What I learned from my time at the Justice Department is this: if your organization receives a government notice, the government likely has evidence to prove a violation. The subpoena is a tool to see the extent of this violation and others throughout the organization. What’s worse for the organization is that most government investigators know exactly what they’re looking for, and they can quickly find a needle in a haystack. I saw an investigator sit down to review a database of over three million documents, and within thirty minutes he walked out with a document that proved the government’s case.
Organizations are afraid when the government comes knocking, and the answer is often an overwhelming number of files that often contain unanswered information that indicates a new violation. On the other side of the coin are organizations that aren’t ready and don’t know how to analyze data, and those that delete data to hide wrongdoing. Regardless of the reason, a data breach in a government investigation is a very serious matter and can result in adverse judgments, large fines, and criminal charges. In Rimkus Consulting Group., Inc. v. Cammarata, 688 F. Supp. 2d 598, 612 (SD Tex. 2010), the court read into the record the definition of spoliation as defined in the Sedona Convention Dictionary: E-Discovery & Digital Information Management (Second Edition). That definition includes the suppression of evidence that may be relevant to a government investigation or audit.
The current state of the industry is one of increasing government scrutiny and oversight. Some government investigations are not surprising, and many are suspected by internal investigations that start with HR-related issues, regulatory concerns, and Internet access incident. Internal investigations may also result in protective actions if they are “pending litigation.” Although these internal investigations may be more extensive than federal investigations or civil lawsuits, the key is to have a process of identification and replication.
Although it is not known during the investigation if there will be a lawsuit, it is necessary to have a high standard for harvesting computer medical data in order not to do a second collection to follow the procedures administration.
Here are ten things to do to help create a defined investigative process.
- Assemble a team from the legal, HR, IT, and other departments involved in the special call investigation.
- Understand the scope of the publication and the data sources it contains.
- Submit public internal rules to each custodian or individual by maintaining the site using current technology.
- Understand the requirements for data requests and choose the terms and conditions of the inspection agency.
- Develop a collection plan and execute that plan following best practices for observational studies for each data source and chain of custody. Be proactive in correcting update packages and expanding date ranges.
- Be aware of privacy and confidentiality requirements and have a plan to collect, process, and review where requested.
- Minimize exposure while still holding on. Use pre-review analytics to eliminate large chunks of irrelevant data, reducing collection by 80-90%.
- Analyzing data and using technical assistance review (TAR) to introduce continuous active learning (CAL).
- Adjust your production requirements to match the data types and capabilities of your technology.
- Secure data transfer capabilities are required to protect the privacy of your output.
This task must be completed before the announcement arrives—because once it arrives, the clock starts running and this process will take a very long time. Once you’ve done this, you’ll know your organization’s data management policies and whether those policies properly remove redundant, outdated, or trivial data. No one wants to be the organization holding 14 years of records when the requirement is only seven years. In that case, you may want to review and release all relevant data from those 14 years. jurisdiction—and, possibly, in play for a lawsuit or lawsuit.