Access to e-mails, text messages andother ESI – policy issues fororganizationsDan MichalukApril 16, 2003
Outline•   Control over and access to information -    ideal, reality and solution•   Policy issues for organizations     ...
Ideal – physical separation by purpose             Mine                         YoursAccess to e-mails, text messages and ...
Reality – intermingling and unclear purpose•   Personal use of work systems puts personal    information side-by-side work...
Solution – Use policy to achieve the ideal•   Revert to a no personal use rule•   Enforce a business tools for business ru...
Solution – Use law/policy to gain control•   Your personal use does not preclude our access•   We have the following right...
Policy issue #1 – Employee privacy•   You’re on for an employer in a harassment case. The    applicant has claimed $100,00...
Policy issue #1 – Employee privacy•   Q: I’m not Charter bound, does Cole matter?•   A: Yes     •   REP engages Charter se...
Policy issue #1 – Employee privacy•   Q: Is the REP finding distinguishable?•   A: Not really     •   No indication a bett...
Policy issue #1 – Employee privacy•   Policy implications of Cole     •   The Court says…          •   …the expectation is...
Policy issue #1 – Employee privacy•   Policy implications of Cole     •   The Court says…          •   …the expectation is...
Policy issue #1 – Employee privacy•   Practically, what tactics can we use to overcome    this barrier to access?Access to...
Policy issue #2 – BYOD•   Pharma One has numerous sources of potentially    relevant electronic information due to the    ...
Policy issue #2 – BYOD•   BYOD done right means     •   Achieving control through technology     •   Achieving control thr...
Policy issue #2 – BYOD•   Thoughts on policy     •   Highlighting the mutual exchange of benefits may         help enforce...
Policy issue #3 – Social media•   This should not be an e-discovery (access and    control) problem for business•   Good s...
Policy issue #3 – Social media•   Good social media governance is about    separating business use from personal use     •...
Policy issue #3 – Social media•   Typically, if you control the password you control    the information. But…     •   Secu...
Policy issue #3 – Social media•   Where we likely stand on plaintiffs claiming injury     •   Photos of physical activity ...
Policy issue #4 – The cloud•   A threat to timely access to reliable information     •   Providers default to low cost and...
Policy issue #4 – The cloud•   The solution is simple (in theory)     •   Outsourcing process: requirements         defini...
Policy issue #4 – The cloud•   The solution is simple (in theory)     •   Understand the system and the data it generates ...
Policy issue #4 – The cloud•   Key questions     •   In what jurisdiction(s) will the data reside?     •   How is the data...
Policy issue #4 – The cloud•   Key questions (con’t)     •   Will your employees give evidence to establish chain         ...
Access to e-mails, text messages andother ESI – policy issues fororganizationsDan MichalukApril 16, 2003
Upcoming SlideShare
Loading in...5
×

Osgoode pdp e discovery certificate slides

1,014

Published on

Presentation on control of corporate information in light of recent challenges delivered in an e-discovery certificate program.

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,014
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Osgoode pdp e discovery certificate slides

  1. 1. Access to e-mails, text messages andother ESI – policy issues fororganizationsDan MichalukApril 16, 2003
  2. 2. Outline• Control over and access to information - ideal, reality and solution• Policy issues for organizations • Employee privacy • Bring your own device (BYOD) • Social media • Cloud computingAccess to e-mails, text messages and other ESI
  3. 3. Ideal – physical separation by purpose Mine YoursAccess to e-mails, text messages and other ESI
  4. 4. Reality – intermingling and unclear purpose• Personal use of work systems puts personal information side-by-side work information• BYOD puts work information on personal devices• Corporate use of social media may put business information on multiple accounts in multiple forms• Cloud computing puts your work system on a computer with others’ work systemsAccess to e-mails, text messages and other ESI
  5. 5. Solution – Use policy to achieve the ideal• Revert to a no personal use rule• Enforce a business tools for business rule• Restrict social media communications and archive everything• Own all computers running business applicationsAccess to e-mails, text messages and other ESI
  6. 6. Solution – Use law/policy to gain control• Your personal use does not preclude our access• We have the following rights over your device• (Simply may not be possible for information generated through social media applications)• Our service provider contracts must meet requirements that ensure we control our business informationAccess to e-mails, text messages and other ESI
  7. 7. Policy issue #1 – Employee privacy• You’re on for an employer in a harassment case. The applicant has claimed $100,000, but you assess the employer’s worst case exposure at about $25,000 to $30,000. The applicant has pleaded that senior management, including the CEO, was complicit in the harassment. You ask your client contact to advise the CEO that you’ll need a copy of the CEO’s e-mail container file to do a proper review. “Huh, she says?” “Um, what if I write you a letter?” you respond.Access to e-mails, text messages and other ESI
  8. 8. Policy issue #1 – Employee privacy• Q: I’m not Charter bound, does Cole matter?• A: Yes • REP engages Charter search protection • Also a prerequisite to arbitral protection • Also a prerequisite to tort productionAccess to e-mails, text messages and other ESI
  9. 9. Policy issue #1 – Employee privacy• Q: Is the REP finding distinguishable?• A: Not really • No indication a better policy framework would have made a difference • No mention of pictures of Cole’s wife or any unique personal information • An REP likely won’t prevail over an effective prohibition on personal use – “reasonably expected”Access to e-mails, text messages and other ESI
  10. 10. Policy issue #1 – Employee privacy• Policy implications of Cole • The Court says… • …the expectation is low • … it’s based on one factor alone – personal use • … employee choice weighs against the expectation*** • This invites transparency as the prevailing policy • Management should be able to reserve rights by putting employees on notice • The alternative is to recognize a right to employer-paid confidential computing services (not plausible)Access to e-mails, text messages and other ESI
  11. 11. Policy issue #1 – Employee privacy• Policy implications of Cole • The Court says… • …the expectation is low • … it’s based on one factor alone – personal use • … employee choice weighs against the expectation*** • This invites transparency as the prevailing policy • Management should be able to reserve rights by putting employees on notice • The alternative is to recognize a right to employer-paid confidential computing services (not plausible)Access to e-mails, text messages and other ESI
  12. 12. Policy issue #1 – Employee privacy• Practically, what tactics can we use to overcome this barrier to access?Access to e-mails, text messages and other ESI
  13. 13. Policy issue #2 – BYOD• Pharma One has numerous sources of potentially relevant electronic information due to the corporate policy of allowing employees to utilize their own smartphones and other PDA devices for work. There is no formal “Bring Your Own Device” policy in place.Access to e-mails, text messages and other ESI
  14. 14. Policy issue #2 – BYOD• BYOD done right means • Achieving control through technology • Achieving control through policy • Via these means of control • Knowing what work information resides on the device • Knowing what work information resides only on the device • Knowing how this information resides on the device (to address security and access)Access to e-mails, text messages and other ESI
  15. 15. Policy issue #2 – BYOD• Thoughts on policy • Highlighting the mutual exchange of benefits may help enforceability • Deal with security and access • Create access scenarios to develop language • Be very transparent about needs that will likely lead to conflictAccess to e-mails, text messages and other ESI
  16. 16. Policy issue #3 – Social media• This should not be an e-discovery (access and control) problem for business• Good social media governance is about separating business use from personal use• Good social media governance is about controlling business social media accountsAccess to e-mails, text messages and other ESI
  17. 17. Policy issue #3 – Social media• Good social media governance is about separating business use from personal use • You don’t speak for us unless we give you permission • If you’re not a communication pro, you’ll need to apply for a license based on a project description • Oh yes, include a disclaimer if there’s any risk someone will think you’re speaking for usAccess to e-mails, text messages and other ESI
  18. 18. Policy issue #3 – Social media• Typically, if you control the password you control the information. But… • Security vulnerability because many social media applications don’t allow for administrator privileges • Retention rules may change • Special means of extraction may change • Presentation of information may changeAccess to e-mails, text messages and other ESI
  19. 19. Policy issue #3 – Social media• Where we likely stand on plaintiffs claiming injury • Photos of physical activity will often be producible • Production of photos of joy and happiness may often be resisted successfully • Counsel should focus on what data objects in a social profile are producible, not the profile itself • Comments associated with relevant photos and videos should arguably be producedAccess to e-mails, text messages and other ESI
  20. 20. Policy issue #4 – The cloud• A threat to timely access to reliable information • Providers default to low cost and not service • Investigations and e-discovery are afterthoughts • Specialized forensic data capture services are rare • Logs and other forensic data can be intermingled • Proprietary software can make interpretation hard • Access restrictions create a chain of custody issue • Laws of other jurisdictions may be restrictiveAccess to e-mails, text messages and other ESI
  21. 21. Policy issue #4 – The cloud• The solution is simple (in theory) • Outsourcing process: requirements definition, vendor selection, contracting and due diligence • Legal and security should insert themselves into every step of the process • Legal and security should be prepared to compromise because the cloud is the cloud and physical control is supremeAccess to e-mails, text messages and other ESI
  22. 22. Policy issue #4 – The cloud• The solution is simple (in theory) • Understand the system and the data it generates • Create investigation/e-discovery scenarios • Develop requirements • Prioritize requirements • Discuss requirements • Ensure requirements can be metAccess to e-mails, text messages and other ESI
  23. 23. Policy issue #4 – The cloud• Key questions • In what jurisdiction(s) will the data reside? • How is the data stored at application and system levels? • Can our data be extracted independently from others’ data? What does extraction mean? • What forensic data do we want? Will you make it available to us? How?Access to e-mails, text messages and other ESI
  24. 24. Policy issue #4 – The cloud• Key questions (con’t) • Will your employees give evidence to establish chain of custody? • How fast can you make all this happen? • How much will all this cost?Access to e-mails, text messages and other ESI
  25. 25. Access to e-mails, text messages andother ESI – policy issues fororganizationsDan MichalukApril 16, 2003
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×