SlideShare une entreprise Scribd logo

The ins and outs of the e-FOI process

Télécharger en tant que PPTX, PDF
Dan Michaluk
Dan Michaluk

A one hour presentation to Ontario FOI administrators in the hospital sector.

Technologie
1  sur  30
The ins and outs of the e-FOI process Dan Michaluk September 26, 2013
Outline • Electronically stored information • FOI and e-FOI compared • Handling database requests • Handling e-mail requests • The privacy problem 2
I’m not selling the e-FOI process today. Paper processing can work well. This is to open options, which may lead to efficiencies, reduce risks and reduce disputes.
Electronically stored information • The data you see is the data you get • Hard to organize • We manually index or code and link to each record by identification number 4
Electronically stored information • ESI has dimensions 5
Electronically stored information • ESI has dimensions 6
Electronically stored information • ESI has dimensions 7
Electronically stored information • ESI has dimensions 8 Metadata describes various attributes of information objects and gives them meaning, context, and organization.
FOI and e-FOI compared Custodians “search” Custodians copy Coordinator reviews Coordinator indexes Coordinator “prepares” 9
FOI and e-FOI compared 10
FOI and e-FOI compared Coordinator collects Coordinator “processes” for responsiveness Coordinator imports to review tool Coordinator tags and redacts for exemptions Coordinator produces electronically 11
FOI and e-FOI compared • Positive • You have greater control over search and retrieval • You’ll have access to metadata and searchable text • No more double or triple printing • Limit • With unstructured data (e.g., e-mails), you can’t avoid a record-by-record review 12
FOI and e-FOI compared • But it’s likely your choice • Requester’s may make the “fox guarding the henhouse” argument • See, for example, MO-2634 • Order suggests that institutions and custodians should be trusted absent a reason to mistrust • Advice – be the benign skeptic, and never, never say you’ve found all the e-mails 13
Database requests 14
Database requests • Producing an “export” at point in time – usually “CSV” or “Tab Delimited” • Common disputes • Fee and feasibility disputes – TPS case from 2009 • Identifiably disputes – see PO-3232 from July 2013 • Exemption of fields – see PO-3017 from Dec 2011 • Third-party disputes – see MO-2985 from June 2013 15
Database requests • The limited definition of record • You have to create a record nowadays, unless the information resides in your head (see M33) • But there two (extraordinary) limits • Not capable of production by means… “normally used by the institution” • “the process of producing [the record] would unreasonably interfere with the operations of an institution.” 16
Database requests • Toronto Police Services (Ontario CA, 2009) • Confirms a duty to export and mask identity • If you can do it with means “normally used” you must do it subject to “unreasonable interference” • Still a question about whether the required use of hardware and software not “normally used” is a basis for declining to answer (though it is clear if you don’t have normal use of the expertise you are clear) 17
Database requests • Order PO-2752 from January 2009 • Example of the “unreasonable interference limit” • OTIS request for data in “linkable” form • 1,377.50 hours of work • By specialized staff • Legitimate security concerns 18
Database requests • Tips on fee and feasibility issues • Build a relationship with IT • Build a basic understanding of technical concepts • Be very skeptical of large fees and claims that “it can’t be done” • Consider using an outside contractor to deal with real operational concerns (chargeable at 100%) • Provide detailed evidence to the IPC in an affidavit 19
Database requests • Gombu (Divisional Court, 2002) • Database of electronic campaign contribution data • Most of the information was already public, but in physical form • IPC finds and unjustified invasion on the balance • Divisional Court - Production of electronic information not reasonably associated with any greater risk of misuse 20
Database requests • The notification problem • What if the requester wants identifying information? • Head’s duty mandatory – reason to believe might (and SCC says give notice in Merck) • Necessary, but costly and unfunded • This will lead institutions to deny access • IPC may bear the burden of notification on appeal, as in PO-3017 21
E-mail requests • The problems with e-mail • There are duplicates and near duplicates • Search is expensive because they are unorganized • Review for exemptions is unfunded, very time consuming and very difficult to automate • There is an interest in e-mails not stored “actively” – i.e. in archive (good), on tape (bad) or 22
E-mail requests • MO-2154 • Requester asks for e-FOI, asks for deleted e-mails • IPC denies cost of acquiring hardware • Affirms $12,500 for fees to outside vendor • Shows – requesters can get what they ask for • Shows – use of outside vendors can be legitimate • See also MO-2764 (also some evidence that outsourcing was reasonable) 23
E-mail requests • Deleted e-mails and e-mails on backup • Go back and talk to the requester about cost • Talk about duplication in active storage • Backup is probably a more cost effective alternative to restoring deleted e-mails in most cases • Identify the number of backup tapes from the event to the date of the request • Let’s go to the first tape before the story hit the news 24
E-mail requests • PO-3050 • In general, an access request for emails does not require a routine search of backup tapes for deleted emails unless there is a reason to assume that such a search is required, based on evidence that responsive records may have been deleted or lost. 25
E-mail requests • Text messages • They are records subject to the two limits • They can be logged and logs are easy to deal with • If not logged, they may be stored on phones • Can be exported from phones, but the process is awkward given how people use text message services 26
The privacy problem • R v Cole • Establishes a limited ( “not entirely eliminated”) expectation of privacy • If there is personal use there will always be a privacy issue, regardless of policy • Employers can act reasonably for a legitimate purpose 27
The privacy problem • Policy prescriptions • Policy can’t eliminate privacy but can help • Prepare your public sector employees for e-FOI! • Tell them that the choice to engage in personal use on a work system comes with a sacrifice • Give an express warning about e-FOI • Also warn – work is done on our system unless pursuant to a reasonable BYOD policy 28
Dan Michaluk daniel-michaluk@hicksmorley.com (416) 864-7253 www.allaboutinformation.ca 29
The ins and outs of the e-FOI process Dan Michaluk September 26, 2013

Recommandé

What Every Attorney Needs to Know
What Every Attorney Needs to KnowWhat Every Attorney Needs to Know
What Every Attorney Needs to KnowBoyarMiller
 
Electronic files are records too
Electronic files are records tooElectronic files are records too
Electronic files are records tooBob Larrivee
 
Computer Forensics-An Introduction of New Face to the Digital World
Computer Forensics-An Introduction of New Face to the Digital WorldComputer Forensics-An Introduction of New Face to the Digital World
Computer Forensics-An Introduction of New Face to the Digital Worldrahulmonikasharma
 
PPIT Lecture 9
PPIT Lecture 9PPIT Lecture 9
PPIT Lecture 9Kashif Sohail
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information PrivacyPerry Slack
 
The role and value of making data inventories
The role and value of making data inventoriesThe role and value of making data inventories
The role and value of making data inventoriesOpen Knowledge Belgium
 
PPIT Lecture 8
PPIT Lecture 8PPIT Lecture 8
PPIT Lecture 8Kashif Sohail
 
PPIT Lecture 4
PPIT Lecture 4PPIT Lecture 4
PPIT Lecture 4Kashif Sohail
 

Recommandé

What Every Attorney Needs to Know
What Every Attorney Needs to KnowWhat Every Attorney Needs to Know
What Every Attorney Needs to KnowBoyarMiller
 
Electronic files are records too
Electronic files are records tooElectronic files are records too
Electronic files are records tooBob Larrivee
 
Computer Forensics-An Introduction of New Face to the Digital World
Computer Forensics-An Introduction of New Face to the Digital WorldComputer Forensics-An Introduction of New Face to the Digital World
Computer Forensics-An Introduction of New Face to the Digital Worldrahulmonikasharma
 
PPIT Lecture 9
PPIT Lecture 9PPIT Lecture 9
PPIT Lecture 9Kashif Sohail
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information PrivacyPerry Slack
 
The role and value of making data inventories
The role and value of making data inventoriesThe role and value of making data inventories
The role and value of making data inventoriesOpen Knowledge Belgium
 
PPIT Lecture 8
PPIT Lecture 8PPIT Lecture 8
PPIT Lecture 8Kashif Sohail
 
PPIT Lecture 4
PPIT Lecture 4PPIT Lecture 4
PPIT Lecture 4Kashif Sohail
 
BYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereBYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereJim Brashear
 
Privacy and personal information
Privacy and personal informationPrivacy and personal information
Privacy and personal informationUc Man
 
Chapter 5_dp-_pertemuan_7_8
Chapter 5_dp-_pertemuan_7_8 Chapter 5_dp-_pertemuan_7_8
Chapter 5_dp-_pertemuan_7_8UNIVERSITAS TEKNOKRAT INDONESIA
 
ZyLAB ACEDS Webinar- GDPR
ZyLAB ACEDS Webinar- GDPR ZyLAB ACEDS Webinar- GDPR
ZyLAB ACEDS Webinar- GDPR Annelore van der Lint
 
An information management update for in house counsel
An information management update for in house counselAn information management update for in house counsel
An information management update for in house counselDan Michaluk
 
Hiring and firing in the digital age
Hiring and firing in the digital ageHiring and firing in the digital age
Hiring and firing in the digital ageRobert B. Fitzpatrick, PLLC
 
Wk 7 Case Study Summary Paper_ISSC331_Intindolo
Wk 7 Case Study Summary Paper_ISSC331_IntindoloWk 7 Case Study Summary Paper_ISSC331_Intindolo
Wk 7 Case Study Summary Paper_ISSC331_IntindoloJohn Intindolo
 
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...Winston & Strawn LLP
 
Document Retention And Destruction Power Point
Document Retention And Destruction Power PointDocument Retention And Destruction Power Point
Document Retention And Destruction Power Pointlnarvid
 
20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet Law20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet LawKlemchuk LLP
 
Designing A Compliant Record Retention Policy
Designing A Compliant Record Retention PolicyDesigning A Compliant Record Retention Policy
Designing A Compliant Record Retention Policyrlhicksjr
 
Osgoode pdp e discovery certificate slides
Osgoode pdp e discovery certificate slidesOsgoode pdp e discovery certificate slides
Osgoode pdp e discovery certificate slidesDan Michaluk
 
Chapter 3_dp-pertemuan 4&5
Chapter 3_dp-pertemuan 4&5 Chapter 3_dp-pertemuan 4&5
Chapter 3_dp-pertemuan 4&5UNIVERSITAS TEKNOKRAT INDONESIA
 
Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...
Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...
Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...Khaled El Emam
 
Legal and privacy implications of IoT
Legal and privacy implications of IoTLegal and privacy implications of IoT
Legal and privacy implications of IoTAndres Guadamuz
 
Privacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyPrivacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyIshay Tentser
 
Ten Common e-Discovery Mistakes to Avoid in Wage and Hour Cases
Ten Common e-Discovery Mistakes to Avoid in Wage and Hour Cases Ten Common e-Discovery Mistakes to Avoid in Wage and Hour Cases
Ten Common e-Discovery Mistakes to Avoid in Wage and Hour CasesNadia Brannon
 
Digital Crime & Forensics - Report
Digital Crime & Forensics - ReportDigital Crime & Forensics - Report
Digital Crime & Forensics - Reportprashant3535
 
A foundation for breach data analysis
A foundation for breach data analysisA foundation for breach data analysis
A foundation for breach data analysisAlexander Decker
 
MIS ppt 1
MIS ppt 1MIS ppt 1
MIS ppt 1Pankaj Nandurkar
 
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...Cengage Learning
 
Investigating without running afoul of privacy laws
Investigating without running afoul of privacy lawsInvestigating without running afoul of privacy laws
Investigating without running afoul of privacy lawsDan Michaluk
 

Contenu connexe

Tendances

BYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereBYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereJim Brashear
 
Privacy and personal information
Privacy and personal informationPrivacy and personal information
Privacy and personal informationUc Man
 
An information management update for in house counsel
An information management update for in house counselAn information management update for in house counsel
An information management update for in house counselDan Michaluk
 
Wk 7 Case Study Summary Paper_ISSC331_Intindolo
Wk 7 Case Study Summary Paper_ISSC331_IntindoloWk 7 Case Study Summary Paper_ISSC331_Intindolo
Wk 7 Case Study Summary Paper_ISSC331_IntindoloJohn Intindolo
 
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...Winston & Strawn LLP
 
Document Retention And Destruction Power Point
Document Retention And Destruction Power PointDocument Retention And Destruction Power Point
Document Retention And Destruction Power Pointlnarvid
 
20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet Law20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet LawKlemchuk LLP
 
Designing A Compliant Record Retention Policy
Designing A Compliant Record Retention PolicyDesigning A Compliant Record Retention Policy
Designing A Compliant Record Retention Policyrlhicksjr
 
Osgoode pdp e discovery certificate slides
Osgoode pdp e discovery certificate slidesOsgoode pdp e discovery certificate slides
Osgoode pdp e discovery certificate slidesDan Michaluk
 
Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...
Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...
Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...Khaled El Emam
 
Legal and privacy implications of IoT
Legal and privacy implications of IoTLegal and privacy implications of IoT
Legal and privacy implications of IoTAndres Guadamuz
 
Privacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyPrivacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyIshay Tentser
 
Ten Common e-Discovery Mistakes to Avoid in Wage and Hour Cases
Ten Common e-Discovery Mistakes to Avoid in Wage and Hour Cases Ten Common e-Discovery Mistakes to Avoid in Wage and Hour Cases
Ten Common e-Discovery Mistakes to Avoid in Wage and Hour CasesNadia Brannon
 
Digital Crime & Forensics - Report
Digital Crime & Forensics - ReportDigital Crime & Forensics - Report
Digital Crime & Forensics - Reportprashant3535
 
A foundation for breach data analysis
A foundation for breach data analysisA foundation for breach data analysis
A foundation for breach data analysisAlexander Decker
 

Tendances (20)

BYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereBYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data Everywhere
 
Privacy and personal information
Privacy and personal informationPrivacy and personal information
Privacy and personal information
 
Chapter 5_dp-_pertemuan_7_8
Chapter 5_dp-_pertemuan_7_8 Chapter 5_dp-_pertemuan_7_8
Chapter 5_dp-_pertemuan_7_8
 
ZyLAB ACEDS Webinar- GDPR
ZyLAB ACEDS Webinar- GDPR ZyLAB ACEDS Webinar- GDPR
ZyLAB ACEDS Webinar- GDPR
 
An information management update for in house counsel
An information management update for in house counselAn information management update for in house counsel
An information management update for in house counsel
 
Hiring and firing in the digital age
Hiring and firing in the digital ageHiring and firing in the digital age
Hiring and firing in the digital age
 
Wk 7 Case Study Summary Paper_ISSC331_Intindolo
Wk 7 Case Study Summary Paper_ISSC331_IntindoloWk 7 Case Study Summary Paper_ISSC331_Intindolo
Wk 7 Case Study Summary Paper_ISSC331_Intindolo
 
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...
 
Document Retention And Destruction Power Point
Document Retention And Destruction Power PointDocument Retention And Destruction Power Point
Document Retention And Destruction Power Point
 
20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet Law20 New Trends and Developments in Computer and Internet Law
20 New Trends and Developments in Computer and Internet Law
 
Designing A Compliant Record Retention Policy
Designing A Compliant Record Retention PolicyDesigning A Compliant Record Retention Policy
Designing A Compliant Record Retention Policy
 
Osgoode pdp e discovery certificate slides
Osgoode pdp e discovery certificate slidesOsgoode pdp e discovery certificate slides
Osgoode pdp e discovery certificate slides
 
Chapter 3_dp-pertemuan 4&5
Chapter 3_dp-pertemuan 4&5 Chapter 3_dp-pertemuan 4&5
Chapter 3_dp-pertemuan 4&5
 
Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...
Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...
Big Data Meets Privacy:De-identification Maturity Model for Benchmarking and ...
 
Legal and privacy implications of IoT
Legal and privacy implications of IoTLegal and privacy implications of IoT
Legal and privacy implications of IoT
 
Privacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyPrivacy by design for startups: legal and technology
Privacy by design for startups: legal and technology
 
Ten Common e-Discovery Mistakes to Avoid in Wage and Hour Cases
Ten Common e-Discovery Mistakes to Avoid in Wage and Hour Cases Ten Common e-Discovery Mistakes to Avoid in Wage and Hour Cases
Ten Common e-Discovery Mistakes to Avoid in Wage and Hour Cases
 
Digital Crime & Forensics - Report
Digital Crime & Forensics - ReportDigital Crime & Forensics - Report
Digital Crime & Forensics - Report
 
A foundation for breach data analysis
A foundation for breach data analysisA foundation for breach data analysis
A foundation for breach data analysis
 
MIS ppt 1
MIS ppt 1MIS ppt 1
MIS ppt 1
 

Similaire à The ins and outs of the e-FOI process

E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...Cengage Learning
 
Investigating without running afoul of privacy laws
Investigating without running afoul of privacy lawsInvestigating without running afoul of privacy laws
Investigating without running afoul of privacy lawsDan Michaluk
 
Internal Investigations and the Cloud
Internal Investigations and the CloudInternal Investigations and the Cloud
Internal Investigations and the CloudDan Michaluk
 
Eating the elephant
Eating the elephantEating the elephant
Eating the elephantRamece Cave
 
New Technologies in the Workplace: Privacy Issues
New Technologies in the Workplace: Privacy IssuesNew Technologies in the Workplace: Privacy Issues
New Technologies in the Workplace: Privacy Issueslgarib
 
BoyarMiller – What Every Attorney Needs to Know Regarding Document Retention,...
BoyarMiller – What Every Attorney Needs to Know Regarding Document Retention,...BoyarMiller – What Every Attorney Needs to Know Regarding Document Retention,...
BoyarMiller – What Every Attorney Needs to Know Regarding Document Retention,...BoyarMiller
 
CERN 5 Things you should know about Data Protection
CERN 5 Things you should know about Data ProtectionCERN 5 Things you should know about Data Protection
CERN 5 Things you should know about Data ProtectionEUDAT
 
GDPR Privacy Introduction
GDPR Privacy IntroductionGDPR Privacy Introduction
GDPR Privacy IntroductionNiclasGranqvist
 
Privacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingPrivacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingRebecca Leitch
 
Privacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingPrivacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingSecurity Innovation
 
Big data needs big protection
Big data needs big protectionBig data needs big protection
Big data needs big protectionNoel Hatch
 
Data Mining and Big Data Challenges and Research Opportunities
Data Mining and Big Data Challenges and Research OpportunitiesData Mining and Big Data Challenges and Research Opportunities
Data Mining and Big Data Challenges and Research OpportunitiesKathirvel Ayyaswamy
 
Gdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationGdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationJames Mulhern
 
Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...
Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...
Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...emermell
 
5 ways to Streamline Your Freedom Of Information Requests
5 ways to Streamline Your Freedom Of Information Requests5 ways to Streamline Your Freedom Of Information Requests
5 ways to Streamline Your Freedom Of Information Requests3Sixty Systems Ltd
 
DMA Legal update: autumn 2013 - Tuesday 1 October
DMA Legal update: autumn 2013 - Tuesday 1 OctoberDMA Legal update: autumn 2013 - Tuesday 1 October
DMA Legal update: autumn 2013 - Tuesday 1 OctoberRachel Aldighieri
 
CS101- Introduction to Computing- Lecture 36
CS101- Introduction to Computing- Lecture 36CS101- Introduction to Computing- Lecture 36
CS101- Introduction to Computing- Lecture 36Bilal Ahmed
 
Small Law Office Management for the Legal Professional
Small Law Office Management for the Legal ProfessionalSmall Law Office Management for the Legal Professional
Small Law Office Management for the Legal ProfessionalShawn J. Roberts
 

Similaire à The ins and outs of the e-FOI process (20)

E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...
 
Investigating without running afoul of privacy laws
Investigating without running afoul of privacy lawsInvestigating without running afoul of privacy laws
Investigating without running afoul of privacy laws
 
Internal Investigations and the Cloud
Internal Investigations and the CloudInternal Investigations and the Cloud
Internal Investigations and the Cloud
 
Eating the elephant
Eating the elephantEating the elephant
Eating the elephant
 
New Technologies in the Workplace: Privacy Issues
New Technologies in the Workplace: Privacy IssuesNew Technologies in the Workplace: Privacy Issues
New Technologies in the Workplace: Privacy Issues
 
BoyarMiller – What Every Attorney Needs to Know Regarding Document Retention,...
BoyarMiller – What Every Attorney Needs to Know Regarding Document Retention,...BoyarMiller – What Every Attorney Needs to Know Regarding Document Retention,...
BoyarMiller – What Every Attorney Needs to Know Regarding Document Retention,...
 
CERN 5 Things you should know about Data Protection
CERN 5 Things you should know about Data ProtectionCERN 5 Things you should know about Data Protection
CERN 5 Things you should know about Data Protection
 
GDPR Privacy Introduction
GDPR Privacy IntroductionGDPR Privacy Introduction
GDPR Privacy Introduction
 
Privacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingPrivacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be Telling
 
Privacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingPrivacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be Telling
 
Big data needs big protection
Big data needs big protectionBig data needs big protection
Big data needs big protection
 
Data Mining and Big Data Challenges and Research Opportunities
Data Mining and Big Data Challenges and Research OpportunitiesData Mining and Big Data Challenges and Research Opportunities
Data Mining and Big Data Challenges and Research Opportunities
 
Gdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationGdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulation
 
Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...
Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...
Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...
 
Chapter 3
Chapter 3Chapter 3
Chapter 3
 
Get you and your business GDPR ready
Get you and your business GDPR readyGet you and your business GDPR ready
Get you and your business GDPR ready
 
5 ways to Streamline Your Freedom Of Information Requests
5 ways to Streamline Your Freedom Of Information Requests5 ways to Streamline Your Freedom Of Information Requests
5 ways to Streamline Your Freedom Of Information Requests
 
DMA Legal update: autumn 2013 - Tuesday 1 October
DMA Legal update: autumn 2013 - Tuesday 1 OctoberDMA Legal update: autumn 2013 - Tuesday 1 October
DMA Legal update: autumn 2013 - Tuesday 1 October
 
CS101- Introduction to Computing- Lecture 36
CS101- Introduction to Computing- Lecture 36CS101- Introduction to Computing- Lecture 36
CS101- Introduction to Computing- Lecture 36
 
Small Law Office Management for the Legal Professional
Small Law Office Management for the Legal ProfessionalSmall Law Office Management for the Legal Professional
Small Law Office Management for the Legal Professional
 

Plus de Dan Michaluk

Ecno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptxEcno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptxDan Michaluk
 
Critical Issues in School Board Cyber Security
Critical Issues in School Board Cyber SecurityCritical Issues in School Board Cyber Security
Critical Issues in School Board Cyber SecurityDan Michaluk
 
Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)Dan Michaluk
 
Higher Education Sexual Violence Presentation
Higher Education Sexual Violence PresentationHigher Education Sexual Violence Presentation
Higher Education Sexual Violence PresentationDan Michaluk
 
Cyber class action claims at an inflection point
Cyber class action claims at an inflection pointCyber class action claims at an inflection point
Cyber class action claims at an inflection pointDan Michaluk
 
The pandemic and privacy
The pandemic and privacyThe pandemic and privacy
The pandemic and privacyDan Michaluk
 
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Dan Michaluk
 
Union access to information
Union access to informationUnion access to information
Union access to informationDan Michaluk
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk GovernanceDan Michaluk
 
Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?Dan Michaluk
 
The Current State of FOI
The Current State of FOIThe Current State of FOI
The Current State of FOIDan Michaluk
 
Cyber, secrecy and the public body
Cyber, secrecy and the public bodyCyber, secrecy and the public body
Cyber, secrecy and the public bodyDan Michaluk
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsDan Michaluk
 
Advocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy UpdateAdvocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy UpdateDan Michaluk
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam ComplianceDan Michaluk
 
Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice Dan Michaluk
 
Role of a breach coach
Role of a breach coachRole of a breach coach
Role of a breach coachDan Michaluk
 
PHIPA for school boards
PHIPA for school boardsPHIPA for school boards
PHIPA for school boardsDan Michaluk
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam ComplianceDan Michaluk
 
Finding internet evidence
Finding internet evidenceFinding internet evidence
Finding internet evidenceDan Michaluk
 

Plus de Dan Michaluk (20)

Ecno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptxEcno cyber - 23 June 2023 - djm(137852631.1).pptx
Ecno cyber - 23 June 2023 - djm(137852631.1).pptx
 
Critical Issues in School Board Cyber Security
Critical Issues in School Board Cyber SecurityCritical Issues in School Board Cyber Security
Critical Issues in School Board Cyber Security
 
Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)Introduction to FOI law (the law of information)
Introduction to FOI law (the law of information)
 
Higher Education Sexual Violence Presentation
Higher Education Sexual Violence PresentationHigher Education Sexual Violence Presentation
Higher Education Sexual Violence Presentation
 
Cyber class action claims at an inflection point
Cyber class action claims at an inflection pointCyber class action claims at an inflection point
Cyber class action claims at an inflection point
 
The pandemic and privacy
The pandemic and privacyThe pandemic and privacy
The pandemic and privacy
 
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
 
Union access to information
Union access to informationUnion access to information
Union access to information
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk Governance
 
Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?Cyber Incident Response - When it happens, will you be ready?
Cyber Incident Response - When it happens, will you be ready?
 
The Current State of FOI
The Current State of FOIThe Current State of FOI
The Current State of FOI
 
Cyber, secrecy and the public body
Cyber, secrecy and the public bodyCyber, secrecy and the public body
Cyber, secrecy and the public body
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analytics
 
Advocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy UpdateAdvocates' Society Tricks of the Trade 2019 - A Privacy Update
Advocates' Society Tricks of the Trade 2019 - A Privacy Update
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam Compliance
 
Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice Cyber Insurance and Incident Response Practice
Cyber Insurance and Incident Response Practice
 
Role of a breach coach
Role of a breach coachRole of a breach coach
Role of a breach coach
 
PHIPA for school boards
PHIPA for school boardsPHIPA for school boards
PHIPA for school boards
 
Privacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam CompliancePrivacy, Data Security and Anti-Spam Compliance
Privacy, Data Security and Anti-Spam Compliance
 
Finding internet evidence
Finding internet evidenceFinding internet evidence
Finding internet evidence
 

Dernier

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 

Dernier (20)

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 

The ins and outs of the e-FOI process

  • 1. The ins and outs of the e-FOI process Dan Michaluk September 26, 2013
  • 2. Outline • Electronically stored information • FOI and e-FOI compared • Handling database requests • Handling e-mail requests • The privacy problem 2
  • 3. I’m not selling the e-FOI process today. Paper processing can work well. This is to open options, which may lead to efficiencies, reduce risks and reduce disputes.
  • 4. Electronically stored information • The data you see is the data you get • Hard to organize • We manually index or code and link to each record by identification number 4
  • 8. Electronically stored information • ESI has dimensions 8 Metadata describes various attributes of information objects and gives them meaning, context, and organization.
  • 9. FOI and e-FOI compared Custodians “search” Custodians copy Coordinator reviews Coordinator indexes Coordinator “prepares” 9
  • 10. FOI and e-FOI compared 10
  • 11. FOI and e-FOI compared Coordinator collects Coordinator “processes” for responsiveness Coordinator imports to review tool Coordinator tags and redacts for exemptions Coordinator produces electronically 11
  • 12. FOI and e-FOI compared • Positive • You have greater control over search and retrieval • You’ll have access to metadata and searchable text • No more double or triple printing • Limit • With unstructured data (e.g., e-mails), you can’t avoid a record-by-record review 12
  • 13. FOI and e-FOI compared • But it’s likely your choice • Requester’s may make the “fox guarding the henhouse” argument • See, for example, MO-2634 • Order suggests that institutions and custodians should be trusted absent a reason to mistrust • Advice – be the benign skeptic, and never, never say you’ve found all the e-mails 13
  • 15. Database requests • Producing an “export” at point in time – usually “CSV” or “Tab Delimited” • Common disputes • Fee and feasibility disputes – TPS case from 2009 • Identifiably disputes – see PO-3232 from July 2013 • Exemption of fields – see PO-3017 from Dec 2011 • Third-party disputes – see MO-2985 from June 2013 15
  • 16. Database requests • The limited definition of record • You have to create a record nowadays, unless the information resides in your head (see M33) • But there two (extraordinary) limits • Not capable of production by means… “normally used by the institution” • “the process of producing [the record] would unreasonably interfere with the operations of an institution.” 16
  • 17. Database requests • Toronto Police Services (Ontario CA, 2009) • Confirms a duty to export and mask identity • If you can do it with means “normally used” you must do it subject to “unreasonable interference” • Still a question about whether the required use of hardware and software not “normally used” is a basis for declining to answer (though it is clear if you don’t have normal use of the expertise you are clear) 17
  • 18. Database requests • Order PO-2752 from January 2009 • Example of the “unreasonable interference limit” • OTIS request for data in “linkable” form • 1,377.50 hours of work • By specialized staff • Legitimate security concerns 18
  • 19. Database requests • Tips on fee and feasibility issues • Build a relationship with IT • Build a basic understanding of technical concepts • Be very skeptical of large fees and claims that “it can’t be done” • Consider using an outside contractor to deal with real operational concerns (chargeable at 100%) • Provide detailed evidence to the IPC in an affidavit 19
  • 20. Database requests • Gombu (Divisional Court, 2002) • Database of electronic campaign contribution data • Most of the information was already public, but in physical form • IPC finds and unjustified invasion on the balance • Divisional Court - Production of electronic information not reasonably associated with any greater risk of misuse 20
  • 21. Database requests • The notification problem • What if the requester wants identifying information? • Head’s duty mandatory – reason to believe might (and SCC says give notice in Merck) • Necessary, but costly and unfunded • This will lead institutions to deny access • IPC may bear the burden of notification on appeal, as in PO-3017 21
  • 22. E-mail requests • The problems with e-mail • There are duplicates and near duplicates • Search is expensive because they are unorganized • Review for exemptions is unfunded, very time consuming and very difficult to automate • There is an interest in e-mails not stored “actively” – i.e. in archive (good), on tape (bad) or 22
  • 23. E-mail requests • MO-2154 • Requester asks for e-FOI, asks for deleted e-mails • IPC denies cost of acquiring hardware • Affirms $12,500 for fees to outside vendor • Shows – requesters can get what they ask for • Shows – use of outside vendors can be legitimate • See also MO-2764 (also some evidence that outsourcing was reasonable) 23
  • 24. E-mail requests • Deleted e-mails and e-mails on backup • Go back and talk to the requester about cost • Talk about duplication in active storage • Backup is probably a more cost effective alternative to restoring deleted e-mails in most cases • Identify the number of backup tapes from the event to the date of the request • Let’s go to the first tape before the story hit the news 24
  • 25. E-mail requests • PO-3050 • In general, an access request for emails does not require a routine search of backup tapes for deleted emails unless there is a reason to assume that such a search is required, based on evidence that responsive records may have been deleted or lost. 25
  • 26. E-mail requests • Text messages • They are records subject to the two limits • They can be logged and logs are easy to deal with • If not logged, they may be stored on phones • Can be exported from phones, but the process is awkward given how people use text message services 26
  • 27. The privacy problem • R v Cole • Establishes a limited ( “not entirely eliminated”) expectation of privacy • If there is personal use there will always be a privacy issue, regardless of policy • Employers can act reasonably for a legitimate purpose 27
  • 28. The privacy problem • Policy prescriptions • Policy can’t eliminate privacy but can help • Prepare your public sector employees for e-FOI! • Tell them that the choice to engage in personal use on a work system comes with a sacrifice • Give an express warning about e-FOI • Also warn – work is done on our system unless pursuant to a reasonable BYOD policy 28
  • 30. The ins and outs of the e-FOI process Dan Michaluk September 26, 2013

Notes de l'éditeur

  1. Here's an outline of the presentationExcitedResource to our firm for the last five years or so on e-discoveryHow do we deal with production in civil litigation given the massive volumes of ESI now held by companiesThis is a problem that is truly threatening the viability of civil ligationAlways watching FOI and was interested in how the FOI process was doing pretty well -less adversarial -good IPC decisions -knowledgeable FOI administrators!
  2. So I don't want to screw anything upI'm not suggesting you change your process overnightIf your process is working, greatBut I hope to give a little insight into e-FOI issuesI have a sense they are highly relevantAnd I hope you can take any insights that you derive from this presentation and apply them to your FOI process -more efficient process -with fewer unanticipated costs -and fewer unnecessary disputes
  3. We have to start by discussing what ESI isThink about paper-all the data and information is on the page-think about receiving a big stack of paper like this-you have to do significant work to understand what the stack means -often you'll do this by putting the docs in date order -but that may not be ideal – might make more sense to organize by custodian -or, even better, it might make sense to organize by issue-lots of manual data processing here-once we've got the paper in some order we have to create a manual index -pull data outagain -can be hard because many documents have no standard form -doc name -doc date -author-paper is pretty inferior really
  4. ESI is different – it has dimensions
  5. There's the layer of data – subject matter of the filePicture = image you seeMusic file = the music you listen to
  6. And then there's metadataData separate from the subject matter of the fileSee here
  7. Here's a good definition of metadata that I pulled from a Cornell UniversityIt describes the data… gives it meaning… context and (most importantly for our purposes) organizationESI comes with fairly standard descriptors -file name -author -last modifiedManual indexing is not required, and you have a set of data you can organize and re-organize -you want chronological, arrange by a data metadata field -want a different view, maybe by person, sort by author -or interested in an issue, conduct a word searchIt's all there… that's ESIIt's great really – when you take that e-mail and print it you "degrade" the record – you strip out useful data and you're left with something less useableProblem, of course, is that our volumes have quadrupled, but we're stuck with that whether we process paper or not
  8. Now let's compare and contrast the two processesHere's a traditional FOI processReceive request and interpret itSend search instructions to custodians-custodians keep control over the receptacle in which responsive records sit-field filter based on instructions… risk point rightCustodians apply the search by copying records (paper, forwarded e-mails)-neither are very good copies of the actual recordYou review the documents for responsiveness, exemptionsIndex them, manually record (create a tiff image)Prepare them
  9. Move to electronic processing-make the point that I'm not making this up-this is something called the EDRM-a staged model for discovery-A few things about the model I should point out -It contemplates a process in which ESI is never converted to paper – zero degradation -It recognizes that this is a problem of volume = upward slope relevance, also upward slope in understanding -Arrows back and forth – iterative process
  10. Here's the translation into your FOI worldYou collect, perhaps with IT's help – collect the receptacle or a very broadly defined subset of the receptacle-entire e-mail container file (.pst)-entire hard driveYou process for responsiveness-take all the receptacles, dump them in together-process-remove duplicates (if appropriate)-assess responsiveness-left with a smaller data setImport to a review tool-piece of software that allows you to work with the records – access pro, summation-tag and redact-usually working with tiffs or pdfs for redaction, but can be linked to the native file4. Produce electronically, no copies
  11. Here's a comparison: -your control increases -you can instruction your custodians to search and produce electronically, but often you simply take groups of docs -handling of the records improves because you're using metadata to organize rather than manually indexingThe limit for FOI-In civil litigation you're really looking for relevance and privilege-lots of people are advocating for fully automated processing to reduce the cost of manual review-I don't know how to do that for FOI-There are fifteen exemptions and numerous exclusions in FIPPA -And section 10 says you've got to sever reasonably-Your job is just harder!-Need a good review tool and the time spent reviewing (all unchangeable right now) is going to be significant, even in an e-process-A good tool will facilitate review -Group similar records -If you need to produce duplicates you can at least group them -Some tools help you manage e-mail threats
  12. So you can think about the pros and cons of an e-processThe IPC will likely give you the choice of using any reasonable processSee MO-2634Requester seeking nine specific e-mails sent and received by an employee who claims he never sent and received such e-mailsNo love lost between the requester and the municipal institutionNice search process set out by the senior employee himself (he was an IT administrator) [field-filtering though electronic]Error in spelling a name, but the City re-searched and provided another affidavitReasonable search upheld despite challenge to the independence of the employee who conducted the search[Note there is apparently a US case by a now famous e-discovery judge named ShiraScheindlin in which she suggests that field filtering is somehow irresponsible. Not a practical view.]
  13. Go to two types of requests – database requests and e-mail requestsDatabases = structured data (easy to deal with)E-mail = unstructured data (a nightmare)Screenshot from some data journalism work done by Glen McGregor of the Ottawa CitizenHuge data dump of parking ticket data from City of Ottawa from which he created all these piecesIncluding a piece on the parking officer who has issued far far more tickets than his colleagues – the "Ticket Master"
  14. In theory at least, these request should be pretty easy to deal withJournalists will say this – what's the problem, just export it to diskWe do see disputes though… listed the kinds of database disputes hereI'll discuss the first and fourth in more detail, so will touch on bullets two and three briefly herePO-3232 involves a recent Carleton University case involving access to student grades – Glen McGregor request -example of when a requester says I don't want to know who these people are -institution says all these people will be identifiable -Carleton lost this one… seems like it was reaching pretty far actually -Citizen did publish articles critical of the University's existence and use of external legal counselPO-3017 one I was involved in -database of lottery winners -security sensitive information -nice… structured… 65,000 records but dealing arguing about a one page schematicMO-2985 case about a third-party database software provider claiming that its proprietary intersts would be affected by the disclosure… mostly unsucessful
  15. There are limits – main point is that they are extraordinaryTwo limits… can rely on either of them…
  16. Toronto police serviceAbout a request that involves a technique for masking identityAbout the "normally used" limitSeems like the police had bad evidenceOwn affidavit suggested that replacing identifiers was possibleDecisions suggest that TPS position was that process was ineffective and costlyEnd up – can do it with what's normally used you must do it
  17. This case was going through at the same timeExceeded because the Police adduced better evidence of unreasonable interferenceIt is extreme…-OTIS = offender tracking information system
  18. The first three bullets are about a similar ideaReally important to develop a good relationship with ITSpeak their languageDon't accept their resistance at face valueBe a benign skeptic…If you do not you'll get into a fee and feasibility dispute and loseWatched a talk given by Glen McGregor on YouTubeTells a story of a federal ministry who started with a $400,000 fee estimate that was eventually reduced to $40There was a similar debacle that happened with an Ontario school board in the last yearI know why these happenIT doesn't want to do the work, doesn't feel it its job and tries to trick the person who's askingDon't let that happen…-developing a computer program chargeable at 60 an hour-costs in an invoice from an outside vendor are chargeable at 100%….-provide good evidence, from the technical person-there is a great case … can't recall institution (best) It person swore an affidavit and obviously thought he could trick the IPC-called out for that
  19. Then there are database requests for personal informationHere's one
  20. Recollection hazy = but may have been 8,000 affected individuals
  21. E-mail is hardHere's why…-very important that institutions be given the opportunity to transfer reasonable costs-one thing I question is whether that review time (perhaps capped at a fixed rate) needs to be funded
  22. This illustrates one tactic you can use to deal with a large requestRequester led with a broad request -asked for centralized search -asked for deleted e-mailsDriven to outsource -frankly any request for deleted e-mails will do that -need a forensic expertise -may use the "normally used limit" to deal with that (not aware of case law)Here the institution outsources and generates a large but particularized fee (which it proves) -upheldThink you need to have some basis for outsourcing, not the only option, but a basisI've done this -ask twice to narrow -got an estimate -presented the estimate -requester never proceeded
  23. This is greatA request for e-mails includes e-mails stored everywhere – active and non-active formsReasonable search requirement does not require you to go to backups and other sources of inactive dataGreatEven if the requester tells you – right to be the receive the fruits of a reasonable search, not a right to control your search..But, beware of missing e-mails