3 Situations, 2 Lawyers, 1 Corporation, and So Many Features

Size: px

Start display at page:

Download "3 Situations, 2 Lawyers, 1 Corporation, and So Many Features"

Domenic Weaver
6 years ago
Views:

1 3 Situations, 2 Lawyers, 1 Corporation, and So Many Features Using Relativity in a Data Breach, an Investigation, and Litigation legalweekshow.com legaltechshow.com #Legalweek17 #Legaltech

2 Cathleen Peterson, Kroll Ontrack Brian Hengesbaugh, Baker McKenzie

3 A data breach, an investigation, and litigation hypothetical scenarios with real-world Relativity workflows.

4 Hacking Scenario Friday, 4/18, 4 PM: The CISO receives an anonymous tip that coffee-shop extraordinaire, Awesome Coffee, is about to be hacked. One hour later, the customer database reboots without involvement from Awesome Coffee.

5 Hacking Scenario Monday, 4/21, 10 AM: Working through the weekend, Awesome Coffee has engaged an external forensics provider who has confirmed that hackers have penetrated the customer database, apparently through a vulnerability in a web portal. It is not clear yet what data, if any, has infiltrated the network, as the hacker appears to have used a shred program to delete traces of any files taken. The business teams confirm that the database contains customer names, contact details, and credit card numbers. The credit card numbers are encrypted, except for the last 4 digits.

Hacking Scenario Wednesday, 4/23, 3 PM: The forensics investigators have identified an encryption key stored within the affected portion of the network, apparently stored there by one of the few

6 Hacking Scenario Wednesday, 4/23, 3 PM: The forensics investigators have identified an encryption key stored within the affected portion of the network, apparently stored there by one of the few Awesome Coffee managers with access rights to the full credit card numbers. The encryption key is determined to have the capability to unencrypt the credit card numbers in the customer database.

7 Data Breach Work Streams Breach Aftermath Litigation Defense Investigation & Reporting

8 Work Streams: Breach Aftermath Key activities: Breach Aftermath Crisis management and advice to senior leadership Retention of cyber and forensic experts Selection of law firms, communication, coordination and case management Privacy/regulatory and notice duties

9 Breach Aftermath: How Can Relativity Help? Legal Hold assists with issuing preservation notices and performing custodian data interviews Collaboration Portal assists with sharing work product, version control, a shared calendar, and sends work product circulation alerts Collection and Processing assist with gathering data and converting it into a standard format for review Fact Manager assists with outlining the case and building the evidence, and also aids with timeline development

10 Legal Hold - Questionnaire Builder

11 Legal Hold - Reporting

12 Collaboration Portal by Kroll Ontrack

13 Fact Manager

14 Fact Manager

15 Breach Aftermath: Do s and Don ts Activate incident response policy & engage relevant stakeholders Respond promptly to government authorities and press Determine consideration of broad PII definitions Engage in decision-making in silos Delay in forensically preserving data Wait to dig into the affected or potentially relevant documents

16 Work Streams: Investigation & Reporting Investigation & Reporting Investigation & Reporting Key activities: Identify scope of affected personal information Management of forensics experts Work with third party data hosting providers Risk assessment on end game Privilege considerations Interviews Report preparation

17 Investigation & Reporting: How Can Relativity Help? Advanced searching assists with regular expression searching, clustering and "show similar" to isolate PII/PHI Relativity Object for a floating "name capture" box to allow reviewers to compile/share individual consumer contact information for compiling a breach notification list Relativity's Export feature to leverage reviewer coding to provide a spreadsheet of affected individuals' contact details and PII/PHI involved for the breach notification service Relativity's Statistical Sampling feature for defensibility validation

18 Statistical Sampling Advanced Search Export Statistical Sampling

19 Investigation & Reporting: Dos & Don ts Diligent investigation of the facts & proper gathering of data (e.g., chain of custody) Consideration of any notification obligations beyond privacy (e.g., contractual obligations, consumer protection, SEC reporting) Provide accurate and timely notifications to proper parties and in the proper order (e.g., merchant banks/card brands, law enforcement, government authorities, individuals, consumer reporting agencies, insurers, and/or investors) Notify before sufficient knowledge of the facts ( ready, fire, aim not a good strategy) Act inconsistently with privacy, confidentiality, secrecy, or other data regulations in the conduct of the investigation (e.g., cross-border transfers)

20 Work Streams: Litigation Defense Litigation Defense Strands of litigation that may emerge: Government investigations (FTC, State AGs, and non-us authorities) Consumer and partner class actions Corporate customer and business partner actions Bank class actions

21 Litigation Defense: How Can Relativity Help? Kroll Ontrack s ECA workflow and Nearline features in Relativity for winnowing down the data and reserving the remainder offline for cost containment Relativity Analytics threading, Kroll Ontrack s Communication Insight and/or near duplicate analysis for conversation/content visualization and providing context Relativity Pivots to focus on specific search results by custodian Kroll Ontrack s Communication Insight or Relativity's Grid View for coding inconsistency checks Assisted Redaction for facilitating privilege redactions Relativity Assisted Review for faster review of documents

22 Communication Insight by Kroll Ontrack

23 Pivots Pivot Pivot Visualization with Widgets

24 Nearline by Kroll Ontrack

25 Relativity Assisted Review

Litigation Defense: Dos & Don ts Maintain a centralized, evergreen, golden set of documents that would be relevant to inquiries about a breach (e.g., policies, history of pen-testing, contracts) Level set on privilege issues Assure clear communication to stay on message across all regions (e.

26 Litigation Defense: Dos & Don ts Maintain a centralized, evergreen, golden set of documents that would be relevant to inquiries about a breach (e.g., policies, history of pen-testing, contracts) Level set on privilege issues Assure clear communication to stay on message across all regions (e.g., gov t filing forms; assume publicly available) Create or share communications without reference to privilege Permit local control over messaging

27 Conclusion: Key Takeaways After a Breach Expect heightened scrutiny over: Information security and remediation to remove root cause Privacy compliance programs Handling of PII and PHI Continue to pay attention to privilege issues: Technical report Further due diligence Report to the Board Anticipate future attacks Anticipate follow-on inquiries from data protection, consumer protection, labor or other authorities, and potential litigation Capture lessons learned, documentation, ongoing remediation

28 Conclusion: Key Takeaways in Using Relativity Relativity offers support for the full range of EDRM activities, from preservation noticing, to interviews, case planning, processing, search, early case assessment, review, and production. Get ready! Using Fact Manager to set the stage for the case by outlining key claims and defenses can provide a strong foundation for tying the evidence to your proof points. Get creative! Use Analytics and Pivot let the data speak to you, and surface the gems early on for strategic advantage. Relativity can also facilitate cross-team communication and collaboration. Leverage a wide range of Relativity features to enhance quality control and defensibility.

PCI Toolkit

PCI Toolkit The following document will define "PCI-DSS" (The Payment Card Industry Data Security Standard) and why it is important for your business. As always, if you need further assistance, please