Presentation is loading. Please wait.

Presentation is loading. Please wait.

Digital Document Retention Policies and Post – Enron IT Governance DAVID VAILE Executive Director Baker & McKenzie Cyberspace Law and Policy Centre, UNSW.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Digital Document Retention Policies and Post – Enron IT Governance DAVID VAILE Executive Director Baker & McKenzie Cyberspace Law and Policy Centre, UNSW."— Presentation transcript:

1 Digital Document Retention Policies and Post – Enron IT Governance DAVID VAILE Executive Director Baker & McKenzie Cyberspace Law and Policy Centre, UNSW Faculty of Law

2 Digital Document Retention David Vaile Baker & McKenzie Cyberspace Law and Policy Centre University of NSW, Faculty of Law http://www.bakercyberlawcentre.org/ddr/

3 Introduction Recent changes in governance, cases White paper (copies available on request) Baker & McKenzie, ACLA, suppliers, Galexia Aimed at filling gaps for lawyers, IT, management Starting point only – you need firm-specific advice

4 Sources of IT risk Beyond hackers, viruses and disasters Digital documents as a source of risk Overlap security: create, use, destroy Chaotic hybrid: paper, digital, portable Not just technology: usage, usability, policies

5 Digital documents – Key questions Can you find it when you need it? Have you kept dangerous junk? Do you have a policy? Does it work for users? Do staff know why to keep or destroy?

6 Why does this matter? Business process support PR and public confidence Litigation Governance Efficiency in the back office

7 Examples and fiascos Boeing CEO's embarrassing email McCabe v. British American Tobacco (BAT): embarrassing ‘Evidence Destruction’ policy Enron: built on dodgy digital documents HIH: the inquiry

8 Where it hits the fan: Litigation and preparation for it Critical role of preparation for document analysis 3 teams involved: IT, legal, executive management Three domains: pass the buck? Head in the sand? Beware of being too clever

9 McCabe v. BAT (Vic Sup Ct): Evidence destruction = BAT loses ! Critical documents were scanned 30,000 originals destroyed Although no litigation afoot at the time… BAT anticipated the likelihood of future claims Vic. Supreme Ct, appeal US DOJ very interested in original principle …

10 Types of digital documents — features Email: metadata (relevant for all), logs, contents… Scanned documents: when, where, who? ‘Office’ documents: copies, junk, version Network and infrastructure logs Databases, web: transactions, state

11 Delusions of control? IT as a control system Increasing independence of users Head office/Back office vs wandering road warrior Policy must be realistic and workable

12 Overview of legal issues and compliance Business reasons first Examples of legal obligations The big one: is it “Evidence”? Need specific assessment and advice Document your policy development process Test compliance

13 Sources of DDR legal obligation Legislation (Tax,Corporations, Privacy, Spam Acts…) Special case: rules of court ‘Common law’, cases such as McCabe v. BAT Industry codes (may be enforceable) Contract

14 Who requests the info? Litigation: parties, courts Regulators Law enforcement Customers, suppliers Rivals or tactical litigants

15 Types of obligation (1) Evidence for litigation Legal professional privilege Corporate governance by directors Taxation and money laundering HR, employment, admin, accounting….

16 Types of obligation (cont.) Insurance Personal information: Privacy, Corporations Act IP: copyright, patent, DRMS Marketing: Spam Act Contract and outsourcing Industry good practice

17 Litigation Is litigation contemplated Nature of the industry What documents are relevant Where can we reasonably expect it? Document the creation of a policy And its implementation and review

18 The new corporate governance: Yikes! Sarbanes Oxley (Sox) Basel II, CLERP 9 US approach: litigate first, negotiate later Directors and execs personally liable Suddenly more serious! IT risks too; corporate governance response

19 Digital Document Retention Policy: First step to a solution? Systematic and documented practice Can justify destruction or retention Contents of a Digital Document Retention Policy Implementation How to refine a DDR policy

20 Steps to assess for Archiving/Destruction Required for current use? Required by contract? Required by law or regulation? Limitation period still applicable? Required for business reasons? Required for litigation?

21 Guidelines for inclusion in policy Sedona Principles (post Enron) AS ISO 15489 ‘Records Mgt.’ (AS 4309) US: DoD and NARA International: ISO 15489 EU: Model Requirements for Management of Electronic Records (MoReq)

22 IT contributions to a solution? Document management systems Rich documents and meta data Logs for transactions and accesses Access control, authentication Automated backup, archiving Targeted and reliable recovery

23 Legal contributions to a solution? Analysis of legally significant data Analysis of industry and business Description of obligations Litigation and other risk assessment Draft the document retention policy Governance briefings for board

24 An integrated package: Everyone needs to be aware (KISS) Policy, tools, practices, oversight Integrate w. other policies and routines Existing document management practices Reality checks: audits, reviews Where will you be when it hits the fan?

25 David Vaile Baker & McKenzie Cyberspace Law and Policy Centre University of NSW Faculty of Law http://www.bakercyberlawcentre.org/ddr/

Download ppt "Digital Document Retention Policies and Post – Enron IT Governance DAVID VAILE Executive Director Baker & McKenzie Cyberspace Law and Policy Centre, UNSW."

Similar presentations

IMPS Information Management and Policy Services Information Services Directorate A briefing for all University staff November 2004 New Information Legislation.

IMPS Information Management and Policy Services Information Services Directorate A briefing for all University staff November 2004 New Information Legislation.
Smarter Information Management Presenter: Dianne Macaskill Chief Executive Archives New Zealand.

Smarter Information Management Presenter: Dianne Macaskill Chief Executive Archives New Zealand.
© 2007 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice HP TRIM HP Information Management.

© 2007 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice HP TRIM HP Information Management.
Health Records Management Practitioner

Health Records Management Practitioner
Records Management for UW-Madison Employees – An Introduction UW-Madison Records Management UW-Archives & Records Management 2012 Photo courtesy of University.

Records Management for UW-Madison Employees – An Introduction UW-Madison Records Management UW-Archives & Records Management 2012 Photo courtesy of University.
INFORMATION WITHOUT BORDERS CONFERENCE February 7, 2013 e-DISCOVERY AND INFORMATION MANAGEMENT.

INFORMATION WITHOUT BORDERS CONFERENCE February 7, 2013 e-DISCOVERY AND INFORMATION MANAGEMENT.
E-Discovery in Government Investigations Jeane Thomas, Crowell & Moring LLP February 9, 2009.

E-Discovery in Government Investigations Jeane Thomas, Crowell & Moring LLP February 9, 2009.
W W W. D I N S L A W. C O M E-Discovery and Document Retention Patrick W. Michael, Esq. Dinsmore & Shohl LLP 101 South Fifth Street Louisville, KY 40202.

W W W. D I N S L A W. C O M E-Discovery and Document Retention Patrick W. Michael, Esq. Dinsmore & Shohl LLP 101 South Fifth Street Louisville, KY
Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.

Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.
National Archives and Records Administration, 2003 Federal Records Management for Managers What’s in it for me?

National Archives and Records Administration, 2003 Federal Records Management for Managers What’s in it for me?
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Can records management improve governance in Government? Paul Mullon South African Records Management Forum April 2009.

Can records management improve governance in Government? Paul Mullon South African Records Management Forum April 2009.
EDiscovery and Records Management. Records Management- Historical Perspective- Paper Historically- Paper was the “Corporate Memory” – a physical entity.

EDiscovery and Records Management. Records Management- Historical Perspective- Paper Historically- Paper was the “Corporate Memory” – a physical entity.
Security Controls – What Works

Security Controls – What Works
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.

University of Guelph IT Security Policy Doug Blain Manager, IT Security ISC, April 27th.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.

The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
First Practice - Information Security Management System Implementation and ISO 27001 Certification.

First Practice - Information Security Management System Implementation and ISO Certification.

Similar presentations

Ads by Google