Data and Privacy Law: Best Practices

Showing posts with label Best Practices. Show all posts

March 13, 2014

Review of Data Crush-Sometimes You Can Judge A Book By Its Title

By Cary J. Calderone, Esq.

My quick summary of the book: Either crush, or be crushed. The amount of data is growing faster than ever. Data Crush by Chris Surdak explains why this is happening and provides a roadmap for keeping your business on the right side of the tidal wave of data. A key observation Surdak shares is that:

The Internet used to be a tool for telling your customers about your business. Now its real value lies in what it tells you about them.

In other words, you either take advantage of new technology and new data, or, your competitors will, and you may be out of business.

eDiscovery Retreat-Half Moon Bay=Excellent

by Cary J. Calderone, © 2013

I had the pleasure of attending this conference at the Ritz Carlton, Half Moon Bay. The eDiscovery Retreats (formerly Carmel Valley E-Discovery Retreat-www.cvedr.com), were expanded to more locations and re-organized. This two-day event was excellent. There were two tracks running simultaneously that covered the "hows" and the "whys" of e-discovery. There were session topics for the entire range of the EDRM model and there was an excellent Judges' panel that discussed a hypothetical e-discovery case. Readers of this blog know I believe there is no better way to learn about e-discovery than hearing directly from the judges. This panel was no exception and all e-discovery players, whether it is a company that works with an outside e-discovery vendor, or one that may perform their e-discovery in house, learned important checks and procedures so that their efforts will withstand judicial scrutiny.

What Happens At "The Exchange" Gets Even Better

Last year I wrote a very favorable review of the General Counsel Institute's program, "The Exchange." (link here) In brief, I thought the round-table format provided a fun way to hear about E-Discovery law updates and learn great real-world lessons shared by the participants. And yet, I have to be honest, the morning of the 2013 event, I was not enthusiastic about attending. Over the past year, there were no significant developments in E-Discovery law or technology, and I tend to spend too much time at conferences listening to rather boring material. Whatever my initial hesitations were, within the first hour of listening to Browning Marean III (bio) and the group discussion, I was very happy I attended. Here's why.

Geek vs. Geek-Attorneys vs. Information Management Consultants

What laws control this data?

This is the second Geek vs. Geek post. Here we pit lawyers (L-Geeks) against information management consultants (I-geeks). On the one hand, your attorney is legally obligated to protect your communications (attorney-client privilege) and provide you with advice and documentation applicable to your facts and the specific laws as they apply to your legal matter (attorney work product) in accordance with accepted professional standards. On the other hand, I-Geeks, unless they are your employees, are typically not bound by professional conduct standards, conflict of interest rules, or even protecting your privileged information. Outside consultant I-Geeks (it is very rare for an inside I-Geek to bypass internal legal review and protocols) may sign a confidentiality agreement for you, but I have never seen a consulting group operate with safeguards and procedures that were even remotely similar to those employed by L-Geeks. Why is this? Does it matter?

Yahoo Limits Telecommuting-Is It Legal? Is It Smart?

It doesn't look scary. Or, does it?

It seems Marissa Mayer has created a firestorm. Everybody is weighing in on Yahoo's new policy eliminating telecommuting. Some are for it. Many are against it. But, no commentator has addressed the most important and fundamental issues for considering a major organizational change. "What are they doing now and why?" Whether it has been legal advising or Information Management consulting, I have worked with groups and before I would ever consider making a recommendation for a change, I find out what they are currently doing, and why. In the case of Yahoo, I'd like to know how many people currently telecommute? Do they video conference? How often do they make it to the office for face-to-face meetings? Without knowing the answers to these important questions, it would be ridiculous to criticize the move. Moreover, just as any experienced attorney or consultant could, I recognize many reasons why this may be a very smart move.

Geek vs. Geek-What Do You Mean Backup?

Geek vs. Geek

This is the first in a new series of blog posts that will illuminate the communication gap between Legal Geeks and Technology Geeks. For these "Geek vs. Geek" posts, the basic assumptions will always be the same: 1) Both types of geeks, T-Geeks and L-Geeks, are pretty darn smart. 2) Both know quite a bit about their own unique tasks, tools, and responsibilities. 3) Both can be a bit defensive, if not downright surly, when they sense a challenge to their authority coming from a competing "Geekdom." Now that we have the ground rules, the sample hypothetical for this post is about the company Backup or Disaster Recovery Policy. Do you have one? Do you think it is being followed? Maybe. Maybe not.

Shocking General Petraeus Emails

© 2012 Cary J. Calderone, Esq

Let me be clear. The content is not what makes the emails shocking. We do not know the specific content yet. It is the mere fact that the emails exist that is shocking! Here is a simple rule for all those who still do not get it. Use your work email for work and use your personal email for personal matters. If you are going to engage in "inappropriate behavior," it is probably best not to use work computers, or smart phones, or email, at all.

Carmel Valley eDiscovery Retreat

by Cary J. Calderone, Esq.

Last year's inaugural event, held at the Carmel Valley Ranch, was great. This year's was expanded (link to website), and in a new location at the Monterrey Plaza Hotel, so I had to check it out, even if, due to scheduling conflicts, it was only for the first day of the Retreat. Bottom line-I was happy I attended.

Did I learn a lot of new eDiscovery information? No. Was I wowed by new presentation formats or materials? No. However, I did get plenty of insights and takeaways from the attendees and presenters, who are representative of that small cross-section of lawyers and judges who, in addition to knowing the law, also really understand the related technology. Or, as we started to refer to ourselves, "the one-percenters."

ARMA Tri-Chapter Conference-RIM On A Shoestring

I had the pleasure of stopping by the ARMA Tri-Chapter Conference-RIM On A Shoestring, to see if there might be something blog-worthy. Last year, I spoke on a panel. In fair turnabout, I was in the audience for the talk given by R. Scott Murchison of Kaizen InfoSource LLC. Scott has called on me to speak numerous times in the past, and after watching him present, I understand exactly why. We both are hands-on experienced professionals who like to share practical tips we have learned from doing work for clients. This is a direct contradiction to those on the other end of the spectrum, who call themselves, "thought leaders." If you were looking for high lofty thoughts (think SNL Deep Thoughts), that may not apply at all to your real world Data Rules and Electronic Discovery challenges, then this talk was not for you. If however, you appreciate real examples of issues and solutions, then you would have been paying attention and taking notes. I thought it was definitely worthy of a blog post.

What Happens At The Exchange, Stays At The Exchange

by Cary J. Calderone, Esq.

Not really. But after spending a full day at the Executive Counsel Institute's E-Discovery Exchange I find myself not wanting to reveal much about what I learned. In its second year in San Francisco, The Exchange had approximately 4 times more participants (120ish) and that is good because it is the audience participation that makes this format shine. We have all experienced the usual conference. A panel of experts, curated by a vendor, discuss some of the people, processes, and technology, used to deal with the session topic, in the way the vendor believes is best or, at least, best for its product. By the end of the day, or even the hour, it can be both dull and disappointing. This is especially true if you happen to be someone who keeps up with the industry on a regular basis and was in search of more unbiased information. The Exchange is different.

SharePoint Tech Con 2012-First Day Thoughts

by Cary J. Calderone, Esq.

My mission for this conference (link) was to find experts with hands-on experience implementing RIM and governance (i.e., records and file management, legal hold and DRED) via SharePoint 2010. Could it really work? Or, would this be Mission Impossible? Cue the music. Records Center and legal hold management were highly touted feature upgrades to SP 2010 but my research found very little documentation for admins to learn how to effectively implement these features. Further research found that those who did RIM in SP used third party applications to accomplish it. Fortunately, I found a couple of great experts: Amanda Perran and Scott Jamison.

Judge John Facciola Says Discovery Practice Becomes Crucial

by Cary J. Calderone, Esq.

Judge Facciola

For those of you legal professionals and information managers who are avoiding learning more about the technology aspects of electronic information and how it applies to litigation and compliance, you need to listen to the interview Judge John Facciola gave to law.com (link here) on e-discovery training. In his words, "discovery practice becomes crucial." Or, you can read an older post recapping our enjoyable visit with Judge Facciola in 2009, at the RSA Conference (link).

Cloud Connect 2012-Quick Overview and A Few Lessons On The Side

by Cary J. Calderone, Esq.

This was a terrific show with excellent presentations. Here are a few notable comments:

From Steve Wylie

The past was about defining the Cloud. Now it is about the Cloud in action.

From Jesse Robbins of Opscode

Everything breaks at scale.
Train for disaster. Start small, then add large scale fault injection across critical systems.
Failure is multiplicative 99.9 x 99.9 x 99.9 = 99.7% reliability.
Cloud failure has stages like death: Denial, Anger, More Anger, Bargaining, Depression, and finally, Acceptance.

Cloud Connect 2012-Five Things You Need To Do Now

by Cary J. Calderone, Esq.

One of the advantages I have being based here in San Francisco is I can report on technology innovations as they happen in Silicon Valley, long before lawyers get information at legal shows and can consider how these technologies may affect work at their firms. The Cloud Industry Summit was the original focus for what has grown into the Cloud Connect show. Attending last year I felt I had advanced knowledge of what was going on with the Cloud and this year is no different. Kamesh Pemmaraju of Sand Hill spoke of major announcements about new Cloud services that will keep your data for you, behind your firewall. In other words, there is another major security road block that has been cleared for many companies wishing to take advantage of Cloud services. One of the most important best-practice takeaways came from Jim Stikeleather, Chief Innovations Officer, Dell, inc., who kicked off the Industry Summit. He talked about the evolution of the Cloud and gave 5 Things To Do Now!

Data Privacy Rules in the EU, Asia, and USA and How John Cleese Might Summarize

Copyright © 2012 Cary J. Calderone, Esquire

I had the pleasure of attending a terrific breakout session run by Amor Esteban (bio) and William Kellermann (bio). My words would not do their presentation on Cross-Border Discovery and Data Privacy justice. So please forgive me for borrowing the words of John Cleese from The Meaning of Life to summarize:

Before we begin your lesson, would those of you playing in the match this afternoon move your clothes down onto the lower peg, immediately after lunch. before you write your letter home, if you're not getting your hair cut, unless you've got a younger brother going out this weekend as the guest of another boy, in which case collect his note before lunch put it in your letter after you get your haircut and make sure he moves your clothes down to the lower peg for you. (Age restricted Python video clip on Youtube)

Yes it's perfectly simple!

Big Data-Not Just Big Storage Or It May Be A Big Headache

Copyright © 2011 Cary J. Calderone Esq.

Time to give the busy professional's definition of the latest technology buzz phrase, "Big Data." In brief, it is about being able to process and mine very large amounts of data (even petabytes) for business intelligence. Big Data indexing and database technologies, like Hadoop and NoSQL allow for distributed processing that previously was impossible with standard table-based relationship databases. However, too many short-term thinkers will try to implement a Big Data strategy by doing nothing more than keeping everything they can and figuring it out later. This approach is fraught with Big danger.

CEO Bans Email-Maybe Email Really Is Dead

Atos Headquarters Location at Lago Maggiore

A few weeks back I pointed out to DredLaw readers ways that new technology would be superior to email. (Link to article) Now here is a European company, Atos, that is banning employees from using email to communicate with fellow employees (Link to article) and for precisely the same reasons mentioned. They will be using new collaborative tools and instant and video messaging as alternatives. While I applaud the effort, they will have to be very careful with their data retention and privacy programs.

The C-Level Nightmare-Do You Know What You Do Not Know?

Is this your CEO, CTO, or, General Counsel?

This post goes out to all those C-Levels who have not approved pro-active information management and DRED work because, "they can just search and find what they need when they have to." For almost any attorney or e-discovery professional with experience, this cavalier attitude causes a LOL moment. We also call this approach, "head in the sand," or sometimes, "ignorance is bliss...until it's not." After the 9-11 attacks, when the Department of Homeland Security was created, I remember Secretary of Defense, Donald Rumsfeld, speaking about 3 things: 1) What you know as fact, 2) What you do not know but can research and discover and, 3) What you do not know, you do not know. C-Levels who think they will just find what they need, when they have not tested their approach under the threat of pending litigation, are in the last category. They do not know, what they do not know. Not convinced? Then please consider these items:

E-Discovery-Shall we do it ourselves or outsource? The answer is, Yes

Copyright © 2011 Cary J. Calderone

Sometimes customers and prospects can ask me difficult questions. The question on whether to in-source or outsource E-Discovery is an easy question. The answer is, Yes. There is no company, or law firm, no matter how large or small, that should do all or none of their E-Discovery themselves. Where should you draw the line between the two? Now, that is a more challenging question. Here are three factors to consider when deciding:

Social Media Governance-5 Reasons New Technology Applications Are Better Than Email

DredLaw readers know I have mentioned the trend towards using "New Technology" like social media and social enterprise applications, in business. Rypple and Yammer were developed for business use and even Twitter, Facebook, LinkedIn, and Google Plus, are a common consideration for any company looking to market on the internet. Companies are using social style Wikis to manage internal projects. To be sure, I have warned readers about the need to have policies and procedures as a safeguard so their companies can use these New Technology applications in accordance with good data management and DRED practices. But, this post will focus on some of the positives and comparative benefits of using these newer applications. Yes, there are still potential pitfalls to social applications in business. However, when compared to old email policies and practices, social-style applications have the potential to be a tremendous improvement to your organization's computer communications practices, and here are 5 reasons why:

Cary J. Calderone is a California licensed attorney, a former CIPP/US and MCSE. He provides legal counsel to businesses. (see Sand Hill Law® ) He spent the better part of 10 years as a litigator, an additional 8 years as an IT consultant designing and implementing technology solutions and, most recently, has been advising companies on data retention, privacy policies, and litigation strategy. Cary focuses on proactive information and litigation management procedures designed for the newly expanded electronic discovery and privacy rules. Do you know what data you have and where you have it? You can, and you should!

For more information about this blog:

Email info@sandhilllaw.com

March 13, 2014

May 8, 2013

April 1, 2013

March 25, 2013

February 28, 2013

January 20, 2013

November 13, 2012

July 26, 2012

April 30, 2012

March 14, 2012

February 27, 2012

February 17, 2012

February 16, 2012

February 13, 2012

January 17, 2012

December 6, 2011

November 29, 2011

November 13, 2011

September 28, 2011

September 15, 2011