E-discovery compliance requires a lawyer's touch - Information Security Magazine - Page 1

E-Discovery Compliance Requires Security Pros to Think As Lawyers Do

When it comes to e-discovery, temporarily hang up your security hat.


Within any profession, but seemingly prevalent in technology, there are those who talk the talk, and those who walk the walk. Talkers are classic know-it-alls who talk their way through anything--and wouldn't let anyone know they're in way over their head. Walkers know what they're doing--and when they don't, aren't afraid to take pause.

Every now and again, the talker is called out--sometimes through a mistake or by someone with deeper technical expertise. While everyone makes mistakes, when it comes to handling e-discovery requests, errors or lack of knowledge can be damaging, costly, and simply unforgiving.

E-discovery begs the ultimate collision of legal and technology worlds. A retooling of thought toward a legal mindset is necessary to properly handle e-discovery requests. "Winging" a response or approach to a request isn't sufficient. Not only do you need to know what you're doing, but you have to be willing to acknowledge and learn what you don't know. This means putting on your data protection hat and a pair of legal glasses and thinking like a litigator.

The first step in thinking like a lawyer is figuring out what questions to ask or steps to take before arriving at a final answer--i.e., production of data. Even if an e-discovery request trickles down

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

through layers of corporate hierarchy and it's unlikely you'll ever set foot in court, think about and document the methodology followed for data preservation, collection and processing, anticipating weaknesses the opponent will try to find.

The absence of scrupulous documentation with respect to data collection such as a record of how data was preserved and collected may serve as fodder for additional claims, defenses or theories. If you're asked to pull responsive data and the case lands in court two years later, you're probably not going to remember exactly how you fulfilled that request or the steps taken to get it ready to produce. Extensive documentation of methodology and process is critical, so you can confidently explain your process and repeat it later.

The recent Qualcomm discovery nightmare is a reminder to consider location, location, location--i.e., where a company harbors responsive material. An organization must make a good-faith effort to harvest documents from all potential repositories and give supported assurances of a complete search. Keep in mind that consequences flow from a lack of diligence, such as recklessly ignoring relevant documents, as sanctions on Qualcomm and its lawyers for withholding "tens of thousands of emails" adeptly illustrate in a patent infringement case against Broadcom.

This was first published in March 2008