Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
Digital law and governance
e-discovery
	Jacques	Folon		Ph.D.	
www.folon.com	
Partner	Edge	Consulting	
Maître	de	conférence...
4
3
1.where are we now ?
2.Need of an electronic content
management
3.E-discovery
4.Sedona Principles
1. Where are we now?
5
Information overload
6
Control ?
Which information ?
• Electronically stored information (ESI)
• Scannes documents
• Fax
• Texts, excel sheets, powerpoint ...
9
Increase of data from 2010 ->2014 = + 650% (Gartner)
85% of the data are not structured
80% of data search gave no result
2. Prerequisite:
Electronic data management
10
www.aiim.org/training
Source : https://www.britestream.com/difference.html.
• Most of today’s
records start out
in electronic form
– Letters
– Emails
– Faxes
– Web transactions
– Other transactions
...
Electronic records management
• The electronic management of paper
records?
• The management of electronic records?
Questi...
For each type of content, evaluate the degree of control that exists in your
organization in managing it.
Content types an...
ERM
Effectiveness
Continuity
Efficiency
Com
pliance
What are the main business drivers?
Copyright © AIIM | All rights rese...
Driver: Compliance
• Laws
• Regulations
• Policies
• Standards
• Good practice
Copyright © AIIM | All rights reserved
Sour...
Driver: Effectiveness
• Not losing records
• Sharing records
• Finding records easily
• Getting the complete picture
Copyr...
Driver: Efficiency
• Accessing records quickly
• Space savings
• Reduced handling costs
• Other examples
– Archival costs
...
Driver: Continuity
• Records are vulnerable to loss
• Businesses tend to fail if they
lose their records
• Electronic stor...
The records lifecycle
Copyright © AIIM | All rights reserved
Source: NARA
Source: What is ERM www.aiim.org/training
Fundamental principles
• Records are created, received,
and used in the conduct of
organisational activities
• Organisatio...
Access and usage principles
• Records should be accessible to authorised
users
• Users should be able to
search and access...
Retention principles
• Records must be managed through their
lifecycle
• Records should be kept as long as required
– Stat...
Disposition principles
• Disposition is an accepted phase of the
records lifecycle
– Transfer/accession
– Destruction
• Re...
What is ‘Capture’
ERM System
Capture
Copyright © AIIM | All rights reserved
Source: What is ERM www.aiim.org/training
The purpose of capturing records
▪Establish a relationship between the record
and its context
▪Place the record into a con...
Why not capture everything?
• Hard cost of storage
• Volume of non-records to sift through
– Operationally
– For legal or ...
So, what is metadata?
• Metadata = “Data about data”
– For a document or record this means data such
as its author, its ti...
Perspectives on metadata
• Entering metadata is often called “indexing”
• Different users of an ERM system will have
diffe...
Why is access control necessary?
• Ensure ‘systematic control’ and ‘credible
evidence’
• Ensure authoritative records
• Pr...
The objects of user access rights
• Provide or limit access to specific
classes,
files or records
• Provide or limit acces...
Retention periods - 1
• Capturing a record implies need for
retention
• A record may be retained in different ways
– ERM s...
Retention periods - 2
• Records will vary in their intrinsic nature
• Some records may need to be retained for
very long p...
The benefits of destroying records
• Keeping everything forever is expensive
– Storage costs
– Search and retrieval
– Disc...
3. After ERM => ediscovery
36
Definition & context
• E-dicovery is a process to search, localise,
secure, identify a data in order to have it
as an evid...
Ediscovery model
38
Source for the next 9 slides: http://edrm.net
1/information mgt
39
2/ identification
40
3/ preservation
41
4/ collection
42
Collection is the acquisition of potentially relevant electronically stored information
(ESI) as defined ...
5/ processing
43
6/ review
44
7/ Analyse
45
8/ Production
46
9/ Presentation
47
GSA IT Quarterly Forum --
Aug 2007
48
4/ The Sedona Principles: 

Best Practices Recommendations & Principles for Addressi...
49
The Sedona Guidelines
– Second work product of working group
– Draft published in September 2004 for public comment; pu...
50
The Sedona Guidelines
• 1. An organization should have reasonable policies and
procedures for managing its information ...
51
The Sedona Guidelines
• 2. An organization’s information and records management
policies and procedures should be reali...
52
The Sedona Guidelines
• 3. An organization need not retain all electronic
information ever generated or received.
53
The Sedona Guidelines
• 4. An organization adopting an information and records
management policy should consider includ...
54
The Sedona Guidelines
• 5. An organization’s policies and procedures must mandate
the suspension of ordinary destructio...
5. Conclusion
55
Information security manager
Are we ready to be there?
59
Jacques Folon
Jacques.folon@ichec.be
Any questions ?
E-discovery
Prochain SlideShare
Chargement dans…5
×

E-discovery

726 vues

Publié le

Lecture given at ESC Rennes in November 2015

Publié dans : Formation
  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

E-discovery

  1. 1. Digital law and governance e-discovery Jacques Folon Ph.D. www.folon.com Partner Edge Consulting Maître de conférences Université de Liège Professor ICHEC Brussels Management School Visiting Professor ESC Rennes Université de Lorraine (Metz) http://www.nyls.edu/institute_for_information_law_and_policy/conferences/visualizing_law_in_the_digital_age/
  2. 2. 4
  3. 3. 3 1.where are we now ? 2.Need of an electronic content management 3.E-discovery 4.Sedona Principles
  4. 4. 1. Where are we now? 5
  5. 5. Information overload 6
  6. 6. Control ?
  7. 7. Which information ? • Electronically stored information (ESI) • Scannes documents • Fax • Texts, excel sheets, powerpoint (word, pages, including old versions of the software versions) • Emails in & out • Databases, websites, blogs,… • Hard disks (central, local, pc, external, USB sticks, …) • CRM, CMS • GSM et PDA • Time sheet • Acounting • Intant messaging • Voice mail • GPS navigation systems • Metadata • social networks (internbal & external) • … 8
  8. 8. 9 Increase of data from 2010 ->2014 = + 650% (Gartner) 85% of the data are not structured 80% of data search gave no result
  9. 9. 2. Prerequisite: Electronic data management 10
  10. 10. www.aiim.org/training
  11. 11. Source : https://www.britestream.com/difference.html.
  12. 12. • Most of today’s records start out in electronic form – Letters – Emails – Faxes – Web transactions – Other transactions Copyright © AIIM | All rights reserved The importance of records Source: What is ERM www.aiim.org/training
  13. 13. Electronic records management • The electronic management of paper records? • The management of electronic records? Question: Is ERM Answer: Both Source: What is ERM www.aiim.org/training
  14. 14. For each type of content, evaluate the degree of control that exists in your organization in managing it. Content types and how well managed All respondents (462) Source: What is ERM www.aiim.org/training
  15. 15. ERM Effectiveness Continuity Efficiency Com pliance What are the main business drivers? Copyright © AIIM | All rights reserved Source: What is ERM www.aiim.org/training
  16. 16. Driver: Compliance • Laws • Regulations • Policies • Standards • Good practice Copyright © AIIM | All rights reserved Source: What is ERM www.aiim.org/training
  17. 17. Driver: Effectiveness • Not losing records • Sharing records • Finding records easily • Getting the complete picture Copyright © AIIM | All rights reserved Source: What is ERM www.aiim.org/training
  18. 18. Driver: Efficiency • Accessing records quickly • Space savings • Reduced handling costs • Other examples – Archival costs – Disposal of furniture – Consumables Copyright © AIIM | All rights reserved Source: What is ERM www.aiim.org/training
  19. 19. Driver: Continuity • Records are vulnerable to loss • Businesses tend to fail if they lose their records • Electronic storage may speed recovery from a disaster Copyright © AIIM | All rights reserved Source: What is ERM www.aiim.org/training
  20. 20. The records lifecycle Copyright © AIIM | All rights reserved Source: NARA Source: What is ERM www.aiim.org/training
  21. 21. Fundamental principles • Records are created, received, and used in the conduct of organisational activities • Organisations should create and maintain authentic, reliable, and usable records Copyright © AIIM | All rights reserved Source: What is ERM www.aiim.org/training
  22. 22. Access and usage principles • Records should be accessible to authorised users • Users should be able to search and access records in usable formats • Records should be organised to support access and management Copyright © AIIM | All rights reserved Source: What is ERM www.aiim.org/training
  23. 23. Retention principles • Records must be managed through their lifecycle • Records should be kept as long as required – Statutory requirements – Legal requirements – Business or operational needs • Retaining records longer than required may increase organisational liability Copyright © AIIM | All rights reserved Source: What is ERM www.aiim.org/training
  24. 24. Disposition principles • Disposition is an accepted phase of the records lifecycle – Transfer/accession – Destruction • Records should be disposed of at the end of the lifecycle Copyright © AIIM | All rights reserved Source: What is ERM www.aiim.org/training
  25. 25. What is ‘Capture’ ERM System Capture Copyright © AIIM | All rights reserved Source: What is ERM www.aiim.org/training
  26. 26. The purpose of capturing records ▪Establish a relationship between the record and its context ▪Place the record into a controlled environment ▪Link the record to other related records ▪Allow the record to be managed effectively Copyright © AIIM | All rights reserved Source: What is ERM www.aiim.org/training
  27. 27. Why not capture everything? • Hard cost of storage • Volume of non-records to sift through – Operationally – For legal or audit requirements • Increased liability for disclosing too much Copyright © AIIM | All rights reserved Source: What is ERM www.aiim.org/training
  28. 28. So, what is metadata? • Metadata = “Data about data” – For a document or record this means data such as its author, its title, the issue date, and other information which can usefully be associated with it • Nothing new or unique • Defined in terms of units called “Elements” or “Fields.” – Some support “sub-elements” or “attributes” Copyright © AIIM | All rights reserved Source: What is ERM www.aiim.org/training
  29. 29. Perspectives on metadata • Entering metadata is often called “indexing” • Different users of an ERM system will have different views of what metadata can do for them, and what metadata is required – Business perspective – Records management perspective – User perspective Copyright © AIIM | All rights reserved Source: What is ERM www.aiim.org/training
  30. 30. Why is access control necessary? • Ensure ‘systematic control’ and ‘credible evidence’ • Ensure authoritative records • Protect commercially sensitive information • Protect personal information • Limit access to protectively marked information Copyright © AIIM | All rights reserved Source: What is ERM www.aiim.org/training
  31. 31. The objects of user access rights • Provide or limit access to specific classes, files or records • Provide or limit access to features • Provide or limit access by security classification – ‘Need to know’ Copyright © AIIM | All rights reserved Source: What is ERM www.aiim.org/training
  32. 32. Retention periods - 1 • Capturing a record implies need for retention • A record may be retained in different ways – ERM system – Software application – Separate electronic media – Paper Copyright © AIIM | All rights reserved Source: What is ERM www.aiim.org/training
  33. 33. Retention periods - 2 • Records will vary in their intrinsic nature • Some records may need to be retained for very long periods of time • Other records will need to be retained for shorter periods Copyright © AIIM | All rights reserved Source: What is ERM www.aiim.org/training
  34. 34. The benefits of destroying records • Keeping everything forever is expensive – Storage costs – Search and retrieval – Discovery • Courts have held that there is no requirement to keep everything forever • Destroying records reduces risk – When it is done consistently and in accordance with the records program Copyright © AIIM | All rights reserved Source: What is ERM www.aiim.org/training
  35. 35. 3. After ERM => ediscovery 36
  36. 36. Definition & context • E-dicovery is a process to search, localise, secure, identify a data in order to have it as an evidence before the court • Necessity to have a quick result • the right data at the right time • translation sometimes necessary 37Source www.systran.fr
  37. 37. Ediscovery model 38 Source for the next 9 slides: http://edrm.net
  38. 38. 1/information mgt 39
  39. 39. 2/ identification 40
  40. 40. 3/ preservation 41
  41. 41. 4/ collection 42 Collection is the acquisition of potentially relevant electronically stored information (ESI) as defined in the identification phase of the electronic discovery process. The exigencies of litigation, governmental inquiries, and internal investigations generally require that ESI and its associated metadata should be collected in a manner that is legally defensible, proportionate, efficient, auditable, and targeted.
  42. 42. 5/ processing 43
  43. 43. 6/ review 44
  44. 44. 7/ Analyse 45
  45. 45. 8/ Production 46
  46. 46. 9/ Presentation 47
  47. 47. GSA IT Quarterly Forum -- Aug 2007 48 4/ The Sedona Principles: 
 Best Practices Recommendations & Principles for Addressing Electronic Document Production 
 (Second edition, June 2007) The Sedona Guidelines: 
 Best Practices Guidelines & Commentary for Managing Information and Records in the Electronic Age 
 (Sept. 2005)
  48. 48. 49 The Sedona Guidelines – Second work product of working group – Draft published in September 2004 for public comment; published in September 2005. – They are: • Important background and roadmap of issues • Link between RIM, IT and Legal Perspectives • Flexible, Scalable and Reasonable – They are not: • Standards or minimum requirements • Unchangeable
  49. 49. 50 The Sedona Guidelines • 1. An organization should have reasonable policies and procedures for managing its information and records.
  50. 50. 51 The Sedona Guidelines • 2. An organization’s information and records management policies and procedures should be realistic, practical and tailored to the circumstances of the organization.
  51. 51. 52 The Sedona Guidelines • 3. An organization need not retain all electronic information ever generated or received.
  52. 52. 53 The Sedona Guidelines • 4. An organization adopting an information and records management policy should consider including procedures that address the creation, identification, retention, retrieval and ultimate disposition or destruction of information and records.
  53. 53. 54 The Sedona Guidelines • 5. An organization’s policies and procedures must mandate the suspension of ordinary destruction practices and procedures as necessary to comply with preservation obligations related to actual or reasonably anticipated litigation, governmental investigation or audit.
  54. 54. 5. Conclusion 55
  55. 55. Information security manager
  56. 56. Are we ready to be there? 59
  57. 57. Jacques Folon Jacques.folon@ichec.be
  58. 58. Any questions ?

×