E-discovery management: How IT should interact with the legal team

Courtroom "surprises" might make for good television drama, but U.S. judges frown on surprise as an element of justice. Thus, the discovery phase of litigation mandates liberal access to any witnesses, documents, premises or "things" that might help assess each side's legal claims and defenses in a courtroom.

Enter the growing relationship between IT and legal teams. Given the importance of electronic information in businesses, much of the evidence that can help to assess legal matters is managed by IT and information security teams. Logically, lawyers expect access to this information. So how should IT and information security work with legal counsel?

There are two fundamental questions that need to be asked: "What data should be saved?" and "What needs to be preserved?" The legal team asks the first question, and IT helps to answer it by discussing business requirements (including regulatory and contractual drivers) for systems and the information they hold. The IT team asks the second question, and lawyers offer guidance for current or upcoming court cases that will require special retention of information.

In conjunction, IT teams should ask two related questions: First, "What's the status of preservation orders?" It turns out that discovery rules offer a green light for IT to continue normal information life cycle practices. That is, courts expect data to be destroyed as part of typical business processes—as long as they are clearly documented. Organizations are granted a safe harbor for this activity. In other words, they won't get in trouble with the courts if they're following normal business procedures. However, if litigation is underway or reasonably expected, relevant information shoul

To continue reading for free, register below or login

Requires Membership to View

To gain access to this and all member only content, please provide the following information (all fields required):

First Name:
Last Name:
Country: Select... Afghanistan Aland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory British Virgin Islands Brunei Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos (Keeling) Islands Colombia Comoros Congo Congo, Democratic Republic of Cook Islands Costa Rica Cote D'Ivoire Croatia Cuba Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia, The Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard and McDonald Islands Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati Korea, North Korea, South Kuwait Kyrgyzstan Laos Latvia Lebanon Lesotho Liberia Libya Liechtenstein Lithuania Luxembourg Macau Macedonia Madagascar Malawi Malaysia Maldives Mali Malta Man, Isle of Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands Netherlands Antilles New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestine Panama Panama Canal Zone Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Reunion Romania Russia Rwanda Saint Helena Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and the Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia and Montenegro Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard Swaziland Sweden Switzerland Syria Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu U.S. Minor Outlying Islands Uganda Ukraine United Arab Emirates United Kingdom United States Uruguay Uzbekistan Vanuatu Vatican City Venezuela Vietnam Virgin Islands Wallis and Futuna Islands Western Sahara Yemen Zambia Zimbabwe
Email Address:

Do you manage, evaluate, recommend, implement, support or purchase security products, software or services?
YesNo

Please estimate the yearly security budget for your entire organization including all security products and services.
Please select... Over $10 Million $5 Million-$10 Million $1 Million-$4.9 Million $500,000-$999,999 $100,000-$499,999 $50,000-$99,999 $25,000-$49,999 $10,000-$24,999 Less than $10,000 None

What is your role in purchasing IT related products and services? (Check all that apply)
Technical decision maker
Financial decision maker
Recommend/Specify
Evaluate products
Implement Products/Services
Determine Needs
Create Security Strategy
None

By joining SearchSecurity.com you agree to receive email updates from the TechTarget network of sites, including updates on new content, magazine or event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile or unsubscribing via email.

TechTarget cares about your privacy. Read our Privacy Policy

The best course of action is for IT to always stay informed on what the legal team is up to. Hence a second question, "What's the on-boarding process for new or expected litigation?" What IT doesn't want is an obscure voicemail message such as, "It looks like WidgetCo might sue us next week. What have we done about the data around that project?" Far better is ongoing, forward-looking conversations about impending cases.

Because they negotiate with opposing counsel, the legal team needs to understand how costly it will be to produce data. Will a piece of information stored in a long-lost underground vault cost a fortune to dredge up, or is it used routinely for sales forecasts, making it easy to gather? As a case unfolds, IT teams might need to help legal counsel assess the production timeframes and location of critical data. Specifically, they need to answer the questions, "Where is data? In what timeframe was it collected? Who has access and control? How's the data managed over time? How quickly can it be restored or retrieved? What will it cost?"

The legal team needs to offer critical advice to IT as well. An important question is, "What should we do about document metadata?" For example, consider if a plaintiff alleges that a former employee carried trade secrets with him to a new employer. It would be telling if metadata on the new employer's documents showed that they originated with the old employer.

Ideally, unnecessary metadata and previous file versions should be stripped away from documents and records before they are stored. However, the legal community itself is still grappling with file-format and data-redaction issues. Therefore, it's best to clear any decisions about the technology of handling metadata with the legal team before going forward. For example, don't modify document metadata in archives before talking with counsel.

Metadata issues not only relate to incrimination, but also to legitimate questions of information accuracy and integrity. For example, does a requester really want a native file that contains the macro "DATE_TODAY()?" The document received will necessarily be different than the original, which might not be the desired result.

Finally, IT should be able to answer the question, "How can I show that this data is good?" Business records are entitled to a presumption of validity under the rules of evidence. And a party challenging that validity has the burden of rebutting that presumption (for example, providing evidence of tampering or non-routine destruction). But it's wise to let the legal team know what security controls help protect the integrity of information.

Given the requirements of e-discovery and the conversation needed between legal and IT, what's the bottom line? Each team has expertise required by the other. And each team needs to focus on its core subject matter. Issues of case strategy, negotiation among claimants, and the details of e-discovery rules should lie with the legal time. Issues of information retention policies, appropriate use of automation, and how best to preserve information should lie with IT and security groups. The key steps will be to ask, listen, and continuously work together to ensure proper and cost-effective e-discovery management.

About the author:
Trent Henry is research director with Midvale, Utah-based research firm Burton Group. Henry is a Certified Information Systems Security Professional (CISSP) with more than 15 years of experience in information technology working at companies including Identrus, Digital Signature Trust, Ameritech, and Apple Computer. His past work includes PKI industry security management and technology research, Internet server and protocol product development, and operations leadership of large-scale network and distributed systems deployments. Henry has participated in security standards bodies including X9 and Internet Engineering Task Force (IETF) and contributed to the first Common Criteria Protection Profile slated to become an ANSI standard. He is a respected speaker and writer on information security, audit, and compliance topics and received his undergraduate degree from Stanford University.

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. BROWSE BY TAG Compliance Counselor,   Enterprise Data Protection,   Enterprise Data Governance,   Information Security Management,   Business Management: Security Support and Executive Communications,   VIEW ALL TAGS Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Compliance Counselor Common PCI questions: Web application firewalls or source code review? PCI management: The case for Web application firewalls The basics of enterprise GRC project management PCI DSS: The structure of a standard How to choose between source code reviews or Web application firewalls HIPAA compliance: New regulations change the game Data security best practices for PCI DSS compliance Key elements of a HIPAA compliance checklist A preview of PCI virtualization specifications Strategies for email archiving and meeting compliance regulations Enterprise Data Governance Compliance in the cloud Risk management must include physical-logical security convergence Simple information security mistakes can cause data loss, says expert Organizations struggle with data leakage prevention, rights management Encryption in data management should never be ignored, expert says Attackers cash in on fundamental data handling mistakes, Verizon finds Data loss prevention benefits in the real world Mass., Nev. data protection laws wrong, ineffective Cybersecurity hearing highlights inadequacy of PCI DSS Enforcing a vendor risk assessment to avoid outsourcing security risks Business Management: Security Support and Executive Communications RSA council addresses growing security risks in the cloud How to write a risk methodology that blends business, security needs Risk management must include physical-logical security convergence New partnerships, creative thinking help security bust recession How to align an information security framework to your business model Service-focused security offers best value to organization Cybersecurity Act of 2009: Power grab, or necessary step? Information security skills must include communication, expert says Mimic the IBM approach to security at RSA Sell the business on virtualization security RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary cut-and-paste attack  (SearchSecurity.com) data splitting  (SearchSecurity.com) deperimeterization  (SearchSecurity.com) Google hacking  (SearchSecurity.com) masquerade  (SearchSecurity.com) snooping  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.