Tagged: Data Management

A Cloud of Confusion: The EDPA Compels Google to Disclose Data Stored Abroad Under the Stored Communications Act

The Eastern District of Pennsylvania, in a departure from the Second Circuit’s Microsoft ruling, recently required Google to comply with search warrants issued pursuant to the Stored Communications Act (“SCA”), and produce data stored on servers abroad. The Eastern District joins other district courts, including the Northern District of California and the Eastern District of Wisconsin, in requiring technology companies to comply with subpoenas or warrants issued pursuant to the SCA and produce internationally-stored data. See In re Two Email Accounts Stored at Google, Inc., No. 17-1234, 2017 U.S. Dist. LEXIS 101691 (E.D. Wis. June 30, 2017); In re Search of Content that is Stored at Premises Controlled by Google, No. 16-80263, 2017 U.S. Dist. LEXIS 59990 (N.D. Cal., Apr. 19, 2017). In In re Google Search Warrants, the court found that Google’s compliance with the government’s warrants required a domestic application of the SCA because the relevant conduct, data retrieval and production, took place at Google’s headquarters in California. In support of its holding, the court distinguished Google’s method of data storage from Microsoft: whereas Microsoft stored its data in different centers abroad, Google breaks its data into “shards,” and “stores the shards in different network locations in different countries at the same time.” These data shards “only become comprehensible when the file is fully...

Final Cybersecurity Framework Released in Furtherance of President Obama’s Executive Order

On Wednesday, February 12, the White House released the National Institute of Standards and Technology’s (NIST) Final Cybersecurity Framework: a set of industry best practices and standards to help owners and operators of critical infrastructure develop better cybersecurity programs. It is accompanied by a Roadmap which discusses NIST’s next steps with the Framework and identifies key areas of development, alignment, and collaboration. The Framework stems from President Obama’s February 2013 Executive Order on cybersecurity, previously covered on October 1, 2013. The overall core of the Framework is essentially unchanged from earlier drafts, also previously discussed on October 28, 2013.

In Today’s World, Companies Face Large Exposure from a Wide Variety of Possible Data Breaches

As the world becomes more interconnected, data breaches and cyber-attacks are increasingly becoming an unfortunate reality for many organizations. The stakes are high: a data security breach can disrupt a company’s operations, damage the business’s reputation, cause its stock price to fall, lead to the loss of business, and attract government investigations, agency action, and class action lawsuits. Complicating matters is the fact that a patchwork of state and federal laws can apply to the same data security breach incident.

Preliminary Cybersecurity Framework Released in Furtherance of President Obama’s Executive Order

The National Institute of Standards and Technology (NIST) has just released its Preliminary Cybersecurity Framework: a set of best practices to help owners and operators of critical infrastructure reduce cybersecurity risks. This voluntary framework provides both private and public-sector organizations with a common language for understanding and managing cybersecurity risks internally and externally. The framework stems from President Obama’s February 2013 Executive Order on cybersecurity, previously covered by this blog. The Final Framework is due to be released in February 2014, following a 45-day public comment period on the Preliminary Framework.

Obama Administration Proposes Cybersecurity Best Practices

As practitioners are aware, in February 2013, President Obama issued an executive order directing federal agencies to create a set of voluntary cybersecurity standards and procedures for critical parts of the private sector. If followed, these “best practices” are intended to reduce the risk of a cyber attack and its attendant disruption of business.

Update of Proposed Rule Changes: A Universal Federal Sanctions Standard for the Failure to Preserve ESI Could be a Reality

The United States Courts’ Advisory Committee on Civil Rules (“the Committee”) has proposed various amendments to the Federal Rules of Civil Procedure that, if adopted, will profoundly affect the range and scope of sanctions a court may impose for failures to preserve electronically stored information (“ESI”). F.R.C.P. 37(e), which currently addresses sanctions in those instances, is one of several rules slated for amendment.

An International Standard for E-Discovery?

The International Organization for Standardization (“ISO”) is forming a new e-discovery committee tasked with the development of standards for e-discovery processes and procedures. The international standard “would provide guidance on measures, spanning from initial creation of [electronically stored information] through its final disposition which an organization can undertake to mitigate risk and expense should electronic discovery become an issue” according to a draft committee charter.

The Fifth Annual Gibbons E-Discovery Conference Closes With Helpful Guidance on Drafting Records Management Policies

An effective and up-to-date set of records management policies may help companies reduce the likelihood of sanctions and other adverse consequences by ensuring records are retained and preserved in accordance with legal requirements, according to Gibbons Director Phillip Duffy; TechLaw Solutions’ Northeast Regional Director Michael Landau; and Inventus LLC Senior Consultant Bryan Melchionda.

The Fifth Annual Gibbons E-Discovery Conference Kicks Off with an Interactive and Thought-Provoking Overview of the Past Year’s Pivotal E-Discovery Case Decisions

The Fifth Annual Gibbons E-Discovery Conference kicked off with an interactive overview of the important judicial decisions from 2011 that shaped and redefined the e-discovery landscape. Before an audience of general and in-house counsel, representing companies throughout the tri-state area, the esteemed panel of speakers, including Michael R. Arkfeld, Paul E. Asfendis, and Mara E. Zazzali-Hogan, moderated by Scott J. Etish, tackled the issues faced by the courts over the past year. Through a series of hypotheticals, the panelists and attendees analyzed and discussed how to handle the tough e-discovery issues that arose and how the courts’ decisions again reshaped the e-discovery landscape as we know it. Litigation hold protocols and spoliation concerns, the use of social media in discovery with its attendant ethical concerns, and the use of social media and the Internet in the courtroom were the hot topics of the day. This interactive overview of the past year’s hot button, e-discovery issues was an instant success and clearly set the tone for the remainder of the conference.

The Rising Tide of Sanctions for E-Discovery Failures

To echo a popular tag line frequently heard on Top 40 radio stations, when it comes to court-imposed sanctions for e-discovery failures, “the hits just keep on comin’!” According to a recent study published in the Duke Law Journal, sanctions for e-discovery violations are occurring more frequently than ever. Dan H. Willoughby, Jr., Rose Hunter Jones, Gregory R. Antine, Sanctions for E-Discovery Violations: By The Numbers, 60 Duke Law J. 789 (2010). However, there may be light at the end of the tunnel, as it appears that the frequency of sanctions awards is trending downward after hitting an all-time high in 2009.