DEFENSIBLE DELETION TO DOWNSIZE YOUR DATA

Size: px

Start display at page:

Download "DEFENSIBLE DELETION TO DOWNSIZE YOUR DATA"

Junior Mason
5 years ago
Views:

1 May 18, 2016 DEFENSIBLE DELETION TO DOWNSIZE YOUR DATA A Roadmap to Better Litigation Preparedness and Records Retention Practices

2 Anthony L. McElynn E*TRADE Chief Compliance Officer Robert Fowler, CIPP/US Jordan Lawrence Director of Professional Services Daniel M. Braude Wilson Elser Partner

6 Costs & Risks Records Inventorying Retention Policies Defensible Implementation Achieving Compliance

7 Costs & Risks Records Inventorying Retention Policies Defensible Implementation Achieving Compliance

8 Heeere s Johnny the Plaintiffs

9 A litigation cost differential may sometimes enable plaintiffs attorneys to engage in practices that resemble extortion. Prof. John C. Coffee, Jr. (1987)

10 E-Discovery Goal No. 1 Stay Out of Trouble ESI Preservation Practices

11 E-Discovery Goal No. 2 Control Costs Minimize Document Review Efforts

Enforcing Policy 30% Over Three Years E-Discovery Reduce Volume of Discoverable Info Minimize

13 Data Minimization Potential Savings Offsite Records Storage Apply Retention Rules Eliminate Over Five Years 60% Over Three Years Electronic & Initial Volume Correction Manage Growth by Enforcing Policy 30% Over Three Years E-Discovery Reduce Volume of Discoverable Info Minimize Discovery Scope 25% Per Event System Performance Less Data to Process Retire Legacy Systems Significant

14 Costs & Risks Records Inventorying Retention Policies Defensible Implementation Achieving Compliance

15 REGULATORY WHERE CLASSIFICATION STORAGE MEDIA BUSINESS NEED PRIVACY RECORD TYPE DNA SOURCE RETENTION USAGE MOVEMENT APPLICATION SENSITIVE

16 Accident / Incident Records Best Practice Retention: 5 Years 29 CFR Distribution Centers HR - Benefits Facilities HR - Regional HR Compensation Manufacturing Operations Health Information Government ID s Beneficiary # FMLA Dates of Service Patient Name Patient Address National ID Card # Partial Social Security # Social Security # Personal Information Financial Information Age Name Address Marriage Status Physical Address Telephone # Insurance Information Retirement Account Third Party, Cognos, SharePoint, Oracle Archive, Desktop, Inbox, Laptops, Printed, Shared Drives Box Warehouse, Department File Cabinet, Secure File Cabinet Applications Paper Employment Information Employment ID Employment Status Handicapped Status Medical Conditions Other Corp - Legal Actions EU - Health Status CDDVD, Laptops, Shared Drives Unstructured

17 Costs & Risks Records Inventorying Retention Policies Defensible Implementation Achieving Compliance

18 Make Retention Rules Practical EASY TO UNDERSTAND. ENABLES ENFORCEMENT. BEST PRACTICE RETENTION. NO GUESSWORK INDUSTRY STANDARDS PROVIDE DEFENSIBILITY. CLEAR DIRECTIONS ENABLE COMPLIANCE. 18

19 Costs & Risks Records Inventorying Retention Policies Defensible Implementation Achieving Compliance

20 Retention Rules For All Information VALID BUSINESS RECORDS LEGITIMATE RETENTION NEEDS OPERATIONAL INFORMATION RETENTION VALUE VARIES MOST INFORMATION HAS LITTLE RETENTION VALUE

Email Retention Rules Create an Actionable Email Strategy Non-Essential Emails NO LEGAL OR BUSINESS REQUIREMENT Inbox = 180 Days Sent = 180 Days Deleted = 180

21 Retention Rules Create an Actionable Strategy Non-Essential s NO LEGAL OR BUSINESS REQUIREMENT Inbox = 180 Days Sent = 180 Days Deleted = 180 Days Sub-Folder S CONTAINING BUSINESS VALUE Business General = 18 Months Exceptions BASED ON ROLE, FUNCTION OR DEPARTMENT Legal = 10 Years C-Level = 6 Years

22 Costs & Risks Records Inventorying Retention Policies Defensible Implementation Achieving Compliance

23 People Process Technology Controls Change the Culture

24 People Process Technology Controls Focus on Business Needs

25 People Process Technology Controls Avoid Rules Without Tools

26 18 Months People Process Technology Controls RECORDS NON-RECORDS 6 Years 6 Years 3 Years 3 Years 18 Months Avoid Rules Without Tools

27 People Process Technology Controls Employee Training & Compliance Monitoring

28 Tracking Compliance

29 Show Your Work

30 Anthony L. McElynn E*TRADE Chief Compliance Officer Robert Fowler, CIPP/US Jordan Lawrence Daniel M. Braude Wilson Elser Director of Professional Services Partner

31 Thank you!

Anthony L. McElynn E*TRADE Chief Compliance Officer Anthony (Tony) McElynn is the Chief Compliance Officer for E*TRADE Capital Management, a registered investment adviser with approximately $3.

32 Anthony L. McElynn E*TRADE Chief Compliance Officer Anthony (Tony) McElynn is the Chief Compliance Officer for E*TRADE Capital Management, a registered investment adviser with approximately $3.2 Billion in assets under management. Tony is also currently leading the development of E*TRADE s compliance infrastructure to adhere to the DOL s new fiduciary regulation. From , Tony helped develop the records management program for E*TRADE which established new protocols for record retention and destruction. Prior to his appointment as Chief Compliance Officer in 2011, Tony was the Director of National Retail Services (NRS) at E*TRADE. While head of NRS, Tony led the team that created and launched E*TRADE s discretionary managed account products and also oversaw the front-line control infrastructure for E*TRADE s retail business. He earned a bachelor s degree from Villanova University and currently holds his Series 7, Series 8, Series 24, and Series 66 licenses.

Robert Fowler Jordan Lawrence Director of Professional Services / CIPP/US Robert Fowler is a Director of Professional Services at Jordan Lawrence, a leading solution provider for records retention,

33 Robert Fowler Jordan Lawrence Director of Professional Services / CIPP/US Robert Fowler is a Director of Professional Services at Jordan Lawrence, a leading solution provider for records retention, data privacy and information governance. He has over 10 years of experience in records management and information governance. Robert advises in-house counsel, compliance and privacy professionals in the areas of records management, data privacy and e-discovery and the confluence of technology in these areas. He plays a key role in the success and oversight of developing and enforcing effective, defensible and cost effective information governance programs that address information across all platforms and media.

34 Daniel M. Braude Wilson Elser Moskowitz Edelman & Dicker LLP 150 East 42nd Street New York, NY Tel New York Metropolitan Offices: 1133 Westchester Avenue White Plains, NY Tel: Dan Braude, co-chair of Wilson Elser s e-discovery team, centers his practice on complex litigation involving product liability and commercial disputes, with an emphasis on related electronic discovery and document preservation issues. Focused on the information lifecycle, Dan addresses the challenges associated with changing technology, cloud computing, and related data privacy and information security issues. In addition, Dan is a Certified Information Privacy Professional (CIPP/US) and he serves as an Adjunct Professor at Pace University School of Law where he teaches a course on e- Discovery.

35 May 18, 2016 DEFENSIBLE DELETION TO DOWNSIZE YOUR DATA A Roadmap to Better Litigation Preparedness and Records Retention Practices

Investigating Insider Threats

Investigating Insider Threats February 9, 2016 Jonathan Gannon, AT&T Brenda Morris, Booz Allen Hamilton Benjamin Powell, WilmerHale 1 Panelist Biographies Jonathan Gannon, AT&T, Executive Director & Senior