Monday, October 31, 2011

ESI Data Processing: Why Should Attorneys Care?




http://ow.ly/7eUfG

An article by Daryl Shetterly posted on the LeClair Ryan website the eDiscovery Myth.

This article discusses data processing and states that attorneys should undertand the how it effects the legal profession.

The author states, "regardless of which data processing tool you choose to use, there are a few concepts you should understand prior to giving your vendor or outside law firm the go-ahead to begin processing your data."


The article addresses several topics that pertain to data processing, such as: hidden text and content; embedded objects;  exception reports; de-duplication; z-print; and the parent-child relationship of emails and attached documents.

The author further states, "...data processing is a legal issue and not solely a technical one. As an attorney, if you blindly delegate these data processing decisions to your technical staff or vendor you may later wish you had done your homework first."

New York State Bar Association Releases Practitioner’s Guide to E-Discovery



http://ow.ly/7eDTV

A blog post by the Global EDD Group on the webpage www.legaltechtoday.com.

The article provides information regarding a best practices guideline issued by the New York State Bar Association for eDiscovery in New York State and Federal courts.

The blog post provides a link to download the best practices guideline free of charge.  This is certainly a useful resource to anyone that is interested in the topic of eDiscovery.

Disruptive Tech Changes IT's Database Choices



http://ow.ly/7eufY

This is an article by Doug Henschen posted on informationweek.com.

This article discusses changes in database technology due to developments within I.T., and the ever-increasing volume of data that must be accounted for.

The author states, "Database vendors shouldn't rest because their customers are under constant pressure.IT organizations are being pressed to do more with less, so they want incumbent databases to require less keep-the-lights-on administration. Beyond these basics, IT groups are also facing new challenges, such as the need to cope with huge data growth and new types of data flowing from digital marketing initiatives, social and mobile interactions, sensors, Web log files, and more."

This article provides a recent history of database service providers, and discusses some of the changes that have taken place in the marketplace in recent years.

E-Discovery Technical Standard at Crossroads


http://ow.ly/7e5t8

An article by Evan Koblentz on law.com on the LTN webpage.

This article discusses the Electronic Discovery Reference Model (EDRM) and that organizations work at creating standards for eDiscovery load file formats.

The author writes, "Three years and six months later, vendor adoption of the specification, now in version 1.2, is notable on a surface level but less so in real-world use. There are 24 companies listed on the project website as having at least one compliant product, but none actively call for their customers to use EDRM-XML as the primary method of moving data. Most remain content using Concordance and Summation load files. Another 14 companies are listed as participants, although officials acknowledge that participating has the minimum requirement of simply being on a conference call."

The article quotes eDiscovery expert George Socha, co-founder of the EDRM, ""It has not been as widely used as we would like to see. But I think that's not really that different from what we were anticipating would be the case," EDRM co-founder and legal technology expert George Socha said, citing industry indifference as the standard's biggest obstacle. "One barrier to adoption is inertia," he said, from St. Paul, Minn."

The article further mentions EDRM's continued discussions regarding developing version 2.0 of Legal XML.  The article states, "The committee may also consider working with OASIS -- Organization for the Advancement of Structured Information Standards -- which is a prominent technology standards-sanctioning organization formed in 1993. OASIS has an existing law and government section, with subcommittees for court filing, electronic voting, and government transactions."

Sunday, October 30, 2011

Manage ESI Dangers With Targeted Collections



http://ow.ly/7dmt6

An article by Dave Walton posted on The Legal Intelligencer website.

The article discusses targeted collections, and states that they will be the answer to keeping eDiscovery costs in check.

The author states, "The future is targeted collections. Preservation is cheap; collection and review is incredibly expensive. Smart clients and lawyers will learn how to use targeted collections as the key to bringing sanity back to their litigation practices."

The article further states, "Moreover, the average gigabyte of data contains about 75,000 pages. Assuming the average review time for an attorney is 200 pages per hour, the review of one GB (i.e., 75,000 pages) can take over 300 hours. Assuming an associate bills at $250 per hour, this means it costs over $78,000 to review one GB of information. This is virtually untenable for clients."

The author additionally states, "...the court "must" limit the frequency or extent of discovery if it determines one of three things:

• The discovery source is unreasonably cumulative or duplicative, or can be obtained from some more convenient, less burdensome or less expensive source.

• The party seeking discovery has already had ample opportunity to obtain the information by conducting other types of discovery.

• The expense of the proposed discovery outweighs its likely benefit."

The author writes that targeted collections help reduce the expense and burden associated with eDiscovery and attorney review during the discovery phase of litigation. The article provides some tactical insight on how, when and why to use targeted collections.

The article further states, "E-discovery is not going to end the world as we know it. The key is going to be the ability to get those cases to trial without going bankrupt due to ESI costs."

Social Malice: One In 60 Facebook Posts Are Malicious



http://ow.ly/7dkYF

An article by Kelly Jackson Higgins, Dark Reading, appearing also on the informationweek.com website.

This article discusses the nature of social media networks, and the fact that many posts are malicious and possibly contain forms of computer virus, or are attempts to hack user's accounts.

The article states, "Here's what social networking looks like on the dark side: one in 100 tweets today are malicious, and one in 60 Facebook posts are as well.

Facebook users are the least confident in social network security, with 40% confessing they feel unsafe on Facebook, while 28% feel that way about Twitter, and 14% on LinkedIn."

The article further states, "According to new Barracuda survey data of social media users, LinkedIn is the least-blocked social network by enterprises, with only 20% of organizations preventing their employees from using LinkedIn from work. That's in contrast to Twitter (25%); Google+ (24%); and Facebook (31%)."
 
In addition, the another interesting note on the article is, "...most users say the important factors to consider when joining a social network are security (92%), that their friends use it (91%), privacy (90%), and ease of use (87%). More than 90% have received spam over a social network, and more than half have experienced phishing attacks. More than 20% have received malware, 16.6% have had their account used for spamming, and about 13% have had their account hijacked or their password stolen. More than half are unhappy with Facebook's privacy controls.

Meanwhile, Barracuda counted 43% of Twitter accounts as "true users" with real followers and regular tweets, and 57% as "not true users"--either spam bots or inactive accounts"


Saturday, October 29, 2011

eDiscovery Compliance Just Got Harder – Are You Ready?



http://ow.ly/7d10k

An article posted on the B&L Blog on bandl.typepad.com (No author credit listed).

The article states that the results of a recent survey taken by Symantec (a link to the survey is provided in the article) eDiscovery will now be more complicated than it was in the past, since email is now longer the most common form of electronically stored information produced during eDiscovery.  The article states, "For a while now, companies have viewed eDiscovery as primarily an e-mail management game. Now, as the Symantec survey indicates, it’s not quite that simple anymore. Today’s eDiscovery challenge, as these results highlight: how to produce requested information from across a broader range of disparate data sources—but to do so just as quickly as ever to avoid sanctions, fines and compromising your legal position and driving up costs by providing too much information."

The article provides the following advice for dealing with eDiscovery:

  • Implement an active, consistently enforced retention policy that covers all potential data sources, not just e-mail. The policy needs to specify not just what to keep and for how long, but how to systematically destroy data at the appropriate time.
  • Cast a wider ESI (electronically stored information) net. Determine how you will capture, manage, store, backup and archive data from each and every potentially discoverable source.
  • Deploy the right eDiscovery tools to defensibly collect and process data for review from these disparate sources.

The blog post states, "Having the right eDiscovery strategy and tools can help you locate the right data (and only the right data) in a matter of minutes, rather than in days, weeks or not at all."

Leveraging In-house eDiscovery Technology for Protecting Data Privacy, Enabling IP Protection, and Controlling Sensitive Data

 http://ow.ly/7cLDG

This is a white paper, published by StoredIQ in conjunction with Contoural.

As the white paper states, "This paper provides an overview of the problems and risks associated with increasing amounts of data and the inability to quickly and efficiently identify sensitive data for business and legal reasons and the impact of data privacy requirements. It also provides an overview of challenges associated with Intellectual Property and how an organization can utilize eDiscovery solutions to address these growing data management risks, including how the same framework and tools that are used for eDiscovery processes can be leveraged for protecting data privacy,enabling IP protection, and controlling sensitive data across an enterprise."


The paper further states, "One of the primary challenges for any business is understanding what data resides where. If data is stored in non-compliant, unknown, or unsecured storage areas, the risk of not being able to find data or worse, a data leak, is drastically increased."

This paper outlines how StoredIQ's technology can be utilized in a corporate infrastructure, and how it can effectively save costs, while at the same time reduce liability risk. 

P.S. SRM Legal is a StoredIQ partner, and should you have any questions regarding the various functions that Stored IQ provides to assist corporations and law firms, please contact SRM Legal to discuss this issue further.


When a Party Requests Native Files….



http://ow.ly/7cLgx

A blog post by Joshua Gilliland, Esq. on his blog Bow Tie Law Blog.

This article discusses the request to produce native files during the discovery phase of litigation.

The blog post discusses the following case, "A Defendant/Producing Party resisted production of email in native file after making general objections to the production format. Linnebur v. United Tel. Ass’n, 2011 U.S. Dist. LEXIS 124473, 20-21 (D. Kan. Oct. 27, 2011)."

The article references that the the court opinion mentioned, "A party resisting a production in native format in an opposition to a motion to compel has the burden to show the “information is not reasonably accessible because of undue burden or cost.”"

The article goes on to state, "The giant problem with that viewpoint is a producing party must demonstrate under Federal Rule of Civil Procedure Rule 26(b)(2)(B) why the ESI is not reasonably accessible because of undue burden or cost. A lawyer simply proclaiming the collection or production of native files is “unduly burdensome” does not comply with Federal Rule of Civil Procedure Rule 26(b)(2)(B)."

The author goes on further to describe an example of how to show undue burden, "Judge’s Facciola’s opinion United States ex rel. McBride v. Halliburton Co., 2011 U.S. Dist. LEXIS 6412, 1-2 (D.D.C. Jan. 24, 2011) illustrates the above very effectively, especially his description of the testimony outlining the collecting methodology: “In excruciating, but highly educational and useful, detail.” That statement should set the framework for showing undue burden."  Links to the referenced case law opinions are provided in the article.

NIST: Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organization



http://ow.ly/7cKYl

This is a publication issued by the National Institute of Standards and Technology (NIST), and lists the following authors: Kelley Dempsey; Nirali Shah Chawla; Arnold Johnson; Ronald Johnston; Alicia Clay Jones; Angela Orebaugh; Matthew Scholl; and Kevin Stine.

This publication provides standards regarding security of IT systems for Federal agencies.

The NIST document states, "

The Risk Management Framework (RMF) developed by NIST, describes a disciplined and
structured process that integrates information security and risk management activities into the
system development life cycle. Ongoing monitoring is a critical part of that risk management
process. In addition, an organization’s overall security architecture and accompanying security
program are monitored to ensure that organization-wide operations remain within an acceptable
level of risk, despite any changes that occur."

The points set fort that an ISCM management strategy should entail are said to be:
  • Is grounded in a clear understanding of organizational risk tolerance and helps officials set priorities and manage risk consistently throughout the organization; 
  • Includes metrics that provide meaningful indications of security status at all organizational tiers;
  • Ensures continued effectiveness of all security controls;
  • Verifies compliance with information security requirements derived from organizational missions/business functions, federal legislation, directives, regulations, policies, and standards/guidelines;
  • Is informed by all organizational IT assets and helps to maintain visibility into the security of the assets;
  • Ensures knowledge and control of changes to organizational systems and environments of operation; and
  • Maintains awareness of threats and vulnerabilities.
The document further states: "Organizations take the following steps to establish, implement, and maintain ISCM:

• Define an ISCM strategy;
• Establish an ISCM program;
• Implement an ISCM program;
• Analyze data and Report findings;
• Respond to findings; and
• Review and Update the ISCM strategy and program.

Responding to Data Loss in Healthcare



 http://ow.ly/7cKT7

An article appearing on the proofpoint.com website (No author credit listed)

This article discusses data breaches for healthcare providers.

The article states, "While strong privacy protection practices and data loss prevention software can reduce the risk of data breach, some cyber criminals are savvy enough to infiltrate even the most secure systems. Government Health IT recently published an article explaining some of the best practices for responding to a data breach."

In addition, the article further points out, "The website recommends focusing on a comprehensive incident response plan, especially one that follows HIPAA compliance statutes, as preparation is key in recovering from a data breach. Communication, especially through the multiple facets of a given healthcare organization, is pivotal in ensuring a secure and effective incident response procedure.

Healthcare providers have been among the hardest hit by data breach in recent years. According to the Identity Theft Resource Center, the healthcare sector has experienced 65 breaches, leading to more than 3.5 million compromised personal health records, since January 1."

The article further mentions that the AMA states that HIPAA violations can lead to fines ranging from $100 to $50,000 per incident, and possibly up to $1.5 million annually.

Friday, October 28, 2011

This man received a 3-year jail sentence for encouraging riots via Facebook

http://ow.ly/7czKK

An article by Sherilynn "Cheri" Macale posted on thenextweb.com website.

This article discusses a criminal sentence handed out in the UK for remarks posted on Facebook.

The article states, "...22 year old British man, Philip Scott Burgess, was jailed after a hearing at Manchester Crown Court. The three year sentence comes after Burgess pleaded guilty to three counts of publishing written material to stir up racial hatred while encouraging or assisting the commission of a riot." Burgess was involved in the UK riots, and had posted comments encouraging others to riot on Facebook.

The article states, "Police Chief of the Bolton West Neighborhood Policing Team, John Hepke, had this to say on the matter.

“I hope today’s sentence sends a powerful message to those who choose to follow Burgess’ example and use social networking sites irresponsibly and criminally that they will be dealt with harshly by the courts.”"

Just what is the total spend by legal departments, in the United States or globally?



http://ow.ly/7cewZ

An article by Rees Morrison, Esq. on his blog Law Department Management.

This article discusses projections about corporate legal spending, and is a follow up to an earlier post by the author.  The author states, "No sooner than I published about two impossible-to-reconcile figures on corporate legal spending, and the disappointing lack of support for either figure, I read another (See my post of Oct. 25, 3011 #2: $60 billion global and $200 billion U.S. litigation figures.). In Corp. Counsel, Oct. 2011 at 55, Mark Harris, the CEO of Axiom, starts his article with a reference to the “half-a-trillion dollar global legal services industry.”"

The that is attributed to Mark Harris apparently includes in-house legal costs, and also estimates that the U.S. represents 20% of the global legal expenses incurred annually.  It is also apparently stated in Mr. Harris' article that 80% of the corporate legal expenses are controlled by 200 General Counsel.

NHS patient data ends up on Facebook. But how serious is the latest data debacle?



http://ow.ly/7bYSg

An article by Paul Sawers appearing on thenextweb.com website.

This article deals with alleged privacy violations by the NHS, the UK's publicly funded healthcare system.

The article states, "Big Brother Watch, a UK-based civil liberties organization, placed a freedom of information request and it has reported that there were more than 800 confidentiality breaches in the past three years, across more than 150 NHS trusts. One such incident, at the Nottingham University Hospital NHS Trust, resulted in a member of staff being dismissed after posting a picture of a patient on Facebook.

The data request identified 23 incidents where NHS staff had posted confidential medical data on social networking sites, either mentioning a patient’s name, commenting on them or sharing details from their records.

Furthermore, there were more than 90 incidents where NHS staff had accessed or used private medical information of their colleagues, whilst there were more than 30 incidents where they looked up relatives on their internal databases. Their actions led to a total of 102 NHS staff being sacked."  Links to referenced materials are provided in the article, including a link to the full Big Brother Watch report.

Facebook acknowledges messaging vulnerability that allows sending of malicious files



http://ow.ly/7bXXW

An article by Matt Brian posted on thenextweb.com website.

This article discusses a security researchers article that states that Facebook's site can be exploited, and allow third-party users to send malicious messages to Facebook users.  A link to the referenced article is provided.

The article states, "The exploit, which focuses on how Facebook interprets file uploads within messages, was submitted to Facebook September 30 by penetration tester Nathan Power and was recognised by the company on Wednesday.

By default, Facebook blocks malicious file uploads, preventing users from attaching executable or batch files that would be able to infect a computer if downloaded and run. Facebook would typically issue the response: ”Error Uploading: You cannot attach files of that type.”

However, Power was able to analyse the responses that the Facebook website returned when his browser made a POST request to its webserver, finding a variable that would tell the system that a filename had been attached and determine whether it would be approved for sharing via the service.."

The article further states, "Yesterday, we reported that Facebook’s cyber-security system processes and checks 650,000 actions every second to keep its users safe from spam and cyber-attacks on the social network. The Facebook Immunity System (FIS), as it’s known, is said to highly efficient also, with just 1% of users reporting issues as spam."

The article provides an update from Facebook’s Security Manager Ryan McGeehan whom provides information as to additional security measures that Facebook has in place which would protect users from the type of exploit that was referenced in the article.



'Privacy 101' at ACC's Annual Meeting of In-House Counsel



http://ow.ly/7bQPX

An article by Catherine Dunn posted on law.com on the Corporate Counsel webpage.

This article discusses the recent Association of Corporate Counsel annual meeting, and provides a link regarding more information about the Association.

The article discusses a panel presentation provided at the meeting regarding privacy, entitled "Privacy 101".  The article states, "Among the topics they addressed were the U.S. approach to privacy at the federal and state levels, the challenges of complying with privacy laws in multiple jurisdictions, and changes to which in-house lawyers should be looking ahead."  According to the author the panel members consisted of the following, "The panel discussion was led by Kerry Childe, senior privacy and regulatory counsel at Texas Guaranteed Student Loan Corporation; Andrea Charters, associate general counsel at Rosetta Stone, Inc.; and Aaron Mendelsohn, program manager for data privacy compliance at Eaton Corporation."

The article states, "A defining characteristic of U.S. privacy law is its "sectoral" approach, Childe explained. In contrast to a comprehensive framework in places such as the European Union, there are a significant number of laws that apply only to particular industries, such as health care and financial services. And "not all of those laws apply to every business," she said."

In addition, it is clear from the article that there are differing privacy laws, and there are major variations from state to state when it comes to privacy rights.  The article does discuss how the FTC enforces companies that have their own stated standards, "...if companies have a defined privacy policy, the Federal Trade Commission, operating under Section 5 of the Federal Trade Commission Act, has been very active in enforcing compliance with the stated terms. That means, said Childe, that the FTC makes sure that companies are telling people what they will do with their information; that they don't do something with that information other than what they said; and that they don't misuse the information in any way."

SEC accuses FINRA of altering internal documents



http://ow.ly/7bQdi

An article on the Reuters website at reuters.com written by Sarah N. Lynch and Suzanne Barlyn

This article discusses an incident in which the SEC claims that FINRA altered documents prior to turning them over to the SEC.

The article states, "The U.S. Securities and Exchange Commission scolded the self-policing brokerage industry group FINRA on Thursday for allegedly doctoring internal documents before handing them over to examiners.

The SEC said a regional office of the Financial Industry Regulatory Authority in 2008 altered staff meeting documents just hours before handing them over to SEC inspection staff."

According to the article this is the 3rd incident in 8 years where the SEC has alleged that FINRA altered records.  The article states that fines against FINRA and suspension of personnel are likely.

According to the article, "The embarrassing incident comes as FINRA, which has been criticized for having opaque governance, is trying to convince the SEC and Congress to expand its oversight authority to include investment advisers."

Thursday, October 27, 2011

E-discovery and the law firm: Great expectations, poor accountability



http://ow.ly/7bpem

An article by Katey Wood posted on the website enterprisestrategygroup.com.

This article discusses the results of the recently reported ESG survey from 2011.  The author states, "How important is e-discovery in selecting a law firm?

In theory, it’s crucial. Of corporate counsel responding to ESG’s 2011 survey, 86% said managing eDiscovery was an important selection criteria for Outside Counsel to some degree – only 12% said it wasn’t. But in practice, this may be based more on trust than real accountability for efficiency or accuracy."

The article further states, "Most companies surveyed didn’t track eDiscovery spending at all. 60% of respondents didn’t track eDiscovery spending in 2010, compared to 100% of respondents who could report their outside counsel budget. Moreover, 67% of respondents didn’t track the accuracy or efficiency of document review – once again, the most expensive step of e-discovery."

Scary Stalker Husband In The Legal Clear To Track Wife's Car



http://ow.ly/7bhdZ

An article by Kashmir Hill published by Forbes and posted on the forbes.com website.

This article discusses privacy issues and provides two legal examples where tracking devices used on a vehicle driven by a spouse were found to be permissible by the legal system.

The article states, "A New Jersey judge ruled earlier this year that a wife who did this to out a cheating spouse did not break any laws, because the tracker only followed the car’s whereabouts on public roads where a driver should expect no privacy."  A link is provided to information about the incident referenced in the article.

In addition the article further states that a man tracked his wife with a GPS on the vehicle and also allegedly through spyware on her phone. The author writes, "He secretly put a tracker on her car; she also alleges that he out spyware on her phone and the family computer. He repeatedly freaked her out by revealing that he knew where she’d been. At one point, he showed up at a secluded lakeside cabin that she didn’t think that he knew about (and “attacked an acquaintance of hers,” according to court documents. Busted.)." The article states that in the Minnesota case the husband was co-owner of the car, so he was permitted to use the GPS tracking device, although he was found guilty of stalking for his other behavior.

The article also states, "While it seems that Big Husbands and Big Wives are in the clear to track cars, the constitutionality of Big Brother doing this without a warrant is still unresolved. Since judges around the country have come to different opinions on this, the Supreme Court will be weighing in..."

Data Loss Happens—It’s How You Recover that Matters



http://ow.ly/7behl

An article appearing on the B&L Blog at the bandl.typepad.com website (No author credit provided).

This article discusses data loss, and the need to deal with such issues by corporations that have experienced such loss.

The articles states, "More than half of the companies queried for the Cibecs 2011 Business Data Loss Survey have lost data already in 2011."  A link to the survey is provided in the article.

The article further states, "While storage can seem like a basic, mundane fact of IT life, in the end it’s largely your storage strategy that will determine whether and how quickly you can recover lost data. Not to mention how much it will cost to restore your data: The Cibecs study reports that the average cost of recovering from the loss or theft of a business laptop is $50,000. Sound steep? When you consider the indirect costs of data loss, like interrupted productivity and reputational damage, it starts to seem a little more realistic. The faster and easier your recovery, the bigger the bite you can take out of these costs as well.

DR planning and a well-thought-out storage strategy can help minimize the risks and consequences of unavoidable data loss."

Cell Phone Data and Expectations of Privacy


http://ow.ly/7aUkw

An article by Peter A. Crusco published in the New York Law Journal and appearing on law.com on the LTN webpage.

This article discusses issues that pertain to privacy rights, as they arise with respect to cell phone use.

The article discusses a number of topics, and provides commentary regarding the following issues:

EXPECTATION OF PRIVACY
THIRD-PARTY EXCEPTION
CASE LAW AND CONGRESS
DEBATE ON ACCESS STANDARD
NEW YORK STATE AND CSLI

The article provides a number of reference, and offers links to other materials about this topic.

With respect to case law standards, and expectations of privacy, the author writes, "More recently, there have been significant though conflicting judicial interpretations concerning government access to cellular telephone records (cell site location information or CSLI), which data has been essential in many criminal investigations."

The author further states, "In 2010, in United States v. Maynard,  the U.S. Court of Appeals for the D.C. Circuit, breaking from decisions of other circuits, found that the GPS surveillance conducted by police in Maynard for four weeks of defendant's vehicle required a search warrant. During the trial the GPS evidence established a pattern in the defendant's activity and revealed the defendant's movements making the drug trafficking allegations more credible. The court found that the prolonged use of GPS surveillance violated his reasonable expectation of privacy and constituted a Fourth Amendment search."

Read All Over: Two New Opinions Describe Need to Keep Email from the Wrong Hands



http://ow.ly/7aEO7

An article by James Podgers, appearing on the ABA Journal at the abajournal.com website.

This article discusses two recent formal ABA ethics opinions that pertain to email use by attorneys.

The article provides comments and insight in regard to, "Formal Opinions 11-459 (Duty to Protect the Confidentiality of Email Communications with One’s Client) (PDF) and 11-460 (Duty When Lawyer Receives Copies of a Third Party’s Email Communications with Counsel) (PDF) were issued Aug. 4 by the ABA Standing Committee on Ethics and Professional Responsibility."  Links to the referenced opinions are provided in the article.

Both opinions rely on a hypothetical fact pattern, and provide insight into the ethical obligations of counsel, when faced with specific email issues.

In Fight Against Securities Fraud, S.E.C. Sends Wrong Signal



http://ow.ly/7aDjo

An article by Jesse Eisinger, Probulica.  Posted on the dealbook.nytimes.com website.

The article discusses the S.E.C. and provides an argument that the recent settlement for $285 million with Citigroup regarding allegations of misleading customers sends a wrong signal. The article states, "...the S.E.C. accused one person — a low-level banker. Hooray, we finally got the guy who caused the financial crisis! The Occupy Wall Street protestors can now go home."

The author credits the S.E.C. for the investigations it has undertaken but feels that they are taking a risk averse stance when it comes to pursuing legal action. The author states, "Contrary to expectations, the embattled and oft-assailed agency has done almost everything right with structured finance investigations, taking aim at abuses related to C.D.O.’s and other complex deals.

The S.E.C. has also devoted adequate resources to the issue. It put together a special task force on structured finance, sending the proper signal of the agency’s priorities both internally and externally. The task force is staffed by bright people, an invigorating mix of young go-getters and experienced hands."

The article goes on to state, "The agency’s yardstick seems to be, who wrote the stupidest e-mail? Mr. Stoker of Citigroup wrote an incriminating e-mail that recommended keeping one crucial participant in the dark. Goldman’s Fabrice Tourre, the other functionary the agency has sued, wrote dumb things to his girlfriend.

But the S.E.C is not the G-mail G-man. It is the securities police. Imprudent e-mailing is not the only way to commit securities fraud."

Get your house in order with Early Data Assessment: Part I



http://ow.ly/7aC12

An article by  George Socha and Alon Israely published on the website insidecounsel.com.

This article discusses Early Data Assessment (EDA) and how it fits with the Electronic Discovery Reference Model (EDRM) diagram.

The article states, "Picture the EDRM turned 90 degrees to the left, so it stacks up vertically. From that angle, the data makeup of a legal matter’s possibly relevant Electronically Stored Information (ESI) forms the bedrock for successful data preservation, collection, analysis and review strategy. At this nascent stage, Early Data Assessment becomes important."  A link to the EDRM website is provided in the article.

The article further points out that EDA is not equivalent to ECA (Early Case Assessment).  The authors point out, "The EDA process is not to be confused with Early Case Assessment which typically relates to assessing legal liability. By contrast, Early Case Assessment usually happens at the onset of a matter as inside or outside counsel assess the viability of a matter, compare it against similar past matters, determine whether insurance coverage may come into play, make decisions about what counsel to retain, and engage in other similar activities focusing on evaluating the entire case early."

The article provides further insight as well, and discusses the relationship between in-house counsel, and law firms.  The article states, "Corporate law departments working with outside counsel can have two overriding goals with respect to EDA:...1. Get the (big) picture on electronic data; and 2. Precision is key".  A discussion of both of these topics is provided in the article.

P.S. Apparently there is more to come on this topic, as this is said to be Part 1 of a series.

Wednesday, October 26, 2011

Electronic Records May Increase Malpractice Lawsuit Risk



http://ow.ly/7ac20 

An article by Neil Versel appearing on informationweek.com.

This article discusses electronic health records (EHR's) and states that EHR's may lead to increased malpractice costs for medical professionals.

The article states, "EHRs may reduce the medical liability for certain errors, but it appears they "both create new forms of medical liability and expose existing liability issues in the healthcare environment that might otherwise remain unknown," says a white paper published by the AC Group, a Montgomery, Texas, health IT research and consulting firm."  A link to the referenced white paper is included in the article.

The article points out several areas of concern, and possible shortcomings with EHR implementation.  The article further states, "In addition, poorly designed and implemented EHRs could make it far easier for malpractice attorneys to press their cases by mining the metadata embedded in patient records. "During the discovery process of a malpractice claim, the printed record shows the current information but not the information that was available to the provider at the time the care was rendered," the report says. "Time synchronization between different electronic charting systems is lacking--for example, one time sequence might indicate that a child was born before the C-section was performed.""


Ready or Not, It’s Time for Corporate America to Address Social Media



http://ow.ly/7a8QN

An article by Rob Jones on the eDiscovery Insight blog.

This article touches on corporate use of social media, and states that corporations must be ready to deal with legal challenges associated with social media network use.

The article asks certain questions, and states, "

1) How do I monitor what my employees are saying about my company on social media sites?

2) Should I prevent my employees from accessing social media sites from their work PC’s?

3) How proactive should we be in our social media interaction with disgruntled clients?

4) Where is the line drawn between employee privacy or freedom of speech versus malicious intent and libelous behavior?

All of these are great topics and definitely need to be addressed. There is actually a fantastic website that has a ton of resources regarding these very issues called Social Media Governance (Authored by Chris Boudreaux)"  A link to the referenced website is provided in the article.

The article further states, "Smart companies need to be asking themselves what mechanisms they need to have in place to stay on top of what employees are sharing with customers and potential customers. It’s only a matter of time until mismanagement of social media policy leads to serious consequences – not only for the bottom line, but potentially in the legal and e-discovery arenas as well."

The Ethical Minefield of Metadata




http://ow.ly/7a8sz

An article by Gary Wiener posted on his blog Part of the Solution.

This article discusses metadata, and issues the pertain to scrubbing of metadata, and mining of metadata.

The article defines metadata and states, "Metadata, frequently referred to as “data about the data” and specifically referring to electronically stored information (ESI), poses an interesting ethical dilemma for lawyers on two fronts:
Should metadata be purged, or “scrubbed,” from an electronic file before it is produced to opposing counsel; and
Where metadata has not been scrubbed, is it fair game for opposing counsel to attempt to “mine” the metadata for clues to potentially privileged information that the producing party might have missed?"

As the article states, " A technologically proficient user who knows what she is looking for and how to find it can unearth a potential treasure trove of useful information within the metadata."

The article further points out that jurisdictions differ as to what is permissible, and certain jurisdictions have issued no statement regarding proper and ethical handling of metadata.

Google Reports Surge in Government Requests for User Data



http://ow.ly/79RL1

An article published by the Wall Street Journal, written by Tom Loftus.

This article discusses the U.S. government, and their requests for information regarding Google users.

The article notes, "U.S. government requests for data on Google users for the first half of 2011 increased 29% over the previous six-month time frame, according to a report released by Google today.

Government agencies and courts sent a total of 5,950 user data requests between January 1 and June 30, 2011, covering 11,057 separate users and accounts. Google said that it fully or partially complied with 93% of them."

The article further indicates, "...requests by the U.S. government to remove content from Google products also jumped–to 92, a 59% increase. The majority of requests, which targeted 757 items, involved alleged defamation, found either in Google’s Web search results, Google groups, YouTube or in Blogger, the search giant’s blogging platform. Google chose to comply with 63% of the requests."

A link to The Google Transparency Report is provided in the article, and the author makes it clear that the Report is not limited to U.S. actions.  The article discusses requests from the government of France, the UK, China, Thailand and India as well. 

In addition, the article mentions, "The transparency report also features information on traffic patterns, indicating when and where Google service access was limited. The January to June period dovetails with a portion of the Arab Spring where governments moved to block Internet access in order to forestall protest movements. The report shows that Egypt, Myanmar, Libya, Uzbekistan and Libya all Internet outages spawned by government actions."


The Newest Trend in e-Discovery: Stop the Madness!!



http://ow.ly/79QuM

An article by Linda Sharp on the cmswire.com website.

This article discusses trends in eDiscovery and also provides a link to download a report regarding document management providers.

The article discusses the recent past, and states that most companies dealt with eDiscovery in a re-active manner.  The author states, "In the past few years, signs of improvement have emerged as some enterprises begin to establish more proactive e-Discovery processes. Many have created data maps and are trying to understand where their data resides. Others have established e-Discovery task forces to help speed the e-Discovery process, cut costs and avoid sanctions."

The article further states that data replication, and storage costs continue to be an issue of concern.  The author points out, "Technology got us into this mess and it is going to take technology to get us out. Some companies have now seen the light and are determined to stop their own madness. They have learned that data management is an enterprise problem, not just an e-Discovery problem."

PIN It Down: Hacking Scandals Pinpoint Security Risks



http://ow.ly/79r6E

An article by Dennis Kennedy on the ABA Journal website.

This article discusses cell phone hacking risks and provides some advice on how to avoid such an issue.  This article references the following points, with some further narrative around each:

1) Have no defaults.
2) Change PINs regularly.
3) Avoid common PINs.
4) Vary PINs.
5) Look for protection tools.
6) Watch for developments in the areas of alerts.



Internet publishers liable for privacy invasion in each country material is accessible, ECJ rules


http://ow.ly/79pJV

An article on the out-law.com website of the firm Pinsent Masons (no author credit provided for the author).

This article discusses a European Justice Court ruling which held that individuals can sue for damages against an internet publisher in each country where they deem a violation has occurred.

The particular matter in question involved two joined cases, one in France and the other in Germany.  The article states, "The ECJ said that the subjects of stories could sue publishers either in the countries in which their image had been damaged or in the country where the person's "centre of interests" is based. In each case the courts would have to apply no stricter laws than would have applied in the publisher's home courts, it said."

The article further points out, "Under the EU's Brussels Regulations publishers can only generally be sued in the courts of the country in which they are based, regardless of nationality, apart from in certain circumstances. Those circumstances include "in matters relating to tort, delict or quasi-delict, in the courts for the place where the harmful event occurred or may occur".

The ECJ said that the Regulations, together with previous case law, should be interpreted as allowing individuals the right to sue for harm to their image over online content in a centralised lawsuit in a country that is not their own because publishers should "reasonably forsee" that that country is where the "centre of [the individuals'] interests" are. Individuals should also have the option to sue in separate countries where they believe the allegedly infringing material was accessible, it said."

Key eDiscovery Considerations for Selecting a Cloud Service Provider



http://ow.ly/79oGh

An article by Philip Favro appearing on the e-Discovery 2.0 blog.

This article discusses issues that should be kept in mind when looking for a services provider that offers "Cloud" based computer options.

The article discusses the following issues, and provides remarks around each:
  • Going to Cloud Services for Data Archiving and eDiscovery
  • Paring Back Superfluous and Duplicative Information
  • Paring Back Superfluous and Duplicative Information
 The author states, "A cloud server provider that can quickly retrieve and efficiently discover data has the potential to help organizations address their legal and regulatory demands in a cost effective manner. Such a provider may be just the solution for organizations that are looking to properly address their runaway information governance costs."

Tuesday, October 25, 2011

E-Discovery in SEC and FINRA Investigations



http://ow.ly/78PUy

An article by Rachel Tausend and Josh Dutill appearing on law.com and published by the Legal Intelligencer.

This article discusses eDiscovery in the context of how it applies in SEC. investigations as well as FINRA investigative proceedings.  The authors state, "The failure to know and comply with the requirements and expectations for e-discovery in these contexts can have a number of adverse consequences for both firms and their personnel, as well as potentially for their counsel. This article highlights some of the key requirements and considerations in identifying, collecting and producing ESI to the SEC or FINRA during an investigation."

The article discusses the SEC Enforcement manual, and states, "The manual includes specific guidelines for document production that should be included in a subpoena or in the cover letter accompanying a subpoena. SEC staff are encouraged to request the production of documents in electronic format, because, among other reasons, it may allow the staff to search for specific terms and to tag and review data more easily. The manual section addressing the format for electronic production of documents sets forth several detailed technical guidelines."

The article provides further discussion of SEC issues, such as Rule 83, and the treatment of certain types of documents as "Confidential".  The authors point out, "The FOIA confidential treatment procedures do not differentiate between different document types anddo not address the potential and practical complexities of requesting confidential treatment for ESI, particularly native files. Accordingly, an individual or entity producing ESI will need to consider the options for following the FOIA confidential treatment request procedures, particularly, in light of the SEC's Production Specifications, to determine the best approach in a given situation."

In addition, the article discusses the need to certify the completeness of a production to the SEC.  References for information on dealing with SEC subpoenas are also provided in the article.

Furthermore the article discusses some of the specific issues related to FINRA investigations. The article references Rule 8210 and states, "Failure to provide requested information is a violation of Rule 8210 and may result in serious sanctions. The complexities and challenges of efficiently and effectively identifying, collecting and producing ESI in private litigation and in SEC matters are also present in responding to a FINRA investigation."


The authors provide some advice on how to handle eDiscovery issues related to the SEC and FINRA, and the article also offers the following warning: "The SEC and FINRA, like many courts, have shown signs that they are increasingly impatient with a claimed lack of understanding of ESI- and e-discovery-related issues by parties and their counsel and will not hesitate to bring an action based on the failure to preserve or produce documents. Parties, including their counsel, that are not aware of the applicable e-discovery requirements and expectations in the context of SEC or FINRA investigations and fail to appropriately consider and follow them risk several potential undesirable consequences, ranging from higher-than-expected production costs or "do-overs" to serious sanctions."

Using Lean Six Sigma and Predictive Coding to Confront Volume Problem



http://ow.ly/78O7Z

An article by Stephanie "Tess" A. Blair and Tara Lawler published on the Legal Intelligencer and appearing on law.com.

This article discusses advanced technology techniques such as "Predictive Coding" and the need to utilize them with an established and repeatable workflow process.  The article touts the use of such a strategy by the eData team of the law firm Morgan Lewis.

The article states, "The current industry standard is to use key words, deduplication and similar objective culling criteria to reduce the volume of data and then to perform a linear human review of any records that remain. Predictive coding can eliminate, escalate, categorize and prioritize records for review, thus decreasing data volumes and enhancing human review."

The article further discusses the Lean Six Sigma process, as follows:  "Lean Six Sigma is a popular process-improvement methodology that combines two known business strategies, Six Sigma system and lean manufacturing. The purpose behind Six Sigma is to identify and remove defects in a production process while lean manufacturing is a business strategy that focuses on increasing value with less work."

The article further states, "Lean Six Sigma measurements provide transparent and comprehensive metrics to show the improvements made by utilizing predictive coding in a document review, and should also provide a compelling defensibility argument for using predictive coding.:

The Effective Use of Rule 502(d) in E-Discovery Cases



http://ow.ly/78vZ1

An article by Thomas C. Gricks III posted on the Legal Intelligencer on the law.com website.

This article discusses Rule 502 of Evidence, and how it should be utilized during litigation involving review of electronically stored information.

As the author states, "Used properly, Federal Rule of Evidence 502, and particularly Rule 502(d), can be one of the most valuable assets available to e-discovery counsel in dealing with the attorney-client and attorney work product privileges during review and production of electronically stored information (ESI)."

The article further states, "The cornerstone of privilege protection under Rule 502 is Rule 502(d), which provides that "[a] Federal court may order that the privilege or protection is not waived by disclosure connected with the litigation pending before the court — in which event the disclosure is also not a waiver in any other Federal or State proceeding." The protections available under Rule 502(d) do not depend on whether the disclosure was inadvertent. In fact, the Advisory Committee Note to Rule 502(d) establishes that a court order issued under the authority of Rule 502(d) may provide for non-waiver regardless of the care taken by the disclosing party."

The article discusses the attorney-review process, and touches on the clawback provisions of Rule 502. The article further touches on reviews that may involve an automated process, or involve a review in which the entire population is not actually checked by counsel.  The author states, "As Magistrate Judge Paul W. Grimm of the U.S. District Court for the District of Maryland observed: "If a nonwaiver agreement is ambiguous ... , the court may take a formalist view and resort to analysis under Rule 502 if the agreement doesn't explicitly govern resolution of the dispute.""

This is a comprehensive article that discusses each subsection of Rule 502, and provides very useful insight to practitioners that have to deal with such eDiscovery issues, and attorney-review of ESI.

10 Key Questions That Law Firms Should Ask Clients



http://ow.ly/78c21

An article by Pam Woldow on her website pamwoldow.com.


This article is a list of 10 questions, some with multiple parts, that a law firm should ask clients in order to ensure a stable working relationship.

The questions are meant to illicit valuable feedback, and this is certainly a good framework for obtaining useful client feedback.

Compare and Contrast: US and UK attitudes to Preservation Sanctions



http://ow.ly/78a7B

An article by Chris Dale on his blog the e-Disclosure Information Project.

This article discusses a panel presentation provided at the recent Masters Conference in Washington D.C.  Mr. Dale states, "The formal title of the panel at the Masters conference wasPreservation: Will this be the next change to the Federal Rules? It was moderated by William Butterfield of Hausfeld and comprised, as well as Allison Stanton, Martin Audet of Nuix, Courtney Barton of AOL, John Rosenthal of Winston and Strawn and Paul Weiner of Littler Mendelson."

The article discusses the issue of preservation, and mentions that is seemingly the main eDiscovery concern at present in the U.S.  Proposed new rules of civil procedure are being discussed regarding eDiscovery, and preservation obligations are at the forefront of those obligations.

The article states, "It is not clear why preservation issues are so serious in the US but are barely heard of in the UK or elsewhere. However patriotic I am, I do not suggest that UK litigants and their lawyers are any more honest, competent or conscientious than their US equivalents; pro rata to the quantity of litigation, there must be as many preservation failures in the UK through dishonesty, through some level of neglect or negligence, or through breach of duty to the court as in the US. The same must be true of other common law jurisdictions. Only the US, however, seems to have made a kind of religion out of it."

The article provides links to many other writings on the topic, and this article is certainly a valuable resource regarding the current status of this issue.

The author further states, "Given that there is as yet no agreement about the need for a new US preservation rule let alone the potential scope of such a thing, it will be at least two years before we will see a rule change. It is equally true that no quantity of judicial views, expressed on or off the bench, will encourage lawyers or their clients to take a more courageous view of their preservation obligations.'

P.S. If you are interested in the extent of preservation obligations, this article should certainly be read in full.

eDiscovery: Best Practices for Implementation



http://ow.ly/788g5

An article by Jeremy B Thompson posted on ezinearticles.com.

This article discusses the topic of eDiscovery and describes what the term means.  The article also discusses some of the concerns pertaining to eDiscovery practices, such as the following:
  • Vagueness of the search capacities 
  • Flexibility of the program 
  • The deployment time 
The article further states, "The eDiscovery practices for implementation are slowly gaining popularity across the world, with different countries employing them in their legal systems. With this fact, it is very important that its accuracy and effectiveness is thoroughly looked into. This can be achieved by putting the electronic discovery into the test."
 
 

Insurance for Information Stolen in Data Breaches



http://ow.ly/786tb

An article by Joseph D. Jean and Rachel M. Wrightson published by the New York Law Journal and posted on law.com on the LTN webpage.

This article discusses insurance policies for data breaches and cyber hacking incidents.  The authors state, "A recent, high-profile legal dispute between Sony Corporation of America (and some of Sony's affiliated companies) and Zurich American Insurance Company over data breach liability claims highlights the challenges companies confront to secure coverage for expenses related to cyber-risks. See Zurich American Insurance Company v. Sony Corporation of America, No. 651982/2011 (N.Y. Sup. July 20, 2011)."  The article provides a link to information about the referenced case.  In addition, the article states, "Zurich's complaint seeks to absolve Zurich of any responsibility to defend or indemnify Sony for the claims asserted in the class action complaints and "miscellaneous claims" arising from the data breaches."

The article also discusses the fact that there is often a "publication" requirement associated with the data breach insurance policies.  This is said to mean that the data must have been disclosed to a third-party.  The authors state, ""Publication" should not be an issue in these cases in any event. Indeed, the crux of the claim by an individual whose personal information has been compromised by a hacker is that their privacy has been invaded."

In addition, there are other issues involved with damage calculations, as oftentimes the party whose privacy might have been violated receives non-monetary benefits (such as coupons for service).  This fact makes it harder to calculate the damage amount that the insurer must pay.

The authors provide certain advice,  "As hacker attacks and data and security breaches proliferate and take new shape, so too do the accompanying risks. When a company becomes aware that it has been subject to a data breach, it should immediately place its general liability insurer on notice and investigate coverage under that policy."

Monday, October 24, 2011

eDiscovery’s Big Concerns: Social Media and The Cloud



http://ow.ly/77IGd

An article by Barry Murphy posted on eDiscovery Journal.  The article discusses social media use, retention policies and storage of ESI on social media networks.

In addition the article states, "...it was with great interest that I read this article that Leigh Isaacs forwarded my way today – “Facebook to face 100,000 Euro Fine for Keeping Archives of Deleted Data.”

FaceBook users may delete data, but that doesn’t mean that Facebook has a way of making sure that data is actually destroyed. In this one case, an individual shows how his privacy could be violated. Imagine what could happen if a huge corporation could prove mishandling of data? Because, at the end of the day, this issue extends well beyond Facebook and other social media providers; truly any cloud vendor could face similar charges."  The article provides a link to the referenced source.

The article states that the eDiscovery journal is conducting a cloud provider survey, asking for information about data storage issues, trying to gauge if these issues are already of concern to providers.  A link to the survey is provided in the article.

Interesting Poll Results for eDiscovery Market - The eDiscovery Paradigm Shift



http://ow.ly/77lnt

A post by Charles Skamser of the eDiscovery Paradigm Shift blog.  This post provides results from the recent poll taken over a four month time period by the eDSG group.  The article provides a summary of the results of the informal survey, complied from thousands of replies.

There are several responses provided in the survey summary, of particular interest the results state:

 "Are you planning to implement some form of predictive coding for eDiscovery?"

20% - What is predictive coding?
20% - No plans
20% - In 2011
40% - In 2012

Is it time to update the FRCP again?


12% - What are the FRCP?
25% - No
62% - Yes

P.S. Click on the link to read more of the survey's results, including a list of the specific solutions most likely to be utilized.


Work Email: Clients Beware



http://ow.ly/777yw

An article by Edward M. Spiro and Judith L. Mogul published by the New York Law Journal and appearing on law.com on the LTN webpage.

This article provides a detailed discussion of the use of emails, and whether attorney-client privilege is protected through certain types of electronic communications.

The article states, "A growing body of case law, and a recent opinion issued by the American Bar Association, make clear that lawyers must help clients assess the risks of sending emails from work systems or devices."  Many precedent cases are cited in the article, and there is narrative about what obligations the various holdings outline.

The article provides a reference, and a link to the opinion for the case, In re Asia Global Crossing, Ltd. 2006 WL 1318387 (E.D.N.Y. May 15, 2006).  As the article states, "In that case, a bankruptcy trustee sought emails sent by the debtor's former employees to their personal attorneys over the debtor's email system -- a request resisted by the former employees on the grounds of attorney-client privilege. In the context of email sent through an employer's computer system, the court reasoned that an employee's expectations of confidentiality (essential for any claim of privilege) are closely linked to his or her expectations of privacy, which in turn depend on office practice and procedure."

The article provides further information on the In re Asia Global case, "The Asia Global court then articulated a four-factor test, which has been widely adopted as the standard for evaluating claims of privilege for emails sent from or through employer devices or systems: 1) Does the employer maintain an email policy banning personal or other objectionable use? (2) Does the employer monitor the use of the employee's computer or email? (3) Do third parties have a right of access to the computer or emails? and (4) Did the employer notify the employee, or was the employee aware, of the use and monitoring policies?"

The article discusses several other cases, and provides links to the opinions.  The cases focus on distinctions between emails sent privately, and those sent through company based servers.  In addition, the cases also focus on the steps taken by the senders, and the efforts made to reasonably maintain an expectation of privacy in the communication.

The article further discusses the ABA advisory statement made in August, 2011 and states, "...the ABA instructs that lawyers who engage in email communication with their clients "must ordinarily warn the client about the risk of sending or receiving [such communications] where there is a significant risk that a third party may gain access.""


Mobile social media audience up 37%: report

http://ow.ly/76XY4

An article by Patricio Robles posted on the econsultancy.com website.

This article discusses a report provided by comScore, and a link to the numbers is provided in the article. According to the article, "...the number of mobile users in the United States ages 13 and up who accessed a social networking or blog website has grown a whopping 37% in the past year.

What's more: nearly 50% of these users are social networking on a daily basis using their mobile devices."

Another statement in the article is, "(Facebook mobile use) U.S. fast-approaching 60m monthly. The mobile audiences of Twitter and LinkedIn aren't nearly as big, but they grew at a faster clip that Facebook in the past year to 13.4m and 5.5m, respectively."

91% Of Employers Use Twitter, Facebook And LinkedIn To Screen Job Applicants [INFOGRAPHIC]

http://ow.ly/76WFn

An article by Shea Bennett posted on the website mediabistro.com, accompanied by an infographic.

This article discusses employers use of social media networks to screen potential employees.

The article states that social media monitoring service Reppler conducted a study with another company, Lab42, regarding use of social media for screening applicants.  The findings state, "A massive 91% of the employers polled use social networking sites to screen prospective employees. More worryingly for applicants, 69% say they have rejected a candidate because of something they saw on one of these social platforms.

Other key takeaways:
  • 47% of employers check social networking sites to screen prospective employees immediately after receiving their job application
  • Facebook is checked by 76% of employers, followed by Twitter (53%) and LinkedIn (48%)
  • It’s not all bad news – 68% of employers have hired a candidate because of something they saw about them on a social networking site."
A portion of the infographic is included below, and the full infographic appears in the article:


Leading-Edge Law: Consider the legal effort required to move to the cloud



http://ow.ly/76RXi

An article by John B. Farmer published on the Richmond Times-Dispatch and on the 2timesdispatch.com website.

This article discusses the desire to move to a "Cloud Computing" model and offers businesses some items to consider prior to making such a move.

The article provides some insight into various computing models that can be said to be "Cloud" models.  In addition the author offers the following advice, "...here are a few issues that I recommend business owners keep an eye on when having their lawyers negotiate a cloud-services agreement:

  • What is the minimally acceptable level of uptime functionality for your computing system, and when it will be down for scheduled maintenance?
  • What support will you get for technical failures, and what about help-desk support for confused users?
  • Data security and confidentiality terms must be carefully crafted, including (i) limiting the geographic locations where data may be stored, (ii) requiring the cloud provider to comply with data-security laws, and (iii) addressing who pays the cost of dealing with any data-security breaches.
  • Make certain you have adequate legal rights to use the software in the cloud in the ways you may need to use it.
  • You may later want or need to switch cloud providers or to take functions back in-house, so the contract needs to provide for how you can take your data (and perhaps your software) in a usable format as quickly as you need and without major obstacles."