Professional Documents
Culture Documents
Leveraging In-house eDiscovery Technology for Protecting Data Privacy, Enabling IP Protection, and Controlling Sensitive Data
Sponsored by:
Abstract
This paper provides an overview of the problems and risks associated with increasing amounts of data and the inability to quickly and efficiently identify sensitive data for business and legal reasons and the impact of data privacy requirements. It also provides an overview of challenges associated with Intellectual Property and how an organization can utilize eDiscovery solutions to address these growing data management risks, including how the same framework and tools that are used for eDiscovery processes can be leveraged for protecting data privacy, enabling IP protection, and controlling sensitive data across an enterprise.
Disclaimer
Contoural provides information regarding business, compliance and litigation trends and issues for educational and planning purposes. However, legal information is not the same as legal advice the application of law to an individual's or organization's specific circumstances. Contoural and its consultants do not provide legal advice. Organizations should consult with competent legal counsel for professional assurance that our information, and any interpretation of it, is appropriate to each organizations particular situation.
Table of Contents
Conclusion ____________________________________________________________ 11
Page 2 of 13
Copyright 2011 Contoural, Inc.
Introduction
Do you know what data you have and where it is? While these may seem to be relatively simple questions, given the massive amount of data created and retained by organizations today, the answers are sometimes hard to come by. Not knowing the answers can be disastrous for an organization. These simple questions are faced by data security, intellectual property (IP) and legal departments alike, albeit in somewhat different contexts. Data security departments need to understand what data their organization has, and where it is located in order to protect it from outside breach or an internal leak. IP managers need to understand where confidential IPrelated information exists in order to protect and assert their IP rights. Legal departments need to understand what data the organization has in order to be litigation ready and be able to respond timely to discovery requests in the event of litigation or investigation. Although these are different business functions, they all have a common need: identifying and controlling data.
Page 3 of 13
Copyright 2011 Contoural, Inc.
repository for convenience purposes, storage limitation reasons, or transitory storage reasons. Employees, contractors and other authorized individuals often store confidential or sensitive data on corporate file shares, in email, or on portable devices such as unencrypted laptops, USB and flash drives. Once in this unsecure location, the data may simply be forgotten, but still represents a potential risk of a data breach or data leak, since unsecured repositories have an inherent lack of access control. Couple the ever-increasing volumes of data that organizations are accumulating with the growing number of potentially unsecured places that data may reside, and the risk of a breach or leak is much greater. Exacerbating the problem is the fact that employees are often unaware that they are prohibited from storing data in a particular location, or worse, the company may not have a policy prohibiting this type of behavior or any specific training on how to deal with a particular type of information.
Page 4 of 13
Copyright 2011 Contoural, Inc.
and Accountability Act (HIPAA) regulates who may see and use PHI such as name, Social Security number, date of birth, and health history information.
Page 5 of 13
Copyright 2011 Contoural, Inc.
Page 6 of 13
Copyright 2011 Contoural, Inc.
Page 7 of 13
Copyright 2011 Contoural, Inc.
Patents, another form of intellectual property, can also make up the bulk of a companys financial assets. Patents typically are developed over several years of research and development and the documents and records created in the development of the method, process, or technology can be quite extensive. Because of the exclusive rights derived from owning a patent, the financial value of patents has become more and more the subject of high stakes litigation. One particular category of patent litigation that has been on the rise in recent years is litigation brought by patent holding companies or non-practicing entities. A patent holding company (pejoratively often referred to as a patent troll), typically amasses a large amount of patents in a particular field, not to practice the claimed inventions, but to license the technology for others to practice. Some patent holding companies also frequently litigate those they believe are violating the patents in their portfolio. A typical practice of these entities is to send a cease and desist letter to those in the target field or industry, often offering a license to use/practice the inventions covered in the patent(s). A recipient of a cease and desist letter is faced with one of two options: either fight the law suit (usually at significant expense), or pay the license fee, which typically should be less the total cost of litigation. Typically a patent holding company is looking to monetize their patents and obtain the most money with the least amount of expense. Companies with limited ability to analyze their IP portfolios are likely to spend more during litigation and/or are more likely to settle these types of suits. Therefore unprepared companies are a more likely target for infringement cases by patent holding companies. Most holding companies engage outside counsel on a contingency basis and all cost are subtracted from the settlement or verdict amount. A quick win through settlement is thus more attractive. Often, larger businesses are at an extreme disadvantage when it comes to discovery because they generally will have a much larger universe of responsive data to identify, collect, review and produce a than a patent holding company. Having a deep understanding of where all patent-related information is stored and how to retrieve it quick and efficiently can quickly put an organization on the offensive in the discovery process.
Page 8 of 13
Copyright 2011 Contoural, Inc.
Creating and Extending an ESI Map for Identifying Where Specific Data Is
A current best practice for eDiscovery is creating an Electronically Stored Information (ESI) Map. An ESI Map is a defensible inventory of an organizations data repositories that may contain information potentially discoverable in a litigation proceeding or other legal proceeding or investigation. The Map contains important information such as the type of data, source, location and volume of information, as well as who to contact to collect information from the repository. Identifying what data exists, how, and where it is stored, and how long it is stored for, is the foundation of a sold litigation readiness and eDiscovery program. Inherent within this landscape of data characteristics is also the foundation of any good IP protection strategy that is equally important in a data security program. In the security arena, understanding what data exists, how/where it is stored, and how long it is retained is vital to implementing proper access and security controls and protection from breaches or leaks. Through leveraging and expanding an eDiscovery-oriented ESI Map, data compliance departments can add additional categories regarding the sensitivity of the information, such as identifying if it contains PII or other confidential or otherwise sensitive business information. This additional information about the data will help compliance and data security teams understand what data exists, and where data may be at risk from a leak or breach. In addition, including information about what patent or technology the data may relate to can help legal departments proactively understand the volume and location of IP data, so that they are better equipped to defend or assert their patent/IP rights.
Page 9 of 13
Copyright 2011 Contoural, Inc.
Page 10 of 13
Copyright 2011 Contoural, Inc.
monthly. The data environment will never stand still, and therefore processes need to be equally dynamic.
Conclusion
Whether ensuring data compliance, managing intellectual property, or executing eDiscovery, the main building block all three require is proper identification of information across the entire organization. Due to the overlap in benefits derived from understanding what data is where, a business can leverage existing tools and processes such as those that already exist in the eDiscovery world. In addition, business cases for such eDiscovery solutions do not need to be made exclusively on eDiscovery, rather the business case for eDiscovery can be a part of the business case for data privacy, IP management and other cases involving controlling sensitive data across the enterprise.
Page 11 of 13
Copyright 2011 Contoural, Inc.
About StoredIQ
StoredIQ is a leading provider of enterprise-class intelligent information governance solutions, including the award-winning Intelligent Information Management solution, which enables organizations to gain visibility and control over business-critical information to help meet their compliance, records management and legal discovery requirements. StoredIQ provides a unified solution for fast response to litigation and investigations, for proactive "litigation readiness," and for information protection and risk management, as well as storage management. Industry-leading companies rely on StoredIQ to streamline their information management and eDiscovery processes, while reducing risk and cost in the process. StoredIQ, Inc. 4401 West Gate Blvd Suite 300 Austin, TX 78745 Phone 512 334 3100 www.storediq.com info@storediq.com
Page 12 of 13
Copyright 2011 Contoural, Inc.
With these services, Contoural helps companies ensure compliance and reduce risk across the enterprise, while also achieving litigation readiness and reducing costs. Contoural, Inc. 1935 Landings Drive Mountain View, CA 94043 650-390-0800 www.Contoural.com info@contoural.com
Page 13 of 13
Copyright 2011 Contoural, Inc.