eDiscovery Compliance for Existing and Planned Information Systems
By: Eugene Mayevski
According to National Law Journal (2006), about 90% of business documents are stored in electronic form, while between 60 and 70% of corporate data reside in e-mails or in attachments.
Recent government regulations, the amendments to Federal Rules of Civil Procedure (FRCP), effective December 1, 2006, mandate a completely new level of corporate electronically stored information (ESI) treatment and litigation readiness. An amended Rule 33(d) states that the business should be able "to afford to the party serving the interrogatory reasonable opportunity to examine, audit or inspect such records and to make copies, compilations, abstracts, or summaries." Rule 34(b)(i) stipulates that "a party who produces documents for inspection shall produce them as they are kept in the usual course of business or shall organize and label them to correspond with the categories in the request".
This paper discusses the ways to make your enterprise information system eDiscovery compliant the most effective way.
Why eDiscovery compliance is important? The main threats to a non compliant enterprise come from litigation costs, company downtime, and brand damage.
Litigation costs and legal fees associated with improper ESI management result from spoliation of evidence, adverse inference, summary judgment, and sanctions (see Qualcomm v. Broadcom). In gender discrimination lawsuit (Zubulake v. UBS Warburg), the court ordered defendant to produce all electronic evidence at its own expense - a huge amount of data stored on optical disks, active servers, and backup tapes. Some tapes appeared to be non-functional or tampered with - the defendant was facing monetary charges for its failure to preserve the missing tapes and e-mails. It is important to point out that while judicial procedures did not reveal any documents supporting the plaintiff, the defendant lost the case because of the improper storage and management of company documents.
Cost of company downtime due to on-site or off-site discovery process are best illustrated with the following real-life example. The United States Secret Service executed a search warrant at SJ Games Inc. office computers looking for evidence of data piracy (SJ Games, Inc. v. United States Secret Service). Due to huge amount of data, officers decided to remove company hardware to a dedicated site for an off-site search. The hardware was not recovered until four months later. The company had to lay-off half of its employees and was ready to close its doors. Some of the SJ Games expenses were recovered in court only three years later.
Brand damage and losses associated with bad PR, loss of clients' trust leading to loss of clients, stocks plunges, etc. can mount up after the general public finds out that the search warrant was issued against an enterprise. It is in the company's interest to complete the unpleasant procedures and clean its name as soon as possible.
Good data organization, ease of retrieval, protection from spoliation and tempering are the key elements of eDiscovery preparedness. I will consider two potential situations: when the data storage infrastructure is already in place and when the system is at the planning stage.
If your data storage infrastructure is working, you should take great care in making it eDiscovery compliant without disruptions to its operations. A compliance-oriented system should not interfere with normal everyday functions of the existing software and hardware infrastructure.
It would be nice to find means to avoid introduction of changes into a stabile and functioning logics of your system. Such changes generally lead to introduction of potential instabilities in its work and may lead to huge expenses for testing and bug-fixing. There is a way to avoid these inconveniences - give access to your documents stored inside your system as if they were files and folders on a virtual disk. You may object that in-house development of such virtual disk capabilities requires serious investments (thousand of man hours of a highly skilled labor). The Callback File System will solve this problem for you.
Callback File System is a software component for developers allowing virtual real-time representation of any data as files and folders of an ordinary file system. The files may be accessed through a currently used software without necessity to write adapters, parsers, or converters. Callback File System is based on a kernel-mode driver and, therefore, necessitates implementation of only limited number of callback functions, without need for low level file system programming. Use of Callback File System allows your developer to implement all new FRCP provisions in the shortest amount of time. The main arguments for use of Callback File System to increase eDiscovery compliance of a computer infrastructure are the following:
To summarize: with the help of Callback File System your developers will be able to adapt an existing information system to recent FRCP requirements quickly and without significant system downtime.
- Presentation of any data as files and folders improves preparedness for an eDiscovery event. Good document organization and their availability makes an investigation possible, and reduces the time law-enforcement officers need to find necessary documents, regardless of their format or location. You can arrange your documents by simulating virtual folders within month-day-year, thematic, or any other hierarchy.
- To facilitate eDiscovery procedure, the data comprising e-mails and instant messages must be made easily accessible to investigators. Functionality of Callback File System permits presentation of this unstructured content as regular files, thus making search through them as easy as an ordinary Windows search. The distributed nature of Callback Files Systems makes possible single-run searches of data spread across several platforms and storages.
- Callback File System allows presentation of data in any format stored either locally or remotely: in database records, on mobile devices, in Internet storage, spread over several data storages, or elsewhere.
- Use of Callback File System allows assignment of the data access privileges scheme, which makes possible setting restriction on read and write operations, or, to protect data from tampering, by giving read-only access.
System in planing
Needless to say, all newly developed enterprise infrastructures dealing with electronically stored information must be designed eDiscovery compliant from the beginning. One of the good ways to deeply integrate FRCP requirements into a system being planned is th use of Solid File System (SolFS). This software component makes possible creation of huge encrypted distributed data storages with support of metadata, tags, timestamping, access rules, strong encryption, etc. The benefit of SolFS-based storages can be briefly outlined as following:
eDiscovery compliance of an enterprise can be significantly improved through implementation of efficient document storage, retrieval, indexing, and content search strategies. The efficient way to adopt an existing system is use of Callback File System developed by EldoS Corporation. On the stage of system design planning, it is natural to consider use of Solid File System Driver Edition by EldoS Corporation as a native data storage platform.
- Excellent document organization is certainly a benefit of a SolFS-storage. Regardless of a place where these documents are stored, the enterprise can be sure that they are not prone to loss, tempering/spoliation, inadvertent or intentional destruction.
- Built-in cryptographic protection of SolFS excludes unauthorized data access. The most efficient moder cryptographic algorithms may be used to not only encrypt/decrypt data, but also to timestamp them and allow integrity checks.
- Self-integrity checks is another extremely useful functionality of SolFS-based storages. Even if a media where the storage is located becomes physically damaged and unreadable through negligence or evidence spoilage effort, it will not result in loss of the whole storage. The damaged part can be reconstructed from the previous version of the storage. This effectively excludes situations similar to one that resulted in defendant's loss in Zabulake v. UBS Warburg case.
- To make access to your storage as regular files and folders from any application, you may utilize SolFS Driver Edition. It makes possible development of monitoring tools watching the changes made to files inside a SolFS storage and exporting them in any convenient format for eDiscovery investigation.
- Providing a whole integral storage to the investigators for on-site or off-site search is faster and cheaper than dealing with myriads of separate files, folders, database records, e-mails, instant messages and scattered other the whole system.
Eugene Mayevski takes a post of Chief Technical Officer in EldoS Corporation (www.eldos.com), the company that specializes in development of security and low-level system components for software developers.
Article Source: http://www.ArticleBiz.com