Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT Preservation Holds and Public Information Requests

Published byUgo Paolini Modified over 5 years ago

Similar presentations

Presentation on theme: "IT Preservation Holds and Public Information Requests"— Presentation transcript:

1 IT Preservation Holds and Public Information Requests
eDiscovery Willis Marti CISO Zachary Cox Senior IT Policy Analyst

2 Agenda Introduction IT Preservation Holds (OGC)
Public Information Requests (Open Records)

3 Why is CISO involved? Bridge communication gap between OGC and university IT staff Validate and authorize ESI preservation and collection in accordance to university rules, SAPs, and information security controls Texas A&M Information Security Control AC-5 Separation of Duties

4 Definition “Electronic discovery (also E-discovery or ediscovery) refers to discovery in legal proceedings such as litigation, government investigations, or Freedom of Information Act requests, where the information sought is in electronic format (often referred to as electronically stored information or ESI).” - Various (2009). Eoghan Casey, ed. Handbook of Digital Forensics and Investigation. Academic Press. p. 567. ISBN 

5 The eDiscovery Lifecycle
Identification Preservation Collection Processing Review

6 Public Information Requests
Two Similar Processes IT Preservation Holds Public Information Requests Legal proceeding Litigation Texas Public Information Act (TPIA) requests Process Owner Office of General Council TAMU Open Records ESI Coordinator TAMU CISO TAMU unit liaison Time to Resolution Months to Years 10 Days eDiscovery Solution AccessData eDiscovery Exchange eDiscovery, manual searches

7 IT Preservation Holds - Overview
TAMUS IT Preservation Standard Roles eDiscovery Lifecycle AccessData eDiscovery

8 IT Preservation Holds - Roles
ESI Preservation Coordinator Chief Information Security Officer Preservation Personnel Texas A&M IT staff Unit IT staff TAMU Human Resources Provost Named Person Custodians identified as having ESI to be preserved

9 IT Preservation Holds - eDiscovery
Variables OGC instructions to CISO for ESI preservation and collection vary by: Case Attorney and paralegal assistant Usage of AccessData Not all TAMU custodians have mailboxes on Exchange Shared Service

10 IT Preservation Holds - eDiscovery
Phase 1: Identification Notifications OGC to CISO: Notice to Identify IT Staff OGC to IT Staff: Notice to IT Personnel OGC to Custodian: Notice to Preserve Data Data Sources University and unit IT Staff knowledge Exchange mailbox, network shares, etc Custodian e-discovery questionnaire answers In-depth knowledge of the data, personal devices and cloud services, etc

11 IT Preservation Holds - eDiscovery
Phase 2: Preservation Texas A&M IT Enable “In-Place Hold” on Exchange Shared Service mailbox (as applicable) Enable NetID hold through Identity Management Office Enable holds on all identified Texas A&M IT services Unit IT Custodian

12 IT Preservation Holds - eDiscovery
Phase 3: Collection Texas A&M IT Prepare ESI for collection CISO delivers all ESI to OGC per their instructions Unit IT and Custodian CISO and Unit IT will make arrangements for transfer Chain of Custody form required

13 AccessData eDiscovery
Fully-featured eDiscovery tool Adopted early-mid CY 2016 for some new litigation matters Instance owned by OGC Hosted on Texas A&M IT infrastructure User accounts limited to OGC discretion Requires significant training to utilize effectively Not for Public Information Requests

14 IT Preservation Holds - Notice to IT Personnel

15 IT Preservation Holds - Active Holds

16 IT Preservation Holds - Active Holds

17 IT Sample Custodian Notice

18 Public Information Requests - Overview
Short timeframe with hard deadlines (10 Days) Roles and Responsibilities Challenges for eDiscovery Streamlining eDiscovery Defining Search Criteria for Exchange Reviewing, correcting, and submitting Exchange search results

19 Public Information Requests - Timeframe
By law, Texas A&M University has 10 days to provide requested information after initial request Includes time for coordination between Open Records, unit liaisons, unit IT staff, and TAMU IT. Must also factor time to review and remove extraneous search results

20 Public Information Requests - Roles
Open Records Receives request Coordinates with unit liaisons Reviews results and finalizes PIR Unit Liaison Coordinates with unit IT staff and TAMU IT Reviews results before submitting to Open Records May only coordinate and receive data for own unit TAMU IT Performs extraction of data per unit liaison criteria on relevant TAMU IT services (e.g. Exchange) Offers SME expertise (where applicable)

21 Challenges for eDiscovery
PIRs can be vague or overly-specific Unit liaisons are responsible for identifying search criteria. The better the search criteria, the better the search results Not all potential data sources may be known Specifically file shares, relevant data locations, shared mailboxes is “easy”

22 Challenges for eDiscovery (cont.)
eDiscovery tools and techniques are fragmented Exchange: In-Place eDiscovery search Hodgepodge of solutions for searching other data sources Implementing AccessData or similar solution might be too cumbersome in a tight time frame PIRs sometimes evolve into litigation, minimal verbosity is preferred

23 Streamlining eDiscovery
Ensure operational inefficiencies are minimized Communicate efficient search criteria for Exchange search Be proactive in understanding customer data and the surrounding IT environment

24 Defining Search Criteria for Exchange
Texas A&M IT CANNOT define search criteria for you. Suggestions may be offered, but must be confirmed by unit liaison. Fields Mailbox to search Keywords Can be layered using order of operations AND, OR, NOT, NEAR Start and end dates Senders and Recipients

25 Example Request: “I want all s between the provost and president regarding the expected number of graduates in Fall 2016.” Mailbox Keywords (“graduates” OR “students”) AND (“number” OR “expected” OR “count” OR “total”) AND (“fall” AND “2016”) Date Range None is specified. Search for all. From To Leave blank. Using just the “From” will limit extraneous .

26 Public Information Requests - Review
After Exchange is extracted, PST files will be sent back to units immediately. Unit liaisons should open returned PST files and validate the search results If severely erroneous search results (thousands of hits), work with TAMU IT to refine search criteria. Remove extraneous s Once validated, send to Open Records

27 Questions?

Download ppt "IT Preservation Holds and Public Information Requests"

Similar presentations

Litigation Holds: Don’t Live in Fear of Spoliation Jason CISO – University of Connecticut October 30, 2014 Information Security Office.

Litigation Holds: Don’t Live in Fear of Spoliation Jason CISO – University of Connecticut October 30, 2014 Information Security Office.
INFORMATION WITHOUT BORDERS CONFERENCE February 7, 2013 e-DISCOVERY AND INFORMATION MANAGEMENT.

INFORMATION WITHOUT BORDERS CONFERENCE February 7, 2013 e-DISCOVERY AND INFORMATION MANAGEMENT.
E-Discovery for System Administrators Russell M. Shumway.

E-Discovery for System Administrators Russell M. Shumway.
Project Planning and Management in E-Discovery DAVID A. ELLIS – MAYER BROWN BROWNING E. MAREAN – DLA PIPER.

Project Planning and Management in E-Discovery DAVID A. ELLIS – MAYER BROWN BROWNING E. MAREAN – DLA PIPER.
Electronic Official Personnel Folder (e-OPF) for Federal Employees 2014.

Electronic Official Personnel Folder (e-OPF) for Federal Employees 2014.
1 © Copyright 2008 EMC Corporation. All rights reserved. Litigation Response Planning: eDiscovery Best Practices Stephen O’Leary Sr. eDiscovery and Compliance.

1 © Copyright 2008 EMC Corporation. All rights reserved. Litigation Response Planning: eDiscovery Best Practices Stephen O’Leary Sr. eDiscovery and Compliance.
Electronic Discovery (eDiscovery) Chad Meyer & John Vyhlidal ConAgra Foods.

Electronic Discovery (eDiscovery) Chad Meyer & John Vyhlidal ConAgra Foods.
Property Custodian Meeting July 10, 2012. Review of USM Internal Auditor Findings  Excerpt from the USM Internal Auditors report dated May 31, 2012:

Property Custodian Meeting July 10, Review of USM Internal Auditor Findings  Excerpt from the USM Internal Auditors report dated May 31, 2012:
Mandatory Annual ACE Training Fiscal Year 2011 – 2012.

Mandatory Annual ACE Training Fiscal Year 2011 – 2012.
United States Army Freedom of Information Act (Freedom of Information Act Managerial Training)

United States Army Freedom of Information Act (Freedom of Information Act Managerial Training)
Basic Records Management. What we’ll cover Virginia Public Records Act Definitions Understanding and using the LVA General Schedules The schedule cover.

Basic Records Management. What we’ll cover Virginia Public Records Act Definitions Understanding and using the LVA General Schedules The schedule cover.
SWIS Digital Inspections Project (SWIS DIP) Chris Allen, Information Management Branch California Integrated Waste Management Board November 5, 2008 The.

SWIS Digital Inspections Project (SWIS DIP) Chris Allen, Information Management Branch California Integrated Waste Management Board November 5, 2008 The.
NAMS Account Activation Training. 2 What is NAMS? The NASA Account Management System is NASA’s centralized process for requesting and maintaining accounts.

NAMS Account Activation Training. 2 What is NAMS? The NASA Account Management System is NASA’s centralized process for requesting and maintaining accounts.
1 DC eTranscripts software overview and intended use.

1 DC eTranscripts software overview and intended use.
The Sedona Principles 1-7

The Sedona Principles 1-7
Marco Nasca Senior Director, Client Solutions TRANSFORMING DISCOVERY THROUGH DATA MANAGEMENT.

Marco Nasca Senior Director, Client Solutions TRANSFORMING DISCOVERY THROUGH DATA MANAGEMENT.
Grants 3.0 Faculty Review January 21, 2014. 2 Agenda Introductions Meeting Objective Background and Project Objective Key Changes Examples: -Amendment.

Grants 3.0 Faculty Review January 21, Agenda Introductions Meeting Objective Background and Project Objective Key Changes Examples: -Amendment.
Electronic Records Management: A Checklist for Success Jesse Wilkins April 15, 2009.

Electronic Records Management: A Checklist for Success Jesse Wilkins April 15, 2009.
Presented to AIIM William Penn Chapter Meeting 5/13/08.

Presented to AIIM William Penn Chapter Meeting 5/13/08.
Computer Emergency Notification System (CENS)

Computer Emergency Notification System (CENS)

Similar presentations

Ads by Google