Electronic Discovery

1
Electronic Discovery

• Frank Krahn, CISSP
• Mayo Clinic Information Security Office

2
Frank KrahnInformation Security Specialist

• 26 years experience in Security at Mayo Clinic
• Mayo Clinic Information Security Office,
  Information Security Specialist
• Certified Information Systems Security
  Professional (CISSP)
• Certified Computer Crime Investigator (Advanced)
• Certified Computer Forensics Technician
  (Advanced)
• Certified in Electronic Discovery
• InfraGard-Minnesota Chapter, former Vice
  President and Board of Directors member
• High Tech Criminal Investigators Association
• Served on Editorial Review Board for The Journal
  of Computer Crime Investigation and Forensics

3
OVERVIEW

• Discovery A process whereby a party has the
  opportunity to obtain information an
  documentation that may be relevant from other
  parties
• Written requests (Interrogatories, RFPs, etc.)
• Subpoenas
• Deposition testimony

4
OVERVIEW(cont.)

• Discoverable information includes
• All facts known by a party
• Expert opinions offered by a party
• Documentation
• Paper and other hard versions
• Electronic versions including underlying data

5
Electronic Discovery

• Definition A party must produce any electronic
  data in its possession that may be relevant to
  the lawsuit.
• Lawsuits that this a concern
• Complex litigation (Patent infringement
  commercial litigation)
• Government investigations
• Employment litigation

6
New Federal Rules

• E-discovery amendments to FRCP took effect
  December 1, 2006
• Sweeping changes Formalized process that was
  previously in the hands of individual judges.
• Provides direction on the preservation
  subsequent disclosure of ESI

7
Legals Obligations

• Know the Clients Information Management System
• Formalize Practices
• Anticipate litigation/investigations
• Identify Potentially Relevant Scope of
  Information
• Identify Key Players

8
Legals Obligations(cont.)

• Issue Litigation Hold Notice
• Meet with Key Players
• Segregate and Preserve Potentially Relevant
  Information
• Monitor Preservation Practices

9
Legal Needs IT

• Most of Legals E-Discovery Obligations cannot
  not be met without significant help from IT.
• IT must be made part of the team from the start.
• Together Legal and IT develop and implement an
  E-Discovery Plan.
• Information Technologist Testifies.

10
E-Discovery Plan

• Identify purpose
• Outlines the initial meeting with IT
• Specifies IT roles and responsibilities
  (including testimony)
• List questions to be asked at key player
  meetings
• Address backup tapes, archives employee
  terminations

11
IT Responsibilities

• Gathering, searching, culling and producing large
  volumes of relevant information for legal review
• Data is accessed but not analyzed
• Includes active and archival data
• Generally excludes discarded, hidden or deleted
  data
• Comes from variety of sources
• E-mail systems
• Network shares
• Desktops
• Back-ups

12
IT Responsibilities (cont)

• Make true byte or sector by sector copies of
  local hard drives using write protection
  technology
• Document by who, how and when server data was
  collected
• Limit access to data on using the need to know
  principle

13
Metadata

• Data about data
• Provides insight into what was really done
• Bcc
• Creator
• Last modified
• This is one of the most difficult to maintain the
  integrity of the data

14
Backup Tapes

• What is your official retention policy
• Document it
• Publish it

15
We Cant Get it Wrong!

• Spoliation
• Determination by court that a party wrongfully
  failed to preserve or destroyed potentially
  relevant evidence.
• Jury is instructed to infer that the evidence
  would have been harmful to the party that failed
  to preserve it.
• Burden of proof shifts to the Defendant.

16
Whats at Risk?

• The Case
• Exculpatory Evidence
• Money (Sanctions)
• Credibility

17
Pit Falls

• Lack of good documentation of procedures by IT
• Most of the time you will be working months if
  not years behind where you are at today.
• Lack of good direction by Legal staff
• Make yourself known to Legal before the sky falls
• Failure on your part to ask questions not only of
  Legal but also of IT

18
Some Resources

• http//www.thesedonaconference.org/
• http//www.krollontrack.com/legalresources/sample.
  aspx
• http//www.law.com/jsp/legaltechnology/edd.jsp

19
Questions
20
Contact Information

• Frank Krahn
• Mayo Clinic Information Security Office
• 507-266-0146
• E-mail krahn.frank_at_mayo.edu