remediation Reduce risk, lower costs, and improve efficiency Gain insight into unmanaged file content through granular file-level visibility and reporting Identify opportunities to optimize storage environments where static data is consuming valuable IT resources Locate and safely delete content to reduce risk, reduce data volume, and improve operational performance Reduce risk by migrating content to a secure archive or repository for ongoing policy management Migrate content to virtualized, deduplicated, and cloud platforms to improve performance and reduce costs

  25. Litigation Hold / Collection Spectrum Tape Custodian–Driven Holds & Collection Enterprise / Automation • Custodians do hold/collection of own items • Cheap, simple • Shifts burden of work • Risk of “Faux eDiscovery” • Can be difficult to do correctly(e.g. Cache La Poudre) • Loss of metadata • System-based collection of main repositories • Fast, efficient • Great ECA • Justify initial investment Last resort Moderate risk / low ESI Complexity Best practice Forensics • Pull daily / weekly monthly tapes • Deceptively easy and simple (it’s not!) • Cons: (Not enough room) • Take images of all targeted devices • Very complete • Expensive • Significant over-collection • Scalability • Good tool to have – not in all cases Focused Use As Needed

  26. @ EMC eDiscovery - Data Flow Desktops Fileshares Exchange Server EMC Documentum Microsoft SharePoint Step 1 Step 2 Step 3 Step 4 Step 5 Knowledge workers create electronically stored information (ESI) on data sources as usual; this solution requires no changes to data creation processes and no agents to be deployed on data sources The solution indexes (harvests) the ESI on the data sources to gather intelligence about the stored data Investigative users search the indexes to determine what ESI is relevant Relevant ESI is secured and placed on legal hold on immutable storage Investigator culls through held data and generates production sets for use in legal review by outside counsel or hosted review vendor

  27. EMC SourceOne eDiscovery Kazeon Case Management • Legal Hold reporting dashboard • Legal Hold workflow management • Segregate data and cases by role • Built-in and custom reports • Agent-based & agent-less collection • Full and incremental collections • Laptop / Desktop Collection • Single-step targeted collection • Multiple target repositories Preservation and Collection Analysis and Review • Distributed and collaborative review • Email analytics and threading • Concept search and analysis • Interactive tagging and review • Highly scalable for multiple case support

  28. Enterprise Information Governance Solution File Shares Avamar Backups Snapshots Document Repositories SharePoint Documentum PST PST PST PST S1 Supervisor Regulatory ComplianceReview Sampled Messages MS Exchange 2003 / 2007 / 2010 Lotus Notes / Domino Messaging Servers S1 eDiscovery – Kazeon Includes Connectors for: File Shares Home Drives (laptops & desktops) Exchange & Notes / PSTs & NSFs Documentum SharePoint S1 Email Archive SourceOne Archive Other Content Repositories Currently two step collection and unified matter management for: FileNet, Content Manager, GroupWise and other sources Email & IM MS SharePoint File Archiving In-place Legal Hold Target Legal Hold Collect Legal Store Preservation Server Desktops, Remote Offices, and Laptops Legal Hold / Legal Store or Preservation Store – Celerra, Centera, Data Domain & others

  29. Agenda • Who Are You and How Did We Get Here? • A Brief History • What's Next and Why Should I Care? • 2009 Drivers and Landscape • Costs and Risks of e-Information • What's An Enterprise To Do? • Recommendations and Initiatives • eDiscovery Process and Infrastructure • How Do We Justify Purchases in 2010? • The Road To ROI • What's Our Next Step? • Conclusions and Next Steps • How About Some Free Advice? • Q&A

  30. Challenges In 2010 IT Budgets are flat or declining *, but eDiscovery is not discretionary and the money is already being spent • IT • FTEs spending time on restores of historic data based on vague requests by Legal • No ability to delete because of a lack of insight into data, and unrealistic policies from Legal • Legal • Massive over-collection (“screw drivers and wheel barrels”), leads to huge legal review and processing costs by outsourcers (1 gig = 50,000 files for review) • Risk of sanctions for deleting the wrong thing leads to over-preservation (“save everything”) • *“Global purchases of IT goods and services … will equal $1.66 trillion in 2009, declining by 3% after an 8% rise in 2008.” Global IT Market Outlook: 2009, Forrester Research, 1/12/2009

  31. “Between 10% and 90% of what [clients] have does not need to be retained for any reason.” Budget roughly $500,000 on IT support for cases involving 10 or more custodians and/or more than three different systems One terabyte of data can result in $18.75M in legal review costs Unprepared companies will spend 1/3 more on e-discovery than those with content archiv-ing solutions. ROI Factors eDiscovery and RIM ROI “Organizations unprepared for e-discovery in 2009 will be at a disadvantage … open to potential sanctions from an increasingly technically literate U.S. judiciary. As defendants, organizations need to respond quickly and effectively ... As plaintiffs, organizations must have their ESI house in order and be prepared for reciprocal discovery requests…” Gartner, “Reduce the Cost and Risk of E-Discovery in 2009”, D.Logan & J. Bace, 1/9/09

  32. The Cost of eDiscovery Notice Percentage of discovery costs when proceedings or investigations involve the discovery of ESI:* Collection • Costs associated with document collection from inaccessible locations 28% Hold • Cost of holding massive volumes • Unanticipated legal risk • Spoliation risk 20% Inspect/Review • Cost directly related to number of documents to review 35% Produce • Cost of delivering ESI to various recipients on various media (e.g., CD, DVD, or paper) 17% * Source: Enterprise Strategy Group, 2007

  33. Straightforward ROI “T]he payback period for an e-discovery investment is very short, on the order of three to six months after implementation takes place.”[1] [1] “MarketScope for E-Discovery Software Product Vendors”, Gartner, Inc., 12/17/08.

  34. Agenda • Who Are You and How Did We Get Here? • A Brief History • What's Next and Why Should I Care? • 2009 Drivers and Landscape • Costs and Risks of e-Information • What's An Enterprise To Do? • Recommendations and Initiatives • eDiscovery Process and Infrastructure • How Do We Justify That? • The Road To ROI • What's Our Next Step? • Conclusions and Next Steps • How About Some Free Advice? • Q&A

  35. Next Steps • Get Cross-Functional • IT Meet Legal; Legal Meet IT • Assemble Your Case • Collect data, anecdotes, research • Top-Down • Focus initial work on high impact areas • Let EMC Help • We know your information • Our team can facilitate next steps • Knowledge Is Power • EMC eDiscovery and Compliance (www.emc.com/ediscovery) • Bringing eDiscovery In-House (For Dummies): (www.emc.com/ediscovery4dummies) • The Sedona Conference (www.SedonaConference.net) • EDRM (www.edrm.net)

  36. Agenda • Who Are You and How Did We Get Here? • A Brief History • What's Next and Why Should I Care? • 2009 Drivers and Landscape • Costs and Risks of e-Information • What's An Enterprise To Do? • Recommendations and Initiatives • eDiscovery Process and Infrastructure • How Do We Justify That? • The Road To ROI • What's Our Next Step? • Conclusions and Next Steps • How About Some Free Advice? • Q&A

More Related