On Wednesday, February 12, the White House released the National Institute of Standards and Technology’s (NIST) Final Cybersecurity Framework: a set of industry best practices and standards to help owners and operators of critical infrastructure develop better cybersecurity programs. It is accompanied by a Roadmap which discusses NIST’s next steps with the Framework and identifies key areas of development, alignment, and collaboration. The Framework stems from President Obama’s February 2013 Executive Order on cybersecurity, previously covered on October 1, 2013. The overall core of the Framework is essentially unchanged from earlier drafts, also previously discussed on October 28, 2013.
As the world becomes more interconnected, data breaches and cyber-attacks are increasingly becoming an unfortunate reality for many organizations. The stakes are high: a data security breach can disrupt a company’s operations, damage the business’s reputation, cause its stock price to fall, lead to the loss of business, and attract government investigations, agency action, and class action lawsuits. Complicating matters is the fact that a patchwork of state and federal laws can apply to the same data security breach incident.
The National Institute of Standards and Technology (NIST) has just released its Preliminary Cybersecurity Framework: a set of best practices to help owners and operators of critical infrastructure reduce cybersecurity risks. This voluntary framework provides both private and public-sector organizations with a common language for understanding and managing cybersecurity risks internally and externally. The framework stems from President Obama’s February 2013 Executive Order on cybersecurity, previously covered by this blog. The Final Framework is due to be released in February 2014, following a 45-day public comment period on the Preliminary Framework.
Race to the High Court: Hoosier Racing Seeks High Court Review of Third Circuit’s Slashing of E-Discovery Cost Award
The skyrocketing costs of e-discovery in modern day litigation will now be getting at least some attention from the nation’s highest court. Not long ago we reported on a decision by the Third Circuit Court of Appeals to slash recovery of costs by a prevailing party under 28 U.S.C. §1920 in Race Tires America, Inc., et al. v. Hoosier Racing Tire Corporation et al., No. 11-2316 (3d Cir. Mar. 16, 2012). In Race Tires, the Third Circuit, while acknowledging a spilt in the circuits, held that costs sought and awarded under §1920 must bear a reasonable connection to duplication of materials in the traditional sense to be recoverable by a prevailing party. Thus, certain e-discovery vendor activities — including conversion of the native files to TIFF images, the scanning of documents for the purpose of creating digital duplicates and the copying of the videos to DVD — could be reimbursed under the statute, while others, like consultant’s charges for data collection, preservation, searching, culling, conversion, and production, could not.
Not So Fast: Race Tires Court Gives a Flat to Momentum for Broad ESI Cost Shifting Under 28 U.S.C. §1920
A Third Circuit Court of Appeals panel, including the Hon. Thomas I. Vanaskie, one of the leading judicial authorities in e-discovery, has spoken — e-discovery-related cost recovery pursuant to 28 U.S.C. §1920 has limits; the costs must bear a reasonable connection to duplication of materials in the traditional sense to be recoverable by a prevailing party. As the first United States Court of Appeals decision to directly address this closely watched issue, this opinion may disarm a potentially powerful weapon in the already limited arsenal of parties burdened with excessive e-discovery costs.