62
e-discovery Séminaire Fédisa 22 février 2011 1 Jacques Folon Partner Edge Consulting Chargé de cours ICHEC Professeur invité Université de Metz Administrateur Fedisa

Ediscovery Fedisa Belgium

Embed Size (px)

DESCRIPTION

Conférence donnée lors du séminaire fedisa belgium le 22/2/2011

Citation preview

Page 1: Ediscovery Fedisa Belgium

e-discoverySéminaire Fédisa 22 février 2011

11

Jacques FolonPartner Edge ConsultingChargé de cours ICHEC

Professeur invité Université de Metz

Administrateur Fedisa Belgium

Page 2: Ediscovery Fedisa Belgium

Qui est certain que son organisation est parfaitement en règle et peut à tout moment identifier et présenter les documents nécessaires à se défendre en justice et est prêt à parier 12 bouteilles de champagne?

Page 3: Ediscovery Fedisa Belgium

La présentation est en ligne sur

www.slideshare.net/folon

Page 4: Ediscovery Fedisa Belgium

Table des matières

1. Situation actuelle

2. Un prérequis ECM

3. Ediscovery

4. Sedona principles

1. Situation actuelle

2. Un prérequis ECM

3. Ediscovery

4. Sedona principles

44

Page 5: Ediscovery Fedisa Belgium

La situation actuelle: 1/de nombreuses

« machines »

55

Page 6: Ediscovery Fedisa Belgium

2/ trop d’informations mène à l’infobésité…

66

Page 7: Ediscovery Fedisa Belgium

Le contrôle

Page 8: Ediscovery Fedisa Belgium

Quelles informations ?• Electronically stored information (ESI)• Documents scannés, fax• Textes (word, pages, et des anciennes

versions), tableurs, calendriers,• Emails entrants et sortant• Databases, sites web, blogs,…• Disques (centraux, locaux, pc, disques

externes, clés USB, …)• CRM, CMS• GSM et PDA• Time sheet, comptabilité• Messagerie instantanée• Voice mail • GPS navigation systems• Archivage externe• Metadata• Réseaux sociaux (privés et professionnels)

88

Page 9: Ediscovery Fedisa Belgium

99

Page 10: Ediscovery Fedisa Belgium

2. Un prérequis: electronic content

management

1010

Page 11: Ediscovery Fedisa Belgium

www.aiim.org/training

Page 12: Ediscovery Fedisa Belgium

Source : https://www.britestream.com/difference.html.

Page 13: Ediscovery Fedisa Belgium

•Most of today’s records start out in electronic form– Letters– Emails– Faxes– Web transactions– Other

transactionsCopyright © AIIM | All rights reserved

The importance of records

Source: What is ERM www.aiim.org/training

Page 14: Ediscovery Fedisa Belgium

Electronic records management

• The electronic management of paper records?

• The management of electronic records?

Question: Is ERM

Answer: Both

Source: What is ERM www.aiim.org/training

Page 15: Ediscovery Fedisa Belgium

For each type of content, evaluate the degree of control that exists in your organization in managing it.

Content types and how well managed

All respondents (462)

Source: What is ERM www.aiim.org/training

Page 16: Ediscovery Fedisa Belgium

ERMEffect

iveness

Contin

uity

Efficiency

Compliance

What are the main business drivers?

Copyright © AIIM | All rights reservedCopyright © AIIM | All rights reservedSource: What is ERM www.aiim.org/training

Page 17: Ediscovery Fedisa Belgium

Driver: Compliance

• LawsLaws• RegulationsRegulations• PoliciesPolicies• StandardsStandards• Good practiceGood practice

Copyright © AIIM | All rights reservedCopyright © AIIM | All rights reservedSource: What is ERM www.aiim.org/training

Page 18: Ediscovery Fedisa Belgium

Driver: Effectiveness

•Not losing records•Sharing records•Finding records easily•Getting the complete picture

Copyright © AIIM | All rights reservedCopyright © AIIM | All rights reservedSource: What is ERM www.aiim.org/training

Page 19: Ediscovery Fedisa Belgium

Driver: Efficiency

•Accessing records quickly•Space savings•Reduced handling costs•Other examples

– Archival costs – Disposal of furniture – Consumables

Copyright © AIIM | All rights reservedCopyright © AIIM | All rights reservedSource: What is ERM www.aiim.org/training

Page 20: Ediscovery Fedisa Belgium

Driver: Continuity

•Records are vulnerable to loss•Businesses tend to fail if they

lose their records•Electronic storage may

speed recovery from a disaster

Copyright © AIIM | All rights reservedCopyright © AIIM | All rights reservedSource: What is ERM www.aiim.org/training

Page 21: Ediscovery Fedisa Belgium

The records lifecycle

Copyright © AIIM | All rights reservedCopyright © AIIM | All rights reserved

Source: NARA

Source: What is ERM www.aiim.org/training

Page 22: Ediscovery Fedisa Belgium

Fundamental principles

•Records are created, received, and used in the conduct of organisational activities

•Organisations should create and maintain authentic, reliable, and usable records

Copyright © AIIM | All rights reservedCopyright © AIIM | All rights reservedSource: What is ERM www.aiim.org/training

Page 23: Ediscovery Fedisa Belgium

Access and usage principles

•Records should be accessible to authorised users

•Users should be able to search and access records in usable formats•Records should be organised

to support access and management

Copyright © AIIM | All rights reservedCopyright © AIIM | All rights reservedSource: What is ERM www.aiim.org/training

Page 24: Ediscovery Fedisa Belgium

Retention principles

•Records must be managed through their lifecycle

•Records should be kept as long as required– Statutory requirements– Legal requirements– Business or operational needs

•Retaining records longer than required may increase organisational liability

Copyright © AIIM | All rights reservedCopyright © AIIM | All rights reservedSource: What is ERM www.aiim.org/training

Page 25: Ediscovery Fedisa Belgium

Disposition principles

•Disposition is an accepted phase of the records lifecycle– Transfer/accession– Destruction

•Records should be disposed of at the end of the lifecycle

Copyright © AIIM | All rights reservedCopyright © AIIM | All rights reservedSource: What is ERM www.aiim.org/training

Page 26: Ediscovery Fedisa Belgium

What is ‘Capture’

ERM System

Capture

Copyright © AIIM | All rights reservedCopyright © AIIM | All rights reservedSource: What is ERM www.aiim.org/training

Page 27: Ediscovery Fedisa Belgium

The purpose of capturing records

Establish a relationship between the record and its context

Place the record into a controlled environment

Link the record to other related recordsAllow the record to be managed effectively

Copyright © AIIM | All rights reservedCopyright © AIIM | All rights reservedSource: What is ERM www.aiim.org/training

Page 28: Ediscovery Fedisa Belgium

Why not capture everything?

•Hard cost of storage•Volume of non-records to sift through

– Operationally – For legal or audit requirements

• Increased liability for disclosing too much

Copyright © AIIM | All rights reservedCopyright © AIIM | All rights reservedSource: What is ERM www.aiim.org/training

Page 29: Ediscovery Fedisa Belgium

So, what is metadata?

•Metadata = “Data about data”– For a document or record this means data

such as its author, its title, the issue date, and other information which can usefully be associated with it

•Nothing new or unique•Defined in terms of units called

“Elements” or “Fields.”– Some support “sub-elements” or

“attributes”

Copyright © AIIM | All rights reservedCopyright © AIIM | All rights reservedSource: What is ERM www.aiim.org/training

Page 30: Ediscovery Fedisa Belgium

Perspectives on metadata

•Entering metadata is often called “indexing”

•Different users of an ERM system will have different views of what metadata can do for them, and what metadata is required– Business perspective– Records management perspective– User perspective

Copyright © AIIM | All rights reservedCopyright © AIIM | All rights reservedSource: What is ERM www.aiim.org/training

Page 31: Ediscovery Fedisa Belgium

Why is access control necessary?

• Ensure ‘systematic control’ and ‘credible evidence’

• Ensure authoritative records• Protect commercially sensitive

information• Protect personal

information• Limit access to protectively

marked information

Copyright © AIIM | All rights reservedCopyright © AIIM | All rights reservedSource: What is ERM www.aiim.org/training

Page 32: Ediscovery Fedisa Belgium

The objects of user access rights

• Provide or limit access to specific classes,

files or records• Provide or limit access to features• Provide or limit access by security classification

– ‘Need to know’

Copyright © AIIM | All rights reservedCopyright © AIIM | All rights reservedSource: What is ERM www.aiim.org/training

Page 33: Ediscovery Fedisa Belgium

Retention periods - 1

•Capturing a record implies need for retention

•A record may be retained in different ways– ERM system– Software application– Separate electronic media– Paper

Copyright © AIIM | All rights reservedCopyright © AIIM | All rights reservedSource: What is ERM www.aiim.org/training

Page 34: Ediscovery Fedisa Belgium

Retention periods - 2

•Records will vary in their intrinsic nature

•Some records may need to be retained for very long periods of time

•Other records will need to be retained for shorter periods

Copyright © AIIM | All rights reservedCopyright © AIIM | All rights reservedSource: What is ERM www.aiim.org/training

Page 35: Ediscovery Fedisa Belgium

The benefits of destroying records

• Keeping everything forever is expensive– Storage costs– Search and retrieval– Discovery

• Courts have held that there is no requirement to keep everything forever

• Destroying records reduces risk– When it is done consistently and in

accordance with the records programCopyright © AIIM | All rights reservedCopyright © AIIM | All rights reservedSource: What is ERM www.aiim.org/training

Page 36: Ediscovery Fedisa Belgium

3. Après ERM => ediscovery

3636

Page 37: Ediscovery Fedisa Belgium

Définition et contexte• L’électronique discovery, appelé aussi e-discovery ou

ediscovery constitue le procédé par lequel une donnée électronique est recherchée, localisée, sécurisée, identifiée afin qu’elle serve de preuve à charge ou à décharge dans un litige civil ou pénal.

• L'accès rapide aux informations contenues dans les documents est indispensable pour élaborer des stratégies gagnantes dans le cadre de contentieux juridiques.

• Il est souvent impossible ou il faut trop de temps pour accéder efficacement aux informations pertinentes dès le début du processus de découverte.

• De plus, les entreprises sont tenues de conserver et parfois de divulguer des données qui n'existent que dans des langues étrangères.

• Avoir les bonnes données au bon moment est critique.

• Les entreprises ont donc besoin de solution pour trouver très rapidement les documents requis quelle que soit leur langue.

3737Source www.systran.fr

Page 38: Ediscovery Fedisa Belgium

Ediscovery model

3838Source for the next 9 slides: http://edrm.net

Page 39: Ediscovery Fedisa Belgium

1/information mgt

3939

Page 40: Ediscovery Fedisa Belgium

2/ identification

4040

Page 41: Ediscovery Fedisa Belgium

3/ préservation

4141

Page 42: Ediscovery Fedisa Belgium

4/ collecte

4242

Collection is the acquisition of potentially relevant electronically stored information (ESI) as defined in the identification phase of the electronic discovery process. The exigencies of litigation, governmental inquiries, and internal investigations generally require that ESI and its associated metadata should be collected in a manner that is legally defensible, proportionate, efficient, auditable, and targeted.

Page 43: Ediscovery Fedisa Belgium

5/ processing

4343

Page 44: Ediscovery Fedisa Belgium

6/ review

4444

Page 45: Ediscovery Fedisa Belgium

7/ Analyse

4545

Page 46: Ediscovery Fedisa Belgium

8/ Production

4646

Page 47: Ediscovery Fedisa Belgium

9/ Présentation

4747

Page 48: Ediscovery Fedisa Belgium

GSA IT Quarterly Forum -- Aug 2007

4848

4/ The Sedona Principles: Best Practices Recommendations & Principles for Addressing Electronic

Document Production (Second edition, June 2007)

The Sedona Guidelines: Best Practices Guidelines &

Commentary for Managing Information and Records in the Electronic Age

(Sept. 2005)

Page 49: Ediscovery Fedisa Belgium

4949

The Sedona Guidelines– Second work product of working group

– Draft published in September 2004 for public comment; published in September 2005.

– They are:• Important background and roadmap of issues

•Link between RIM, IT and Legal Perspectives

•Flexible, Scalable and Reasonable

– They are not:•Standards or minimum requirements

•Unchangeable

Page 50: Ediscovery Fedisa Belgium

5050

The Sedona Guidelines

• 1. An organization should have reasonable policies and procedures for managing its information and records.

Page 51: Ediscovery Fedisa Belgium

5151

The Sedona Guidelines• 2. An organization’s information and records

management policies and procedures should be realistic, practical and tailored to the circumstances of the organization.

Page 52: Ediscovery Fedisa Belgium

5252

The Sedona Guidelines

• 3. An organization need not retain all electronic information ever generated or received.

Page 53: Ediscovery Fedisa Belgium

5353

The Sedona Guidelines• 4. An organization adopting an

information and records management policy should consider including procedures that address the creation, identification, retention, retrieval and ultimate disposition or destruction of information and records.

Page 54: Ediscovery Fedisa Belgium

5454

The Sedona Guidelines

• 5. An organization’s policies and procedures must mandate the suspension of ordinary destruction practices and procedures as necessary to comply with preservation obligations related to actual or reasonably anticipated litigation, governmental investigation or audit.

Page 55: Ediscovery Fedisa Belgium

5. Conclusion

5555

Page 56: Ediscovery Fedisa Belgium

RÖLE DU RESPONSABLE DE SECURITE

Page 57: Ediscovery Fedisa Belgium
Page 58: Ediscovery Fedisa Belgium
Page 59: Ediscovery Fedisa Belgium

Sommes nous prêts à nous défendre?

5959

Page 60: Ediscovery Fedisa Belgium

Jacques FolonJacques [email protected]

Page 61: Ediscovery Fedisa Belgium

Je suis prêt à répondre à vos questions

Page 62: Ediscovery Fedisa Belgium

Chargé de cours

Partner Auteur

Blog www.privacybelgium.be

http://be.linkedin.com/in/folon

www.edge-consulting.biz

[email protected]

Administrateur