Paper on Information security legal reg , Compliance and PPTJackDorsey
The purpose of this project is to provide you with an opportunity to create a document retention policy. You will also learn how to serve a litigation hold notice for an educational institute. The following aspects of litigation and document retention are covered:
- Applicability of confidentiality, integrity, and availability (C-I-A) concepts
- Confidentiality of personal information and contracts
- Applicability of the American legal system in the litigation process involving corporate, public, and private institutions
- Intellectual property (IP) issues
- Risk analysis and incident response procedures
- Forensics examination
Required Source Information and Tools
Web References: Links to Web references in this Instructor Guide and related materials are subject to change without prior notice. These links were last verified on May 21, 2014.
The following tools and resources will be needed to complete this project:
- Course textbook
- Access to the Internet
- Project Litigation Hold Notice handout (legal_ts_projectlitigationholdnotice)
- Project Appendix A handout (legal_ts_projectappendixa)
Learning Objectives and Outcomes
You will gain an understanding of the aspects involved in the conception, enforcement, and implementation of security policies. You will also gain insight to risk analysis and will learn how to respond to any given situation that might arise from a violation of those security policies.
You are the Chief Information Officer for Premier College. Recently, your college has received a notice from the Department of Education about an investigation of your college based on the state-specific testing and compliance procedures. The Department of Education has sent a Litigation Hold Notice wherein they have asked all college staff and administrators of the college to preserve all relevant documents, records, data, contracts (regardless of their location or medium), and correspondence notes.
To understand the litigation hold notice received from the Department of Education, refer to the documents entitled “Project Litigation Hold Notice“ (legal_ts_projectlitigationholdnotice) and “Project Appendix A” (legal_ts_projectappendixa). As a reminder, this Litigation Hold preservation obligation supersedes any existing statutory or regulatory document retention period or destructive schedule. The determination of what information may be potentially relevant is based upon content and substance and generally does not depend on the type of medium in which the information exists.
The information requested may exist in various forms, including paper records, handwritten notes, telephone log entries, e-mail, and other electronic communications (including voicemail), word processing documents (including drafts, spreadsheets, databases, and calendars), telephone logs, electronic address books, smartphones, Internet usage files, systems manuals, and network access information in their original format.
All electronically stored information (ESI) should be preserved in its originally created, or “native” format, along with related metadata. Relevant backup tapes and all indexes for those tapes should also be preserved. Reasonably accessible information must also be preserved, because such sources will need to be identified under compelling circumstances, and may need to be produced. If you have any doubts as to whether specific information is responsive, err on the side of preserving that information.
After receiving the Litigation Hold Notice, your next task is to do the following:
- Create a document retention policy for your College that complies with all state and federal regulations.
- Create a Litigation Hold Notice similar to the one provided to you in the Project Litigation Hold Notice handout.
- Create a checklist of procedures that must be followed in order to comply with the Litigation Hold Notice.
- Prepare a summary of all your findings. Submission Requirements Submit your answer in a Microsoft Word document in two pages, along with a cover page, sources, and executive summary.
- ▪ Font: Arial 11-point size
- ▪ Line Spacing: Double
- ▪ Citation Style: APA ▪ Sources: Use at least 5 sources, two of which are peer-reviewed Evaluation Criteria and Rubrics Instructor will evaluate the student project based on a comparison with the provided Project Litigation Hold Notice handout.
Project Appendix A
Litigation Hold Notice
April 1, 2014
Legal Counsel/Chief Information Officer
The College has a legal obligation to preserve evidence and records, including electronic documents that are relevant to a pending or potential claim or action, such as a government audit, administrative proceeding, or lawsuit. Upon notice of pending litigation or anticipated, the College must implement a Litigation Hold Notice that requires the retention of certain paper and electronic records for an indefinite period of time due to pending state or federal litigation.
Each employee of the College is responsible for acting in compliance with the Litigation Hold Notice regarding the preservation and maintenance of evidence relevant to pending litigation.
The Office of Legal Counsel together with the Chief Information Officer at the College is responsible for implementing the Litigation Hold Procedures upon notice of the need for a litigation hold to preserve relevant electronically stored information and paper documents. Identifying instances in which a Litigation Hold Notice is required and its subsequent implementation requires collaboration of multiple individuals within the College, including the Records Coordinator.
To define standards for preservation of evidence in compliance with federal law regarding litigation holds, as well as to define the procedure for implementing such holds when litigation commences or is anticipated.
Electronically Stored Information (ESI)
Refers to all forms of electronic data and documents including, but not limited to, metadata, electronic mail, word processing documents, calendars, voice messages, videos, digital photographs, information in smartphones, jump drives, home computers, and in any location where data may be stored.
Refers to hard copy and electronic/digital recordings, videotapes, writings, material objects, photographs, drawings, diagrams, testimony, or other things presented to the senses that are offered to prove the existence or nonexistence of a fact.
Litigation Hold Letter
The communication that is distributed to preserve information and prevent or suspend destruction of paper documents and electronic data that must be retained during litigation.
Litigation Hold Procedure
The process whereby the College sends a notice to all involved departments suspending the normal operation of document destruction polices for particular records relevant to any pending or potential claim or action. Notwithstanding the applicable records retention schedule, documents that are subject to a particular Litigation Hold Notice must be retained until the hold is removed.
The Records Coordinator, as designated by the Vice-President for Business and Finance, has the authority and responsibility to dispose of paper and electronic documents in accordance with approved records disposition authorizations policies, per the College Records Management Program.
Notification of Litigation
1. All employees have an affirmative duty to inform the Office of Legal Counsel when they receive notification of any claim or action or threat of any claim or action against the College.
2. Employees are considered to be in receipt of notice of a claim or action when they receive a complaint, summons, and/or other official document(s) related to a lawsuit or claim.
3. The Office of Legal Counsel will determine whether the notification received warrants issuance of a Litigation Hold Notice.
Employee's Notification of Litigation to Legal Counsel
1. Employees who have notice of any pending or potential claim or action against the College must inform the Office of Legal Counsel, in writing, of the matter.
2. This notification must occur within two business days of their receipt of the notification.
Issuance of Litigation Hold Notice Letter
1. College counsel will issue an Official Litigation Hold Notice Letter regarding the matter to the appropriate individuals within five business days of receipt of notification of pending litigation.
2. The Litigation Hold Notice Letter shall provide the categories of electronic and paper documents, including ESI, that must be retained until further notice and that electronic information must be preserved in its original electronic form, so that all information contained within it, whether visible or not, is also available for inspection.
Employee's Compliance with Litigation Hold Notice Letter
1. All employees who receive notice of the hold must give confirmation of receipt of the hold notice along with a statement agreeing to abide by the litigation hold within one week of receipt of the hold notice.
2. All employees who receive a Litigation Hold Notice Letter must compile paper and electronic documents and data (including e-mails, voicemails, videos, etc.) as instructed in the notice letter.
3. Electronic records must be retained in the original format (e.g. burned to a disk/CD saved in a secure folder on the system server that is not subjected to unannounced deletion, etc.)
4. It is the responsibility of the individuals to whom the litigation hold notice is issued to retain all records that are responsive to the notice until they receive written notification that the litigation hold has been removed.
What is anticipated litigation?
Litigation is anticipated where the College receives information that a claim or dispute has arisen which has a strong possibility of becoming litigation. This is a fact specific inquiry which shall be done in consultation with the Office of Legal Counsel. Some examples include EEOC complaints, Office of Civil Rights complaints, government or internal investigations, and claims filed with the Claims Commission.
What happens once I receive the Litigation Hold Notice?
The Litigation Hold Notice will provide a description of the materials that need to be protected as well as how the information should be stored. The Office of Legal Counsel will provide guidance throughout this process and the Information Technology Division will assist employees in storing relevant ESI.
Project Litigation Hold Notice
To: Office of the President, Premier College
From: United States Department of Education
Copy: Office of Legal Counsel and All College Staff
Date: April 1, 2014
Subject: Notice of Litigation and Required Preservation of Electronic Data
Premier College recently received notice of litigation. Electronic data containing Premier College's
computer systems is an important source of discovery and evidence in this cause. Premier College is
required by law to take steps to ensure that all electronic data that is potentially relevant to this litigation is
preserved. To satisfy Premier College's legal obligations, your assistance is necessary and required for
the preservation of Premier College's electronic data, which includes, but is not limited to:
Directive Regarding Preservation of Electronic Data
Effective immediately, all personnel must preserve and retain any electronic information or data that is or
may be relevant to this litigation. Electronic information or data must not be altered, deleted, or otherwise
modified. Relevant electronic information or data includes, but is not limited to:
▪ Microsoft Office documents
▪ PDF files
▪ Digital image files (such as JPG, PNG, and TIFF)
▪ TXT files
▪ Computer usage logs
▪ Internet usage files
Such electronic information or data may reside on workstations, laptops, network servers, removable
media, smartphones and other mobile devices, voicemail, and backup tapes.
Any question about the relevance of a particular file, e-mail or other electronic data should be addressed
to Premier College's attorney and resolved in favor of preserving and retaining information. Failure to
preserve relevant information may result in significant penalties against Premier College.
At the network and systems administration level, this directive requires you to preserve and retain all
potentially relevant files stored on servers and to refrain from doing any administrative work that has any
potential to destroy potentially relevant files. In addition, all automatic deletion functions must be disabled
on both the network and individual workstation level. All backup tapes must be preserved and pulled from
recycling rotation. Forensically sound full images of mailboxes, hard drives, and network drives should be
created upon receipt of this directive.
United States Department of Education
- 8 months ago
- NOT RATED
This project is due by the end of the residency weekend.
The purpose of this project is to provide you with an opportunity to create a document retention policy. You will also learn how …3 years ago