A monthly newsletter focused on real world issues and practical strategies for the e-discovery investigation professional.

In This Issue:

	From the Investigator's Notebook: Cybercrime Response – Maintaining Corporate Control Over Data Management and Legal Issues
	News & Events

From the Investigator's Notebook: Cybercrime Response – Maintaining Corporate Control Over Data Management and Legal Issues

As the ways technology and Internet usage in the workplace continue to evolve and multiply, so too have the supervisory duties of corporate counsel and senior management over their employees' actions. The ubiquity of e-mail usage and the amount of work conducted electronically and online has increased the vulnerability of corporate data, in addition to the risk of employees being exposed to cybercrime in the workplace.

Data security companies have begun to offer services in which they conduct a scan of computer users' machines in search of malware or evidence of potential malfeasance. Once the scan is run, the information can be submitted to Web sites that offer reporting services for crimes such as financial fraud, intellectual property fraud and other computer security incidents. Online questionnaires then list the potential evidence of malfeasance, which includes things that may be as simple as a computer running more slowly than it normally does or an unusual abundance of pop-up ads. These questionnaires encourage individual users to contemplate the situation in light of possible criminal activity. In the event that any such criminal evidence is found, the data security company offers advice to the user on the next step, including how to report possible crimes to the applicable law enforcement or regulatory agency.

While these services may be particularly helpful to the individual user at home, a potential problem exists in the corporate workspace. Having employees keep a watchful eye out for potential electronic malfeasance is, of course, helpful and productive for any corporation; however, these services give many employees decision-making capabilities that senior management may have never intended to grant. These services effectively encourage end users, who may be entirely unfamiliar with the applicable laws, to supplant corporate counsel and management by taking steps deemed reasonable by the individual employee, but might nevertheless conflict with legal counsel and senior management's desired course of action.

Individual employees may not be able to see the forest for the trees when they report such activity and may fail to see the wider impact that their self-regulating actions have on the company. Reports made by individual employees may result in costly litigation that the company would just as soon avoid, especially given the tight budgets legal teams face across the country. Similarly, companies run the risk of sustaining bad publicity or suffering damage to their reputations or goodwill in the marketplace as a result of these potentially negative issues that may result from the break in company command. The potential damage resulting from these scenarios could be extremely significant and is something that legal counsel must keep in mind.

Furthermore, the companies providing these services, despite their assertions, do not always find everything their advertised program claims to catch, and what they do find may be misinterpreted within the reporting system (or by the individual employee). Senior management and corporate counsel will want to ensure that any legal issues or potential threats identified from these services go through the in-house legal team. In addition, the company should enlist the help of a computer forensics expert to either double-check the previous scan or conduct the initial scan for malware or potential malfeasance. This takes the decision making out of the individual employee's hands and places control back into the hands of corporate management and counsel.

Corporate counsel should also work together with senior management to create comprehensive policies regarding external reporting of potential criminal claims arising from the use of work computers. These policies should then be communicated to the affected employees so that management and legal counsel can ensure their employees know what needs to be reported and to whom.

Legal counsel should strive to maintain the monopoly they have over the legal issues that may impact their company. While companies offering data security solutions provide potentially helpful products that allow users to diagnose and report criminal activity on their work (or personal) computers, counsel must ensure that employees realize that the company's senior management and legal counsel have the final say on what potentially criminal activity gets reported to whom. Putting such a policy in place is a simple step that can help avoid what could amount to costly repercussions.

Back To Top

News & Events

Enhanced E-Discovery Certification Course Propels Litigation Teams to New Heights
Given the current economic conditions, corporate clients are being forced to cut back legal and IT budgets, while the threat of sanctions due to improper ESI handling continues to rise. Become an e-discovery expert to prevent your firm or corporation from becoming the next headline. Kroll Ontrack's 2009 E-Discovery Certification Course is ideal for legal and technical professionals of all levels, especially in-house counsel, law firm attorneys, litigation support professionals, paralegals, IT staff, and members of the judiciary. Upon completion of this program, you will be able to make informed decisions regarding ESI, be prepared to negotiate at the meet and confer and understand the most current e-discovery law. For more information and to register for an upcoming course, visit www.krollontrack.com/certification-courses/.

Download Kroll Ontrack's Recent Podcast, "Safeguarding Sensitive Information, Data Breaches & Preservation Issues"
In this edition of the ESI Report, host Gina Jytyla, Managing Staff Attorney in the Legal Technologies division at Kroll Ontrack, welcomes Alan Brill, Senior Managing Director for Kroll Ontrack's Information Security Services, and Steve Baird, Managing Director for Kroll Ontrack's Information Security, Computer Forensics and ESI Consulting Group, to discuss pressing information security concerns. Specifically, the discussion addresses how to protect your sensitive data from the growing risk of data breaches and explores best practices in responding to a breach incident. In the Bits & Bytes Legal Analysis segment, Kroll Ontrack Legal Correspondent Kelly Kubacki will take a look at the order issued in Pinstripe, Inc. v. Manpower, Inc. and the important issue of litigation holds and preservation in discovery. To listen to the podcast, visit www.krollontrack.com/redir/0909DataBreachPodcast-InvIns.asp.

Meet our representatives at the following events:

Visit www.krollontrack.com/upcoming-events/ for more information on these events and others.

Back To Top

We Request Your Input

This newsletter was written by Kelly Kubacki and Meredith Socha, Kroll Ontrack Law Clerks, with assistance from Regina Jytyla, Kroll Ontrack Managing Staff Attorney. Ms. Kubacki can be contacted by writing to kkubacki@krollontrack.com.

For more information about e-discovery and computer forensics services, contact Kroll Ontrack at 800 347 6105 or www.krollontrack.com.