Data Loss Prevention Strategy

Transparency as Compliance with Data Security Regulation

How are data holders to comply with the riot of data security laws?  These laws include breach notification laws, which require that individuals and/or government be notified when the security of private data has been compromised.  Perfect compliance is impossible.

Almost all the states have adopted breach notice laws – though they are not uniform – and legislatures are expanding the scope of the laws.  

The original law from California (effective six years ago) focused on identity information – name plus social security number, driver’s license number or financial account number.  Then the California legislature expanded its law to also include breaches of medical data. That expansion became effective January 1, 2009.  Result?  In the first five months of 2009, California authorities were notified of a whopping 823 healthcare data breaches, . . .

Surveillance Technology Changes Law Enforcement

Municipal Government Referendum on Digital Video and Photography

FOIA as Data-mining by Citizens

Computers change how police investigations work.  Take a traffic citation, for example. In the past, for a police officer to issue a traffic ticket, the officer had to be present at the scene and had to talk to the motorist face-to-face.  At an emotional level – as well as an administrative one -- the police officer was deterred from issuing tickets for minor, technical violations of traffic laws.  

For example, if an officer observed a motorist not quite clear an intersection before the traffic light turned red, the officer might think twice before chasing the motorist down and issuing a citation.  To pursue the motorist takes time away from other duties.  Then, the motorist may argue the officer’s observation was wrong.  Further, the motorist may confront the officer as a human.  The motorist may say by words, body language or the expression on his face, “you are a jerk for issuing me this frivolous ticket.” Police officers don’t like being told (even politely and subtly) that they are jerks.

Digital technology changes this legal proceeding.  A red light camera at an intersection . . .

EDD Analytics and Interpretation Tools

Advanced ESI Culling, Clustering and Concept Review

E-discovery search and analysis engines are proliferating.  Enhanced keyword search methods (such as fuzzy search that looks for forensic gems like misspelled keywords) are coming to recognize more nuances.  Other analytical technologies are emerging as well, and they are influencing the outcomes of audits, lawsuits and internal investigations.

Take the Lehman Brothers bankruptcy, which oversees 3.2 billion e-mail and instant message records. To glean value from this ocean of records, investigators and auditors need more than just conventional keyword search.  New methods include visual mapping . . .

Email Archives Disprove Fake Message

Electronic Evidence | Forensics and Authentication in Police Investigation

For responsible parties like corporations and government agencies, a reason to retain all their e-mail, text and instant message records is to refute forgeries of e-records.  Thorough email archives provide forensic evidence to invalidate bogus claims.

Just ask Australia’s prime minister, Kevin Rudd.  His political opponents tried to embarrass him with an electronic mail record purportedly from his senior advisor Andrew Charlton.  The e-mail appeared to show corruption; it appeared to show Rudd’s government conferring a business advantage to Rudd’s friend John Grant.

But fortunately for the government, it retained its own e-mail records for the time in question.  An investigation revealed that the scandalous e-mail was a forgery!  

The investigation proceeded in two steps. . . .

Does World Wide Web Publication Constitute Legal Notice to the World?

Financial Derivatives Yield Unexpected Incentives and Outcomes

Hedge Fund Public Disclaimer of Liability and Responsibility?

The World Wide Web is changing contract and commercial law practices.  As a global medium for broadcasting terms, notices, conditions, and disclaimers, the web empowers business innovators preemptively to warn their trading partners of risk and to disclaim responsibility to prospective counterparties.  Business innovators might therefore use the web to reduce their legal risk.

This blog post presents an advanced idea.  To explain it will require space, so please hang with me as I lay out my argument.  First I will explain how forward-thinking traders like hedge funds can be exposed to new legal liability.  Then I will explain a method for containing that exposure, a method that could apply to more than just hedge funds and financial markets. . . .

Restoration of Electronic Mail from Backup Tapes

E-mail Database Search and Forensics

As litigation and other requests for e-mail from backup tapes grow more frequent, an enterprise may be wise to restore, consolidate and archive all of its old e-mail held in backup.

Historically organizations did not think of e-mail as an asset worthy of preservation. They did not archive it, though copies would end up in network backup.  

But experience has taught that e-mail can be critical to defense of a lawsuit or enforcement of a contract. Alternatively its disclosure might be required under a subpoena, a court order or a freedom of information act request (FOIA).  Further, e-mail might be needed in an investigation (led internally or by outside criminal prosecutors) of a bribe, a kickback, an overcharge or a embezzlement of money; . . .    

Transparency Meets IT Compliance

Telemedicine Licensure and Data Security

Technology perennially introduces problems for compliance with law and regulation.  But often technology can help alleviate those problems by fostering transparency and accountability.

Take for instance telemedicine, a promising family of technologies for making healthcare more affordable and accessible. Telemedicine allows, for example, a geographically remote physician to examine and treat a patient. It can do wonders for a patient in a rural clinic who needs attention from a specialist in a distant city.  But telemedicine raises medical license issues for a physician in, say, Illinois who is treating a patient in Wyoming.  If the Illinois specialist must become licensed in each state where her patients happen to be at the time she delivers care, then . . .

Financial E-mails Lost

Printing of Electronic Mail as Federal Government Record Retention?

The Bureau of Indian Affairs (US Department of the Interior) suffered embarrassment in court for the deletion of financial e-mails by former Assistant Secretary – Indian Affairs, Neal McCaleb. The e-mails contained important information about money the bureau was collecting and holding in trust for Indian tribes. McCaleb deleted the e-mails because his IT department allocated him too little hard disk space. Under department policy, he was expected to print important e-mails onto paper before he deleted them, but because of confusion about who was supposed to do the printing, no one actually performed the tediuous and unwanted task.  

Officials like Mr. McCaleb don't naturally embrace clerical duties like printing of e-mails.

The case demonstrates . . .

FOIA Meets ESI (Electronically Stored Information)

Freedom of Information Act Requests Yield E-Troves of Documents

FOIA forces transparency in government, and transparency in turn forces revolution in the administration of public institutions – both national and local.

A FOIA requires government to disclose records to citizens upon request. Remarkably, the quantity of available records relevant to any given request is skyrocketing as government agents adopt digital technology – databases, electronic mail, instant messaging, text messaging, Twitter, collaboration software and more – to execute the details of day-to-day government. The implications for democracy are profound.  So are the governance implications for enterprises of all descriptions.

Item One: Britain is in uproar over the expenses of Parliament members. The row started when a journalist used the UK’s new FOIA to request records about M.P. requests for reimbursement of living expenses. By age-old practice, the government covered M.P.s for the living costs associated with their official duties, but the specifics have always been hidden from public view. Reluctantly . . . resistantly . . .

Criminal Investigation for Destroying “Non-record” E-mails?

Storage and Search Costs for Electronic Mail Archival

More Retention of Public Administrator E-mail?

Conventional records and information management (RIM) advice holds that each e-mail in an enterprise must be evaluated one-by-one.  Presumably, this evaluation must be performed by an employee because software isn’t up to the task.  If the employee deems the e-mail is a “record,” then (according to RIM) the employee should categorize it and place it in storage designated for that category.  If the employee does not deem it to be a “record,” it should soon be destroyed.

This advice is not working in practice.  A GAO study of senior federal government administrators found that many are not following the advice.  The nonconformists are just keeping all their e-mail – in good part because they believe that is the easiest way to avoid breaking law that requires the retention of records.  

But the nonconformist administrators are keeping the records in e-mail systems (like Groupwise or Microsoft Exchange) that are not designed for long-term storage.  

Conventional advice says these nonconformists either must work harder on sorting through their e-mail (spend more tedious hours in the office), or must . . .