Don’t Touch That! and Other E-Discovery Issues

The ability to preserve and access electronically stored information (ESI) took on greater urgency when amendments to the Federal Rules of Civil Procedure went into effect in December 2006. These amendments, referred to as the electronic discovery (e-discovery) amendments, focus on the discovery phase of civil litigation, audits, or investigations. Discovery is the investigative phase of a legal case when opponents learn what evidence is available and how accessible it is. When ESI is the subject of discovery, it is called e-discovery. Recognizing that most business and personal records and communications are electronic, Judge Shira A. Scheindlin stated, We used to say there’s e-discovery as if it was a subset of all discovery. But now there’s no other discovery.” Computer forensics experts, given their expertise in identifying, acquiring, preserving, and searching ESI, can play a key role throughout the e-discovery process, if they choose to do so. They can also assist in the drafting of the e-discovery request, in preparing the response to such a request, and initiating a legal hold for evidence preservation. The objective of this paper is to provide an overview of the e-discovery amendments and case law, their impact on the duty to preserve and produce ESI, and the computer forensic work that can support the e-discovery process. Keywords: Electronic discovery, litigation, preservation, Federal Rules of Civil Procedur

Electronic Evidence and Computer Forensics

Information and communication systems are now breeding grounds for electronic-evidence (e-evidence) in audits, investigations, or litigation. Increasingly organizations are being ordered by law or lawsuit to preserve, retrieve, and hand-over relevant electronic records (e-records) because the courts are uniformly recognizing the discoverability of electronic communication and documents [Nimsger and Lange, 2002]. This trend is an outgrowth of aggressive tactics by regulators to ensure corporate accountability and deter fraud. In cases ranging from Securities and Exchange Commission probes of corporate malfeasance and insider trading to employment lawsuits, e-records are subpoenaed. Investigations conducted by the National Association of Security Dealers, Department of Justice, and Department of Homeland Security routinely require companies, their business partners, or third parties to preserve and disclose e-records, including internal e-mail and instant messages (IM). A high-profile example is the probe into alleged White House leaks of a covert CIA agent\u27s identity in which White House employees received e-mail stating: \u27\u27You must preserve all materials that might in any way be related to the department\u27s investigation.\u27\u27 E-mail, telephone logs, and other electronic documents were mentioned specifically. Any communication or file storage device is subject to computer forensic searches to identify, examine, and preserve potential e-evidence--the electronic equivalent of a smoking gun. Preserving e-records and then restoring them so that they can be searched can seriously disrupt IS and over-burden Information Systems staff. What\u27s more, a preservation order might specify not only the type of e-records (data files or email), but also stipulate that processes that over-write data be suspended, or that backup tapes be retained for unspecified duration. These stipulations are very disruptive to IS operations. That disruption depends largely on whether the company had an e-record management (ERM) system to systemically review, retain, and destroy e-records received or created in the course of business. This article presents an overview of e-evidence and computer forensics and their implications for Information Systems. It aims to encourage research into ERM and fully-indexed, searchable e-mail archives by providing compelling reasons for how these approaches mitigate e-evidence risks and cost. These research issues are important for several reasons. Rarely are IS departments prepared for the challenges that evidentiary rules impose on active and archival data operations. Retaining unessential e-records increases costs and risks. Companies may need to justify their e-record retention and destruction policies as proof of compliance with their accounting, regulatory, or legal obligations. Courts impose severe sanctions on employers who claim they are unable to comply with e-record requests because of Information Systems design flaws or sloppy e-records management if it obstructs an investigation

The Value of Adding the Special Education Teacher to the Co-taught Elementary Classrom

In the current era of educational reform and accountability, co-teaching has emerged as a popular and widely implemented service delivery model for students with special needs. The intent of this inquiry was to examine the roles and responsibilities assumed by the elementary special educator during the practice of co-teaching. Using naturalistic inquiry, 11 pairs of co-teachers in 32 elementary language arts and mathematics classes were observed and the activities of the special educator were documented at 5-minute intervals. Results indicated that the special educator assumed several different roles while co-teaching. These included team teaching, providing individual or small group support, and lead teaching. Overall, the special educator spent the majority of his or her time as the lead instructor of a heterogeneous group of students formed by the special and general educators dividing the class into groups. The special educator then either taught his or her group within the general education classroom or in a separate classroom, frequently the special education classroom. The roles and responsibilities assumed by the special educator also differed by subject matter

Holistic Compliance with Sarbanes-Oxley

The theory underlying US securities laws is that investors are helpless without reliable information [Zelizer, 2002]. When Enron\u27s collapse and other corporate frauds made it clear that practically every element of our system of safeguards failed until it was too late to repair the damage, Congress reinforced those laws by passing the Sarbanes-Oxley (SARBOX) Act [O\u27Malley, 2002]. This new law demands that C-suite executives confirm their confidence in the quality and integrity of information generated by information systems by signing the figures off personally. Under SARBOX, the Securities and Exchange Commission holds executives accountable for reliable internal controls, record retention, and fraud detection. In turn, executives are looking to information systems and to IS auditors to help them meet their regulatory responsibilities. This article discusses SARBOX mandates and the intent of regulatory agencies. That understanding lays the foundation needed to develop holistic SARBOX compliance programs with information technology and business process improvements. Holistic compliance is an enterprise-wide and long-term approach that views the new law as opportunities to improve internal controls and public reporting. Holistic compliance stands in contrast to simply complying with the rules or silo compliance; i.e., efforts scattered throughout business silos. We identify SARBOX requirements ( sections ) concerning IS and IS research. Research areas to achieve minimal compliance include methods for IS assurance and auditing, risk management, and electronic records management (ERM). Research in business intelligence, data warehousing and mining, and supply chain management are necessary for holistic compliance that improves competitive position. While research efforts in these areas are not new, regulations have made them more compelling and urgent issues for senior management

A Community Initiative that Diminished the Digital Divide

During the 1990s, businesses began relying on the convenience of ubiquitous computer systems and on the efficiencies of digital networks. This new techno-economic dynamic prompted White House administrations of the 1990s to take note of public policy issues surrounding the information superhighway and the digital divide. Yet, because the digital world seems intangible, relatively few policymakers connected the virtual world with its potential impact on the physical world [Frye, 2002]. A case study of a community organizing program was conducted to examine the digital divide in the United States and its connection to other factors. This field study of computer-illiterate people in a public housing community was undertaken to better understand the complexities of the have vs. have not divide so that effective public policies can be deployed to bridge the gap. Community members ran this program with assistance from volunteers and set their own technology learning plan to minimize their techno-disadvantage. Overall, the results indicate the importance of a community-driven organizing strategy. Even though the program was effective in that participants learned computers skills, their emotional state declined. Becoming computer literate did not eliminate feelings of isolation from mainstream society, which is considered a factor contributing to the divide. Those who are adversely digitally divided may also be divided by a culture of failure. Bridging the digital divide requires a more comprehensive approach--and not a quick fix. It requires a process that is, for example, driven by a local community program and strategy to initiate and sustain members\u27 use of technology

Respecting the deal: how to manage co-opetitive actors in open innovation

Platforms like E-bay allow product seekers and providers to meet and exchange goods. On the same way in open innovation, as defined by Chesbrough, an enterprise can collect ideas from outside the company. But on E-bay, the seeker can return the product if it does not correspond to the expectations, since E-bay is the third-party actor in charge of assuring that the agreement between seekers and providers will be respected. So who does provide the same service for what concerns open innovation, where specifications might not fully defined? In this paper we shall describe the business model of an organizational structure to support the elicitation and respect of agreements between actors, who have conflicting interests but that gain from cooperating together. The concepts of the model will be illustrated to derive a set of propositions and a simple example will illustrate one of its possible instantiations. The description of our first evaluation phase shall find place at the end

A Framework for Organizational Compliance Management Tactics

Abstract. Organizational compliance with laws, industrial standards, procedures and enterprise architectures has become a highly relevant topic for both practitio-ners and academics. However, both the fundamental insights into compliance as a concept and the tactics for bringing an organization into a compliant state have been described in a fragmented manner. Using literature from various disciplines, this paper presents two contributions. First, it describes the fundamental concepts regarding compliance. Second, it presents a framework in which the various tactics for achieving organizational compliance can be positioned