Denny Russell gave a presentation on creating effective compliance and e-discovery policies. He discussed what compliance is, the types of policies organizations need, best practices for policy enforcement, and challenges organizations may face. He also covered e-discovery requirements and how tools in Domino like journaling and archiving can help organizations manage electronic records and comply with retention policies and legal obligations.

1. MWLUG Conference 2009 IBM Center Chicago, IL August 27-28, 2009 Empowering the Lotus Community

2. Creating Effective Compliance and E-Discovery Policies – Best Practices and Procedures Denny Russell is a Technical Support Specialist for the Domino products at Sherpa Software. He is a contributor to Sherpa’s Domino Blog, Administrator for the Lotus Notes/Domino environment (including Domino 8x, Sametime, Quicker and Blackberry Enterprise Server for Notes) and webmaster for Sherpa's corporate website. Session: In this session, we will discuss the challenges of developing, implementing and enforcing a corporate retention policy that balances storage demands and those of your Legal and Compliance Teams. Learn about the Do’s and Don’ts of policy design as well as discover potential stumbling blocks and how to address exceptions. Examine how regulatory requirements and e-discovery requests could impact your policy and what to expect on the event of litigation. Lastly, determine if you have the right tools in place to support your policy initiatives and find out what additional tools can help.

3. Agenda Introduction Compliance: What is it? Policies & What You Need to Know E-Discovery & What You Need to Know What's Available in Domino What to look for in a Solution Questions

4. Compliance: What is it? Laws, regulations and policies that drive your business and the way you handle your data. Space Needs vs. Legal/Industry Regulations Corporate Governance Federal Regulations Legal Restrictions Agenda Compliance: What is it?

5. Compliance: What is it? Corporate Governance Storage Practices Internal Procedures Agenda Compliance: What is it? Corporate Governance

6. Compliance: What is it? Federal Regulations Sarbanes-Oxley Act (SOX) Health Insurance Portability and Accountability Act (HIPAA) Gramm-Leach-Bliley Act (GLBA) FDA Agenda Compliance: What is it? Corporate Governance Federal Regulations

7. Compliance: What is it? Legal Restrictions Federal Rules of Civil Procedure (FRCP) Litigation Holds Agenda Compliance: What is it? Corporate Governance Federal Regulations Legal Restrictions

8. Compliance: What is it?

9. Policies Hiring/Termination Procedures Acceptable Use Policies Email Retention Periods Instant Messaging Policies Preservation Policies Electronic Discovery Procedures Agenda Compliance: What is it? Corporate Governance Federal Regulations Legal Restrictions Policies Types of policies

10. Policy Enforcement: Best Practices Clearly define the purpose for the policy Gather support from Legal, Management and IT Establish practical rules for effective conduct of business Find a solution that fits your infrastructure and budget Handle exceptions, e.g. Litigation Holds Enforceable, Auditable Agenda Compliance: What is it? Corporate Governance Federal Regulations Legal Restrictions Policies Types of policies Best Practices

11. What to Include in your Policies Without a policy in place, legal liability increases The length of time documents are kept before they can be destroyed Email, Files, IM, Hard Copies, etc. Where will data be stored? What format will the data be in? Who will have access and what can they do with the data? Will there be exceptions to data or employees that are part of it? Agenda Compliance: What is it? Corporate Governance Federal Regulations Legal Restrictions Policies Types of policies Best Practices What to Include

12. Policy Enforcement Challenges Competing interests (corporate retention policy vs. individual and business needs) Requirements vs. Resources Buy-in & adherence from relevant personnel ‘ Smoking Gun’ Emails Discovery Requirements ‘ Reduce risk while meeting a business need’ Lack of well defined rules No ‘one size fits all’ policy Agenda Compliance: What is it? Corporate Governance Federal Regulations Legal Restrictions Policies Types of policies Best Practices What to Include Enforcement Challenges

13. Resources for Building a Policy http:// www.epolicyinstitute.com / http:// www.soxlaw.com / http:// www.hhs.gov/ocr/privacy/index.html http://www.law.cornell.edu/rules/frcp/ http://www.sherpasoftware.com/blogs/SherpaBlog.nsf/ http://www.aiim.com Agenda Compliance: What is it? Corporate Governance Federal Regulations Legal Restrictions Policies Types of policies Best Practices What to Include Enforcement Challenges Resources

14. E-Discovery and What you Need to Know The process of collecting data when you become involved in legal issues. Placing documents/Users on Legal Hold How will you get the data? Where will you find the data? Who will be included? Agenda Compliance: What is it? Corporate Governance Federal Regulations Legal Restrictions Policies Types of policies Best Practices What to Include Enforcement Challenges Resources E-Discovery

15. E-Discovery: Common Risks Common risks organizations face with electronic data: Not retaining information that should be retained Retaining data that has outlived its usefulness Not having a defensible process for data management Inability to discover and retrieve relevant information, when requested Agenda Compliance: What is it? Corporate Governance Federal Regulations Legal Restrictions Policies Types of policies Best Practices What to Include Enforcement Challenges Resources E-Discovery Common Risks

16. E-Discovery: Relevant Questions Questions compliance officers should be asking their IT departments: Where is corporate data (corporate documents, emails, contracts, etc) being stored - network shares, databases, local desktops, in PST files, etc.? Does the IT department have the ability to reach all of this data and search it? Can we retrieve unadulterated copies of this data? Is there a process to maintain chain of custody? Can we enforce a legal hold and prevent the purging of relevant data, if necessary? If we have policies, how are they being implemented? Is the enforcement process validated? Agenda Compliance: What is it? Corporate Governance Federal Regulations Legal Restrictions Policies Types of policies Best Practices What to Include Enforcement Challenges Resources E-Discovery Common Risks Relevant Questions

17. EDRM Model Know which process effect you How you will meet those steps Agenda Compliance: What is it? Corporate Governance Federal Regulations Legal Restrictions Policies Types of policies Best Practices What to Include Enforcement Challenges Resources E-Discovery Common Risks Relevant Questions EDRM Model

18. What's Available in Domino Agenda Compliance: What is it? Corporate Governance Federal Regulations Legal Restrictions Policies Types of policies Best Practices What to Include Enforcement Challenges Resources E-Discovery Common Risks Relevant Questions EDRM Model Available in Domino Domino provides many tools to help you with this process. Journaling Archiving Searching

19. Domino Journaling Journaling Capture sent and received messages Process based on: Content within the subject or body fields Recipients or senders Roll-over based on age or size Agenda Compliance: What is it? Corporate Governance Federal Regulations Legal Restrictions Policies Types of policies Best Practices What to Include Enforcement Challenges Resources E-Discovery Common Risks Relevant Questions EDRM Model Available in Domino Journaling

20. Domino Archiving Archiving Policies allow you to control Server or Local Archiving Local Archives are a legal/E-Discovery nightmare Agenda Compliance: What is it? Corporate Governance Federal Regulations Legal Restrictions Policies Types of policies Best Practices What to Include Enforcement Challenges Resources E-Discovery Common Risks Relevant Questions EDRM Model Available in Domino Journaling Archiving

21. Domino Searching Individual mail files would need to be searched manually. Agenda Compliance: What is it? Corporate Governance Federal Regulations Legal Restrictions Policies Types of policies Best Practices What to Include Enforcement Challenges Resources E-Discovery Common Risks Relevant Questions EDRM Model Available in Domino Journaling Archiving Searching

22. What to Look for in a Solution Flexibility Configuration Exclusions/Legal Hold Friendly to End-Users Ease of use for the users Searchable – Can they easily find their data Friendly to E-Discovery Needs Agenda Compliance: What is it? Corporate Governance Federal Regulations Legal Restrictions Policies Types of policies Best Practices What to Include Enforcement Challenges Resources E-Discovery Common Risks Relevant Questions EDRM Model Available in Domino Journaling Archiving What to Look for

23. Q & A Agenda Compliance: What is it? Corporate Governance Federal Regulations Legal Restrictions Policies Types of policies Best Practices What to Include Enforcement Challenges Resources E-Discovery Common Risks Relevant Questions EDRM Model Available in Domino Journaling Archiving What to Look for Questions Contact Info Questions

24. Contact Information Denny Russell [email_address] http://www.sherpasoftware.com/ blogs/SherpaBlog.nsf / Twitter: http:// www.twitter .com/DennyRussell LinkedIn: http:// www.linkedin.com/in/dennyrussell Agenda Compliance: What is it? Corporate Governance Federal Regulations Legal Restrictions Policies Types of policies Best Practices What to Include Enforcement Challenges Resources E-Discovery Common Risks Relevant Questions EDRM Model Available in Domino Journaling Archiving What to Look for Questions Contact Info