(c) april 2015 ml taylor, c.p.m. 1 - mltweb …c) april 2015 ml taylor, ... legal discovery issue...
TRANSCRIPT
10/1/2015
1
Hot topics and hot potatoes
What supply chain managers need to know & Why
ML Taylor, C.P.M.
(c) April 2015 ML Taylor, C.P.M. 1
Big Data
Cloud Computing
E-Discovery
Objectives
1. What is it &
Why do I care?
2. Buzzwords &
Hot topics
4. References &
Resources
3. Mitigating actions
ML Taylor, C.P.M. 2 (c) April 2015
10/1/2015
2
Preface
I am not a lawyer. My opinions are not legal
advice. Obtain advice of counsel familiar with
electronic records issues for your business
decisions
“Contract” and “purchase order” are intended to
refer to the legal contract regardless of value,
product or service being procured
No difference for Federal vs. commercial
contractor unless specifically stated
Presentation posted: www.mltweb.com/handouts/
April 2015 ML Taylor, C.P.M. 3
Hot Topics
Electronic Records
Internet of Things
Cloud Computing
Big Data, Data Analytics
Software as a Service
Social media marketing
Forensic accounting, discovery software
April 2015 ML Taylor, C.P.M. 4
10/1/2015
3
Why Do We Care?
Companies must implement new technologies to
stay competitive and differentiate the market Amazon stole a large market share from retailers by using new marketing
technology
Organizations must use new technologies to cut
costs, reduce staff and respond to growing
consumer information demands e.g. Online records, IRS e-filing, Social Security inquiries
Urgency: Management panic, legal
questions, IT rush-to-purchase, pushy
salesmen, incompatibilities, consumer
demand, high-risk contracts, supply-chain churn
April 2015 ML Taylor, C.P.M. 5
Panacea
What Can We Do?
Lead: Take action before it’s too late
Explain business process changes & impacts
Ask for IT and Legal analysis of risks
Schedule demonstrations and ensure issues
and concerns are explained
Help everyone understand there is competition
Require key suppliers to prepare
(e.g. normalize & provide electronic data, adopt
similar standards, agree to safeguards)
April 2015 ML Taylor, C.P.M. 6
We know it’s coming, so…..
10/1/2015
4
Change Happens…
Copy Machines?
“We need an original signature”
FAX Machines?
“We need a hard copy by mail”
Electronic catalogs?
Email and Digital Signatures?
“Digital Signature Laws enacted”
Cloud Computing Publicity
“Who has access to the data?”
April 2015 ML Taylor, C.P.M. 7
Online
Package
Tracking,
EFT,
Electronic
Receipts,
Text
Messages
Free
Shipping
Electronic Files Flies
The Good News
Easy to create
Take up very little space
Copied easily
Translate to multiple
formats & languages
The Bad News
Too easy to save
They multiply
They all look the same
April 2015 ML Taylor, C.P.M. 8
10/1/2015
5
Author
What is Meta Data?
Created
Date
Contract Document : electronic file
TEXT TEXT
Last
Change
Date
Category,
file type
April 2015 ML Taylor, C.P.M. 9
The
wrapper
tells us
what’s
inside
Metadata is Critical
Library; with Metadata
Library; NO Metadata
April 2015 ML Taylor, C.P.M. 10
10/1/2015
6
Big Data –Holy Grail
How can we move from a deep well of
data to deep exploitation?
How can we use information to improve
operational efficiency and customer
experience, and create useful new
business models?
Big Data takes educated “drilling” to reveal
a well of valuable information
April 2015 ML Taylor, C.P.M. 11
Some institutions have used BIG Data principles for many years
The Good Old Days
April 2015 ML Taylor, C.P.M. 12
Contract Data:
• PO Number
• Price
• Quantity
• Delivery Date
10/1/2015
7
April 2015 ML Taylor, C.P.M. 13
BIG DATA + Customer usage
+ Raw material
+ Production schedule
+ Shop load
+ Carrying cost
+ Delivery estimate
+ Error rate
+ Transportation rates
+ Labor outages
+ Road hazards
+ Facility closures
+ Weather & roads
+ Regulation changes
+ Customs Schedule
+ Currency exchange
+ Market share
+ Profit/loss
+ Cost factors
= BIG Challenge Management’s “Holy Grail” 42
Big Data Challenges
Problem: Big Data is BIG Needs large computers, fast processing
Always gets bigger – never smaller
Requires knowledgeable analysts
Decide what data to gather & how
Traceability & accountability
Compilation & normalization
Accuracy - eliminate rekeying
Normalize, validate, control changes
April 2015 ML Taylor, C.P.M. 14
10/1/2015
8
Big Data - Issues
Data becomes stale & expires
Over-dependency by management
Relationship changes & cleanup
Catch & Correct hidden ‘defects’
Confirm applicability & relevancy
Analyze & report
Make rational decisions
Liability for data misuse
Legal record and discovery compliance costs
April 2015 ML Taylor, C.P.M. 15
Where Is My File?
April 2015 ML Taylor, C.P.M. 16
10/1/2015
9
The Cloud…The Cloud
April 2015 ML Taylor, C.P.M. 17
My data
is in here Somewhere
ISM Podcast,
Christina Kunz Bringing Cloud Computing Down to Earth
Google Data Centers To ensure security, Google keeps
every piece of data stored on at least
two servers, with the most important
data also held on digital tapes.
April 2015 ML Taylor, C.P.M. 18
Cloud Computing
10/1/2015
10
Cloud Service Contracts
Data & Software reside on equipment owned
by service provider (e.g. Google)
User controls data upload/download (maybe)
Provider responsible for equipment, data
storage, backup copies, licensing?
Is Provider responsible for preventing
unauthorized access?
Does Provider comply with Government
requests w/o notification?
April 2015 ML Taylor, C.P.M. 19
April 2015
ML Taylor, C.P.M.
20
Wiki Leaks
Who Protects My Data?
Taylor’s Data CIA
10/1/2015
11
Cloud Storage more issues
Data ownership,
Data retention, backups & data deletion
Clinton Lesson(s)
Data Storage, backups, protection
Security, encryption, access control
Legal evidence, compliance, spoilage
Support, changing service providers
April 2015 ML Taylor, C.P.M. 21
Internet of Things
DHL report about impact on logistics
” when we light up “dark assets” — vast
amounts of information emerge, along with
potential new insights and business value”
Approx. 15B “things” connected to the
internet today. They predict by 2020 it will
be 50B “things” GPS tracking devices & services, copiers, card readers, HVAC & power
controllers, thermostats, power meters, plant equipment maintenance logs,
smartphones, access ID cards, vehicles
April 2015 ML Taylor, C.P.M. 22
When “things” talk – Who listens? How is the data used?
10/1/2015
12
April 2015 ML Taylor, C.P.M. 23
Assets Creating Data
Home: Web cam,
baby monitor, door
lock, HVAC, electric
meter, automobile
Consider advantage if
your car connected to
your internet at home
and automatically
uploaded maintenance
data and service issues
Work: HVAC, lighting,
card readers,
inventory dispensers,
delivery truck
locations, equipment
service data
Service providers
already provide small
tracking devices for
sensitive & high-value
shipments
April 2015 ML Taylor, C.P.M. 24
10/1/2015
13
April 2015 ML Taylor, C.P.M. 25
Electronic Data Storm
What well-known political family is once again in the news with issues
exacerbated by public release of email and text messages? (hint: Arkansas)
Big Data mining & analysis tools are very powerful and dangerous
when information is misused
Personal text messages, emails & cell phones are discoverable
when used for work-related communication
Cloud storage and email service providers will respond to legal and
political pressure
Data is never really gone – FBI/NSA/CIA recording
More examples:
Subpoena for email in Scotland - Microsoft defending consumers
Bill Gates embarrassing emails
Basket Ball Team owner – lost the team
April 2015 ML Taylor, C.P.M. 26
10/1/2015
14
Electronic Record in Court
With Meta Data
Access Control
No Tampering
No Changes
3rd Party Custodian
April 2015 ML Taylor, C.P.M. 27
No Meta Data =
no protection
Litigation Hold – our action
April 2015 ML Taylor, C.P.M. 28
As soon as legal action is anticipated
Suspend record retention procedures
Preserve evidence in all locations, including
backups, DVDs, USB drives, cloud drives, etc.
Identify & notify key players – legal notice
don’t forget former employees or
contractors if they have your data) and
new or temporary employees
Prevent spoilation & loss
Prepare to comply with Discovery Order(s)
10/1/2015
15
Discovery Issues
Forensic accounting, legal specialists
software vendors - ubiquitous
Technology assisted review (TAR)
Legal Review of all records
Culling, Clustering, de-duplication
Privileged Communication
Collateral damage & clawback
April 2015 ML Taylor, C.P.M. 29
Warning: Not all managers and not all lawyers are conversant with electronic
record issues . Retain competent counsel.
Who Controls Our Files?
“Cloud” & data storage contracts must
anticipate and provide for discovery
Provider must be capable and obligated to comply
with e-discovery requirements
Demonstrate that records have not been spoiled or
changed and that ALL records have been provided
IT personnel must be prepared to support
Retrieve records and preserve metadata
Provide files in standard formats
April 2015 ML Taylor, C.P.M. 30
Warning: IT suppliers have different ideas about compliance requirements.
Do not assume the IT folks understand your business needs.
10/1/2015
16
More Trouble
Fail to consider, smart phone & social media
BP oil spill case, Kurt Mix
Underestimate compliance cost & effort
OFHEO case - $6M error
Mix privileged data or vital data Inadvertent production of a privileged document may waive the privilege
only for that document or for all privileged documents on that subject or on
all subjects.
DO NOT assume this is an IT issue -
Business process owner has to be involved
April 2015 ML Taylor, C.P.M. 31
Reading & References
Big Data www.mltweb.com/tools/imo.htm#big_data_
www.dhl.com/en/about_us/logistics_insights/dhl_trend_research/bigdata.html
Cloud Computing www.mltweb.com/tools/imo.htm#storm_cloud
Internet of Things www.dhl.com/en/about_us/logistics_insights/dhl_trend_research/internet_of_things.html
E-Mail Pitfall http://www.mltweb.com/tools/imo.htm#email
April 2015 ML Taylor, C.P.M. 32
10/1/2015
17
References
Discovery Presentation
www.mltweb.com/handouts/discovery.pdf
www.mltweb.com/handouts/references.pdf
http://www.savi.com/solutions/applications/
Smartphone app to track shipments
April 2015 ML Taylor, C.P.M. 33
WWW.MLTWEB.COM
Discussion?
April 2015 ML Taylor, C.P.M. 34
Following slides are parts of a much longer discussion. They are left
here as a discussion reference and for people viewing the handouts
10/1/2015
18
Contract Language Issues
Litigation hold & discovery response
Recovery and Backup data access
Tampering protection
Access control, system security and
emergency response
Protection for personal privacy, sensitive
& intellectual property data
Termination, data cleanup & removal
3rd party access controls & notices
April 2015 ML Taylor, C.P.M. 35
Examples
Medical records, pharmacy prescriptions then Big Data
principles to align with drug company information to spot
potential drug interactions.
Legal discovery issue relative to law enforcement
subpoena of medical records consumers protected by
HIPPA… no protection for corporations
Life Insurance companies mining data to set high risk
premiums
April 2015 ML Taylor, C.P.M. 36
10/1/2015
19
Is there a way to gather
Supply Chain data that
will reveal anomalies in
transactions?
Is data gathered and
reported independently or
audited?
How secure is our Supply Chain?
April 2015 ML Taylor, C.P.M. 37
SOX Act specifically required management attention and business process
controls. Appropriate management controls should be number 1 priority when
considering any new electronic processes.
Discussion
April 2015 ML Taylor, C.P.M. 38
Quiz: What well-known political family is once again in the news with
revelations arising from electronic media and cloud data?
- Legally discoverable information – because it was used for work
- Access available to by multiple legal systems in various storage
locations around the world
- Probably distributed and stored by multiple people in various formats
and places
Positive benefits of Big Data and Cloud data Storage?
- Health care; drug interactions & medical records
- Banking; ATMs, credit cards
- Package and freight tracking
10/1/2015
20
Big Data – Industry Buzz
April 2015 ML Taylor, C.P.M. 39
April 2015 ML Taylor, C.P.M. 40
10/1/2015
21
DHL Logistics Reports
April 2015 ML Taylor, C.P.M. 41
Other Considerations
International electronic commerce, evidence and
discovery rules are different
retain knowledgeable counsel
Train personnel think about what they write.
Email and text messages:
Will be found….
Will be misinterpreted by opposing counsel
Will be used against you
Clean hidden data out of electronic files
Store records in a format that cannot be changed
April 2015 ML Taylor, C.P.M. 42
10/1/2015
22
April 2015 ML Taylor, C.P.M. 43
Electronic File Problems
Email messages transmitted through
multiple machines and servers
Copies, different versions and drafts could
be stored or backed up anywhere
Data processing centers & cloud services
add ownership and access issues
Media format & retrievability not obvious
Authentication can be difficult
April 2015 ML Taylor, C.P.M. 44
10/1/2015
23
April 2015 ML Taylor, C.P.M. 45
Contract Requirement
FAR 4.703 Policy
(a) Except as stated in 4.703(b), contractors shall
make available records, which includes books,
documents, accounting procedures and practices,
and other data, regardless of type and regardless of
whether such items are in written form, in the form of
computer data, or in any other form, and other
supporting evidence to satisfy contract negotiation,
administration, and audit requirements of the
contracting agencies and the Comptroller General
for—
(1) 3 years after final payment or, for certain records;
How to Get in Trouble
April 2015 ML Taylor, C.P.M. 46
Inadequate litigation hold
Lose control of evidence
Company policy & rogue employee defense
Destroy records in anticipation
Rambus case
Fail discovery obligation
Spoilated data
Incomplete compliance
10/1/2015
24
Authentication
Producing electronic evidence is not
enough.
Who created the file? When?
Where it was stored?
Who had access to it or how was it
controlled?
Who viewed, copied, edited or could have
tampered with the file?
When, why and by whom was any part of it
(including metadata) modified or deleted?
April 2015 ML Taylor, C.P.M. 47
Discovery Order - Reality
Produce all relevant emails text messages by March 15
In your in-box, subfolders, archive folders
In un-emptied trash or copied to a colleague
Include attached files or links to other files
Stored on network drives, backup drives, USB drives,
smart phones, laptops, etc.
We have to search them all!
Then review, categorize and ready for submittal
Discovery order is limited only by the creativeness of opposing
counsel and the patience of the judge
April 2015 ML Taylor, C.P.M. 48
10/1/2015
25
Notes;
IoT : smartphone connected to thermostat or door lock. Traffic lights
controlled by central computer, retail display cases reporting on product
sales
Items producing data and feeding to the internet at much more rapid
rate than humans. Web cams, weather stations,
Big Data analysis: combine sales information with time of day, weather
prediction, traffic, holidays, sale prices, etc. to predict sales volume and
schedule retail staff.
April 2015 ML Taylor, C.P.M. 49
April 2015 ML Taylor, C.P.M. 50
10/1/2015
26
Files, Documents & Records
Paper
Visible & common format
Costly to store copy and
distribute
Difficult to index and
search
Deliberate
document/record decision.
Electronic Files Invisible, exist anywhere
Easy to save & copy
Can be posted or emailed
Can be indexed and
searched electronically
Can become part of the
record by accident
April 2015 ML Taylor, C.P.M. 51
April 2015 ML Taylor, C.P.M. 52
Discovery Model
10/1/2015
27
Records Management Plan
Drivers Define Train Store
-Legal
-Tax
-NARA
-FAR
-Risk of loss
-HR
-Environment
-File type
-Purpose
-Capture date
-Retention
-Separate
risks
-Management
-Legal
-Staff
-Contractors
-IT staff
-Security
-Backup
-“information
lifecycle
governance
(ILG)”
-Preservation
-Retirement
April 2015 ML Taylor, C.P.M. 53
Audit
-Awareness
-Compliance
-Exceptions
-Recovery
-Spoilage
-Duplication
-Garbage
What IS/NOT a Record?
Files
Working copies
Notes
Drafts
Unsigned
Old versions
Reports
Emails
Text messages
Considerations:
Is it the only evidence?
Audit support
Decision support
Lifespan – keep until
when?
Authority to destroy
should be documented
in policy
April 2015 ML Taylor, C.P.M. 54
10/1/2015
28
What is a Record?
April 2015 ML Taylor, C.P.M. 55
GAO, OMB, IG, DCAA audits & cases
What documents do we need to survive an incurred cost
audit or a DOL Davis Bacon audit?
What project records do we need
Warranty, QA, safety envelope, proof of insurance
What records does finance need?
Tax payments,
What records does the legal counsel want to retain?
Executed contract, stop work notice, claim
Records by department/function?
We may not all have the same needs or retention criteria.
What is a Record?
April 2015 ML Taylor, C.P.M. 56
National Archives & Record Administration
GRS-3 – procurement documents
GRS -20 – electronic records (April 2010)
Describes what documents should be kept
and the normal retention period
Presidential initiative 11/28/11, OMB 8/24/12
Requires that to the fullest extent possible, agencies
eliminate paper and use electronic recordkeeping
…applicable to all executive agencies and to all records,
without regard to security classification or any other
restriction.
10/1/2015
29
Action Plan
Define
Record
Train
Procedures
Communicate Sensitize
Defensible
plan
April 2015 ML Taylor, C.P.M. 57
What
records
are
required
for this
activity?
How are
we going
to capture
the
records?
How are
we going
to store
the
records?
What is
the
retention
period? When and how are we going to retire records
and non-records?
Does everyone understand the risks and
know how to respond to a legal hold?