CRM- Part 2- Records and Information Creation and Use

eDiscovery process steps

1. Identification (what should be preserved) 2.Preservation (legal hold) 3. Collection (gather information) 4. Processing (preparing for attorney review and analysis) 5.Review (evaluating ESI for attorney/client privilege info) 6. Analysis (evaluating ESI for content and context) 7. Production (gathering the material to be presented) 8. Presentation (how electronic evidence is displayed as evidence)

Data map

A catalog of an organizations electronic data by category, location including how it is stored, its accessibility, and associated retention policies and procedures. It should answer: What specific information exists? What is the volume of data? What period of time does the data cover? Who and what does the data involve? Where is the data located? What form is the data in?

File

A collection of records or group of related documents

Electronic data interchange (EDI)

A communication procedure between two companies that allows the exchange of standardized documents (most commonly invoices or purchase orders) through computers

records retention schedule

A comprehensive list of records series titles, indicating for each the length of time it is to be maintained

records inventory

A detailed listing that could include the types, locations, dates, volumes, equipment, classification systems, and usage data of an organization's records Usually involves a survey conducted by each department

Scanner

A device used to transform an analog image into a raster graphicay be used to capture pictures or text. Text may be parsed using optical character recognition (OCR) software to turn it into character data. - A _____ designed to read bar codes generates character data rather than an image

Copyright

A form of protection provided by the laws of the United States to the creators of "original works" including literary works, movies, musical works, sound recordings, paintings, photographs, software, live performances, and television or sound broadcasts Owner of ______ has the right to:Reproduce work Prepare other works based upon the work ("derivative works") Distribute copies of the work by sale or other transfer of ownership, or by lease; Perform the work publicly; and Display the copyrighted work publicly Owner also can authorize others to do all of the above

record series

A group of related records filed and used together as a unit and evaluated as a unit for retention purposes

Trade name

A name an owner uses to identify his/her business. They are not registered at the state or federal level, but are registered with local government primarily in the county in which a business operates

plaintiff

A person who brings a case against another in a court of law

defendant

A person, company, etc., whom a claim or charge is brought in court

Trade secrets

A piece of information that has independent economic value by not being generally known and can reasonably be maintained confidential A company is expected to take reasonable precautions to help secure the information's secrecy

Patent

A right granted to an inventor by the federal government that permits the inventor to exclude others from making, selling or using the invention for a period of time. System is designed to encourage inventions that are useful to society. Utility and plant ________s last for 20 years from application date; design ________s last for 14 years.

Legal hold

A situation wherein a business or organization makes changes to its method of records management in order to preserve information because of a pending litigation. In the digital age, it often involves the handling of business data across sophisticated IT architectures May be put in place because of an audit and/or an investigation. This will affect corporate policy in a number of ways. For example, it will often change the rules on how data are backed up in a system, how tape vaults or other storage archives are maintained, and whether physical storage media are recycled

Workflow process map

A visual representation of tasks and processes needed to build a product or accomplish a goal

Trademark

A word, phrase, symbol or design, or a combination of words, phrases, symbols or designs, that identifies and distinguishes the source of the goods of one party from those of others. Ex: Xerox, Exxon and Starbucks

Amendments to the Federal Rules of Civil Procedures, 2008

All electronically stored ifnroamtion is discoverable Parties must pay early attention to electronic information in the discovery process to control scope and expense

Usability of a record

Allow it to be accessed, processed, and understood over time One that can be located, retrieved, presented and interpreted

Risk assessment matrix

Analyze and evaluate risk probability of occurence and the severity of consequences Amount of acceptable loss and still reach goals- risk capacity

Plant patents

Are granted for the invention and asexual reproduction of new and distinct plant varieties, including hybrids. Asexual reproduction means plant is reproduced by means other than from seeds, such as by grafting or rooting of cuttings

Design patents

Are granted to protect the unique appearance or design of manufactured objects, such as the surface ornamentation or overall design of the object

Departmental taxonomy/ business-unit based taxonomy

Based on the organizational chart

Subject taxonomy

Based on the subjects of information with which and organization might deal

Official record

Can be determined by a records inventory A significant, vital, or important record of continuing value to be protected, managed, and retained according to established retention schedules

Electronic record

Can be readily accessed or changes and is stored on electronic storage media Often referred to as a machine readable record

Metadata for electronic messages

Can be used to identify a record as legally acceptable document when presented as evidence in a legal proceeding Maintain the context of a record and support searching, retrieval, and display

Workflow and records management

Can link all information types - hard copy files, electronic files, email, unstructured data, or web content to the established categories and retention rules so they can be effectively managed

Public records

Category of records available to the public ex. financial statements Information on websites Still subject to copyright, trademark

Health Insurance Portability and Accountability Act (HIPAA), Privacy Rule 2001

Creates national standards to protect individual's medical records and other personal health information Gives patients more control over their health information Establishes appropriate safeguards that healthcare providers and others must achieve to protect the privacy of health information

Records and information lifecycle

Creation, distribution, use, maintenance, and disposition

Protecting electronic records

Do not use computer hard drives (C: drives) to store sensitive information. Instead, store sensitive information in formally established electronic record-keeping systems or, in the absence of such systems, in secured network drives Regularly clean up computers and network locations by destroying superseded or obsolete records that have met their retention periods Recognize that deleting electronic records is not the same as destroying them

Non-record

Draft, worksheet, routine memo, convenience copy

Unstructured data

Electronic information created or obtained by end users where the information is not stored in tables in a relational database system Emails, word processing documents, spreadsheets, and videos

Electronic records security

Ensure that only authorized personnel have access to electronic records; Backup and recovery of records to protect against information loss; Personnel are trained in how to safeguard sensitive or classified electronic records; Minimized risk of unauthorized alteration or erasure of electronic records; Ensure that electronic records security is included in computer systems security plans;

Information

Facts provided or learned about something or someone In computing, data as processed, stored, or transmitted by a computer

Protecting physical records

Fit doors and windows in all offices and records storage areas with strong locks. Keep filing cabinets and other records storage areas locked at all times when not in use. Label all files, folders, and boxes so that their contents, dates, and extent are clear. Equip offices and storage areas with fire and security alarms and test alarms regularly. Only permit access to records storage areas to a small number of qualified personnel. Supervise all external visitors whenever they are in offices or records storage areas. Conduct regular security and facility inspections for all work spaces or records storage areas. Transfer records with ongoing value to archives according to records retention schedules. Destroy obsolete and superseded records securely as soon as they are no longer needed. Maintain full documentation about all records destroyed or transferred

Qualitative risk assessment

Group discussions Based on physical survey of records Threats evaluated in general terms

How to build and maintain an ESI Data Map

Identify IT systems, applications, programs and platforms Identify systems relevant to discovery Organize by priority Keep info up to date

Key Functions of Compliance

Identify risks and provide guidance Design and implement controls to protect from risks Monitor and report on effectiveness of controls Resolve compliance difficulties To advise the organization on risks, rules, and controls

Data culling

In e-discovery, involves limiting the data set to the ESI that is likely to be relevant. It should be an ongoing, iterative process. Of course, targeting in the initial collection only appropriate custodians, data sources and relevant date ranges may be the best and least expensive form of ____. Some applications allow certain pre-processing ____, such as de-NISTING and applying date range and custodian limitations before the ESI is loaded into the processing application. Although these pre-processing tools also may generate costs, they are often at lower rates than full-blown processing. Typically not done during the document review phase.

Spoliation of evidence

Including the destruction of physical evidence, alteration of digital records, or other changes that can be damaging to the defense

Descriptive metadata

Information describing the intellectual content of the object Document title, author, description keyword Standards exist to facilitate interoperability

Servicemark

It identifies and distinguishes the source of a service rather than a product. Ex: Google may brand certain products with a trademark, but use a service mark on the internet searching service that it provides

Types of risks to records

Malicious destruction Accidental destruction Careless handling Misfiled records Stolen recorded information Computer hardware and software failures Tampering Improper disclosure of recorded information

Migration of electronic records

Must be able to retain records in usable format for their authorized disposition date Ensure information is not lost Standard interchange format (XML or ASCII) Compatibility with current hardware and software

Converstion

Need for long-term electronic preservation Changing legacy documents and records from one format, storage media, application, and/or system to another

Data loss prevention

Notify sender if sending confidential info can block transmissions without authorizations

Audits for compliance

Once records are identified, periodic ____should be performed Reports should be sent to top management

Risk control

One storage location is easier to secure than many. In this respect, centralized records repositories are preferable to decentralized ones. Access to vital records storage areas should be limited to a single supervised entrance. Access should be restricted to authorized individuals who have a specific business reason for entering such areas. Employees should be instructed to challenge and report suspect persons who enter vital records repositories. Vital records should be filed in locked drawers, cabinets, or other metal containers until needed and returned to their filing locations immediately after use. Confidential personal data, trade secrets, or other sensitive information should not be stored in mobile computing devices, which are easily stolen. Vital electronic records stored on networked computers can be accessed, and possibly damaged, by remote users. Physical security measures must consequently be supplemented by safeguards against electronic intrusion. Access to computer workstations must be restricted to authorized employees. Computer workstations should be turned off, and locked when possible, when not in use. They should never be left unattended while operational. System software should automatically terminate a computer session after a predetermined period of inactivity

Proprietary information

Only known to the owner- not available to the general public

Functional taxonomy

Organizes itself along different functions performed by an organization- both administrative and operational

Data protection

Passwords- string of characters known to the computer system and a user, who must specify it to gain access to the system Digital signature- a string of characters and numbers added as a code on electronic documents being transmitted by computer Encryption- A method of scrambling data in a predetermined manner at the sending point to protect confidential records

Structural metadata

Physical and or logical structure of complex digital objects Facilitate navigation and presentation

Access control

Physical security (site, building and room access security) Procedural security/ user training (user ids, software installations/ networks, computer) Operating system security (user ID and password) Software application security (minimal password length, password aging, failed login lockout) Database security (only authorized users) Data encryption (non-human readable form)

legal hold

Placed on the scheduled destruction of records that may be relevant to the foreseeable or pending litigation, governmental investigation,, audit, or special requirements

RIM requirements for using collaborative tools

Policy should be in place to state guidelines for acceptable use Access should be defined and controlled through policy Unwanted tools should be blocked from use DoD requirement to make sure all users are aware of potential record value If collaborative tools are used, must be able to record content of records for retention period designated in policy Employees using collaborative tools must be trained on how to use them

Reliability of a record

Qualities that demonstrate its trustworthiness over time One whose contents can be trusted as a full and accurate representation of the transactions, activities or facts to which they attest and can be depended upon in the course of subsequent transactions or activities

Integrity of a record

Quality of being whole and unaltered from loss, tampering, or corruption The record must be protected against unauthorized alteration.

Record

Recorded information, regardless of medium or characteristics, made or received in by an organization that is evidence of its operations and has value requiring its retention for a specific period of time

Quantitative risk assessment

Relies on site visits, discussions and analysis tto identify vulnerabilities Uses numeric calculations to measure the likelihood and impact of losses associated with specific records R=PxC R = risk, P = probability that such a loss will be sustained, C = Cost of the loss.

Migration

Required for long-term electronic preservation Moving data from one info system or storage medium to another while maintaining the record's authenticity, integrity, reliability, and usability

Media migration

Retain records in a usable format for their required retention period and until their authorized disposition date Ensure that information is not lost because of changing technology or deterioration Provide a standard interchange format (ex: ASCII or XML) to permit the exchange of electronic documents between offices using different software or operating systems. Allow for the conversion of storage media to provide compatibility with current hardware and software. Maintain a link between records and their metadata through conversion or migration Ensure that the authorized disposition of the records can be implemented after conversion

Record retention audit

Sampling records Compliance with org policies and procedures Security of records Appropriate methods for destroying confidential info Backup protection for vital records Efficient use of available storage space

Structured data

Searchable data in a database Fields and rows stored in a relational database

Encryption of electronic messages

Secret key encryption password protected Different key used for each message Public key- uses pair of keys, public, and private Digital signatures authenticate other party Provide proof of authenticity of user

RIM Manager's responsibility with respect to intellectual property

Seek legal counsel with regard to the security/preservation of intellectual property Involve Human Resources department when dealing with employee policies and laws governing confidentiality Know Copyright Act, 1976, Intellectual Property Protection and Court Amendments of 2004 provides copyright protection for many forms of print and media works

Metadata

Structured information that describes, explains, locates, or otherwise makes it easier to retrieve, use, or manage an information resource

Confidential records

Such material would cause "damage" or be "prejudicial" to national security if publicly available Records that must be protected from wide distribution or unauthorized access in order to avoid harm to the company or its employees, customers, or suppliers

Secret records

Such material would cause "serious damage" to national security if publicly available

Radio frequency identification (RFID)

Technology that incorporates the use of an electromagnetic or electrostatic frequency to identify an object, animal, or person Does not require direct contact or line-of-sight scanning Complete file room inventories can be done in hours

Interoperability

The ability of different systems to use and exchange information through a shared format

Records disposition

The final destination of records after they have reached the end of their retention period in active and or inactive storage Records may be transferred to an archives for retention, or they may be destroyed

Version control

The management of tracking changes to documents/records and other collections of information Document changes are usually defined by a number or letter code Revision history of collaborative documents

Utility patents

The most common type; granted to new machines, chemicals, and processes

Records classification

The process followed to categorize or group records into retrieval units also know as a file plan

Security classification

The process of assigning restrictions to materials, limiting access to specific individuals, especially for purposes of national security

Risk assessment

The process of evaluating the exposure of records to specific risks

e-discovery

The process of identifying and providing all electronically stored information and records relevant to a legal case

Discovery

The process that compels a party in a lawsuit to disclose evidence and information relevant to the case

Data

The quantities, characters, or symbols on which operations are performed by a computer, being stored and transmitted in the form of electrical signals and recorded on magnetic, optical, or mechanical recording media

Records management taxonomy

The representation of data, upon which the classification of unstructured content is based, within an organization. It may manifest itself as metadata in structured database fields or in folder structures represented to end users from a user interface within a system. It is created to facilitate the correct records management policies within the organization, fulfillment of regulatory compliance, integration to operational and knowledge management systems and the search for information within the organization. It can be applied to physical and or electronic records.

Simple Mail Transfer Protocol (SMTP)

The standard internet protocol for transmitting electronic mail File format for storing data Some data can be lost

Authenticity of a record

The sum of the qualities of a record that establishes the origin, reliability, trustworthiness, and correctness of its content Can be proven to be what it purports to be, to have been created or sent by the person purported to have created or sent it, and to have been created or sent at the time purported

Classification

The systematic identification and arrangement of business activities, and/or records into categories, according to logivally structured conventions, methods, and procedural rules represented in a system

Risk mitigation

The systematic reduction in the extent of exposure to _____ and/or the likelihood of its occurrence

Retention period

The time that records must be kept according to operational, legal, regulatory, and fiscal requirements

Personally identifiable information (PII)

The unique information that can be used either alone or with other sources to identify, contact, or locate an individual In records management 1) A user can access everything except the certain types of sensitive documents, or 2) limit what a user can access based on what they need to do their job (consider how this impacts search results)

Predictive coding

The use of keyword search, filtering and sampling to automate portions of an e-discovery document review. The goal is to reduce the number of irrelevant and non-responsive documents that need to be reviewed manually The software, which is capable of learning from its mistakes, first reviews a sample cluster of documents that have been tagged and categorized manually by a human legal team

Taxonomies: records grouping rationale

They tie together documents with like content, purpose or theme To improve search and retrieval capabilities To identify content creators, owners, and managers To provide an understandable context For retention and disposition scheduling purposes

Auto classification

Tools that use the contents of documents or records, as well as their content in the form of metadata, to make decisions about whether something is a record or not and how it should be classified

Microfilm

Transparent film containing highly reduced copies of documents. High-resolution, low-grain film used make such copies Climate controlled, hardware required Compact, long life, can't mutilate Readers hard to use Illustrations read poorly Original format probably paper

Bar code

Used in the inventory process- a coding system consisting of vertical lines or bars set in a predetermined pattern that, when read by an optical reader, can be converted into machine-readable language Used for tracking locations of documents, folders, or boxes of records

Folksonomy

Uses free-form words to classify documents Useful for updating your taxonomy structure and improves user search experience

Storage types for physical records

Vertical file cabinets Lateral file cabinets Shelf Files Mobile shelving

Record keeping risks

Weak records protection as part of emergency management Inadequate PII and security protections Indiscriminate application of Information technology end tools without effective record-keeping Multiplication of digital records and information, increasing the danger of security breaches, losses, confusion, and mismanagement Lack of awareness of the importance of records as evidence

discovery

When a company is subject to litigation or a lawsuit, all information, records, and other evidence that are relevant to the case must be identified and retrieved

Administrative metadata

When and how information resources were created, the file type, and access rights

optical character recognition (OCR)

machine reading of printed or written characters through the use of light-sensitive materials or devices

interoperability

the ability of different systems to use and exchange information through a shared format