SlideShare a Scribd company logo

What IT Needs to Consider for Legal Hold

Download as PPTX, PDF
D
David D. Maxwell, MIT Security, CISM, CISA, CISSP

Legal hold considerations for IT involve preserving electronically stored information (ESI) related to custodians placed on legal hold. Key areas for IT to address include: establishing notification procedures when a legal hold is initiated, maintaining an accurate list of custodians and matters, securely storing collected assets in an auditable manner, ensuring email preservation, training help desk and support staff on legal hold processes, and properly disposing of or reusing media from terminated custodians. The goal is to partner with legal to understand their needs while implementing controls to reliably preserve relevant ESI during litigation.

1 of 16
What IT Needs to Consider for Legal Hold What Auditors Should Look For David Maxwell David@DavidDMaxwell.com
Legal Hold Considerations for IT • This presentation is based on my experiences in dealing with IT Legal Holds and Legal Matters. • This does not reflected any advice from my current employer. These are my opinions. • Review the considerations with your Legal team for agreement. • I am not an attorney.
Legal Hold Considerations for IT - Why • The FRCP in 2006 was updated to include "electronically stored information” Commonly referred to as ESI. • Legal matters are one of the largest unknown expenses to a business. However, there are few controls to ensure data for legal matters. • What IT needs to know about Legal: – Legal does not know IT – Legal often work in silos not always interested with other matters of the legal department – IT must work to understand what Legal needs – Legal advises they need everything relevant
Legal Hold Considerations for IT – EDRM www.edrm.net
Legal Hold Considerations for IT - Data • Two types of data: Structured and Unstructured. – Structured: Systems, ERP, CRM, structure systems usually have databases and a defined information structure. – Unstructured: User systems (laptops desktop), user file share, dept file share – This presentation is related to unstructured data. • Key considerations of data preserved: Data, Metadata, especially dates- creation, modified, last accessed • Recommend discussing with Legal to ensure they have an understanding that IT cannot control actions of user on legal hold. If the user decides to purge data, IT cannot ensure that their data is preserved. This applies to data users have control over, such as local computers, file shares and devices. The custodians on hold are expected to apply due diligence to ensure data is preserved. • My approach: Preserve data associated with custodians as a whole and do not try to cull or search data. That is a separate process and should be left to eDiscovery professionals and their tools to analyze and testify how it was found. • Collection approach: Active data vs Forensic data
Legal Hold Considerations for IT - Notification • Legal hold notification to CIO, Directors or VPs of IT. – Legal usually has one process of legal notification and that is a legal hold. However, many notified should not be put on hold but need awareness. – CIO sends email to key staff stating we have a legal hold with these people. Staff really does not know what to do. I recommend identifying a coordinator role, legal IT liaison. A coordinator to ensure custodian lists, procedures and Data is being preserved. • Recommendation: Establish a CIO owned mail group (better if legal owned) that contains all “need to know” IT people of new legal hold. Have legal send the notification to the mail group. May be best if other departments (such as HR) have this as well. • The rest of the presentation will provide areas consideration for it to ensure preservation of data. • Control: IT shall define process for notification of a legal hold to key IT personnel. • Risk: Preservation may not occur if notification does not happen.
Legal Hold Considerations for IT – Custodian List • Create a List of custodians (people) on hold. IT really needs 2 list. – List one to use in IT process to identify custodians – List two to manage overall custodians and matters • Do not use any PII data, like SSN# • List 1: First Name, Last name, employee number • List 2: First Name, Last name, employee number, date placed on hold, date removed from hold, termination date, matter 1, matter 2 It may be possible that Legal maintain, however with silo structure of most legal groups they may not be centralized. • Control: IT shall create and maintain a readily available list of active custodians for legal matters. Periodic reviews shall occur with legal to ensure accuracy of the list. • Risk: IT does identify users that need to have their data preserved for legal holds
Legal Hold Considerations for IT – Custodian List • List 1 • List 2 First Name Last Name Employee # David Maxwell 123456 First Last EMP # Date On Date Off Term Date #2014- 12 Matter 2 Matter 3 David Maxwell 123456 1/15/15 3/15/15
Legal Hold Considerations for IT – Secure Storage Area • Secured IT storage location for storing assets related to legal matters. • Need processes if encryption is used on assets. • Needs a complete Inventory managed of what is stored. I prefer to have this outside of IT control, if possible. Chain of custody (example at ASDFED.com) needs to be applied to each asset. Assets stored may be on more than one legal hold. Over time, this will happen. • If Legal feels comfortable, you may be able to image to a secured share. Control: Assets collected for legal hold shall be securely stored, inventoried and managed. Risk: Collected assets for legal hold are not secured and maintained for collection.
Legal Hold Considerations for IT – Email • Almost always the #1 area of interest. Users have a tendency to horde information and email is the main area they think they need to keep everything. Email is a communication tool. People send emails not just create and store, therefore the receiver should have the email as well. • Legal Hold server Configuration: Understand if your mail system has ability to apply legal hold. Exchange 2010 and later have this capability. If available, make sure you have documented process in place to insure that custodians have the legal configuration applied. Cloud solution should be reviewed to ensure that preservation capabilities are available. O365 does have this as well. • Backups: Always asked about by opposing counsel. If you have no other way to preserve email, then backups may be your only solution. If images are used vs backups dumps of users may need to be implemented. • PST’s: Generally stored on the local computer, get those when drive is collected • MSG: Don’t forget user can drag email out of Outlook to other storage areas like their desktop.
Legal Hold Considerations for IT – Email • Recommendation: – #1 Document how email is stored and used in your environment. Have it readily available to share with attorneys. This should be a living document that identifies upgrades and changes to the system as well how users use email and how backups are done and accessed. – #2 review backup schedule for reasonable retention time frames. – #3 Consider adding retention to user email however for legal hold users retention should be suspended. Control: IT shall have documented process for preserving email for legal hold custodians Risk: Email may not be preserved for Legal Hold custodians.
Legal Hold Considerations for IT – User Support • Help desk needs to be aware of legal hold and have processes that ensure the protection of data. If virus, equipment failure, and other problems occur the help desk must be aware of preservation before solving the issue. Many help desk fixes are solved by reimage however, procedures need to be followed to ensure metadata is managed appropriately and not altered. • Upgrades area often a different team/group they should also reference the list and have procedures that ensure custodian data is not altered. • This is when the first list is used. They just need to know names or employee number. Some ticketing systems are beginning to include fields that stoplight legal custodians. Control: IT shall have documented process for identifying legal hold custodians and process for handling their data so that data is not changed or altered. Risk: Collected assets for legal hold are not secured and maintained for collection.
Legal Hold Considerations for IT – Terminations • Custodians will leave. IT will need to make sure the system of a termed user is collected and preserved. • This process should be part of the off boarding process. – HR should participate /awareness of the process • Consider the need for the manager to retrieve business related information – Define a process for managers to request information within a period of time – Process can define a longer period of time to keep the drives for senior management – Tech’s need processes to ensure data is not altered , may need use write blockers Control: Termed legal hold custodians shall have their data preserved. Risk: Legal hold data is not maintained for custodians.
Legal Hold Considerations for IT – Disposal /Reuse of media • Hard Drives Drives and media must have a process for reuse or disposal. The challenge is that many drives are held for disposal for a period of time. Often waiting for enough drives to dispose or periodic times of the year. In the event a new legal hold may come into play it is best to label and inventory drives waiting to be processed. • Inventory drives as they are added to the destroy/reuse list and when they are actually destroyed. At both times reference the custodian legal hold list (list 1) to ensure preservation is not needed. • This becomes very important when tracking down a former employee data. The inventory records of destruction can show when the data was destroyed or reimaged. Control: Assets defined for destruction shall be inventoried, logged and checked if on legal hold prior to destruction. Risk: Collected assets for destruction may become on legal hold prior to actual destruction of reuse.
Legal Hold Considerations for IT – Closing thoughts There are many more challenges: • Automatic process and scripts should be reviewed and suspended such as auto deletion of share drives until collection of preservation can occur. • Transfers of employees to different departments/countries. • Share drives, SharePoint, social media should be considered. • Confidential nature of litigations, no need for IT to know details • IT needs to have (regular) training and understanding of Legal Holds. They need to know what are expectations, what to do with data and who to contact if unsure about what to do with data. • Many times it helps if Legal understands the cost and the burden it takes to preserve. Identifying costs may make it easier for Legal to settle. • If you have periodic recommendation of purging to be compliant with retention schedules consider including Legal hold verbiage to over ride the iactivity.
Legal Hold Considerations for IT Questions?

Recommended

Managing Electronic Records Within A Federal Government Workplace
Managing Electronic Records Within A Federal Government WorkplaceManaging Electronic Records Within A Federal Government Workplace
Managing Electronic Records Within A Federal Government Workplace
Ken Matthews
 
Managing Electronic Records Within A Federal Government Workplace
Managing Electronic Records Within A Federal Government WorkplaceManaging Electronic Records Within A Federal Government Workplace
Managing Electronic Records Within A Federal Government Workplace
guest9269676
 
2.5 safety and security of data in ict systems 13 12-11
2.5 safety and security of data in ict systems 13 12-112.5 safety and security of data in ict systems 13 12-11
2.5 safety and security of data in ict systems 13 12-11
mrmwood
 
Secuntialesse
SecuntialesseSecuntialesse
Secuntialesse
Anne Starr
 
Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1
misecho
 
Mis
MisMis
Mis
misecho
 
Electronic recordkeeping
Electronic recordkeepingElectronic recordkeeping
Electronic recordkeeping
Expoco
 
Why records management is important
Why records management is importantWhy records management is important
Why records management is important
OMWOMA JACKSON
 

Recommended

Managing Electronic Records Within A Federal Government Workplace
Managing Electronic Records Within A Federal Government WorkplaceManaging Electronic Records Within A Federal Government Workplace
Managing Electronic Records Within A Federal Government Workplace
Ken Matthews
 
Managing Electronic Records Within A Federal Government Workplace
Managing Electronic Records Within A Federal Government WorkplaceManaging Electronic Records Within A Federal Government Workplace
Managing Electronic Records Within A Federal Government Workplace
guest9269676
 
2.5 safety and security of data in ict systems 13 12-11
2.5 safety and security of data in ict systems 13 12-112.5 safety and security of data in ict systems 13 12-11
2.5 safety and security of data in ict systems 13 12-11
mrmwood
 
Secuntialesse
SecuntialesseSecuntialesse
Secuntialesse
Anne Starr
 
Chapter 10, part 1
Chapter 10, part 1Chapter 10, part 1
Chapter 10, part 1
misecho
 
Mis
MisMis
Mis
misecho
 
Electronic recordkeeping
Electronic recordkeepingElectronic recordkeeping
Electronic recordkeeping
Expoco
 
Why records management is important
Why records management is importantWhy records management is important
Why records management is important
OMWOMA JACKSON
 
Mis
MisMis
Mis
misecho
 
LVA Electronic Records Management
LVA Electronic Records ManagementLVA Electronic Records Management
LVA Electronic Records Management
Paul Neal
 
CISSP-WEB
CISSP-WEBCISSP-WEB
CISSP-WEB
MEHMET FATIH YALDIZ
 
Electronic Records Management An Overview
Electronic Records Management An OverviewElectronic Records Management An Overview
Electronic Records Management An Overview
Ken Matthews
 
What Is Records Management
What Is Records ManagementWhat Is Records Management
What Is Records Management
Steve Williams
 
What is Electronic Records Management?
What is Electronic Records Management?What is Electronic Records Management?
What is Electronic Records Management?
Atle Skjekkeland
 
Domain 2 - Asset Security
Domain 2 - Asset SecurityDomain 2 - Asset Security
Domain 2 - Asset Security
Maganathin Veeraragaloo
 
Record Management
Record ManagementRecord Management
Record Management
Maarten BOONEN
 
Going Digital - Paper to Electronic Record Management(ERM) System
Going Digital - Paper to Electronic Record Management(ERM) SystemGoing Digital - Paper to Electronic Record Management(ERM) System
Going Digital - Paper to Electronic Record Management(ERM) System
Multidots Solutions Pvt Ltd
 
Understanding records management print and electronic
Understanding records management print and electronicUnderstanding records management print and electronic
Understanding records management print and electronic
Fe Angela Verzosa
 
Chapter 13
Chapter 13Chapter 13
Chapter 13
Kristin Harrison
 
CISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset SecurityCISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset Security
Sam Bowne
 
rm, 10e ch02 copy
rm, 10e ch02 copyrm, 10e ch02 copy
rm, 10e ch02 copy
Kristin Harrison
 
CISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityCISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset Security
Karthikeyan Dhayalan
 
Chapter 11
Chapter 11Chapter 11
Chapter 11
Kristin Harrison
 
RecordsManagement_FINAL
RecordsManagement_FINALRecordsManagement_FINAL
RecordsManagement_FINAL
guest66dc5f
 
How-to: 18 Ways to Secure Your Electronic Documents
How-to: 18 Ways to Secure Your Electronic DocumentsHow-to: 18 Ways to Secure Your Electronic Documents
How-to: 18 Ways to Secure Your Electronic Documents
BMDS3416
 
File And Records Management
File And Records ManagementFile And Records Management
File And Records Management
Oregon Law Practice Management
 
Record Keeping
Record KeepingRecord Keeping
Record Keeping
Urban League of Greater Atlanta
 
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and PoliciesCISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
Sam Bowne
 
Ryan Ali resume
Ryan Ali resumeRyan Ali resume
Ryan Ali resume
Ryan Ali
 
Ppt bab iii
Ppt bab iiiPpt bab iii
Ppt bab iii
Maghfiroh Firoh
 

More Related Content

What's hot

Mis
MisMis
Mis
misecho
 
LVA Electronic Records Management
LVA Electronic Records ManagementLVA Electronic Records Management
LVA Electronic Records Management
Paul Neal
 
CISSP-WEB
CISSP-WEBCISSP-WEB
CISSP-WEB
MEHMET FATIH YALDIZ
 
Electronic Records Management An Overview
Electronic Records Management An OverviewElectronic Records Management An Overview
Electronic Records Management An Overview
Ken Matthews
 
What Is Records Management
What Is Records ManagementWhat Is Records Management
What Is Records Management
Steve Williams
 
What is Electronic Records Management?
What is Electronic Records Management?What is Electronic Records Management?
What is Electronic Records Management?
Atle Skjekkeland
 
Domain 2 - Asset Security
Domain 2 - Asset SecurityDomain 2 - Asset Security
Domain 2 - Asset Security
Maganathin Veeraragaloo
 
Record Management
Record ManagementRecord Management
Record Management
Maarten BOONEN
 
Going Digital - Paper to Electronic Record Management(ERM) System
Going Digital - Paper to Electronic Record Management(ERM) SystemGoing Digital - Paper to Electronic Record Management(ERM) System
Going Digital - Paper to Electronic Record Management(ERM) System
Multidots Solutions Pvt Ltd
 
Understanding records management print and electronic
Understanding records management print and electronicUnderstanding records management print and electronic
Understanding records management print and electronic
Fe Angela Verzosa
 
Chapter 13
Chapter 13Chapter 13
Chapter 13
Kristin Harrison
 
CISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset SecurityCISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset Security
Sam Bowne
 
rm, 10e ch02 copy
rm, 10e ch02 copyrm, 10e ch02 copy
rm, 10e ch02 copy
Kristin Harrison
 
CISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityCISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset Security
Karthikeyan Dhayalan
 
Chapter 11
Chapter 11Chapter 11
Chapter 11
Kristin Harrison
 
RecordsManagement_FINAL
RecordsManagement_FINALRecordsManagement_FINAL
RecordsManagement_FINAL
guest66dc5f
 
How-to: 18 Ways to Secure Your Electronic Documents
How-to: 18 Ways to Secure Your Electronic DocumentsHow-to: 18 Ways to Secure Your Electronic Documents
How-to: 18 Ways to Secure Your Electronic Documents
BMDS3416
 
File And Records Management
File And Records ManagementFile And Records Management
File And Records Management
Oregon Law Practice Management
 
Record Keeping
Record KeepingRecord Keeping
Record Keeping
Urban League of Greater Atlanta
 
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and PoliciesCISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
Sam Bowne
 

What's hot (20)

Mis
MisMis
Mis
 
LVA Electronic Records Management
LVA Electronic Records ManagementLVA Electronic Records Management
LVA Electronic Records Management
 
CISSP-WEB
CISSP-WEBCISSP-WEB
CISSP-WEB
 
Electronic Records Management An Overview
Electronic Records Management An OverviewElectronic Records Management An Overview
Electronic Records Management An Overview
 
What Is Records Management
What Is Records ManagementWhat Is Records Management
What Is Records Management
 
What is Electronic Records Management?
What is Electronic Records Management?What is Electronic Records Management?
What is Electronic Records Management?
 
Domain 2 - Asset Security
Domain 2 - Asset SecurityDomain 2 - Asset Security
Domain 2 - Asset Security
 
Record Management
Record ManagementRecord Management
Record Management
 
Going Digital - Paper to Electronic Record Management(ERM) System
Going Digital - Paper to Electronic Record Management(ERM) SystemGoing Digital - Paper to Electronic Record Management(ERM) System
Going Digital - Paper to Electronic Record Management(ERM) System
 
Understanding records management print and electronic
Understanding records management print and electronicUnderstanding records management print and electronic
Understanding records management print and electronic
 
Chapter 13
Chapter 13Chapter 13
Chapter 13
 
CISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset SecurityCISSP Prep: Ch 3. Asset Security
CISSP Prep: Ch 3. Asset Security
 
rm, 10e ch02 copy
rm, 10e ch02 copyrm, 10e ch02 copy
rm, 10e ch02 copy
 
CISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset SecurityCISSP - Chapter 2 - Asset Security
CISSP - Chapter 2 - Asset Security
 
Chapter 11
Chapter 11Chapter 11
Chapter 11
 
RecordsManagement_FINAL
RecordsManagement_FINALRecordsManagement_FINAL
RecordsManagement_FINAL
 
How-to: 18 Ways to Secure Your Electronic Documents
How-to: 18 Ways to Secure Your Electronic DocumentsHow-to: 18 Ways to Secure Your Electronic Documents
How-to: 18 Ways to Secure Your Electronic Documents
 
File And Records Management
File And Records ManagementFile And Records Management
File And Records Management
 
Record Keeping
Record KeepingRecord Keeping
Record Keeping
 
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and PoliciesCISSP Prep: Ch 1: Security Governance Through Principles and Policies
CISSP Prep: Ch 1: Security Governance Through Principles and Policies
 

Viewers also liked

Ryan Ali resume
Ryan Ali resumeRyan Ali resume
Ryan Ali resume
Ryan Ali
 
Ppt bab iii
Ppt bab iiiPpt bab iii
Ppt bab iii
Maghfiroh Firoh
 
Paq estad757uptp losadministradoresuptp
Paq estad757uptp losadministradoresuptpPaq estad757uptp losadministradoresuptp
Paq estad757uptp losadministradoresuptp
marypalacio77
 
Repository local
Repository localRepository local
Repository local
Aldi Ardiansyah
 
Juanesteban ramirez 1
Juanesteban ramirez 1Juanesteban ramirez 1
Juanesteban ramirez 1
ospina2905
 
Бюджет городского округа Судак на 2015 год
Бюджет городского округа Судак на 2015 годБюджет городского округа Судак на 2015 год
Бюджет городского округа Судак на 2015 год
Алексей Рогожин
 
Aula biotecnologia e bioetica
Aula biotecnologia e bioeticaAula biotecnologia e bioetica
Aula biotecnologia e bioetica
Ronaldo Santana
 
4 infatec05
4 infatec054 infatec05
4 infatec05
JESUSDAVIDCARDONA
 
4 engaart10
4 engaart104 engaart10
4 engaart10
Jesús David Cardona
 

Viewers also liked (10)

Ryan Ali resume
Ryan Ali resumeRyan Ali resume
Ryan Ali resume
 
Ppt bab iii
Ppt bab iiiPpt bab iii
Ppt bab iii
 
DOC197
DOC197DOC197
DOC197
 
Paq estad757uptp losadministradoresuptp
Paq estad757uptp losadministradoresuptpPaq estad757uptp losadministradoresuptp
Paq estad757uptp losadministradoresuptp
 
Repository local
Repository localRepository local
Repository local
 
Juanesteban ramirez 1
Juanesteban ramirez 1Juanesteban ramirez 1
Juanesteban ramirez 1
 
Бюджет городского округа Судак на 2015 год
Бюджет городского округа Судак на 2015 годБюджет городского округа Судак на 2015 год
Бюджет городского округа Судак на 2015 год
 
Aula biotecnologia e bioetica
Aula biotecnologia e bioeticaAula biotecnologia e bioetica
Aula biotecnologia e bioetica
 
4 infatec05
4 infatec054 infatec05
4 infatec05
 
4 engaart10
4 engaart104 engaart10
4 engaart10
 

Similar to What IT Needs to Consider for Legal Hold

gkknwqeq3232,sqSecurity essentials domain 3
gkknwqeq3232,sqSecurity essentials domain 3gkknwqeq3232,sqSecurity essentials domain 3
gkknwqeq3232,sqSecurity essentials domain 3
Anne Starr
 
E Discovery Risks for Risk Managers
E Discovery Risks for Risk ManagersE Discovery Risks for Risk Managers
E Discovery Risks for Risk Managers
Fred Travis
 
Cybertopicsecurity_3
Cybertopicsecurity_3Cybertopicsecurity_3
Cybertopicsecurity_3
Anne Starr
 
CERN 5 Things you should know about Data Protection
CERN 5 Things you should know about Data ProtectionCERN 5 Things you should know about Data Protection
CERN 5 Things you should know about Data Protection
EUDAT
 
Explain the IAR document and how it should be filled__YASHODA Hospital.pptx
Explain the IAR document and how it should be filled__YASHODA Hospital.pptxExplain the IAR document and how it should be filled__YASHODA Hospital.pptx
Explain the IAR document and how it should be filled__YASHODA Hospital.pptx
Undersam
 
HNBA Boston - eDiscovery
HNBA Boston - eDiscoveryHNBA Boston - eDiscovery
HNBA Boston - eDiscovery
Abel Cruz
 
BoyarMiller – What Every Attorney Needs to Know Regarding Document Retention,...
BoyarMiller – What Every Attorney Needs to Know Regarding Document Retention,...BoyarMiller – What Every Attorney Needs to Know Regarding Document Retention,...
BoyarMiller – What Every Attorney Needs to Know Regarding Document Retention,...
BoyarMiller
 
Implementing Asset Management System with ISO 55001
Implementing Asset Management System with ISO 55001Implementing Asset Management System with ISO 55001
Implementing Asset Management System with ISO 55001
PECB
 
What Every Attorney Needs to Know
What Every Attorney Needs to KnowWhat Every Attorney Needs to Know
What Every Attorney Needs to Know
BoyarMiller
 
NARCA Presentation - IT Best Practice
NARCA Presentation - IT Best PracticeNARCA Presentation - IT Best Practice
NARCA Presentation - IT Best Practice
Brenda Majewski
 
Overview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxOverview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptx
JoshJaro
 
records management workshop updated 20141112.pptx
records management workshop updated 20141112.pptxrecords management workshop updated 20141112.pptx
records management workshop updated 20141112.pptx
Ermiyas33
 
insider threat research
insider threat researchinsider threat research
insider threat research
Asma Al-maskaria
 
An introduction to data protection - Edinburgh
An introduction to data protection - EdinburghAn introduction to data protection - Edinburgh
An introduction to data protection - Edinburgh
Rachel Aldighieri
 
Introduction to data protection
Introduction to data protectionIntroduction to data protection
Introduction to data protection
Rachel Aldighieri
 
What to expect from your IT People
What to expect from your IT PeopleWhat to expect from your IT People
What to expect from your IT People
Jason Caras
 
Employee Turnover And Computer Forensic Analysis Best Practices
Employee Turnover And Computer Forensic Analysis Best PracticesEmployee Turnover And Computer Forensic Analysis Best Practices
Employee Turnover And Computer Forensic Analysis Best Practices
scardecourcier
 
CONTROL AND AUDIT
CONTROL AND AUDITCONTROL AND AUDIT
CONTROL AND AUDIT
Ros Dina
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1
Asad Zaman
 
What Are you Waiting For? Remediate your File Shares and Govern your Informat...
What Are you Waiting For? Remediate your File Shares and Govern your Informat...What Are you Waiting For? Remediate your File Shares and Govern your Informat...
What Are you Waiting For? Remediate your File Shares and Govern your Informat...
Everteam
 

Similar to What IT Needs to Consider for Legal Hold (20)

gkknwqeq3232,sqSecurity essentials domain 3
gkknwqeq3232,sqSecurity essentials domain 3gkknwqeq3232,sqSecurity essentials domain 3
gkknwqeq3232,sqSecurity essentials domain 3
 
E Discovery Risks for Risk Managers
E Discovery Risks for Risk ManagersE Discovery Risks for Risk Managers
E Discovery Risks for Risk Managers
 
Cybertopicsecurity_3
Cybertopicsecurity_3Cybertopicsecurity_3
Cybertopicsecurity_3
 
CERN 5 Things you should know about Data Protection
CERN 5 Things you should know about Data ProtectionCERN 5 Things you should know about Data Protection
CERN 5 Things you should know about Data Protection
 
Explain the IAR document and how it should be filled__YASHODA Hospital.pptx
Explain the IAR document and how it should be filled__YASHODA Hospital.pptxExplain the IAR document and how it should be filled__YASHODA Hospital.pptx
Explain the IAR document and how it should be filled__YASHODA Hospital.pptx
 
HNBA Boston - eDiscovery
HNBA Boston - eDiscoveryHNBA Boston - eDiscovery
HNBA Boston - eDiscovery
 
BoyarMiller – What Every Attorney Needs to Know Regarding Document Retention,...
BoyarMiller – What Every Attorney Needs to Know Regarding Document Retention,...BoyarMiller – What Every Attorney Needs to Know Regarding Document Retention,...
BoyarMiller – What Every Attorney Needs to Know Regarding Document Retention,...
 
Implementing Asset Management System with ISO 55001
Implementing Asset Management System with ISO 55001Implementing Asset Management System with ISO 55001
Implementing Asset Management System with ISO 55001
 
What Every Attorney Needs to Know
What Every Attorney Needs to KnowWhat Every Attorney Needs to Know
What Every Attorney Needs to Know
 
NARCA Presentation - IT Best Practice
NARCA Presentation - IT Best PracticeNARCA Presentation - IT Best Practice
NARCA Presentation - IT Best Practice
 
Overview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxOverview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptx
 
records management workshop updated 20141112.pptx
records management workshop updated 20141112.pptxrecords management workshop updated 20141112.pptx
records management workshop updated 20141112.pptx
 
insider threat research
insider threat researchinsider threat research
insider threat research
 
An introduction to data protection - Edinburgh
An introduction to data protection - EdinburghAn introduction to data protection - Edinburgh
An introduction to data protection - Edinburgh
 
Introduction to data protection
Introduction to data protectionIntroduction to data protection
Introduction to data protection
 
What to expect from your IT People
What to expect from your IT PeopleWhat to expect from your IT People
What to expect from your IT People
 
Employee Turnover And Computer Forensic Analysis Best Practices
Employee Turnover And Computer Forensic Analysis Best PracticesEmployee Turnover And Computer Forensic Analysis Best Practices
Employee Turnover And Computer Forensic Analysis Best Practices
 
CONTROL AND AUDIT
CONTROL AND AUDITCONTROL AND AUDIT
CONTROL AND AUDIT
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1
 
What Are you Waiting For? Remediate your File Shares and Govern your Informat...
What Are you Waiting For? Remediate your File Shares and Govern your Informat...What Are you Waiting For? Remediate your File Shares and Govern your Informat...
What Are you Waiting For? Remediate your File Shares and Govern your Informat...
 

What IT Needs to Consider for Legal Hold

  • 1. What IT Needs to Consider for Legal Hold What Auditors Should Look For David Maxwell David@DavidDMaxwell.com
  • 2. Legal Hold Considerations for IT • This presentation is based on my experiences in dealing with IT Legal Holds and Legal Matters. • This does not reflected any advice from my current employer. These are my opinions. • Review the considerations with your Legal team for agreement. • I am not an attorney.
  • 3. Legal Hold Considerations for IT - Why • The FRCP in 2006 was updated to include "electronically stored information” Commonly referred to as ESI. • Legal matters are one of the largest unknown expenses to a business. However, there are few controls to ensure data for legal matters. • What IT needs to know about Legal: – Legal does not know IT – Legal often work in silos not always interested with other matters of the legal department – IT must work to understand what Legal needs – Legal advises they need everything relevant
  • 4. Legal Hold Considerations for IT – EDRM www.edrm.net
  • 5. Legal Hold Considerations for IT - Data • Two types of data: Structured and Unstructured. – Structured: Systems, ERP, CRM, structure systems usually have databases and a defined information structure. – Unstructured: User systems (laptops desktop), user file share, dept file share – This presentation is related to unstructured data. • Key considerations of data preserved: Data, Metadata, especially dates- creation, modified, last accessed • Recommend discussing with Legal to ensure they have an understanding that IT cannot control actions of user on legal hold. If the user decides to purge data, IT cannot ensure that their data is preserved. This applies to data users have control over, such as local computers, file shares and devices. The custodians on hold are expected to apply due diligence to ensure data is preserved. • My approach: Preserve data associated with custodians as a whole and do not try to cull or search data. That is a separate process and should be left to eDiscovery professionals and their tools to analyze and testify how it was found. • Collection approach: Active data vs Forensic data
  • 6. Legal Hold Considerations for IT - Notification • Legal hold notification to CIO, Directors or VPs of IT. – Legal usually has one process of legal notification and that is a legal hold. However, many notified should not be put on hold but need awareness. – CIO sends email to key staff stating we have a legal hold with these people. Staff really does not know what to do. I recommend identifying a coordinator role, legal IT liaison. A coordinator to ensure custodian lists, procedures and Data is being preserved. • Recommendation: Establish a CIO owned mail group (better if legal owned) that contains all “need to know” IT people of new legal hold. Have legal send the notification to the mail group. May be best if other departments (such as HR) have this as well. • The rest of the presentation will provide areas consideration for it to ensure preservation of data. • Control: IT shall define process for notification of a legal hold to key IT personnel. • Risk: Preservation may not occur if notification does not happen.
  • 7. Legal Hold Considerations for IT – Custodian List • Create a List of custodians (people) on hold. IT really needs 2 list. – List one to use in IT process to identify custodians – List two to manage overall custodians and matters • Do not use any PII data, like SSN# • List 1: First Name, Last name, employee number • List 2: First Name, Last name, employee number, date placed on hold, date removed from hold, termination date, matter 1, matter 2 It may be possible that Legal maintain, however with silo structure of most legal groups they may not be centralized. • Control: IT shall create and maintain a readily available list of active custodians for legal matters. Periodic reviews shall occur with legal to ensure accuracy of the list. • Risk: IT does identify users that need to have their data preserved for legal holds
  • 8. Legal Hold Considerations for IT – Custodian List • List 1 • List 2 First Name Last Name Employee # David Maxwell 123456 First Last EMP # Date On Date Off Term Date #2014- 12 Matter 2 Matter 3 David Maxwell 123456 1/15/15 3/15/15
  • 9. Legal Hold Considerations for IT – Secure Storage Area • Secured IT storage location for storing assets related to legal matters. • Need processes if encryption is used on assets. • Needs a complete Inventory managed of what is stored. I prefer to have this outside of IT control, if possible. Chain of custody (example at ASDFED.com) needs to be applied to each asset. Assets stored may be on more than one legal hold. Over time, this will happen. • If Legal feels comfortable, you may be able to image to a secured share. Control: Assets collected for legal hold shall be securely stored, inventoried and managed. Risk: Collected assets for legal hold are not secured and maintained for collection.
  • 10. Legal Hold Considerations for IT – Email • Almost always the #1 area of interest. Users have a tendency to horde information and email is the main area they think they need to keep everything. Email is a communication tool. People send emails not just create and store, therefore the receiver should have the email as well. • Legal Hold server Configuration: Understand if your mail system has ability to apply legal hold. Exchange 2010 and later have this capability. If available, make sure you have documented process in place to insure that custodians have the legal configuration applied. Cloud solution should be reviewed to ensure that preservation capabilities are available. O365 does have this as well. • Backups: Always asked about by opposing counsel. If you have no other way to preserve email, then backups may be your only solution. If images are used vs backups dumps of users may need to be implemented. • PST’s: Generally stored on the local computer, get those when drive is collected • MSG: Don’t forget user can drag email out of Outlook to other storage areas like their desktop.
  • 11. Legal Hold Considerations for IT – Email • Recommendation: – #1 Document how email is stored and used in your environment. Have it readily available to share with attorneys. This should be a living document that identifies upgrades and changes to the system as well how users use email and how backups are done and accessed. – #2 review backup schedule for reasonable retention time frames. – #3 Consider adding retention to user email however for legal hold users retention should be suspended. Control: IT shall have documented process for preserving email for legal hold custodians Risk: Email may not be preserved for Legal Hold custodians.
  • 12. Legal Hold Considerations for IT – User Support • Help desk needs to be aware of legal hold and have processes that ensure the protection of data. If virus, equipment failure, and other problems occur the help desk must be aware of preservation before solving the issue. Many help desk fixes are solved by reimage however, procedures need to be followed to ensure metadata is managed appropriately and not altered. • Upgrades area often a different team/group they should also reference the list and have procedures that ensure custodian data is not altered. • This is when the first list is used. They just need to know names or employee number. Some ticketing systems are beginning to include fields that stoplight legal custodians. Control: IT shall have documented process for identifying legal hold custodians and process for handling their data so that data is not changed or altered. Risk: Collected assets for legal hold are not secured and maintained for collection.
  • 13. Legal Hold Considerations for IT – Terminations • Custodians will leave. IT will need to make sure the system of a termed user is collected and preserved. • This process should be part of the off boarding process. – HR should participate /awareness of the process • Consider the need for the manager to retrieve business related information – Define a process for managers to request information within a period of time – Process can define a longer period of time to keep the drives for senior management – Tech’s need processes to ensure data is not altered , may need use write blockers Control: Termed legal hold custodians shall have their data preserved. Risk: Legal hold data is not maintained for custodians.
  • 14. Legal Hold Considerations for IT – Disposal /Reuse of media • Hard Drives Drives and media must have a process for reuse or disposal. The challenge is that many drives are held for disposal for a period of time. Often waiting for enough drives to dispose or periodic times of the year. In the event a new legal hold may come into play it is best to label and inventory drives waiting to be processed. • Inventory drives as they are added to the destroy/reuse list and when they are actually destroyed. At both times reference the custodian legal hold list (list 1) to ensure preservation is not needed. • This becomes very important when tracking down a former employee data. The inventory records of destruction can show when the data was destroyed or reimaged. Control: Assets defined for destruction shall be inventoried, logged and checked if on legal hold prior to destruction. Risk: Collected assets for destruction may become on legal hold prior to actual destruction of reuse.
  • 15. Legal Hold Considerations for IT – Closing thoughts There are many more challenges: • Automatic process and scripts should be reviewed and suspended such as auto deletion of share drives until collection of preservation can occur. • Transfers of employees to different departments/countries. • Share drives, SharePoint, social media should be considered. • Confidential nature of litigations, no need for IT to know details • IT needs to have (regular) training and understanding of Legal Holds. They need to know what are expectations, what to do with data and who to contact if unsure about what to do with data. • Many times it helps if Legal understands the cost and the burden it takes to preserve. Identifying costs may make it easier for Legal to settle. • If you have periodic recommendation of purging to be compliant with retention schedules consider including Legal hold verbiage to over ride the iactivity.
  • 16. Legal Hold Considerations for IT Questions?