DEFENSIBLY DOWNSIZING YOUR DATA: WHERE … DOWNSIZING YOUR DATA: WHERE TO START WITH RECORDS...

DEFENSIBLY DOWNSIZING YOUR DATA:

WHERE TO START WITH RECORDS

RETENTION AND DEFENSIBLE DELETION

August 12 & 13, 2015

Robert FowlerJordan Lawrence

CIPP/US

Director of Professional

Services

2

Sean Rahilly Chief Compliance Officer

Senior Legal Counsel

Enova International

8-12-15

Therese King NohosDeVry Education Group

8-13-15

Partner, Chair eDiscovery, Data

& Document Management

Practice Group

Ann GraysonBarnes & Thornburg LLP

CONFIDENTIAL © 2015 Barnes & Thornburg LLP. All Rights Reserved. This page, and all information on it, is confidential, proprietary and the property of Barnes & Thornburg LLP, which may not be disseminated or disclosed to any person or

entity other than the intended recipient(s), and may not be reproduced, in any form, without the express written consent of the author or presenter. The information on this page is intended for informational purposes only and shall not be

construed as legal advice or a legal opinion of Barnes & Thornburg LLP.

BIGGEST ISSUES FACING IN-HOUSE

COUNSEL

3

WHY IS INFORMATION GOVERNANCE

IMPORTANT?

• Data Breach

• Costs

– Litigation Costs

– Data Volume

• Technology

• Officer/Director Exposure

• Business Performance Improvements

• Compliance with State and Federal Regulations

• Risk Mitigation

– Preservation – In re Actos; In re Praxada; In re Ethicon

– Litigation/Investigation

4CONFIDENTIAL © 2015 Barnes & Thornburg LLP. All Rights Reserved. This page, and all information on it, is confidential, proprietary and the property of Barnes & Thornburg LLP, which may not be disseminated or disclosed to any person or





construed as legal advice or a legal opinion of Barnes & Thornburg LLP.5

Sony Hack Exposed Personal Data ofHollywood StarsBreach Includes Social Security Numbers for 47,000 Employees and

Actors, Including Sylvester Stallone, Judd Apatow and Rebel Wilson

The hack at Sony Pictures Entertainment

revealed far more personal information than

previously believed, including the Social Security

numbers of more than 47,000 current and former

employees along with Hollywood celebrities like

Sylvester Stallone.

An analysis of 33,000 Sony documents by data-

security firm Identity Finder LLC found personal

data, including salaries and home address,

posted online for people who stopped working at

Stony Pictures as far back as 2000 and one who

started in 1955.




LITIGATION COSTS

6

UNCONTROLLED DATA GROWTH

• Data doubles every 18-

24 months

• Proliferation of text and

IM use

• Record duplication

within organization

• Storage Costs

• Discovery costs

repeated with each

new case/investigation

7




TECHNOLOGY

8

REAL WORLD EXAMPLES

9




HOW TO ADDRESS THESE CONCERNS?

ENTER INFORMATION GOVERNANCE!

• Information governance (IG) is “an

organization’s coordinated inter-

disciplinary approach to satisfying

information compliance requirements

and managing information risks while

optimizing information value.”1

1 See THE SEDONA CONFERENCE, THE SEDONA CONFERENCE COMMENTARY ON INFORMATION GOVERNANCE 5 (Conor R. Crowley ed., 2013).







INFORMAL IG DEFINITION

• Policies and Protocols that help you get and keep your company’s house in order

-May Include:• Data Map

• Document Retention/Legal Hold/Defensible Destruction

• Mobile Device Policy

• Social Media/Acceptable Use

• Data Security/Data Privacy

• Policy Enforcement

• Regular Check-Ups

11

DEFENSIBLE DOWNSIZING

• It’s a key part of an overall Information

Governance Program

• Why should it be on your Radar?




Where Do We Start?

13

ABC Company’s Retention Schedule

14

THE CORNERSTONE

PROCESSES

WHAT

WHERE RETENTION

SENSITIVITYRecords Inventory

15

Accident/Incident Records

Advertising Records

Benefit Records

Budget Records

Contracts & Agreements

Coupon Records

Credit Approvals

Customer Information

Customer Orders

Employee Medical Files

Gift Card Functions

Payment Records

Sales Receipts

WHAT DO YOU HAVE?

16

1010100011

1001010011

0 1 1 0 1 0 0

1 0 0 1 0 1 1

0 1 0 0 1 1 0

1 0 0 1 1 0 1

1 0 0

0 1 0 0 1

WHERE IS IT?

17

BUSINESS NEEDS

DOL

FSMA

GLB

HIPAA

OSHA

PCI

SEC

State Privacy Laws

Corporate Sensitive

PII

Customer Data

Intellectual Property

Bio Metric

Patient Health Info.

Personal Financial

Sensitive EU

REQUIREMENTSSENSITIVITY

WHAT ARE THE REQUIREMENTS?

18

ACTIONABLE RETENTION SCHEDULE

24

DISABILITY RECORDS | 6 YEARS

DELETION STRATEGY FOR EMAIL

INBOX = 180 DAYS

SENT ITEMS = 180 DAYS

DELETED ITEMS = 2 DAYS

NON-ESSENTIAL COMMUNICATION

18 MONTH RETENTION

(ALL DEPARTMENTS)BUSINESS NEED COMMUNICATIONS

6 YEAR RETENTION | HR

7 YEAR RETENTION | LEGALDEPARTMENTAL EXCEPTIONS

7 YEAR RETENTION | TAX

25

What Makes Deletion

Defensible?

26

Show Your Work

27

Records Retention Policy

Require regular policy attestation

BUILD YOUR AUDIT TRAIL

28




Legal Holds

29




WHEN IS PRESERVATION REQUIRED?

• Whenever litigation is reasonably anticipated, threatened or pending against an organization, that organization has a duty to undertake reasonable and good faith actions to preserve relevant and discoverable information. This duty arises at the point in time when litigation is reasonably anticipated. - See Fujitsu Ltd. v. Federal Express Corp., 247 F.3d

423, 436 (2d Cir. 2001).

30

TRIGGER EXAMPLES

• Settlement demand enclosing proposed complaint - Salvatore v. Pingel, 2009 U.S. Dist. LEXIS 37905

(D.Col. 2009)

• Pre-filing communications between litigants- Goodman v. Praxair Servs., 632 F.Supp. 494

(D.Md. 2009)

• Demand Letter - Id.

• Series of cases in the industry- Adams & Assocs. v. Dell, Inc., et al., 621 F.Supp.2d

1173 (N.D. UT 2009)







WHAT MUST BE PRESERVED?

• Reasonably Accessible Electronically Stored Information- Email; Departmental Shared Drives; SharePoints; etc.

• Not Reasonably Accessible Electronically Stored Information - Committee Note: “Identification of electronically

stored information as not reasonably accessible does not relieve the party of its duties to preserve … which depends on the circumstances of each case.”

• Bottom Line: Act reasonably and in good faith

32




HOW TO PRESERVE? THE HOLD NOTICE

- Be in writing with clear instructions

- Encompass all company personnel who

may possess potentially relevant

information (including key IT personnel)

- Include “active” collection from “key

players”

- Encompass all possible sources of

potentially relevant information (may

include archives, back up tapes, former

employee data)

To be effective, a hold must:

33

HOW TO PRESERVE? THE HOLD NOTICE

To be effective, a hold must:

-Require affirmative responses from all

relevant personnel

-Be monitored

- Include procedures for periodic

reissuance

Zubulake IV, 220 F.R.D. 212 (S.D. N.Y. 2003).

-Be followed

-Be released34







CONCLUSION

35

Robert FowlerJordan Lawrence

636-821-2281

[email protected]

CIPP/US

Director of Professional

Services

36

Sean Rahilly Chief Compliance Officer

Senior Legal Counsel

Enova International

Therese King NohosDeVry Education Group

Partner, Chair eDiscovery, Data

& Document Management

Practice Group

Ann GraysonBarnes & Thornburg LLP

317-231-7202

[email protected]

DEFENSIBLY DOWNSIZING YOUR DATA: WHERE … DOWNSIZING YOUR DATA: WHERE TO START WITH RECORDS...

Documents

Transcript of DEFENSIBLY DOWNSIZING YOUR DATA: WHERE … DOWNSIZING YOUR DATA: WHERE TO START WITH RECORDS...