The right of attorney-client privilege remains one of the most revered privileges that the American judicial system bestows upon clients as it enables any person to communicate open and honestly with his/her attorney. Now this right is under scrutiny as keeping communications between a defendant and his/her attorney has become difficult to achieve due to the increased role that email plays as a form of primary communication medium between them.

The attorney-client privilege is an important part of any court case but as email has grown in importance, so has the probability that the attorney-client privilege can be compromised. Therefore it behooves companies to understand what role their corporate networks play in preserving and/or undermining this privilege. It also important to understand how best to protect the company when faced with an eDiscovery involving employees and any email correspondence that occurs between them and their attorney while at work.

This is highlighted by two recent court cases that lay out several key rulings regarding privilege and corporate email systems. There are specific differences in these two cases but both share one aspect in common: employee use of a company computer while at work.

First, a case that was closely watched in the past is Stengart v. Loving Care Agency. In this case the New Jersey Superior Court ruled that because an employee used her company computer to access her web-based Yahoo email account, she waived her right to attorney-client privilege. In this particular case, the employee emailed her attorney during business hours about bringing hostile work environment claims against the employer but did so while still at work and in the employ of the company.

The court ruled that the employee waived privilege by using the company's laptop on company time and referenced the company's handbook that prohibited the use of the company's email system for "solicitation or outside business ventures." This ruling showed when a company has an email policy in place they could claim that the employee did not have attorney-client privilege since the employee was using the corporate network to send and receive emails.

However it does not end there. On appeal the appellate court reversed this decision and ruled that in fact the emails were privileged, and ordered all emails deleted. The court also ordered a hearing for appropriate sanctions and was specific in citing that "an employer's rules and policies must be reasonable to be enforced" and must "concern the terms of employment."

The court continued by explaining that although the employer's policy provided that email was part of the employer's business records and was "not to be considered private or personal to any individual employee," employees were permitted under the policy to make "occasional personal use" of the employer computers. This provided a reasonable expectation of privacy regarding the occasional personal use, especially regarding communications between an attorney and their client.

Alamar Ranch LLC, v. City of Boise. In this case the employee is again using a work computer for communication with his/her attorney but in this circumstance the employee used the employee's work email address. To establish attorney-client privilege and if it was waived in this case, the court turned to a four factor test:

1. Is there a company policy banning personal use of email?
2. Does the company monitor the use of its email?
3. Does the company have access to all emails?
4. Did the company notify the employee about these policies?

In this case the company's policies and procedures stated, "All emails become company property, they will be monitored, stored, accessed and disclosed by the employer, and should not be assumed to be confidential."

Therefore the court ruled that the emails were not confidential and stated it was "...unreasonable for any employee in this technological age--and particularly an employee receiving the notice Kirkpatrick received--to believe that her emails, sent directly from her company's email address over its computers, would not be stored by the company and made available for retrieval."

There are two distinct differences between these two cases and why the courts found as they did. First, in the case of Stengart, the company's computers and network were used but not its email system. As highlighted by point #3 in the four factor test, the company's email domain was not the primary email system used. Instead it was the client's 3^rd party Yahoo webmail address that was accessed and used to communicate with her attorney.

Also in the Stengart case, the company allowed periodic personal use of the corporate network which invalidated its claim that it banned the personal use of email since email could be accessed via the web. These are important distinctions and one that companies must understand.

The four factor test to establish attorney-client privilege coupled with the Alamar Ranch and Stengart rulings provides some valuable insight into how companies can respect client-attorney privileges while still protecting themselves. Email archiving and management technologies such as Estorian's LookingGlass allows companies to meet both the letter and spirit of the law of attorney-client privilege such as it applies to e-mail.

Organizations across the United States have steadily felt the sting of legal action involving eDisocovery as they are quickly discovering that it is no easy feat to comply with mandates such as the Federal Rules of Civil Procedur (FRCP). This is resulting in mounting sanctions and a steadily decreasing patience in courts towards eDiscovery mistakes. However state and local government agencies were conspicuously absent from this steady stream of eDiscovery rulings.

It is not entirely surprising that governmental agencies have a history of writing rules that apply only to the private sector while conveniently exempting themselves from these rules. Government agencies have historically had an entitlement mentality as it pertains to compliance by writing rules that everybody else has to follow while they grant themselves a "Get out of Jail Free" card. But as it pertains to eDiscovery this is no longer the case.

Government's responsibility to comply with eDiscovery requests started in earnest when it was ruled that the SEC would have to comply with FRCP like any other litigant. DCIG blogged about this ruling earlier this year and highlighted the fact that this would change the way federal, state and local government viewed eDiscovery.

Since this ruling was handed down, I have continued to look for examples that show that government agencies are increasingly held to the same standards as private businesses when it comes to matters pertaining to the FRCP. Now a steady stream of cases involving state and local government agencies has been in the headlines in regards to complying with eDiscovery rulings.

The first was Mirbeau Geneva Lake v. City of Lake Geneva. In this case the defendant sought production of all "computers and electronic storage devices" for forensic examination. The Judge ruled the parties should have open and candid discussions regarding completion of discovery of electronically stored information (ESI). The Judge also stated that if destruction of relevant evidence occurred the court is willing to impose sanctions including terminating sanctions.

Next is Peschel v. City of Missoula. This case arose from a claim that the defendant was wrongly arrested and that the arresting officers used excessive force. Sanctions were sought due to the city's failure to preserve the video of the arrest that was recorded by a camera located in the officer's car. The Judge found the lost video was the result of recklessness and granted sanctions, and ruled that for the purposes of the case, it could be assumed the arresting officers used unreasonable force to affect the arrest.

Another case is Lake v. Phoenix. The Supreme Court of Arizona overturned a lower court ruling and affirmed that "if a public entity maintains a public record in an electronic format, then the electronic version including any embedded metadata is subject to disclosure under public record laws.

The bad news for local and state governments keeps coming with the case of Swofford v. Eslinger. This case against the Seminole County Sheriff's Office ended with the Judge ruling "Defendant's blatant disregard of their obligation to preserve electronic information" as evidenced by their deletion of emails despite receipt of plaintiffs' request for preservation, the court imposed sanctions allowing the jury to infer that the deleted emails contained detrimental information in this case. An award of fees and attorney fees was also granted.

So in the span of a month there were several costly rulings against state and local government that will no doubt be damaging to the reputation and budgets of these agencies.

Further, government entities cannot longer rely on rising mill levies and increased sales tax revenues to bail them out of shortfalls in funding caused by electronic evidence spoilation through reckless actions, or non-existent eDiscovery processes.

State and local government agencies must learn from the lessons of the private sector and understand that without technologies such as Estorian's LookingGlass and putting in place processes that enable them to respond to eDiscovery mandates such as Legal Hold, they are doomed to make the same mistakes that private companies have made and been penalized for making over the years.

It is time for government agencies to adopt an archiving solution such as LookingGlass. A proactive archive acts as a front line of defense in eDiscovery and serves as a reliable and cost-effective store to hold emails and their attachments for pending or anticipated litigation. Since email is now the preferred medium for communications by and between government agencies, it stands to reason that email archiving is no longer an option but a necessity for government agencies.

Government officials should realize that now is the time to introduce robust eDiscovery products and processes into their agencies. To ignore this important issue is to do so at their peril. Other government agencies across the country have already discovered the hazards of not having proper archiving process and, in so doing, have damaged their reputations while bringing financial hardships to the district citizens that they serve.

No company regardless of its size is immune from the possibility of an eDiscovery. But even as companies look to respond to eDiscovery demands placed on them by rulings such as the Federal Rules of Civil Procedure (FRCP), an equally vexing problem that they face is making sense of their growing mountain of email data.

A recently published study by The Radicati Group, Inc entitled, Email Storage Market, 2009-2013, provides a stunning look into the amount of storage that enterprises need to meet growing email stores. The most telling statistic was that enterprises with 1000 users will consume approximately 20 GB of storage per day or nearly 400 GB per month. But beyond just the problems and costs associated with storing these volumes of email data, an equally pressing challenge is intelligently managing these emails once they reside in these repositories.

Business intelligence tools are now being viewed as a new mechanism to accomplish this. Business intelligence (BI) provides the concepts and methods that improve business decision making by using fact-based support systems. Normally, business intelligence tools are used in conjunction with acquiring new customers or competitor analysis but growing email stores are forcing organizations to start to use these tools to ensure corporate compliance and manage risk. c

This management of external and internal risks is becoming increasingly important as organizations seek to cost-effectively mitigate the risks that responding to new government regulation, financial reporting, and litigation introduce in regards to managing email.

The application of business intelligence to searching and manipulating archived email data stores is still somewhat of a new concept. However technology driven, fact-based support systems are now needed to provide insight and manage these growing mountains of email data. So it is time to think about email archiving not just as a way to capture and store emails but as a way to apply traditional business intelligence principles to email data stores.

Products such as Estorian's LookingGlass give companies the "fact-based" tools necessary to make important decisions such as:

• Track any email or attachment regardless of whether it is incoming or outgoing. The spherical indexing engine used by LookingGlass provides organizations the ability to analyze email and track them in whatever direction they go.
• Track all activity of email, even if it hasn't been sent, by tracking activity in draft folders. LookingGlass can intelligently see activity as it is happening even if an email has not been sent. These emails are noted and indexed which gives a complete picture of email activity for compliance and legal matters.
• Search capabilities that start with the attachment and then works backwards to find all associated emails. This capability allows a true front-to-back search capability without needing to know either the sender's or the receiver's email address.

Extending business intelligence to email allows companies to make proactive business critical decisions in areas that are often overlooked through traditional BI solutions. Email continues to experience exponential growth in enterprises but by applying BI technology solutions to email stores, companies can begin to manage and treat them the same way they do with data found in their other mission critical applications.

Today more so than ever before critical data with high risk implications is housed in email and should be treated like any other critical data source against which BI technology is used and decisions are made so it only makes to bring email into the same fold as financial, sales, or marketing data.

Expanding current BI initiatives and applying the same BI techniques to email as with other data through BI tools such as Estorian LookingGlass can no longer be ignored. After all, if companies ignore email and the growing complexity that large data stores create, they do so at their own peril as it leaves management poorly equipped to make the intelligent and critical decisions that today's business and regulatory environment demands.

DCIG has consistently stressed the need for good eDiscovery processes for electronically stored information (ESI). A steady stream of sanctions surrounding poor eDiscovery strategies is a consistent reminder that a lack of planning can be damaging to your case. A recent case, Ferron v. EchoStar Satellite, LLC., in one such reminder that images and links in emails can be subject to eDiscovery and that the failure to preserve them could be costly.

Although this case did not end in sanctions for EchoStar, it showed the need for email controls and archive technology that preserves email in its native form. Central to this case was an allegation of sending emails which conveyed a commercial advertisement and displayed the name and/or logo of Dish Network. This was alleged to be in violation of the Ohio Consumer Sales Practice Act.

The Plaintiff sought sanctions for failure to preserve website links and images contained in messages. Paper copies of the messages were given in response to the subpoena due to the fact the Plaintiff did not establish the Defendants' duty to preserve the images. The emails were provided on a CD-ROM and it was argued that the images were fully visible at the time of production. The Plaintiff contended that the unavailable images were the only evidence to establish that the contents of the emails violated the law.

This case seemed mismanaged in a lot of ways as it pertains to preservation and production of ESI, and rightfully it would appear sanctions were not granted. But, producing emails on a CD, not presenting metadata, and not preserving images is definitely not the norm and is a rare exception in today's legal environment.

Companies should take the necessary steps to preserve email data, preserve the contents of the email and ensure that metadata is intact. Without the ability to show a solid history of email management, the risk of costly sanctions rises dramatically.

Technology such as Estorian LookingGlass provide the ability to archive, index, search, and provide a complete trail of e-mail messages necessary to answer an eDiscovery request. Some of its capabilities include:

• Email is archived with the images in tact. LookingGlass provides a unique way of searching and displaying images. When the image you are looking for is identified, a simple mouse click of the image shows the complete email attached to the image.
• Search capabilities provide a complete email trail. Once the email is located that is tied to an image LookingGlass provides the ability to see all persons who received, sent, or deleted the email.
• Metadata is preserved. All metadata associated with the email is preserved, archived and available for display and/or presentation to meet eDiscovery mandates.

LookingGlass provides a powerful way for companies to sort through mountains of email and provide the ability to capture and search images within email. This is critical as the above case demonstrated.

Companies should not count on poorly framed eDiscovery requests to keep sanction possibilities at bay. Instead proactive planning, solid eDiscovery processes, and technology such as LookingGlass should be used to meet the complex circumstances surrounding today's state and federal laws such as the Federal Rules of Civil Procedure (FRCP) and California's Electronic Discovery Act.

As this case shows, email continues to be a huge risk and a consistent pain point for eDiscovery and without the ability to archive and present images in email it will no doubt lead to sanctions. So while this Defendant was fortunate it that it did not meet with any court sanctions, companies should not expect the same fortunes in their eDiscovery strategies as their luck will eventually run out.

"As California goes, so goes the nation" is a phrase that I have heard before and it immediately came to mind when I read that Governor Schwarzenegger had signed California Assembly Bill 5, otherwise known as Chapter 5 - Electronic Discovery Act  Signed into law on June 29^th, 2009, what makes this law significant is that it expands upon the verbiage used in the Federal Rules of Civil Procedure (FRCP). So for organizations already worrying about the FRCP, take heed because the Electronic Discovery Act takes eDiscovery to yet another level.

Any time California passes a law, especially as it pertains to eDiscovery, the rest of the nation needs to pay attention. California previously set the stage for the nationwide adoption of data breach notification laws with its passage of SB1386 in September, 2002. Since that law went into effect, nearly all states have since followed suit with their own data breach laws (only 5 states have NOT passed similar laws) as well as the federal government.

Organizations that have failed to act and put in place pro-active eDiscovery processes are starting to pay the consequences. The recently published, "2009 Mid-year Update on eDiscovery", highlights that sanctions in eDiscovery cases against organizations have doubled since 2008. It is important to note the statistic that sanctions were considered in half of every case involving eDiscovery and that they were awarded in 36% of these cases.

This statistic should be a wake up call to all organizations. Clearly many organizations' eDiscovery efforts are still in the primitive stages and now that most states have passed their own eDiscovery laws and California is coming back for round 2, new risks and ultimately new sanctions are poised to strike yet again.

Some notable points of interest in the Electronic Discovery Act:

• The California law differs from the FRCP in how it approaches data in "a reasonably useable form". If your company is subject to an eDiscovery request, the burden will be upon you to provide the information in a reasonably useable form. This is a big departure from FRCP. This new wording could lead to a large expense for a company as definitions of a "reasonably, useable form" are worked out.
• Expands eDiscovery beyond inspection and copying to include testing or sampling of ESI. This act expands existing eDiscovery procedures and demands that can be made for inspection of ESI to include copying, testing or sampling of ESI.It also allows for a party to demand that another party of someone acting on that party's behalf, to inspect, copy, test, or sample ESI in the possession, custody, or control of the party when an eDiscovery demand is made.
• Parties that fail to produce ESI pursuant to a discovery request may face monetary sanctions. This sets a new precedent that organizations must now consider. Before they mostly just had to contend with costs at the federal level. Now the state of California has the power to levy monetary sanctions as well
• Sanctions are prohibited if failure to produce ESI is due to routine, good faith business operations. I consider this California's version of the safe harbor provision, but as with FRCP, safe harbor can be elusive as evidenced by the aforementioned statistics on sanctions.

There is much more to this act, including more notable departures from the language of the FRCP. Overall this is a detailed act with new risks and eDiscovery considerations that now impact organizations if they end up in the California state court. Like all risks, it all boils down to costs but the big question organizations have to answer is, "What is the cost of complying versus doing nothing and taking a reactive approach to an eDiscovery to deal with it only if and when it hits you?"

This is the big question when it comes to this bill as there are several cost shifting areas for companies to consider which is an aspect that I will tackle in a future blog post. The main question that will need to be answered is how will costs be shifted as part of a discovery notice? There has been precedent in California for cost shifting, in Toshiba v. Superior Ct., but questions still remain if this will continue to be the rule.

It should come as no surprise that eDiscovery is moving front and center at the state level. State courts are not immune to eDiscovery problems posed by electronic documents and shifting evidentiary requirements are caused from ever increasing amounts of ESI.California is no different and it is simply seeking to try to limit the costs of eDiscovery in disputes. But as the FRCP has shown this is much easier said than done.

Companies will need to ensure their eDiscovery strategy not only covers FRCP but also complies with differing state laws.New technology such as Estorian's LookingGlass will increasingly be needed to ensure ESI such as email can be produced in a reasonably usable form.

Much legal wrangling lies ahead as sides argue over wording, meaning and intent of this law with a lot of information forthcoming as it relates to costs and interpretation.But, there is no doubt that other states will almost certainly follow in California's footsteps and tackle eDiscovery in their own court systems.As this occurs, the costs and painful consequences for those organizations with inadequate eDiscovery strategies are poised to skyrocket.

When the wheels came off the American economy in the fall of 2008 there was a steady stream of companies lining up for a government bailout and none were of a higher profile than American Insurance Group (AIG). Over a chorus of jeers from the general public the United States Government set out to rescue the "Too Big to Fail" company by setting up an $85 Billion dollar reserve in exchange for 79% ownership of the company. Emotions ran high during this time period and no matter which side of the aisle you were on in regards to the bailout of AIG, the current SECcomplaint against AIG will make most any person angry.

The SEC has taken its lumps for its role, or lack of it, during the economic downturn. But, this case shows the SEC is paying attention and investigating those who play fast and loose with the rules. What this investigation highlights most of all is that AIG was routinely engaged in business practices designed to inflate the company's worth and misstate earnings, costing investors millions of dollars. All of this was orchestrated through the use of shell companies and investors with the full knowledge of the former executives.

Maurice R. "Hank" Greenberg, Former Chairman and CEO, and Howard I. Smith, Chief Financial Officer settled with the SEC with payments of $15 million and $1.5 million respectively for their roles in this scandal. This is in addition to the fines levied in 2006 against AIG totaling around $800 million dollars for securities fraud and improper accounting. The SEC's release included this quote from Robert Khuzuai, Director of the SEC's Division of Enforcement, "Corporate leaders cannot avoid the truth and consequences of their company's performance by using improper accounting gimmicks and signing off on distorted financial reports."

While reviewing the SEC complaint several interesting items were found;

• Greenberg made it clear through conversations regarding reduction of stock price due to inadequate loss reserves that AIG was going to use "aggressive accounting techniques". This was done through a transaction with GenRe which was paid a $5 million dollar fee and refunded $10 million dollar premium back to AIG through an off-shore company. This transaction was not in conformity with GAAP and referred to as "reckless" by the SEC.
• A "sham" transaction was done through what is called a round trip of cash. Basically a transaction was done between two companies which had no economic substance, but was done for the sole purpose of manipulating AIG's financial statements.
• Materially false statements regarding loan loss reserves were given that were signed off on by Greenberg and Smith.
• Concealed losses through a shell company from Barbados called Capco which AIG acquired through a subsidiary called AIRCO. Using this company, Capco absorbed $210 million in AIG losses so investors would be willing to make capital investments and stock price would not be affected.
• When AIRCO officials raised concerns regarding Howard Smith's orders to not record an unrealized loss, Howard Smith admonished them for sending their concerns over e-mail and demanded that all evidence of the conversation be destroyed.

This SEC complaint reveals full of sham investments, false investors, manipulation of financial statements and cover-up. These were all designed to hide losses that reached the hundreds of millions of dollars while at the financial statements were inflated and stock prices were manipulated. This is not to mention the damning evidence that a direct order was issued from AIG's CFO to destroy all e-mail trails of AIG's wrong doings.

Technology such as Estorian's LookingGlass allows companies to ensure that e-mail evidence isn't destroyed. Shareholder value and company reputation should be closely guarded and ensuring all communications regarding the financial viability of a company should be kept in accordance to federal law.

AIG was front and center in the current financial crisis and only survived through a bailout from unearned tax payer dollars. But, when you see this type of unethical and arguably criminal of allegations against Hank Greenberg and Howard Smith, it makes one pause and question whether AIG deserved to be saved and undoubtedly will make it harder to gain public support for further cash infusions.

Companies should be mindful of these types of executives and ensure that e-mail discussions of company financial data is preserved through the use of technology such as LookingGlass. As this case points out, executives who cook the books and destroy evidence will eventually be held accountable. The big difference today between AIG and you is that your company cannot count on a bail out if it happens inside your company.

I was asked an interesting question by Jerome Wendt, DCIG President and Lead Consultant a while back. Jerome inquired, "Is there a list of approved files organizations can exclude from their list of search candidates that are common files and will never contain any information relevant to a legal search?" This was an interesting question for several reasons, mostly because nothing immediately came to mind.

I then set out to try and determine if such a list existed and have come to the conclusion that if such a list does exist it isn't widely known and I certainly could not find it. As I continued to try and answer this question, I realized that if I was having this much trouble, chances are that most people will have the same frustration.

One of the most significant areas of eDiscovery is performing a relevant keyword search of data to produce the proper documents as mandated by eDiscovery requests. This collection of ESI (electronically stored information) holds particular importance as produced documents will go through a review process prior to producing these to opposing counsel. As data continues to grow within organizations eDiscovery costs continue to rise therefore it is extremely important to have a robust search that reduces non-relevant information during a search.

Collection of electronic data should be comprehensive. But based on recent eDiscovery failures involving keyword searches such as the recent case of Active Solutions, LLS and Southern Electronics Supply, Inc. v. Dell, Inc. as was highlighted by DCIG, this process is difficult for even large companies with greater resources such as Dell to achieve.

Companies must take a consistent approach to meeting these mandates and a company's keyword search process should not negatively impact the eDiscovery procedure as it moves forward. Dell's case also highlighted the importance of a proper search of a company's e-mail and the court's increasingly impatient stance toward inadequate searches of email during eDiscovery. So some areas to consider for keyword search moving forward are:

• Be specific in your search. A well thought out word search reduces the amount of irrelevant "hits." For example, using short words such as "mark" will produce numerous hits on words such as "trademark" "benchmark" etc., if you want to eliminate this then try more specific word searches, or phrases.
• If possible avoid generic industry words. If you are doing a search at a hospital, words such as "patient" "transfer" and "emergency" will be found in abundance and may hinder rather than help in your search efforts.
• Search for user created files types. Search for user created file types such as "rtf", "doc", "xls", "pdf", "txt", "html", etc. and avoid known files that are not relevant to your search. The National Software Reference Library is a huge repository for known traceable software and can be very helpful in narrowing search results.

Using email archive products such as Estorian's LookingGlass can provide companies a means to index and search email and give you accurate results. By accelerating the email search process and reducing a huge volume of data down to only relevant information, it significantly increases a company's ability to perform early case assessments of the data thus saving costs.

The importance of ensuring a proper approach to email keyword searches is clearly demonstrated in Dell's case but it applies to almost every aspect of eDiscovery. Email's continued importance in eDiscovery processes provides a challenge to companies that only through the use of technology such as LookingGlass and proper keyword search techniques can overcome. The courts are consistently showing their unwillingness to accept poor search results and companies that present these types of unsatisfactory results run the risk of the courts demonstrating their frustration through fines and sanctions on the offending party.

Every now and then a study comes along in IT that makes you wonder if the public will ever listen to security alert messages as some of these studies yield results that quite literally make you want to throw your hands up in frustration. A case in point is the recently released study by Message Anti-Abuse Working Group MAAWG) entitled "A Look at Consumers' Awareness of Email Security and Practices." However it is the report's subtitle "Of Course, I Never Reply to Spam - Except Sometimes" is what gets to the heart of the matter and what frustrates me as it shows that email users do understand the risks of spam yet still click on the message.

This report provided some interesting insight that reveals how pervasive email usage is in corporations and more importantly how users view email:

• 98% had both work and home email addresses
• The 24-54 age group is more likely to access email at work than at home
• The most important email function as identified by users was email from friends and family
• 1 in 6 people surveyed admitted to clicking on spam

After reading through these statistics (especially the last one) it became clear that even with all of the education and security alerts around email, current email usage policies coupled with virus and spam controls are not enough. Users continue to engage in unsafe email behavior and since most users rightly or wrongly view their work email address as their primary email address, the risks that email misuse presents to organizations are extensive.

Through my IT career I have seen the rise of anti-virus software and, more recently, anti-spam solutions aimed at the enterprise. For the most part organizations now see the risk/reward to installing these types of products but the effectiveness of both the solutions and risks of not implementing the right ones vary widely from company-to-company.

This study highlights some of these risks which include:

• What attachments are being sent or received?What are the chances that trade secrets or attachments with confidential or proprietary information are being sent from the company without its knowledge or permission?

• Are users using email outside established policy thereby putting your company at risk?The most important function of email for users according to this survey is communicating with friends and family. There is no problem with that but how comfortable are organizations with the knowledge that their employees are using their email system solely for work purposes? Further, are the emails being sent and received in violation of policy and do they, in a worst case scenario, present a legal risk to the organization?

• Is a large volume of e-mail being sent from a specific user? Can you identify a rapid acceleration of sent e-mail being sent from a specific user? This type of email velocity could point to a compromised PC being used as a "bot"

These risks beg the question "What else is going on?" as there are undoubtedly other risks to which companies are unknowingly exposed that are not being taken into consideration in this study. Statistics like these scream out the obvious: Companies need to take control of their email. To do so companies need tools to ensure their employees do not expose them to unnecessary risks.

New technologies now mitigate some of these risks. Products such as Estorian's LookingGlass alleviate the risks outlined above as it fully indexes incoming and outgoing emails and their attachments. In so doing, LookingGlass provides companies the assurance that all emails that their employees send and receive adhere to existing policies in real-time and, if they do not, are blocked and alerts are generated

These notifications warn when a policy has been violated and sends the information to the individuals responsible for taking action, such as HR or an internal security team. Email analytics features included in LookingGlass can track email by user, hour, day and beyond which provides insight into items such as the number of emails sent and received. This can provide important quantitative information on email velocity and identify a small problem before it becomes a big one.

The MAAWG study highlighted that employees do not always differentiate between home and work email. Because of this, organizations need some means of enforcing email policies to deter employees from jeopardizing a company from their ill-advised email behaviors. Taking control of email requires having tools that proactively monitor the information contained in emails so organizations are protected from the potentially abusive or dangerous content that is shared and sent in emails. Products such as Estorian LookingGlass provide this level of control that products such as anti-spam, anti-virus and even other email management products yet lack.

• Document retention policy. Do you have a document retention policy that explicitly covers email?  If so, was it developed with the input and perspective of IT, Legal, and Compliance, or just IT?

Having a policy that guides email retention is a must and once the policy is in place it should be followed. If your retention of e-mail is 90 days then you should adhere to this standard and not let 90 days mean 60 days, or 6 months etc. as inconsistent adherence to email retention policies is even worse in the eyes of the court than having a wrong policy in place. Safe harbor in eDiscovery rests in an organization adhering to its policies and procedures that guide the destruction of its email data.

• Legal Hold of E-mail. If your policy guides destruction of email at the end of every 90 days but you can reasonably anticipate legal action on these emails then you are bound by FRCP to hold those documents in anticipation of a possible discovery.

Destruction of emails once you know a legal hold is necessary could expose an organization (public or private) to court sanctions for spoliation. So if you even suspect you might need to retain emails, you better have a means to hold on to them. eDiscovery rulings are often a moving target and knowing exactly when to start retaining e-mails critical to a case can be very difficult as shown in the recent case of Phillip M. Adams & Associates, L.L.C. v. Dell, Inc., 2009. 

• Regulatory Factors. Is e-mail retention for your company guided by government regulation such as Sarbanes-Oxley (SOX)?  Publicly traded companies, healthcare institutions and financial services organizations all are subject to regulations that affect how long they retain emails. These regulatory considerations often have strict penalties attached to them for non-compliance.

Retention periods can also vary depending on the information contained within email, whether it is financial statements, HR data, patient information, or contractual discussions. Each could have different regulatory retention requirements based upon the information contained in the email.

Judge Ledet's admonishment of Dell's actions as "unconscionable" was due to Dell's response to an eDiscovery stemming from a current civil lawsuit. The lawsuit, Active Solutions, LLC and Southern Electronics Supply, Inc. v. Dell, Inc., has centered over a New Orleans crime camera system. The case was brought by Active Solutions and Southern Electronics in 2007 against Dell claiming that the surveillance system Active Solutions had developed had been misappropriated by the City of New Orleans technology department and that it then conspired with Dell to acquire the system.

As details of the case have unfolded several eDiscovery areas of interest have emerged. A significant component of the case revolves around whether Michael Dell knew about the pending sale of camera equipment to the city of New Orleans and if the issue of security cameras came up between him and New Orleans Mayor Ray Nagin in a meeting that allegedly occurred in June 2004. Michael Dell and Ray Nagin do not recall this meeting but a former Dell employee disputes that claim and stated in an affidavit that the meeting did in fact occur on or about June 21^st, 2004.

During the course of this hearing Judge Ledet has ordered the recent deposition of Michael Dell. Judge Ledet has also sided with the Plaintiff's attorneys in their claim that Dell had provided "piecemeal" production of eDiscovery documents and that specific key word searches for words such as "camera" were not done across its email archives on emails that may have been sent to Michael Dell.

Dell has countered by stating they have acted in good faith and provided over 160,000 documents. Judge Ledet did not agree and ordered a search of Dell email and documents using specific words. Once the results are known then the two sides can discuss how to move forward.

This case definitely is NOT a text book example of how to respond to an eDiscovery request especially from a company with the branding and resources that Dell enjoys. If anything, this is an indictment of Dell's own email archiving and management software that it purchased and has owned for some time. This case is exemplary if no other reason then it illustrates what not to do when confronted with litigation involving eDiscovery.

Any company involved in litigation is now expected to provide those documents relevant to the case, and as this case involving Dell highlights, that information more often than not resides in email. Using products such as Estorian's LookingGlass companies can archive and retain email messages and then do keyword searches across these archives. Using LookingGlass to search and present only relevant email not only reduces costs, but avoids the piecemeal presentation of documents Dell is accused of providing.

I find it surprising to see Dell in contempt of court and being accused of making a mockery of the court system, as well as its own ineptness in providing the documents needed to satisfy its eDiscovery obligations. But, what is more surprising is Dell's lack of keyword search capabilities and inability to present relevant information in a timely manage, especially given that they own a software that allegedly can perform these tasks. Using products such as LookingGlass give companies the ability to answer eDiscovery requests and avoid the ramifications of court ordered sanctions that can often be very costly.

The court's harsh words towards Dell did not lead to expensive sanctions (this time) but as the lawsuit continues to peel back the layers of what occurred in this case, that may yet occur. As this example illustrates, companies should be in a position to provide relevant emails in a timely manner because as new court cases are bearing witness, court sanctions are becoming more expensive, judges are becoming more willing to dole them out, and the inability to provided needed information can be damaging to their defense and ultimately lead to litigation losses.

"If it really costs millions to do that [e-discovery], then you're going to drive out of the litigation system a lot of people who ought to be there." This quote by Supreme Court Justice Stephen Breyer cuts to the heart of current issues surrounding eDiscovery. A recent DCIG blog highlighted how out of control litigation costs have become and have left companies with hard decisions on whether it is best to settle cases based solely on the cost of eDiscoveryattempt to litigate or . But as companies face unprecedented economic pressure, a key question comes to mind, "Are these costs driving risky data retention strategies such as destroying all of your data?"

A December 2008 poll at Law.com showed immature processes is the rule across corporate America when it comes to eDiscovery. The survey found 30% of companies in the survey lacked even basic policies for preserving evidence for litigation discovery. So based on these statistics, it is reasonable to assume this lack of knowledge in eDiscovery coupled with immature processes could lead to higher risks being taken by companies.

But a question I regularly hear is, "Why not set a policy that mandates the quick destruction of data and delete everything quickly?" The thought process behind this is simple. If an eDiscovery event occurs, simply point to the policy and attempt to show a routine and good faith destruction of data and avoid the associated costs. While it is a tempting to adopt this policy in order to try to avoid the costs of eDiscovery, it is a flawed approach and could result in more harm than good for your company.

The "Safe Harbor" eDiscovery provision, otherwise known as Rule 37(f), provides a means for companies to limits sanctions if (and I quote): "Absent exceptional circumstances, sanctions cannot be imposed for loss of ESI resulting from a routine, good faith operation of an electronic information system." Under this rule, a court may not impose sanctions on a party for failing to provide electronically stored information lost as a result of the routine, good faith operation of an electronic information system.

Based on this wording it would appear reasonable why companies might take a risk and attempt to limit their legal risks by quickly and routinely deleting documents such as email. But there are several areas of concern for businesses that rely on routine data destruction processes when it comes to their eDiscovery strategy, such as;

• eDiscovery is still evolving and the rules can be a moving target. Even when safe harbor would appear to extend to your company, the courts can bring a new wrinkle as it pertains to eDiscovery and suddenly your company could be facing a huge sanction. For example, a court ruling in the recent case titled Phillip M. Adams and Associates, LLC v. Dell, Inc., provided sanctions against ASUS for not preserving e-mails dating back to 1999, even though the plaintiff didn't bring a claim against ASUS until 2005. This has cast serious questions on the future of rule 37(e).

• What you view as routine destruction could in fact be spoilation. The above cited case is another good example of a company thinking they would be covered by safe harbor, and instead their idea of reasonable destruction of data through routine maintenance of their information system, was instead viewed by the court as spoilation of data that should have been held for litigation.
• Legal hold of data is open to interpretation. Legal hold of data is a process for holding all relevant information pertaining to a case when litigation is reasonably anticipated. The term reasonable is open to interpretation by the courts, and court interpretation is rarely predictable.

The sheer volume of e-mail and its impact on eDiscovery continues to be a pain point for companies searching for answers to costs. Products such as Estorian's LookingGlass provide an answer for companies looking to control the costs and complexities of e-mail in litigation. LookingGlass provides structure to historically unstructured data as well as providing search functionality for answering eDiscovery requests which becomes a valuable resource in controlling e-mail review costs.

In today's economic climate it is understandable why companies are tempted to try and avert costs through risky data retention strategies. But, this high risk strategy will fail and the costs and consequences could financially ruin your company. Proper preparation and deploying technologies such as LookingGlass provide a vastly lower risk point than attempting to rely on policy and pray for safe harbor.

• The cost of an eDiscovery associated for Microsoft is between $10 and $20 million dollars for each and every lawsuit.
• Losey recently wrote in his blog about a case where the Washington D.C. Appeals Court affirmed an order requiring that the Office of Federal Housing Enterprise Oversight (OFHEO) spend $6 million, or 9% of its annual budget, to comply with an eDiscovery subpoena request.
• Litigation is becoming too expensive so organizations are opting not to go to court and instead just settle.
• The American system of justice is very different than Europe's. Europe permits the voluntary disclosure of information so European companies may only choose to disclose information that helps them in a court case. The American System of Justice requires organizations to turn over all relevant information whether it hurts or helps them in a case.
• The written word has evolved over the centuries to become considered the best form of evidence. Since lawsuits involve events that occur in the past (often years ago), organizations need to be prepared to go back years to produce written documentation. The written word today now almost exclusively exists in the form of electronic communication.
• In 2006, Networkworld cited a study conducted by the Butler Group that employees now spend as much as 25% of their day searching for the right information to complete a given task. Losey now believes that the percentage of time employees spend looking for stuff is closer to 40%.
• The best estimates available are that during an eDiscovery organizations can only retrieve about 22% of the writings that are relevant to a case.

• Be proactive, not reactive, about information management.  The first step in the Electronic Discovery Reference Model (EDRM) is "Information Management" and yet most organizations start managing their information only after they receive an eDiscovery request and then are forced to start with some step in the middle of the process - such as the collection stage.

That is what gets companies into trouble. Starting with the collection of data as a means to do eDiscovery in a chaotic environment becomes very expensive. As a result, much of the money that organizations spend on an eDiscovery is wasted since so little relevant information is retrieved during the process.
 
A better way for organizations to start is by managing and archiving their email using software like Estorian LookingGlass. Software like this gives them a means to capture and manage the flow of information in and out of their organization while making it accessible and searchable if and when an eDiscovery occurs.

• Prepare for a future where a random sampling of electronically stored information (ESI) becomes the norm. While it is unlikely organizations ever retrieved 100% of relevant information when it was stored in paper, achieving that level becomes even more unlikely that it is stored electronically. So to adapt to this new environments, organizations need to prepare to employ methods of random statistical sampling of their ESI and then prepare to defend this method of eDiscovery in court to keep eDiscovery costs from spiraling out of control. Losey says, "Common sense dictates that sampling and other quality assurance techniques must be employed to meet requirements of completeness."

DCIG has posted several blogs discussing the economic downturn, the banking crisis and the role that hedge funds played in the seemingly endless stream of bad news and frauds that have graced the headlines. So, when it was announced that the prominent hedge fund was shutting down due to the SEC reopening an insider trading probe, it was another sign that the largely unregulated hedge fund industry is back once again in the SEC's crosshairs.

When I started looking into the alleged insider trading scandal I found not only interesting facts on Pequot, but also some interesting insight into how the SEC investigated the allegations of insider trading. Pequot was founded by Arthur Samberg and has been a respected hedge fund since 1998. The fund reportedly manages $3 billion in assets but at one time reportedly managed $15 billion. But, with investors already highly suspect of any bad news based on previous scandals, Samberg decided it was in everybody's best interest to close the fund.

With that recent history aside, insider trading allegations regarding Pequot were actually discussed in front of the U.S. Senate Committee on the Judiciary in December of 2006. According to testimony by Director of Division Enforcement, Linda Chatman, there were 10 transactions occurring between February 2002 and April 2005 that were forwarded to investigators working on the Pequot investigation. Investigating attorney Gary Aguirre claims he was fired for his requests to interview persons relevant to the case but, after all of the investigative work was done, Pequot Capitol was found to have not executed transactions based on insider knowledge.

What really caught my attention was in the "Case Closing Recommendation" documents there are several specific instances involving Pequot and insider trading allegations. During these investigations it became clear that the SEC is very conscious of email communications and looks closely at email in any investigation regarding insider trading. Email communications between Arthur Samberg are highlighted throughout to show either a link to possible wrong-doing or, more importantly, where email exonerates wrong-doing.

A specific example is in the investigation of Pequot accumulating Heller stock and shorting GE stock before a GE acquisition announcement of Heller was made public. Within the documentation the SEC specifically states it "reviewed the emails obtained from Pequot to identify other potential tippers. The staff then compiled information about each person identified, including searching for relevant documents in the database of emails provided by Pequot."

Pequot was also closely scrutinized in a trade involving Microsoft stock after Pequot hired former Microsoft employee David Zilkha in April of 2001. Before starting work for Pequot, David Zilkha started providing information about Microsoft by email to Samberg.

There were two emails that were particularly scrutinized by the SEC that preceded an earnings announcement by Microsoft. Pequot had a net positive result of over $2 million dollars in profit based on two trades in Microsoft that were theorized by the SEC to be the result of the email information received from Zilkha.

There were also several other examples of possible insider trades that the SEC investigated involving Pequot Capital and through these investigations Pequot provided 19.8 million pages of electronic mail to the SEC.

Based on the sheer volume of email presented by Pequot the SEC asserted on page three of Linda Chatman's presentation to the Senate that "our staff has become particularly adept at sifting through all available forms of evidence, including...emails."

Although originally Pequot Capital was cleared of insider trading, it now appears that the SEC is coming back and taking another look at this hedge fund but instead of facing the mounting investor scrutiny, Arthur Samberg has decided to scuttle the fund altogether. Yet what interested me most was the sheer volume of emails given to the SEC as well as the SEC's focus on email to not only look for evidence of wrong doing of Arthur Samberg but also to develop leads on other "tippers" of inside information.

This case is a good example of why companies need email management technology such as Estorian LookingGlass. As the SEC has shown, it is very adept at reviewing email documentation and having the ability to rapidly provide email information that can clearly show a company followed the rules will pay huge dividends in any investigation or information gathering exercise. An ability to provide transparency in any investigation or eDiscovery exercise can exonerate a business even if a government agency, such as the SEC, comes back to take a second look and help prevent taking such drastic measures as shutting down the business as Samberg obviously felt obligated to do.

Another area of interest within this bill is the inclusion of the wording "each appropriate Federal banking agency" which extends this bill to Banks, Savings and Loans, and Credit Unions. So, it would appear the Federal government fully intends to ensure that all credit lending institutions will fall under this complete overhaul of the "Consumer Credit Protection Act."

Now that all banking agencies fall under this act, what technology issues should they be aware in this bill? One main area of concern is highlighted in SEC.103 Limits of Fees and Interest Charges, under the Opt-Out piece of the legislation. This basically gives consumers the right to opt-out of over-the-limit transactions if fees are imposed. Under paragraph (2) (A) and (B) titled Notification by Consumer there is an interesting piece of language that refers to technology:

(A) "through the notification system maintained by the creditor under paragraph (4); or

(B) "by submitting to the creditor a signed notice of election, by mail or electronic communication, on a form issued by the creditor for purposes of this subparagraph."

What this bill lays out in paragraph 4 is there are several defined notification system options such as a toll free number, Internet address, and website. So, in addition to these specific areas defined, there is also the ability for banks to use electronic communication such as e-mail, in addition to those specific areas noted in paragraph 4, to submit and receive a signed notice of election to opt-out of those transactions.

Now that e-mail could very well be one of the opt-out vehicles used by a banking institution that falls under this act, it makes more sense than ever for banks to archive in order to have a strict accounting of e-mail transactions. By using products such as Estorian's LookingGlass, banks have the ability to use their existing e-mail infrastructure as a communication vehicle to transmit and/or receive signed notices of election. Without the ability to give a strict accounting of those notices banks limit their customer's options in providing signed notices of election.

Although it might be debatable whether this type of legislation actually helps consumers, it does demonstrate how consumer outrage toward a specific business sector can stoke a bipartisan fire. It also shows how the Federal government views technology as a way to ensure consumers can effectively and efficiently communicate their desired approach as it pertains to the services mandated within regulation.

As the Federal government continues its accelerated regulatory path, it stands to reason that there will be continuing emphasis on technology as the preferred means of communication between businesses and consumers. By using products such as LookingGlass, companies can continue to leverage their existing infrastructure to deliver services, as well as continue to meet current and future regulatory requirements.

On March 15^th, 2009, a new law went into effect in the European Union (EU) that set in motion a controversial new course for government access into digital information.  The EU Data Retention Directive was derived from the perceived need of the EU's member states to protect national security or public safety. Its goal is to provide law enforcement the access to information it needs to protect public and national interests but it may go too far by capturing too much public information that the public may not view as so public

Most individuals will generally welcome more protection in their lives from hostile terrorist attacks but it is unclear how much they are willing to accept government intrusion into their electronic communications.  Therefore a delicate balancing act is needed and this law may just go too far in the eyes of many as the mandates set forth in this EU directive are abundant, complicated to meet, require the capture of a plethora of electronic information and give governments the authority to access this information for a lengthy period of time. 

A review of the directive highlights the following areas:

• Article 6 titled "periods of retention" states Member States shall store all communication from customers no less than 6 mos., but no longer than 2 years.

Article 5 of the Directive spells out that the communication information must be stored. However there are some of the areas of concern as to what is stored. For instance:

• "Fixed" network telephony and mobile telephony. It will store the calling telephone number as well as the name and address of the subscriber.
• Internet access, Internet e-mail, Internet telephony. This calls for the retention of the user's Id, telephone number, name, address and IP address.
• Data necessary to identify date, time, and duration of the communications.
• Concerning e-mail - Date and time of the log-in and log-off from the ISP, IP address (static or dynamic), user ID of the subscriber or registered users. 

Article 8 of the Directive goes into the storage requirements for retained data by specifying that "data must be retained in a way that can be transmitted upon request to competent authorities without undue delay."  This is a key provision in that it not only requires the need for ISPs to store mountains of data but also puts a burden on them to search the data as well as determine if data meets any previously set criteria and then forward data that meets that criteria to the appropriate authorities without delay. 

Article 3 goes further and specifically calls out providers of public communications networks within the jurisdiction of the member state as the parties responsible for retaining the communication information noted in Article 5. 

Although this is an EU directive, organizations here in the United States need to be mindful of this regulation for a few reasons. First, we are talking about Internet communications that encompass the entire globe and not just the citizens of those Member States of the EU are charged with collecting data, though it is unclear how this would be enforced in the US. 

Second, if a government regulation such as this can pass muster in the EU, it stands to reason the US may follow suit at some point with legislation of this scale, especially with heightened role that the US government has been assumed in private industry.  Finally, Internet Service Providers (ISP) may have to bear the costs associated with this complying with this regulation so Internet access costs may increase. Equally unclear is as ISPs begin to act as cloud storage providers for businesses, how much of this private data will be stored as "public" information in these repositories because it traverses the Internet and is captured by these ISPs.

Organizations now need to begin to ask, "How does this law impact what data they send outside the organization over the public Internet?"  Although there are written safeguards on who can have access to the information and what information need to be stored, history is replete with examples that have shown that these safeguards are not always followed as is evidenced in a recent example that occurred here in the US. 

Email is a prime example of where confidential corporate information could easily end up outside of corporate fire walls and inside one of these "public" data repositories. How or if it may ever be accessed is anyone's guess but an advisable approach that organizations should consider taking is making sure it never ends up there in the first. Blocking the e-mail before it is ever sent using such products as Estorian's LookingGlass ensure that it never ends up in some data repository at an EU ISP that may come back to unexpectedly haunt you at some later point in time.

On the surface, this EU directive appears rooted with well meaning but poorly informed legislators who are looking to better protect their constituents. However, given the growing propensity of government to delve into the affairs of private business, organizations are advised that the less confidential and potentially incriminating data that they make accessible to the government, the safer they are. Technologies such as Estorian LookingGlass can help companies put in place email policies that ensure email communications that never should go outside corporate fire walls never do.

The case in question is Phillip M. Adams and Associates v. Asus Computer International. It is important to note that Asus is only one of many well known industry heavyweights named in this lawsuit but this ruling singled out Asus and how it responded to this eDiscovery request. The lawsuit revolves around a patent granted in 1992 to Dr. Phillip Adams for software that identified defects in floppy disk controllers. It is alleged that ASUS gained access to his software, reversed engineered it to illegally test their motherboards, and then required chip manufacturer Winbond to modify the chips sold to ASUS using Dr. Adams technology.

Although ASUS stated no documents pertaining to the case had been destroyed since 2005, ASUS provided very few documents related to the eDiscovery request. Due to this there were numerous questions as to the reasons behind the lack of documentation, and more specifically, why so few emails pertaining to the case were released. Based on the lack of produced documents the Plaintiff asked for sanctions due to spoliation. ASUS provided an interesting response to the allegation of missing document by saying:

• Its email servers were not designed for archival purposes and employees were instructed to assume responsibility for preserve any emails of long term value.
• It is its routine practice that its employees download to their individual computer those emails the employee deems important or necessary to perform his or her job function or comply with legal or statutory obligations. 
• Any information not saved by the employee was erased.
• Determination of "long term value" was determined by the employee.

From that explanation came the following quote from the court:

"An organization should have reasonable policies and procedures for managing its information and records."  [Citation omitted.]  'The absence of a coherent document retention policy' is a pertinent factor to consider when evaluating sanctions."

In short, if an organization does not have a document retention policy guiding its approach to electronically stored information (ESI) such as e-mail, then it will be a pertinent factor in deciding sanctions against your company.  The court also stated, "It is clear that ASUS' lack of a retention policy and irresponsible data retention practices are responsible for the loss of significant data." 

This plainly lays blame on ASUS and could very well lead to a large sanction against it because of it. These are powerful statements made by the court and show just how serious the courts are in regards to policies and procedures and retention of e-mails pertinent to an eDiscovery request.  Relying on employees to retain and produce relevant e-mails based on the Federal Rules of Civil Procedure (FRCP) just cannot happen in today's legal environment.

Only through the use of technologies such as Estorian's LookingGlass can companies answer email eDiscovery requests in a complete and timely fashion, and without worry of whether emails pertinent to the case are either missed or destroyed. Although ASUS' email servers may not be designed for archival purposes, using LookingGlass fills this void by ensuring emails are archived, preserved, and searchable. 

This case serves as a good lesson to those companies who continue to debate the necessity of technologies such as LookingGlass, as well as whether they need polices and procedures guiding document retention. Not only are they needed, but they are mandatory when faced with litigation involving eDiscovery. As was demonstrated in this case, relying on your employees' judgment is not an acceptable document management and retention policy and failing to the take the necessary steps to define and retain documents from spoliation will certainly lead to costly sanctions.

This became more evident on March 10^th, 2009 when BofA CEO Vikram Pandit said he expected BofA to turn a profit in Q109. Again, you can count me among the ranks of the confused as turning a profit this quickly just doesn't seem to fit into the equation considering BofA was just bailed out just a few months before. Rather it looks like BofA is taking out a cash advance using government monies as a Visa card and then telling its shareholders BofA just received a pay raise. 

This is only one of the interesting and questionable uses of bailout funds by banks. Another involves JPMorgan Chase admitting in October 2008 that it would not use the bailout funds to make loans like anticipated but instead would use the monies to purchase other banks. Already BofA used part of its bailout to increase its stake of a bank in China while at the same time cutting off funding for companies

So what else can customers expect? 10 percent of BofA customers can expect their credit card rates to rise though BofA isn't the only bailout recipient to announce such confiscation of their customer's income. Citigroup, and JPMorgan Chase have also made such rate increase announcements. Other banks have announced other forms of fee increases as well with Wells Fargo announcing increases in late and cash advance fees while Chase is introducing a $120 yearly charge on low interest credit cards.

These mounting fees and rates have caught the eye of the federal government. Already a federal committee that oversees the bank bailout program announced it is investigating  rising rates, fees and continued predatory lending practices of those banks that have received bailout funds. 

As the government probes these financial institutions and consumers continue to raise their voice in opposition to government funding both sides of banks' bottom lines through bailouts and fee increases, it stands to reason that government intervention will continue to rise for all organizations. But as is the case with any investigation, in order for companies to exonerate themselves, it is best to have supporting evidence ready.

When civil litigation is anticipated, presenting documentation such as e-mails in accordance with the Federal Rules of Civil Procedure (FRCP) is now a key factor to ensuring success during litigation. Using technologies such as Estorian's LookingGlass to retain, search and present e-mails needed in an investigation allows a company to properly respond to allegations of misconduct such as those faced by the banks.

As recent history shows, banks continue to act as though they have learned nothing from the current crisis.  Select banks continue to press for public money and guarantees for assets in which they have speculated on, all the while using tax payer bailout dollars for ventures that have had nothing to do with lending. Worse yet, taxpayers have to worry about expanded predatory lending practices from the same banks that their tax dollars are helping to keep afloat. 

Banks such as BofA, JPMorgan Chase, Citigroup, and Wells Fargo are now literally biting the hand that feeds them by rapidly and aggressively expanding the fees and rates charged to customers that are expected to foot the bill for their bailouts. The bailout oversight committee is rightly taking the steps to investigate these practices, but, for the foreseeable future, taxpayers will continue to fund multiple revenue streams to banks even as they claim a gimmicky profits such as Bank of America is doing. 

• Kasten v. Doral Dental USA, LLC, 2007 Wisc. LEXIS 405 (Wis. June 22, 2007), the Wisconsin Supreme Court reversed and rejected the findings of the trial court's conclusion that email was a communication rather than a document. They concluded that "Company documents" in the company's operating agreement was, in fact, a broader term than "records" and included drafts and emails that were not private communications.
• Roth v AON Corporation (N.D. Ill. January 8, 2009), Magistrate Judge Morton Denlow held that an e-mail and attached draft of disclosure language circulated for comment among corporate employees and in-house counsel was protected from eDiscovery by plaintiffs in a pending securities fraud action.

• Citing Sedona Principles, Court Allows Forensic Imaging of Former Employee's Home Computer. In this case, the court stepped in so that unintentional destruction of relevant evidence on home computer was halted
• Court Denies Motion to Suppress E-mail Evidence Obtained from Internet Service Providers. The court found that the Stored Communications Act (SCA) does not provide a suppression remedy and concluded that the government's reliance on the SCA was objectively reasonable.
• Court Denies Employee's Claim of Privilege in Email Sent from Employee Email Account over Employer Server. The court agreed that corporate email is to be used solely for business purposes and that employees have no personal privacy rights in any material created or communicated on the company computer systems.
• Court Orders Production of Relevant Material in Spite of Alleged Computer Incompetence.  This statement pretty much says it all

• Prosecution and court programs
• Planning, evaluating, and improving technology programs

On January 13^th, 2009, a ruling in the S.E.C. v. Collins & Aikman Corp was handed down in what is sure to become a landmark ruling. What makes this an important ruling?  Judge Shira A. Scheindlin ruled that the SEC had to abide by the Federal Rules of Civil Procedure (FRCP) just "like any other litigant." This could have ramifications across government entities as the FRCP increasingly touches federal, state and local governments. It is already a well documented fact that the FRCP is changing how private industry manages its data but this ruling sets out numerous areas in which the SEC failed in its internal eDiscovery processes and rightly was held accountable.

The case originated from a claim of securities fraud by the SEC and called into question the SEC's obligations in producing documents, and how the SEC failed to perform sufficient searches for the requested information.  The defendant's made document requests in 54 separate categories, and the SEC produced 10.6 million pages.  The defendant objected and stated "the SEC failed to identify documents...supporting particular factual allegations and instead preferred to dump a huge volume of documents." 

During the court proceedings the SEC contended they had fulfilled their discovery obligations by producing the millions of pages of documents as maintained in the usual course of business.  The court explained that when records do not result from "routine and repetitive" activity there is no incentive to organize them into a predictable system and stated the purpose of Rule 34 is to "facilitate production in a useful manner...thus it is reasonable to require litigants who do not create and/or maintain records in a routine and repetitive manner to organize the records in a usable fashion prior to producing them."  The SEC had to produce 175 file folders that very well might affect their case strategy due to their original unorganized document dump.

Another very interesting part of this case is the SEC initially did not produce any email or attachments generated or received by the SEC.  This was due to the SEC's failure to do an appropriate search.  The SEC argued that nearly all responsive emails would be privileged or subject to court's non-disclosure order and that the search would be a costly and time consuming effort.  The court rejected the SEC's blanket refusal to produce email without an attempt to negotiate search terms to eliminate privileged or irrelevant emails.  The parties were ordered to meet and attempt to negotiate search terms. 

The government learned is what private companies have known for some time: the FRCP is time consuming, expensive and the failure to properly manage the process can be devastating to a case. But, automating email eDiscovery process through products such as Estorian's LookingGlass can eliminate problems such as what the SEC is facing.  As this case showed it is not acceptable to claim the process is too expensive or too time consuming.  Automating the process of producing only relevant email needed in an eDiscovery request through the use of LookingGlass can lower both the time and cost, as well as avoid negative inference from inadvertent or malicious destruction of vital documents.  

All too often government writes laws or regulation that increase cost and time burdens upon companies without thought as to how it will affect those who are not government.  But, the explosion of electronically stored information (ESI) crosses all boundaries whether it is a private company or government.  Now this ruling declares that the government must act like any ordinary litigant and comply with FRCP but it appears the government is woefully unprepared to respond to litigation requests originating from the FRCP. 

Now whether the agency is Federal, State, or Local Government, this ruling has showed they must be prepared to comply with eDiscovery standards or possibly face the same problems currently encountered by the SEC.  Government can learn much from the private sectors struggles with the FRCP but it appears of these hard lessons will be learned in the court and at taxpayer's expense.

If the market needed any further reason to feel investor angst, Research In Motion (RIM) (NASDAQ: RIMM) seemed more than happy to step in and fill the gap. Already there are plenty of headlines to feed the pessimism in the economy ranging from Madoff Hedge Fund scandal a month or so ago to the more recent Stanford Group scandal. But when the SEC announced on February 17, 2009, that several current and former executives at RIM had reached a settlement involving an options fraud scheme, it is being to feel like greed and fraud knew no bounds.

RIM is not an unregulated hedge fund or a too good-to-be-true return on a certificate of deposit as was the case with Madoff Hedge Fund and Stanford Group. No, this was a well known and well respected tech company that helped to revolutionize and is still revolutionizing the mobile market. But when details about this scandal emerged and the SEC released details of the settlement, it showed a systematic fraud perpetrated at the expense of the company and its shareholders.

In the press release issued by the SEC, it alleged that Dennis Kavelman, RIM's former CFO, Angelo Loberto, RIM's former VP of Finance and James Balsillie and Mike Lazaridis, RIM's Co-Chief CEO's, "illegally granted undisclosed, in-the-money options to RIM executives and employees by backdating millions of stock options over and eight year period from 1998 through 2006."

The SEC release also stated "RIM and its highest level executives engaged in widespread backdating of options which provided them and other employees with millions of dollars of undisclosed compensation" All of the executives agreed to settle the matter without admitting or denying the allegations with several terms attached as well as fines levied for the fraud. The SEC contended this misconduct caused RIM to falsely disclose in its annual reports and file false and misleading financial statements. Balsillie and Lazaridis prepared, reviewed, signed and/or certified RIM's filings with the SEC.

As the SEC put this case together is appears that email played a large role in uncovering this fraud. Several examples emerged from the SEC complaint:

• Kavelman (former RIM CFO) asked a manager not to document improper pricing in email.
• On page 14 of the complaint was another example that showed in May 2001 an employee complained that her exercise price for her stock options was too high so her supervisor asked that the options agreement be changed. This was captured in e-mail as Kavelman acknowledged that the SEC reports had already been prepared but the employee was given a lower backdated exercise price.
• Page 15 Loberto copied Kavelman in e-mail stating the reports had been completed and their attorney had advised them to use the start date for pricing of the options as was the company's policy. Even with this advice, Loberto granted the backdated price that preceded the employee's hire date and agreed to fix the agreements.
• Page 19 showed Balsillie e-mailed Loberto (copying Kavelman) asking to process another 10,000 options for a RIM Vice President, and for them to pick a low point in the past 30-60 days.

The examples are all over the report and emails show top executives were well aware and actively participated in this fraudulent activity.

When top level executives are involved in this type of activity, who are the shareholders, employees, and board of directors to trust? Well, as these documents illustrate, one thing the SEC is trusting and putting its faith in is the email these individuals are sending. Email is the preferred communications medium in corporations and shareholders should insist a robust accounting of email communications from all levels of management be kept in accordance with federal standards. Products such as Estorian's LookingGlass are examples of third party products that directors, employees, and shareholders can look at to protect their interests to ensure executives act in the best interests of the organization.

If there is still reluctance by organizations to deploy this type of technology, RIM's management's breach of trust should help to alleviate these concerns. Today more than ever protecting a company's interest from fraud at all levels should be a top priority for governance. Products like LookingGlass enable companies to cooperate with any audit and compliance requirement whether it is internal or external and provides organizations the transparency that they need if faced with a situation such as this.

This SEC investigation shows that email will continue to play a huge role in ensuring corporate transparency. The continuing frauds that are being uncovered by the SEC such as the one perpetrated by RIM executives has the ability to shake companies to their core and, in the current economic environment, this can be devastating to a company.

There is much to learn from this since it is now apparent that expecting RIM's executives to operate within the bounds of ethics and laws was too much ask though through the SEC's use of email records, it was able to shine a light on RIM's fraud activities. However all organizations should expect if they are investigated for similar purposes to be put under the same type of scrutiny of their email to which RIM was subjected and ultimately found guilty, whether through negative inference during litigation proceedings or through documented wrongdoings in their email archives.

If you have followed the news lately it would appear that the media and President Obama feel the economy is firmly entrenched somewhere between disaster and Armageddon, which has framed much of the debate surrounding the stimulus bills that are in both houses of Congress. When the Senate passed their version of the bill on February 9^th, it promised $838 Billon dollars for spending projects designed to jump start the economy.  But like most things in government there is a lot more in the details than the headlines.  Now that the stimulus bill is out in the open, DCIG has a more clear view of where health care regulation is going and how IT will be affected. 

It is no secret that President Obama is making a huge push into the Electronic Medical Record so it is important to understand what the government deems an Electronic Health Record (EHR).  The government defines this term as an "electronic record of individually identifiable health information on an individual that can be drawn from multiple sources and that is managed, shared, and controlled by or for the individual."

Until now it has not been known for sure how the government will regulate this Electronic Medical Record initiative but recently released documents provide some clarity as to where we are headed with regulation in the near-term and a road map to future regulation. There are several areas that can be pointed to for guidance:

• The Creation of a National Coordinator for Health Information Technology. This post will monitor electronic health records to the federal government and ensure treatments are within what the government approves.
• Business Associates working on behalf of a Covered Entity. A Business Associate is anybody who isn't an employee who, on behalf of the covered entity, participates in a function or activity involving the use or disclosure of individually identifiable health information. A Covered Entity is defined as a health care provider who transmits health information in electronic form. Both of these will now be subject to the same privacy and security rules and regulations that previously only covered entities such as hospitals and health care providers. An example of this is online personal health records which did not exist when the original regulation was written. This bill closes that gap.  
• Provides Transparency. Patients can request an audit trail showing all disclosures of their information made through an electronic record. This will be a huge undertaking for health care as auditing, logging and work flow will need to become much more robust than it is now to ensure that this can occur. 
• National Data Breach Notification Law. Data breach laws have expanded greatly on a state level since California's SB1386. The Federal government will now mandate disclosure to patients that have had their Protected Health Information (PHI) breached. The only safe harbor from disclosure is encryption of the breached data. 

This stimulus bill does some other things as well. It increases penalties for non-compliance, State Attorney Generals can pursue investigations as well as federal investigators and a major overhaul of HIPAA privacy legislation is assured to pass (think HIPAA II) now that the electronic medical records and funding are cemented into the nation's economic recovery plan. 

These electronic records become protected health information based on HIPAA and the identifiers set out by the HIPAA statute.  Needless to say, these are broad and far reaching descriptions and identifiers that ensure most everything pertaining to health records falls under this classification and is thus subject to disclosure if a breach occurs. 

Although healthcare has been making a private push into Electronic Health Records for some time, it is now a certainty EHR will become a central focus for healthcare across the United States. The details of the stimulus bill give us a more definitive look into where healthcare regulation is going and it will clearly have a profound effect on healthcare IT going forward.  Specifically IT will now need products such as Estorian's LookingGlass that can detect and prevent the inappropriate or illegal distribution of healthcare data to ensure EHR is protected in all phases as the distribution of health records gathers momentum.

Before entering healthcare technology, I spent numerous years in government and as a private consultant helping both public and private attorneys with technology purchasing decisions.  Although I never expected my attorney clients to be well versed in technology, the explosion of digital data, changing state eDiscovery laws, and the Federal Rules of Civil Procedure (FRCP) have markedly changed attorneys' view of technology.  Now when I talk to attorneys there is a measurable difference in how they perceive technology and how it can affect litigation. 

Recently, I had a passing conversation with an attorney about FRCP and as we were talking, he kept bringing up areas that concerned him. So I asked him, "What is your biggest eDiscovery concern?" Without hesitation he replied, "Having a judge issue 'Death Instructions'."

As he expanded on the dreaded "Death Instruction" decree, it became clear why this was such an area of concern. If a judge issues the "Death Instructions" to a jury, you most likely have lost your case and a large judgment against your company is almost a guarantee. So as companies continue to develop an eDiscovery strategy, it is important to understand what they need to do to avoid the dreaded "Death Instructions" decree.

The "Death Instructions" decree is commonly referred to as "negative inference"; or simply a court judge telling a jury that they can negatively infer that your failure to act in good faith by providing electronic evidence during an eDiscovery can be held against you.  In other words, a jury can assume you are hiding something damaging to the case and assume the worst.  There are numerous examples like the following;

• Doe v. Norwalk Community College, 2007 U.S. Dist. LEXIS 51084 (D. Conn. Jul. 16, 2007). After Defendant was informed that a sexual assault claim might be filed, they failed to halt the destruction of relevant electronic information. The court found that Defendant was not entitled to the Fed. R. Civ. P. 37(f) good faith exception to sanctions for routine destruction of data and held that Plaintiff was entitled to an adverse inference sanction regarding such data.
• Hawaiian Airlines, Inc. v. Mesa Air Group, Inc. (In re Hawaiian Airlines, Inc., Debtor), 2007 Bankr. LEXIS 3679 (Bankr. D. Haw. Oct. 30, 2007). The airline's Executive Vice President and CFO used a wiping program on his company computers after being informed of a litigation hold. As the company had not made copies of the hard drives to preserve relevant data prior to these computer systems being wiped, the court issued adverse inference sanctions against them. 

Where this type of judgment has been levied, and avoiding this situation takes an understanding of how to avoid spoliation.  In the case of Hawaiian Airlines v. Mesa Air Group, the spoilation and negative inference led to an $80 million dollar judgment.

Spoilation is the intentional destruction of a document or an alteration of it that destroys its value as evidence.  This could also be an act that a Judge interprets as a willful disobedience to a court order, such as not preserving digital evidence that was demanded in a discovery order, or failure to preserve digital evidence that reasonably should have been considered relevant to the case.  In either scenario, failure to provide evidence that is material to a case is a damning and severe sanctions are a certainty. 

With email being central to business processes and often the preferred means of communication for both internal as well as external correspondence, it stands to reason that protecting these communications is central to any eDiscovery strategy.  The difficulty is how to know where important email communications are located within a corporate network, how to retrieve email that is only relevant to the case, preserving an unaltered copy of a conversation, and tracking who sent and received the email.  These are all areas that can be problematic in providing a clear and accurate answer to an eDiscovery request. 

Estorian LookingGlass provides answers to problems faced by corporations in establishing an eDiscovery strategy as it pertains to email communications by:

• Centralizing email by eliminating the need for distributed PST stored mail.  Companies can confidently search all email for its case relevance without worrying about missing something material to a case due to the inability of knowing where an email resides on the network.
• LookingGlass facilitates an accelerated review process by reducing email down to only relevant email.  After email is indexed into a structured format, you have the ability to reduce costs by only sending relevant information to external providers, or outside counsel.
• Integrity and authenticity of email is kept in tact by preservation of header and metadata.  This ensures accuracy of the communication and provides the ability of being able to track the emails recipients.

Any time a case goes before a jury there is a risk the results will not favor your side.  But not taking the proper steps to preserve digital information can make that risk a certainty.  With judges having a wide discretion in leveling large penalties for spoilation of evidence, it makes sense that avoiding this situation would be a top priority for attorneys.  Products such as Estorian's LookingGlass provide companies the ability to properly answer eDiscovery requests and avoid a judge issuing the sinister sounding death instructions. 

• In part 1, I looked at the impact of the elimination of the "up-tick" rule and the role hedge funds have played in this current financial crisis.
• In part 2, I highlighted the efforts by Senator Grassley (R-IA) to bring hedge funds under the purview of the SEC, and Rep. Kanjorski's after-the-fact hearings on the Bernie Madoff scandal in the 111th Congress.  In part 2 I also brought out how the SEC tried to reign in the hedge funds and how a ruling from the U.S. Court of Appeals in the D.C. District negated their inability to regulate the hedge fund industry.

• Create an IT infrastructure that provides the ability to rapidly assess and report on critical events. Examples of events would be those that may materially affect a company's operations or financial reporting.
• Put in place a robust records management program. Organizations need to rapidly respond to regulatory demands and legal disputes. Knowing what data you have, where it is located and how long to retain data is a necessity as it pertains to regulation and legal requests. Understanding the content of data and not just the type of data are keys to best managing regulatory data requirements and answering legal challenges.
• Converge, simplify and centralize data to ease regulatory compliance burdens. It is important to understand how convergence in areas such as data security and compliance, as well as simplified reporting, and centralization of data, can help organizations meet  the internal requirements for checks and balances and mitigate the risk that forthcoming regulations pose.     
• Deploy content management solutions that focus on email retention. Whether administrative, fiscal, or general operational email correspondence, information in these categories can have a material affect on a company as it pertains to both compliance and legal proceedings;
• Understand thresholds as it pertains to document retention. A solid understanding of legal retention thresholds as defined by federal or state law is necessary to guide an organization so they can know when data such as email can be destroyed and they can justify why specific data was removed. Improper destruction of documents can be at best a weakness in a case, or worse criminal negligence.

• Set policies and be alerted in real time when company standards regarding content have been breached. Alerts can be set based on company specific criteria such as regulatory compliance, control of intellectual property, or offensive material. Policies then decide if the e-mail should be blocked, quarantined for review, or allowed.  LookingGlass provides the ability to report on activities through the use of standardized or customizable reports.  
• Centralizes email communications by providing a central repository for all e-mail.  This centralization eliminates the need to access and search individual PST file repositories through its real-time capture and indexing of all e-mails and centrally storing them for future reference. The indexing makes emails quickly searchable and also brings email under the umbrella of an organizational records management policy. Organizations can then set data retention policies that eliminate the ability of users to delete materially necessary information that is needed for regulatory compliance or to answer a legal eDiscovery notice.