Search Warrant Basics

Recently The National Law Review published an article from Risk Management Magazine a publication of the Risk and Insurance Management Society, Inc. (RIMS) regarding Search Warrants in the Office:

When armed government agents enter your office, seize your computers and talk to your employees, the business day has gotten off to a rough start. It only gets worse when the news shows video of agents in raid jackets carrying your eye-catching, focus group-tested logo. As the days go on, you are busy reassuring customers, vendors and employees that despite early reports and comments made by the government and your competitors, it is all going to be fine and you are going to get back to business as usual.

Presented with this hypothetical situation, many adopt a similar response: it won’t happen to me. But any business that operates in a heavily regulated area or partners with any federal agency needs to appreciate that government inquiries are simply part of operating in that space. The FBI is not the only investigative agency; it is just as likely that the Environmental Protection Agency or the Health and Human Services Office of the Inspector General will be at the front desk with a warrant in hand and a team ready to cart away the infrastructure and knowledge of your business. Will you be ready?

Good planning as part of a regular annual review can help settle nerves, avoid costly mistakes, and put you in the best defensive position should that fateful day come when the feds show up at your door. Follow this five-part plan and you will be much better off.

Summon the Team

Just as the agents did the morning before the search, you need to assemble your response team. The government has specialized people with individual roles and you need to have the same type of team. Some people on your team are there because you want them there. Others make the team because they sit at the reception desk or close to the front door. Either way, they are now on the same team.

The point person on the team has to be the in-house counsel. The agent may not let the receptionist place a series of calls, but the receptionist should be permitted to call the in-house counsel to notify her of the situation. From that point on, the command center shifts from the front desk to counsel’s desk.

The next call should be made from the company’s general counsel to outside criminal counsel. A general litigation or M&A background may be well suited for the company’s general needs, but on this day, the needs are quite different. Outside criminal counsel needs to begin the dialogue with the agent and the prosecutor, and should send someone to the scene if possible.

The response team should also include the heads of IT, security and communications. The IT officer must make sure that, as the search is conducted, intrusion into the system can be minimized so that the business may continue operation. If the IT officer is not permitted to assist with the search, it is critical that he observes all actions taken by the government related to any IT matters. This observation may be valuable at some point in the future if computer records are compromised or lost. This is just as important for information that may tend to show some violation of the law as it is for information that may support defense or a claim of actual innocence. The Computer Crime and Intellectual Property Section of the Criminal Division has produced a manual for the search and seizure of computer records and an expert can help evaluate law enforcement’s compliance with its own approved procedures.

If your company is a manufacturer or scientific production company where the question at issue may be the quality, characteristics or integrity of a product, it is important that you demand an equal sample from the same source and under the same conditions as those taken by the seizing agents. This is important so that your own experts can review a similar sample for your own testing in defense. If this is not possible given the type of product seized, your outside counsel will work with prosecutors and agents to assert your rights to preserve evidence for future testing. Just as the IT expert can be a helpful observer, a technical expert who observes the government sampling can also provide valuable insight into issues related to the sampling that may make a world of difference at some time in the future.

The communications expert is the final member of the team, but no less significant. She can be an important point of contact for media inquiries that will inevitably follow. It is vital to be able to communicate to your customers that you are still performing your daily support and that, as you address this matter, you will never take your eye off the customer’s needs and deadlines. With a disciplined response, many companies will survive a search warrant and government investigation. This process will help ensure that your customers are there for you when you get through this difficult time.

Depending on the size of your company, all of the response team roles may be performed by one or two people. Think of the function of the tasks that need to be accomplished instead of job titles alone. The other factor that you must consider at the outset is what role will these people have in the case going forward. Try and identify people who can perform these tasks but will be outside the case itself. If you know that the company lab has been under investigation, the lab director may be a target of the investigation. If that is the case, you do not want to have that employee serving as your only witness observing the search. Instead, an ideal observer might be the outside counsel’s investigator.

Execute a Pre-Established Plan

An important part of this response is that you have a pre-established plan that can be taught and disseminated instantaneously. The first rule of any plan is to not make matters worse. In this case that means, “Let’s not have anyone arrested for obstruction.” If the search team has a signed search warrant for your address, they have a lawful right to make entry.

Challenging the search warrant is for another day and both state and federal laws prohibit interfering with the execution of a search warrant. This is the time to politely object to the search and document what is happening. With a copy of the search warrant in hand, outside legal counsel may be able to challenge the scope of the search, but that is not an area where the novice should dabble.

While your specialized team members perform their tasks, the company is generally at a standstill while the search continues. Let your team members work and have the rest of your employees go home. You are shut down for the time being just as you would be any other time your business is closed. You do not want to allow employees to wander the halls and interact with agents. Off-hand comments that make it into a law enforcement report may distort the facts and be difficult to explain later.

Make sure that company employees understand what is happening and what their rights are in this situation. It is important to avoid interfering with the actual lawful execution of a search warrant; it is also unlawful to tell your employees to not speak to the agents. If they know they have a right to meet with a company-retained counsel of their own and have a right to remain silent at this point, it may go a long way in calming nerves.

Assert Privilege

This is not a difficult matter to explain, but it is critical: if there are documents that are covered by the attorney/client privilege or any other similar privilege, it is critical that you assert that privilege. One reason for the receptionist to be allowed to call company counsel is that there are materials that are covered by the privilege.

It is critical to make privilege claims at this juncture so that the agents are aware of the assertion and that they formally recognize it. This may simply mean that they put those documents in a different box for review by a team subject to judicial review at a time in the near future or it may mean that the team will review the materials for immediate decisions to be made on scene. Whatever procedure the agents have established can be reviewed later, but if you do not assert privilege now, it changes the options available to you as the proceedings go forward

Record the Search

Given the concerns of civil liability, it is not uncommon for agents to make a video recording of their entry and departure from the scene. Their goal is to document any damage that may have been caused by the lawful execution of the warrant. The agents also want to be able to document their professional execution of the warrant in the event that claims are raised at a later point. But that tape is going to stay in their custody and not be available for your team to review as you prepare the defense.

A video record of the search may provide a key piece of support to the defense that could not possibly be understood on the day of the search. However, this process must be handled in a very unassuming manner and with a clear understanding by the agents that you are doing it, and that, in the event there are undercover officers who are masked, that you will make no effort to record them. In some states, recording voice without consent of all parties is a felony, so this is a matter that you must review with outside counsel when you are developing your procedures for search warrant response. Again, you do not want to do anything to make your situation worse.

Collect Your Own Intelligence

Just as the agents are trying to learn about your operations, they will be giving you valuable information about their own operations and the focus of their investigation. Your first tasks are to determine who is in charge, document the names of the agents in attendance and note all the agencies involved in the search. This is information that you can gather directly by politely asking for the names of the agents and observing the insignia of the agents’ uniforms or badges around their necks.

The other opportunity available to you in this unique situation is the opportunity to listen to the language the agents use, the apparent hierarchy of the agents, and the small bits of casual conversation that may give you valuable insight into the goals of the search. As the day wears on, the agents will feel more comfortable around your response team and they will talk more freely. This is not to suggest that your team should attempt to interrogate the agents, however, because that will open a two-way dialogue that may lead to statements that are difficult to explain or put in context. The suggestion is simply that you serve as an active listener.

Help Establish Rapport

Throughout the day, the agents are going to be forming opinions about your company and your employees. Use this time to make a good impression about your company. A professional, disciplined response in a time of crisis sends a very different message than the one sent by yelling obstructionists. Even though the agents have quite a bit of information about you as their target, it may have all been gathered from third parties. This may be your opportunity to impress them and to help them question the veracity of your accusers. Remember that there will be meetings about your company, your executives and their futures, and the only people in those meetings will be the agents and the prosecutors. You want their memories of this day to weigh in your favor.

Risk Management Magazine and Risk Management Monitor. Copyright 2012 Risk and Insurance Management Society, Inc.

White Collar Crime

The National Law Review would like to advise you of the upcoming White Collar Crime conference sponsored by the ABA Center for CLE and Criminal Justice SectionGeneral Practice,  &   Solo and Small Firm Division:

Event Information

When

February 29 – March 02, 2012

Where

  • Eden Roc Renaissance Miami Beach
  • 4525 Collins Ave
  • Miami Beach, FL, 33140-3226
  • United States of America
Primary Sponsors
  • Highlight

The faculty includes some of the leading white collar lawyers in the United States.  The keynote panels for the 2012 program will continue to focus on the role of ethics and corporate compliance in today’s business environment.

  • Program Description

Each year the National Institute brings together judges, federal, state, and local prosecutors, law enforcement officials, defense attorneys, corporate in-house counsel, and members of the academic community.  The attendees include experienced litigators, as well as attorneys new to the white collar area.  Attendees have consistently given the Institute high ratings for the exceptional quality of the Institute’s publication, its valuable updates on new developments and strategies, as well as the rare opportunity it provides to meet colleagues in this field, renew acquaintances and exchange ideas.

The faculty includes some of the leading white collar lawyers in the United States.  The keynote panels for the 2012 program will continue to focus on the role of ethics and corporate compliance in today’s business environment.  Once again, we expect excellent representation from the corporate sector.

  • CLE Information

ABA programs ordinarily receive Continuing Legal Education (CLE) credit in AK, AL, AR, AZ, CA, CO, DE, FL, GA, GU, HI, IA, ID, IL, IN, KS, KY, LA, ME, MN, MS, MO, MT, NH, NM, NV, NY, NC, ND, OH, OK, OR, PA, RI, SC, TN, TX, UT, VT, VA, VI, WA, WI, WV, and WY. These states sometimes do not approve a program for credit before the program occurs. This course is expected to qualify for 11.0 CLE credit hours (including TBD ethics hours) in 60-minute-hour states, and 13.2 credit hours (including TBD ethics hours) in 50-minute-hour states. This transitional program is approved for both newly admitted and experienced attorneys in NY. Click here for more details on CLE credit for this program.

The Inside Job: Can Employees Walk Out The Door With Your Company's IP?

Recently in The National Law Review was an article by Katie L. ClarkRohan Massey, and Hiroshi Sheraton of McDermott Will & Emery regarding IP Security:

With the economic downturn forcing redundancies, most employers are aware that the Q1 period brings an increase in employee movement. But have employers considered how much value could be walking out the door when an employee leaves? In today’s “knowledge economy”, businesses increasingly understand the value of intangible assets in the form of information.  Yet few businesses give thought to how and where those assets reside, or consider how much can be lost or passed to a competitor when employees move on.

The ease with which knowledge can be taken by employees has increased exponentially in recent times.  USB drives are now large enough to store literally millions of documents and cloud computing can provide limitless secure storage.  The increase in remote working also allows employees to download your documents and information in the privacy of their own homes.

There is also a growing international market for transferable knowledge, making the temptation even greater for employees to maximise their value to their new employer.  Emerging economies, with different laws, regulations, and cultural values, provide a ready market into which intellectual capital can be dispersed.

This issue affects every industry.  A number of high profile cases in the United States and China have seen former employees jailed for theft of trade secrets relating to consumer electronics and financial trading software, but every business has a wealth of internal knowledge that is used to give it a competitive advantage over its rivals.  Business plans, presentations, strategies, customer lists, market positioning, and protocols and procedures are all valuable assets that can find their way to new employers.

Most worryingly, this movement of information is not confined to “rogue” employees.  Many salespeople will claim that their address books of contacts belong to them, not to their employer.  Each type and level of employee and each type of business is likely to have a different understanding of what belongs to the company.  In addition, international cultural differences play an enormous role in determining where employees perceive the boundary to be between legitimate and illicit use of information.

So, how do you distinguish between what an employee is free to take away and what should remain with the business before it’s too late?  What procedures should be in place to maximise the intangible value retained by the business when employees move?  To what extent do data protection and privacy laws permit monitoring of employees’ activities?  What procedures are available when employees are suspected of taking valuable information and/or passing it to competitors?

In 2012, McDermott will be running a number of IP- and employment-focused seminars to provide an overview of how intellectual property and employment laws can help your company to protect it, and the policies and procedures that can be used to mitigate value walking out the door.

© 2012 McDermott Will & Emery

White Collar Crime

The National Law Review would like to advise you of the upcoming White Collar Crime conference sponsored by the ABA Center for CLE and Criminal Justice SectionGeneral Practice,  &   Solo and Small Firm Division:

Event Information

When

February 29 – March 02, 2012

Where

  • Eden Roc Renaissance Miami Beach
  • 4525 Collins Ave
  • Miami Beach, FL, 33140-3226
  • United States of America
Primary Sponsors
  • Highlight

The faculty includes some of the leading white collar lawyers in the United States.  The keynote panels for the 2012 program will continue to focus on the role of ethics and corporate compliance in today’s business environment.

  • Program Description

Each year the National Institute brings together judges, federal, state, and local prosecutors, law enforcement officials, defense attorneys, corporate in-house counsel, and members of the academic community.  The attendees include experienced litigators, as well as attorneys new to the white collar area.  Attendees have consistently given the Institute high ratings for the exceptional quality of the Institute’s publication, its valuable updates on new developments and strategies, as well as the rare opportunity it provides to meet colleagues in this field, renew acquaintances and exchange ideas.

The faculty includes some of the leading white collar lawyers in the United States.  The keynote panels for the 2012 program will continue to focus on the role of ethics and corporate compliance in today’s business environment.  Once again, we expect excellent representation from the corporate sector.

  • CLE Information

ABA programs ordinarily receive Continuing Legal Education (CLE) credit in AK, AL, AR, AZ, CA, CO, DE, FL, GA, GU, HI, IA, ID, IL, IN, KS, KY, LA, ME, MN, MS, MO, MT, NH, NM, NV, NY, NC, ND, OH, OK, OR, PA, RI, SC, TN, TX, UT, VT, VA, VI, WA, WI, WV, and WY. These states sometimes do not approve a program for credit before the program occurs. This course is expected to qualify for 11.0 CLE credit hours (including TBD ethics hours) in 60-minute-hour states, and 13.2 credit hours (including TBD ethics hours) in 50-minute-hour states. This transitional program is approved for both newly admitted and experienced attorneys in NY. Click here for more details on CLE credit for this program.

Electronically Stored Information, Social Media and the Rules of Professional Conduct: Are you compliant with your duties of competence and diligence?

Recently published in The National Law Review was an article about Compliance and Diligence and Electronic Media by  Charles H. Gardner of  Much Shelist, P.C.:

Electronically Stored Information and its increasingly complex progeny, social media evidence (collectively, “ESI”) are quickly being woven into the fabric of discovery and the practice of law.  As the cases and rules of professional conduct discussed below demonstrate, lawyers who fail to thoughtfully investigate and use social media evidence (both that of their own client and that of the opposing party(ies)) are not engaged in best practices.

The American Bar Association (“ABA”) Model Rule of Professional Conduct 1.1 (Competence) states that “[a] lawyer shall provide competent representation to a client. Competent representation requires the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation.” (The Model Rules have been adopted in all of the fifty states, except California, and in the District of Columbia and the U.S. Virgin Islands). Comment 5 to Rule 1.1 provides, in part, that “[c]ompetent handling of a particular matter includes inquiry into and analysis of the factual and legal elements of the problem, and use of methods and procedures meeting the standards of competent practitioners. It also includes adequate preparation (emphasis added).” Further, the ABA Standing Committee on Ethics and Professional Responsibility Formal Opinion No. 98-411(1998) states, “[w]e believe the ethical issues are the same whether [involving] substantial legal or procedural aspects of a client’s matter or [a lawyer’s] ethical duties in furtherance of the client’s matter.”

Much has changed since the ABA adopted the Model Rules of Professional Conduct and its predecessor guidelines. Electronic data and communication and social media communities such as Facebook, MySpace, and Twitter have become linchpins of society and discourse. As of December 2011, Facebook alone reported that it had 845 million monthly users and more than 483 million average daily users (http://newsroom.fb.com/content/default.aspx?NewsAreaId=22, last visited Feb. 12, 2012).

In the recent case of Griffin v. Maryland, 192 Md. App. 518, 535 (2010), the court opined, “[i]t should now be a matter of professional competence for attorneys to take the time to investigate social networking sites (emphasis added).” In addition, a 2010 study by the American Association of Matrimonial Attorneys found that an overwhelming eighty-one percent of the nation’s top divorce attorneys said that they have seen an increase in the number of cases in which social media evidence plays a role. Sixty-six percent of those attorneys cite Facebook as the primary source of such evidence. Accepting as an imminent practical reality that an attorney has or will soon have an affirmative duty to investigate social media evidence, what might the cost be to the attorney, the client, or both for failing to do so or, worse, failing to preserve such evidence?

Consider hypothetically the evidentiary value of photographs posted on a disability claimant’s social media page showing her rock climbing, for example. One can see just how persuasive ESI can be.  However, ESI can also be a minefield of professional liability. Consider the case of Lester v. Allied Concrete Company, Nos. CL08-150, CL09-223 (Va. Cir. Ct. Oct. 21, 2011) in which a Virginia attorney was found to have instructed his assistant to tell his client to remove a photograph from a social media website. Finding that the lawyer had violated Virginia’s equivalent of Model Rules 3.3 (Candor toward the tribunal), 3.4 (Fairness to opposing parties and counsel), 5.3 (Responsibilities regarding non-lawyer assistants), 8.4 (Misconduct) and rules of court regarding conduct that tends to defeat the administration of justice or to bring the courts or the legal profession into disrepute, the court sanctioned the attorney with a fine of $540,000. In addition, the court fined the client $180,000 for spoliation of evidence. For the twenty-first century practitioner, a well thought-out ESI discovery plan could mean not only the difference between success and failure in the matter at hand, but may also mean the difference between a grateful client and a client that brings a malpractice claim, a disciplinary complaint or both for ineffectiveness in investigation and preparation. However, case investigation and preparation are not the only source of risk for attorneys and judicial officers.

The case of In re: B. Carlton Terry, Jr., No. 08234 (N.C. Judicial Standards Commission, April 1, 2009) demonstrates how critical it is for attorneys to be savvy in social media and ESI discovery in general. In that family law case, the judge, plaintiff’s counsel and defense counsel were discussing Facebook in a meeting in chambers. Plaintiff’s attorney commented that she did not know what Facebook was and did not have time for it. Following the meeting in chambers, Judge Terry and defense counsel became friends on Facebook and discussed the case in some detail. Judge Terry also conducted independent investigation into plaintiff’s social media pages and quoted from them at the hearing. The judge did not inform plaintiff’s counsel of his actions until after he had entered an oral order. Plaintiff’s counsel immediately sought to and did have the judge’s order vacated. Judge Terry voluntarily disqualified himself and the case was remanded for a new hearing, costing the taxpayers a considerable amount. Ultimately Judge Terry was publicly reprimanded by consent in formal proceedings before the Judicial Standards Committee.

Had plaintiff’s counsel conducted a thorough, or even a rudimentary, ESI investigation, the wrongdoing on the part of defense counsel and the bench could have been addressed promptly which would have spared both Plaintiff and the taxpayers significant costs in having to try the same matter twice.

Furthermore, it is worth noting that the rules of professional conduct apply equally to in-house counsel and transactional attorneys as to litigators. In the more casual in-house and transactional business environments, the line between clients and business colleagues can become easily blurred. These attorneys should be especially mindful of their professional responsibilities and the implications that their actions may have on their organization in the event that litigation ensues.

Following are six simple and practical suggested steps towards developing a strong ESI discovery plan and investigation process:

  1. Educate yourself about social media and ESI in general. If you do not know where to look, you could be lost in a search engine “black hole”. Not only can you place yourself ahead of the pack in the legal community, you will also be able to communicate with your children and grandchildren!
  2. Draft a written ESI discovery plan that includes an immediate request for a discovery hold on ESI.  Be systematic and judicious in your requests. And be mindful of Model Rule 1.3 (diligence).
  3. Draft and circulate acknowledgement forms to all personnel in your organization and obtain their signatures.  These documents should educate your personnel about sound social media practices and emphasize ethical concerns as well as the legal liability to the organization, to you and to the employee, who could also face appropriate discipline for violating company policy.  Be mindful of Model Rule 5.3 (responsibilities regarding non-lawyer assistants). And, with respect to employees, be mindful of the limitations imposed by the National Labor Relations Act when drafting your policies and acknowledgement forms.
  4. Instruct your client that ESI is evidence and that the client should not tamper with or destroy such evidence until the case is completely resolved, including during the time allowed for appeals and in appellate proceedings, if any.
  5. Check your client’s social media pages.  Know what you are up against.
  6. Conduct a thorough review of any and all available ESI of the other party.  Be careful to abide by the “no contact” rules.  For example, do not send a surreptitious friend request to gain access to another party’s ESI, but rather, look only at what is publicly available to you and obtain proper warrants for any additional information.  And be prepared to argue to the court why the evidence is relevant and why it should be produced and admitted.

If you are not making diligent and competent use of ESI, you place yourself and your client at a severe disadvantage and you are arguably breaching your ethical obligations. The immediate future is a rare opportunity to be on the cutting edge of developing law.  With a little knowledge and a reasonable amount of follow-through, you can set yourself apart in the new media frontier by making sound use of the bountiful resources that new media technologies have brought to the practice of law.


Charles H. Gardner is Special Counsel to the Intellectual Property & Technology group at Much Shelist, P.C. and head of its social media practice.  Mr. Gardner is a frequent writer and lecturer on the topic of social media and new media technologies. He has been featured in Crain’s Chicago Business and The Chicago Daily Law Bulletin and will be leading a CLE seminar on the “Laws of Social Media” (tailored for house counsel and business executives) on February 21, 2012.* Before joining Much Shelist, Mr. Gardner served as Director of Legal and Business Affairs for Harpo Studios, Inc. Mr. Gardner has a juris doctorate from Loyola Law School, Los Angeles (Entertainment Law Review) and a bachelor’s degree from the University of California, Berkeley.  He is admitted to practice law in California, New York, Illinois, the District of Columbia and before the United States Supreme Court.

*For more information and/or for complimentary registration, please call or e-mail Mr. Rodney Abstone at CLS Executive Search at (312) 251-2564 or email rabstone@clsexecutivesearch.com. 

© 2012 Much Shelist, P.C.

White Collar Crime

The National Law Review would like to advise you of the upcoming White Collar Crime conference sponsored by the ABA Center for CLE and Criminal Justice SectionGeneral Practice,  &   Solo and Small Firm Division:

Event Information

When

February 29 – March 02, 2012

Where

  • Eden Roc Renaissance Miami Beach
  • 4525 Collins Ave
  • Miami Beach, FL, 33140-3226
  • United States of America
Primary Sponsors
  • Highlight

The faculty includes some of the leading white collar lawyers in the United States.  The keynote panels for the 2012 program will continue to focus on the role of ethics and corporate compliance in today’s business environment.

  • Program Description

Each year the National Institute brings together judges, federal, state, and local prosecutors, law enforcement officials, defense attorneys, corporate in-house counsel, and members of the academic community.  The attendees include experienced litigators, as well as attorneys new to the white collar area.  Attendees have consistently given the Institute high ratings for the exceptional quality of the Institute’s publication, its valuable updates on new developments and strategies, as well as the rare opportunity it provides to meet colleagues in this field, renew acquaintances and exchange ideas.

The faculty includes some of the leading white collar lawyers in the United States.  The keynote panels for the 2012 program will continue to focus on the role of ethics and corporate compliance in today’s business environment.  Once again, we expect excellent representation from the corporate sector.

  • CLE Information

ABA programs ordinarily receive Continuing Legal Education (CLE) credit in AK, AL, AR, AZ, CA, CO, DE, FL, GA, GU, HI, IA, ID, IL, IN, KS, KY, LA, ME, MN, MS, MO, MT, NH, NM, NV, NY, NC, ND, OH, OK, OR, PA, RI, SC, TN, TX, UT, VT, VA, VI, WA, WI, WV, and WY. These states sometimes do not approve a program for credit before the program occurs. This course is expected to qualify for 11.0 CLE credit hours (including TBD ethics hours) in 60-minute-hour states, and 13.2 credit hours (including TBD ethics hours) in 50-minute-hour states. This transitional program is approved for both newly admitted and experienced attorneys in NY. Click here for more details on CLE credit for this program.

The Anatomy of Data Risk Management

An article by Risk and Insurance Management Society, Inc. (RIMS) recently found in The National Law Review focused on Data Risk Management:

Think of data as a living organism.

Just like a human body, data has various components and life support systems that must be maintained to ensure the whole thrives and survives. You can think of a data risk specialist as a doctor trying to keep the organism healthy through its various life stages.

Data, our hypothetical patient, (you’re welcome Star Trek fans) needs a safe and healthy environment, a supportive lifestyle and good hygiene. Just as a doctor has to consider external threats (“do you smoke?”) so does the data risk manager.

Let’s look at what this all means, and how this philosophy can be applied to your businesses policies and practices.

Data, our hypothetical patient, has three basic forms: paper, electronic and human memory.  A good data risk management plan must consider all three.

Controlling paper and electronic data is what we think of most when considering data security. This is your standard (or what should be standard) security policy, access controls procedures, system audits, and the like. It’s where security planning meets IT.

Human memory is a little more elusive. Education, security training and a reward-demotion plan can help control human errors, as can confidentiality agreements, and project-specific security contracts. These are the tools of teachers and lawyers. Generally speaking, there are four key rules to protecting data in all its forms:

  1. Be stingy with sensitive data, internally and externally;
  2. Provide access to data on a need-to-know basis;
  3. Provide access only to that specific data, rather than entire data sets;
  4. Be deliberate in how data is handled, used and shared.

Data has a life cycle. If your data doesn’t, it should. Whether it’s government secrets or an online shopper’s credit card number, data is received or created within your company’s computer systems. It is used, maintained and stored. It is archived or destroyed. That data, in all cases, has three basic states: in action, in motion or at rest. Take the credit card number example: that information can be used, the card charged, or moved to another computer system, or archived. Use, motion, rest.

There are four fundamental rules regarding the life cycle of data:

  1. If the organization doesn’t need it, don’t collect it.
  2. If data must be collected, collect only what is needed.
  3. If data is needed, control it and encrypt it.
  4. When data is no longer needed, get rid of it – SECURELY.

Now that we know what data looks like (paper, electronic, mnemonic) and how it lives (in action, in motion, at rest) we should consider those external threats, namely data breaches. A data breach is an incident (or series thereof) in which sensitive, protected or confidential information has potentially been viewed, stolen or used with unauthorized access. This can be a hacker attack, an internal company mistake that results in exposed information or, in some cases, corporate or government espionage. A data breach can be anything that jeopardizes data.

These threats range from simple user negligence, operating or systemic issues, all the way to highly complex criminal attacks launched against your organization. As anyone who follows the tech news knows, sensitive consumer and business information has become a criminal commodity.

With this hostile environment in mind, it is imperative for the business to plan and prepare not only for the protection of their information, but also for the response and recovery of their data and business in the event of a data breach. For a data manager or security professional to fail to issue such a warning would be akin to that doctor not asking about smoking.

At the end of the day, data as an organism is more than an extended metaphor. It’s a means to look at your company’s data products in an abstract way and understand how it operates. This, in turn, will allow you to develop the proper health plan. Just like with our health, there is no single wonder pill. But there are data doctors out there who can analyze your businesses’ risk posture and recommend ways to get it in shape.

Brian McGinley, senior vice president of data risk management at Identity Theft 911 offers this well-written piece on the timely topic.

Risk Management Magazine and Risk Management Monitor. Copyright 2012 Risk and Insurance Management Society, Inc.

White Collar Crime

The National Law Review would like to advise you of the upcoming White Collar Crime conference sponsored by the ABA Center for CLE and Criminal Justice SectionGeneral Practice,  &   Solo and Small Firm Division:

Event Information

When

February 29 – March 02, 2012

Where

  • Eden Roc Renaissance Miami Beach
  • 4525 Collins Ave
  • Miami Beach, FL, 33140-3226
  • United States of America
Primary Sponsors
  • Highlight

The faculty includes some of the leading white collar lawyers in the United States.  The keynote panels for the 2012 program will continue to focus on the role of ethics and corporate compliance in today’s business environment.

  • Program Description

Each year the National Institute brings together judges, federal, state, and local prosecutors, law enforcement officials, defense attorneys, corporate in-house counsel, and members of the academic community.  The attendees include experienced litigators, as well as attorneys new to the white collar area.  Attendees have consistently given the Institute high ratings for the exceptional quality of the Institute’s publication, its valuable updates on new developments and strategies, as well as the rare opportunity it provides to meet colleagues in this field, renew acquaintances and exchange ideas.

The faculty includes some of the leading white collar lawyers in the United States.  The keynote panels for the 2012 program will continue to focus on the role of ethics and corporate compliance in today’s business environment.  Once again, we expect excellent representation from the corporate sector.

  • CLE Information

ABA programs ordinarily receive Continuing Legal Education (CLE) credit in AK, AL, AR, AZ, CA, CO, DE, FL, GA, GU, HI, IA, ID, IL, IN, KS, KY, LA, ME, MN, MS, MO, MT, NH, NM, NV, NY, NC, ND, OH, OK, OR, PA, RI, SC, TN, TX, UT, VT, VA, VI, WA, WI, WV, and WY. These states sometimes do not approve a program for credit before the program occurs. This course is expected to qualify for 11.0 CLE credit hours (including TBD ethics hours) in 60-minute-hour states, and 13.2 credit hours (including TBD ethics hours) in 50-minute-hour states. This transitional program is approved for both newly admitted and experienced attorneys in NY. Click here for more details on CLE credit for this program.

Trade Secrets – Protecting Your Confidential Information

As seen recently in The National Law Review an article by Harvey Koning of Varnum LLP regarding protecting your confidential information:

Varnum LLP

 

Some of the most valuable intellectual property in the world is not protected by a patent or trademark. A famous example is the formula for Coca-Cola – it is protected as a trade secret. A more recently created trade secret is the algorithm Google uses to rank websites. Google protects it by keeping it secret. But trade secrets are not limited to blockbuster inventions by huge companies – almost every business has trade secrets worth protecting. What if your biggest competitor hired away one of your key employees? What confidential information would you not want this person to take? This article describes how to identify and protect your valuable trade secrets.

What is a “trade secret”?

“Trade secrets” can include customer lists, databases, pricing information, cost and profit margin information, computer programs, the content of contracts and much other valuable information. Basically, anything that gives you a competitive advantage over your competition can be a trade secret. A trade secret is something not generally known or easily discoverable by people outside your business.

If your information has “trade secret” status, then you can take legal action to prevent someone (such as a former employee) using the misappropriated information and, in some circumstances, you can seek a monetary recovery from someone who has misused your trade secrets. Trade secrets offer important advantages. They do not require any patent or trademark filings, fees or government approvals. Trade secret protection does not expire after a fixed amount of time.

How do you obtain trade secret protection?

To get trade secret protection, you must make a reasonable effort to protect your confidential information. A good place to start is by thinking about and listing what information you have that is not known to the public or easily discoverable that you would like to protect. After you have identified your confidential information, here are some of the steps you can take:

  • label the information “confidential” or “proprietary”
  • have employees sign a confidentiality agreement
  • limit access to those who need to know
  • keep the information in a secure location
  • remind departing employees of their obligation not to disclose confidential information

The particulars of your situation help determine the appropriate steps to take. A good place to start is a company policy about protecting confidential information.

Making an effort to protect your confidential information is a wise investment in preventing your important information from falling into the wrong hands (anyone other than you!).

© 2012 Varnum LLP

White Collar Crime

The National Law Review would like to advise you of the upcoming White Collar Crime conference sponsored by the ABA Center for CLE and Criminal Justice SectionGeneral Practice,  &   Solo and Small Firm Division:

Event Information

When

February 29 – March 02, 2012

Where

  • Eden Roc Renaissance Miami Beach
  • 4525 Collins Ave
  • Miami Beach, FL, 33140-3226
  • United States of America
Primary Sponsors
  • Highlight

The faculty includes some of the leading white collar lawyers in the United States.  The keynote panels for the 2012 program will continue to focus on the role of ethics and corporate compliance in today’s business environment.

  • Program Description

Each year the National Institute brings together judges, federal, state, and local prosecutors, law enforcement officials, defense attorneys, corporate in-house counsel, and members of the academic community.  The attendees include experienced litigators, as well as attorneys new to the white collar area.  Attendees have consistently given the Institute high ratings for the exceptional quality of the Institute’s publication, its valuable updates on new developments and strategies, as well as the rare opportunity it provides to meet colleagues in this field, renew acquaintances and exchange ideas.

The faculty includes some of the leading white collar lawyers in the United States.  The keynote panels for the 2012 program will continue to focus on the role of ethics and corporate compliance in today’s business environment.  Once again, we expect excellent representation from the corporate sector.

  • CLE Information

ABA programs ordinarily receive Continuing Legal Education (CLE) credit in AK, AL, AR, AZ, CA, CO, DE, FL, GA, GU, HI, IA, ID, IL, IN, KS, KY, LA, ME, MN, MS, MO, MT, NH, NM, NV, NY, NC, ND, OH, OK, OR, PA, RI, SC, TN, TX, UT, VT, VA, VI, WA, WI, WV, and WY. These states sometimes do not approve a program for credit before the program occurs. This course is expected to qualify for 11.0 CLE credit hours (including TBD ethics hours) in 60-minute-hour states, and 13.2 credit hours (including TBD ethics hours) in 50-minute-hour states. This transitional program is approved for both newly admitted and experienced attorneys in NY. Click here for more details on CLE credit for this program.