My column is devoted to answering information governance, records management and related legal questions from Chapter Members. As you read my responses, please note that although I am an attorney specializing in these areas of law, these are my opinions only based on very limited knowledge of the Member’s particular circumstances. My opinions should not be construed as legal advice. Kindly consult with an attorney for more formal advice. That said, please keep your interesting questions coming. You can reach me at Jisaza@HiLawGroup.com.

John Isaza is a California-based attorney and founding partner of the Howett Isaza Law Group, a law firm that specializes in electronic information governance, records management and overall corporate compliance. He may be reached at Jisaza@HiLawGroup.com or follow him on Twitter and LinkedIn. You can view a short biography here.

• May 2012 - Key Cases/New Rulings of Interest


• March 2012 - A Number of Topics


• January 2012 - New Years Resolutions and News


• November 2011 - GARP


• August 2011 - Legal Challenges


• May 2011 - MetaData


• April, 2011 - Q & A

About the column: This is part of a syndicated column I have created for ARMA chapters, including the Greater Sacramento Capitol Chapter of ARMA Newsletter. My column is devoted to answering information governance, records management and related legal questions from Chapter Members. As you read my responses, please note that although I am an attorney specializing in these areas of law, these are only my opinions based on very limited knowledge of the Member’s particular circumstances. My opinions should not be construed as legal advice. Kindly consult with an attorney for more formal advice. That said, please keep your interesting questions coming.

1. It’s been a few months since we last checked in with you about current cases that might have implications for RIM professionals. What are some of the key cases / recent rulings that you’re watching right now?
   
   Besides the McDermott case I mentioned in my last column, I am watching one other recent case, plus several regulations resulting from Dodd-Frank and a recently published report by the International Telecommunication Union (ITU). The case involves the arrest of a former BP engineer on charges of obstruction of justice in connection with the 2010 Deepwater Horizon oil spill. DOJ Website Press Release, April 24, 2012. The engineer allegedly destroyed hundreds of text messages sent to his supervisor. He faces up to 20 years in jail! The Department of Justice filed the Complaint on April 23, 2012 based on 18 USC 1512 (revised under S-Ox in 2002). I had been waiting for some time for a case like this, and it is arguably the first ever case using this S-Ox provision to try to put someone in jail for spoliation.
   
   Regarding Dodd-Frank, the SEC and the Commodity Futures Trading Commission (CFTC) have been busy promulgating recordkeeping requirements for Swap Dealers and for Major Swap Participants. The seminal question for most organizations is to first find out whether any segment of their business qualifies them as Swap Dealers, which may be easy enough to identify for some financial institutions. The trickier question is to determine if your organization is a Major Swap Participant. Consult with the counsel to help make that determination. Suffice it to say that you do not have to be a financial institution to be considered a Major Swap Participant, such as an upstream or downstream oil company or a food manufacturer. If your organization falls into one of these Swap scenarios, there are strict recordkeeping requirements that include the capture of all communications leading to the trade decision, including voice, text, email, instant message or any other mode of electronic communication.
   
   Finally, the International Telecommunications Union issued a report in early May regarding cloud computing and privacy issues. It accepts the fear people have that a person/organization’s confidential information may not remain private while in the cloud. The report also explains the standardization work currently being done to address these growing issues. The report goes on to explain how there is a huge divide between developed and developing countries in terms of adequate legislation for protection of personal data. Since nations can have different regulations, this can sometimes make compliance across multiple nations challenging. A solution that the report suggests is to coordinate at international level. The report further explains how more emphasis is being placed on strengthening the accountability of data controllers, including the obligation to notify data breaches, and by putting forward the principle of “privacy by design.” One way is through Privacy Enhancing Technologies (PETs). PETs can be used to implement privacy by design. These are technologies that:
   
   
   • Reduce the risk of contravening privacy principles and legislation;
   • Minimize the amount of data held about individuals;
   • Allow individuals to retain control of information about themselves at all times.
   
   Using PETs is a way to “guarantee effective privacy protection where the processing of personal data is concerned.” The report also explains the current work being done to create standards for privacy in cloud computing. Among the organizations working toward such standards are not only the ITU, but also the International Organization for Standardization (ISO), the Organization for the Advancement of Structured Information Standards (OASIS), and the Cloud Security Alliance (CSA).


2. What are the current trends in eDiscovery technology spending? Are you seeing a lot of companies investing in this area? If not, what are companies doing to meet increasing demands for electronically stored information (ESI) production?
   
   Yes. I am definitely seeing a trend by the larger organizations to bring as much eDiscovery in-house as possible. Using the EDRM.net model, organizations are investing heavily in preservation, legal holds and collection technologies. However, when it comes to review and analysis, and even production, they still rely mostly on outside sources. That said, by minimizing the amount of data turned over to outside counsel for review and analysis, organizations are hoping to save thousands to millions of dollars in discovery costs.


3. Have the advances in eDiscovery technology found their way into mainstream Records & Information Management (RIM), or is it still somewhat in the “hype” stage? What ways might they be able to help RIM professionals manage their information?
   
   Putting aside the discovery and legal holds aspect of RIM, I would stay it is still a bit in the hype stage. eDiscovery definitely has some tools that may translate well into RIM. However, I am not seeing it in practical application yet. Concepts like predictive coding and similar search techniques do not necessarily translate well into records management functions such as declaration and classification of a record, or even disposition of a record. There are some proponents, in the minority, that argue for no records management at all. Instead they argue we should focus on search technologies. However, to the chagrin of those proponents, it is difficult to ignore the thousands of regulations that prescribe retention requirements, and the countless domestic and international regulations that require disposition of certain data and records. Everyone is seeking that silver bullet, but we are nowhere near finding it.


4. Managing "Big Data" is all the rage these days at organizations. How would you structure an approach to effectively do just that, given that not all data is "created equal"?
   
   “Big Data” just happens to be the new marketing buzz phrase for massive amounts of data that accumulate over time. It is the same issue it has always been: how do we manage such massive amounts of data? My take is simple – robust information management. The theory goes that if you manage information properly so as to capture the records and promptly dispose of non-records (barring a legal hold), then there should be a lot less to manage in discovery and for proper compliant records management in accordance with the GARP Principles. I encourage anyone who will be attending the ARMA International Conference in Chicago to attend the Fellows Forum session. We will be tackling this issue head-on with some thought provoking and even controversial take on the Big Data concept.

John Isaza is a California-based attorney and Partner of RIMON, PC, a twenty-first century law firm that includes specialty in electronic information governance, records management and overall corporate compliance. He may be reached at John.Isaza@RIMonLaw.com or follow him on Twitter and LinkedIn.