DEFENSIBLE DELETION TO DOWNSIZE YOUR DATA

Similar documents
Investigating Insider Threats

NYDFS Cybersecurity Regulations

Steps to Take Now to be Ready if Your Organization is Breached Thursday, February 22 2:30 p.m. 3:30 p.m.

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

Cyber Security Law --- How does it affect the business operations in China? Xun Yang Of Counsel, Commercial IP and Technology

Building YOUR Privacy Program: One Size Does Not Fit All. IBM Security Services

Getting Your Privacy House in Order

Eliminating the Blame Game: Creating your Company Strategy for Documented Defense

Hire Counsel + ACEDS. Unified Team, National Footprint Offices. ediscovery Centers

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary

CTI BioPharma Privacy Notice

Advising the C-Suite and Boards of Directors on Cybersecurity. February 11, 2015

Cyber Risks, Coverage, and the Board of Directors.

SAILER FINANCIAL, LLC

Development of your Company s Record Information System and Disaster Preparedness. The National Emergency Management Summit

UT HEALTH SAN ANTONIO HANDBOOK OF OPERATING PROCEDURES

NYDFS Cybersecurity Regulations: What do they mean? What is their impact?

U.S. Private-sector Privacy Certification

PRC Cyber Security Law --- How does it affect a UK business? Xun Yang Of Counsel, Commercial IP and Technology

Memorandum ITS FOIL

Cyber Security Law --- Are you ready?

MNsure Privacy Program Strategic Plan FY

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

The Evolving Threat to Corporate Cyber & Data Security

Cyber Risks in the Boardroom Conference

EU General Data Protection Regulation (GDPR) Achieving compliance

Defensible Security DefSec 101

Farmingdale State College Records Management Training PRESENTED BY DOROTHY HUGHES INTERNAL CONTROL OFFICER AND RECORDS MANAGEMENT OFFICER

Enterprise Search at White & Case

A Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 9, 2016

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston

Oracle Data Cloud ( ODC ) Inbound Security Policies

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

Mobility Policy Bundle

New York DFS Cybersecurity Regulation:

Privacy Notice. Lonsdale & Marsh Privacy Notice Version July

GDPR: A QUICK OVERVIEW

BUILT FOR THE STORM. AND THE NORM.

Information Governance, the Next Evolution of Privacy and Security

Data Security: Public Contracts and the Cloud

RECORD RETENTION POLICY

Mastering Data Privacy, Social Media, & Cyber Law

Data Breach Preparedness & Response

Data Breach Preparedness & Response. April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH

Employee Security Awareness Training Program

EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS

In 2017, the Auditor General initiated an audit of the City s information technology infrastructure and assets.

CIPP/E CIPT. Data Protection Technologist (DPT) Training Bundle Official IAPP Training and Certification

Hacking and Cyber Espionage

PROCEDURE POLICY DEFINITIONS AD DATA GOVERNANCE PROCEDURE. Administration (AD) APPROVED: President and CEO

Computer Security Incident Response Plan. Date of Approval: 23-FEB-2014

Managing Cyber Risk. Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust

Vice President and Chief Information Security Officer FINRA Technology, Cyber & Information Security

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

Hong Kong s Personal Data (Privacy) Ordinance

8. AUTOMATED DECISION MAKING DURING DATA PROCESSING FURTHER INFORMATION FURTHER INFORMATION AND GUIDANCE CONTACT US...

General Data Protection Regulation Frequently Asked Questions (FAQ) General Questions

STRATEGIC PLAN

Data Management and Security in the GDPR Era

The Impact of Electronic Medical Records (EMR) and Metadata on Litigation. February 22, 2016

Certified Information Privacy Professional/United States

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services

costs maximize results minimize legal research Best Practices for Taming e-discovery futurelawoffice.com

Developing Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite?

Understanding Cyber Insurance & Regulatory Drivers for Business Continuity

Privacy Shield Policy

The Impact of Cybersecurity, Data Privacy and Social Media

HEALTH CARE AND CYBER SECURITY:

Chief Compliance Officer s (CCO s) Role in Cybersecurity Thursday, February 22 10:00 a.m. 11:00 a.m.

Performance Audit: City Could Better Protect Personally Identifiable Information July 2015

Isaca EXAM - CISM. Certified Information Security Manager. Buy Full Product.

Data Breach Preparation and Response. April 21, 2017

Exam4Tests. Latest exam questions & answers help you to pass IT exam test easily

Cyber Diligence. EY Deals Forum Ian McCaw EY Transaction Advisory Services

COMPLIANCE BRIEF: VARONIS AND THE US SECURITY AND EXCHANGE COMMISSION S OFFICE OF COMPLIANCE INSPECTIONS AND EXAMINATIONS (SEC OCIE)

CURTIS BANKS LIMITED. Privacy Information Notice. curtisbanks.co.uk

BENEFITS of MEMBERSHIP FOR YOUR INSTITUTION

AUDIT REPORT. Network Assessment Audit Audit Opinion: Needs Improvement. Date: December 15, Report Number: 2014-IT-03

Data Privacy & Protection

The Stakes Are Going Up: Hacking and the New Paradigm of Data Breaches

Leveraging ediscovery Technology for Internal Audit 2016 Houston IIA 7th Annual Conference

Jim Keane Port Authority of New York and New Jersey General Manager, Operations Safety New York, NY

Putting It All Together:

Records Information Management

NERC Staff Organization Chart Budget 2019

FORM ADV PART 2B BROCHURE SUPPLEMENT

Anticipating the wider business impact of a cyber breach in the health care industry

IRON MOUNTAIN GOVERNMENT SERVICES

CISO View: Top 4 Major Imperatives for Enterprise Defense

encrypted, and that all portable devices (laptops, phones, thumb drives, etc.) be encrypted while in use and while at rest?

This Webcast Will Begin Shortly

Kroll Ontrack VMware Forum. Survey and Report

Maintaining Resiliency Within the Defense Industrial Base Through Preparedness Response and Recovery

Best Practices for Campus Security. January 26, 2017

Incident Response and Cybersecurity: A View from the Boardroom

THE PROCESS FOR ESTABLISHING DATA CLASSIFICATION. Session #155

Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services.

A Promise Kept: Understanding the Monetary and Technical Benefits of STaaS Implementation. Mark Kaufman, Iron Mountain

How to Prepare a Response to Cyber Attack for a Multinational Company.

Application for Certification

Transcription:

May 18, 2016 DEFENSIBLE DELETION TO DOWNSIZE YOUR DATA A Roadmap to Better Litigation Preparedness and Records Retention Practices

Anthony L. McElynn E*TRADE Chief Compliance Officer Robert Fowler, CIPP/US Jordan Lawrence Director of Professional Services Daniel M. Braude Wilson Elser Partner

Costs & Risks Records Inventorying Retention Policies Defensible Implementation Achieving Compliance

Costs & Risks Records Inventorying Retention Policies Defensible Implementation Achieving Compliance

Heeere s Johnny the Plaintiffs

A litigation cost differential may sometimes enable plaintiffs attorneys to engage in practices that resemble extortion. Prof. John C. Coffee, Jr. (1987)

E-Discovery Goal No. 1 Stay Out of Trouble ESI Preservation Practices

E-Discovery Goal No. 2 Control Costs Minimize Document Review Efforts

Data Minimization Potential Savings Offsite Records Storage Apply Retention Rules Eliminate Over Five Years 60% Over Three Years Electronic & Email Initial Volume Correction Manage Growth by Enforcing Policy 30% Over Three Years E-Discovery Reduce Volume of Discoverable Info Minimize Discovery Scope 25% Per Event System Performance Less Data to Process Retire Legacy Systems Significant

Costs & Risks Records Inventorying Retention Policies Defensible Implementation Achieving Compliance

REGULATORY WHERE CLASSIFICATION STORAGE MEDIA BUSINESS NEED PRIVACY RECORD TYPE DNA SOURCE RETENTION USAGE MOVEMENT APPLICATION SENSITIVE

Accident / Incident Records Best Practice Retention: 5 Years 29 CFR 1904.33 Distribution Centers HR - Benefits Facilities HR - Regional HR Compensation Manufacturing Operations Health Information Government ID s Beneficiary # FMLA Dates of Service Patient Name Patient Address National ID Card # Partial Social Security # Social Security # Personal Information Financial Information Age Name Email Address Marriage Status Physical Address Telephone # Insurance Information Retirement Account Third Party, Cognos, SharePoint, Oracle Archive, Desktop, Email Inbox, Laptops, Printed, Shared Drives Box Warehouse, Department File Cabinet, Secure File Cabinet Applications Email Paper Employment Information Employment ID Employment Status Handicapped Status Medical Conditions Other Corp - Legal Actions EU - Health Status CDDVD, Laptops, Shared Drives Unstructured

Costs & Risks Records Inventorying Retention Policies Defensible Implementation Achieving Compliance

Make Retention Rules Practical EASY TO UNDERSTAND. ENABLES ENFORCEMENT. BEST PRACTICE RETENTION. NO GUESSWORK INDUSTRY STANDARDS PROVIDE DEFENSIBILITY. CLEAR DIRECTIONS ENABLE COMPLIANCE. 18

Costs & Risks Records Inventorying Retention Policies Defensible Implementation Achieving Compliance

Retention Rules For All Information VALID BUSINESS RECORDS LEGITIMATE RETENTION NEEDS OPERATIONAL INFORMATION RETENTION VALUE VARIES MOST INFORMATION HAS LITTLE RETENTION VALUE

Email Retention Rules Create an Actionable Email Strategy Non-Essential Emails NO LEGAL OR BUSINESS REQUIREMENT Inbox = 180 Days Sent = 180 Days Deleted = 180 Days Email Sub-Folder EMAILS CONTAINING BUSINESS VALUE Business General = 18 Months Exceptions BASED ON ROLE, FUNCTION OR DEPARTMENT Legal = 10 Years C-Level = 6 Years

Costs & Risks Records Inventorying Retention Policies Defensible Implementation Achieving Compliance

People Process Technology Controls Change the Culture

People Process Technology Controls Focus on Business Needs

People Process Technology Controls Avoid Rules Without Tools

18 Months People Process Technology Controls RECORDS NON-RECORDS 6 Years 6 Years 3 Years 3 Years 18 Months Avoid Rules Without Tools

People Process Technology Controls Employee Training & Compliance Monitoring

Tracking Compliance

Show Your Work

Anthony L. McElynn E*TRADE anthony.mcelynn@etrade.com Chief Compliance Officer Robert Fowler, CIPP/US Jordan Lawrence rfowler@jordanlawrence.com 636.778.1681 Daniel M. Braude Wilson Elser daniel.braude@wilsonelser.com 914.872.7210 Director of Professional Services Partner

Thank you!

Anthony L. McElynn E*TRADE Chief Compliance Officer Anthony (Tony) McElynn is the Chief Compliance Officer for E*TRADE Capital Management, a registered investment adviser with approximately $3.2 Billion in assets under management. Tony is also currently leading the development of E*TRADE s compliance infrastructure to adhere to the DOL s new fiduciary regulation. From 2013-2015, Tony helped develop the records management program for E*TRADE which established new protocols for record retention and destruction. Prior to his appointment as Chief Compliance Officer in 2011, Tony was the Director of National Retail Services (NRS) at E*TRADE. While head of NRS, Tony led the team that created and launched E*TRADE s discretionary managed account products and also oversaw the front-line control infrastructure for E*TRADE s retail business. He earned a bachelor s degree from Villanova University and currently holds his Series 7, Series 8, Series 24, and Series 66 licenses.

Robert Fowler Jordan Lawrence Director of Professional Services / CIPP/US Robert Fowler is a Director of Professional Services at Jordan Lawrence, a leading solution provider for records retention, data privacy and information governance. He has over 10 years of experience in records management and information governance. Robert advises in-house counsel, compliance and privacy professionals in the areas of records management, data privacy and e-discovery and the confluence of technology in these areas. He plays a key role in the success and oversight of developing and enforcing effective, defensible and cost effective information governance programs that address information across all platforms and media.

Daniel M. Braude Wilson Elser Moskowitz Edelman & Dicker LLP 150 East 42nd Street New York, NY 10017 Tel 212-490-3000 New York Metropolitan Offices: 1133 Westchester Avenue White Plains, NY 10604 Tel: 914-323-7000 Dan Braude, co-chair of Wilson Elser s e-discovery team, centers his practice on complex litigation involving product liability and commercial disputes, with an emphasis on related electronic discovery and document preservation issues. Focused on the information lifecycle, Dan addresses the challenges associated with changing technology, cloud computing, and related data privacy and information security issues. In addition, Dan is a Certified Information Privacy Professional (CIPP/US) and he serves as an Adjunct Professor at Pace University School of Law where he teaches a course on e- Discovery.

May 18, 2016 DEFENSIBLE DELETION TO DOWNSIZE YOUR DATA A Roadmap to Better Litigation Preparedness and Records Retention Practices

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback